From d033d7ae1bb62d0c2893d98c3a0f84735721388f Mon Sep 17 00:00:00 2001
From: DrIOS <58635327+DrIOSX@users.noreply.github.com>
Date: Fri, 5 Apr 2024 16:13:08 -0500
Subject: [PATCH 01/15] add: 1.1.1 test as automated and organized csv.

---
 helpers/Build-Help.ps1                        |   4 +-
 helpers/Get-AdminRoleUserLicense.ps1          |  45 ++++++++
 source/helper/TestDefinitions.csv             | 103 +++++++++---------
 .../Test-AdministrativeAccountCompliance .ps1 |  69 ++++++++++++
 source/tests/Test-AntiPhishingPolicy.ps1      |   1 +
 .../tests/Test-BlockSharedMailboxSignIn.ps1   |   1 +
 source/tests/Test-IdentifyExternalEmail.ps1   |   1 +
 source/tests/Test-NotifyMalwareInternal.ps1   |   2 +
 source/tests/Test-SpamPolicyAdminNotify.ps1   |   2 +
 9 files changed, 175 insertions(+), 53 deletions(-)
 create mode 100644 helpers/Get-AdminRoleUserLicense.ps1
 create mode 100644 source/tests/Test-AdministrativeAccountCompliance .ps1

diff --git a/helpers/Build-Help.ps1 b/helpers/Build-Help.ps1
index b84d417..82e139f 100644
--- a/helpers/Build-Help.ps1
+++ b/helpers/Build-Help.ps1
@@ -4,10 +4,10 @@ Import-Module .\output\module\M365FoundationsCISReport\*\*.psd1
 
 
 <#
-    $ver = "v0.0.1"
+    $ver = "v0.1.1"
     git checkout main
     git pull origin main
-    git tag -a $ver -m "Release version $ver Minor Update"
+    git tag -a $ver -m "Release version $ver Bugfix Update"
     git push origin $ver
     "Fix: PR #37"
     git push origin $ver
diff --git a/helpers/Get-AdminRoleUserLicense.ps1 b/helpers/Get-AdminRoleUserLicense.ps1
new file mode 100644
index 0000000..e9576ef
--- /dev/null
+++ b/helpers/Get-AdminRoleUserLicense.ps1
@@ -0,0 +1,45 @@
+function Get-AdminRoleUserLicense {
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory = $false)]
+        [bool]$SkipGraphConnection = $false
+    )
+
+    # Connect to Microsoft Graph if not skipping connection
+    if (-not $SkipGraphConnection) {
+        Connect-MgGraph -Scopes "Directory.Read.All", "Domain.Read.All", "Policy.Read.All", "Organization.Read.All" -NoWelcome
+    }
+
+    $adminRoleUsers = @()
+    $userIds = @()
+    $adminroles = Get-MgRoleManagementDirectoryRoleDefinition | Where-Object { $_.DisplayName -like "*Admin*" }
+
+    foreach ($role in $adminroles) {
+        $usersInRole = Get-MgRoleManagementDirectoryRoleAssignment -Filter "roleDefinitionId eq '$($role.Id)'"
+
+        foreach ($user in $usersInRole) {
+            $userIds += $user.PrincipalId
+            $userDetails = Get-MgUser -UserId $user.PrincipalId -Property "DisplayName, UserPrincipalName, Id, onPremisesSyncEnabled"
+
+            $adminRoleUsers += [PSCustomObject]@{
+                RoleName = $role.DisplayName
+                UserName = $userDetails.DisplayName
+                UserPrincipalName = $userDetails.UserPrincipalName
+                UserId = $userDetails.Id
+                HybridUser = $userDetails.onPremisesSyncEnabled
+                Licenses = ""  # Placeholder for licenses, to be filled later
+            }
+        }
+    }
+
+    foreach ($userId in $userIds | Select-Object -Unique) {
+        $licenses = Get-MgUserLicenseDetail -UserId $userId
+        $licenseList = ($licenses.SkuPartNumber -join '|')
+
+        $adminRoleUsers | Where-Object { $_.UserId -eq $userId } | ForEach-Object {
+            $_.Licenses = $licenseList
+        }
+    }
+
+    return $adminRoleUsers
+}
\ No newline at end of file
diff --git a/source/helper/TestDefinitions.csv b/source/helper/TestDefinitions.csv
index 99ced50..653429c 100644
--- a/source/helper/TestDefinitions.csv
+++ b/source/helper/TestDefinitions.csv
@@ -1,51 +1,52 @@
-Index,TestFileName,Rec,ELevel,ProfileLevel,IG1,IG2,IG3
-1,Test-AntiPhishingPolicy.ps1,2.1.7,E5,L1,FALSE,FALSE,TRUE
-2,Test-AuditDisabledFalse.ps1,6.1.1,E3,L1,TRUE,TRUE,TRUE
-3,Test-AuditLogSearch.ps1,3.1.1,E3,L1,TRUE,TRUE,TRUE
-4,Test-BlockChannelEmails.ps1,8.1.2,E3,L1,FALSE,FALSE,FALSE
-5,Test-BlockMailForwarding.ps1,6.2.1,E3,L1,FALSE,FALSE,FALSE
-6,Test-BlockSharedMailboxSignIn.ps1,1.2.2,E3,L1,FALSE,FALSE,FALSE
-7,Test-CommonAttachmentFilter.ps1,2.1.2,E3,L1,FALSE,TRUE,TRUE
-8,Test-CustomerLockbox.ps1,1.3.6,E5,L2,FALSE,FALSE,FALSE
-9,Test-DialInBypassLobby.ps1,8.5.4,E3,L1,FALSE,FALSE,FALSE
-10,Test-DisallowInfectedFilesDownload.ps1,7.3.1,E5,L2,TRUE,TRUE,TRUE
-11,Test-EnableDKIM.ps1,2.1.9,E3,L1,FALSE,TRUE,TRUE
-12,Test-ExternalNoControl.ps1,8.5.7,E3,L1,FALSE,FALSE,FALSE
-13,Test-ExternalSharingCalendars.ps1,1.3.3,E3,L2,FALSE,TRUE,TRUE
-14,Test-GlobalAdminsCount.ps1,1.1.3,E3,L1,TRUE,TRUE,TRUE
-15,Test-GuestAccessExpiration.ps1,7.2.9,E3,L1,FALSE,FALSE,FALSE
-16,Test-IdentifyExternalEmail.ps1,6.2.3,E3,L1,FALSE,FALSE,FALSE
-17,Test-LinkSharingRestrictions.ps1,7.2.7,E3,L1,TRUE,TRUE,TRUE
-18,Test-MailboxAuditingE3.ps1,6.1.2,E3,L1,TRUE,TRUE,TRUE
-19,Test-MailboxAuditingE5.ps1,6.1.3,E5,L1,TRUE,TRUE,TRUE
-20,Test-MailTipsEnabled.ps1,6.5.2,E3,L2,FALSE,FALSE,FALSE
-21,Test-ManagedApprovedPublicGroups.ps1,1.2.1,E3,L2,TRUE,TRUE,TRUE
-22,Test-MeetingChatNoAnonymous.ps1,8.5.5,E3,L1,FALSE,FALSE,FALSE
-23,Test-ModernAuthExchangeOnline.ps1,6.5.1,E3,L1,FALSE,TRUE,TRUE
-24,Test-ModernAuthSharePoint.ps1,7.2.1,E3,L1,FALSE,TRUE,TRUE
-25,Test-NoAnonymousMeetingJoin.ps1,8.5.1,E3,L2,FALSE,FALSE,FALSE
-26,Test-NoAnonymousMeetingStart.ps1,8.5.2,E3,L1,FALSE,FALSE,FALSE
-27,Test-NotifyMalwareInternal.ps1,2.1.3,E3,L1,FALSE,TRUE,TRUE
-28,Test-NoWhitelistDomains.ps1,6.2.2,E3,L1,FALSE,FALSE,FALSE
-29,Test-OneDriveContentRestrictions.ps1,7.2.4,E3,L2,TRUE,TRUE,TRUE
-30,Test-OneDriveSyncRestrictions.ps1,7.3.2,E3,L2,FALSE,FALSE,FALSE
-31,Test-OrganizersPresent.ps1,8.5.6,E3,L1,FALSE,FALSE,FALSE
-32,Test-OrgOnlyBypassLobby.ps1,8.5.3,E3,L1,FALSE,FALSE,TRUE
-33,Test-PasswordHashSync.ps1,5.1.8.1,E3,L1,FALSE,TRUE,TRUE
-34,Test-PasswordNeverExpirePolicy.ps1,1.3.1,E3,L1,TRUE,TRUE,TRUE
-35,Test-ReauthWithCode.ps1,7.2.10,E3,L1,FALSE,FALSE,FALSE
-36,Test-ReportSecurityInTeams.ps1,8.6.1,E3,L1,FALSE,FALSE,FALSE
-37,Test-RestrictCustomScripts.ps1,7.3.4,E3,L1,FALSE,FALSE,TRUE
-38,Test-RestrictExternalSharing.ps1,7.2.3,E3,L1,TRUE,TRUE,TRUE
-39,Test-RestrictOutlookAddins.ps1,6.3.1,E3,L2,FALSE,TRUE,TRUE
-40,Test-RestrictStorageProvidersOutlook.ps1,6.5.3,E3,L2,TRUE,TRUE,TRUE
-41,Test-RestrictTenantCreation.ps1,5.1.2.3,E3,L1,FALSE,FALSE,FALSE
-42,Test-SafeAttachmentsPolicy.ps1,2.1.4,E5,L2,FALSE,FALSE,TRUE
-43,Test-SafeAttachmentsTeams.ps1,2.1.5,E5,L2,TRUE,TRUE,TRUE
-44,Test-SafeLinksOfficeApps.ps1,2.1.1,E5,L2,TRUE,TRUE,TRUE
-45,Test-SharePointAADB2B.ps1,7.2.2,E3,L1,FALSE,FALSE,FALSE
-46,Test-SharePointExternalSharingDomains.ps1,7.2.6,E3,L2,TRUE,TRUE,TRUE
-47,Test-SharePointGuestsItemSharing.ps1,7.2.5,E3,L2,TRUE,TRUE,TRUE
-48,Test-SpamPolicyAdminNotify.ps1,2.1.6,E3,L1,FALSE,TRUE,TRUE
-49,Test-TeamsExternalAccess.ps1,8.2.1,E3,L2,FALSE,FALSE,FALSE
-50,Test-TeamsExternalFileSharing.ps1,8.1.1,E3,L2,TRUE,TRUE,TRUE
+Index,TestFileName,Rec,ELevel,ProfileLevel,IG1,IG2,IG3,Automated
+1,Test-AdministrativeAccountCompliance .ps1,1.1.1,E3,L1,TRUE,TRUE,TRUE,FALSE
+2,Test-GlobalAdminsCount.ps1,1.1.3,E3,L1,TRUE,TRUE,TRUE,TRUE
+3,Test-ManagedApprovedPublicGroups.ps1,1.2.1,E3,L2,TRUE,TRUE,TRUE,TRUE
+4,Test-BlockSharedMailboxSignIn.ps1,1.2.2,E3,L1,FALSE,FALSE,FALSE,TRUE
+5,Test-PasswordNeverExpirePolicy.ps1,1.3.1,E3,L1,TRUE,TRUE,TRUE,TRUE
+6,Test-ExternalSharingCalendars.ps1,1.3.3,E3,L2,FALSE,TRUE,TRUE,TRUE
+7,Test-CustomerLockbox.ps1,1.3.6,E5,L2,FALSE,FALSE,FALSE,TRUE
+8,Test-SafeLinksOfficeApps.ps1,2.1.1,E5,L2,TRUE,TRUE,TRUE,TRUE
+9,Test-CommonAttachmentFilter.ps1,2.1.2,E3,L1,FALSE,TRUE,TRUE,TRUE
+10,Test-NotifyMalwareInternal.ps1,2.1.3,E3,L1,FALSE,TRUE,TRUE,TRUE
+11,Test-SafeAttachmentsPolicy.ps1,2.1.4,E5,L2,FALSE,FALSE,TRUE,TRUE
+12,Test-SafeAttachmentsTeams.ps1,2.1.5,E5,L2,TRUE,TRUE,TRUE,TRUE
+13,Test-SpamPolicyAdminNotify.ps1,2.1.6,E3,L1,FALSE,TRUE,TRUE,TRUE
+14,Test-AntiPhishingPolicy.ps1,2.1.7,E5,L1,FALSE,FALSE,TRUE,TRUE
+15,Test-EnableDKIM.ps1,2.1.9,E3,L1,FALSE,TRUE,TRUE,TRUE
+16,Test-AuditLogSearch.ps1,3.1.1,E3,L1,TRUE,TRUE,TRUE,TRUE
+17,Test-RestrictTenantCreation.ps1,5.1.2.3,E3,L1,FALSE,FALSE,FALSE,TRUE
+18,Test-PasswordHashSync.ps1,5.1.8.1,E3,L1,FALSE,TRUE,TRUE,TRUE
+19,Test-AuditDisabledFalse.ps1,6.1.1,E3,L1,TRUE,TRUE,TRUE,TRUE
+20,Test-MailboxAuditingE3.ps1,6.1.2,E3,L1,TRUE,TRUE,TRUE,TRUE
+21,Test-MailboxAuditingE5.ps1,6.1.3,E5,L1,TRUE,TRUE,TRUE,TRUE
+22,Test-BlockMailForwarding.ps1,6.2.1,E3,L1,FALSE,FALSE,FALSE,TRUE
+23,Test-NoWhitelistDomains.ps1,6.2.2,E3,L1,FALSE,FALSE,FALSE,TRUE
+24,Test-IdentifyExternalEmail.ps1,6.2.3,E3,L1,FALSE,FALSE,FALSE,TRUE
+25,Test-RestrictOutlookAddins.ps1,6.3.1,E3,L2,FALSE,TRUE,TRUE,TRUE
+26,Test-ModernAuthExchangeOnline.ps1,6.5.1,E3,L1,FALSE,TRUE,TRUE,TRUE
+27,Test-MailTipsEnabled.ps1,6.5.2,E3,L2,FALSE,FALSE,FALSE,TRUE
+28,Test-RestrictStorageProvidersOutlook.ps1,6.5.3,E3,L2,TRUE,TRUE,TRUE,TRUE
+29,Test-ModernAuthSharePoint.ps1,7.2.1,E3,L1,FALSE,TRUE,TRUE,TRUE
+30,Test-SharePointAADB2B.ps1,7.2.2,E3,L1,FALSE,FALSE,FALSE,TRUE
+31,Test-RestrictExternalSharing.ps1,7.2.3,E3,L1,TRUE,TRUE,TRUE,TRUE
+32,Test-OneDriveContentRestrictions.ps1,7.2.4,E3,L2,TRUE,TRUE,TRUE,TRUE
+33,Test-SharePointGuestsItemSharing.ps1,7.2.5,E3,L2,TRUE,TRUE,TRUE,TRUE
+34,Test-SharePointExternalSharingDomains.ps1,7.2.6,E3,L2,TRUE,TRUE,TRUE,TRUE
+35,Test-LinkSharingRestrictions.ps1,7.2.7,E3,L1,TRUE,TRUE,TRUE,TRUE
+36,Test-GuestAccessExpiration.ps1,7.2.9,E3,L1,FALSE,FALSE,FALSE,TRUE
+37,Test-ReauthWithCode.ps1,7.2.10,E3,L1,FALSE,FALSE,FALSE,TRUE
+38,Test-DisallowInfectedFilesDownload.ps1,7.3.1,E5,L2,TRUE,TRUE,TRUE,TRUE
+39,Test-OneDriveSyncRestrictions.ps1,7.3.2,E3,L2,FALSE,FALSE,FALSE,TRUE
+40,Test-RestrictCustomScripts.ps1,7.3.4,E3,L1,FALSE,FALSE,TRUE,TRUE
+41,Test-TeamsExternalFileSharing.ps1,8.1.1,E3,L2,TRUE,TRUE,TRUE,TRUE
+42,Test-BlockChannelEmails.ps1,8.1.2,E3,L1,FALSE,FALSE,FALSE,TRUE
+43,Test-TeamsExternalAccess.ps1,8.2.1,E3,L2,FALSE,FALSE,FALSE,TRUE
+44,Test-NoAnonymousMeetingJoin.ps1,8.5.1,E3,L2,FALSE,FALSE,FALSE,TRUE
+45,Test-NoAnonymousMeetingStart.ps1,8.5.2,E3,L1,FALSE,FALSE,FALSE,TRUE
+46,Test-OrgOnlyBypassLobby.ps1,8.5.3,E3,L1,FALSE,FALSE,TRUE,TRUE
+47,Test-DialInBypassLobby.ps1,8.5.4,E3,L1,FALSE,FALSE,FALSE,TRUE
+48,Test-MeetingChatNoAnonymous.ps1,8.5.5,E3,L1,FALSE,FALSE,FALSE,TRUE
+49,Test-OrganizersPresent.ps1,8.5.6,E3,L1,FALSE,FALSE,FALSE,TRUE
+50,Test-ExternalNoControl.ps1,8.5.7,E3,L1,FALSE,FALSE,FALSE,TRUE
+51,Test-ReportSecurityInTeams.ps1,8.6.1,E3,L1,FALSE,FALSE,FALSE,TRUE
diff --git a/source/tests/Test-AdministrativeAccountCompliance .ps1 b/source/tests/Test-AdministrativeAccountCompliance .ps1
new file mode 100644
index 0000000..9841865
--- /dev/null
+++ b/source/tests/Test-AdministrativeAccountCompliance .ps1	
@@ -0,0 +1,69 @@
+function Test-AdministrativeAccountCompliance {
+    [CmdletBinding()]
+    param (
+        [switch]$SkipGraphConnection
+    )
+    begin {
+        #. C:\Temp\CISAuditResult.ps1
+        $validLicenses = @('AAD_PREMIUM', 'AAD_PREMIUM_P2')
+    }
+    process {
+        if (-not $SkipGraphConnection) {
+            Connect-MgGraph -Scopes "Directory.Read.All", "User.Read.All", "RoleManagement.Read.Directory" -NoWelcome
+        }
+        $adminRoles = Get-MgRoleManagementDirectoryRoleDefinition | Where-Object { $_.DisplayName -like "*Admin*" }
+        $adminRoleUsers = @()
+        foreach ($role in $adminRoles) {
+            $roleAssignments = Get-MgRoleManagementDirectoryRoleAssignment -Filter "roleDefinitionId eq '$($role.Id)'"
+            foreach ($assignment in $roleAssignments) {
+                $userDetails = Get-MgUser -UserId $assignment.PrincipalId -Property "DisplayName, UserPrincipalName, Id, OnPremisesSyncEnabled"
+                $licenses = (Get-MgUserLicenseDetail -UserId $assignment.PrincipalId).SkuPartNumber -join '|'
+                $adminRoleUsers += [PSCustomObject]@{
+                    UserName   = $userDetails.UserPrincipalName
+                    RoleName   = $role.DisplayName
+                    UserId     = $userDetails.Id
+                    HybridUser = $userDetails.OnPremisesSyncEnabled
+                    Licenses   = $licenses
+                }
+            }
+        }
+        $uniqueAdminRoleUsers = $adminRoleUsers | Group-Object -Property UserName | ForEach-Object {
+            $first = $_.Group | Select-Object -First 1
+            $roles = ($_.Group.RoleName -join ', ')
+            $licenses = (($_.Group | Select-Object -ExpandProperty Licenses) -join ',').Split(',') | Select-Object -Unique
+
+            $first | Select-Object UserName, UserId, HybridUser, @{Name = 'Roles'; Expression = { $roles } }, @{Name = 'Licenses'; Expression = { $licenses -join '|' } }
+        }
+        $nonCompliantUsers = $uniqueAdminRoleUsers | Where-Object {
+            $_.HybridUser -or
+            -not ($_.Licenses -split '\|' | Where-Object { $validLicenses -contains $_ })
+        }
+        $failureReasons = $nonCompliantUsers | ForEach-Object {
+            $accountType = if ($_.HybridUser) { "Hybrid" } else { "Cloud-Only" }
+            $missingLicenses = $validLicenses | Where-Object { $_ -notin ($_.Licenses -split '\|') }
+            "$($_.UserName)|$($_.Roles)|$accountType|Missing: $($missingLicenses -join ',')"
+        }
+        $failureReasons = $failureReasons -join "`n"
+
+        $auditResult = [CISAuditResult]::new()
+        $auditResult.Status = if ($nonCompliantUsers) { 'Fail' } else { 'Pass' }
+        $auditResult.ELevel = 'E3'
+        $auditResult.ProfileLevel = 'L1'
+        $auditResult.Rec = '1.1.1'
+        $auditResult.RecDescription = "Ensure Administrative accounts are separate and cloud-only"
+        $auditResult.CISControlVer = 'v8'
+        $auditResult.CISControl = "5.4"
+        $auditResult.CISDescription = "Restrict Administrator Privileges to Dedicated Administrator Accounts"
+        $auditResult.IG1 = $true
+        $auditResult.IG2 = $true
+        $auditResult.IG3 = $true
+        $auditResult.Result = $nonCompliantUsers.Count -eq 0
+        $auditResult.Details = "Compliant Accounts: $($uniqueAdminRoleUsers.Count - $nonCompliantUsers.Count); Non-Compliant Accounts: $($nonCompliantUsers.Count)"
+        $auditResult.FailureReason = if ($nonCompliantUsers) { "Non-compliant accounts: `nUsername | Roles | HybridStatus | Missing Licence`n$failureReasons" } else { "N/A" }
+    }
+
+    end {
+        # Output the result
+        return $auditResult
+    }
+}
\ No newline at end of file
diff --git a/source/tests/Test-AntiPhishingPolicy.ps1 b/source/tests/Test-AntiPhishingPolicy.ps1
index 6ed2be0..de8f0ed 100644
--- a/source/tests/Test-AntiPhishingPolicy.ps1
+++ b/source/tests/Test-AntiPhishingPolicy.ps1
@@ -11,6 +11,7 @@ function Test-AntiPhishingPolicy {
     }
 
     process {
+        # 2.1.7	Ensure that an anti-phishing policy has been created
 
         # Retrieve and validate the anti-phishing policies
         $antiPhishPolicies = Get-AntiPhishPolicy
diff --git a/source/tests/Test-BlockSharedMailboxSignIn.ps1 b/source/tests/Test-BlockSharedMailboxSignIn.ps1
index 68f8425..b74afad 100644
--- a/source/tests/Test-BlockSharedMailboxSignIn.ps1
+++ b/source/tests/Test-BlockSharedMailboxSignIn.ps1
@@ -14,6 +14,7 @@ function Test-BlockSharedMailboxSignIn {
         # 1.2.2 (L1) Ensure sign-in to shared mailboxes is blocked
         # Pass if all shared mailboxes have AccountEnabled set to False.
         # Fail if any shared mailbox has AccountEnabled set to True.
+        # Review: Details property - Add verbosity.
 
         $MBX = Get-EXOMailbox -RecipientTypeDetails SharedMailbox
         $sharedMailboxDetails = $MBX | ForEach-Object { Get-AzureADUser -ObjectId $_.ExternalDirectoryObjectId }
diff --git a/source/tests/Test-IdentifyExternalEmail.ps1 b/source/tests/Test-IdentifyExternalEmail.ps1
index 9881070..9c421c0 100644
--- a/source/tests/Test-IdentifyExternalEmail.ps1
+++ b/source/tests/Test-IdentifyExternalEmail.ps1
@@ -13,6 +13,7 @@ function Test-IdentifyExternalEmail {
     process {
         # 6.2.3 (L1) Ensure email from external senders is identified
         # Requirement is to have external sender tagging enabled
+        # Review
 
         $externalInOutlook = Get-ExternalInOutlook
         $externalTaggingEnabled = ($externalInOutlook | ForEach-Object { $_.Enabled }) -contains $true
diff --git a/source/tests/Test-NotifyMalwareInternal.ps1 b/source/tests/Test-NotifyMalwareInternal.ps1
index b6df85b..90e7f74 100644
--- a/source/tests/Test-NotifyMalwareInternal.ps1
+++ b/source/tests/Test-NotifyMalwareInternal.ps1
@@ -10,6 +10,8 @@ function Test-NotifyMalwareInternal {
     }
 
     process {
+        # 2.1.3 Ensure notifications for internal users sending malware is Enabled
+
         # Retrieve all 'Custom' malware filter policies and check notification settings
         $malwareNotifications = Get-MalwareFilterPolicy | Where-Object { $_.RecommendedPolicyType -eq 'Custom' }
         $policiesToReport = @()
diff --git a/source/tests/Test-SpamPolicyAdminNotify.ps1 b/source/tests/Test-SpamPolicyAdminNotify.ps1
index 353f9a7..ebe2d81 100644
--- a/source/tests/Test-SpamPolicyAdminNotify.ps1
+++ b/source/tests/Test-SpamPolicyAdminNotify.ps1
@@ -10,6 +10,8 @@ function Test-SpamPolicyAdminNotify {
     }
 
     process {
+        # 2.1.6	Ensure Exchange Online Spam Policies are set to notify administrators
+
         # Get the default hosted outbound spam filter policy
         $hostedOutboundSpamFilterPolicy = Get-HostedOutboundSpamFilterPolicy | Where-Object { $_.IsDefault -eq $true }
 

From 1e510f311b2f08f1badb7dec4f6f8672a302e7a7 Mon Sep 17 00:00:00 2001
From: DrIOS <58635327+DrIOSX@users.noreply.github.com>
Date: Fri, 5 Apr 2024 18:13:16 -0500
Subject: [PATCH 02/15] add: Functions to merge tests into excel benchmark

---
 source/Public/Merge-CISExcelAndCsvData.ps1    | 47 ++++++++++++++
 source/Public/Update-CISExcelWorksheet.ps1    | 62 +++++++++++++++++++
 .../Test-AdministrativeAccountCompliance .ps1 |  6 +-
 3 files changed, 111 insertions(+), 4 deletions(-)
 create mode 100644 source/Public/Merge-CISExcelAndCsvData.ps1
 create mode 100644 source/Public/Update-CISExcelWorksheet.ps1

diff --git a/source/Public/Merge-CISExcelAndCsvData.ps1 b/source/Public/Merge-CISExcelAndCsvData.ps1
new file mode 100644
index 0000000..b63eacf
--- /dev/null
+++ b/source/Public/Merge-CISExcelAndCsvData.ps1
@@ -0,0 +1,47 @@
+function Merge-CISExcelAndCsvData {
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory = $true)]
+        [string]$ExcelPath,
+
+        [Parameter(Mandatory = $true)]
+        [string]$WorksheetName,
+
+        [Parameter(Mandatory = $true)]
+        [string]$CsvPath
+    )
+
+    process {
+        # Import data from Excel and CSV
+        $import = Import-Excel -Path $ExcelPath -WorksheetName $WorksheetName
+        $csvData = Import-Csv -Path $CsvPath
+
+        # Define a function to create a merged object
+        function CreateMergedObject($excelItem, $csvRow) {
+            $newObject = New-Object PSObject
+
+            foreach ($property in $excelItem.PSObject.Properties) {
+                $newObject | Add-Member -MemberType NoteProperty -Name $property.Name -Value $property.Value
+            }
+
+            $newObject | Add-Member -MemberType NoteProperty -Name 'CSV_Status' -Value $csvRow.Status
+            $newObject | Add-Member -MemberType NoteProperty -Name 'CSV_Details' -Value $csvRow.Details
+            $newObject | Add-Member -MemberType NoteProperty -Name 'CSV_FailureReason' -Value $csvRow.FailureReason
+
+            return $newObject
+        }
+
+        # Iterate over each item in the imported Excel object and merge with CSV data
+        $mergedData = foreach ($item in $import) {
+            $csvRow = $csvData | Where-Object { $_.Rec -eq $item.'recommendation #' }
+            if ($csvRow) {
+                CreateMergedObject -excelItem $item -csvRow $csvRow
+            } else {
+                CreateMergedObject -excelItem $item -csvRow ([PSCustomObject]@{Status=$null; Details=$null; FailureReason=$null})
+            }
+        }
+
+        # Return the merged data
+        return $mergedData
+    }
+}
diff --git a/source/Public/Update-CISExcelWorksheet.ps1 b/source/Public/Update-CISExcelWorksheet.ps1
new file mode 100644
index 0000000..712a89b
--- /dev/null
+++ b/source/Public/Update-CISExcelWorksheet.ps1
@@ -0,0 +1,62 @@
+function Update-CISExcelWorksheet {
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory = $true)]
+        [string]$ExcelPath,
+
+        [Parameter(Mandatory = $true)]
+        [string]$WorksheetName,
+
+        [Parameter(Mandatory = $true)]
+        [psobject[]]$Data,
+
+        [Parameter(Mandatory = $false)]
+        [int]$StartingRowIndex = 2 # Default starting row index, assuming row 1 has headers
+    )
+
+    process {
+        # Load the existing Excel sheet
+        $excelPackage = Open-ExcelPackage -Path $ExcelPath
+        $worksheet = $excelPackage.Workbook.Worksheets[$WorksheetName]
+
+        if (-not $worksheet) {
+            throw "Worksheet '$WorksheetName' not found in '$ExcelPath'"
+        }
+
+        # Function to update cells in the worksheet
+        function Update-WorksheetCells {
+            param (
+                $Worksheet,
+                $Data,
+                $StartingRowIndex
+            )
+
+            # Check and set headers
+            $firstItem = $Data[0]
+            $colIndex = 1
+            foreach ($property in $firstItem.PSObject.Properties) {
+                if ($StartingRowIndex -eq 2 -and $Worksheet.Cells[1, $colIndex].Value -eq $null) {
+                    $Worksheet.Cells[1, $colIndex].Value = $property.Name
+                }
+                $colIndex++
+            }
+
+            # Iterate over each row in the data and update cells
+            $rowIndex = $StartingRowIndex
+            foreach ($item in $Data) {
+                $colIndex = 1
+                foreach ($property in $item.PSObject.Properties) {
+                    $Worksheet.Cells[$rowIndex, $colIndex].Value = $property.Value
+                    $colIndex++
+                }
+                $rowIndex++
+            }
+        }
+
+        # Update the worksheet with the provided data
+        Update-WorksheetCells -Worksheet $worksheet -Data $Data -StartingRowIndex $StartingRowIndex
+
+        # Save and close the Excel package
+        Close-ExcelPackage $excelPackage
+    }
+}
\ No newline at end of file
diff --git a/source/tests/Test-AdministrativeAccountCompliance .ps1 b/source/tests/Test-AdministrativeAccountCompliance .ps1
index 9841865..597936a 100644
--- a/source/tests/Test-AdministrativeAccountCompliance .ps1	
+++ b/source/tests/Test-AdministrativeAccountCompliance .ps1	
@@ -1,16 +1,14 @@
 function Test-AdministrativeAccountCompliance {
     [CmdletBinding()]
     param (
-        [switch]$SkipGraphConnection
+        # Parameters can be added if needed
     )
     begin {
         #. C:\Temp\CISAuditResult.ps1
         $validLicenses = @('AAD_PREMIUM', 'AAD_PREMIUM_P2')
     }
     process {
-        if (-not $SkipGraphConnection) {
-            Connect-MgGraph -Scopes "Directory.Read.All", "User.Read.All", "RoleManagement.Read.Directory" -NoWelcome
-        }
+
         $adminRoles = Get-MgRoleManagementDirectoryRoleDefinition | Where-Object { $_.DisplayName -like "*Admin*" }
         $adminRoleUsers = @()
         foreach ($role in $adminRoles) {

From ba0a3819b9a213372f3de00634e4d44a4736a427 Mon Sep 17 00:00:00 2001
From: DrIOS <58635327+DrIOSX@users.noreply.github.com>
Date: Fri, 5 Apr 2024 18:35:21 -0500
Subject: [PATCH 03/15] add: Create public function for merge

---
 .../Merge-CISExcelAndCsvData.ps1              |  0
 source/Private/Update-CISExcelWorksheet.ps1   | 33 ++++++++++
 source/Private/Update-WorksheetCells.ps1      | 28 +++++++++
 source/Public/Sync-CISExcelAndCsvData.ps1     | 61 ++++++++++++++++++
 source/Public/Update-CISExcelWorksheet.ps1    | 62 -------------------
 5 files changed, 122 insertions(+), 62 deletions(-)
 rename source/{Public => Private}/Merge-CISExcelAndCsvData.ps1 (100%)
 create mode 100644 source/Private/Update-CISExcelWorksheet.ps1
 create mode 100644 source/Private/Update-WorksheetCells.ps1
 create mode 100644 source/Public/Sync-CISExcelAndCsvData.ps1
 delete mode 100644 source/Public/Update-CISExcelWorksheet.ps1

diff --git a/source/Public/Merge-CISExcelAndCsvData.ps1 b/source/Private/Merge-CISExcelAndCsvData.ps1
similarity index 100%
rename from source/Public/Merge-CISExcelAndCsvData.ps1
rename to source/Private/Merge-CISExcelAndCsvData.ps1
diff --git a/source/Private/Update-CISExcelWorksheet.ps1 b/source/Private/Update-CISExcelWorksheet.ps1
new file mode 100644
index 0000000..6de5747
--- /dev/null
+++ b/source/Private/Update-CISExcelWorksheet.ps1
@@ -0,0 +1,33 @@
+function Update-CISExcelWorksheet {
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory = $true)]
+        [string]$ExcelPath,
+
+        [Parameter(Mandatory = $true)]
+        [string]$WorksheetName,
+
+        [Parameter(Mandatory = $true)]
+        [psobject[]]$Data,
+
+        [Parameter(Mandatory = $false)]
+        [int]$StartingRowIndex = 2 # Default starting row index, assuming row 1 has headers
+    )
+
+    process {
+        # Load the existing Excel sheet
+        $excelPackage = Open-ExcelPackage -Path $ExcelPath
+        $worksheet = $excelPackage.Workbook.Worksheets[$WorksheetName]
+
+        if (-not $worksheet) {
+            throw "Worksheet '$WorksheetName' not found in '$ExcelPath'"
+        }
+
+
+        # Update the worksheet with the provided data
+        Update-WorksheetCells -Worksheet $worksheet -Data $Data -StartingRowIndex $StartingRowIndex
+
+        # Save and close the Excel package
+        Close-ExcelPackage $excelPackage
+    }
+}
\ No newline at end of file
diff --git a/source/Private/Update-WorksheetCells.ps1 b/source/Private/Update-WorksheetCells.ps1
new file mode 100644
index 0000000..eae857f
--- /dev/null
+++ b/source/Private/Update-WorksheetCells.ps1
@@ -0,0 +1,28 @@
+        function Update-WorksheetCells {
+            param (
+                $Worksheet,
+                $Data,
+                $StartingRowIndex
+            )
+
+            # Check and set headers
+            $firstItem = $Data[0]
+            $colIndex = 1
+            foreach ($property in $firstItem.PSObject.Properties) {
+                if ($StartingRowIndex -eq 2 -and $Worksheet.Cells[1, $colIndex].Value -eq $null) {
+                    $Worksheet.Cells[1, $colIndex].Value = $property.Name
+                }
+                $colIndex++
+            }
+
+            # Iterate over each row in the data and update cells
+            $rowIndex = $StartingRowIndex
+            foreach ($item in $Data) {
+                $colIndex = 1
+                foreach ($property in $item.PSObject.Properties) {
+                    $Worksheet.Cells[$rowIndex, $colIndex].Value = $property.Value
+                    $colIndex++
+                }
+                $rowIndex++
+            }
+        }
diff --git a/source/Public/Sync-CISExcelAndCsvData.ps1 b/source/Public/Sync-CISExcelAndCsvData.ps1
new file mode 100644
index 0000000..d1afc6f
--- /dev/null
+++ b/source/Public/Sync-CISExcelAndCsvData.ps1
@@ -0,0 +1,61 @@
+<#
+    .SYNOPSIS
+    Synchronizes data between an Excel file and a CSV file and optionally updates the Excel worksheet.
+    .DESCRIPTION
+    The Sync-CISExcelAndCsvData function merges data from a specified Excel file and a CSV file based on a common key. It can also update the Excel worksheet with the merged data. This function is particularly useful for updating Excel records with additional data from a CSV file while preserving the original formatting and structure of the Excel worksheet.
+    .PARAMETER ExcelPath
+    The path to the Excel file that contains the original data. This parameter is mandatory.
+    .PARAMETER WorksheetName
+    The name of the worksheet within the Excel file that contains the data to be synchronized. This parameter is mandatory.
+    .PARAMETER CsvPath
+    The path to the CSV file containing data to be merged with the Excel data. This parameter is mandatory.
+    .PARAMETER SkipUpdate
+    If specified, the function will return the merged data object without updating the Excel worksheet. This is useful for previewing the merged data.
+    .EXAMPLE
+    PS> Sync-CISExcelAndCsvData -ExcelPath "path\to\excel.xlsx" -WorksheetName "DataSheet" -CsvPath "path\to\data.csv"
+    Merges data from 'data.csv' into 'excel.xlsx' on the 'DataSheet' worksheet and updates the worksheet with the merged data.
+    .EXAMPLE
+    PS> $mergedData = Sync-CISExcelAndCsvData -ExcelPath "path\to\excel.xlsx" -WorksheetName "DataSheet" -CsvPath "path\to\data.csv" -SkipUpdate
+    Retrieves the merged data object for preview without updating the Excel worksheet.
+    .INPUTS
+    None. You cannot pipe objects to Sync-CISExcelAndCsvData.
+    .OUTPUTS
+    Object[]
+    If the SkipUpdate switch is used, the function returns an array of custom objects representing the merged data.
+    .NOTES
+    - Ensure that the 'ImportExcel' module is installed and up to date.
+    - It is recommended to backup the Excel file before running this script to prevent accidental data loss.
+    - This function is part of the CIS Excel and CSV Data Management Toolkit.
+    .LINK
+    Online documentation: [Your Documentation Link Here]
+#>
+
+function Sync-CISExcelAndCsvData {
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory = $true)]
+        [string]$ExcelPath,
+
+        [Parameter(Mandatory = $true)]
+        [string]$WorksheetName,
+
+        [Parameter(Mandatory = $true)]
+        [string]$CsvPath,
+
+        [Parameter(Mandatory = $false)]
+        [switch]$SkipUpdate
+    )
+
+    process {
+        # Merge Excel and CSV data
+        $mergedData = Merge-CISExcelAndCsvData -ExcelPath $ExcelPath -WorksheetName $WorksheetName -CsvPath $CsvPath
+
+        # Output the merged data if the user chooses to skip the update
+        if ($SkipUpdate) {
+            return $mergedData
+        } else {
+            # Update the Excel worksheet with the merged data
+            Update-CISExcelWorksheet -ExcelPath $ExcelPath -WorksheetName $WorksheetName -Data $mergedData
+        }
+    }
+}
diff --git a/source/Public/Update-CISExcelWorksheet.ps1 b/source/Public/Update-CISExcelWorksheet.ps1
deleted file mode 100644
index 712a89b..0000000
--- a/source/Public/Update-CISExcelWorksheet.ps1
+++ /dev/null
@@ -1,62 +0,0 @@
-function Update-CISExcelWorksheet {
-    [CmdletBinding()]
-    param (
-        [Parameter(Mandatory = $true)]
-        [string]$ExcelPath,
-
-        [Parameter(Mandatory = $true)]
-        [string]$WorksheetName,
-
-        [Parameter(Mandatory = $true)]
-        [psobject[]]$Data,
-
-        [Parameter(Mandatory = $false)]
-        [int]$StartingRowIndex = 2 # Default starting row index, assuming row 1 has headers
-    )
-
-    process {
-        # Load the existing Excel sheet
-        $excelPackage = Open-ExcelPackage -Path $ExcelPath
-        $worksheet = $excelPackage.Workbook.Worksheets[$WorksheetName]
-
-        if (-not $worksheet) {
-            throw "Worksheet '$WorksheetName' not found in '$ExcelPath'"
-        }
-
-        # Function to update cells in the worksheet
-        function Update-WorksheetCells {
-            param (
-                $Worksheet,
-                $Data,
-                $StartingRowIndex
-            )
-
-            # Check and set headers
-            $firstItem = $Data[0]
-            $colIndex = 1
-            foreach ($property in $firstItem.PSObject.Properties) {
-                if ($StartingRowIndex -eq 2 -and $Worksheet.Cells[1, $colIndex].Value -eq $null) {
-                    $Worksheet.Cells[1, $colIndex].Value = $property.Name
-                }
-                $colIndex++
-            }
-
-            # Iterate over each row in the data and update cells
-            $rowIndex = $StartingRowIndex
-            foreach ($item in $Data) {
-                $colIndex = 1
-                foreach ($property in $item.PSObject.Properties) {
-                    $Worksheet.Cells[$rowIndex, $colIndex].Value = $property.Value
-                    $colIndex++
-                }
-                $rowIndex++
-            }
-        }
-
-        # Update the worksheet with the provided data
-        Update-WorksheetCells -Worksheet $worksheet -Data $Data -StartingRowIndex $StartingRowIndex
-
-        # Save and close the Excel package
-        Close-ExcelPackage $excelPackage
-    }
-}
\ No newline at end of file

From d037f82f602febf4a09c08290dd617ca28c84d01 Mon Sep 17 00:00:00 2001
From: DrIOS <58635327+DrIOSX@users.noreply.github.com>
Date: Mon, 8 Apr 2024 13:59:35 -0500
Subject: [PATCH 04/15] add: test for 1.1.4 guest users

---
 .../tests/Test-GuestUsersBiweeklyReview.ps1   | 61 +++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 source/tests/Test-GuestUsersBiweeklyReview.ps1

diff --git a/source/tests/Test-GuestUsersBiweeklyReview.ps1 b/source/tests/Test-GuestUsersBiweeklyReview.ps1
new file mode 100644
index 0000000..b89ae85
--- /dev/null
+++ b/source/tests/Test-GuestUsersBiweeklyReview.ps1
@@ -0,0 +1,61 @@
+function Test-GuestUsersBiweeklyReview {
+    [CmdletBinding()]
+    param ()
+
+    begin {
+        #. .\source\Classes\CISAuditResult.ps1
+        $auditResults = @()
+    }
+
+    process {
+        # 1.1.4 (L1) Ensure Guest Users are reviewed at least biweekly
+        # The function will fail if guest users are found since they should be reviewed manually biweekly.
+
+        try {
+            # Connect to Microsoft Graph - placeholder for connection command
+            # Connect-MgGraph -Scopes "User.Read.All"
+            $guestUsers = Get-MgUser -All -Filter "UserType eq 'Guest'"
+
+            # Create an instance of CISAuditResult and populate it
+            $auditResult = [CISAuditResult]::new()
+            $auditResult.CISControl = "5.1, 5.3"
+            $auditResult.CISDescription = "Establish and Maintain an Inventory of Accounts, Disable Dormant Accounts"
+            $auditResult.Rec = "1.1.4"
+            $auditResult.RecDescription = "Ensure Guest Users are reviewed at least biweekly"
+            $auditResult.ELevel = "E3"
+            $auditResult.ProfileLevel = "L1"
+            $auditResult.IG1 = $true
+            $auditResult.IG2 = $true
+            $auditResult.IG3 = $true
+            $auditResult.CISControlVer = 'v8'
+
+            if ($guestUsers) {
+                $auditCommand = "Get-MgUser -All -Property UserType,UserPrincipalName | Where {`$_.UserType -ne 'Member'} | Format-Table UserPrincipalName, UserType"
+                $auditResult.Status = "Fail"
+                $auditResult.Result = $false
+                $auditResult.Details = "Manual review required. To list guest users, run: `"$auditCommand`"."
+                $auditResult.FailureReason = "Guest users present: $($guestUsers.Count)"
+            } else {
+                $auditResult.Status = "Pass"
+                $auditResult.Result = $true
+                $auditResult.Details = "No guest users found."
+                $auditResult.FailureReason = "N/A"
+            }
+        }
+        catch {
+            $auditResult.Status = "Error"
+            $auditResult.Result = $false
+            $auditResult.Details = "Error while attempting to check guest users. Error message: $($_.Exception.Message)"
+            $auditResult.FailureReason = "An error occurred during the audit check."
+        }
+
+        $auditResults += $auditResult
+    }
+
+    end {
+        # Return auditResults
+        return $auditResults
+    }
+}
+
+

From a4dce52825669168fc8ecf8522baa2b0f2b19a26 Mon Sep 17 00:00:00 2001
From: DrIOS <58635327+DrIOSX@users.noreply.github.com>
Date: Mon, 15 Apr 2024 15:51:00 -0500
Subject: [PATCH 05/15] add: future changes to be committed

---
 helpers/Automation Candidates.md           | 52 ++++++++++++++++++++++
 helpers/Build-Help.ps1                     |  4 +-
 source/Public/Get-AdminRoleUserLicense.ps1 | 52 ++++++++++++++++++++++
 source/Public/Invoke-M365SecurityAudit.ps1 |  6 +--
 4 files changed, 110 insertions(+), 4 deletions(-)
 create mode 100644 helpers/Automation Candidates.md
 create mode 100644 source/Public/Get-AdminRoleUserLicense.ps1

diff --git a/helpers/Automation Candidates.md b/helpers/Automation Candidates.md
new file mode 100644
index 0000000..1b3d262
--- /dev/null
+++ b/helpers/Automation Candidates.md	
@@ -0,0 +1,52 @@
+# Automation Candidates
+
+## 5.1.1.1 (L1) Ensure Security Defaults is disabled on Azure Active Directory
+
+- `Connect-MgGraph -Scopes "Policy.Read.All"`
+- `Get-MgPolicyIdentitySecurityDefaultEnforcementPolicy | ft IsEnabled`
+
+## 5.1.2.1 (L1) Ensure 'Per-user MFA' is disabled
+
+- `Connect-MsolService`
+- Commands:
+
+```powershell
+$UserList = Get-MsolUser -All | Where-Object { $_.UserType -eq 'Member' }
+$Report = @()
+foreach ($user in $UserList) {
+    $PerUserMFAState = $null
+    if ($user.StrongAuthenticationRequirements) {
+        $PerUserMFAState = $user.StrongAuthenticationRequirements.State
+    }
+    else {
+        $PerUserMFAState = 'Disabled'
+    }
+    $obj = [pscustomobject][ordered]@{
+        UserPrincipalName = $User.UserPrincipalName
+        DisplayName       = $User.DisplayName
+        PerUserMFAState   = $PerUserMFAState
+    }
+    $Report += $obj
+}
+$Report
+```
+
+## 5.1.3.1 (L1) Ensure a dynamic group for guest users is created
+
+- `Connect-MgGraph -Scopes "Group.Read.All"`
+- Commands:
+
+```powershell
+$groups = Get-MgGroup | Where-Object { $_.GroupTypes -contains "DynamicMembership" } 
+$groups | ft DisplayName,GroupTypes,MembershipRule
+```
+
+## 6.1.4 (L1) Ensure 'AuditBypassEnabled' is not enabled on mailboxes
+
+- `Connect-ExchangeOnline`
+- Commands:
+
+```powershell
+$MBX = Get-MailboxAuditBypassAssociation -ResultSize unlimited
+$MBX | where {$_.AuditBypassEnabled -eq $true} | Format-Table Name,AuditBypassEnabled
+```
diff --git a/helpers/Build-Help.ps1 b/helpers/Build-Help.ps1
index 82e139f..a2d483b 100644
--- a/helpers/Build-Help.ps1
+++ b/helpers/Build-Help.ps1
@@ -12,4 +12,6 @@ Import-Module .\output\module\M365FoundationsCISReport\*\*.psd1
     "Fix: PR #37"
     git push origin $ver
     # git tag -d $ver
-#>
\ No newline at end of file
+#>
+
+
diff --git a/source/Public/Get-AdminRoleUserLicense.ps1 b/source/Public/Get-AdminRoleUserLicense.ps1
new file mode 100644
index 0000000..d746dd9
--- /dev/null
+++ b/source/Public/Get-AdminRoleUserLicense.ps1
@@ -0,0 +1,52 @@
+function Get-AdminRoleUserLicense {
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory = $false)]
+        [switch]$SkipGraphConnection
+    )
+
+    begin {
+        if (-not $SkipGraphConnection) {
+            Connect-MgGraph -Scopes "Directory.Read.All", "Domain.Read.All", "Policy.Read.All", "Organization.Read.All" -NoWelcome
+        }
+
+        $adminRoleUsers = @()
+        $userIds = @()
+    }
+    Process {    # Connect to Microsoft Graph if not skipping connection
+
+        $adminroles = Get-MgRoleManagementDirectoryRoleDefinition | Where-Object { $_.DisplayName -like "*Admin*" }
+
+        foreach ($role in $adminroles) {
+            $usersInRole = Get-MgRoleManagementDirectoryRoleAssignment -Filter "roleDefinitionId eq '$($role.Id)'"
+
+            foreach ($user in $usersInRole) {
+                $userIds += $user.PrincipalId
+                $userDetails = Get-MgUser -UserId $user.PrincipalId -Property "DisplayName, UserPrincipalName, Id, onPremisesSyncEnabled"
+
+                $adminRoleUsers += [PSCustomObject]@{
+                    RoleName = $role.DisplayName
+                    UserName = $userDetails.DisplayName
+                    UserPrincipalName = $userDetails.UserPrincipalName
+                    UserId = $userDetails.Id
+                    HybridUser = $userDetails.onPremisesSyncEnabled
+                    Licenses = ""  # Placeholder for licenses, to be filled later
+                }
+            }
+        }
+
+        foreach ($userId in $userIds | Select-Object -Unique) {
+            $licenses = Get-MgUserLicenseDetail -UserId $userId
+            $licenseList = ($licenses.SkuPartNumber -join '|')
+
+            $adminRoleUsers | Where-Object { $_.UserId -eq $userId } | ForEach-Object {
+                $_.Licenses = $licenseList
+            }
+        }
+    }
+    End {
+        Write-Host "Disconnecting from Microsoft Graph..." -ForegroundColor Green
+        Disconnect-MgGraph | Out-Null
+        return $adminRoleUsers
+    }
+}
\ No newline at end of file
diff --git a/source/Public/Invoke-M365SecurityAudit.ps1 b/source/Public/Invoke-M365SecurityAudit.ps1
index 48f8c52..250f2b0 100644
--- a/source/Public/Invoke-M365SecurityAudit.ps1
+++ b/source/Public/Invoke-M365SecurityAudit.ps1
@@ -248,12 +248,12 @@ function Invoke-M365SecurityAudit {
     }
 
     End {
-        # Return all collected audit results
-        return $allAuditResults
-        # Check if the Disconnect switch is present
         if (!($DoNotDisconnect)) {
             # Clean up sessions
             Disconnect-M365Suite
         }
+        # Return all collected audit results
+        return $allAuditResults
+        # Check if the Disconnect switch is present
     }
 }
\ No newline at end of file

From b381421f4519b3d364f6c5d7ff63c6b3636472cc Mon Sep 17 00:00:00 2001
From: DrIOS <58635327+DrIOSX@users.noreply.github.com>
Date: Mon, 15 Apr 2024 15:54:52 -0500
Subject: [PATCH 06/15] add: Error handling for Get-AdminRoleUserLicense

---
 source/Public/Get-AdminRoleUserLicense.ps1 | 36 ++++++++++++----------
 1 file changed, 20 insertions(+), 16 deletions(-)

diff --git a/source/Public/Get-AdminRoleUserLicense.ps1 b/source/Public/Get-AdminRoleUserLicense.ps1
index d746dd9..10e613d 100644
--- a/source/Public/Get-AdminRoleUserLicense.ps1
+++ b/source/Public/Get-AdminRoleUserLicense.ps1
@@ -13,40 +13,44 @@ function Get-AdminRoleUserLicense {
         $adminRoleUsers = @()
         $userIds = @()
     }
-    Process {    # Connect to Microsoft Graph if not skipping connection
 
+    Process {
         $adminroles = Get-MgRoleManagementDirectoryRoleDefinition | Where-Object { $_.DisplayName -like "*Admin*" }
 
         foreach ($role in $adminroles) {
             $usersInRole = Get-MgRoleManagementDirectoryRoleAssignment -Filter "roleDefinitionId eq '$($role.Id)'"
 
             foreach ($user in $usersInRole) {
-                $userIds += $user.PrincipalId
-                $userDetails = Get-MgUser -UserId $user.PrincipalId -Property "DisplayName, UserPrincipalName, Id, onPremisesSyncEnabled"
+                $userDetails = Get-MgUser -UserId $user.PrincipalId -Property "DisplayName, UserPrincipalName, Id, onPremisesSyncEnabled" -ErrorAction SilentlyContinue
 
-                $adminRoleUsers += [PSCustomObject]@{
-                    RoleName = $role.DisplayName
-                    UserName = $userDetails.DisplayName
-                    UserPrincipalName = $userDetails.UserPrincipalName
-                    UserId = $userDetails.Id
-                    HybridUser = $userDetails.onPremisesSyncEnabled
-                    Licenses = ""  # Placeholder for licenses, to be filled later
+                if ($userDetails) {
+                    $userIds += $user.PrincipalId
+                    $adminRoleUsers += [PSCustomObject]@{
+                        RoleName = $role.DisplayName
+                        UserName = $userDetails.DisplayName
+                        UserPrincipalName = $userDetails.UserPrincipalName
+                        UserId = $userDetails.Id
+                        HybridUser = $userDetails.onPremisesSyncEnabled
+                        Licenses = $null  # Initialize as $null
+                    }
                 }
             }
         }
 
         foreach ($userId in $userIds | Select-Object -Unique) {
-            $licenses = Get-MgUserLicenseDetail -UserId $userId
-            $licenseList = ($licenses.SkuPartNumber -join '|')
-
-            $adminRoleUsers | Where-Object { $_.UserId -eq $userId } | ForEach-Object {
-                $_.Licenses = $licenseList
+            $licenses = Get-MgUserLicenseDetail -UserId $userId -ErrorAction SilentlyContinue
+            if ($licenses) {
+                $licenseList = ($licenses.SkuPartNumber -join '|')
+                $adminRoleUsers | Where-Object { $_.UserId -eq $userId } | ForEach-Object {
+                    $_.Licenses = $licenseList
+                }
             }
         }
     }
+
     End {
         Write-Host "Disconnecting from Microsoft Graph..." -ForegroundColor Green
         Disconnect-MgGraph | Out-Null
         return $adminRoleUsers
     }
-}
\ No newline at end of file
+}

From ad2c85d0346dc87f8e31ab55be7e9325f15377c7 Mon Sep 17 00:00:00 2001
From: DrIOS <58635327+DrIOSX@users.noreply.github.com>
Date: Mon, 15 Apr 2024 15:58:12 -0500
Subject: [PATCH 07/15] fix: format TestDefinitions.csv

---
 source/helper/TestDefinitions.csv | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source/helper/TestDefinitions.csv b/source/helper/TestDefinitions.csv
index 653429c..5bef5ae 100644
--- a/source/helper/TestDefinitions.csv
+++ b/source/helper/TestDefinitions.csv
@@ -1,5 +1,5 @@
 Index,TestFileName,Rec,ELevel,ProfileLevel,IG1,IG2,IG3,Automated
-1,Test-AdministrativeAccountCompliance .ps1,1.1.1,E3,L1,TRUE,TRUE,TRUE,FALSE
+1,Test-AdministrativeAccountCompliance.ps1,1.1.1,E3,L1,TRUE,TRUE,TRUE,FALSE
 2,Test-GlobalAdminsCount.ps1,1.1.3,E3,L1,TRUE,TRUE,TRUE,TRUE
 3,Test-ManagedApprovedPublicGroups.ps1,1.2.1,E3,L2,TRUE,TRUE,TRUE,TRUE
 4,Test-BlockSharedMailboxSignIn.ps1,1.2.2,E3,L1,FALSE,FALSE,FALSE,TRUE

From fe503509eae1db87166757ae2a71b814c303aaaf Mon Sep 17 00:00:00 2001
From: DrIOS <58635327+DrIOSX@users.noreply.github.com>
Date: Mon, 15 Apr 2024 16:02:13 -0500
Subject: [PATCH 08/15] fix: Test-AdministrativeAccountCompliance filename

---
 ...ntCompliance .ps1 => Test-AdministrativeAccountCompliance.ps1} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename source/tests/{Test-AdministrativeAccountCompliance .ps1 => Test-AdministrativeAccountCompliance.ps1} (100%)

diff --git a/source/tests/Test-AdministrativeAccountCompliance .ps1 b/source/tests/Test-AdministrativeAccountCompliance.ps1
similarity index 100%
rename from source/tests/Test-AdministrativeAccountCompliance .ps1
rename to source/tests/Test-AdministrativeAccountCompliance.ps1

From 8f44424962322ecf9ff3d8658f440ebad388c89d Mon Sep 17 00:00:00 2001
From: DrIOS <58635327+DrIOSX@users.noreply.github.com>
Date: Mon, 15 Apr 2024 16:27:01 -0500
Subject: [PATCH 09/15] fix: Error handling in 1.1.1 test

---
 .../Test-AdministrativeAccountCompliance.ps1  | 28 ++++++++++++-------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/source/tests/Test-AdministrativeAccountCompliance.ps1 b/source/tests/Test-AdministrativeAccountCompliance.ps1
index 597936a..3273774 100644
--- a/source/tests/Test-AdministrativeAccountCompliance.ps1
+++ b/source/tests/Test-AdministrativeAccountCompliance.ps1
@@ -8,23 +8,29 @@ function Test-AdministrativeAccountCompliance {
         $validLicenses = @('AAD_PREMIUM', 'AAD_PREMIUM_P2')
     }
     process {
-
         $adminRoles = Get-MgRoleManagementDirectoryRoleDefinition | Where-Object { $_.DisplayName -like "*Admin*" }
         $adminRoleUsers = @()
+
         foreach ($role in $adminRoles) {
             $roleAssignments = Get-MgRoleManagementDirectoryRoleAssignment -Filter "roleDefinitionId eq '$($role.Id)'"
+
             foreach ($assignment in $roleAssignments) {
-                $userDetails = Get-MgUser -UserId $assignment.PrincipalId -Property "DisplayName, UserPrincipalName, Id, OnPremisesSyncEnabled"
-                $licenses = (Get-MgUserLicenseDetail -UserId $assignment.PrincipalId).SkuPartNumber -join '|'
-                $adminRoleUsers += [PSCustomObject]@{
-                    UserName   = $userDetails.UserPrincipalName
-                    RoleName   = $role.DisplayName
-                    UserId     = $userDetails.Id
-                    HybridUser = $userDetails.OnPremisesSyncEnabled
-                    Licenses   = $licenses
+                $userDetails = Get-MgUser -UserId $assignment.PrincipalId -Property "DisplayName, UserPrincipalName, Id, OnPremisesSyncEnabled" -ErrorAction SilentlyContinue
+                if ($userDetails) {
+                    $licenses = Get-MgUserLicenseDetail -UserId $assignment.PrincipalId -ErrorAction SilentlyContinue
+                    $licenseString = if ($licenses) { ($licenses.SkuPartNumber -join '|') } else { "No Licenses Found" }
+
+                    $adminRoleUsers += [PSCustomObject]@{
+                        UserName   = $userDetails.UserPrincipalName
+                        RoleName   = $role.DisplayName
+                        UserId     = $userDetails.Id
+                        HybridUser = $userDetails.OnPremisesSyncEnabled
+                        Licenses   = $licenseString
+                    }
                 }
             }
         }
+
         $uniqueAdminRoleUsers = $adminRoleUsers | Group-Object -Property UserName | ForEach-Object {
             $first = $_.Group | Select-Object -First 1
             $roles = ($_.Group.RoleName -join ', ')
@@ -32,10 +38,12 @@ function Test-AdministrativeAccountCompliance {
 
             $first | Select-Object UserName, UserId, HybridUser, @{Name = 'Roles'; Expression = { $roles } }, @{Name = 'Licenses'; Expression = { $licenses -join '|' } }
         }
+
         $nonCompliantUsers = $uniqueAdminRoleUsers | Where-Object {
             $_.HybridUser -or
             -not ($_.Licenses -split '\|' | Where-Object { $validLicenses -contains $_ })
         }
+
         $failureReasons = $nonCompliantUsers | ForEach-Object {
             $accountType = if ($_.HybridUser) { "Hybrid" } else { "Cloud-Only" }
             $missingLicenses = $validLicenses | Where-Object { $_ -notin ($_.Licenses -split '\|') }
@@ -64,4 +72,4 @@ function Test-AdministrativeAccountCompliance {
         # Output the result
         return $auditResult
     }
-}
\ No newline at end of file
+}

From 8e2fab701c8ce83473e828caeaf8158782eeeb57 Mon Sep 17 00:00:00 2001
From: DrIOS <58635327+DrIOSX@users.noreply.github.com>
Date: Mon, 15 Apr 2024 17:03:39 -0500
Subject: [PATCH 10/15] docs: Update comments for new functions

---
 source/Public/Get-AdminRoleUserLicense.ps1 | 28 ++++++++++++++++++++++
 source/Public/Sync-CISExcelAndCsvData.ps1  |  2 +-
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/source/Public/Get-AdminRoleUserLicense.ps1 b/source/Public/Get-AdminRoleUserLicense.ps1
index 10e613d..f292c1c 100644
--- a/source/Public/Get-AdminRoleUserLicense.ps1
+++ b/source/Public/Get-AdminRoleUserLicense.ps1
@@ -1,3 +1,31 @@
+<#
+.SYNOPSIS
+    Retrieves user licenses and roles for administrative accounts from Microsoft 365 via the Graph API.
+.DESCRIPTION
+    The Get-AdminRoleUserLicense function connects to Microsoft Graph and retrieves all users who are assigned administrative roles along with their user details and licenses. This function is useful for auditing and compliance checks to ensure that administrators have appropriate licenses and role assignments.
+.PARAMETER SkipGraphConnection
+    A switch parameter that, when set, skips the connection to Microsoft Graph if already established. This is useful for batch processing or when used within scripts where multiple calls are made and the connection is managed externally.
+.EXAMPLE
+    PS> Get-AdminRoleUserLicense
+
+    This example retrieves all administrative role users along with their licenses by connecting to Microsoft Graph using the default scopes.
+.EXAMPLE
+    PS> Get-AdminRoleUserLicense -SkipGraphConnection
+
+    This example retrieves all administrative role users along with their licenses without attempting to connect to Microsoft Graph, assuming that the connection is already established.
+.INPUTS
+    None. You cannot pipe objects to Get-AdminRoleUserLicense.
+.OUTPUTS
+    PSCustomObject
+    Returns a custom object for each user with administrative roles that includes the following properties: RoleName, UserName, UserPrincipalName, UserId, HybridUser, and Licenses.
+.NOTES
+    Version:        1.0
+    Author:         Your Name
+    Creation Date:  2024-04-15
+    Purpose/Change: Initial function development to support Microsoft 365 administrative role auditing.
+.LINK
+    https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-AdminRoleUserLicense
+#>
 function Get-AdminRoleUserLicense {
     [CmdletBinding()]
     param (
diff --git a/source/Public/Sync-CISExcelAndCsvData.ps1 b/source/Public/Sync-CISExcelAndCsvData.ps1
index d1afc6f..223ccfc 100644
--- a/source/Public/Sync-CISExcelAndCsvData.ps1
+++ b/source/Public/Sync-CISExcelAndCsvData.ps1
@@ -27,7 +27,7 @@
     - It is recommended to backup the Excel file before running this script to prevent accidental data loss.
     - This function is part of the CIS Excel and CSV Data Management Toolkit.
     .LINK
-    Online documentation: [Your Documentation Link Here]
+    https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-AdminRoleUserLicense
 #>
 
 function Sync-CISExcelAndCsvData {

From bbb1dd35862d459a49c3a219df0af73826ffd75d Mon Sep 17 00:00:00 2001
From: DrIOS <58635327+DrIOSX@users.noreply.github.com>
Date: Tue, 16 Apr 2024 09:04:14 -0500
Subject: [PATCH 11/15] fix: Properties for skip and include tests

---
 source/Public/Invoke-M365SecurityAudit.ps1 | 4 ++--
 source/Public/Sync-CISExcelAndCsvData.ps1  | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/source/Public/Invoke-M365SecurityAudit.ps1 b/source/Public/Invoke-M365SecurityAudit.ps1
index 250f2b0..cff7e59 100644
--- a/source/Public/Invoke-M365SecurityAudit.ps1
+++ b/source/Public/Invoke-M365SecurityAudit.ps1
@@ -92,7 +92,7 @@ function Invoke-M365SecurityAudit {
         # Inclusion of specific recommendation numbers
         [Parameter(ParameterSetName = 'RecFilter')]
         [ValidateSet(
-            '1.1.3', '1.2.1', '1.2.2', '1.3.1', '1.3.3', '1.3.6', '2.1.1', '2.1.2', `
+            '1.1.1','1.1.3', '1.2.1', '1.2.2', '1.3.1', '1.3.3', '1.3.6', '2.1.1', '2.1.2', `
                 '2.1.3', '2.1.4', '2.1.5', '2.1.6', '2.1.7', '2.1.9', '3.1.1', '5.1.2.3', `
                 '5.1.8.1', '6.1.1', '6.1.2', '6.1.3', '6.2.1', '6.2.2', '6.2.3', '6.3.1', `
                 '6.5.1', '6.5.2', '6.5.3', '7.2.1', '7.2.10', '7.2.2', '7.2.3', '7.2.4', `
@@ -105,7 +105,7 @@ function Invoke-M365SecurityAudit {
         # Exclusion of specific recommendation numbers
         [Parameter(ParameterSetName = 'SkipRecFilter')]
         [ValidateSet(
-            '1.1.3', '1.2.1', '1.2.2', '1.3.1', '1.3.3', '1.3.6', '2.1.1', '2.1.2', `
+            '1.1.1','1.1.3', '1.2.1', '1.2.2', '1.3.1', '1.3.3', '1.3.6', '2.1.1', '2.1.2', `
                 '2.1.3', '2.1.4', '2.1.5', '2.1.6', '2.1.7', '2.1.9', '3.1.1', '5.1.2.3', `
                 '5.1.8.1', '6.1.1', '6.1.2', '6.1.3', '6.2.1', '6.2.2', '6.2.3', '6.3.1', `
                 '6.5.1', '6.5.2', '6.5.3', '7.2.1', '7.2.10', '7.2.2', '7.2.3', '7.2.4', `
diff --git a/source/Public/Sync-CISExcelAndCsvData.ps1 b/source/Public/Sync-CISExcelAndCsvData.ps1
index 223ccfc..378aba4 100644
--- a/source/Public/Sync-CISExcelAndCsvData.ps1
+++ b/source/Public/Sync-CISExcelAndCsvData.ps1
@@ -27,7 +27,7 @@
     - It is recommended to backup the Excel file before running this script to prevent accidental data loss.
     - This function is part of the CIS Excel and CSV Data Management Toolkit.
     .LINK
-    https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Get-AdminRoleUserLicense
+    https://criticalsolutionsnetwork.github.io/M365FoundationsCISReport/#Sync-CISExcelAndCsvData
 #>
 
 function Sync-CISExcelAndCsvData {

From 02529c9cba653878917136f76dfdd7c168ac5dd0 Mon Sep 17 00:00:00 2001
From: DrIOS <58635327+DrIOSX@users.noreply.github.com>
Date: Tue, 16 Apr 2024 09:50:29 -0500
Subject: [PATCH 12/15] docs: Update help

---
 README.md                                  | Bin 12446 -> 10176 bytes
 docs/index.html                            | Bin 40340 -> 30406 bytes
 source/Public/Get-AdminRoleUserLicense.ps1 |   2 --
 3 files changed, 2 deletions(-)

diff --git a/README.md b/README.md
index f50e965fdfb1b6e182232b4b01e2aaaa7d6f4d04..fcddb5550c5cdc5d77b6e9013e12ec0cc92eaf89 100644
GIT binary patch
literal 10176
zcmdT~ZBN@u7XF@JF@h_lMI;nx_XFy(VkzxL0*Xl6yDLEI#Ga5@>>01ePGHp^zt1@{
zj%|{(&`Z0wRjWF-XU@x<*XMX$ob3MP)mvMdSQgqEcQ_cHtIXzwII(e=s7_~nT^#F3
z8Hei+6Ya#AovC~{QAr|Fen;TuNIDe@YXmkBBW0pVD)SpBq>1TqtX+}oQCZ+6&{DZ5
zCQ2OU3RI`KuxSe7;-K(vfs@{;HFR6$k(NnsIFY$JNc4>oFZ(aVz!WMs%(6@>{`!LX
zOO-TkuhZ#?jSXzli{`s*Z0w1D*;1tPP8eH=(kbR6mDmkb#MtJdeqCf`o>`|{pZBU+
zpnV2oafhvPmFn9~QRJYB)#;|d7Nb%pkTZiiNX%;cO<s|fu4w3k?h#Qlm)tcp<YcNu
z;?*yt<Lzv&ueFhh=c=JHV(TEwa+^VzLWw9>u`UD?94T=PO`A=D=TjXkA+fKy5rySV
z1C338U?$cP?V!gZnn-i4oWPlrB(dsuI&UH4xWxHaoW-h;I&s)MQ7{BC)eeL&p7?yP
zo=u7(b9-A`kc<t7&I)$ZxB2x};Kgl??s_KbIk^Qx*@~5l`^r2A*B9sN8fFOFqhlt+
zjP1-MR>o|!f1ev|O=mWn^&{<6ROY(4V>0;JtL^(axyL(I^bX=wn{%6}k51*s!C%(#
zaCm2I=CtdaE1a;JLX|MPyi%R_kQ@u0XN&eBXYr09qX@oP;8|`{aiXK#Iy)`|oEA!!
ze01+}nN7sO*`N<*m|!7qJD)#)&d5<6Icle~ibrwL8{X)Q_c*l1sEESAmAH6K&S%Y;
z%wd91n%lqX&>!r}Wa<Z<FXEKURD2O|P#7sL-Y6I4I-|Yt>s<Y()G)@s;rdKx3WlfP
z!dY4Ht7BOvh4>_sQi(6vt%tiy{^7}MV@LV^5{6%I@e?e>-vi-hx`-wstC)wLWU(n`
z6J>-`xN?x$dlNh_2u-d~YuIZQ4j>a4TYM*!E95BA&}SS14dNP(5{|$pH<C;;w~=yA
zn`;ULOc3wH0t`(wh_hDUO%rw}$gSZrB9ci0O9&puwn>4b!5e6$(#UIUrEWR)CCObM
z!j5GEhpYd8>wohZv5H*>%0wJgeU5#RG!*(W9D}f<f8)HN2fNaS;WuPd@5=(G#ao>X
z4-vs^`koi#Y>P5S=$0bl+hJ2yiIO-3wssO<$hK{Jqo<P*+C)hi!v#p{u}u;?BMnk0
zQ+c74+Y{tlWM-S<BiyIHI?J(GXELd84dPAlkGoN>V|vwxwBV8m<t)#sEmX&cCs^nk
z#JW8pc3$kf?7eu|+kPd^eB|Fc<miWJZ*;*4qBQIvB8Dd?HcOQ$NPVu%e9~-r=n{d2
zED@6-TwvtrR;I83*V))O`scyP+3}Is-q^V3y{nv;osn~%^4lOCRY3+8wM^lB95}7S
zLce?}P`Pe|qtV^m?C{1Cmnhk|>7ZieJ=aAzCemyz!_I?c5X<7vj}VN6wTL*fC{&8b
z<fRKPwnR|ajdLZUF|<H7y6BM0B7--tV`Ns>A;-I@Qx=XLe(r2ia;0TdF|+wi{~COi
zqrSFVt4gu0^;HH?XDY;%r{A8l+rUiijp`9|!;lCM$cEXE=Go1^MPZ=Imfq4i4%AVV
z@|H4Fom)e$1EX1;vQ`lmy${MrQ*g@tm?z@(5JqpV_eJlGO{F%RjpjEma2M_#k{dFc
z|NTb8Y&rDPtyAmE-NT8BZs^AEIP$@muCQ>d^Awj$Q{t0xd2~!6WiAYnKFjS`Cu;G*
zuOZRENA<zGZ4%}e<9X*7<azg(<M~{1yA`_6%J?s?_J18os2ctMiSg&C$lC$ARg8Z?
zq44qiSlBUV(1Js^uS`N2U03P8$ORH%bFOWRoH~MeiObD_ZvpB+zd$VJ93Tv}B!TG4
z{PPDm@Zq{eeVD08k5R3%q(?m;w=XZB9qm#xaP;c(@;T>2DkZoMTt?q=*90(vI#g8a
zKvM{l7@=qKZ3OS$N)2-jE^7!HT5B%)3g;-hDeZ`a6B778-X{K!cb<^{knJAId7VmH
zd;^4WLFuUZ>n;MlTGeAA`w##{rnF2uRl8L6mUBWok0-SAU4(WYPiXf$2(?30i)L-N
zL75Tyh-O^o4l!sKT4n<b_InUTDuc3Nr!vohtHI^ki-jrE5%7a$+HctAVi^4n9@Q=P
zksd8+c-fP2*(_pO{IxBSdxbPkRDm7~jTm*@bNql><rSa<mB(mVr@)Vv>g&F>GCOr8
z`$&!e$_7T3!Alh%LXHVDQ@1Gosc~6$j`#U$mD7*pDxwm69wxI~IRJAU%JTpt1=#sP
z8uE2~&B9D0p)_*JIKU?jOAG~ny(Sv3TtnT<BT$xA&B7we0vMgUtaIf65?x+gUIE-j
zBJf6qHs6CT4X<mjm}5J+@+$NVFSdX}v7@VUW4m2z!Xv!^r+*9M@1xCqXQ#m9k)Qw{
zknuk;@=GKLkMzR;!Z0WTGLEJ4RHLJ>Fu5?12q+g)C;Dy7C30F5vsH0m<Do*0?_+!P
zf5_cHy<y@M&SK#(a-i;?U^$>E08^W@izYHp?5)Pc84TYOH4yMf>>8W5kZYQ-)L=F6
zjC${H;?*9Wco68c%2pTJ@3pyP7-9gP?lJ7uC-q^Hq)pL>%GX-W`5NL5y&9f`Vqop)
z6<%u=DPrw-dyT=MGnLbLWd*=MCU^8I6fAUhs935hCgiJmozTE|@1YUjK(KzILgrP-
z_C4X@?}WXCQirV*>7`gv?=%s)-33JMC(5&!+(mc0zun*MZi?;>F1EWX1f5N&67_kV
z#9djT@OJFCykF}qUoOc08>`U=S11087``0jdU9j$oDKIyoB9`VbW7lI@6b(Q{t`&}
zT9dtg<fib8Q~TjAQv*Y8z)^}db|^EXg3xk!+o%FOJkO%mm?DZ{aDf;Gzfeqx8<dnV
zPbm(Ep9EF=A@Vnn%lC%oG@nqrAtu&ACIFUj>aD|oIu0vP^VEZyE1}G*XX`&=TLvnD
zMMgaY$D`XwB?l&kIsxp<3Ssn9IC^OU^ils8Izy)^(OwlZg}D$aSYFB6U}e?H;h$Aw
zmfT^qi=|bcN8|)Sxfl(p;%kWJ3Jw8|F=aaXs|o|z$KBtnO$pI#J%MZsZ<CXKWX1rV
zEX6AS9ALp**1Ez%eMQwxMz#;D<Z#Yv<vx_*cgh&Rc71PMjllT?mo?Ftl|2MTXeoGs
zohF1ZKi_JS_e~zzxF8JGAhpp|b;`W)r9$R`+=fG6;IpZ=%AKjjAbnBHY;b}Kibjal
z;3rr-z3>OLSQ}o8wZ)cbTusloDe^@uA9i4i8TCU+W|77<>}n)Mt?>C-1fHQmRCm=J
z7Uk|#E1n<HlE&6w>s%gL$gl9^5JVf(Qa>f-`W^ZphH7n9V`|So01SFO*U_>XzcpfY
zDCO_f_Dx|MgU+5fG7eb+1i~PzJ4h+zuq$>OpYg!K3e>tV5y}>2M&5{10d&$61C$*^
zlM85k!xPiPk&JHWHE`aDo+E`Ug;t|9Y=9VjyD<8uHFQEWH^s*d_z(qVns^gUtV2&1
z+K#y%uoTWxRQ(E7zn&6tNap^AqWB39$9Ww4!P?|TBM@`se^9Nv;y6Vem&F=+*=1ob
z6$PgLZQ^c`lv@ErtPv~tGD;PA6uh-wNY>4{ymLZc7}5`a*wL+?by3+tL*1H4mp-Z@
z^>*i*ck65ujtR>{Hk$iJ?c*(@pwBm&W#QtW_Ba1NQA1($b2a0K!9IyKKA0i#8&Whs
bF$muNuyDZ@(~p_ZuF%sH4QN;F{=D-)dsN|z

literal 12446
zcmeI2Yfl?T6o%(>rT&K%R7z9D&_LP`5p6{Yi6Rk#0!dpzq=F5J8)K+1kV^UOZQo~(
z53{@8b?hWisvyf=@9gZ%xnJj>zvn|1o`mJ_efTas3@2e2x}g>J!yvSE*A4x!79NM~
z@GKmLQ;qcWgf~t!YZy8j{W5$Jzw?2$HuPRoqr91(?S$7F@9X)N-aOZnp4NP=Ye%0f
z9Ou@{Ml%lt1#7hQ97wVeBw0AnXji+u)_eO}=}laDUt`R*eOmE4(9^c&4+XWYWcaav
zrZFI3-JY(7^Vw+RL~8>Tcw}K!bMtE%Z5m-S&REkgvstyN{q}`ZBjN{ihkCoC(Km7B
zdto7bs}&z>Wnk**nyAg2Wg0GMB+-vuz_cIkUr@fG8Q<t*&@=?YI6OSRuX(@e*-%#~
z_m{3+-NVsgq;;YR&ka7qCkscK3Dv4r&m<c|Jw-y`SzlNp7Y-S`F4MvxdaRW*!D4Vh
zuVYc`ZMdURXl~fr?#FS|;DD=b(F>jr<Ic#4^Rx^<tN9+s5nHgXk`kZixWcC-MXnX>
ziM$mhsV`{ZP!>6!^dQqXa^%o~K|8$C7w&gT)T)*?r`M`*J=Oas@fYsEC-?&GzzEC|
zj%Z63_d>S2k%IRAndX84&>6&CNhwgC#9z}6WH(^~9h0U(0iHSx?Z`_slR2-nHdvd!
zvkzQhN0SaD1e*h;k3>(i1;zc~(V-yP*FGJs#{Q@JhZZ1dSpbW^zF@t3&2{-@_*%5V
zmYfRa`(aTZ;~Nxg3ztLP=WWkIq|YnOE7GN}kpoF|Lv(KH7s*=;W?dE|&5(r!t=A2=
zbM)SgmK@3JYe$n_*KFr&OM9N{y^gN%D_P#3<9bEQTZPlP-apr_SVOqf6nByMfgny8
z+0#a)J->Zn-OR6GFV6%IR<v>9v9?QVuWBFD0A!0d=LP+?cE!#?bKv1wem!Iq4Jbp(
zsIQmo-xI9?&#-hSl3V1?{AU)agFN!I8!Z9W!>wTv9%TA$gyr|Z2is|y(vN-#Z2;0T
zw9{apiAFmS8hAR82Wkl#tj%-5))B-jqKery^z=uKG{OTxfQB+}Q&+QO<1=?hb2l}A
zAdLgpZsf!uywpm?=MS`AUlgmF#R~aYVl86c6qkLSU!pA;h+jt+W47Z_r1SA;bS1*!
zK6^{h<2k^<q`WU2UtVK+t}AjnjQU^29jC@tlq@jE0#5S=JiX!5r;~f^MpM+sE*wfK
zABDRYa(P4RPitewX}xqqYsueb*z<8(FW=DmN@)E|cEn>oqP2YXUG~$v;t77N>|<|y
zaFy4bHKy5C+|gDX_PKJzqfNhBT*{qCu2pdr&)-QRQ^c6Xd#id_-fJTdB<VzgWCEwM
zVwOwWGid&&yehFXnafXFkyW?iT<SzbrQ~~9Dyj{{-OOOsBgJ~;kBq(0fBZ9Z-^GZJ
zSyUpXzdBAU+UrF5Nl#igDV|<Y?v-ZRPWDUX21uSusy1{bV@P!XVpA#r*mSZDkJ5`Z
zpHn?4Mzdb!B3gHgK^{$ZW&0A_I}ONPpo!(nP=PsBI96o<@5ikrtUPa^qU4!F5!c!C
zrvHix`B=Oj`)x@fmYbSKTmSO)ops4uK04o1-oLIa5&l!{SXZ@mPkDLDD!nq4GR|qS
zC$Du~g3GBsLtUn;d#eDMk2x6W5n27Y{<CkA$NKzYTn1gz%Cc3yuamX9y*`ZMR?+gz
zh-y~Krl9_Y;&i9}Mp(L*)X&QuRj#tue=NnvW4ybn1JqeAtIPIFQr?OcIBapsf=u$!
z0BRk`6*dn$j<qI3a(m@gX<AGk7VK7)#Tv(H=}K@~x>B5$uLLLT6SW%bfq9S1;?txE
zt6n0jEN)Rgn}Qv=tBa=%H>%r33AX!W2a8sCRqIg!$Ih~XSyi+XuS^%kJl&+7@ry%w
zNo;XXt4vGTI_o)2ta>$+JX94k*#bNo)z4#5rP`-mM{3qpZt5vG$vQgTO;Mp0JrU6z
z-qt!CM2d`<#oU)n5ZzMsMYgQNmMW?qC0kc!QWQme*NgoSq;+~3d%u-U^r@=mUM`iW
z=a=ipc`2KPBG8wLz4bkiT<cAE{4}jrzMo>$T&pYFmrE^rGvGuY&-*$qkHkpG1vv*2
zlDAv=+^g7+|CDl+ujW_L0UfdY#eU1NWcj|%I$Ax%I|NlbHAS5d*~v3u;ttC~t)FBW
zCR`^=MUK4FZc(`F{HZV`Z-Dj(;Sc?5j=YNLH|x&Q=SrPahwQ2R4E;rZ^RU@Dj#Z6Y
zhYTOw*Bx2&o_aQWv97ce<p&#-w_V81Kyx{*Fv$Z>+G8AJR?W*KT1Yo4c@C3TgOPoU
z8RevY-8fy~4Vq6BNi_gWE!z3`(<ktoH6LjYdbrTZ&YRGqP57)u4NSdWI;;6^?|*;N
z1S}jT@bL32>4b>UEXgyosQc5^ww`l6ZHu~Kc`02~JH=tSv7JOAKXv<+qPaXg<0npx
z2WE9GE4Pyg>CA>zOX&34c@&p7VmWk@{F$ydeONnJGW{73mw^vC(U8tCa7O3qPY4+0
zo(b#flL4mJS*Ys&L$yIXTU3Vo<4*ygt9;$It;=ImU9uA(X5Ba!vmSm`kNb(Lg&X>x
zDdS|6Hz)VjXSKG_X-8D@n%#I`eXfFg_ynvwlHL&fsmkYaXlLt?#({i?$@`q}sO!nk
z#W`u!;ycAU!d$F2*=lt)mn_W13dvlKW>9ZSxb{YRcs#QF)1H&?sDoNpu^!`EXf>H~
z<pwGwi&@O?Oe-fveDG%c1V-`(RnoHbSxXB#kn%UH*CfrUlLB~@vgBeu4F~b!W=-Lx
zWjc89X=+34$+wDE%bzu`rpfxVa7*@YA%2(j|Bk4BOBGKWxvT%Pa~H1JnG>?sl<zyI
zi(1;$j`-8$x4lP^JaK{$IpKMhgK@IH-kVYezRF1`zRjau<nRZ5k^EU=?dxy-%beX-
zRL|M2NtB=;gkSa3-3`TmebEJM>GxsB@efJci?qb|FyA~3QTC2vUUD4hYcU+%A<wbt
zJ^`m+*Yu3a8rcOrO13}kX!4ZjAChMo6BUy)twC4OYAF`UnM@(Aj#*mUs#DYfd3#M~
z;a=$K-Gd~39(QbLZO+D8#9`1ADes1-8c)5+7s7z*p2>MtEJu6=MTg4%+-oli0y`aP
nXK6cvhnScQ&NXIJD-UEniILx^W<TqheNJi4|8JnR)1UtWD+FDM

diff --git a/docs/index.html b/docs/index.html
index 801e16a0086d398c3963e3cc52ac19732aeed72e..d663cacdd84238a9e7914ddef08f0d8f75fe1eed 100644
GIT binary patch
literal 30406
zcmeHQdw1J5vj02z6bRdENv%lPangq(sq1x|*5@W^ZtV8%9w*yFk&wigBDEyt$94VP
z?{5YG3F;9gP2)|{^qj^biN|0tFAN5Q-kpa(?;rp3*@2i8(|B;ZcgJ;a_xyR0x?`Eh
z%r9g(xGh94zf96u9_92P#PKA`MUaM4ocp;bON!y8@I{fPu_w}`E4J@-cE0J{-M)KI
zY=7U~{l0sDm)h#sjrBsA2U#>LqBK#BACAOjI&Xv`j!q?76PYwUh+-l|m<IEyObVZ>
zw8bozelA5ilZlwm#4J6RSw4|*Ec_%C**sy032OSUd>9Dt#VmiA2Hq^+5$-e%=dpb1
zPo<!LejfcZoo7$@Wm!eFpxXeHOTY+VB}#&H3YZGn7HKAAmL^d;&)ceJ4Xg~Kf~%t}
z4J8-8dM?tLNL9-UA~BW4Bn`!RR7|2oL`5S9KJu9iqBAKN_E8i|&w{PjsiCyjS)5MS
z#YEG5i`Y-beMctF;P$QFMEaQPTeo^eRK#-dWcQo<kJ5P(GM@AO!=vYNmS%+j&MN%(
zI;u3)1E{_TCVrO7qVLR$k^3DrtUn|`Yu`DG<T<tCfP9hyL+?B1QCLj+p*)KM>GDGx
zSd5CukKH`*W7*%anwb>E%$5J1M`wNKAMP)E?mo~B5Qnj}+B`hy%Wy2Y9zhUC$*GuR
za@2RIfxO%41Yz<j_kuW`hojifq=&ia_^<qnP8<#M&e0_(?Bb_rJc;ptA+ye|x9xqm
z+sTW|SmvF4vY(>TG)lZ6&mBxk+;`NsiIg<H6^M9WU_6u~e;ya_9hw4U2voSkG%fNX
z^JhTHu6M5k40OtOZwJM#TQom+Tvz;b{N(X{kx!y2bMA9cd76aYt6Ur&d?)hxjHwUY
zp$f`aYSsapPr*^X`1f39k<0}VxN7ty8i}|-1LFIa^zK$q2^*1TK}8B_o_kaO0u;eS
z!1GW1aUZ~(VTj*)+nw?m067E5Fcw;G*CsKp8d7J+yXW2Qm={Dvi_P}#oX8}MMlbbf
zn6{`tAv_3B5a*;KPI1K_ND8E9G8@I|xqI0alPC-!7Vkt;!kwQK50;BvbOi~Br9#(S
zbe2i0ZNTYHB=JL6>~7C4RCB7Nm-uHxKXdWNs$oj+Y;XV9ip~KebzW;{lx9<RoTU)v
zS0%VJKMbQ}>_R|x#m-&RH4WH&iscAkt^SrNn5&N(<~$0e0on|J<e<!~zJX02EhlLr
zOF*e(nuz84P+L%ffLs-!e+`5T{5^(!`QtDxigel)_ICy4-xPH>3HvM`yW-n#zMEaN
zEErcpVn!6CaqQ2aBrAMcU_no-VHudf3gs+UgQl+v9{RPizj?gS!xHA+sF7}x77Go9
zQ9g@(P|Gk*gVPG!4FF*(>O)=$5CQf24yYTjJW2k+ZK%qQ)|I_s8eS@^r58qLB8dGw
z?>nU0{0QcgJBsH~sI-^$Jp*@|FVs2xcZ(Vr^d>uN6)$?-f#9KHrAeY5sXjrtp$nK^
zRtXS=8;{*xDB{?ihVDK7kx$+G{No~bckTjmYTNv0SGOpCp;WyaB^87g4xv(1P?st6
zx`VgTnC*+DHdeI)swCE2Q5L0#bMQ|hipv=qRu53ZYC?4HMLHgnnE;c<ha{l~nk>Z}
z=Cz-V$$YU1oFqh9td5crHTld>Om}(arb&G1434=EP!2x6LA?ls<DxUxFMnQ@UPqy0
z6$CvS?z1Q-JIcMt&3p|r7}3rkh@;>XN;a93Jx-?fx-l)#XNew*@bqLDgc7wW>12`A
z0>(kyTAbP>SSbon1WJGdqGUEN%rx+K;zbafBcc%Yne?*&b~Fk(no`s&2g?XQkdrh9
zef6D3Q4BN3^E^j%RMQ|Z#d$S`P{Zp%?p1_lP={ec7376dWp@9M@wS8*BC4wEGK#BO
zZdAxAsKM8^>lZ)D!rcp@2%dv~e#vF_7)EoF!_Zy#1?E45MjROoy<LBY$ys_TU0Mqq
z$zYyE#pT`{ix+3G?#sLN2dg`9vD7%Y2xPpMg!}o~Loll|So5Lk%}`qPx7V3tMO!`V
z$>M1wgR?{GvE*wu8ta8u(DKr&<rfyEgR)7)es4tVcSgj1TNANNxm1lvblp6bvP{XX
z-%1@*Qj*p2%pc22STbv1eRp>t*0m1m#%IMuw|cX|b6LQWK7%bi2a$n}naZ$Cr6n~;
zFBf1g;S(i-nBgX%)u<l?STABRJId0jcoGF!nx~^efOy0i%yU{V|A<AyMC?5~^m?6{
z)!{LHTSMGpG*1Fr>;r2_A_MdQDO9zu+GNm5uzjrm3G`f?Pf~&9oq%SJ#)%9Up;p83
z<1`ubDx1KJGBxfHE7~Yl!!|hZl=q{A32T0IG=dCZln{5oP-RSEMLCNjKM5pOgEBZ}
zxWTS-fKyDc<hKx*0@R65Se(tWbe2VMy)5HhkAfFI76zB7aDk9P8q1tu%Je3?1EH3?
zL<YOBDXB!Drl%UcB{GJYi+^3C;@3Ar9b0m|q3V$-)qrDyRvcO)4zqba>53T^Tx)6L
z#63EVW=sP6iaJ0jFU84LTs+u^cO^}p`59afkmvc<xOngqbeF-3GoxSiSEEypb8*my
zYQa%JT-CZpo~i{eiVsz4Mxq}0Ul;rm%|M6hX_#hEIprfL94odQ&qf)i?42oFHC~$X
zMOMOtSG{5~ApaHIGLzSj(H=Ky89+_1@wfzF3IkvdWSpx;b;r81hn4qk#peyJJ|{m8
z#{R<_Rdoi>fH$~Mq&OrE{)UybZ$$j+$8(LBatLU`LLW7#ePF6YuTb`VRo*U6*bWE1
zBpqghRYch9@F%p&E>s)g>wlxk4M<b%l^`(?dm@KtCYXQ)HLbIJX+!v7`44woTjbyp
z$RCJVEksG4t`MVenD}u9G+YXq6NyG}riNPR)n(n#=Pt7}kdUpAc~A-5A>?7{u~dE%
z62qW!F@={Zf)iB0uSar~UcsbiX}JI!`kML)6j><b1-LgsjZ4Tp!e(vs8}K#q<DBMw
zb2Vr1Hf0~JXcyho>8VCP_)0RtfUl$s4aMkP7SlX7Lm(_-nA-CVvYBc?aUWxXl@Uw}
zA#z9)TKTv3E2qO(N`;aFf}<T%k%$>Mi>QI;U>d@Gt+b1QW7S`ny#qK_2T$P_@dW(k
z)DkV-xv{dFbgf=T7pShxv~tvS*;`=*+(zQ|=Xn9ve+y)!TtQ)A6E>>R3ptI7+|sb<
zUJv)#(f&M#r{-tI<84?<^DF@=i-2DXHE=ctqz{&41B%@Dwzem8Nf{n&2Vm16p2KU;
z_#a_Cl%5kmks%<n0xr$2AcLPIdt3Yhv!?p>EJNjJ=Ev2m!>}!Wx*TRvNJZPsTzZ{A
zL#pE(&I}95OKQ2U)S;hOQG$85RGV#3jATPSs*l;#jI8Ye-dAW0#M2ap(Ch6Iu5S;+
zc7@c;i+xBowj{BtkX<2YZ_3@i=kDC+fjygNvox2T{RuWk@cmG2LsSMRb}3|>&dB~E
zb}>%r$`&PC*Rtx&Jj2VW>_Xt*Mz?w}_*?u-_}qYT;)#O`pLU!!F-5&+G+o2@J5IE=
z-k6QmTD=E52R8NK;2(QWo;^MgJLEv)H*ag>X^YKnn-IgBkW!5u+b?FpLYDuk86Z9c
zn=ab<#;m8kOQRXVdMh;JoOK+@2yNnuJOF<ZOIcIOeu~Ah-~Gd57ppA`Heug0LP%yo
zdSYu5P6+JJDy(Q6tw0b2O`gxOA_VqGx3DxVO>$C2s|*W`yhYNtpKJKtP`)=Ssd^sA
zF8lo(<UmOwV&TN<H_Z02M<naPJb}19#<pv}+*tNZkps2GR4cUopdr{1+;6}ilBXHg
zCuxMO%<Mq}{yyHmrR6tyCYJTO)?$yb9l42J2?Lu20GA>^heZthuJrRXc=){c*(mou
z;mC<#g5_yECvli3vN%t(Q*VqppAWq#?X27W?X2}dHL#*#-)ZBwAvTsz8-w@S-RoRG
zgn{b6)sCR*JMe6Cu=Qa7B!Ni|nstt^KgU6{u65FYwu45MBeNsdemSLL*zTySBbl5<
zkh_aM19I~mLzu1YF<?7TzycvhDqA@4XJisfik$S?LdQcyVT52a=6eoM7)5wdu1IoE
z9733oZG*Oqn*>JbnV(UF1WDgfG@g?)2^7gz3sx>9cd&X;;Sav$^&w4b4Gk-tIjk*&
zqgY-SHoM?X6hoN=lc}Gb+BV%LQNmK)CKLNNTcaPk*JSP7y2moXcJLlK@P5f+LEe%h
zXwYO#J`&+ROsCkuB9n6Q(+R%8B->Yl9gY_D{4jztWak{cdYY=xnSJtl(To3uLO2}J
zFH{^w*%Uw5dT4InelKtzJSO99VLSxVvn-_;nsuK)*6|*yMaAKdJ2c3TeiU~<iBar+
z0;6~?A!4CURAiXNP$w_h!}<|Z8~KtygyDU5Qro(ge}8sTvxyHU;vaTW*OmSa`lrdx
z{N?#$6WWTnPZ%F+m99O@rI|?UMEHFnThi>0xO<C?z5IW+w|BvTTzB-s2XDE3Yx@F~
zA$7y(4%vc3Fak_C?fG51EcnFdKpB2Fi2oxB&&KLU`Ew6kWmz^4c4>#?;C_o2Y2+T^
zWzZ_@ryLLOs~C22&<|<fW;(>?m)cq3RaVV#EjbAOs5jW`sBQ1P&A!LmlwE-2jk(4i
z*ne!^;C-iMfrxq8(0sf@v-kM!pEi4XJ@P5dTeal4!CAvejMCjeCkM<{3brrJwj<U+
zycGuB@Bwkh<{iY>D3%h{@GaliKJy!)`tB!->fH|w)w`c4s_RRz8^n60xwS|Mu(M>Z
zcA?T!BV+KF)v(s$dqE&)5INA+ewO){WOmgni)20>Vi)QIl0kn|LoY9sKe$<v7pw_X
zG@@l~{iWu~cKhAn4Am6{Az$w%oJZK6r67?qxQHSrs$Ig`zAL%-v1>~Q13x65c_+Qi
z6H<B0Kd3puAs9Ust3r6qObCC3-A)8$VdIImYCa%o_D(ZX+qC$g=7ocY%S9u$;Bstd
z@v=VC5tKrm7XD<oMC}*7r%5=E7POuU<oxJY&3bF?Jz*^veZ*J;=$}I|p<CB&tU`v@
z!ve|WZbd)9r)kGHeITKj*xBEsKmr^UM_lpA%iH8<)`kWG!c<(QWsTR%>qt$?r=Uct
z3UNXc5U^-3H-6K4pu-ZX{#p@~t~&mrvs1uXU&ehb#944ar7M1<^XTNYM0_3DfhqzM
z;UoKeI3pK(1>z2HKoOP%;sz3WEwg}<KO7;0g2c%KWC6M7ZG(0>3Y-eUF{%SvJ>5-J
zjRJ0IS<I2hGD93Ma+qiztA<*~DZ{6V04T()@M)ir6)dmyxO*{E!JxV60wE1>>IQar
z3IL>VH$GlOfh`y&5@x_SqLJq0de`BFrj1AF3rB^Jc|)D3LMS1hFlw_q7KhBMkSPjO
zJ>#_}qG7x=8-qjDDXh-$(oF(4_d7rfl6_!!Qe`=D#dA5vfh<5khmmMT{$57DAds(W
z|NQ*i3nD|=+&muLDo&=({Ga1gt+Pn$gs51Is;P2~;1DX#!nqum>g7b&95hJjCY)Nd
z4WAuHQT;{xh@FG`C}w-bh4XmFSrZuhtcut&6Kn;C5osRW*IsQpGzZ7Fadm5lM(Ivn
zA8rLHXe$I(7YhNun}c3&5Rs+36k*6KgJ&zGL1B<m(Ow?rZ!m1J)}6cw5AYgp2z<Ul
zJS_WdL}SO>@pc<+(YT8rJB>F+(D{V6N0gg|(6rWN#vO1#ANTMEv~zDG&c5VHQkp+U
z@a~P_@b<GKj*+Va@H?XLDaVS76U*RKAICi$8$u)rIs*$oO^<Ob=P;p&N>(ImkiGBE
zV7}-LL`9CqC_$_-4zzOAB%d%O7M9#MZ#PcKLFtSAqhAFlhT0J1xNPTb5cQwqs|jTS
z2cOD7^PIxDttjg+eopw5;;(S^!dR)4u8yvT(C_T)2<#&hf&ElPV6Tn4wxX+%My4@%
zAAS6%LaNss?*DTls@F8W7*I{cCX}r0|G;&KKJl^TUYtuDpM*c3(-AN~u@tM=iyzHq
zeSC=obf{|f{V9imps;$Jpfm^SRG7XFy<P`edA1yu@YsOEhw2gTtz!$q*8o+T<m6hV
zBhcbhUUK*~g%VKMzXp`;R5iE~&hijE@_nH9kddM7=Mpg3*Vwnl8G<=dr_s2p6Yz`z
zQU|JC+5yQz6~T>&A36oa_B*3kkI4ut91<ms!mBZOefb~>+*~-s5s}HSgl2iV9!hl{
zkd!p*w1t5{&6o@W8-(ENk6C;ak>2Y_>BMEMkV1NCMQXAJLs+&UPKxwi@g2%+O--^R
zeqmxqK<nB_Zmr!|Vy^k8W=GZ^Y{QBt;h8zzY|hT;Loc7t+HVey{DjWhmlXY;Je{lj
zoa9+Tn#l=SSG<B^;m+|veAo^9CY16^MSPVKi-g>&@UBlNz_BJmZg@iM;KsWC(hFIo
z5!TESYamP~xq&L>Z(K!XSQhz`KB4*2BK?ME%4VHX+iRX7J#Wp0wmSIeR>f(50Zyt^
z>J3iL@<x4W<MCF#a-*}zv&=!0<iH#eE^WSQ!b*PB@()~O8Hq6QC=;+T@vNp{wS6ej
ztDAR|KW{5xmjohojrEDS{0MiIRALY8CV@AIo-4jIS#}gHBg+PTF8O8Ej#Dis$cmk&
zI^oxm^;g?hI<OL>5n>yMoVA#BctZy`kTQmqRp1ygR;J|oLY80<Ak>32dn`C*j8bLf
z9m<iC_k&X^igqodU?{Ps#D3pANt7r;MV%lTbx252q7US?Lz-XMcd^n_G3ATa`%avM
zq9g%Sr)9BOkkbB(>Wv^Jz4wqD3r{$$5$6y&My~wRh?4DCi=B5`t+I3KQ_2dmMz)A*
zVJjRmFJ2Vs3rSYFcM<0o@U_+~Q{fQmk5p=Qa?;YewyMbH1-WQ%KUs9SG|aaKC=XQ8
zs5)tw<L-^J@kZtF(d3Eh+96b`#MLgAHLl<qY5c+LB3~*wLr}t1ezO==8BCO~fU+g&
zypqI;mh>|g1#Meu<AAY52}oXRUA!J^Yn%@Jx`x<IJonk{t#DSky)B1#wQ2nhX+_ph
zrRDejGqZ}U>Fq{6;D!Jf{;~wuTBvqS0bNevjnfoqtNmGoyDMrJR=lFy4=!=Bz|Ib$
z0@M><#ej<ignePb$}12y+=j94;)hp@_dZZ(i#K0jFV9?-@JIT_RIRy*gIld##qpo%
z{_m8h^ch_|0|gVuCDu11g7Wr!*);ivS{^4}Y#Mu_sWSYdgySux{cU-;-9a{6lnnnC
za;PY=i9{-gp~;UQjhaZ8&-;wt#Lp-8g#m(g5RuRZ`k+?E%PGvHxzl<;blB-2@v1;3
zIb+g%0bfXViY{3k;2&y5U&V2p9!=77GzfUVaKzVW-L!H<nQf_`7>3yhnII9rYBd5t
zYi)S3OvVMlYr3)ic95P8X+=b&%yV54d!Pt>$*o4IO1)JKEtD!Jd$Td}^P-{PL%~jm
zVJEGm>%6ulY-H?HYWb$avAMrd%I@EC)C>@8<d{+Kg*urhS)c~aCiQ{+!PA!2Lv@b<
zZi}F`G0!7V8I_ZHjf)3}SQ?zR8rI`n_-(oYh;|=^-)MQ9;HpkM7TWkHQPR3J>u5k{
zVsAExw16Dyk-J=^KJ=!kZ?OkpQv8J4l<9}78v<dvz$Hd`%R{)ytmzO%0#&*XLQhLm
zxji`q!L3_pl;`KC=Le5EMcO%h2-Axw=+-T?$VbIz;K3tY3MHFY*NA06Jj0hjHFbvs
zW*NEz;W;hcA3P6XdR`{>YHqj1w*I6&9wSQc$-rH!4@+Xm(`n%HlLlRRg_QM;ml$MK
z@pU!ExUE2Lt^g!z4yUnV^1o2|>M4ah=3rQ0_VeNqr>ieNa{f<@|BAB5?_*0X?23ku
z7y4GEu7a^magMV1Ir)1$M;0?WI8Q^hC$#op%PH(9&Sw>=2`Nan*j4E_*!oTdvjVH-
zMR~K)9pMtGywMU{TS9u+_CxBXL0{m!hxMY@7vFD-)^fXOdb!y%KW?fNMjmY|B86kN
zj~mLG(gU#ci{^e2!j&yCY=rj3($}>&i^#I^^G2*_Cet8hh<RA-RuLcnTd7fki?2*7
z?_6?80J(5<gQ&Fn5iaI;is(zMlXFN%4xS|Oo8x9PoF1ShDa4riOs-g3>e5|9+`7@&
z^w9ZAUz_%oSlOXC+eYBfx9ITh_Rf8Gd)M9FE^8>1eT8t(*(GP=<3i%7z)c`YD)td-
zl|*G}gf7x+FW}dI8zT!<Om<FLfJ{wX-WB`9+{3+Zm$(mR>_tVVEMWS3tb!%&fXpX{
z$0qL5TPpt$xI&s$Q+-`OD-p2V`w`=~Y7UVff2*QDx_X#ul-12ywOK^*5*iIvhyUIw
z%>%!6<$I%~E(ZGL=V3c&U705lHvRUnb*06d4^xA$yl8e_T#2umCoj%_d--)seD&hG
zGj5wosDdVRmElS7^7r2z=el)mz6+@uB^e()Fy;Eg-+$lT-mY3{T~UFsPvW>O`^XZ=
z7s%xg0$8%yaWs`!<~4&>JLp3onP<~UlSYZG`0-^kZ12&@N>U(2N=c2Cwc=4W=_VNb
z8Y8^Erp`v~vFdKp_mvuGNBA{twO{oo2GXGKd&C$?*t`lQ-7iF7BPH5nHb1&MZ6h)7
zY`57L^xyKb>#*>1+P3t>cg0q;#O@}D@YT=9$jsVpApfLJY0rGhms_d3J<P=(xa5N`
ziMismx7Xlxy8nfiBMsfsQ;4u`i4#n{Mt9f@Jk>Y#)%Jk|O4oT=FK>#k2SuF2bafWt
zd72`mn4{rskgnULS`Ol_<1G$|zbK`{XrO{hKUKgF+hOY}?1x)hVM&IGJg4AgMA0>!
zljhaQzq~KM`uc|#FJ4}^UOH`O?6lertOd3vcp|+5Q`c;@NBzLl)AWP$FQ@A`n0l+V
z(br+yiBMJJYmAC{0cyFv2649|FHL|!GrMhBX*ET*Lqk9wX_(dn^u}Y~+G>K7yb&x3
z)K~9XAYuN=2;dU0>=OJMdPuPYeIkKv_o#tXtth-H>K?b5dqCeUu+S?H;q6VB*Y)mz
zQx6VENb<ab3B~2|TW!A)R`2xt!>z5MHo6DEXUPITG(&_dr{}=4)HT|UAws9$2Llls
zmLy2z-=a#&I;<*<fD9k1|B=4RqdD??Tzycqe$YRft?t5in02$(*4D_QA5EZ^X1d}s
zgO*_>XCU5Sa*X;+c*`*8$#O_uy5S{ukE1|wAuYT}RbrUH#5N(sEJ5IqYSMH?u%5)Q
z<(ESx{wiTOiC(r~XqKyj6+J+LLC_qh%}MKlgl#FPsghH5OK;K0b*t6g#teiS(ygs`
zY_Qd}CtJ_@o8Sx*Cx9^w`N{Ne$;GWLW-o^<8>gBl2y|_l6H9@uJ$MDjV{k&nh(za;
c>+9yL{~@;qjIql6!N!O>%!Qn&d~5Ch13kx;D*ylh

literal 40340
zcmeI5`*RdWlE?d3F5>=&LEg2*nvnqEwap4x48lts#vI7L+rTUVdLa;!P9v}tEdTo6
zeLt0xsz-Ov^dND<cw$28neKXI<vX*gtN!<2OV!!xR`o-5vs$VCUfr*jt6ufII;dV%
z+tsz|->ZMCDACu)zCW#A>*=n3Z&vHoj{f$mr@FIVtqsff)WT9Vs1EgXx7yRUE&W+r
zJma&XKDgVfR#j$AwR_bsYKJ@Zc6-$`wbs+~Ug&#Qu+8iHu6nql>xJrawV?l(^#4-0
zUe?`<`gWyS9R9x;;5XP7)K439O97gJ;My02d+Kj1^pnGXr`k{thkEk5npKUSAlj;4
zhH-$Mo@%exMgsKDLzy*|SykOv`n99GV9@$Guey6`Z9QNEynsVW^;CW@Jlz$p!22My
zwyo0OW+%Y0uTnclV|9F|SLm4j=KD4M%~wCG{eidv*yh9ci@M(zl+fsPfa;!l0_tAn
z-+mA-{;m?Q1=06O$)<kFe$z6B)A1PU2~+UNmc|M9yb`3~3myb}yMm(^@B@E<)z>P|
zleD)S$8hhKT8I>~mYqKI2aV!$s0=lB11C7tDW-Y>Pdov8@Haic_t28>vtb-?%0O+c
zYcyNc8(pCVlmPo1y2t3?_x$6dSrXSHL2W$C^YK!PguA@E{KM7o)n;|Ino$os`fp{<
zNW$Udr|Q}7a1Sm%2=HDLFDzDnuD+~p2MWNQk;@0tH+QOs)dRJ$r|0{s)f;kNlT<K<
zv~9+IMxUi2j?oOOg6L_G3U~pC(Nr56*VhT$d7T~AfX0-5BiPqPC5LAwv<VNvS^TFI
zR9w^d=lTWKskN$WKY0SLL1l2Ur5?8R6zcGezAm=H1Lh9|L0{$mNASZB^!ner^J8^G
z|8ELgaJ=F2S!l5t(mT@SSJlp1&_j`OXM!9U_Rv~8(p%_!_;4fi=1>fzKNs{_RU13i
z3yoo3-?sxj*HjknpcZ$53O;+GzhCu@mY=D{f~btHMaTVG{Y`f_)fZ2>g4unQSyUSr
z^!K&Cp`8y@2V7AfEyt*>r&j@DdK~D($hp5A;7;qoo$!I-rYmRs*6?vlW84sC(ai_K
z-)|o~2SYt+oY5B#?do$NS|5ngPsRDhEpQB0-}qpmq1=bX2J#cNka<Ww@%M`K-d$<E
zUf|m;Q6$>t2cj059-Xo#_>rid^x(4ip7Pjt*FJ7p(iY+Kb+u^P$ZV2XeePkw(1Yj=
zqzY|DnW))K<_*?IdX5hR-xv(N>YM6uqRr8isZ9aGec>B@RBDJ_JwrRZ3Q}(RB5H-G
z3#f-@`K3x@3EvE<`IYKk(D(Xt!xGvH8<4^i?aqgQ6s=OyYC)PCuA2{@W?8~z52}ua
z7mxap+J|;f;c<;dQIo|{V*TgUcGRX|u&zye)!QS^Og)BOVH>_cZ{tDs)e_z_t*q$-
zJUu}M&pH=k{ST_YbZqa}(4PAmUD|q=wY(?j@P3-%H~jVm@A`1u2cbVa{5{#09Ll`q
zd5z<##{W$J_ce0+)z(wl1Chjq>W@Vaj@vf8Ivz&DwIN#U3**F7`}%G^elrHJ`cMj+
zy{Q`JgF?fL;>bD<9Ky05T4Y1DC$EWCF}vMfx5Pa0AKX>qzNCr!lkjL8WsG<6edwR~
zk_faJ!#;Yh$W0e0ERM5C(`k^l<KIh+MoL`H=-}nkYgrcyhu4P(#i-g_$T9m@m5*9~
zPQT!b)DNY#ujGS&9bh`AUp}TY`W`>su~X6vzmND6yF3syZ9RBj`PhN)LP0$*=~uHT
zb*XQrz1PYy<#)S}6Mt&lSi10{_k0rYTnYS+wQi=O_l17IazPc-@I(p3^e<a*eO&0U
z@8h7F1Y0LHk~l8&9XzTqn`+)0Ph9i3tz8P<<eIQ&cN`vaL-;JjnqU{72X6=|um}eU
zM1S>zl_h>#3%)?~6q{Q>^J9_0QeMmZ_A9=QwSh<UT$+FKNZZCtO}=?+!05gBHGS^)
zPHrr;=%Z=EDRJ|5uyl(7=ja-;QEU2tIk_{?y?*eyO&|5;4GeS#tLSmBLtkFo`fs)u
z<60XvqSOPycBTFZ_A$nB7S%FZ%S>2VEN{%9bb+KRG^SngE#Td*EnDl)#II((@E(yc
zGFeDP`oyB}RA%z=WBoSuVZ@ZRT+vg}Fn!{(mRg*$H2xhKWXsmHX?*uZO8Yg**lql1
zTD;_ve~Fd)K`(3zC$zhgj1jr=nz@dl)lnZ}vgRJiL!pO=nZW{me%$>4UCJfhG0~0%
z@^Q$nWyVYsl+yN0*s**$I6{|$JF;LFTff#f_%7z&C&wc-MrqcP#%+2imy?oT;kwcT
zYt~%jINr5-?isd0)fBb3?2u)!&yw)EBW^`Ql=2Z<Fs>!L!$^>4tR}LKM+qmB*^Mnx
zBGof#DV~|<Lr#{=`}R<)(cW#fLcRknHy=KfUl0$((cAb->NVNMl7jqR(pd2vbN|3-
zSaPA?h5Ly2(+IE)3wMWQn{aJjSX0l~Orm@Ex~aFmS_LbwhB|{RQkoC`OgX9@`8~T~
zhO2*+*?*`y%wiE0LXjK#4$qTyy*6<jaQ<|tvw(6EZLkpV-mOMTTc6up5H}b-`VA5l
zGiXgT_j_r(qxhvuxo%}lzm(i&8o@oMZvr<W2ktqMYxFYaIenGfse4XQn!P`l&&j!>
zgf+G9PXbiAAKk>~4n@xC*hK7pvoGUg;ELCLN!&%&b26?*zKIs7ooWngbx(KG7A-$Z
z)-;zAvI{OJ%<tKJ<@e%v=A6l-GN*{fwD~jUGJ$g|Jlz?}G8yst01y2(L$e}SiOEx_
zx=1fn!pp`R0}ebo@`jeF@^QgKWD3dI(a(+`^7+frW5yOyf>}{KmN=`5Z)5YI%zIi1
zD2u&DhnenX<ctc~m{YTSrorWy-BP=op?$L4Z$cYB7i|2$qY>d#qrakGZLL^V9T@R#
ztu3D9bGYcq$?3-IAh~|58t~Ju;}X4xXM**D+wfGb9rfB9&YH3w0({c~`H_9;<#ul9
zqDx$dHC^2Y=%!uE7Lc|@jiHy#1G*&fWR$KfTl3%Lm~#1U*APVK*k|*g`Q8uyK^l9#
zA4Czdrru|>9?AHTU6>t?erYI0rFMk+tX+5>@`7a8-p8&o1GEzO#j^P~)VJjde^mQm
z<8%Ed%l}aSvE@k4=lbIwwOJ7YpYi0Lu1MmzT91bH?y2rUn7`doZDjjE^Bq0Se^|Tr
z{Fd5gZU=2pmZC(uuH>fhK|3#x+W9ZtL4sL9;%(myZ6V=g*X^#4lV`8=p||@%esb;N
zV}BfY6aKuTl9Tv9r-$=p%|5a!!T8)q+(cQ&)O}$Hi(~6dCan!`OlgeQ^8Y7Sa3kIi
zwr*X#`JFOdPR%Jj@Z(RL9+#%{2$th?>`q-i7N_+1Xz1}ESZ}kyc(Liaz-F)Fk*F7K
za_Kvmr7yjPs0XLM#Yy>d59M>QCVEOiJmbg1=$rWWxG_VXE6$^tQO_*au-?;JmgTUx
ztI5MH<FB$Vt2HfyUdANpllYzWtrj~FzZ2J|&xm*SgRcUv%BSY_<H?Xgu;*nKA5XoW
z3o@u#bzIKi=HmeyK-Yw)w2f;=(GBq>tsalA9ut;VgSf<OIc8=)$z0^~8RTWa#0~j>
z<O&9X3nQ%M$oXykT~i##nzr)IhJ38;^^XTHI>S~p8xLIX40o4)!N~ofn}~aeQ$6ox
zvkxaZM*0GiF=x=Lei9|{$JfV>${=auMTfIoS)Wn`YI+8tjibBpJ1h5>gsI(OmT7dB
z0LWrlgVWdkm;8O)-$0L+$TPg9B#f4i9KsZT{@r?EUe>atKgzD%Rj>IQ9b_Cmq99x6
zxf3#w)I>ThpOoh)nZ@D>c@y_>(1M4<tSuvKqn=6ZaWR0#iyV0}y}|qN{kF#Dynb>m
zkE5AAZ<C#FS{`U~u5Ze2(bK2R?Q7z5&*|CBq-FJT?w>rnJ(Y`3MK01z;-@PQ4;9a(
zGfwDiyea&LW#y>TeCV9+Eb6|^*ez?t**X3489c8QXZO0w0&fyB%Y>JUZpF^n3>5E-
z?dUi2J=jBJ_Sw+C!9MtWRD`)bn_Hhpv-!ghZ;3vf#rSY7pN=hRqu%dR{+L^iGZU;`
zi8C8>l1$!@HCeo?Ir)!I7E=w{<Reby&)&LC*X!Zc<7J+X{M9qZ7Xu`prY~r3+}GD!
zoR?e?L&rHLvx;O7Sa*Wm!9o(rvkrs#Cy#eL>X`C&J8$3a96^~BoOHxf=kiNaE*CG4
z<MK;WF7KF^L4$vMT)sHv@(x^1gk!m@sV<N2cr|4oKRzxe%WhGkt@uvoR)1eHMDEqB
zil^~b+Hhl<pEo{ozsG*Z=sJ(>Z>T+1Y7)KEg2n2r$0Qfbj#ZXT8`U$pH+H-s!e>XP
zso&J@H=RyQ&}G(pDqCG-YhCYU#+ZW48Sy<kq%`Nwrt;Mk8GmXyueeg@rnn)l|NV4j
zYE<0ql90cFL7vz4`6Cm-dk+?i+bRvbHG7x9a>NmbmQzN)ux+DebC}QD533EZXj41H
z`+^^<&le@8X>Hq7ZsMCub-7{1RQaYsYKbP15j;NL)IxHQ$Y1rx`;b1DGxg;@UKzS4
zjoAEF$y9zu$q(<G!R5RyU(S3oUxV$ichkrX$M`2*`^Bml-hi?lWv900W41NvyH&q6
z$w2!9bC((J@iR^*vnuPudG8;t<#9N)=O;Z&VbOrU!S`F^y;W()ad>l%n(|(|pD+%G
zqj}Gsj#@2iC49AeeMKhEeU-hh9Id}??<Mjl<vQ5-E;KW6wlbN#A${0e((m&wwD-bW
z#Bnt%c}(AV#dk}Id3{^o6z}J&{#X(GB3OCLYZ8<4ey#6#Pn2o7&OK>Z)=zna*%ZB+
z7wo$fIJA>qZD$oE#r6ile`A$5YpiVdd56j)<Oo}RJVe9LV3K!wZ5-A+6vKNd`Nc<-
za!t+?$b2)mz+I6;eh6{IhvgA=8)dg~+n*<LgU|lFFPAiN0r3%UosZtP0t^^lozAvT
zeB4=v84h+&;Ei?O3j@0=!6$|O>8=&{q6aFuFFKFP&X4K=4>p$tT21|2-yI_6FwF-x
z2<bPMExhA&&m3Y%-?O3%hk>D}k=l3*T*Teh(%lC}?S0_;5jYo5dUeij?>+9$f_~aO
z+5utGp33qjH>3K6PIfW@qvZ4o@@QzTlhVHJREaV_3PQJ1z}FXCaJ5Nd8ZEgFukWE^
zeB8D-NNQPV{X31{_Jc-?vX<1&SaI3C8Dcrx7sbw`z#sEn6X5F`!XGol?6nqi9{qsX
zo#8nJ%tEq%m!E?0Fjx{K#NJ=B6I0kx`+{0TBU?6wb+DdAu@$j*)drbKdq-?O+ckvo
zICN=$oS1^VInJVGpp<DN`eQHlc6^(y^SZVYmpyveSq$kW_hbF=+hgL@A+~aO(6#&0
zAMEmDS=N#+mXlytaK;<4;2MlR$o4YJXflKb0i#@fFC3#NC&BPu9S}NQ2P$PN{jp@D
zFnW79whh5-x#zqFyELL<*%yTOL0C2B8B^Pzx!fh5H_v#p3ChA#jw38NSpaakDeac`
z!x<3pCcAd8>OUh`2)nSeV>~bz1>ubnn-BDCQ@ycn&G6v#acTKh_sgAhz-03Xe$mRe
zUj!)}U25_OzddCi#(LYMwRf&VN-a0;x9eZ?O2(CLdmep|Wo0zs7CS2k4m_T&96fgP
zirO{gX<M#TKbLkl?wZKXlxRhGdQ+NwS!cK0P^R&|)+;XygSMVDFGFjmy$4YJOb4VB
zeQZ0D^~DMC-8a`jc6twbh|@<*o@X@5wmpO5Udh&KUMF8KJtKU5saY6WYg-rJ({t8=
z&jijizpV7h@vEKJqlDZK`oOfoE71&@@48o;>r&v$SEc)V8@4tbc<}ygXPt5_NxnkG
zH1??32XqPg)p*O+_ki_LQk9N8=ed$EZ3SpvX3CewefTAD-GZ%m2J6S=H{R@t-oNpO
z_Y-Zq*<S1y)PYmGuD))MGow7@6fe2LR!rt)rd(lM(PdpwPZ17h#_+eO@AycwdRN8n
zT-5gu!AJ0i>zs7Wjq_Blc~%7zewlk?=$UlgARHIR0LR+9X>k-MrGqX9Y#f){{*cHN
z{-0+H7{^upA<dKIea7$QcG|Xcavpkkw4Y9|8ilWa3SW4EejX6#&kck<v&neLtUH-$
z#W?nz@+L9&WDQs3$&)dJ3T}O4l!I>J@1|O0RVC396pZmpsxR$X%(TGYw$cS#?t6ZE
zZZ~o+GT|eNZQD9DGK18<sofBN($%eZoyT2=PI?_>ughnXx6PT9W$wq~x4v-cr}vO!
zSPJ9B$D=&4;7iE|r<rnANIZpcUUAH>?y_@%?H)qxyDduE37E)Ky-s;&SvBI>W$i6-
z9?Yy-L<`s%fWTxKGotSO;a-@#g4nYK)Uf^a<B6QS?aF?@V3b{@;VRGHTc)+$I>rd-
zZs>*GRgW9{I3=S83PgVQeXpJ^Ek_sqK5yCbsde5M$bSZtF9QyZC*t1Uv(;xh8+a%1
zhwZ8IlW@v9Wm{Rs2|i_%PrQv@crCth|9(O81osj7lhxRkbiqY2Z!}Qeh-|_yfyOUI
zwMowpg=@%0#Pc6!t0%exm%<;vm2o)7az!qW7tKfdr!y9QchYOApK^)HvlsrXsZRag
z_&W}3_frY|G}3u#0#1>%^F^>MWN#vGdO5?lom%?h=p4mE(ZT#5{*!Y`pT$!q?c6`k
zQf4gaK1;5Bx<h`v6IUlaLlel!v6Uxn*2l)`A0&+2SJN50r#<rbIcqlVht+=Ctkd@Q
zG5&8wVcU25zIejU8Ygql-ddczPUd_^*OSGHOUW5|q;oZo;+*=!-y;iksOMy*@mzeC
zU@pA>A5TWJR%TQS3*cu9HJ>p++eA#{l4<8JiML>0B)La=C;!5%=|KMLT2jt+6M6eN
z;Rp{ZdbPC9n`F-m7`>KXy)PiKSf#xsJSg+pfcav8+S}pG=I;b8Gxk_ro2OtOe9v5c
zrtj?j!_M*UJ9ursIy6u{dTw}q@B(~cFhZ>v`3d;=U+9niz@fJTG!NC6%_8}T*yRL_
zZs?CIv|Mk6#qin=$$Ws3j4LBNr?%f7_3v;rUx6;}C=T=~p7I`Tjjzon3|e9Je)760
z-kf&u8~2?%=j5lbiVNR&Hp8K{X_$1}J1z5m+NjwDDr9R-*zlQS=o;61J_-B=Y)=HC
z^@{wFxtz(M1<o6xt<>Ly`-rY`czfa=9|`=7Cwi_GxA8<jACF&~<kR>QevA_B<*g;h
zmT8Mw=>cXQ-zej3`BhHLc^a}d^U?s(SLQAh!iO*^e5rAa(n;QL+ts89&H&!>wAA*~
zn+yhv$ov#e_{jB{@lhOS94XXr&TG<(Ha>61^kN(I@jkTY9Bdl}c*16+{g-+rY7zJV
z>0(TlJKqbs#kHq#S=ts@bAF;$I;J*ha=(<TK^yhi-?Rtdvff;0&FHTF-_cHw%<&TY
zr2QJ4l(8NCnAb(WKU6*RK05hr^=_E&v%DX$rX!>rGet<5M_i0Bw?Aj3XORlxX=WbF
z2z*W+DOtq}wR&h(U;jcL14<ybQ5Mb!!o0Wf{?mNmPFnN4%Oi0cn1Bb3PiMn!+vEkB
zdwt(tII9JmVKGjk597_!;zv3|F(P2FhOI;w-VGdT`kBlK8F{~VThIJ_v3gCYXlt#E
zAKt1oV|f+q4>i|9Zevz`SqW-b%nYQ&+7X}7915E!PHg+F%8)OkoWHpr=^G_9|Hf$Z
zJMkCeFY`D^8LKu9)fduP*Li68p7_d7gpKVre>2;DHh6s{wo{zZGui>nUQxf6r5flL
zeSNMEJ<m%@kWOetECv_;In2{FmskoVz6tA3&J9o2ZHBYF+r%9uyy&`ZL5yDT^&0bn
z-QIh}?|`pvYAoh^0>5F`??ru3_TT)w3sezzk@uThi+9al#^3q3@qE_CODAbR$8irk
zS|cIjM;*t5l}LXzN4Sm+KTnR;RAn^HiEQROa?Wqm6nQ*FX5A#4RbTkbc<=ax=6#y>
z^L+wM0}zp*ooo$|&CZxFm)2%}$1<k;r=Nb2TgvkjdERNE`jhJ9+JZaX$4N&1g7}*(
z3MbAn&P%#;QPSDhby5EpgB;d-soz09_N0YkPCK^7SySK%ZOOVVviY{g5`Ee<3cT7_
z9<MHz|Es(t+bNaU7c4SUP>0C#pjU!dfe%e4X<qF@y+i#X_Sw`ObUI#Ay^Z=EY)f3F
z1urzM>iS-u%8H)BVX-u;+UhOV@7xlMaN8i*j{5USN7kJux?+KBvGX|gtq!AQouL)j
z&9l!}G_sVwDRrCjUhR@<tvB^wLbQ;<cviev<}04cZoL(6U=PTqwEGfQ8)`q3*S8v4
zC|hPWW=`#%SBvzJ`+@Ywop?&>oOtnPmFr2u=d`B!XIaoE^5DJ*cJ)vC{Z1t|)n3_?
z^<q%uy*yJpt7_w)`poEq27Onnk48%&^~hjVK5E(CRgH$$&=7dMbyygyx4`+a?rWb{
zFIR;R<^|%c)<At=d(5+25!Vp$!DR=6i7|oStKuBI=<<1U@8Fgg4BV2VT2mW0)UWLZ
z<1r1svahxGOaL;AZgG!vUHyYGqv1P!^O0@n-exws=V5edY;j(rVZ?KR1I{Z?cU2Nm
z;*`+=F|(ma2X=#~1y2O+btrA%*tU${-B8MMELWtr=_mJ4&j#AqE}dAJ|4<FunMr)c
z8P$WjO`faOXP(cc{gxmhrn;h@Y##HxYR2a)q8s?WB0tb(ub?U#ccAgj=)2q8P4!B>
zJ=q!eyvbR4>_us^Smf_nA%X3<CVY@#w3XxUhM9eThA+U}BHnrm6Z70)5ihk_>T~V}
z@2jFj+J=woym~NBKu0qtei&9*x3ynN{QF>q6-MxYoyI&GKa8~(PK1f;EX+r$V+nqC
z%rC2T_=3#cXbQzT_{$zAMQ-pG)99-S^Jq*mlW_P|{Sgna@*7&D+K^bE+~xyaH;1bq
zh|wPf>3CHALv{WjUHL_IUApmSX*smpW0g3sKXxxgccAr%tzB+S2bn~Yr!c9*6GfL@
z4fM~Y>AG6@hyK74Z6o!~ux$tybj^&gW4-45h0j5cSV8h7@DsE!Ew`noc!tJ<rR<_T
zo1(l_+ddOyXdBnKL~4wi$Ojz2+fF6u4(8{ES_$jNxLpR)a_B&yjI|>N#5P{&d2<`F
zv_(-)3+V5)V!U3L)l!zoW=2?2eoJ*XmeMid`kQgU0rZMT3LPv<p0*g_wb2=$VmGi}
zXlSwxMyDK4);cz1eA#@i!+G_rpu@(}GxPS_p+D30MA5)mw*uG0IM7^{l{S6`4kQ&F
zWp`$3ns6rcXBNn<VO<Nl_CF_C17l^o^`16{+=XRBuiUO_;0-;&Hz#*@AP&1O*wQ;d
zd_^Tj)kl(uKhA~TsPA{Eoyv5o(|t50x1gEo+-KgKWk=8uQR8*N!*jtDr2;)`{w3$#
z9;z+Y^%E<kwh+06&ph%p+8Iw=sGLJ`-Z-aTz~tPKrX#{aqKOU9sh>Jk-9Faw@JKZu
z2Mj`y`fNnEF_;f#9?goNn-e#php=gQ9mLbF?Mj=P!vrl)9un*YJa%Cy1JE;-H)Qa1
zAp|;;x4LBKcTS4W%*R2?ME}zyiF<Hm-CqPx(R$5@-z>j_wXDk%+Puw5nYG4BT0Vi5
xWAHS6mlhF7k?`liiekt9Q#yw7hq`as_2w**y}OC#K?W_qLP_H5SAyN{{2%@D#XSH3

diff --git a/source/Public/Get-AdminRoleUserLicense.ps1 b/source/Public/Get-AdminRoleUserLicense.ps1
index f292c1c..6c307ee 100644
--- a/source/Public/Get-AdminRoleUserLicense.ps1
+++ b/source/Public/Get-AdminRoleUserLicense.ps1
@@ -19,8 +19,6 @@
     PSCustomObject
     Returns a custom object for each user with administrative roles that includes the following properties: RoleName, UserName, UserPrincipalName, UserId, HybridUser, and Licenses.
 .NOTES
-    Version:        1.0
-    Author:         Your Name
     Creation Date:  2024-04-15
     Purpose/Change: Initial function development to support Microsoft 365 administrative role auditing.
 .LINK

From a8c7da2b7df31fbc28c86f1583799f7e3439f1c0 Mon Sep 17 00:00:00 2001
From: DrIOS <58635327+DrIOSX@users.noreply.github.com>
Date: Tue, 16 Apr 2024 13:33:19 -0500
Subject: [PATCH 13/15] fix: add project uri and icon to manifest.

---
 .vscode/settings.json                     |  5 ++
 source/M365FoundationsCISReport.psd1      |  4 +-
 tests/Unit/Public/Get-Something.tests.ps1 | 91 -----------------------
 3 files changed, 7 insertions(+), 93 deletions(-)
 create mode 100644 .vscode/settings.json
 delete mode 100644 tests/Unit/Public/Get-Something.tests.ps1

diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 0000000..46b4e6a
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,5 @@
+{
+    "cSpell.words": [
+        "Msol"
+    ]
+}
\ No newline at end of file
diff --git a/source/M365FoundationsCISReport.psd1 b/source/M365FoundationsCISReport.psd1
index 4c7bc06..1a9cfa2 100644
--- a/source/M365FoundationsCISReport.psd1
+++ b/source/M365FoundationsCISReport.psd1
@@ -102,10 +102,10 @@ PrivateData = @{
         LicenseUri = 'https://creativecommons.org/licenses/by-nc-sa/4.0/deed.en'
 
         # A URL to the main website for this project.
-        # ProjectUri = ''
+        ProjectUri = 'https://github.com/CriticalSolutionsNetwork/M365FoundationsCISReport'
 
         # A URL to an icon representing this module.
-        # IconUri = ''
+        IconUri = 'https://csn-source.s3.us-east-2.amazonaws.com/CSN-Icon.png'
 
         # ReleaseNotes of this module
         ReleaseNotes = ''
diff --git a/tests/Unit/Public/Get-Something.tests.ps1 b/tests/Unit/Public/Get-Something.tests.ps1
deleted file mode 100644
index 99c0c35..0000000
--- a/tests/Unit/Public/Get-Something.tests.ps1
+++ /dev/null
@@ -1,91 +0,0 @@
-BeforeAll {
-    $script:dscModuleName = 'M365FoundationsCISReport'
-
-    Import-Module -Name $script:dscModuleName
-}
-
-AfterAll {
-    # Unload the module being tested so that it doesn't impact any other tests.
-    Get-Module -Name $script:dscModuleName -All | Remove-Module -Force
-}
-
-Describe Get-Something {
-    BeforeAll {
-        Mock -CommandName Get-PrivateFunction -MockWith {
-            # This return the value passed to the Get-PrivateFunction parameter $PrivateData.
-            $PrivateData
-        } -ModuleName $dscModuleName
-    }
-
-    Context 'When passing values using named parameters' {
-        It 'Should call the private function once' {
-            { Get-Something -Data 'value' } | Should -Not -Throw
-
-            Should -Invoke -CommandName Get-PrivateFunction -Exactly -Times 1 -Scope It -ModuleName $dscModuleName
-        }
-
-        It 'Should return a single object' {
-            $return = Get-Something -Data 'value'
-
-            ($return | Measure-Object).Count | Should -Be 1
-        }
-
-        It 'Should return the correct string value' {
-            $return = Get-Something -Data 'value'
-
-            $return | Should -Be 'value'
-        }
-    }
-
-    Context 'When passing values over the pipeline' {
-        It 'Should call the private function two times' {
-            { 'value1', 'value2' | Get-Something } | Should -Not -Throw
-
-            Should -Invoke -CommandName Get-PrivateFunction -Exactly -Times 2 -Scope It -ModuleName $dscModuleName
-        }
-
-        It 'Should return an array with two items' {
-            $return = 'value1', 'value2' | Get-Something
-
-            $return.Count | Should -Be 2
-        }
-
-        It 'Should return an array with the correct string values' {
-            $return = 'value1', 'value2' | Get-Something
-
-            $return[0] | Should -Be 'value1'
-            $return[1] | Should -Be 'value2'
-        }
-
-        It 'Should accept values from the pipeline by property name' {
-            $return = 'value1', 'value2' | ForEach-Object {
-                [PSCustomObject]@{
-                    Data = $_
-                    OtherProperty = 'other'
-                }
-            } | Get-Something
-
-            $return[0] | Should -Be 'value1'
-            $return[1] | Should -Be 'value2'
-        }
-    }
-
-    Context 'When passing WhatIf' {
-        It 'Should support the parameter WhatIf' {
-            (Get-Command -Name 'Get-Something').Parameters.ContainsKey('WhatIf') | Should -Be $true
-        }
-
-        It 'Should not call the private function' {
-            { Get-Something -Data 'value' -WhatIf } | Should -Not -Throw
-
-            Should -Invoke -CommandName Get-PrivateFunction -Exactly -Times 0 -Scope It -ModuleName $dscModuleName
-        }
-
-        It 'Should return $null' {
-            $return = Get-Something -Data 'value' -WhatIf
-
-            $return | Should -BeNullOrEmpty
-        }
-    }
-}
-

From cee453a8eb51c3e0a85e05941691b0c0687995dd Mon Sep 17 00:00:00 2001
From: DrIOS <58635327+DrIOSX@users.noreply.github.com>
Date: Mon, 29 Apr 2024 11:01:42 -0500
Subject: [PATCH 14/15] docs: Update Changelog and automation candidates

---
 CHANGELOG.md                     | 23 +++++++++++++++++++++++
 helpers/Automation Candidates.md |  2 +-
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 520cdae..1270b29 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,29 @@ The format is based on and uses the types of changes according to [Keep a Change
 
 ## [Unreleased]
 
+### Added
+
+- Automated and organized CSV testing and added test 1.1.1.
+- Functions to merge tests into an Excel benchmark.
+- Public function for merging tests.
+- Testing for guest users under test 1.1.4.
+- Error handling for `Get-AdminRoleUserLicense`.
+- Project URI and icon added to manifest.
+
+### Fixed
+
+- Format for `TestDefinitions.csv`.
+- Filename for `Test-AdministrativeAccountCompliance`.
+- Error handling in test 1.1.1.
+- Properties for skipping and including tests.
+
+### Docs
+
+- Updated comments for new functions.
+- Updated help documentation.
+
+## [0.1.1] - 2024-04-02
+
 ### Fixed
 
 - Fixed Test-ModernAuthExchangeOnline Profile Level in object.
diff --git a/helpers/Automation Candidates.md b/helpers/Automation Candidates.md
index 1b3d262..7e6695d 100644
--- a/helpers/Automation Candidates.md	
+++ b/helpers/Automation Candidates.md	
@@ -37,7 +37,7 @@ $Report
 - Commands:
 
 ```powershell
-$groups = Get-MgGroup | Where-Object { $_.GroupTypes -contains "DynamicMembership" } 
+$groups = Get-MgGroup | Where-Object { $_.GroupTypes -contains "DynamicMembership" }
 $groups | ft DisplayName,GroupTypes,MembershipRule
 ```
 

From 822e2f51a3e4cd6cc5849fe89124667a81cae9c1 Mon Sep 17 00:00:00 2001
From: DrIOS <58635327+DrIOSX@users.noreply.github.com>
Date: Mon, 29 Apr 2024 11:03:41 -0500
Subject: [PATCH 15/15] docs: Update help documentation

---
 README.md       | Bin 10176 -> 20738 bytes
 docs/index.html | Bin 30406 -> 61996 bytes
 2 files changed, 0 insertions(+), 0 deletions(-)

diff --git a/README.md b/README.md
index fcddb5550c5cdc5d77b6e9013e12ec0cc92eaf89..6ec049da30a1b7e73d7752d987c5183679b4d37a 100644
GIT binary patch
literal 20738
zcmeI4?Qc}a6~^atrTz~qh~%b<O@O2y5KZM8lUf2|8I!aEq=Ie0#c%c6kXHHI+djW}
z_IT#Lt#=C;heQ@$@4a(p&Ybg{*EyH}{^x2MrTgh-`a}9U-A#w-G##Yv^emmEU41)9
z<Fu02(!;cocG8iq9P18G9BR~Q+SAqFrr+d$R}*vH({o$8%9G{ZW_qRTW8GiZlW%qB
zSaZJ8=bnB>X}_9pG#U9^R4~W3?nB9FLdhsS*VO~9@=DJ=(@d}P%+GX<v0i68f1c>>
zuEw8=YR}~TvHnQcpn!Rg_31sonOr&4+)%|nMrm1N>$%LE#q=PLSkZ4rGwYVtd!{`t
z=KVq4j-KAr)z^9EuhLTbQZue;W@tLrXW=$awt2XuD}{fo!cNEO)*0s)HRAXBF*S>#
zp-T_<Z)x1$bnjH3aPD9FJkWO}dYXA%c*1?t=lzV*3yp+peY1~*jZ@tPA;@g3U4o0C
z3|Y5%5frUy=8<SIUGQsP-1;$np{wxRyY=e(`Kswas=MMBGC$2LgOQMFn|@}CHTLsv
z*>xXEVqEMMITaLzR<I^`Ya(eZYLU<=OT6g8NY}wpP{$5-(@XtB`g<*I^`kBLwXD4!
z>G{L_8|fe?<O1*55j!h;L|aCAEwFu%Iq2u#Xe>K`I#YZgltSfU{%!35yJaWvv1l3`
z;BL^cn`Mb+GUlb`X4lqt)<G()Xmo%OYz~}$A%5BxG}l8$JEG{B*4fi+tbe4x&;pP)
zO6+2+f9(44CD-Mr>38A{w&X}O-%8i?W4Xb>UF~H@-)q~ml=<^g<C=UK>&kN>dQp7d
z(r=J=E!nzU%RB=MOPcQ>eO~eVakk_jZ>$xK-q7rj>$cW>tLOIgiM)#C{d1nLX?gqh
z^j6Qm)v8!Sq_idJg7_0rTz2HUi@o;z^E2yazw)hSInh3sMGyAjK>Ik%ICzv-IPUR0
zJb6{rKh&z&Id~2|;BF(&2TePf>)_Nj5Hz-VT`-T{fj-6;z6DL@DmE*m$&*|9v1dJ*
zJjX2in&H0INB&sNL(K<<?Td|T^fGM5w;K0Mdw8X5%kraZ6R9?LiKhIRclh_j4;I<_
zH`bH(x8bqp<th4wUwbX8k5Zv$MQa@B2RTRF@KjVjPPe6x1<mWCjXhu?jlFUDCOtiq
zbkG%_-T~iYk9{+6|0k{XU^4SafAig5*LK%e?qs>aZ|Dz7eGfeRQwZ4AT{P!UlUdgD
zSoj9!us3*aydAP)9cF!@wXt7Z`(A(V=^JBz%6nrJo^bZh*wbyTbtwHf7N2J0`)yf)
z@{HH??`2Ui78cM#G#ESDmWR;>da<)_Gh*<n=&-MiC(^II8R%}yKfFjE!V7YU*6{vt
z48CJ+h)U2eko-LJ-N?n7)sYao7CLM1Q8bd+vFsB4!h?<VgA`xtIeVS5L+d`a&Kx3M
z_09`kSkF&Dt9>jo2Tj-nd@wt~PqC*MWuI4UNN99F-@Gq8C9wfM6smTl)z%qD413v<
zTC$*zHH|p9(ENV4@x9ikf@NDp<Mct6CtkY5i|h;;J6b%-duBb*`46p(<{J~l4)a=;
z5)Xu?f0s4PdREi6E<IS$J@A2L`L0@jG_mUV8prL}Pkc{|Zqi%u0`jaA#RmiqklQr-
zUV8*23-Z7<ei=JJ{9?{Hp2BN@5$tlHG2%J=F?iw$qV<hDcIV8tp_Pwxk8xq|>TBz|
z?v=qLDCirtCYpHaFTxPEg(xs)<$A;c_jIR3ei75x_yH-Pl4~oP2|gCPdMAI|$vYXP
z8_IibC_-7(C%>;N<0K!f^M-4hrNoYK0EA+(N)|%gUHpvWL*gbldX#+&5qsF5vF0aU
zM&G&GXOF_;&L(I0gH%lw)})KxRcR}J&UV50C4OH`f0bXluU+5M-y`vWt8j0+x1Lv@
z%8dNADW2M@U_}aDqbxCJHzf+P1)CN1VS$e`#(5TBfQ2pkV|#~Z?Tf64Vx3jiKE!i4
z6X}y#?L*Mn(4?@fXkG1<$HENwK(mUx`ebtB1IYy2I-3vwIY}?1Oni%eq5oI}u#eW(
za%}p$(9r49wLQXfpK8uBU)b4@cXMuM=}`*;m9s<_@ST6*gRp;O#MWQ#*grm&K6P_A
z+XF`cMDy7Gu!UpILj?6U+o9J&AQ>36pUMI+>F-0uZS&UQu8GolEkj?n<_HH`FFW<l
z3XzXJ!yEC9y4vCy?;h$~ooz0Q!?xA6WcxD0HOVOEbNuGGx1O!G{Uv(nLvZ*M@^2~>
zL<t9H-YINQAkFm5le^W_&a!)uyD8ofJ>nmi#TDz*Bhj`ee%_XKvM)eqzsXp?BdUo+
z(SwL2`bLr$GS>0HO5SVagU$r&`*$>-?QyaAF^U=L>N4>F5`C>a(fQ{Ox`LIVZW!0R
z;)~4Z{mIq&a?i`h&sD_;_R4+IiJcSiQ8}PGwlmWcA4^W?A2|6GWd(Xlw7({+eEkfY
zAB*3=9A4k}mDeB0rgw3D^H*M92(LG?*K_R@uU((XwmtA;$%Hzp{p01bH@5mecV8TN
z+b>xvNV5L-YjwV^&QFW2himeiIl85$x1rdL>Lk_h$Z5%=BVMoTG0i%7UlqTuA=`3L
z|KjY;6=UN3IHBm)iy4EYIj^Yqh-GPK1LyB;yLyU#gE%2??sfhg>SJ-Cj?0I4|1j5@
zIN>BVZ&rX;6$RI^{S%!Euj<?{P9;`V8GWKt+mc}hB1+|P*4<O{iYf$k5OCx^8CUe(
zP2>98zG@L<dOmT8%1*)KaIVqCU?8o17SaAbgteiy{y&Z%HL@hCkR`K%`}Y*D2lwx(
zN_`o*U*oRt?CxDT-i`IHOZ$gT6Un}*k5Ex9DEGMn7%JJ2&pyxqpAgk2XwH<PP8U{b
z)}3_Ewb~Y|yQdo$vZov3jcxEn?CIu(><RmHF?*U8Wep>;&*C=mxuqRY2c}l+e!XT~
zZKQI3*+j6v7dzOr!poYEQ!?x<Ghko&eXJk%*xA!fTN%GdeVbk_PEuyofFbKSOT2n9
zoaDr**aAEn^(uN_`hD7E<mOODHO#?j)-m?IB`$1dPsF(i-q!tZamH?oS@%GIs_sb{
zb!E5-Zl^_2J~gHm?OupkF?PO{E&S=L?0#4-QQL3Vl53RB!x8vP50<;)K(5acB7S;*
z92>53e^_qO<KSv~H?|~30(0aXASAL8uGXDV^u3hs@7ZnD`8cX8`+a;sN1VU-cRQAB
ze;=}r%?fniN?SR)A)1(Pr8v(a?&$WeAa$Z^a1?#m^Yzs*Z=6xha_Un~x`VQzz8ZJ=
zm(#Kh(aD)B{Y_6)w||oBOPiB?wQ0LR$ce_5t{W^;*8@&l1GF_eiI}y<Bw84!$?l|K
zM9_%mZDy1pdFbq}%NJyW=9Bl*tH(|wi!Nx72xz`{6OcD^eycU;RDn;<vE2I*9-;1_
zVH|z8j#R)6J6slxKBMzH4Hx|$0=o#B*awlnvr6|(1%JYaksTb%UU1e8ciTODwI#u`
z5j(}R?pyasIvsHC*z-DkkM7$N&DHdvea-g~ECZh{IxA<ru<a4KF*E&!pf~UqoqX)n
zeOs2^JZ}I52JTMwF;BmH>2Rkbs;~DT`mR1q|F}7aMd<Gvw_cA@Uw1fm;3Ri|wdsEM
z9`UF~hHZP_U03s3+w;%Zuk=U{-6nbi>5Jl4oXanr;m~hhfyNX04&(ibkl-`*c13QK
zuH-Rg*5)(KI>HrIp1#%-%r;bWVMZz>SF&|1b>H=@-PXhXY@divr`g@2wPEvEy;+Zm
z`jl%j?aB>YD7iy3zq3|Oi};9by4@JX8@x+D*r$mWc2)8>*K5$b=_s)OkItKBK8*zF
z541H!md<prz_ZkbLhJivb#unvy-!nCvt<3Fv>;7h%KvWa?=Qsl1ywwK<+}c!U%E)m
z{U`2I54?n=n_9Z16^Y!6-|kjn3Wear_3A?7bbbA5MhtwWnFFEtwmOphqiFo}Fw&On
zLq+xUc}?R4IS_s|I;iR28Ow&+U*Ow$ljO=EFY!H$w}&Ch-qbl1aUuK--%;W)GA`(h
z&lSx~WsPVK85P@Kq-Q+U@&kFUh~SalXbz$|*HVb915@Pqv9mI_t5eidczQ*Bao_7R
zdaMfiBJLRO6a7wflsAXI*AA%eIco2V<(gfg))0E)p`J*Uh;>i&w7W|mXy(#gI)5iA
zU7=U?F2&D-+PVwWos+x)=_nMeQoYzyu7uq%TJMN&bXS6`kXm04Xw3FX949W@P5+*t
z&Zns0fxHA>@94*Vj^Ab7f|P=@J{*<1?K3*w?V+#!Nc2N@6ZiE>(NF9*q@c^_Z0>QM
zzS7{pZ2WY`Nug*x)B7sd3cCHIbfo<tzWR-Qa(F0?zEb*E`k%23&!0Q|-=m6i?uwbO
z{{)oO|4OVAe1(?wn~XexwT%5l?Pxh$fKTT=#ICgaDrl~oQANStaz1QNVXIuC|IpT2
zYq-n!sC9#1EPAoft_IX^(DNRUb$m(Bv97B(tlX4T)F{ZCBJy}2-4VmcKA%5BT@hXV
zF7MUAk>U-DROaPm@Qu0fc~N)aooVXDwIyuVZ!V6zO&f4NM~4vC_U3Jj!Bw)8ey;fc
z_=tBhyB!j>6k>*tg~vW?ILx<MPOPX|fr+S@)u&cOXHf$#sBH2pIMS^37DUH8M8)%k
zH2UmCS2voRw*I?b*nU6Qb!936JNe|TSy%3-n%S}M?Nf&K_q(zy<!#(L;#d>+KE$cO
zd_KDyzYd)V)bG}oGXNtcB+`d6YCzTv>_^z!sN9lq#?xIy)i}c5W25=qK20BftCy#k
zW%}8{kc`9cho^6!3#^JBG7VPnKJ2MtM+?epc=rvDa#BTw3mV<5b{n4{oX!|mLtMd%
z>;ydst8Crz*%4LvH9ZrYg_dSE?RmnU^KSF&98VU`*On?W8{2;8WbBR}LF)0f7Mf~K
zT**nu%!0zuDWYPovMT2Tyot#bc39h0D(Sq}hhDLx%`>0fMMdq)nY($?6ZPkMPr<{m
z_jj~DG;l`FJ-=BG3QX;$<|M1)|F(!Iy4GFhE^p4h`y0LU=`0*7yIU6};ElXH{M-{=
zIaEHsbC&-s=`ZZikCWVcI6h&X;Lk(N>$uz*d(-dstr%9lWcu)}#LV|K-?4nEvzQo-
z9gR+qg)?s(bD%At&In%U-4$cV(F&#)dUnC6uBRxuSMfE?EUWLCuD?IeiuBbeXMMl;
zGueya-1gbdMv2<gr;Hx3-se@CsM-*3d=gsTTn`&u^R2cx^$9ch^NC{EEyn`yGa708
blHod0`)usvy^%W~vM$%##PiYaD$@S|z-R20

literal 10176
zcmdT~ZBN@u7XF@JF@h_lMI;nx_XFy(VkzxL0*Xl6yDLEI#Ga5@>>01ePGHp^zt1@{
zj%|{(&`Z0wRjWF-XU@x<*XMX$ob3MP)mvMdSQgqEcQ_cHtIXzwII(e=s7_~nT^#F3
z8Hei+6Ya#AovC~{QAr|Fen;TuNIDe@YXmkBBW0pVD)SpBq>1TqtX+}oQCZ+6&{DZ5
zCQ2OU3RI`KuxSe7;-K(vfs@{;HFR6$k(NnsIFY$JNc4>oFZ(aVz!WMs%(6@>{`!LX
zOO-TkuhZ#?jSXzli{`s*Z0w1D*;1tPP8eH=(kbR6mDmkb#MtJdeqCf`o>`|{pZBU+
zpnV2oafhvPmFn9~QRJYB)#;|d7Nb%pkTZiiNX%;cO<s|fu4w3k?h#Qlm)tcp<YcNu
z;?*yt<Lzv&ueFhh=c=JHV(TEwa+^VzLWw9>u`UD?94T=PO`A=D=TjXkA+fKy5rySV
z1C338U?$cP?V!gZnn-i4oWPlrB(dsuI&UH4xWxHaoW-h;I&s)MQ7{BC)eeL&p7?yP
zo=u7(b9-A`kc<t7&I)$ZxB2x};Kgl??s_KbIk^Qx*@~5l`^r2A*B9sN8fFOFqhlt+
zjP1-MR>o|!f1ev|O=mWn^&{<6ROY(4V>0;JtL^(axyL(I^bX=wn{%6}k51*s!C%(#
zaCm2I=CtdaE1a;JLX|MPyi%R_kQ@u0XN&eBXYr09qX@oP;8|`{aiXK#Iy)`|oEA!!
ze01+}nN7sO*`N<*m|!7qJD)#)&d5<6Icle~ibrwL8{X)Q_c*l1sEESAmAH6K&S%Y;
z%wd91n%lqX&>!r}Wa<Z<FXEKURD2O|P#7sL-Y6I4I-|Yt>s<Y()G)@s;rdKx3WlfP
z!dY4Ht7BOvh4>_sQi(6vt%tiy{^7}MV@LV^5{6%I@e?e>-vi-hx`-wstC)wLWU(n`
z6J>-`xN?x$dlNh_2u-d~YuIZQ4j>a4TYM*!E95BA&}SS14dNP(5{|$pH<C;;w~=yA
zn`;ULOc3wH0t`(wh_hDUO%rw}$gSZrB9ci0O9&puwn>4b!5e6$(#UIUrEWR)CCObM
z!j5GEhpYd8>wohZv5H*>%0wJgeU5#RG!*(W9D}f<f8)HN2fNaS;WuPd@5=(G#ao>X
z4-vs^`koi#Y>P5S=$0bl+hJ2yiIO-3wssO<$hK{Jqo<P*+C)hi!v#p{u}u;?BMnk0
zQ+c74+Y{tlWM-S<BiyIHI?J(GXELd84dPAlkGoN>V|vwxwBV8m<t)#sEmX&cCs^nk
z#JW8pc3$kf?7eu|+kPd^eB|Fc<miWJZ*;*4qBQIvB8Dd?HcOQ$NPVu%e9~-r=n{d2
zED@6-TwvtrR;I83*V))O`scyP+3}Is-q^V3y{nv;osn~%^4lOCRY3+8wM^lB95}7S
zLce?}P`Pe|qtV^m?C{1Cmnhk|>7ZieJ=aAzCemyz!_I?c5X<7vj}VN6wTL*fC{&8b
z<fRKPwnR|ajdLZUF|<H7y6BM0B7--tV`Ns>A;-I@Qx=XLe(r2ia;0TdF|+wi{~COi
zqrSFVt4gu0^;HH?XDY;%r{A8l+rUiijp`9|!;lCM$cEXE=Go1^MPZ=Imfq4i4%AVV
z@|H4Fom)e$1EX1;vQ`lmy${MrQ*g@tm?z@(5JqpV_eJlGO{F%RjpjEma2M_#k{dFc
z|NTb8Y&rDPtyAmE-NT8BZs^AEIP$@muCQ>d^Awj$Q{t0xd2~!6WiAYnKFjS`Cu;G*
zuOZRENA<zGZ4%}e<9X*7<azg(<M~{1yA`_6%J?s?_J18os2ctMiSg&C$lC$ARg8Z?
zq44qiSlBUV(1Js^uS`N2U03P8$ORH%bFOWRoH~MeiObD_ZvpB+zd$VJ93Tv}B!TG4
z{PPDm@Zq{eeVD08k5R3%q(?m;w=XZB9qm#xaP;c(@;T>2DkZoMTt?q=*90(vI#g8a
zKvM{l7@=qKZ3OS$N)2-jE^7!HT5B%)3g;-hDeZ`a6B778-X{K!cb<^{knJAId7VmH
zd;^4WLFuUZ>n;MlTGeAA`w##{rnF2uRl8L6mUBWok0-SAU4(WYPiXf$2(?30i)L-N
zL75Tyh-O^o4l!sKT4n<b_InUTDuc3Nr!vohtHI^ki-jrE5%7a$+HctAVi^4n9@Q=P
zksd8+c-fP2*(_pO{IxBSdxbPkRDm7~jTm*@bNql><rSa<mB(mVr@)Vv>g&F>GCOr8
z`$&!e$_7T3!Alh%LXHVDQ@1Gosc~6$j`#U$mD7*pDxwm69wxI~IRJAU%JTpt1=#sP
z8uE2~&B9D0p)_*JIKU?jOAG~ny(Sv3TtnT<BT$xA&B7we0vMgUtaIf65?x+gUIE-j
zBJf6qHs6CT4X<mjm}5J+@+$NVFSdX}v7@VUW4m2z!Xv!^r+*9M@1xCqXQ#m9k)Qw{
zknuk;@=GKLkMzR;!Z0WTGLEJ4RHLJ>Fu5?12q+g)C;Dy7C30F5vsH0m<Do*0?_+!P
zf5_cHy<y@M&SK#(a-i;?U^$>E08^W@izYHp?5)Pc84TYOH4yMf>>8W5kZYQ-)L=F6
zjC${H;?*9Wco68c%2pTJ@3pyP7-9gP?lJ7uC-q^Hq)pL>%GX-W`5NL5y&9f`Vqop)
z6<%u=DPrw-dyT=MGnLbLWd*=MCU^8I6fAUhs935hCgiJmozTE|@1YUjK(KzILgrP-
z_C4X@?}WXCQirV*>7`gv?=%s)-33JMC(5&!+(mc0zun*MZi?;>F1EWX1f5N&67_kV
z#9djT@OJFCykF}qUoOc08>`U=S11087``0jdU9j$oDKIyoB9`VbW7lI@6b(Q{t`&}
zT9dtg<fib8Q~TjAQv*Y8z)^}db|^EXg3xk!+o%FOJkO%mm?DZ{aDf;Gzfeqx8<dnV
zPbm(Ep9EF=A@Vnn%lC%oG@nqrAtu&ACIFUj>aD|oIu0vP^VEZyE1}G*XX`&=TLvnD
zMMgaY$D`XwB?l&kIsxp<3Ssn9IC^OU^ils8Izy)^(OwlZg}D$aSYFB6U}e?H;h$Aw
zmfT^qi=|bcN8|)Sxfl(p;%kWJ3Jw8|F=aaXs|o|z$KBtnO$pI#J%MZsZ<CXKWX1rV
zEX6AS9ALp**1Ez%eMQwxMz#;D<Z#Yv<vx_*cgh&Rc71PMjllT?mo?Ftl|2MTXeoGs
zohF1ZKi_JS_e~zzxF8JGAhpp|b;`W)r9$R`+=fG6;IpZ=%AKjjAbnBHY;b}Kibjal
z;3rr-z3>OLSQ}o8wZ)cbTusloDe^@uA9i4i8TCU+W|77<>}n)Mt?>C-1fHQmRCm=J
z7Uk|#E1n<HlE&6w>s%gL$gl9^5JVf(Qa>f-`W^ZphH7n9V`|So01SFO*U_>XzcpfY
zDCO_f_Dx|MgU+5fG7eb+1i~PzJ4h+zuq$>OpYg!K3e>tV5y}>2M&5{10d&$61C$*^
zlM85k!xPiPk&JHWHE`aDo+E`Ug;t|9Y=9VjyD<8uHFQEWH^s*d_z(qVns^gUtV2&1
z+K#y%uoTWxRQ(E7zn&6tNap^AqWB39$9Ww4!P?|TBM@`se^9Nv;y6Vem&F=+*=1ob
z6$PgLZQ^c`lv@ErtPv~tGD;PA6uh-wNY>4{ymLZc7}5`a*wL+?by3+tL*1H4mp-Z@
z^>*i*ck65ujtR>{Hk$iJ?c*(@pwBm&W#QtW_Ba1NQA1($b2a0K!9IyKKA0i#8&Whs
bF$muNuyDZ@(~p_ZuF%sH4QN;F{=D-)dsN|z

diff --git a/docs/index.html b/docs/index.html
index d663cacdd84238a9e7914ddef08f0d8f75fe1eed..70af9501891a2fb5adafa1523b004270f5f2e1e0 100644
GIT binary patch
literal 61996
zcmeI5d3O{?miF^s&pGoQ%5uLW=tdG4&$OEcJT%7LoYxBj^eo5i@c~H)%pyjT7haFQ
z`aARd;?X6R%q(Rg(SW*69Vx3aW4UqT?r|gXfBygF?)~o5?yK&4ceneG?pAlBn{^Mn
zgYIefq`TVvefM`ACD!!u_j}#<db+FMJKc8oOn-abJ>A*vwhqhB)WYR%zk8vlyWMkr
zd!#?N#WOy4)dzQH-KNTHsrIb<QSET2-|notuhwRIK1+S?3bu89-&GHnbUojF)NOPh
zcE3yi&+FSqx_d#NOL}%O{r_Ep->_|{pE2kzCusHs*PbAJuKpgSerot{b`R9U3qAS1
zTUCvjAbQk2PU8SOGu7VijRfc)rZQV9v#GjI_3N4Lf<gClPIaHFwe5rr@B$7gHB<TL
z>FKU;1>W~lYfn@f+&oKg?5WhVmtzflmsjSo{LS~P`djb*qW1Si4ZyaZzF*M&H9^T7
zeV?HEQau6ntc!172^asN65k7=FN%^w{j~j-WsK9KF*FmVpp!=$C)D#)kb*C05bW&=
zj#<JF^Z{1CS9zY4z128|dLOBUJVS0d=7;{6qx_s%W;S*cB?QzZre+CGJOO*qH$6c2
z%q8Df(>S1%eYLf%(LCyY(3QDhCcyp!-D7mnd;N*gTo%>CL1Q$_^P{;I4iA10{)eie
ztDWvjx1t`N>A%aoCk}^_@2Tgw!#$|@Ai;Z8v~aQer|uuS&(aJ)otet_C2wwace>kZ
z<GG&isn+a}@`kvAF_djH_V@I;e28Nt!=@m*m$(920AeK71C8tB0`9ubGu2>@DgA?B
z-_|SzJS(Y9Xb8&UKc$$(Eq#BeUtpbDo4T$QPoOns8C*P44^Q-z+2I>~T^NN2%pVAX
zHI@4>!4Eyq>%Z&HpSx@Ne_hyu;*HDusl{PPZ%US5Q9D~n4&|A9FY$q~htzr|xrNM!
z4j-i60*ZY}&JBGw)yA{#JB?vo-=C!U+)`PngIe4LD(LJx{r#kGw0vJRHZ;q~T4dZ$
z-Jf)KM}6^>E12C=nTu-Uy#7AcH>C4{>VPZiBjp&idwQB6rpJAK7&-T!B)H3ZP$zU?
z+)Sm6cMTt(YK#wrS!DBp@b~Ux=ipFInljczL%aGMXs!=5)AvOArWPm$t#3Nm7%2C8
zu>t>NDP#+2Ci=cBx%auG-Yn7WBh5(G&9^mMNP1+-mf(k@W|D(9ME8_OzlZb*%~G}q
zoo}l}OC#$fYklsa!H|Q<4Y&$vMwu+x&GUx!Ydyz?fo=@LO!m_^g)~P}mO2Fp_k?fc
zQ7a*K^$h9oG;z7*MV1O#7Elk%@*h<iP58s%Z2net&+B{txv_-wLI;%aWWDn`AVsRQ
zbG0GK4b`p7!rVx5rz{b?$E?nW7mNC9wa?r!3*YqSC`+<DO0@sF+RoAx4ECkzto!*T
zWtJAhuCNVVAh)p~*VGc$Gp%gt13WW92F(T)qWurL-%o7sr_^598dKW(rE2+k!s!_N
z#_yWo-98-mLF(_KDCfC!OATe+^18-xPvgI@|9cv_e~tCj_HaQxobUcm(?j5P46lKQ
z`EWhZT<i(s_)~lOZX17i2GRP=6gqoHHEe@2hZjVVeH;XYZ9SyO1Jz!<CQ`+Ed%SLo
zdHg@9tHpggCt*)Qqhm8;+Qs&vfBZ{4&|wV6=()l-Q=qUPXHPTcplm0;w;0Vc@liDo
zQNFykb<uEGeOOS8YP^LSv;VB}S?ZtBFX*DQLuu`|vcW%2FrC$}7}I<Do<GyE)6N-o
zAO0tLd0)_s^$>m4V+X$T&Fn?VxLTw1xqf)=qgIWnxI2BE*i%Q1WeP1u&nE%Tr9|&&
z>)~09zK{>-C1%AE9xnl({_zN|j|(08{V1pw!PZHQB#+CsLwFU|skYvD5|Sr$?d4=m
zZV7w76Yvll!e+tO1iRQgSVM4uJsda?`L&j`EdJY8vIVlGINSn~AB_x_>RQovT(NcB
z1{TpnN&dw>ZI79ne2dnAF?xw>`8@8O+*oKaMl*y{{N^V~(_KtBN7fLH+S31ziaYzd
zx0Y;f%cC_}1N*vzRt&#4pl`2Z{SWJlqgtCcqS69Eca`=C`Z4=)_G%feBNHx*=FJh5
zDUeKs#?lqr0@|J0vRl6|dbRe#dW6G>WWg2X6MNw$&(z~b`|aq%h$-t>(LK#!`6PI)
z)HrQv>^maJj@FDx{IEq@{k6#0J$@uDR&q<f_)2R@E<6!VX!mY0M))df)-r}x=Y8<W
zhI=Fqg&e|X1`G80cJ~8xC6!Fa#5fj+$HBXfj9C)2+;(5sal9NHA<MxXQ84?~-|HK6
zmt*gX<B=NkBx^gzV{)kGla^kgy4C_4mRv_sd`R`$G8}_y$ZHASA<E#-W#RRis1*s(
z@<(pLR7-S+k-*PrO?VxP5=thrn_HqpDQC)3JhSCPOqR&|lS8RSd!MNl;vGo2_4J|q
zhG-y<-s5j)Z%8+`Gsy4D8Y`A#Z6A0JTPlpZP#^w&=>d*m;q$|?L%6mTHq<jZ6Yn0n
z9_npPt%8-OhcbgGQW+2ap!=hq0^v1b(|*S7gxhUJrNRH6VqT7eKTE%XZ_zs7{NAC=
z0?K+;uzOzT2yY5MKWI#>;jO(~ySSrYtkdE5LUY&j9j+#>d{vRV#p=A-5jqaPsnL1u
z<%X;zxa5gOMI`FFX6^^A!C+(DOXFLt#_;HdxTL*DP55S-{HJtC)>xa~5I38j)-<M8
zBIXEa+jIH5Y<C{NPboL8j7QN*3&S6l@9&Z{VMJm15-W}}wtRnE-054sSsF)wAzv5e
zP^3~VUrOuj+XPkZ2Mx)ofTC^*n+CgW*cOd3aK-ESP_!~zSi&Hm@%E@)N_@BaTz84k
zqlt)}6D=iv&gwA|&axAZv5YI@@77%|Z_P#wDP*PPyYnPsh4-GY#VoQ~&*}y%y|lu5
z!58YE`~#xutS_TIy_Px?RF3k;it`^;j_AunmAR(;jho^GM#*S~$9Pv|iPS7Q`#=b^
zn}Wx=3Z}znx`&kXC~P+kji7|o)|c1rT70ugiVh9DgPR`(GxiwP0I=Kl#v`I{R@dia
zyPO}|$4=f!?IO#;o$>id?dP8HL!gIy8t;=dM*%mQsH6l|=fNv8J%lGB3VWInKljMM
zCgaTX61oLj2k4?V=)_qL%sn#z4zP;A`{UH7@ow5gUr~ZFA<f6IL*yBFDdoHaD2XUM
zxeaguwP~pxZ-y-}%N^n&o)g;}P{bHDPLYtMbZ)<gWjak~^lLv9M<GMX)#;EAJej8f
z+ScNCJEmG{jmte~7)r2T$M>~Fd1XZ4)ga1{4fVcS^++6=nAhsz=r1Q4Fr}5AJCqCs
zKTOeT;=Zq9?aj0TwkGU97R5Z5ED9-hJ@IBp6w8@!gqyFse-K_+i=xC+ec<6+qB?3q
zZ?^0ARc<Gh`{qy%!VAa6UbZ;;GIicFW8J-%)L<=U3LF|kONnh=WRgAHzDCYZaw+mp
zEN6+%ATP^j%=})WIB?ZIMfzYLhTh|O>t$1-uj>spSwU@twH^=H0J<SOm2F&onR5oG
z(dzN$HMpa_8sZkS?U;#7_Ax<p5=>l6G836t!`hCV-|p|KY;P=xHuG?5{o}!VTYWp@
z$TaZDWVomF3r21wPDi?--;gW#PmT_p<QVA-OlIjh>;6^zLS%jW$Wa-RF<J~b+swCe
zR+-I^rDGI5h2F`myDSXt9@-95r6n-tT822X^jb<k?r+9{Jg9B?#W<ygu*771cQ5c1
zIVjGf#QL$utmS{Udd}%Nb|Z3&dT0pl?H}qKEFViI;75YhT8F3DoJZNR&ZB|8;2i8w
za+Trakg-^Oz(LMWX(!IJ28q`l2riEjD+{a77M86;WOg}1Tb0a4ooQN1l(41oXW+o6
z$p*!qcRnnbU?jG7!)gtyo3&W<K(_wo<Im%x7QQ*&9nftn?qFTbUHW=)XeB~RV;o~C
zd0bjUCNQ>;11HlT66f``{Mlrf%}MiR*F4GO`e8rxXM*Qp(FAYy?V%`9KWQZmUcBv}
ztOcM>`tXxivB0AjY*$uX;5z5xMie?C$J{L?K)zpRbR&JgQ!ClO4WG){|K=DZ%=1J2
z7IGu=1~vgJTV!Z5zVOWh+C{I9GNT>PrC3EsFXxCm6F;Cr58(f0*!tr^#w{8P@HpH%
zBg)acpo_eYP*P1z6Y%sfwa`kYkgwD}S<(D|T{J=@Ci-9oy^eW&DjA{zWFS%WdH%66
zV7$gW-;%#{U2vjV@PWQ6XcNq0!yV}Po~Qvl5yvNb9pzci%G8`A4`?lG8tV}2m57W?
zkE}3O#~ZNlunCB0I4Tx+AliY<C*Ofm*w7JiKr5k(s6lSf?NoOArPYu2{<EG@?o0KA
z*H_-VrTgv~eTJkTDs@vZQR`2dV|-bnq0uV$BkJ<Gp42fOD0x23L$z5(j!`?al0E9u
z3%5lBFZW{r;g>HeEuwtz+Ia6d_Uf5AZjZTVB>KF5nRV|Qp-=V}A-9m-;PWK(!T79X
zDKrnl(3`+_T~q_l<T$8TO|}!&&J<tv9<()GKT?$Af^t(zZFVd1C^@#!@`l=jZ{P*D
za8uvG2l2Nj!a+ao3Re-agO8pkJ|K!5ny1YqAF^O0o;;1a;fgvsX$>$Yy<08_N|<^L
zT0NeBpEU?;UC0YtxyRQb?fA0Rn?g-*n#)UCZe>)dw;eOWw%8HX-_S0kYx0I}X|4B$
zXzfDc&AJS&z23MXm`7hkOs~Xz342iHUGbJJJ^YSL1M}A&rgBB-OKaPs))mklrACQ;
zt*!TItvJp51cK0`p<|H_W%L6N5IKQfozJ%=2J4w^XaB=DGW+ainHDoXU33y2y{%NF
zF*$cwk=~(PQcO)vp%aF5K#scG?jgFs?#q&%Y|jN{)osTrp!o}3WxY5*0@BLPsXC!8
z*S1qig7#Tk_o&~<u)Z~bHI7||&FEbaSOb?e8(7x1c;WEJ%3fkuI5C^Nn{{2*=C1A%
z?Ql%Smhj!gn={p6y|Jy+-nk(N@*c49mdLALRf}-3_fi6rb6Hqb-aA~q*-f+Ucnme1
zr<iv(V@G3`fKjq@T76M#>T(WB4-Q+JeWu6PyfJfizj60fui;U*qs#IzS{}+mT1|K}
z9pt>JRcRjY=FR(Pp&aZwN7<MMe59}=_k|-oxF6H}JQkhor1B3{=DvQxZyPUjlRncg
z*5i-bSH00Kp1%d<5WUQ~w5#2>f&s6Ed4x{h-O&XtbG1LmyvGc`>Xp`V9OO8ygzeH&
zBRvc~8^7<;IinKKVzDf@S_-a+DsrawUq9n#QTW4u{BTfm5r->Vv=!&I0!vD`)hCaH
z_miV0LmD-_D%KoW1tD(#?4^Ge)>p*;N@-a~EK8`SWFs<5Im(ECL5#$iB~O#obu7qv
zBxq@`i(orC^8-(Ge9WvyP=fe7BSJbjwn{cSHCY8AazhDpM!hP-$XV}mE=t6IjPJng
zBehF3$nn=7QX5D-EL_G%zx1)AJG7pqW{%kaBQn=*Q7<ef?obYja4yc`^M{p$h2&Tn
z7%^P^+??ojCf}ZOF0k~W32L$)vX^vW9SzRZ(DL)5vgCNWF?-F++?a^Oh2@6cLn<%k
z<1Wt4Yg)U2UeLA&^136F@Xw+gB0`Z1b4O1d^W1rv_kxea89vY%R39<WqiT_lLp{gd
zt|xwD{H%O91E+lcsoJ(*nb%FD6fKk|0TJJ#oyRZR`8VBxgKvtXqn3Mw!`Tn*yD?6l
zP0RUVcKCaDaDGGal!)fdpQFGOac-ofPX=1F_M4hxW(6AiTb*YpGOvl;)SBCcm$d(;
z=43e^u|~ywe7Kws>6SO8d;0uwaXBAv&3xQW8r)hK%cP7t3~Q~gHG4T1*ZID0mz=Xk
z`dhFuB4)mv#Y~ZSS>;O7qFz>%Z@snb$4$!y=*Lvc$mudW9BeGJ!<X6Nk?mjdSA2&;
z$doPfYJ8$65w183fQ<dqn;kwcVt|Yy7toO}e&t--kYgux{p;q0-%YUv^1^P*kB;bJ
zL?>C-iYN-vzlfs{jijbmF8lGy$oq5dvTYsK%>H_r%1FGtU*TQIQ?98hI5S`Ud@MV8
znv@3*^_~bU$~Mw<`l)@Z7`4xpAQ!Tw{>3BQOTIYyodIu#FUqLm>E(wz&FT{?G9mkK
zD3VdeM$af~?PB5)@|$lcC-bbXvHLn|<vho!yg+7EtVKCrGct%-<!9B2wVzlix-XqW
zRGoFQyh;?kk4JX<I?Ag@S&wH)o4=ieE`EJGTV7wwZ-(c_X76v4|M0EzDg|c<<W-I{
z;!NId;5}@gEAsmG@nR`Kht{;0{5S4ly&3-NN06PPd^$ZJ)=tSsX!9?~Qb5P#wI*vt
zvVXmQ%DZC80wE`Zb*S)n!s}Sl_Bd^y)PBrY^?3SJ?p*98m1FyjQ~8HWDo<ADv>4gj
zN97mg`JdJ(*2&3oJRC>0ma^O@QgQO<(1{d8g5NGGpSL=9dTD>ihp(-gP0=*g%4Ujs
z`E0Rr{n_>n``Bx{$G>w#p!V&rsXcaM;l0y>eRXm($u1@9*O{pEdM5V94i7wh&Qe?2
zP2;@wW_*GvE8k1rn!;P`pUgf5ku&^z&Z~^*)snxC);Omv<~5elb9#Ado~;&~Q18Yd
z&dZ($w1v-Ov6teLcCgl1yN(?iIiEWASB~!lj{PR=d)P}>j!%hN>Y;Hx^rmgT%rQeb
z^h>^pvy!|%Qu7V_+1gzPr6!uU;@R>D9LL$paE?zULks5Jm`fgddwJ+f$<g5*CQJUA
z$3N^p^G=-p%BOQ7;SyrUIhz3gr#u;yQv=z@&R*AiqQr6?awya6P3xL+pVhm@8CXrg
zJcY8z3Yu1ON{-<8slKnzdVhT_AB7n|Kk2-zdY2b{yi4m7o3ad!!kgD`oRPMqJ?yf6
zrtMKUoKJgx8hdYt^W?$&^2AbBg2VSL&v<lXG)`qaO(&MJ3cAQi7PjW+pWYZ5(9oSv
z&gj!zy|+GRTJbIKoc}8M5z7-xefq&QVFP>~q!UUxL4h|pus@6)Sa%OIxa*h+R%d;d
zDVcQr=={7Mh~Ve*PT>VwE$!SmDI#+ZB?3Zfcnu(U3+s67l#D4928|p|TeXd{JRg*|
zfI>a^8=S!Kwx18WCJ3Qwufvw!QmoDP&r_LyP6&Jw(uvmpD7xg_7EbzgF6sTWVij~+
zo>1!ZUCI*_pzCYGCo9D0>>Tr0OQ%0POMCP=Z-E{-+l9PVPToV4z#-T4`;pFbz)So{
zt6t}IMIt+z!j6kNBbM{O^2vwmiSNtt1axJ8@gAnYS;S6#w#`$u=ri!zQ}t_nI|n!F
zIuqCDZuu-5Vn05`k>8OGoL3t2_{jm}<e50PmDRp>UL2Enq;`D9S6~5*M^-S=Ua-ho
zCFk83qg>-$9M7oF_HuM8=5=4Coaqn#=V6r7!5Ew0GDYmUuF<~Rimb6%B|k`K!wsG9
z6{p@pQ-LGS<pCG;w<GCR_p`4%(B_&-@$NxJuyIH;NWyJ>m_ecrEjDlKE+?Row`M%V
z`~<iBA=Rr-)d7>kBluAn*FUN+D7uy88Gb+IExL|`lqdGgm)^Bx5Bi>Ztu2eGwc2vo
z23ekYOU^v<5!n@9M4aGLTW*0x-Ybk$gr;|-Y1&gyPv*?qMQzuk&tzDUOli*=WDKkv
zA??<LiM;nMBoMYxoc{<{u$sFfIWTs9P=3?BTdnKV`O+(ChlN`k%Zs0>H}b$&l2v58
ztZ#AWGZ-_6+)DDm(jcF2*77uxAS}-;+e4PJ1EkJM4+-tubl@rT*OAxRPOLLjEV1XU
zJ|Ii_C&Jlg9P>5Gk<X{glR1s|bkZfG%6SXUcSepMm)`7;Wcq?Wq949nw|o6+US8^0
z_Vw|p!Wok_<)CBV^yy`9gS48G7c`T%aY6P1e;4%~8);R0Rea}yzP}DSB0JwFdwEr|
zrKwu-YzihU^03B`Gi`2M9s?4Q=e(mJMsZRy=%a*<<5JtN3Ym@lSNh^t1o!EaQH#^i
zotNk8%({8_`fuS2D-bQun^ib_jdy&b;W<|XO^6Q8TC&DC`knID;$NzjyRzi*znF#4
zzS-A9w(xgdEs|A<x5Nx)t(ki=)t0l1%ygy;nJ{twXT)|h<&uXMBg$<%56$lg=G4tQ
zdgmWH-<;H^@v!(7y}n)#V0r4e<84^(%TvcQZ4RG0&bxPsti*}j{S(MP&^w}@C663G
zi1%RPN3&9ccfdQATEC$_aok#kH`LT8m)}wS`sDI2)p9<$eDPDthff?w9z2(xz533K
z1Np!?`CN&F*q_NW`D)*2?QK6>+@}Q-<8gEb%|nFhiK2zr9M(Ob3OlUWp;NGIa>guk
zy`v9N-oO6I;)_9l^ts~E9`6Hy*B*8MPvb&g**ZhV5n+O7h=JLg;D5$j)?ZosQLoi*
z`DuF=0q@o%zWMyH*IFBwJ;gf*hz$Tw`>w(=UQ(Y`9wVJL?~X{~DMf6Qd?KV0^1jAT
z&M;@xwcTrvyBtC2`izZXT=iq`lneWrxtgWOHfR0BndNbk12J0SDK$>BeN)2I$LP?B
z4|(iZ<v|<td^h<4U?ff~@4pAkD-1px0(`PI1y6BGv}c}}h-1Jx0+Q(g-GQH4!X4fO
zZv?0Jd`bl|B(LLHe}Ih)GwsKYfMLv+o{hb4pmW}`;fUA__9`d61D|^-txZN6{<Xas
zdmWt29#&_&a#xP9KQp!u`{(kv*50DhJ4dX_*!I*`axB+8hTQxq(Zg}xiPw&)=4?kD
zTG^Z<sXhrIqN??qrr1&UD&q`%1h(ql%k|HG9Cxu;#-g%{^N};<gwMn|+;M8?9Z_7Y
z<;2;NKI`<~Bqw~%e@N6giG5mq>&wOZjHt$+3yJSj!vo&yf@<1H>d;9UBa2yD^g5s3
z>NS%gS{#Z9XU+gW?YkyIJM(^F=&@|oSzFnwY;BPIB<B^eYUNqR_eD;Z&sbSNRwBvz
zPthyLC^S6Mj@q%#7UvRDB6z2U)zCse$ljsRP=0wnCTBx_DlGZETD<)=tP7|QtultY
zz;G>dhBM#$Gsinum^tDmWsdYG$^Jj7e(B+sbRN`)Phnr~rmoH~I>|B87nmd;)p<I2
zjp*Qf8sRuL4arz8X}~#;nxW-bs~elMDfHeyDX=fcfrre1(|al=dK)T4Vqvw0eU))h
z`WQT=yscrPaejjcR$$cZTV}&HD?Qh8Ir2D`XKJDYYQ58HggB|z95YYyBi+XMZJK82
zbIQ2oa{4(2f5RCzb>?5+XULur5;=3otMgWHQgCZzE4@(r<hYcPgf{DG$#1QlXG?1O
z35aOEH^XnWrGNT)Y)mWl<65?!Ll1@5Kg=g}Bqc{JLUWaT87<UtmL(6pyF4`H`JP@*
znsNp~KU$d2A;43O?E0*^Y7Pn>sk7*_*5l2L*oysV;t<F6^=Hj{j$}F$w~bdi3W1HZ
zouZL-tZ*1=NA#xb9h_o|jeCBtZ{ObQYxy(TIK;7!KI_{0aLm5+(|O*SOGHei@6Yi(
z@|+^_(MD_{D%jR;<4`#!ls#id&yN!=jb7?C4>XZ|Z@9-f5#iqi_2>JwCE4ytp}f7W
z)3iTpu}G`A)$66uL|*F*swi_IGtEq;6-UV)DvOKVBg@@c#`IT;e0(P<z^X~?#<FG!
z8XnTBti;*6!Y2u;k3AIR$VKhG1}gOqyh%11|JyUySjQsf>hq;qj-i#jengxiEW_w|
zo=%ugW%$fT(^suC$`y)v>m!kS9x`RoYe>TJ-q$oEj;<La$L%p7v}~Q%FLUs2?a;a*
z+9UrAYBJ4Q3I`3XD$9*GI}`CbC{}^URH^qE*>(Zr&@8%@90sC1k!^{ML?6W9Y*%e-
zb-7$CV^`Nrl?Z+Us#ueDPG_tw&<1PRyiYgUW!CFe+`Jl26v3;fl;N#1oG?{#jNvb1
z=K*V2UO?b?cXMXqBaOj#yf&LH#U~o!zCQi2-4$iJpT1P^eS2T@QtQju>r?t~f!FXD
zKNUW}{7k39@XXm`NCCrrS8bB9^f*yzKN~P>nLhsq4@|uVm)c&LTB|LWtr^BmOzL@}
zs^eQU@3wpkYcnKUIdi3r;1xSo)^?=xU(Y_C#cUk1ZZi$v(wrh`$iIzv$X|44xBH8z
zHZrHy^$kn?r<5<X){RGIX(zaVeVWeUaprCvUmEH$I5=ngLM7$u?--uLdjCQ_&d=dl
zJ(PU+Bpo(2rXQ5ohqQx3k!h=g<E9L=n5~M{fpJo*?_t*R*JG?RpoZ%7BS-VBi5P!t
ziB6}*li9oTs}!~N3~ar`(5xe8{xs7mTs35+E=s?*MSWi5_ghNJHLv0MZ{s4?vDkm;
z?ub^LWW1!6+^x=-`nzqX<n8v^)Hb6WesbSV#Ghjqrn9=pIYxdvUm5OZHH_@F$D&u{
z#IC+`uCn#_`pXsJb;*rQwSq2xq6|6m9Zlo?I_;ess<B<PIo8to?)OPDp+R1xI>6*p
zAISaNOL^0I=Ol8E8dqP!v&><KqJkpgI-J9v>45buELE`GW~DRd_!r()?;OlJ|D2qN
zoPWNaatG0`--~wERc}}N><jt-|D;`?pXrx(*Q0}-%ea4-wTv7Hn}4JGU_sf59>NZ_
z96m^6`Bo5+lNnk1@9Nl)45vM_y_J4_Z=ioC(|7Gb?TZRFMFIWYj`tLGA(Im-#V>Kr
zJA0<^gs_f?dw^}1^G<^MdbXiE<QXAzUg(#1_VNFG^K4x$U|X%L#(uIMy}DV#7!g%=
zy_>_xn<Bn52KlCB^Rv_<P~z>e|MfwlZ@70p?C@ut+Oa2XfGxkP9&M{L{ta;`do9;>
zLIh*==@D(I{@92_!F9y6;kp&Ubs)Ibx{vk!&5zs`7?R<q?oYzOj^IV(arN029{G8V
z{9}!OLnFyE0v5>2zb<SU%kA9$ZH)g98a;8rhsuWA6)nL9_I0oZUKdpam%OLFmS=jl
z$yxQwoRFXSLeJai#+meHyPu0ZR9ab4Exexj`(0?8s0q;)+WCFaiuXsB)+W5TuNcx+
zQ7&W?C(@ir{K`&-(0R1Z{+ovlj8QAD(HD@|+Jf_kTf#!KEeFgO64cSohUoZ@i9?A)
zxwSgh^MTqYKa9NT@Tj78Tmu?%A+tS)EeI_@7lzSz{vgS|-{>Cwfx~DAXzr*lpN|wH
zVn+k>`9ObMu}!x}VKH9EAz4o_5`(}NIjgpRe%XJ(F?<EO>#9Q(@UiO9Q}%)D9=%T-
z-GM9}!&~%I*DdiDa|gX~KdAGJEHYLjX@9lCq1!Yj1NV%SNMqg4aiH?Plk38zcZ<P4
zNIc`_+eB}`_N^dvudHYgFI}mi1<q@_Tj$?Jth0u9ChComK+jljXGd}S%jlEr4QBo{
zeL|0!qhog5Qeew6XH{~5nC1`CXZDG{7k=-h^9a_ZHS;b|?lMEx&i1J0%cSUc>>ARF
zJ)_VCk!N(b;fY^ZEXZJVICB8rZ3~olp`(yzrlUO0Jkq1&qQ@8QST2r1pYJpGv!r_&
z1$Y9ovj0}DWGMn2z+H@q`NZpl219z9%F4FDTF?`<$}x>`Q|W~p+APohqzv;L@>|IE
z+|~b^itsotmSq$54JT#%u6ov}k?(g@54n#_{<-_*@FWYLXaTI{2q{M-#3QsUWQ4W;
zc`w;=>}){d_WklRvPfAAJm0HFi#hisXE|hEcux@4y&Y{ottaZFHD|5wYejQa{W$J#
zI$hO?lb+S#USGAB9rfw6==Rj-@%u1swi-Xv7c;gh-xN-R8<B;dCknNECSHOjh<l&u
z87FR{(fT!!ZO&ydJ^ZZFlzp1?4>h+^#A8)`xdb)rjRPsW$TL2fb7t6<_*W|V2bE!!
zjdIWx-b<d}%%Sx+MqA&>zZicT-GR$EkMM=shdcXr7#e9Nx<UufYd!k0Zht>neJ!?2
zoY6DV0nA=fzm8q)>lc0fgFf`UE-ryPnX8#R65_JNBF0KwP9=VqPF6fS5n@9=L>(=>
z$hs$j7`YI;*VYBQ_iti%Kv(!1wmpI0*o}Kx9t6JTU#CEoahGX-eycN4(!9Amn$E^(
zDMuuSXlXhXO&K@wAvomdQRnd>?aN<8E=r%VUVXgWy)T{38gt+0UQ_S39oIwwSyI&g
z6mfQQHf!J5%wFFnPR@Fjr3+R;SkS~u85Q<(UWu_SSJuXMU=1kNYJszbetcvb-LKVp
zO#|GSK2CD`@Vkkk{8lv?=ZCs;LEO2f>qY&)nE0^YOaBi1@mx|UN4j%sti&)*q$T@~
z*vaqn!;q&#qrj@o<*}%8`G1yuj<3Xw+17eG*ha(~FNs2kB$16rlnLFjFG!(2Y<;BI
zfl3U)(H|$eC7(YEEexGk`h_f&yLtwN<<ew+_FL@V`BX4MZTm@g^q(&}vgtH26$_k$
z5;Tr}>%-{tRG2HU8}Vpp{;5V)&u=-q8w*fyM7xLjZz0;KV0>S+$h_s#7|w_)&^N5o
zKG2hSw#1cz+V^GkZKf95mdSjf^>Z2-J=As}{c(pZ2Xb4mR5!F1j=%hCeg9hDf0T#!
zP4}CmSAVVFzo^8H+G~4qFNUJ-<-Xe4R2%=T&x$@s&|iA>k!U5P;TdeoUu)aDqS4SA
z5(1024+~?B7Ph3-!`42hUan}YtQF+7u6^}^?y+TeS5$+?2bCQNCdLGQuZVK6qTA=g
zy@OjkGjL0cYD;ZgQ@?)CY4|kQ%8|1gkpSia*%B7%w)zKSp2J`CEk^c0_jan$Jxrr3
zeT#D%4I@62DBzspyH~^!ElwF75QkR5$G~gB5`i{eh;IVhj)Q)#ClO=0B)LsLwT1eA
znj5d|qHF%IYS7L~VKc6%9<w`Sxw?L-(IVI4l6vy$<~h~O(%`P<4SZjc9q4sVX4UZv
z;?qb(xPMJp!|K9nUDG|}y-#7y>tQRh^&Q3L3>0+7RpEmuo-^)#NjZ!8S*+Axt(P!y
zf*V-GN*(6<n!3UJre>mSBgS=3aF`N+mvw^|>Fn^a_FImB6|At94h=jJHaNKoXjv~D
z!VhDeRqq?vAH@>%9GJhM)}ad`ck^c`*TG&6KPgi~v{-syLzqWm5}Aa;ujmhtf!%$K
zu9SwXa1z_Rt?N$8Bytqu>%<*jcmJt6zmlx{P4|gp<6k7@kZ#{-Ea&vMqd#N^QV-uc
z_|`JW97&wQT!$r!EW48CzviY-)WU!24=m9(Tt5uk1Hpo<SrK;JYfWF+9P|hu5HEqA
zm<vm}M|z57Xc}yJ7wI`{nP+KxUyvbfLgM17F>X8`Z~$$`EHUq3{>-6NLi;i9;DNFn
zG7u<p?Mwl=jqmh)xQ$%eUR2Bl^B=XczuxE7mY2x4$gq_3R?2QPWnd!YH{*Z;=oO2U
zd2p1xY%#;@(V0%s8)z@v?fAcC9q<{gqeG4^Td#Fc7y5c%(4k}LnU#DrW5{~EX!`7H
zfltynkX(*Ro1TFKPDMuf&WdKJmV_&*KWm`ShJ7g*(*LY@4UDzz_IrA8NL^?)<jQAF
zztA#T8XJ{-V_L570P!W2m{%W8!v8p%dZT{ap*A=To-Sp2jHaa)BvXqYOA2B{tSHf1
zmUvU}@K7*iu0YN@R<$N9vd@`JSA2z17s9vDS$LkFJJZDZmlRUd##!|OCeOT-ba+^B
zG``_k_0yl#(2spQe65<_Bn&b~tRU2@5!1$C8w~p0O6x0UM2*NHbQ)F%UUEpgR;Si5
zF_$L~3HkyWJAcRn%xB4O@Zg(;5a`Trea^1$oD`ke#zD$t`_r7nJ*cv8FM_A6y;ekT
zj_;r?`}~A7AJbCS)@Vt`6F4Ienx^koBLXQL{xE4#^w_^h#!&u+?mN0Z93^s23z7#O
PbnJza_}5PbyYKujezv)S

literal 30406
zcmeHQdw1J5vj02z6bRdENv%lPangq(sq1x|*5@W^ZtV8%9w*yFk&wigBDEyt$94VP
z?{5YG3F;9gP2)|{^qj^biN|0tFAN5Q-kpa(?;rp3*@2i8(|B;ZcgJ;a_xyR0x?`Eh
z%r9g(xGh94zf96u9_92P#PKA`MUaM4ocp;bON!y8@I{fPu_w}`E4J@-cE0J{-M)KI
zY=7U~{l0sDm)h#sjrBsA2U#>LqBK#BACAOjI&Xv`j!q?76PYwUh+-l|m<IEyObVZ>
zw8bozelA5ilZlwm#4J6RSw4|*Ec_%C**sy032OSUd>9Dt#VmiA2Hq^+5$-e%=dpb1
zPo<!LejfcZoo7$@Wm!eFpxXeHOTY+VB}#&H3YZGn7HKAAmL^d;&)ceJ4Xg~Kf~%t}
z4J8-8dM?tLNL9-UA~BW4Bn`!RR7|2oL`5S9KJu9iqBAKN_E8i|&w{PjsiCyjS)5MS
z#YEG5i`Y-beMctF;P$QFMEaQPTeo^eRK#-dWcQo<kJ5P(GM@AO!=vYNmS%+j&MN%(
zI;u3)1E{_TCVrO7qVLR$k^3DrtUn|`Yu`DG<T<tCfP9hyL+?B1QCLj+p*)KM>GDGx
zSd5CukKH`*W7*%anwb>E%$5J1M`wNKAMP)E?mo~B5Qnj}+B`hy%Wy2Y9zhUC$*GuR
za@2RIfxO%41Yz<j_kuW`hojifq=&ia_^<qnP8<#M&e0_(?Bb_rJc;ptA+ye|x9xqm
z+sTW|SmvF4vY(>TG)lZ6&mBxk+;`NsiIg<H6^M9WU_6u~e;ya_9hw4U2voSkG%fNX
z^JhTHu6M5k40OtOZwJM#TQom+Tvz;b{N(X{kx!y2bMA9cd76aYt6Ur&d?)hxjHwUY
zp$f`aYSsapPr*^X`1f39k<0}VxN7ty8i}|-1LFIa^zK$q2^*1TK}8B_o_kaO0u;eS
z!1GW1aUZ~(VTj*)+nw?m067E5Fcw;G*CsKp8d7J+yXW2Qm={Dvi_P}#oX8}MMlbbf
zn6{`tAv_3B5a*;KPI1K_ND8E9G8@I|xqI0alPC-!7Vkt;!kwQK50;BvbOi~Br9#(S
zbe2i0ZNTYHB=JL6>~7C4RCB7Nm-uHxKXdWNs$oj+Y;XV9ip~KebzW;{lx9<RoTU)v
zS0%VJKMbQ}>_R|x#m-&RH4WH&iscAkt^SrNn5&N(<~$0e0on|J<e<!~zJX02EhlLr
zOF*e(nuz84P+L%ffLs-!e+`5T{5^(!`QtDxigel)_ICy4-xPH>3HvM`yW-n#zMEaN
zEErcpVn!6CaqQ2aBrAMcU_no-VHudf3gs+UgQl+v9{RPizj?gS!xHA+sF7}x77Go9
zQ9g@(P|Gk*gVPG!4FF*(>O)=$5CQf24yYTjJW2k+ZK%qQ)|I_s8eS@^r58qLB8dGw
z?>nU0{0QcgJBsH~sI-^$Jp*@|FVs2xcZ(Vr^d>uN6)$?-f#9KHrAeY5sXjrtp$nK^
zRtXS=8;{*xDB{?ihVDK7kx$+G{No~bckTjmYTNv0SGOpCp;WyaB^87g4xv(1P?st6
zx`VgTnC*+DHdeI)swCE2Q5L0#bMQ|hipv=qRu53ZYC?4HMLHgnnE;c<ha{l~nk>Z}
z=Cz-V$$YU1oFqh9td5crHTld>Om}(arb&G1434=EP!2x6LA?ls<DxUxFMnQ@UPqy0
z6$CvS?z1Q-JIcMt&3p|r7}3rkh@;>XN;a93Jx-?fx-l)#XNew*@bqLDgc7wW>12`A
z0>(kyTAbP>SSbon1WJGdqGUEN%rx+K;zbafBcc%Yne?*&b~Fk(no`s&2g?XQkdrh9
zef6D3Q4BN3^E^j%RMQ|Z#d$S`P{Zp%?p1_lP={ec7376dWp@9M@wS8*BC4wEGK#BO
zZdAxAsKM8^>lZ)D!rcp@2%dv~e#vF_7)EoF!_Zy#1?E45MjROoy<LBY$ys_TU0Mqq
z$zYyE#pT`{ix+3G?#sLN2dg`9vD7%Y2xPpMg!}o~Loll|So5Lk%}`qPx7V3tMO!`V
z$>M1wgR?{GvE*wu8ta8u(DKr&<rfyEgR)7)es4tVcSgj1TNANNxm1lvblp6bvP{XX
z-%1@*Qj*p2%pc22STbv1eRp>t*0m1m#%IMuw|cX|b6LQWK7%bi2a$n}naZ$Cr6n~;
zFBf1g;S(i-nBgX%)u<l?STABRJId0jcoGF!nx~^efOy0i%yU{V|A<AyMC?5~^m?6{
z)!{LHTSMGpG*1Fr>;r2_A_MdQDO9zu+GNm5uzjrm3G`f?Pf~&9oq%SJ#)%9Up;p83
z<1`ubDx1KJGBxfHE7~Yl!!|hZl=q{A32T0IG=dCZln{5oP-RSEMLCNjKM5pOgEBZ}
zxWTS-fKyDc<hKx*0@R65Se(tWbe2VMy)5HhkAfFI76zB7aDk9P8q1tu%Je3?1EH3?
zL<YOBDXB!Drl%UcB{GJYi+^3C;@3Ar9b0m|q3V$-)qrDyRvcO)4zqba>53T^Tx)6L
z#63EVW=sP6iaJ0jFU84LTs+u^cO^}p`59afkmvc<xOngqbeF-3GoxSiSEEypb8*my
zYQa%JT-CZpo~i{eiVsz4Mxq}0Ul;rm%|M6hX_#hEIprfL94odQ&qf)i?42oFHC~$X
zMOMOtSG{5~ApaHIGLzSj(H=Ky89+_1@wfzF3IkvdWSpx;b;r81hn4qk#peyJJ|{m8
z#{R<_Rdoi>fH$~Mq&OrE{)UybZ$$j+$8(LBatLU`LLW7#ePF6YuTb`VRo*U6*bWE1
zBpqghRYch9@F%p&E>s)g>wlxk4M<b%l^`(?dm@KtCYXQ)HLbIJX+!v7`44woTjbyp
z$RCJVEksG4t`MVenD}u9G+YXq6NyG}riNPR)n(n#=Pt7}kdUpAc~A-5A>?7{u~dE%
z62qW!F@={Zf)iB0uSar~UcsbiX}JI!`kML)6j><b1-LgsjZ4Tp!e(vs8}K#q<DBMw
zb2Vr1Hf0~JXcyho>8VCP_)0RtfUl$s4aMkP7SlX7Lm(_-nA-CVvYBc?aUWxXl@Uw}
zA#z9)TKTv3E2qO(N`;aFf}<T%k%$>Mi>QI;U>d@Gt+b1QW7S`ny#qK_2T$P_@dW(k
z)DkV-xv{dFbgf=T7pShxv~tvS*;`=*+(zQ|=Xn9ve+y)!TtQ)A6E>>R3ptI7+|sb<
zUJv)#(f&M#r{-tI<84?<^DF@=i-2DXHE=ctqz{&41B%@Dwzem8Nf{n&2Vm16p2KU;
z_#a_Cl%5kmks%<n0xr$2AcLPIdt3Yhv!?p>EJNjJ=Ev2m!>}!Wx*TRvNJZPsTzZ{A
zL#pE(&I}95OKQ2U)S;hOQG$85RGV#3jATPSs*l;#jI8Ye-dAW0#M2ap(Ch6Iu5S;+
zc7@c;i+xBowj{BtkX<2YZ_3@i=kDC+fjygNvox2T{RuWk@cmG2LsSMRb}3|>&dB~E
zb}>%r$`&PC*Rtx&Jj2VW>_Xt*Mz?w}_*?u-_}qYT;)#O`pLU!!F-5&+G+o2@J5IE=
z-k6QmTD=E52R8NK;2(QWo;^MgJLEv)H*ag>X^YKnn-IgBkW!5u+b?FpLYDuk86Z9c
zn=ab<#;m8kOQRXVdMh;JoOK+@2yNnuJOF<ZOIcIOeu~Ah-~Gd57ppA`Heug0LP%yo
zdSYu5P6+JJDy(Q6tw0b2O`gxOA_VqGx3DxVO>$C2s|*W`yhYNtpKJKtP`)=Ssd^sA
zF8lo(<UmOwV&TN<H_Z02M<naPJb}19#<pv}+*tNZkps2GR4cUopdr{1+;6}ilBXHg
zCuxMO%<Mq}{yyHmrR6tyCYJTO)?$yb9l42J2?Lu20GA>^heZthuJrRXc=){c*(mou
z;mC<#g5_yECvli3vN%t(Q*VqppAWq#?X27W?X2}dHL#*#-)ZBwAvTsz8-w@S-RoRG
zgn{b6)sCR*JMe6Cu=Qa7B!Ni|nstt^KgU6{u65FYwu45MBeNsdemSLL*zTySBbl5<
zkh_aM19I~mLzu1YF<?7TzycvhDqA@4XJisfik$S?LdQcyVT52a=6eoM7)5wdu1IoE
z9733oZG*Oqn*>JbnV(UF1WDgfG@g?)2^7gz3sx>9cd&X;;Sav$^&w4b4Gk-tIjk*&
zqgY-SHoM?X6hoN=lc}Gb+BV%LQNmK)CKLNNTcaPk*JSP7y2moXcJLlK@P5f+LEe%h
zXwYO#J`&+ROsCkuB9n6Q(+R%8B->Yl9gY_D{4jztWak{cdYY=xnSJtl(To3uLO2}J
zFH{^w*%Uw5dT4InelKtzJSO99VLSxVvn-_;nsuK)*6|*yMaAKdJ2c3TeiU~<iBar+
z0;6~?A!4CURAiXNP$w_h!}<|Z8~KtygyDU5Qro(ge}8sTvxyHU;vaTW*OmSa`lrdx
z{N?#$6WWTnPZ%F+m99O@rI|?UMEHFnThi>0xO<C?z5IW+w|BvTTzB-s2XDE3Yx@F~
zA$7y(4%vc3Fak_C?fG51EcnFdKpB2Fi2oxB&&KLU`Ew6kWmz^4c4>#?;C_o2Y2+T^
zWzZ_@ryLLOs~C22&<|<fW;(>?m)cq3RaVV#EjbAOs5jW`sBQ1P&A!LmlwE-2jk(4i
z*ne!^;C-iMfrxq8(0sf@v-kM!pEi4XJ@P5dTeal4!CAvejMCjeCkM<{3brrJwj<U+
zycGuB@Bwkh<{iY>D3%h{@GaliKJy!)`tB!->fH|w)w`c4s_RRz8^n60xwS|Mu(M>Z
zcA?T!BV+KF)v(s$dqE&)5INA+ewO){WOmgni)20>Vi)QIl0kn|LoY9sKe$<v7pw_X
zG@@l~{iWu~cKhAn4Am6{Az$w%oJZK6r67?qxQHSrs$Ig`zAL%-v1>~Q13x65c_+Qi
z6H<B0Kd3puAs9Ust3r6qObCC3-A)8$VdIImYCa%o_D(ZX+qC$g=7ocY%S9u$;Bstd
z@v=VC5tKrm7XD<oMC}*7r%5=E7POuU<oxJY&3bF?Jz*^veZ*J;=$}I|p<CB&tU`v@
z!ve|WZbd)9r)kGHeITKj*xBEsKmr^UM_lpA%iH8<)`kWG!c<(QWsTR%>qt$?r=Uct
z3UNXc5U^-3H-6K4pu-ZX{#p@~t~&mrvs1uXU&ehb#944ar7M1<^XTNYM0_3DfhqzM
z;UoKeI3pK(1>z2HKoOP%;sz3WEwg}<KO7;0g2c%KWC6M7ZG(0>3Y-eUF{%SvJ>5-J
zjRJ0IS<I2hGD93Ma+qiztA<*~DZ{6V04T()@M)ir6)dmyxO*{E!JxV60wE1>>IQar
z3IL>VH$GlOfh`y&5@x_SqLJq0de`BFrj1AF3rB^Jc|)D3LMS1hFlw_q7KhBMkSPjO
zJ>#_}qG7x=8-qjDDXh-$(oF(4_d7rfl6_!!Qe`=D#dA5vfh<5khmmMT{$57DAds(W
z|NQ*i3nD|=+&muLDo&=({Ga1gt+Pn$gs51Is;P2~;1DX#!nqum>g7b&95hJjCY)Nd
z4WAuHQT;{xh@FG`C}w-bh4XmFSrZuhtcut&6Kn;C5osRW*IsQpGzZ7Fadm5lM(Ivn
zA8rLHXe$I(7YhNun}c3&5Rs+36k*6KgJ&zGL1B<m(Ow?rZ!m1J)}6cw5AYgp2z<Ul
zJS_WdL}SO>@pc<+(YT8rJB>F+(D{V6N0gg|(6rWN#vO1#ANTMEv~zDG&c5VHQkp+U
z@a~P_@b<GKj*+Va@H?XLDaVS76U*RKAICi$8$u)rIs*$oO^<Ob=P;p&N>(ImkiGBE
zV7}-LL`9CqC_$_-4zzOAB%d%O7M9#MZ#PcKLFtSAqhAFlhT0J1xNPTb5cQwqs|jTS
z2cOD7^PIxDttjg+eopw5;;(S^!dR)4u8yvT(C_T)2<#&hf&ElPV6Tn4wxX+%My4@%
zAAS6%LaNss?*DTls@F8W7*I{cCX}r0|G;&KKJl^TUYtuDpM*c3(-AN~u@tM=iyzHq
zeSC=obf{|f{V9imps;$Jpfm^SRG7XFy<P`edA1yu@YsOEhw2gTtz!$q*8o+T<m6hV
zBhcbhUUK*~g%VKMzXp`;R5iE~&hijE@_nH9kddM7=Mpg3*Vwnl8G<=dr_s2p6Yz`z
zQU|JC+5yQz6~T>&A36oa_B*3kkI4ut91<ms!mBZOefb~>+*~-s5s}HSgl2iV9!hl{
zkd!p*w1t5{&6o@W8-(ENk6C;ak>2Y_>BMEMkV1NCMQXAJLs+&UPKxwi@g2%+O--^R
zeqmxqK<nB_Zmr!|Vy^k8W=GZ^Y{QBt;h8zzY|hT;Loc7t+HVey{DjWhmlXY;Je{lj
zoa9+Tn#l=SSG<B^;m+|veAo^9CY16^MSPVKi-g>&@UBlNz_BJmZg@iM;KsWC(hFIo
z5!TESYamP~xq&L>Z(K!XSQhz`KB4*2BK?ME%4VHX+iRX7J#Wp0wmSIeR>f(50Zyt^
z>J3iL@<x4W<MCF#a-*}zv&=!0<iH#eE^WSQ!b*PB@()~O8Hq6QC=;+T@vNp{wS6ej
ztDAR|KW{5xmjohojrEDS{0MiIRALY8CV@AIo-4jIS#}gHBg+PTF8O8Ej#Dis$cmk&
zI^oxm^;g?hI<OL>5n>yMoVA#BctZy`kTQmqRp1ygR;J|oLY80<Ak>32dn`C*j8bLf
z9m<iC_k&X^igqodU?{Ps#D3pANt7r;MV%lTbx252q7US?Lz-XMcd^n_G3ATa`%avM
zq9g%Sr)9BOkkbB(>Wv^Jz4wqD3r{$$5$6y&My~wRh?4DCi=B5`t+I3KQ_2dmMz)A*
zVJjRmFJ2Vs3rSYFcM<0o@U_+~Q{fQmk5p=Qa?;YewyMbH1-WQ%KUs9SG|aaKC=XQ8
zs5)tw<L-^J@kZtF(d3Eh+96b`#MLgAHLl<qY5c+LB3~*wLr}t1ezO==8BCO~fU+g&
zypqI;mh>|g1#Meu<AAY52}oXRUA!J^Yn%@Jx`x<IJonk{t#DSky)B1#wQ2nhX+_ph
zrRDejGqZ}U>Fq{6;D!Jf{;~wuTBvqS0bNevjnfoqtNmGoyDMrJR=lFy4=!=Bz|Ib$
z0@M><#ej<ignePb$}12y+=j94;)hp@_dZZ(i#K0jFV9?-@JIT_RIRy*gIld##qpo%
z{_m8h^ch_|0|gVuCDu11g7Wr!*);ivS{^4}Y#Mu_sWSYdgySux{cU-;-9a{6lnnnC
za;PY=i9{-gp~;UQjhaZ8&-;wt#Lp-8g#m(g5RuRZ`k+?E%PGvHxzl<;blB-2@v1;3
zIb+g%0bfXViY{3k;2&y5U&V2p9!=77GzfUVaKzVW-L!H<nQf_`7>3yhnII9rYBd5t
zYi)S3OvVMlYr3)ic95P8X+=b&%yV54d!Pt>$*o4IO1)JKEtD!Jd$Td}^P-{PL%~jm
zVJEGm>%6ulY-H?HYWb$avAMrd%I@EC)C>@8<d{+Kg*urhS)c~aCiQ{+!PA!2Lv@b<
zZi}F`G0!7V8I_ZHjf)3}SQ?zR8rI`n_-(oYh;|=^-)MQ9;HpkM7TWkHQPR3J>u5k{
zVsAExw16Dyk-J=^KJ=!kZ?OkpQv8J4l<9}78v<dvz$Hd`%R{)ytmzO%0#&*XLQhLm
zxji`q!L3_pl;`KC=Le5EMcO%h2-Axw=+-T?$VbIz;K3tY3MHFY*NA06Jj0hjHFbvs
zW*NEz;W;hcA3P6XdR`{>YHqj1w*I6&9wSQc$-rH!4@+Xm(`n%HlLlRRg_QM;ml$MK
z@pU!ExUE2Lt^g!z4yUnV^1o2|>M4ah=3rQ0_VeNqr>ieNa{f<@|BAB5?_*0X?23ku
z7y4GEu7a^magMV1Ir)1$M;0?WI8Q^hC$#op%PH(9&Sw>=2`Nan*j4E_*!oTdvjVH-
zMR~K)9pMtGywMU{TS9u+_CxBXL0{m!hxMY@7vFD-)^fXOdb!y%KW?fNMjmY|B86kN
zj~mLG(gU#ci{^e2!j&yCY=rj3($}>&i^#I^^G2*_Cet8hh<RA-RuLcnTd7fki?2*7
z?_6?80J(5<gQ&Fn5iaI;is(zMlXFN%4xS|Oo8x9PoF1ShDa4riOs-g3>e5|9+`7@&
z^w9ZAUz_%oSlOXC+eYBfx9ITh_Rf8Gd)M9FE^8>1eT8t(*(GP=<3i%7z)c`YD)td-
zl|*G}gf7x+FW}dI8zT!<Om<FLfJ{wX-WB`9+{3+Zm$(mR>_tVVEMWS3tb!%&fXpX{
z$0qL5TPpt$xI&s$Q+-`OD-p2V`w`=~Y7UVff2*QDx_X#ul-12ywOK^*5*iIvhyUIw
z%>%!6<$I%~E(ZGL=V3c&U705lHvRUnb*06d4^xA$yl8e_T#2umCoj%_d--)seD&hG
zGj5wosDdVRmElS7^7r2z=el)mz6+@uB^e()Fy;Eg-+$lT-mY3{T~UFsPvW>O`^XZ=
z7s%xg0$8%yaWs`!<~4&>JLp3onP<~UlSYZG`0-^kZ12&@N>U(2N=c2Cwc=4W=_VNb
z8Y8^Erp`v~vFdKp_mvuGNBA{twO{oo2GXGKd&C$?*t`lQ-7iF7BPH5nHb1&MZ6h)7
zY`57L^xyKb>#*>1+P3t>cg0q;#O@}D@YT=9$jsVpApfLJY0rGhms_d3J<P=(xa5N`
ziMismx7Xlxy8nfiBMsfsQ;4u`i4#n{Mt9f@Jk>Y#)%Jk|O4oT=FK>#k2SuF2bafWt
zd72`mn4{rskgnULS`Ol_<1G$|zbK`{XrO{hKUKgF+hOY}?1x)hVM&IGJg4AgMA0>!
zljhaQzq~KM`uc|#FJ4}^UOH`O?6lertOd3vcp|+5Q`c;@NBzLl)AWP$FQ@A`n0l+V
z(br+yiBMJJYmAC{0cyFv2649|FHL|!GrMhBX*ET*Lqk9wX_(dn^u}Y~+G>K7yb&x3
z)K~9XAYuN=2;dU0>=OJMdPuPYeIkKv_o#tXtth-H>K?b5dqCeUu+S?H;q6VB*Y)mz
zQx6VENb<ab3B~2|TW!A)R`2xt!>z5MHo6DEXUPITG(&_dr{}=4)HT|UAws9$2Llls
zmLy2z-=a#&I;<*<fD9k1|B=4RqdD??Tzycqe$YRft?t5in02$(*4D_QA5EZ^X1d}s
zgO*_>XCU5Sa*X;+c*`*8$#O_uy5S{ukE1|wAuYT}RbrUH#5N(sEJ5IqYSMH?u%5)Q
z<(ESx{wiTOiC(r~XqKyj6+J+LLC_qh%}MKlgl#FPsghH5OK;K0b*t6g#teiS(ygs`
zY_Qd}CtJ_@o8Sx*Cx9^w`N{Ne$;GWLW-o^<8>gBl2y|_l6H9@uJ$MDjV{k&nh(za;
c>+9yL{~@;qjIql6!N!O>%!Qn&d~5Ch13kx;D*ylh