From 935da0cab817be752421fae427198c454f7d0f1b Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Fri, 11 Sep 2020 12:22:35 -0400 Subject: [PATCH 01/26] matching structure of page w mtp version --- .../advanced-hunting-overview.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md index e6feab4594..a47f8836ee 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md @@ -18,6 +18,7 @@ ms.topic: article --- # Proactively hunt for threats with advanced hunting + **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) @@ -25,15 +26,17 @@ ms.topic: article Advanced hunting is a query-based threat-hunting tool that lets you explore raw data for the last 30 days. You can proactively inspect events in your network to locate interesting indicators and entities. The flexible access to data facilitates unconstrained hunting for both known and potential threats. -You can use the same threat-hunting queries to build custom detection rules. These rules run automatically to check for and respond to various events and system states, including suspected breach activity and misconfigured devices. - -## Get started with advanced hunting Watch this video for a quick overview of advanced hunting and a short tutorial that will get you started fast. -

+
+
> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4bGqo] -You can also go through each of the following steps to ramp up your advanced hunting knowledge. +You can use the same threat-hunting queries to build custom detection rules. These rules run automatically to check for and respond to various events and system states, including suspected breach activity and misconfigured devices. + +## Get started with advanced hunting + +Go through the following steps to ramp up your advanced hunting knowledge. | Learning goal | Description | Resource | |--|--|--| @@ -44,15 +47,18 @@ You can also go through each of the following steps to ramp up your advanced hun | **Learn about custom detections** | Understand how you can use advanced hunting queries to trigger alerts and apply response actions automatically. | - [Custom detections overview](overview-custom-detections.md)
- [Custom detection rules](custom-detection-rules.md) | ## Data freshness and update frequency + Advanced hunting data can be categorized into two distinct types, each consolidated differently: - **Event or activity data**—populates tables about alerts, security events, system events, and routine assessments. Advanced hunting receives this data almost immediately after the sensors that collect them successfully transmit them to Microsoft Defender ATP. - **Entity data**—populates tables with consolidated information about users and devices. To provide fresh data, tables are updated every 15 minutes with any new information, adding rows that might not be fully populated. Every 24 hours, data is consolidated to insert a record that contains the latest, most comprehensive data set about each entity. ## Time zone + All time information in advanced hunting is currently in the UTC time zone. ## Related topics + - [Learn the query language](advanced-hunting-query-language.md) - [Work with query results](advanced-hunting-query-results.md) - [Use shared queries](advanced-hunting-shared-queries.md) From 729662d01c945932df92c0e00c93c7bd8aaeb73d Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Fri, 11 Sep 2020 13:47:57 -0400 Subject: [PATCH 02/26] added link to sync with mtp version of page --- .../advanced-hunting-query-language.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md index 1b1ce276f6..745a27a3e3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md @@ -22,7 +22,7 @@ ms.topic: article **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink) +> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink) Advanced hunting is based on the [Kusto query language](https://docs.microsoft.com/azure/kusto/query/). You can use Kusto syntax and operators to construct queries that locate information in the [schema](advanced-hunting-schema-reference.md) specifically structured for advanced hunting. To understand these concepts better, run your first query. @@ -177,7 +177,6 @@ For detailed information about the query language, see [Kusto query language doc ## Related topics - [Advanced hunting overview](advanced-hunting-overview.md) - [Work with query results](advanced-hunting-query-results.md) +- [Use shared queries](advanced-hunting-shared-queries) - [Understand the schema](advanced-hunting-schema-reference.md) - [Apply query best practices](advanced-hunting-best-practices.md) - ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-belowfoldlink) From 5634415d8518ef962a12253a9d6351d14eedc695 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Fri, 11 Sep 2020 17:44:25 -0400 Subject: [PATCH 03/26] added details on gui to sync w mtp version --- .../advanced-hunting-query-results.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md index f036dd4418..48b42d3ae7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md @@ -113,6 +113,12 @@ After running a query, select **Export** to save the results to local file. Your ## Drill down from query results To view more information about entities, such as devices, files, users, IP addresses, and URLs, in your query results, simply click the entity identifier. This opens a detailed profile page for the selected entity. +To quickly inspect a record in your query results, select the corresponding row to open the Inspect record panel. The panel provides the following information based on the selected record: + +- **Assets** — A summarized view of the main assets (mailboxes, devices, and users) found in the record, enriched with available information, such as risk and exposure levels +- **Process tree** — A chart generated for records with process information and enriched using available contextual information; in general, queries that return more columns can result in richer process trees. +- **All details** — Lists all the values from the columns in the record + ## Tweak your queries from the results Right-click a value in the result set to quickly enhance your query. You can use the options to: @@ -123,9 +129,9 @@ Right-click a value in the result set to quickly enhance your query. You can use ![Image of advanced hunting result set](images/advanced-hunting-results-filter.png) ## Filter the query results -The filters displayed to the right provide a summary of the result set. Each column has its own section that lists the distinct values found for that column and the number of instances. +The filters displayed in the right pane provide a summary of the result set. Every column has its own section in the pane, each of which lists the values found in that column, and the number of instances. -Refine your query by selecting the `+` or `-` buttons on the values that you want to include or exclude and then selecting **Run query**. +Refine your query by selecting the `+` or `-` buttons on the values that you want to include or exclude. Then selecting **Run query**. ![Image of advanced hunting filter](images/advanced-hunting-filter.png) From 9ca73b9629fd59f59300d5f00f8d9d7910810c02 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Mon, 14 Sep 2020 11:11:55 -0400 Subject: [PATCH 04/26] added missing links to sync with mtp version of page --- .../advanced-hunting-shared-queries.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md index 677a74ca65..b6708da962 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md @@ -63,4 +63,8 @@ Microsoft security researchers regularly share advanced hunting queries in a [de ## Related topics - [Advanced hunting overview](advanced-hunting-overview.md) -- [Learn the query language](advanced-hunting-query-language.md) \ No newline at end of file +- [Learn the query language](advanced-hunting-query-language.md) +- [Understand the schema](advanced-hunting-schema-reference.md) +- [Apply query best practices](advanced-hunting-best-practices.md) +- [Apply query best practices](advanced-hunting-best-practices.md) +- [Custom detections overview](overview-custom-detections.md) From fd5f4dfaf6188b04ab5800821f156f6c38809353 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Mon, 14 Sep 2020 12:12:20 -0400 Subject: [PATCH 05/26] making link lists more consistent --- .../advanced-hunting-schema-reference.md | 7 ++++++- .../advanced-hunting-shared-queries.md | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md index 0e2f6811ad..b491e184ab 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md @@ -61,13 +61,18 @@ Table and column names are also listed within the Microsoft Defender Security Ce | **[DeviceImageLoadEvents](advanced-hunting-deviceimageloadevents-table.md)** | DLL loading events | | **[DeviceEvents](advanced-hunting-deviceevents-table.md)** | Multiple event types, including events triggered by security controls such as Microsoft Defender Antivirus and exploit protection | | **[DeviceFileCertificateInfo](advanced-hunting-devicefilecertificateinfo-table.md)** | Certificate information of signed files obtained from certificate verification events on endpoints | +| **[DynamicEventCollection]()** | | +| **[DeviceInventory]()** | | | **[DeviceTvmSoftwareInventoryVulnerabilities](advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md)** | Inventory of software on devices as well as any known vulnerabilities in these software products | | **[DeviceTvmSoftwareVulnerabilitiesKB ](advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md)** | Knowledge base of publicly disclosed vulnerabilities, including whether exploit code is publicly available | | **[DeviceTvmSecureConfigurationAssessment](advanced-hunting-devicetvmsecureconfigurationassessment-table.md)** | Threat & Vulnerability Management assessment events, indicating the status of various security configurations on devices | | **[DeviceTvmSecureConfigurationAssessmentKB](advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md)** | Knowledge base of various security configurations used by Threat & Vulnerability Management to assess devices; includes mappings to various standards and benchmarks | +| **[DeviceInternetFacing]()** | | ## Related topics - [Advanced hunting overview](advanced-hunting-overview.md) -- [Work with query results](advanced-hunting-query-results.md) - [Learn the query language](advanced-hunting-query-language.md) +- [Work with query results](advanced-hunting-query-results.md) +- [Apply query best practices](advanced-hunting-best-practices.md) +- [Custom detections overview](overview-custom-detections.md) - [Advanced hunting data schema changes](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/advanced-hunting-data-schema-changes/ba-p/1043914) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md index b6708da962..62bb73dd6e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md @@ -64,7 +64,7 @@ Microsoft security researchers regularly share advanced hunting queries in a [de ## Related topics - [Advanced hunting overview](advanced-hunting-overview.md) - [Learn the query language](advanced-hunting-query-language.md) +- [Work with query results](advanced-hunting-query-results.md) - [Understand the schema](advanced-hunting-schema-reference.md) - [Apply query best practices](advanced-hunting-best-practices.md) -- [Apply query best practices](advanced-hunting-best-practices.md) - [Custom detections overview](overview-custom-detections.md) From 92beced4d2eb2ea2138de0b486e70283fad66460 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Wed, 16 Sep 2020 17:28:34 -0400 Subject: [PATCH 06/26] added content wholesale from mtp version of best practices --- .../advanced-hunting-best-practices.md | 238 +++++++++++++++--- 1 file changed, 210 insertions(+), 28 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md index 669be788ad..54a2423525 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md @@ -20,52 +20,201 @@ ms.topic: article # Advanced hunting query best practices **Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-abovefoldlink) +- Microsoft Threat Protection -## Optimize query performance -Apply these recommendations to get results faster and avoid timeouts while running complex queries. -- When trying new queries, always use `limit` to avoid extremely large result sets. You can also initially assess the size of the result set using `count`. -- Use time filters first. Ideally, limit your queries to seven days. -- Put filters that are expected to remove most of the data in the beginning of the query, right after the time filter. -- Use the `has` operator over `contains` when looking for full tokens. -- Look in a specific column rather than running full text searches across all columns. -- When joining tables, specify the table with fewer rows first. -- `project` only the necessary columns from tables you've joined. +Apply these recommendations to get results faster and avoid timeouts while running complex queries. For more guidance on improving query performance, read [Kusto query best practices](https://docs.microsoft.com/azure/kusto/query/best-practices). ->[!TIP] ->For more guidance on improving query performance, read [Kusto query best practices](https://docs.microsoft.com/azure/kusto/query/best-practices). +## General guidance -## Query tips and pitfalls +- **Size new queries**—If you suspect that a query will return a large result set, assess it first using the [count operator](https://docs.microsoft.com/azure/data-explorer/kusto/query/countoperator). Use [limit](https://docs.microsoft.com/azure/data-explorer/kusto/query/limitoperator) or its synonym `take` to avoid large result sets. -### Queries with process IDs -Process IDs (PIDs) are recycled in Windows and reused for new processes. On their own, they can't serve as unique identifiers for specific processes. To get a unique identifier for a process on a specific device, use the process ID together with the process creation time. When you join or summarize data around processes, include columns for the device identifier (either `DeviceId` or `DeviceName`), the process ID (`ProcessId` or `InitiatingProcessId`), and the process creation time (`ProcessCreationTime` or `InitiatingProcessCreationTime`). +- **Apply filters early**—Apply time filters and other filters to reduce the data set, especially before using transformation and parsing functions, such as [substring()](https://docs.microsoft.com/azure/data-explorer/kusto/query/substringfunction), [replace()](https://docs.microsoft.com/azure/data-explorer/kusto/query/replacefunction), [trim()](https://docs.microsoft.com/azure/data-explorer/kusto/query/trimfunction), [toupper()](https://docs.microsoft.com/azure/data-explorer/kusto/query/toupperfunction), or [parse_json()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parsejsonfunction). In the example below, the parsing function [extractjson()](https://docs.microsoft.com/azure/data-explorer/kusto/query/extractjsonfunction) is used after filtering operators have reduced the number of records. + + ```kusto + DeviceEvents + | where Timestamp > ago(1d) + | where ActionType == "UsbDriveMount" + | where DeviceName == "user-desktop.domain.com" + | extend DriveLetter = extractjson("$.DriveLetter", AdditionalFields) + ``` + +- **Has beats contains**—To avoid searching substrings within words unnecessarily, use the `has` operator instead of `contains`. [Learn about string operators](https://docs.microsoft.com/azure/data-explorer/kusto/query/datatypes-string-operators) + +- **Look in specific columns**—Look in a specific column rather than running full text searches across all columns. Don't use `*` to check all columns. + +- **Case-sensitive for speed**—Case-sensitive searches are more specific and generally more performant. Names of case-sensitive [string operators](https://docs.microsoft.com/azure/data-explorer/kusto/query/datatypes-string-operators), such as `has_cs` and `contains_cs`, generally end with `_cs`. You can also use the case-sensitive equals operator `==` instead of `~=`. + +- **Parse, don't extract**—Whenever possible, use the [parse operator](https://docs.microsoft.com/azure/data-explorer/kusto/query/parseoperator) or a parsing function like [parse_json()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parsejsonfunction). Avoid the `matches regex` string operator or the [extract() function](https://docs.microsoft.com/azure/data-explorer/kusto/query/extractfunction), both of which use regular expression. Reserve the use of regular expression for more complex scenarios. [Read more about parsing functions](#parse-strings) + +- **Filter tables not expressions**—Don't filter on a calculated column if you can filter on a table column. + +- **No three-character terms**—Avoid comparing or filtering using terms with three characters or fewer. These terms are not indexed and matching them will require more resources. + +- **Project selectively**—Make your results easier to understand by projecting only the columns you need. Projecting specific columns prior to running [join](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator) or similar operations also helps improve performance. + +## Optimize the `join` operator + +The [join operator](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator) merges rows from two tables by matching values in specified columns. Apply these tips to optimize queries that use this operator. + +- **Smaller table to your left**—The `join` operator matches records in the table on the left side of your join statement to records on the right. By having the smaller table on the left, fewer records will need to be matched, thus speeding up the query. + + In the table below, we reduce the left table `DeviceLogonEvents` to cover only three specific devices before joining it with `IdentityLogonEvents` by account SIDs. + + ```kusto + DeviceLogonEvents + | where DeviceName in ("device-1.domain.com", "device-2.domain.com", "device-3.domain.com") + | where ActionType == "LogonFailed" + | join + (IdentityLogonEvents + | where ActionType == "LogonFailed" + | where Protocol == "Kerberos") + on AccountSid + ``` + +- **Use the inner-join flavor**—The default [join flavor](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator#join-flavors) or the [innerunique-join](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator?pivots=azuredataexplorer#innerunique-join-flavor) deduplicates rows in the left table by the join key before returning a row for each match to the right table. If the left table has multiple rows with the same value for the `join` key, those rows will be deduplicated to leave a single random row for each unique value. + + This default behavior can leave out important information from the left table that can provide useful insight. For example, the query below will only show one email containing a particular attachment, even if that same attachment was sent using multiple emails messages: + + ```kusto + EmailAttachmentInfo + | where Timestamp > ago(1h) + | where Subject == "Document Attachment" and FileName == "Document.pdf" + | join (DeviceFileEvents | where Timestamp > ago(1h)) on SHA256 + ``` + + To address this limitation, we apply the [inner-join](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator?pivots=azuredataexplorer#inner-join-flavor) flavor by specifying `kind=inner` to show all rows in the left table with matching values in the right: + + ```kusto + EmailAttachmentInfo + | where Timestamp > ago(1h) + | where Subject == "Document Attachment" and FileName == "Document.pdf" + | join kind=inner (DeviceFileEvents | where Timestamp > ago(1h)) on SHA256 + ``` + +- **Join records from a time window**—When investigating security events, analysts look for related events that occur around the same time period. Applying the same approach when using `join` also benefits performance by reducing the number of records to check. + + The query below checks for logon events within 30 minutes of receiving a malicious file: + + ```kusto + EmailEvents + | where Timestamp > ago(7d) + | where MalwareFilterVerdict == "Malware" + | project EmailReceivedTime = Timestamp, Subject, SenderFromAddress, AccountName = tostring(split(RecipientEmailAddress, "@")[0]) + | join ( + DeviceLogonEvents + | where Timestamp > ago(7d) + | project LogonTime = Timestamp, AccountName, DeviceName + ) on AccountName + | where (LogonTime - EmailReceivedTime) between (0min .. 30min) + ``` + +- **Apply time filters on both sides**—Even if you're not investigating a specific time window, applying time filters on both the left and right tables can reduce the number of records to check and improve `join` performance. The query below applies `Timestamp > ago(1h)` to both tables so that it joins only records from the past hour: + + ```kusto + EmailAttachmentInfo + | where Timestamp > ago(1h) + | where Subject == "Document Attachment" and FileName == "Document.pdf" + | join kind=inner (DeviceFileEvents | where Timestamp > ago(1h)) on SHA256 + ``` + +- **Use hints for performance**—Use hints with the `join` operator to instruct the backend to distribute load when running resource-intensive operations. [Learn more about join hints](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator#join-hints) + + For example, the **[shuffle hint](https://docs.microsoft.com/azure/data-explorer/kusto/query/shufflequery)** helps improve query performance when joining tables using a key with high cardinality—a key with many unique values—such as the `AccountObjectId` in the query below: + + ```kusto + IdentityInfo + | where JobTitle == "CONSULTANT" + | join hint.shufflekey = AccountObjectId + (IdentityDirectoryEvents + | where Application == "Active Directory" + | where ActionType == "Private data retrieval") + on AccountObjectId + ``` + + The **[broadcast hint](https://docs.microsoft.com/azure/data-explorer/kusto/query/broadcastjoin)** helps when the left table is small (up to 100,000 records) and the right table is extremely large. For example, the query below is trying to join a few emails that have specific subjects with _all_ messages containing links in the `EmailUrlInfo` table: + + ```kusto + EmailEvents + | where Subject in ("Warning: Update your credentials now", "Action required: Update your credentials now") + | join hint.strategy = broadcast EmailUrlInfo on NetworkMessageId + ``` + +## Optimize the `summarize` operator + +The [summarize operator](https://docs.microsoft.com/azure/data-explorer/kusto/query/summarizeoperator) aggregates the contents of a table. Apply these tips to optimize queries that use this operator. + +- **Find distinct values**—In general, use `summarize` to find distinct values that can be repetitive. It can be unnecessary to use it to aggregate columns that don't have repetitive values. + + While a single email can be part of multiple events, the example below is _not_ an efficient use of `summarize` because a network message ID for an individual email always comes with a unique sender address. + + ```kusto + EmailEvents + | where Timestamp > ago(1h) + | summarize by NetworkMessageId, SenderFromAddress + ``` + + The `summarize` operator can be easily replaced with `project`, yielding potentially the same results while consuming fewer resources: + + ```kusto + EmailEvents + | where Timestamp > ago(1h) + | project NetworkMessageId, SenderFromAddress + ``` + + The following example is a more efficient use of `summarize` because there can be multiple distinct instances of a sender address sending email to the same recipient address. Such combinations are less distinct and are likely to have duplicates. + + ```kusto + EmailEvents + | where Timestamp > ago(1h) + | summarize by SenderFromAddress, RecipientEmailAddress + ``` + +- **Shuffle the query**—While `summarize` is best used in columns with repetitive values, the same columns can also have _high cardinality_ or large numbers of unique values. Like the `join` operator, you can also apply the [shuffle hint](https://docs.microsoft.com/azure/data-explorer/kusto/query/shufflequery) with `summarize` to distribute processing load and potentially improve performance when operating on columns with high cardinality. + + The query below uses `summarize` to count distinct recipient email address, which can run in the hundreds of thousands in large organizations. To improve performance, it incorporates `hint.shufflekey`: + + ```kusto + EmailEvents + | where Timestamp > ago(1h) + | summarize hint.shufflekey = RecipientEmailAddress count() by Subject, RecipientEmailAddress + ``` + +## Query scenarios + +### Identify unique processes with process IDs + +Process IDs (PIDs) are recycled in Windows and reused for new processes. On their own, they can't serve as unique identifiers for specific processes. + +To get a unique identifier for a process on a specific machine, use the process ID together with the process creation time. When you join or summarize data around processes, include columns for the machine identifier (either `DeviceId` or `DeviceName`), the process ID (`ProcessId` or `InitiatingProcessId`), and the process creation time (`ProcessCreationTime` or `InitiatingProcessCreationTime`) The following example query finds processes that access more than 10 IP addresses over port 445 (SMB), possibly scanning for file shares. +Example query: + ```kusto DeviceNetworkEvents | where RemotePort == 445 and Timestamp > ago(12h) and InitiatingProcessId !in (0, 4) -| summarize RemoteIPCount=dcount(RemoteIP) by DeviceName, InitiatingProcessId, InitiatingProcessCreationTime, InitiatingProcessFileName +| summarize RemoteIPCount=dcount(RemoteIP) by DeviceName, InitiatingProcessId +InitiatingProcessCreationTime, InitiatingProcessFileName | where RemoteIPCount > 10 ``` The query summarizes by both `InitiatingProcessId` and `InitiatingProcessCreationTime` so that it looks at a single process, without mixing multiple processes with the same process ID. -### Queries with command lines -Command lines can vary. When applicable, filter on file names and do fuzzy matching. +### Query command lines -There are numerous ways to construct a command line to accomplish a task. For example, an attacker could reference an image file with or without a path, without a file extension, using environment variables, or with quotes. In addition, the attacker could also change the order of parameters or add multiple quotes and spaces. +There are numerous ways to construct a command line to accomplish a task. For example, an attacker could reference an image file without a path, without a file extension, using environment variables, or with quotes. The attacker could also change the order of parameters or add multiple quotes and spaces. -To create more durable queries using command lines, apply the following practices: +To create more durable queries around command lines, apply the following practices: -- Identify the known processes (such as *net.exe* or *psexec.exe*) by matching on the filename fields, instead of filtering on the command-line field. +- Identify the known processes (such as *net.exe* or *psexec.exe*) by matching on the file name fields, instead of filtering on the command-line itself. +- Parse command-line sections using the [parse_command_line() function](https://docs.microsoft.com/azure/data-explorer/kusto/query/parse-command-line) - When querying for command-line arguments, don't look for an exact match on multiple unrelated arguments in a certain order. Instead, use regular expressions or use multiple separate contains operators. -- Use case insensitive matches. For example, use `=~`, `in~`, and `contains` instead of `==`, `in` and `contains_cs` -- To mitigate DOS command-line obfuscation techniques, consider removing quotes, replacing commas with spaces, and replacing multiple consecutive spaces with a single space. Note that there are more complex DOS obfuscation techniques that require other approaches, but these can help address the most common ones. +- Use case insensitive matches. For example, use `=~`, `in~`, and `contains` instead of `==`, `in`, and `contains_cs`. +- To mitigate command-line obfuscation techniques, consider removing quotes, replacing commas with spaces, and replacing multiple consecutive spaces with a single space. There are more complex obfuscation techniques that require other approaches, but these tweaks can help address common ones. -The following examples show various ways to construct a query that looks for the file *net.exe* to stop the Windows Defender Firewall service: +The following examples show various ways to construct a query that looks for the file *net.exe* to stop the firewall service "MpsSvc": ```kusto // Non-durable query - do not use @@ -73,7 +222,7 @@ DeviceProcessEvents | where ProcessCommandLine == "net stop MpsSvc" | limit 10 -// Better query - filters on filename, does case-insensitive matches +// Better query - filters on file name, does case-insensitive matches DeviceProcessEvents | where Timestamp > ago(7d) and FileName in~ ("net.exe", "net1.exe") and ProcessCommandLine contains "stop" and ProcessCommandLine contains "MpsSvc" @@ -84,9 +233,42 @@ DeviceProcessEvents | where CanonicalCommandLine contains "stop" and CanonicalCommandLine contains "MpsSvc" ``` ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-belowfoldlink) +### Ingest data from external sources + +To incorporate long lists or large tables into your query, use the [externaldata operator](https://docs.microsoft.com/azure/data-explorer/kusto/query/externaldata-operator) to ingest data from a specified URI. You can get data from files in TXT, CSV, JSON, or [other formats](https://docs.microsoft.com/azure/data-explorer/ingestion-supported-formats). The example below shows how you can utilize the extensive list of malware SHA-256 hashes provided by MalwareBazaar (abuse.ch) to check attachments on emails: + +```kusto +let abuse_sha256 = (externaldata(sha256_hash: string ) +[@"https://bazaar.abuse.ch/export/txt/sha256/recent/"] +with (format="txt")) +| where sha256_hash !startswith "#" +| project sha256_hash; +abuse_sha256 +| join (EmailAttachmentInfo +| where Timestamp > ago(1d) +) on $left.sha256_hash == $right.SHA256 +| project Timestamp,SenderFromAddress,RecipientEmailAddress,FileName,FileType, +SHA256,MalwareFilterVerdict,MalwareDetectionMethod +``` + +### Parse strings + +There are various functions you can use to efficiently handle strings that need parsing or conversion. + +| String | Function | Usage example | +|--|--|--| +| Command-lines | [parse_command_line()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parse-command-line) | Extract the command and all arguments. | +| Paths | [parse_path()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parsepathfunction) | Extract the sections of a file or folder path. | +| Version numbers | [parse_version()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parse-versionfunction) | Deconstruct a version number with up to four sections and up to eight characters per section. Use the parsed data to compare version age. | +| IPv4 addresses | [parse_ipv4()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parse-ipv4function) | Convert an IPv4 address to a long integer. To compare IPv4 addresses without converting them, use [ipv4_compare()](https://docs.microsoft.com/azure/data-explorer/kusto/query/ipv4-comparefunction). | +| IPv6 addresses | [parse_ipv6()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parse-ipv6function) | Convert an IPv4 or IPv6 address to the canonical IPv6 notation. To compare IPv6 addresses, use [ipv6_compare()](https://docs.microsoft.com/azure/data-explorer/kusto/query/ipv6-comparefunction). | + +To learn about all supported parsing functions, [read about Kusto string functions](https://docs.microsoft.com/azure/data-explorer/kusto/query/scalarfunctions#string-functions). ## Related topics + - [Advanced hunting overview](advanced-hunting-overview.md) - [Learn the query language](advanced-hunting-query-language.md) -- [Understand the schema](advanced-hunting-schema-reference.md) \ No newline at end of file +- [Understand the schema](advanced-hunting-schema-reference.md) +- [Work with query results](advanced-hunting-query-results.md) +- [Custom detections overview](overview-custom-detections.md) From de14f98b3255184a699341c44468f650663efe58 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Thu, 17 Sep 2020 15:55:42 -0400 Subject: [PATCH 07/26] added take-actions.md --- .../advanced-hunting-best-practices.md | 6 +- .../advanced-hunting-take-action.md | 83 ++++++++++++++++++ .../images/ah-take-actions.png | Bin 0 -> 50595 bytes 3 files changed, 87 insertions(+), 2 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/ah-take-actions.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md index 54a2423525..412c20d764 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md @@ -21,7 +21,9 @@ ms.topic: article **Applies to:** -- Microsoft Threat Protection +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) Apply these recommendations to get results faster and avoid timeouts while running complex queries. For more guidance on improving query performance, read [Kusto query best practices](https://docs.microsoft.com/azure/kusto/query/best-practices). @@ -39,7 +41,7 @@ Apply these recommendations to get results faster and avoid timeouts while runni | extend DriveLetter = extractjson("$.DriveLetter", AdditionalFields) ``` -- **Has beats contains**—To avoid searching substrings within words unnecessarily, use the `has` operator instead of `contains`. [Learn about string operators](https://docs.microsoft.com/azure/data-explorer/kusto/query/datatypes-string-operators) +- ***Has* beats *contains*** —To avoid searching substrings within words unnecessarily, use the `has` operator instead of `contains`. [Learn about string operators](https://docs.microsoft.com/azure/data-explorer/kusto/query/datatypes-string-operators) - **Look in specific columns**—Look in a specific column rather than running full text searches across all columns. Don't use `*` to check all columns. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md new file mode 100644 index 0000000000..d12e51c9d8 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md @@ -0,0 +1,83 @@ +--- +title: Take action on advanced hunting query results in Microsoft Threat Protection +description: Quickly address threats and affected assets in your advanced hunting query results +keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, custom detections, schema, kusto, avoid timeout, command lines, process id +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: microsoft-365-enterprise +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +f1.keywords: +- NOCSH +ms.author: lomayor +author: lomayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Take action on advanced hunting query results + +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) + +You can quickly contain threats or address compromised assets that you find in [advanced hunting](advanced-hunting-overview.md) using powerful and comprehensive action options. With these options, you can: + +- Take various actions on devices +- Quarantine files + +## Required permissions + +To be able to take action through advanced hunting, you need a role in Microsoft Defender ATP with [permissions to submit remediation actions on devices](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#permission-options). If you can't take action, contact a global administrator about getting the following permission: + +*Active remediation actions > Threat and vulnerability management - Remediation handling* + +## Take various actions on devices + +You can take the following actions on devices identified by the `DeviceId` column in you query results: + +- Isolate affected devices to contain an infection or prevent attacks from moving laterally +- Collect investigation package to obtain more forensic information +- Run an antivirus scan to find and remove threats using the latest security intelligence updates +- Initiate an automated investigation to check and remediate threats on the device and possibly other affected devices +- Restrict app execution to only Microsoft-signed executable files, preventing subsequent threat activity through malware or other untrusted executables + +To learn more about how these response actions are performed through Microsoft Defender ATP, [read about response actions on devices](respond-machine-alerts.md). + +## Quarantine files + +You can deploy the *quarantine* action on files so that they are automatically quarantined when encountered. When selecting this action, you can choose between the following columns to identify which files in your query results to quarantine: + +- `SHA1` — In most advanced hunting tables, this is the SHA-1 of the file that was affected by the recorded action. For example, if a file was copied, this would be the copied file. +- `InitiatingProcessSHA1` — In most advanced hunting tables, this is the file responsible for initiating the recorded action. For example, if a child process was launched, this would be the parent process. +- `SHA256` — This is the SHA-256 equivalent of the file identified by the `SHA1` column. +- `InitiatingProcessSHA256` — This is the SHA-256 equivalent of the file identified by the `InitiatingProcessSHA1` column. + +To learn more about how quarantine actions are taken and how files can be restored, [read about response actions on files](respond-file-alerts.md). + +>[!NOTE] +>To locate files and quarantine them, the query results should also include `DeviceId` values as device identifiers. + +## Take action + +To take any of the described actions, select one or more records in your query results and then select **Take actions**. A wizard will guide you through the process of selecting and then submitting your preferred actions. + +![Image of selected record with panel for inspecting the record](images/ah-take-actions.png) + +## Review actions taken + +Each action is individually recorded in the action center, under **Action center** > **History** ([security.microsoft.com/action-center/history](https://security.microsoft.com/action-center/history)). Go to the action center to check the status of each action. + +## Related topics + +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) +- [Understand the schema](advanced-hunting-schema-reference.md) +- [Work with query results](advanced-hunting-query-results.md) +- [Apply query best practices](advanced-hunting-best-practices.md) +- [Custom detections overview](overview-custom-detections.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ah-take-actions.png b/windows/security/threat-protection/microsoft-defender-atp/images/ah-take-actions.png new file mode 100644 index 0000000000000000000000000000000000000000..daf9714d6e4f78a17338898d0e8f383d221c0a79 GIT binary patch literal 50595 zcmeFZ1yogC*e<#e2}MAF!XFknWa}P`dBC z{l0(vcZ_@Qxo3=f&pBh9@$Vtqz1LoAuDRYh-+JC>&QKL)Iqd7?*AWN=wt~F08UlgZ zf< zbXBcKb$wscg~VoO3l{BG!_Yxnycw`MueZ{3hQ zLiQ+Uz$#TUZ{Lt5M$wZwMlt&_%hJjU*0#^{=ee6_aQ;;Z2??&du6WY_yoN(1;{RSO22CGIi+J{Z0~2(cs)1w zWWMeSDk`=CPW>&?fKcdowxWpF9%hQ)g@D)oI+~4*jXVSX{ii>!-m~nLwzaiQn0VX0 zeDu4M29Ja!xVV^$QpBswI_&nRxDTOeShwit=sv|weiZWHvh1a-H&<0v4SD^#rP&{& z#A#91b?ryS5bv*Fzql-VNT=$a5tQ4E$~O9*2e^?(pdW6}%E`-PN=ix1Z*Sw`;zqIv zkg(LAojuoYcup3KOA{oSCN3_H=;`UXVL*(BKsSb4(cMkW&c0(iQ%7buQT8%0P$qOz zfdT&pl^~&1Fb?|{4jvvN0w(3Q`PSh1wY6&zvg$F6>STd|foU!)y@(f~1We>rQ*ok*?5^F5leTjCj%1B+k#zKesdAig?l0B@e<&?`l(kXJmSm z+?Fcg|HRG?8|1pTF^cPbxFus~m|Q#^O`yog#I)EJO0fDP11rCvfEy{JMn4*aO1Iy+CQYmvM0<(9)aENE(uH zULhfh$w~(~0qGdU-EDgkXeJ39xM+l=HlAMdV&mHAwpJ!3Pdd5qaC2vQ@x zXAyq$Rf>MxyLVU0bt9;R+%YBGVPy^02$-7E?^qEiH-X4Sxb< zS}yci>HX+MtIc%(J|U}S{+<1^kk_rZl#tpsT9#@2x(awdBf|Qi7>>VU`s!LF02pd?Hn8s$J&(Z zO3TVhW~j|W=kN~{Z5=SUHcOA9^>)?_-Kf^f`NadghF-9?traNFK&>o6c=*;lNNr$FNGD zUG9$>A&ubab|W4>{*}~QJB50cIBRQbU_CsKc4(hJf1Z4jfViWz3CCKvQJ$O~{gzi$ z1hI7(`JFR9=a61*{#Obdpjk*$i!{{FkC)?Aavp0qC$+UnPc`^Zh)Zmz)z;QJ;udFR zWfgO9bC+}l7);l=wZ1?>y%nSQ8#L&X!)!xK4H)!KGGWAAyu7lN_S5|(rgHT@-+Oxc ztDH>d&%?>?^;f%CK0n>8^rEfgH=jNPb1eDjfV1)Jija`d{FI^JxtnoqOY6s!bd@_d ziHI2MXoNkB`-95Mc`EEC(NpJq&8zj_gpqJw7g>tF{jjCVX)(ZfQ(0MgXLpx%kpA5_ zb?^DU{=q>4q=zWbEq`KW762M!y0<#;NQ8PI`d_#5jVM__kewa7)?+&;EDQ^@`}cRg z*;{w-{^(~Urj1dAe<*~)4LLhIcBZDLU`!A%GBOzR^YdT-5;JMTgvXHeq#-ANoui)h z>FHqR7(7!H_3F2YN*1DvmQSGZT--S`%)yjYRP%Flsg*rHetgljNsUAG=lW}kSSctd z_O@q@R*fIZ%X_Z-hLI2?+@TjX;v!u#R-J$f&5y2Lqe@YPG)Muj;j}7>+Qovc!`e%iVGNUO6vcS&GN; z&TAQ4m)ErQWeAsNWn|FO(@S|4B|eYHuKN#J+#$T4uV0OC*_TX2&Hg?mB@)zSP2?oA zihB5UmDfHCxWPcV?Xk(p)~{c$iAxl%Pn6r>(a_))Xkx`E2I^JX&j-`^-uW~3`I`wy z`{(z>#f_rIj`32g&d%Q6RRpDw`wg+P9aJ@SbreGVMer10 zlCy_QyUgzL3khLu^VyEQ0ACKF4H%*H^mL?_w@lZ1poqr{kRvMWr(c6{xdpBPLW|$O ze`Dg{a2)6c1qRXz3hH_qB~KLO=Lej2Nl8hSn0FJKnVE@y9+*4&y{KL9<(9J||CsV0 zZ=I{g=P(lx85y}lsgv{gweR`KwbnEtxAlNnc0J9ib8;T*R4@uHr=WE-9UUE*H*N&f z*VoU~*BkjBGbVlfXl!P7Rb5^EzWo%bv9U3cST#Q3#g$uPVl>bz=W5EYU%w*2P(DGv3?HKYrlL%E~&ryLTkqvka(!hn<_BM@gMK?gigS zm`tyqJh3s9^O^73C}`mmQ&Uu!zk6HLr#XG5w^?xhnSW$TiyaXqu4`&lH8q-5*sQFq zuA39(V{YKUT7z*ry|?SN<_}mE57AycW(kan!ULZWIG)h?hAPbB`v(|FwH!hSWrh;< zbLo)Y2c~;Wj#dLWp`*RQM`1UjIh6g;vHL+cOh#j}+@S+?r(3n{y*MIP{kMAJxfgTn zZi?i1ZQC;;!zR_JuVzPc{~ix zR)j=E$Y^VmE;$S6>+AOy=<$V9i;# z8c;EC+Pb3XQ*`qny1M-+IUJ_MJXqS!64TC`BqUiLN(Ox#2nZ$7n3R*6U~oeqGNGlT zyW;NdzB*pYG~;t<0Mi=rA}|mQ<`ufPw>L6CL~yySKQ05so+{_Fn;--u)WJ9V+#h-E zy?X?oZ(1o*1GAFNNm+?xK=BId?9z4QnIIrwK? zuDhL~mJ<*Me~KBBzP=4R4f%a;jCA;6sj0VcB5orEO-JWseDmK=s{i$g?teoWaC5t& zAOo7mZd>g$Jg(QIrTeJH z{)q#mr9b`8`1I!o+B{F5*5?Q!HuQC;z*H7~w>vD?r*!Z~P9bZE$^tb3TqYc-e|@iO;Qf4_?D zWDU_S30qUs%S&WVi&*`&=>P1(rNnnykWIIa^ykl?=!Ng0&n$Y*71vuUJLm)jiX>0@ z9N(Ip%4_j!*WLH~fl9!)%r6QTUKG4-S=J0FB>Rz|oOsncXN( zsaP^LiI!GdTicWM_g_6X3M8t0R(SCV@P9Y14RZJSafp84Ch$4gLqQ08?jQy;m7CiX zXfV5x$iRA?+F+TaF|UALpg?1Xm|HCjit+RbwoI(YYClQ}`?Y|Gh=);b&z?O)W_JUP zmlP0vuxS}+m=9(?M7(fX>>#Vcr*raT4wCI&cGlL>k+>ZlQ)2*9*DTTvTx3$FJKM%& z)1?e~nAji(0?AZP3<^wn{_1d+CSs?N{`IEJ$i86kCDlupmCIMba`aWz)wFj!g#_KU z!bQ9fA<2rByd4cO3Hji~p;!Q%2Td+CpJPsV=qTwx9Am^WDMSqv1k$A8biw z^?r0ZYg4Gdc{X8FbglEj^Y?eAwx1(MtIiW|rS~!r?mD+2MC$FnT{wkx8vg$HSU#qE zApI$UwvHZ&&i33K0z%{bU%#>{GKQ_4cILLV%l}Y3=YMwn;QR{>@5so}Sy*3GR5FL{ zVJ8g+^6s|dHAD|T+?NO=X2Y z6XbmMlr5Zr^Jmqiq`x-8kmI=X!1&1h`?`tL&h9M{5h_UAwU7hVa}U)-rzjG&CR};BKWi=N2_W{C0F21QLw)TAuRm z-#_pSRM_d&d&ivatzq%;RpK8$f<(%~;&zSu=55NpQ4g-(6ro^988duS|#+&?N>@#kK{Ruz(j+Ii?uD#_K7ZtLv0H2e2R5 zgCW~p=^GT9iFS5z;r6=_p4YB19yMo->vr1ur2`6RU}f5J)SV$FQNhhWRUWh3q}%FQz}GK8*h5drrA+&mi@Ml0CPx3PmgL{ zE<4sc(`@J<2AGVtw)Pyv?DF#RP2VZ_`YY^&>WwGh$;?Re9*GtH;CjBQf;mxU$5aPb zhD~#DaNum?(7cffmP8QljVUJxJ{)^gS;rq073J0G={yN~c5Ne5>0^-J#W6;-=n*0~ zlJe#D9IbYZE7_kve;ij;Lb!x$s>qS2?D@$xFE1|}ul+DT+8tsxPV@-I9o;bIc&IB0Y=f-+#Ic1pJR_@(>V} zo4>y@VFBQDt^VtmchS)$9)0$n71n4>OiaQ6FhYRe^|cr8V3ZK2%H2KNAPWcm_{3yq zj@GNQq`0`rAERCD^;d|=VP42-kI4x8CSCP7M3;=@1_wc=Z1;eGjY@?i42LMZ$Gf(i zon_Z%y{=9e(yAme4`K+GgK+}q=9huM0SESoj>^=yW(sf}T_fpuJr4n)Zim8&$(Qr51w)(E6l zeV>>Z_7QNM`ljCAqW3j+^VE}NW%u=KTyyk0U7VdI0U^Sn;W)ug=NQ_atklY0fjQTb zuG<&==A&R5U<29}u4J)SIXcGgSr&V2Q-@Osp+lMkz!96-T{1voRrBdwsk>)YcIz^%#agQ`JT&`bdud)WuG@R)6&w?*3+Q{FYDywROQWw?$CH%QCv`2 z>5;IdH!|G+Swg$O_uOCq_LfVz_q`lssoU@^~)z?8uXhoP4d%sj)@+ zOXWQBb?V9QCfuO$6Rzz#US0nHIz_p`e|;Y&=2msB9O<2^M;^WUe$W4`Wg)Tg%L_hi zijg8YWn~-~k3aOZEI*;k+ z@o8&Y+ttj>%#4w_tr^7k#7gl9a-JRVy_##s5K5^Y^J^NDatPawd+gjaGqYGPND*)$ zK50x7bJ=SRzBX3tKqKhB&i1SJ)-A;E-|dm2gV=fYgB4U>d%ptX$4C)qRJ5_Nv5!9X zl=I`#+=k>_*K1zmb~Gf!UzDf>larH4#q8POWDT>f`*=i1x4toyuS1|$VbAWC2U}!HsaVfA0P4Cp{TzmUW^ZqQbUsJZPHpsgK>YJ?Q)d=dQc@DjT0Sy3 z`Lf!w^IimvAgp0};viu%JUqOu+20Sd)qineq1d=pw%)GcWc|Uf@lp~*f00r1EVJ8& z;Jm*ALHB+C(!%fi8zZ3cvZS)uglAM)8)@tg4z|-Z%FwVl;PW#L#IeLJ=|ztg*VaP8 z|AvHxwXPUF4;`oJV{s?tjnb~aFVeDSQc_aVoK)@N^s`4NoJ^=fF=)f;J~`6ZNk~jO zGTy}pZ3!wVamt_xhISR*#U5VUF8bVmYlocts$uKK#?~!?2WW_X>z4(_&i8elsXl5> zOG?*W3BzSF@sMU&7>w!a9Tm>le=`&&MM}8;#ah-8T zSJ&t37kGg*)EK|1!*_HvZItw4QF?%)q0WI6b-bfzQEy^&RwIy1lvO zs+_2mw%IcXvdP(ZOs%fdEfVny)#F*~T^w5G$YRMeH1(=7idp}8D(L>}#WB{E{!BX| zL{nGPcJsuy+%9)sUfv_m5v88}Lpf>bs}{XUv~`Vc8@z~AReD@Dql$d_NNWHb9e3tv zR>yMgA)XW$aZc%DS;s17#0$8f!*JT91vNJ`SPkbArK>Rm>^djpiHUxCvi|TzM&23- zCcg0&0_)0^03XZVB$S-TCqrbZb~Ymc4ryOy{LYLCy!}IyZ;e;jCAznT-~|=>!&9wh zWDOJhVdUFCn@_2Ull_e6Yki+Qd)T@@PB8=D5dK(Vu0x*G;!Q)7!Xm=-%vr7aP@z}T z_-I6XERn)=cus3il8fxkM=3k0IPu5quU@?xqyGo+E;8_O=~>mJI3PZAc^{HXbJ-^a zc2jydH#32oxNZycp1QJ@lyuO4Aj99<Z8{gkNIIeU>;Qoid&4;x8FR6vXEd9^> zwzu`82}iVDen@+edbgj$d-z|O;Kf|?{#*GB36X#N4?z3>{nOVusH!62F{wBSx|k0i zUIWA=nKw*cLx@C$a&N;pqC3OS00&CaMZG^>USI#liOrHA`?-14$PZb|;ktpWIEDrw z%c}T!V`JLS55_H9yv4*C@hhQ1HZoZRh?$0N;uzB8LcRA20txv+sSmyIugG)Xt$GD` z-!E=Ly_AKg)$nA#k~qIZN^(DsoyYarV+m$v=GDncPOt_}Yd;w4-Jn(riWIZzrN%>! z{f0^?2=LkFi3#$NkrA-XSMJ`ud&A&Ev$>hs96-K8`7>x}=<)N5;}w1Y*Q&jP zXvBQO1F=XxDMa6fepvlTzlK92dLwlXD;$!2S{9bvT;+_%fsrX6KVm~M&vyJvhSEyb z>2~H$9M|6|g*AX?{PA%hIsKWh%ztnJY75PtoG!aESmgHCrZL9W8BX?_58QhV1{i8q zqz8zzgGmP{L`Xpz^t+q0@yYf~y`zhZzit7q_CuDKTqRniykRH}i42ygsi|>2{lNh6 z_G-B|i2iK$@|*_hYsJrYEz+~H=ouKUg7<9sV&46YC6*c~6e;Cfr z&!ghv4wcHa0+W&`rDbGjp>{(a(b2z*)GV_1R>86>cX-AeRo@T{jFS$I5a*!_esW?z zz-(MaR#>1ywE!aG(m; zCL<%`Jftm03t^l$yzII^f$YaB9a4~%gpSUOBcwvEipxd)8Uw;v15HFc5q&h!eLQdM zepO-d_wq<`y2Zgv&my;nb)z-6?~2;JPP|9Hu;i(gEou`~$M}6`qwA#j9kHK+rE7&; zOI=4ln-9@=SmMH-G~W{Y(;(AD{lNJN+%t+aIaDk})51)7;6CCBBadW1m!%np_4Um! zT2a;6%)B>PvL9*nO^;Jo34Eq?Molz673!5wnk6l9Ay4!1xrY!xJ+TP+I4JKh-kk}v zJYM+O-G=i6y{T%KtT8(f3P2$*0sEGqi%NwWO_k&P6~H;53KARzsTkn7h#e@0v`kFs zl4?Q;lB&#M_9Bqf!Va=us2tO?vE`4=Kvrh|1dwqkjFSXC6oZg&etsTeat`0~eJ$h3 zogGI|%>^i8Fd8;yMaeUG?gCKa!AVRaB^6enK=NvPIt-90?A)Q7lr%Jv0Dv2ReaF}y z^aKHwLG2O~G$^m5f{)0mV2=I@+5JnXVaOcusVBw9lir}4R-m*7QRxnzm2%vz8Rr^Eo>$vsw>fJFZ4=cI_dqmXVPA`M3{d z26fejxHwK}j%P1Y2!hJXWX&WwGS6dQV5}+DjZUDu)Cyou4pnluXB_Dd={gg%dWbd^ zEIl78xi8^y_{#BI)|8cB_ru(CeH@M{_4gb4DKaJ|bee_wp+u~jgr_wymhM|qItwSr ziW3++rOtQq45W9>FxN+mBC#oW35BHhK?~yVKgAEirU(L1%XMpttkmLr%lYXcl7^rU zs)b7<8USb`*rK;k0fN%yl{=XCEi5d+GUN@}+&5_pQL_xA<~ETIoPdCk$?M?PH8C+U zP|0i{&^Jh`S9&1ebh1rq=FmEEs$UecKE4 zD(AMhBcb*Z`>Z7&$}XlO`8vQ4xC%*J@OHy#q5K`VmSd#IC=x1rNag~+_W@gl!z@nf zlPYI-cV6hB9_ za#0paWxu0&j57Oaa-c2*L!lR9Dc1C?jmyTJjtGkQdzLs*$_Y!83V!XCj)t5ylrU@T zzK3&{W$*-5enCNmkDuO5Nm1s|qWDe5(j)c<6D#ue{LUs@d;)ozY5}=S#m1KX%MTVE zN9Pu|XJ)A)6EFx$mbdR`-#0&P9qt^a6d~8XB`OuDsr&W_=DnI&N=Xp3hz)X%X2PdBl)!MnK_x z0jlZ9!aFb>Ku|B2mdwDHES??ju1;0oGrOykGg`#<8mm=<>J?xmPMZ@vV8k#W;{}&V zC>uc@h%`umEoo|Mf|YZwmgG{|Y3~M-5OU(x?T_ebS2@x?_wjK$J+Q0a6umeyEraA0 zT!%y)he3efql$_OpeLY{^V(uUl{%c9=Q@BE^2!(6mog0v4ahz);9n~=tbYx32b1}h zK&y!|W(dYZj9Y`|fi)xl;6Yx0IhmmAos+#afAAE>tNm$JKBs^O69n!jBqSXDOmyf6 zoDX;tXt!^Fs{b4W!G$5+r}MDeqEewH-ZTsKBRt&s89W`8rR{0iO0?3kGVTqst2*rL zLp2j0Br^sUl)w4ae-Kc_{ub{)Z>@*Qd)HK3A!26~W6NtJJmTWiUqmiPV$A>2%j@tW z`lYHN&%l&w5Lli5bWQBGOqSo15$o73Z{EC#7xnQ9-PqmT1u{ycq7Q=#&~vzb&ph)D z>&Zd=@nbD5E$IRK1+G{JR4n%oj(1vd=T}!lkg*34P(V_}6&135$s$fCdrzh1J>y8b@M<^{fL)rW_WTa|EMmlRPI}P=4d>)q<^(@z##hX_kq;e~> z8n^;_C<#o703=in@L~%z#d@}yjx+(sf0juB^UYLBc!hK-@D+jZ@bH)qBY;8$8nN8og5j_JUS$XuT@q2KvCJSgGrTg{m~1JEM=B8=D&WL0lnlVEi!HvB z18WF@U}IzJPnAGbN)e^HxVZ50J4#GUYz4v}7`6`RJCaxePX05@U7(=JLD>MHyaAx2 zC>HVY^H;Ua_W=`gc?;Y3-D4IRP>;E}xfennTd9C8lZyEYPgK~20mI`nXdNh3TCopM zY34UKBao=vw{O=!3c5)Gxh-wj`a!+#avD~v*!C0(g7l!bRs;VPN>f)CCXLS?9%wx_ zJ^g384U3+5+Ns?$HuC#cFOUWpLND_g2R>lBA=z45Mm}hO0waA9+=aE=2MA1OFdwZ( z@)KqR#>U2k)i)W*cx_3Ms`+g9=lrBYV_G zE0bvKhz(KxDp#oJpN!2`Quc`I>}-p5r?|)ycdq^Px*01E>C_ZCh0lh`X9t72>4ioy z-M+S;x0v;?yupSJ_4MYc7w(k^R3*R1u%sZUThSmO<_Vv(uzZa>IoUjr zySIH;S=y5RQHBf+E|zewrs<{IZ(+@@fdM?I;Ix9~1*YW!xP`P|o;$aEFV8)IGm@T} zX#$1(uJ7N`5Ux-N0!E&=ipoupHx|$w%WTK-VO)w!OZ`hrU1EkP2nipX@w=+1s02=^ z-67Pjuq6YUQ4mZ~0-y@EFSLgl+uP%S@XSD;!E6Kdg6r;*3$`e$s?E z0|qL;^AaW$C$8r_*3I0|q6S3S)1!)JhH6X8oR;*?s>UX$LDbEBz0o`^P9y^+Cnsmw znhzW!7BO2BJj-uz<|beTpt6_JUv2}Sqn?=CWqLXT0_~DRT}`bR6i}_wp+6M`K#w=@ zg;rFQ8cP2poQBd?R#qh|nq&ah6+6yL#wR4qFGh+H-#$TRcV1DUqL`>nk#TBHd+xlH z1xj4?(IO*(-<*Ca^X8k&#!n8T^zz;gd8h%TmvWM&F~ZpE5yYgUBgFn6bQYyuD`p(m zw=do;s>YH}PqXi+T6*h0`X<$I(zs7^o*V+nh1H5}keh=5ZK@o*{6hx$9=3CxyxJm* zIbAjC9;Jw#M<({=%J24tk@gALb-9(cU2kc%>pZ!6?WZv1}px)b~Znswm znmD>R-G;y!1!B^08Zl~M(EwUb|L)zpemJL|7X*g`E*pVngtIEVc@h(6FUckKu6uc` z*2AGXm;`=W1m!_$XN|}98^Fd*x2CFrYpIy<>ijLO6wvP80B_m!;_Nu%038+W(5FbZ z{5oKgt26aNNX>(=?34Rut`E8wsBf|D_+5tEw@rR8w41MQBGC-5WCfU8nFU?pWy3NH ze&72UABQ6KKv@eTDfGKU(ZdoAcS_bAJe&ykms!y_TyR8MCb0gn2)u!eh-ik7i>vs@ zHl8mYRMt?zAZdRwy9VW&{gJgG$qh*-h3y5X;sKw(fOL)!9;n5B~x; zKa6ksD(qW5d8vU)HE;FwRY-94(NRCWs?xjtPfus+1UU4oo~+*e3k?7$GA2$;{jjCw zvx3IRMd+$6KWD9m`KDIpix&vMt&qvMG+oQrFMrSe{|yyUx?#{XXcbp)4K#?quT{pD zf2gu_boenV4RS|@zYPAl{bS}bUAvs_z!WqGh|AIjtoD3?!kRryZgn5tt+R)$vo%10oA%&u%4=bc({dR!$K+ou`}vp;^YTzF z=W)w}oW}qQ(29u}d4e~T`IoVbgvI_LZ2b@Y^cp~&)CKcpikd4< z@w5_N-RnN%G!@&Pnl@BKs`{HevtC4Qjh?8o7MU8pXL1i7eG00b#&Rn7rw=FGm?ZQf z?AVnK(*PV3F}&0FA2uGT;n1(V5m@q3;Ez2M{Xu;SO6rd*$?%o@?7%mpY(IVdM#Dcn z0cNXy_z}k8+?k>eLR?cb^JO0Mt$oKAyWd{QpZ&U;Z*=$qE`z6NdozJ1(nsc7uVvfki`B0oz3H$RxS>VSZRV{yhO27`T@z?S>;q>8@G@H z^qrqn3*QxPsvAsM6RE?Ty&z4iBUsZWBfHRm=^WLX2?j(cE&WlEeQ1PMb))( z;jB6BJET_(Mk-Qd3L*s;=R5u8YC1^}d%@mFI2136p9`~5+__~DML|MbBV$R}O_HUX z8v89dA<6?9zB@D)n62+pG9CL|6q3!+ZD691>UF>MW+gi=$>FkDOZULh5D=<}N?=ZE z^dab-ZD3Xs|5@jJi>>w_v=uKDEm*ek))&qxsk40l7Dsa(dW@y^47&5Cef+}#wArK( zPne}X>*uwCH8V?{dA&qJ0b^g}P#Fq@!|Eo#w*NYJ1+6Mx{q=fkBl4}E7S6_~2upz- zB75FmD|5c@_Q6lC9COwA#lKkmKv<|qOM8{uF1nifWuiC>2QMswY1cU24Isk9b^5%l zh(N2)uDO=};#Ki_jrkoDxlI-)3rkZW7wCe_!aD-TX$}_R_fmsvIYYH#b_JEsIZWHK=N99jQJNZx(3@ob>y0IC0{J3;M^X^e#g^wj!nD z=XZ-PQ3}?fLZKoi%W(ATUMc_L_VW4+P!b+|L(1LK@AiHb%<~Wu+$S66V4dwJ3JEjE zmeK-mVFEV#fq~&s))sK815*C)*^x7yommsTks+%xHwg*b(gyyq7YrQ#?TSVc&xt_H zXExuv*tz5a8DdXELkv}Zwu@PO?0Uk&t25HrXmj0HEAP_h{IpgvBT!dkM?Ht_D4~c= zJ9BB4Kw7%p@|Y^9B>NW#&@I)7~?GB@!*%BF{(>Q=jMk#&Uj^U|D!5v$NC~vA1h^b0&kz z`IG%EZqKkgg(xt?MJSYGHNq)nL^F>r!wnjPP!SeN>!IzX801wfPEketp=J9dDjr!h zW;6TU^+h>}RQW+(nyPLx=3B4Z76tqWb?lFS=4F@X(=b>pB$db|ybGr=JxdJ83T|^{HeYqNkP@Y+riKl@XNZvKkX5ihq_Y z)eJh(t~Z2px!9=Kb<#sn#d6Kxk^A6``lbCx^7+n~ZCXYi3aJkJwvp*H(&LKCv`1rXjQZuw9aON9!q}A6<>%qC{CHI|FPjqO_q?5 z7Nl+vU(NHPq#7-~x2UP-JC(S^Dy)9su*Rk8o!jN4zjyEcg*^e7-JU9<2mO1UPvR$p z9(VtC`D8!WaTJx!=k$6fL0GhyL_n4A$xPML@*x!>rA?|QKiARKgLS!FT!M#=iAWRm zNNd=Tk>MLBD_3sWhE4VWLvKB-qcVpOA#Mfq!rWi)2cqOZjF7Dl$$53VwBjuOu0!en z`4fQ{`g4`xjeXFmNW@$InuM7HIH9Em`K{W)E$Se~qX=`7uq=_?HoDrOym&j>POSVw zFA@duL(?ryu`57O!_O*TP~+v1gr4K59obe5yVQ?8qcn{>QPr&Y9@DY3cIRlq$-BYD z4Ldijj$cQ&{OK`>l6g~LBX#%7Rx2^(U^K9CbcUD`r;qSj4RZ4)1UNajmbfJ~WB)zNF5dY|vc42yNE8Iq@ZJ z$IBVhNwVLGcD7vC?N@r+pe zBO5`X!4C#^IWsr6 z;5t0G9oLjL)Ad?RXgHhr5kAtC1Y1DO7(BQX2{;lC(R5aiEHawaqE;;~QBgyx=e5p*bTbqO5b zd-2LUWZ5V@u)RsabGZuL?U3QtY307xAt5Wxl;n?m!(yXiR5&R9(UIhtRv#e3Q{#;V za?>K$kY^L4GD%#tYuBghe@GJhY&fX zuJ9IK!HusOzt*X&V~I(a@Ri#4FD0EHPTPwWk23u4wAz^v3y))gcb} zw67)Ir~@X44m%Cb7}#-s5kjR|SSfPKL)fHxy4T%?6Zz2&wfxW`BvGKX7R$N2OyXl5 zcFhYWMG2!{vEb1Rj?|XE_SJkn`EK5jjPxSykomkWP4g&Tsl+@wj-AQd7v{cO8sJ1l zf;g#f{dTI#m197IpCEu}n(?DhqVSZYD}9l_xuG&$dkvw|KKn8%5Swk56br#sQGgou zGCGytLwuXR<~+h~LwtQ48?Hwn+N)8skLUT2XCSz?MQ=>x-_Ksy7A|)OOLwdqi5#jc zX1ytw(?%a$_K1}XY>fqq$L|?3`sfDYlL>LO!UU2;#624gUT(_lIzN3`Y_M5`-c*)W zuabCI)-dznyEosf+w>$b@Cfm(S==WhX`)IL6Ihc&NkfKJMdM|v?4*+)B%&3yQnf7A^o3hcbu#oAEwwlCamG6rjGWtb)bJ+dc`Tb#Pnu;(`L3( zY$$=OtDYn*DVsuNs^;1XZl=hf03p(!oCO3+PRc?xWsf2dCQ+*DowsC8Aj(M(tH6oT z{r>fdinZ0x9+5nVd2L38u@m}t?si4}#TzYBbun&9qipF(*Ruz$;+J z6wf^*Ve}sx*2z^7s(Mfxx8!e*9W6WFx7Y6MUw)q;ZGl3MMUlN6s?tsHWPL_$m5MiK zb}8pHZ#lF}pafNb$$gc*l9FHHXnLp`Pl=)ee`ZqI2rD&}PbbC|H*)1*aB{RO)7Gzv z#X%$}s{F?7{d^R}T~150U}=euxi3lz$lh~1$MfrGj4!EYa#U#iD1<}S_X`838flu+ zlX?CW-fppYJgIi5n#Gc;%#4Xw9Y=ku*Cu1etDDb=eXzu`2fHb}8ilcNw)#>fVIt=a zOm~nd<5Ws+NNCXHt9F&!Vo=8@P^lWYL)i7mQ`;;gU*UW1@!56t+hVdK!}4d-27Zqv zo_YB^_*|=;TlUykXMV;uF5#j|#D=A%P7iTM@Hn3CHu>v#t08K^I?2%r$HA!Wz}2;Rvh+pT=y!`%>^^>GLkU|`$~OFo861mvfvbjI7HR>Mhjy|%`T?DtV7e( zQ=k6v+O)K8X1?f?hj0Bh@P{H7jYrlVF3pC%Sf6J!YLWh9hY@XKk;V-RV`4XjZklU459GkuV!;!Fyj%(^`j_SIH$q zfVIFk=7T_K+1bJHeHYxR%uInMlq!Twm1E~N?owL}E$M47qrT2X(HAb;0xP=$E6!Wb zX8Ts2D}NQQ-%;W$FnsFAS}@ZmT7>tRsjKv6QR!Z;rj&=s<(GjEYsA`$_7@kI)(O=S z;vZ*ie2TP6=57W))HhsZf4{cUyS|fHG>&aSB(y?NOFW;CYHuF&vwwgfd{c!j{k3H0 z!yof}h8n+;9Kx5)a4g(?hhJ|{mkSl)Wk&j)MKR=T{S5#V zBY)Bo1%WV=8C|6`!)~tJl^+;c3Ug+rVyNt&P@Jxi{CQ+mtzYfS&uO1lZZ6;>9p`)e zrD>z*m&He}^ZhH>ZyC=CguDG_2df(RcD-hLwg!^jUb#M9^R0cE{v}2%UAmzbn_{`) z$FRWDE#<`;{lTq4MKNCqL%TfUZ0hRY*&534T;~_XmIgCqlM5z7@9~ncFBWab~{1xx%|O>2S8V=!gw<^*2=CM{7h_ z(YrIMij_2ssyIhhwHCh?_o$x-bR+>`Id`dD;vvhZX^JDt)i$dZ_i z)}B4y+K^kuSIHMo6XerrJs5U-pB~W1%RFEDP+%lyNRG zq#FBu7k&1PkIC_$hLe9JX_S3PB-v=%%y(a7qdk!W0u~5q{6Ot$NS?_;t_ujku@z}|!p@JEK5LZqD zR1tsvr!hxpm?|hGv-Zf0-EZ~l^tbc+HRS-B4a2z`p zjt|7to*jy8+9zCv!*f6BF=x^L)a+y1``D*3YB)`YJ!|->*)T!^KUNL)^N=Gio>Q^H zYmkXKaA#SkLm*yA!onk+j(>X?{d>^b?Opr3<@sL>rGsLTuI6X17V^w)_)!!aUJF1$LgbvCSQXpM?y0*5vZ?-Wz?CPDoj8n*I4@rl-otv}vqdSq_pDhYuv-8vzuSbDb=tN;fd}=)WH&oafY14Ze_FaO z)8M}ob2Dk*xLnt~T({`ze0cD%bqT5YWy}V8y=20M~lE|AhONrf_Q08J=dHyvM&fS%mr>CbRfBSj8ecv^r*DJ!&VssU`N6+-w2i_pJFjc*{51`UUB>?ZSPyPIupU)t;iTM> zu$F7|T)WZNM^y_2@nRBP;t2hLf`TeA2unW}_axlQ$__(ERJG^pRVwo)7BofTiXPpX z-6+;A(5?3>r+&7C7sIBb28~z`dUZ^R$XIfusMrOc<8gjo#}MZpGk3@ZSWVh1_=mc3g;I z@cG?Nax!~)kp)B?W)YEdBX)1t`oL=;lnKZJX)SlG-$1#z%w(xm#H zSzQ(uy=jz~w8PWCO9%GS`cRI#i~;1w#FsxG{D8I$c6stN3w{7algH=8RpfUYfwOz> zk!T%Ibw=xFlm-R{PImjmV18cie{m)tCeDOn@l5eDDuNP&y+sDf)TY)y(nEuAX*j~# z>7u`;1CeVZCo36f!tVyAt%0_&K2u){)T{lTdwq9q-|oXi?)uF6>tmLCXCpn->LfD=e>8 z)(>{wIZk$Ghw8Czoo9)l+j@F1wO1ErvksN8rwUwMQTrTLEC}Qp)K=h73*X5b&TS7P z$&>I$2fDHvZ1hm(eP|CYO4fVr{{Z^nW7uZ{c|T}R(C?y7Hj=sk7*O3`zbe4KSOc(Q zlv(Ncuh?_o2$H3^Kp%lUJqQ|^^^WmDE-V0@fEC*nf6RS541CrGV80Uv1!OD0uFQld zMZ>_@I6s`#f;+#N?65AkUj7zi4GXc8l9C?hX|jLL^E6B;MVs~o{+l|i$>Mo__pkkC3>s2%*dDA9*qlW`_{{d$o?$U+s6+05^I1b! zRMc?0Zubog^=DXoX$_pT%NjQt1m(-ttHz1nGhxlLuu*h;yw!7ll8QdDOMOE_LwElV zKu_2JKGX<24)7L4?Plt98ZR$u(Xq)HjEsyFegGYk$6-bo*hb#E#ZO*dob5h}pcGI8 zX(0u{T2%K5*!AC2#EgJZ7M+)ucXGJxFv?>G{90?EsKf3jxv=HNQ{W1Ft$g$ts&TUc zUYIj^e2N|_sRI{sr0WK|{DDkHYC^3aXl6y)FqoB8a+)*P&`3I}%D`J!|?8p#6x z9?vbsV>2=YB;Wh6!Iusjv5c&&H7t_-z-#vbhmt=P?zEO*nLGf}4>zY4aF*_lWgmq7 zF!o_!U>`9B7}vO#*4A>^Nu;`_W*sJYAF&DQl`HpQE3J>P1rsbmBEM@EBIvP|4`ei5 zSnT&YJbVbIY5DVGXP?7q58a06)eXQ6rxaUR=}Res6>YiZ-LZnMt8ei#cTWZMRDc|# zlB1SU2DFwK4g*~vstyB3b{{x0>###eKdg5w2g3Z~K9F^WVSB0juB$2!Q$!7rstBw{ z2v`e&s>6Ewwk$C62jR%_;-ZU`-ZILZ@;sNp=SbK?3lz-;7TjFN#qB%zKiGTguqfBB zZFt-^s91oa0xF%-(xTGc&46@E!%!9&lyrl1GfFoq0un2V zzQ5i--+i!;WA9;@x$o<~uC>m!*167gI9}^Xdi!?H`c!kCOeB+E-7&DWaDL2O8o^}pi6d(+{tZ8JHLV4rwi{(0i}?p-$61E4j=Ko3z)IK3hh z6O)YZ5k4B&(qBARDka0Xfg37(ygLP-7m3=Mzb{QV+i~2M51<=WIt)1Zptk}o7`ecI z*xTK`iSj;$aO0(-qQWl?tMbOn1CtioY{NiH4D7+o+*}seCQD#b?ypp@5;laiiit@& zxV22sa?%Dv@F;3?%&9X6m}b!6-3ugt^>RCX;jOM`jt&mWP*E!d##=^a=19TB@UZr& zQ>Vf>tGw8C%jAG$r8-<>N;ow~hnt;oqP}%jecAV=QCr=TK^pz-d+CAfKgd~i(m^-O z0$4qcE-vcO)kOpR4i68X4p8LLA1t$;sH=tN&jOS)7hI3{4LUg`V8^OK&mHU-s~>O9 zehLcWF<4z*E;v3q$b%IjA|mQ(jbwHKDVU7(^dZ|2B2uPo;MEstv6K*<{?7AQF5qP( zlRD6*F8~2s4(PO{o_5e@0i@Fykcn}4_VnvkC(lp98Hcv^o40N;NHb~V$H3`LgS|cv zw~t!-)*SeqNg7Br5{q9W9DW)?fb&hu891)$`C7`b0eO;k@c793`g))#23f+ANFdH5 z#>Rne(+{MVe>&$@RtkY)w+LGiIxh!HR|twZaBE#ahgJLbLcA7wUn*VsM0^e_;8wCg zg2gxvRI_BF*$TihF|)GDhpAOLTSDuWbeNEk(DdYF3b>Y*#zt|KCi0&i!}Y%P1bv&@ z{e?Ve^o*s!0r__THl;dv)-?Ko@2^ioG*(<1mBjBP0XttE*qhS}RudwhCpw4UFliU1 z!-vwCdKG$lc-;0qf9A}sxeKxI<+g5YpDS(0u-JYyQZy2r8n_iz5FE1$=&nEYN8`^U zF|9B-&Ulb>vVtCfkz(@@8cU$45|&m32!nTZKiQW=MBMZ~!Vl(ZqLX@hdP-h25>?yj z(uKD?Hu^Sf112mS;wjj_>XnYB;*yf1-qr~b5W&AYqh6@DmpOPA@p1|ts|5(E5l%=H zn|>~p&+dKXWQF_sU#sz&O2Q!lpEEloJ_O4FO@vj>xG)aPi*L8;tHH#4Yo_c4jusw7 z&lZ8D*bhhANe`JJ6X^^zTIe7A850#3mkT`nvuDq?^!65iQSYSV=hp_cBDLqw-zB;K zy*L#x&7_{oz``Qud$|6-BT3j=XtpEKdXR#}^j#0MD=hr^@z&KPQteOYu(fUdofNOV z4GK}88lQt@KDY&KXaF%)vqk(q{~kw?$jEic++d>EZPfrcYdHV+e}M8@pkF;;5sTm1 zA!wTT0I}V6tU}powjJ~gMnNps243@Ok&vQRo`5FQ;J4Fq2XP0c~;q^oddn81cZSAZt)%7WOe5U+H>85ZShl-^ed`V7ly1l$=0F@QM(*#GH2TV~4LD&5B zK*Pg+O{68<2f-yRp+xmb0C548mhk1Uh0zi4NT4^%!`(d_tSVUALGT8-<>M$>aNoVK zF2J`<2VsyQ*5-)`Bp{}KSPN<(UE=4vp8@Ax&5wwb=#XDGS1m`V9BCvgFHf-beL&9j zK%od1=z7}fAB5wa66?=c*uOl`SH)v9qy$J%<@xhpmyvVei~FD%qts?t1w^v?%#*z{ zg*~?|Kz;HO5J6lPg*@sqaPefP@x$-7Q)j5ub&CFZ60t!-yQp!`@m0x`?dys zsEze?W$>$T8BUcI6&COc(UmJ5#X=xfsstCi1?1Y%%R2ucDqP@b%7ESB*11P=PavI9 zHFF-eaIv)qMjkqJcx*?wgFs47&~-@(D8gGq#vwRx<(!4f_qZ)S1NQ3!vOBAG(en_I z{cMhU*b147$^TlOVe{mEz_)4iN$yWonwI0?Fl9?pdORm4XNv&41rIJ0u6_aDrVd<0 zXE3Iq7gwPq;^wwIk^voYmH^4&jHf`a4(Y91*$~;l;;MiT3WLVgz9Lgu^&Ay(F0*z5 zPAX>h`G}r|oMd0vjAsKBcWMz6}Ytn-#B1DJn(}+i2+M#I3u5pR(6ELi}-k z1k#$#ixi3d1$W<^LIh{QeGX?{rV`OpX%hAaJC+C7M+Gu81SG4FEK&drPisIsge_V) zeCGlrtY5|yb`!88P~ro-A3C8RCU|{{4uKGV0Lp-cq-zTVo_;?_8iFvTA|clU`#?)8 z#=w2@EUSLiR$LnMX~ZjEf{TKui-$0yJUc*{8bGeN{u#t~)?ZkxK3RY`c$j`*{FVYd z9Jb;0@bn~i>4rQ_!DBf{Q2kL*%GctkJ>Fjod#-7LKoo{II0yZkw|es6zmhSR{y!62 z|2F~gKN1ix?@NQF=t@~-NbT@;4Pi?Z!~qLAj?<&a=g>h~nf!(yP1cdH^Sq#pynOA7 zDFCwT^07jDRdbl-qsT!g#LMam(vWIJ{0hO~RpXG}dl|u$!YHiiKZvorh2r|J1pUCN zO9bD|09(xnAP2fQl3pHKYjW}pS-BO5E6$GV2sny;A3S1)ySu7fA3Er-Y-!Z5?0Y}4a_?>xp+hNv|+KCE@ zJ^N_0)@f^A*#$So*m)F+KU!B?9T#xh9+S`JN8Aib69 z9$cNL_l58gDHCh->q~&Xc9vp%rvK%IJmrRS;My!F?VliCDxH~p zzzJ4GK2AuRn4EQ>y5S+MwDPE1wtc;iP8s*qTejjnr@rlbI`u|rgloMgj8d~6I4oQt zanmHcyuHazaC`8qvK5oFc#LPsDfk^Dpr@9r$`TpNx5zg@|3bk6OysALx@TCbmBP6s zZ;4LfLCr-zn+O^>`<)DPfc>_{oV zDbOyS&FsI8_@ttI*A1vnYGrcTNBfJu#gSRCVVX7y?J6N&Diew2mL?`+>+xK@5=~=^ zCCixG-|p{hi;@n@luyh(clnOhR3=8Jbl>gX;;uznZt8@`mM(7dYL z)fOVsr(w_vA=cfT2L0i=Lls*1#e)Q_7vx4Xm6XmB{^!jbrfCo1mjDg0hlH1(JbCqo z=?t!Ayfz3ArtC+>c&<%sk!#!hC^~svZ*!Iv(2f=@4UOJlsa9~R9F8+AV(~anebK=C z#U9QbQorM<|ug99PC&&rx}3HkK#jdq!H4wFVM1LMw7w8uX#5HB39`qmRLX}RYy1Qy^8LbI~W z%Vu_Po6bpZi$LsL49@7$s1@S7ZCZ9nwMtWTFgTpveEa%HfXV5BSB1RX)5kqeydi3Y ziW}KGc(pE>4++VL2#guz{v+Y1@daa-BLXqp&9hH7gTpaW*;A#(J1ZF6e)I&y-MFee zOh{~|gn*p% ztGD;pn`xO;tK`aVlsV3{5&+((@>AV%Ta1%ZRJ#XPbva0nTdb!x`Y8z_D)3`O z%~(13jINAn*^zI?)#-sRS)~b4quQUV3EIg>pX16WAS1T%p4y9e5w^mMsTakUOF~`N zf(RFcHN3-PXLBj4|BKIQ0DAJ*TvmGXPM>4Q{)u-)YBaQVkSLlm0 z9(~?dsYr;K8Pde>mmkqftLLh9zdkzeY`;7*9JPqU80SWhANnhV^=FjWL4&pRpn@P4BdBP(ofhVsB0)OO|E z%{%1QaCvBZBrP4C!C(<6VE>Qm+UfEy?IfNn_QZ%MlSCY$AO4#Q@EcWYuh3h3-0r1S zFkqvfRxI-W3sQ9cQ*H_V-{qD-iXgpiT0+_Dd*X-x0~uw4ce3UOIHXJtg`F=-LpEhX zS>{I`_y)jG|H7!>gop}`!<0D+RRsxmh~-Qm4Calu*TDjma%?+qWUd`h1)vDw_cK%P z%~~Yju#v(;({OyNy@s?#b-is-t2VE;X{6JYdO-)uvk3lFYi>ej`2VGvRDQ_w^ZRmB z%dj>ZTOsrchlUpyL&}au|Mu=L!WIv0d=Z6dbFLcYt18wiqwHCf_s8qBM5eWfKT<2Z)HcP#TbohObc(z( z*d$iN^BBd#Ot#lF*FS+KRx|H{9(((|#Mzq>dGXbH*fF%H51$(e^eeR_Bx!ue_~(@% zIpO>3T_n#>LhM(|v(2S1M4lJ(T|z*A=4?i_yL8wXOSJmR&nt;1HlN5aBz^OI2YJxG zDz5ip%uY`ad)(imMW@N<1~^d1|I{Cfe{a9xo}ks%>(l4A_P>&pHfK}~jNQm-m=RzY zE)MJ&`^1bXs0b5on}1n(MaOezbYx0JA5C(gbpFa+hJ_bXynm;s_5Rp-c(hogR2ZMo zp8A8Fsvt%%u((Zki$WeOO=M3^uvIuc%~Yp#VJT|Sx}d{OKqoW9HNsPh@H-9;4!&>c z6^W!00lzR>bciv=e=n)+-XM>Fu&_Q7b0p?@6vs5quBYNtc;uo|gRIz&>sZXI6rE25 zA@X?Ll}UcS`U0H-QfA-c_}SG}H2J|!I2w(n0ckf}b>(JXrVBG1Evs!er)2|r>0Z(J z6au`ODY5OWel14=OW+`*d zEh&M9mez9LoU1QGRnqVMgz=$wK~eLsgs$k5olXZ>H5 zs_|rW^yYJVl8i@udV2b%yn;>vBnUq?$Pv(~#w8>sPA@Jpo6n6dR=*6cM!fpz?CDK3 z+W@`i&Rc!A6WOk%9Qyr{QxMR9@KjPUu^V15w8p|!_suI)QG}G)>g25)U6Z)b!7yRu z;f~6F>PJmWM~gdhd&q<8d%w_=lQ!F)NDry7TKue`@$J(cEXr^LL6rCul(Vl?n~yeVc{=NF>Md8V z&Jk7t=75;XZQ}8@X2Z0MY$67yk$1jyr-}3xEADjvY!qdH4D;ZO0W18bHpzWVtFzx| zuPdcN;&;8Wo}S&9n^Yz10nB7rz|L8!6Xm21p1;yF>@-JXdg(&B>7s^<$CtdPc^bVj z-=>@)!wl&{tFAwM+{aTFD+?E=TU1e|->q|Rs)#QOx^hYg)xNwhMg_RIE4ROI=5^sn z87tFhO>a=w zM(e!auUtWAz>89?L*tO})+2lleA&KNlN?+-m_R1F*>@tz9I9B)!)Cimkl$2a6;aGH z$>Ch+Kgh8`l9@)1Iy#QhL%J23@7u~wHb*kglN@KPQzX$2jx-&W9nl+b{*kfMnu0oH7^qZ1Q1QxSh4q z+4O#USDUc*^d{|4la8gAD*q{pJw&bD99Xfd9a1&n`pJ+ zz0>A1J6!kgN((sm<@V>977rI{H;)}7?IKDS2l9|7$KX8c0him)SJ}Ob_a2j%mF*1? zJxYf}H1;c=EGi{5bRWc6g6c``iR8OYoIJr+i4u}Eq(&`JK5&sNy)bISYdc&do^|vy za(2N9Gw7Ms)JD&v;Bd@CD{WaQBCt$e2(Ek{vdzburqVJpJ+Mdf=B7eMnP(jYCnH}E0D9ZUMG?5o0?qlC_GuJbfO^R*MocQ`am)sj-exE zj{3$9@Jx|jF|lU=6ORX77puPc?tSMGHRC7zP!l>i-q92nx7D1OF>4zv`;AeQjs7=Zzt9%Tq*<8I)3ZU@N5{&lk35QM`+V!Bp>CC8!yCW7JWLCS zv(&C%MZ>!3_`n-O0f<@aHLdKdR+$_Jy@JJXQS!|4vNvWQ8hzU^82vUMom67->syd7 zUp(;G+d^%SxXP6oh>Wf;<%==3cc+eW@0nb$TuA}F}$(13W{i@-UnA|4|@V260&eiYs+YWpj9Li84f(%>qN>!fM4mK2joy(#xh!Xkc){F=>7MZ zQoQjUq-dsMS&0k6D=O0ForMR3rXPcYTgd(i4-12(&w+Z`ut9Q632D)%* zhxK)dN0_a_lxMjVWKp)a;iXKqa8Lq?h>4+54DpScgA)U92iG~`H?kN@FIvdvX{Nc- z{^dZic6l&1ezh(+OJ{PDh?rPi@9?(#!4{XaN`Vf~a#W?=(YZ)Q{i-LXwUi2#&Wu7X z8|gksd^}V|BIXXeyPNwnZL9Ap{&v*a{!xFd^5R9RPPrv3NMgCH^hqao#^iuvjTMA* zL{*Dy5X5Riol7--pr910zQSD@PD!RiB@W@OQLK5*l-|!*R!;ODnsdfFLk>VaM-R$L z$54a5z^YfH1&!+5Z`QzNmRj%FxwLMK3ps40m)T%*NhH0L80dp8Uc9(J6FoyAWbyf@ zqkH|_FRM}pT3T^<#Aqm4%s|OSgO#hQ`MsZiu9>VK9Jf)rQ{>^oi>G?dASDZ$UtEGq>N+ z<~;xS%BHQwI+=!shN<5~9ev3tdevONZOQI^;@~jcZsE>qzt!4wb<}lcc(TIZhU#d_fH(2-WfA=`S2!jdltJAN(o4m8WK7e(bD1hppIC!Fg z=BZ}fua+ASTy?DD%ZtDzu&U=q)Wvfh?87bxW0A1#2^k=T=B9;|&oUd^+Zqrw2YfX_ zyj-jjt|#m8YcWxQ5<@#%l51}p%~GhFRn5BFz}1?{1;oQMvSGuGn{o8UdyJA2*4alN zM+R(_A)a(D>xzc54{3b?r_Lv?djb*N%WDgdjs{a2a<#raEyEY;*8iAyO+*fIDf&#S zZRf?x(Xk$wRxXTFIbf(0S{fRju?tNM&JQHU#H3GX6huWhEIT+m2gY&RZLKoDyzGH> zt2)#dLwy~6<{{EL5qYrPVL9C0%>f_&#;dTT1nZ*d5!+MfweECS0kTADkWiIY>CZJ1 zKyAf@g~KMIqcbac#|bjz9?U zZdTYM+fg?(`~u|;f-lZqd`pt+oa0;9H+(YZ17%te(-|1Qb*kBt;?mo_jk!3ly@dNxF z@s^uWte=7cR0GH`o9e!xdNWn)0{}5m$fL(XIv8y4cd@smI;C+~PcHP%yMD9CMl0p4 z4w4}k?asVQnuCILbab6NbrIbz-jJZ*Sld#{_(V$Ea^Xjq^S*OFD5}g%PR5$wL*q|W zu0pX$71HmHUSm*hC1kX0M{2ZJYmTD+`R7obOK5DR4L#b35m})W@zMe;##uGQzPBz} zy4a;mD;wE@cXwunru>Lp&AePyxK-MjA{g+b+b90dE8U)Zr0=*QnU6cAKjt;2d#29i z9H%gDC43?sV_!qLrf1wnf<>p$uj@CGjaBL=#FTQAb63 zByOuwt4iL2prPFA@+Cf>ekQEMvy)PI_xtIQI@`RJx&u4;n8(skAySi(`Q*AXk^vGA zxMEAswd}L?NsLTE|2euMC`c@A-8! zHCwIyc^${&8GQW)mkxh9nCviGnfZ_j%{r8 zpr|X}{L6x{QMW(e7r5c3lPKWamENN2R9nYa?yXW}B8^|#tJuf;itY5(XaYG#1H3&D zk+v}9#U&^_1tu0B6m_%}-qYi>q9fwo^`!P_;40zYf<5m@n14iT>g;xc_dQXCVw0Lc zND>(^qPmxco%#-13|z6Po4LN3K#K-KjjDM^5>M48RNgJuzP#QCa_`Y~OlIic9@k(2BX@ZlHiDb;`Hf~yoj7GM) zuI?QjkjytIr)`;_4Ty-Um^%dw7EdxB@mP;MZ+Q5g5Q=zglRX(H@RVo+$Z>LGmQX;~ zfQb~Kh*Bg-i6s&m6W%f$JkMkQ;~$sB@n_LayJ1%lFW;Xvf=CpqPkF8vi#ae$e^W5( z=K;GcP{oCrUx-Q{p>21icN~0}RoKQ~`q|8t+y~mBhIJI279Rw9btn~3QM!~8MQ*3Xa)}H|rZvxhfBkmkt3#U4@g6zedu8~pq=tPr zc&kBl)+>as@Y)mdY8M`>A*E|B3%}diWaTON2viz2gBpf_##~&oPo^D~YT(Nc`ys#9 z4<7`qddq@|oT^;&Tu~n7EdY`Gj5wYK7v!=h z=^gScTG8Y5`FRVxdqs6ZA%!zqIn96J$b?;Z;^Zs=hUXd?5qwom%_sd@tA=MJE~?;J z7RKC?As?PsvFi>o#9)!BXr6TOER%X>f&t3(6?VIo3GH13vABE^r@AZ|dk-$0V*`)x zhg}}=`STYb0WIc?D>89&tBHxZ<(LMLRYq~pXDK8OWMbkW-Fl>_JH>{q%XgR()c_io zi(3!{e;r-czIlhB>zKRkM5QWK(A^vrP1G%rbF{**)&u=8xqC`Dxi6|f*YulN4cf_5 z5q{MQC3;$!GuiNDP%uK!1%&Obqwd#_YKI;7P8o?)38uotEX{@qZ$<0DW2f7gfr8Pk z);#nA4#@YtyJri zkHoDG<};Nc3@Z-Y#FZ zfbEl~ zz-|8EA#9oa;+>umR-FI1*~2W;XrfDMa_tvsk(R6i9vcxtV_f5_aCrjW`z0I?Hj%#f zRHUT7f_pAvrRSoluB>bkrGCPwIot9$w#|J7q#Q@8T;eHstr$RNP5sJ6Ws69rkzzMA zA?N|rryk^KwNOYD8EE(W?YVkF1RdMc6F8%H@AvY8JMC{slP+R+#x>y^$XH|0{Ke+C z(I7M!n)UvDyQU7uCYPceftpil6$7lAbf5`NKSsIC@;-{kj8r(J)g903s%PI!{c6=; zYK6CQSvY*v-x6N)X~jN)iCEtMr=+{ZA ztIq`7=oIEUe%&q@(rj}|wi(L)+NI?8?o1n$zF~`YZ!Zf*e2y_0OJz|NLyI4QM(E7s zN{Y;nN~EX9LLVd0CB@lmcEkRWjaCPkV9~$OPn4&jU%j)`QF;socM4&%d^UZV0f=Fj zf+dU1JG)_jahvwg>l|-#P6@1zjo+wraB--d75UACUQQrfEyM%a9>6Ota>=8ygyKHR zb6%~$FYhxjm}X;HLk$g6RRAp#T9Zo0wa-_#I^%0!IXU5LKaG}ICZhL< z;vth>EZc#d$ILqG*Tg_{XXdn$Mx|RYtoXsYFPkk7lN-sbk?Rsau)i0L>`N7Q0tQ-+ z*wOyJ-HIMz7*aQ?o0;-F8)+eGb9EzO z>FRl!*7KwG%#R)^MLv5<@WTCgZ!WCtzAZ2XT zPM+@Ic^80)n3z4kDAogQRvqp^5=d?)3hdlIA%;v`|9I`eO)|3FMtJe#tLsD;7*c-y zdQM=5n-y#O9)26hc9MGe6*y8kl@pz+=p;pp;m-POugVRgOPAVRlJW@E-srG!^#Us% zaY-t$qxIP?c~KINgr^siNL`kO9F8h|>-R;I zIXE}oUAzIzR$u&D1J(sJooz?SGJx!As;gjd@C&?To9~f2A(=xYCZ_Z4MMi4`W7_vH zS|BdVdy5!nzIn5v0#w(nx#J_()4nr}X2k?-ovWRfdAK=Gdj0O*e5z;`UY%*TrLmNp z-b`zl$56FcNDZVn&gT8qiF#zU>*_#Eh=>Xyq)e`-*3={?WjD~f`0?ZIhd57^)l`%G z$j)4Hn4_;^1Uu3IxVZvO+xbu5ye+lEqKpq85dTPY*Z(Luq5NjD?}u_rU4VLT?B4_<#9cAHAI&fCLSJf%S`UG zXLgxkm<|jtjt&TbJ`S8~bDFMLqYSAt%#A(r-u;@Zk(Z0rdw2=KPe`QD0IP@*HqvE% zH{A1=rwatOJI^ESPHBbdoUP8OwT`%Q_S~%JyOD%lAiMj`9gN72Lbkm0XT$P8rnACs zPT{3(MG@B!Q-7z5FQ4hJQg5?C*A562nkS7-_x+9QEox|3<@jf@f0SOd4YTj&(;BUN zLFp`qFQ0IX<$8wFsUk4l{(Np7*166awM4IK+8WWVYhRbM zGk)^q84y8tD(3)@B@sCAz#qepygEfl7Lv2;_gSOsa)H!#i{2FeW`I6CbG|v*M`h=I z6)q#%AfmcD9+Gp}a|ifdS$1Z zaL9dR68NEmgPI_tigI&LZwflmYVaq~Oa`ZVGMCI(sC}i1St@|+G&MjrMfpE|qaO1xKExpuk)L_NV4s}p)Kle6eQo)_Cc>#Gq7@G$A zu5ojS^`9?4fTThKdtdsY=-rfm^ArA*K)QhZ0U`2zvqGdY-IbE7!8%nnrTkE|57M$* z5F=*;ff}`!LGGj{0klRZEPa^s_L4S!^&~ab_{G+r(_=)Qf9SXvVb*GLYH3laeucB>a*jr1!%e+hjk+Vd%rne>{nq&>;) zRImz2C#q>TLHn@^Y5O{SS!!w-^MlmjebJK|ol={e^z;A$_ceC!{o%P!caICd0P*Qh(ZCzFNHRx_x(fxLES?o!M1iO2pluUYHbV1DzL4 z3y#wZhr>&Q4*Igt8A2x)^97s{u9{dKk1t%pQWq~cp|g@M?8<`ABoK(zQ=V>Li+!C} zS?Sq2BSS6~(3pyhVvY2D@+ywk+9!ygEC0wi=sKI8QWhJ@E&6)0Vr`tIM?LZsb#I1j zbcx%9h<5wniq7)ig;W5*m9wlhcBbX~4m2$@YEl-%wGd_(HT*&Y zr4t9iTMq`eFh;w>e(BWrYnUYAgAVI!QR%?&p5L2G9t8B$U#KsL-&JI0J#5P@?Y0z1 zig74XYUvc0XRgYVR5wo?t(BSZ+7zvYo`H9U)A9Vmn8){Jr7QD+@f(XVJ1Uue?}f1k zE;pE%jC8%I5Jd;$Sj1-}u&*TA${+suPbJjkYE(J^ZEI-wiQ{+5RA5IIf<(Qw())7~ zz z_8(}C-v8zT+_HTvjG>8NZn}K#G@@Ma-!h_O^Eo5Nsj61^v;|=P=u|pp03AOA=t5Fq zFnpWPyFws)11YHmKS2G&fMwR1P-O1M=qDvL28QRoAr!pBnxC*CUR^5RaNw&@S$UXG z{#84DE&{N>=bHuYu{E>~3|0^MP^~|K*2OrI=XT-7@u3aGhDQw0Y`&sSQ$eu`RJ1kKI8ki&u`_`+xF zzjuPG#^O&}tIiU>CEII7=qlTR@Xs)l=bSRPXg?l$U2I_pwSPn{EwRz)xd3mKL%M+%ML$051))do}nErcNXo>v(sW_^MZrPBFem87_`ppVU zn0@zoJu}?%7~{VSld8m^JUX1FqI;snc$4TR6RAujQE8&Eg!I!^K11GsJ6y10pWJUA zU}2w*g*)1fSDCtaC>j0{W<n&wkOus7pHuyh} zpyE!X$W`8Wj7^}t33irsOiILGC;9BFbcYNpLt&K5^7Eb9`;HWma7FONR)Pma_V(sz zu@oihnL8^+d9ct-?A@zGaHnp0D(8QKpAL*K{cvZnFzoMe9CPXWaI_=hdq)g(HUUdex=2JXDoSHI+{UYUWXYuUN@Vj*}gn<>F;|ZH9ucR%_o%F+df}O_iJ)Rzo zw@hXM&ce*8GPPa$YVwEINmAwD?^~b#XIIv$;8fB;Q+&^?U+21Bs+7}5MC;}f`VDvV zh3i{`gjdHs%^$nEmc2EHsaB&MRJvtk+OsgL<%1D=a%t((D+9FoOfHY}rxhvC<8RX} zWGbTk{zg2Y1!e}SD9kBzKX+TAJ`ub>c}w#8b@wVa_PRaSSRq-{N&FV7_E4}uqYW6+ z&!0TOKWJ;K4&ng|#G+LaLy4`reoa~N*v(_az^k6MIcwK}rH=K9Osja^alL&v&iTyQ zv+J$0Z@VnG#iOG8x2rRhm~1;#P<(1uJYnfK(YvrRp@y8Xzgt>J5sIWXLK1V{!+G7w&6fMS0j66KKNb?hwZ1s-bz(&Oq>MS z#f|GX!n-VZ&YV%B7o>krA{z5M&{B22yMUQlqd+XJ`;py}MP=YlQxGi!!v{0@hcld8 zC}D^5e?MCF`j?bA3y72V9Za6T!JioO{OL~)gpXczaMx!;Gr9Pu6C$<4UoE*%wRKNN zZhnNd=-!m2*}m+@#7{73Abhx@6gJ zs1@_Bg2-M|sWn2cKB;BMt@+wr3W+qjP_Js|+hH`PUT)6HXLiO&zqGg|oV3*P`t&+& zYwhO*xoG;TjUy7#*0w8mKV&tB3tzl)*|@dO(!`9+tJ3Jvt=-v^x(wxTsnn4&^WIEM z493h^;9iAwwp?*++53^)t?4E5{`Li0UGJQS*42~tVStAtj4`~Pc}IhnU>v6OikCJ zD87F9>h;EYu}dHV-Zq-iX3<9z#_u%8VZI_%Y1?ROX2#(%;!MHwF&!>WWN)kZ!6Njf z#Gcgb@rvuB`7jT-9Xj%?9@|9cz9NT_Hh4MNiyT6=fXiuuMT%S|!ZLB^1sym=5H$2l3Dz z@zH8D2|i`dasB$9UZiWVY_TZszyiTn(9{R97UckP;i&y2c&b0A>_H%>em8Od)S@88*SFPdwxDFl1}a51@eGy3hY4IM9U z6f@hkTYUT#7CSpSQY6a@5kRB5 z;YOWQQnK}6RNdsxtGNU6rNP#IYa7bb*0$#_T)Yx>LP>G`siPwis+O|Wz#bn%8kLan zro23QEGe7UcBshZ4yraOGgN*W4%vAtf(^{fY*UvoG^7Ta1#Ofr zvmi5bKy2}BSFN?C$icKR4C?F%qeXJKwp&1N;(TuwAJx&$Gbpe$zx#N@axD8k^dTBH zwyMM6;lv^D1NbgxE;G#EfW73F8x4Tmpo5$5?-U8A$xAW)7Dh(7M3KbF2LB#t@iFU& z!vN3awulXbZn>Rtb4TLg#%5=NsBcn8ra}gk^82!{sTF!FRJw;kKj1h%n^2GaR$Oe} zuv}7O3lVb8)B@&<84d$i7cc+;VutLTS&pua{*)^tNrNCA#AVYl29D49z;QE0O9XHq||8!t%Ie1)&K`C4@nMiUwz z-Fz~TpX!j-gm}y!iG3f{s3Qm&7U-+xc<4_u)edYw3Soc$%M@$BZiHxNd+82V(A+NY zVS_|=XINvvqgbN41j2llUi0>Jhcy3;0aG~fOT~Nc?(ScGS1Emtmfg%cW82J=z1sIS z=k^W*&O(q*tVympp8WWtuc#<=p87N&n1n{hH*aq z#$*cOPwy&{bHG%#XNSqA2Vdh^F1%Tj%2j*))c{TZ@ZnqH+~!ujLFH&58SWYKIu%$k zgysG@H}!_;1GKM$0Oj;_#C0)4m_jK~OUaJ5q8)%eE|J!Mv$DH;5ucu!(egT{5%=r) z(`Qd*B2oqyyBD`ADk?rFCcf3!bn^hk*C35&Fa#s?OWA|b2+8#_U6o4KQ_hp#7cX6U zlGgqE)bS^EYngO2v|g?Mxog+p^Cp*PXzf>lPP5{AReyJgbRybQKBXi{&S9^I*41WI z#?TP=+Q@O^EDU#kf%k9M8O~BjrV|v5pI7LHlz30AE?=Eq%{v(41S53b*Vj`aV7q_s z93)9J=)||nLDO~*DsnYRQylNpAHVK8#hCuHU%1! z9`o~e@8CqdD%~%7qjp}j4HP)9jzqqCwE**_RjOTW6%vHB3!i9((fAy$)5q}!P5=5> z9UoH&;RIpyn%`3~;39kowD}2RDiAP9G2-+x*af?>8nMyrW|;2r0vtggCC{g;%*j-` zHupm2k{3I5?T_Ct4s!9kEO0A58nIlw1;ZawdKVoE7Xm}d6=U&GqI(6O4{-6NqjS2? z^D}&Q<7W&f#=Unz)4hJ8cxW`*tFC**gVpxrvcDH+4;Nu#ITl+m)||;QFrp0U5dl|* z-&HBy^cdkO&+MdLA8}oSk(=*7XUx z9ScD-A1w=a-@@uq-ocbo2GOR-@jDo!1)c1zcJ$^ zGOYWh+rs_tI$J*M4*DwR`|NztUe81ng56FsqNp!CHQnmO?X`)a2b~rNSZUO| z7m1@)9q_2rNbjS|L2=J}a@wXG@W;@4kuE(zO_cpU2=$|#*&a! zO`Lrk_xU?B`pW%mGuv|{w_Aa()l%Ua1f}HGIchpHKK6Rfm>Fh`alA-Wvvq^N)8Vg+ z2s^Us?Gp78m>U$7aEJevJl&OF&6{JdUX!HjL)dk~9m#aHY^`A5?Nj(jc9y{gg$_+e zvvRb?g9~*T_@YW%acx=svcS(|z6QJyR}ho2&h|$mS*`_=DWsKs5PjG9Uq5iEy}AHCk*zIpSxl$6*)3GL9}B3@{so(kUAn$Jf& z^I#K(ek6U*D}vc948%c(UMCG9YMa}pP3_u;b3uazbvJZVl)k8t>P?sx$I8e1Hgb_U!Szhd&{o3u6mKzd1O7VdmJJ?JznR5QV90 ze|4HlAK-6aI!DHC@DwF+&O3QUb=u9mGwC5C_;C3>N|ui|*D)_jq^;u0h3pyATu)}{##76Z%^?W!fgC>Dd~e{*i^9vp1q z`A*({8=97AM7I=)ki(IM5nernjth=Z0o|ZU=46cPGN? z>@6A!!CJN_aYg6nv)sLV_m;2~O_pNPpB*G$v2n8kbge7Tmbz#CyT>kPD6SgNz_6WW zq?E=v0<4UA6bkAA4omY!NvPcOz#cT&b87<(cvtbUOb<@=xwx=|v$G_;#aFYlIy$;K z{!TLH1QN_P3-8{CM>zW*9c+guC3QfLwttJoFB9(T0QYvR2fiLwXYAC<6VA(XI4=Vh z+>ZqWdVcGNMN2bXK6o~9rZ|@DW5nW!;VrQ%n0ytskaGIZrwmOGe+~FO8D0 zwM`%9Bz6h0(+`kiQGaYYRFp(}w(7y?*vB4~?*X3q^42AeIwknIbmGnJjR!o-tKCOG z8M`3v7zWt>aKdM^4nt;Z6ni*t6lu#F9}rk4+`D5L)|ouhKq6|`b3XjzN5+g#=xFS`PE_x2`dX8hvgt1%lasg$090xmxt zTwOCk5D5k=g~i4;F7Z3zx>8QNEcP)L`9PWhde^7Za(dVBBwu_Qnrx2od@8*?AFx!i z#hLP!LtpR1Ogo{0OrCxsebvg!%Jw+n_iufV8lirhqhZtMa1eYC1aqbqH{B>4O-yb8 zzIs<&%$1lbn5xE92`3=OWmo{7H|30gqUqUo=(KoHBz>dOKsNr1p<^b;YVflZrAIzv zk6|NBFDEUHCw}?<1lT$jFkKKNLs;(JF20*uuu^$6S~XHyb=@aFq>gig6#;}`OCoX$fp zA@UCG`g|3d^k2TrR#_mp2&mY?-uk<;BJt#j%Q+IC$ozH|n1-vA*KafN?JYUd$8YXj z%@eRV5~{<-zHv)znK{^3LE%9x)JOBF=;*h9XZx~RCQ(sh~Q$B)w6B3nFlT3iVF`ekrY zT0w#Fnh+V){r*M#U1=$X^+U9{qvNL`>VRsWW zz=Z%bx_Gf!s}gk?0Mf6g#jRw84Q+W80<{LmJ=7~tgxJ_R9t#Qxt;QbL<%jJYw9#U&j?1El-&eYLmQ40Qo??kdyigr{a-4)j zPob?Y7$$(S4@5HX27dd%VlMTr)B{JUr%W-B&KDQA%-nwCvDe`mn@eyr$1s zLr0K>aZslqs;lcNM2<~R$&l*&{pW29l}fSMWuL=i-+ZlO{m|`8RJ;+)(QK`@F@om2 zl$0yHXorBm$;1H>0px_;GdXFr!6_ZqrP19wOa`>x08sq-wlsS35Vys+FM>S}Me9Sa zBiPL~TYssK1#WeInwfyHiBd0Le(g8+44`teJ}|Wv^eZwf@dR)EtMQ)UaaQtIkEwHe z9*e$jVRz5soW%>z!#`tVdLA{h=Ddd+To4KpvRpm~MU_MM`0aKejNDK+?1C*Jr+ zY9kA>QpQK}r4h(JIR~%&CMPCuSq@$qnsi<8sHz!z@n^FW8-3FyL~d7%9ICHvMZou0s<54@a)$%@l!CuacQhH zK>6WB3OtSyo9;J&mqI}`rr2qYE!RWi;o}NkmxXt2T+EAjflT>i>0&c^T>mE249ey7pDLf;sVEEh^kQKP$89-w;g#)ZIhWC)`-6w^ zLqce#$ky3oBw)_1z)MyG**{jWp1Yt{6f0~^2TWYhHwgd)4inbiY2=xL6M=z*sc^d7 zXIK6%S9tAlmODCKB)^QbpI4J1h42rOI@HqFt6dv^H)n&aNgxGRR7aw~ z`jD|LVcs-QYE$Lo2jHyf!clvdc5zp8r#VZh>504hEocKcTfK8AU0tSZvu8}azJ7jY z0tu5KgE9>%KeCgt{IA~50w~LN>-V4-C?z4GfP{d6fPi#}lyrl%lF}ia3MxuUgOubW z-CY6#($do1-3{M*-uK<-?Dy>bo%!~hnKR=I41*8PeLvTIU2FaSzqMA1sNZck^+RG} z+5irQ!HBe=SjJU4Y_(LC8^-Hvp7fVk;JY5IAt#c1>vX{^Ng3<4VW2QV!sE0*^C$Ng zIBp08k_uYx3}={=In~}F>#TAn-{~E;huh_Mv!w+P$eEcL;TKO(gmv%KgL};7JdGyD zH~t=$Nxs8a7wj*qoery5&_Kms8$Dw60!9N3ZMc4OLxk(8}r#u~@h`59(4y!T6Q`fix&{Mq+ojDw){O z58Bfh9sZ&ajc6qOh!7GH34YVF-KnjaRV~Q*_+dcva1m3!&X#>!Ml$8dZ@sl6Ju^db zk-pH&JqsrXg-2Qi*~d3?$-x5gsQF#LJ-X$s$1eG8&9`$Pvv&zO_3`L~TZz?}seaof z_znguKMnX&Ea`tv6rlKNue!RLnA3qVRPdA;k4Dzu=VVyAqnkO#t z(7TtyK0W!u*OciAgg;;yE%%v-a9GHK*b~iXk`zm0?2PsV(fiWMN*o%WSt6bqJzDZ^ zIX&#v0PLWpQos3Em3m!(cEWgdncWgDX)-T}ke##GG`EOw?gecF;Jej=*g0}Ob2;8! zZ(PX@`d*jl8%ufPN?nphYExq)yk-%`9iA{)3t!!v1Cjbur5f}3PSc&D0N?3DAT&JB zo$DLwmnLcxVqIK$9(@|CJorVEk*&2Z#f+u592NxA!68K^b`5Y3HhxM9F}dKnwo!X* zqrSyRZ|ZB~rXW|sYu9`fS6Vwdiks%TomJKUZ9|(!NYm@}DwVPqwvy`?tqPHde7<&Y?tcLoh(Y%fvAP3LJ1t%|#WfCe0 z9DlxYlkm~&0rS<>zTM@a(6`L^(qe!a2}Ag{$#hU)P9N^ed9ibqBp{-_eFd^ApMV&S z-V_^sWMp}K>lTrW7;7Qx(Ti;ZTU*Ot7e}ZE)qko2zAzEIlh1lGnKyZI&%dZZjh^QI z{rAuj>=Cp;R5kjrz4lT&eWkWfzHP@6pp}f4p!6ZdOw@3qalA)q0 zLO6rKMauDic=N~Vu!O1+&6o?{1G!E8FzRj0RNY*7(j6J@&*_y9)F-O zcQCjk6?xtX&8b9i7{g-1tUg=)+}^g8kdhJ(p&rQ9)XZ565Tk;FgqE3^kQR|)8x8OI zKoe}#6M^)}vwQ!`8>Xti4F)!&dcivewH%n2ECc?-9D5nK8u`!(3RZ&zNVhNp`eVOZ z=k=#1%BH-lt2Y(L?JM}UcPs?GjRNB0NHr{khOKLag7U+Rf5X+h6R(}9Rx8xJgE4S< z_w>~55hV!i){*pUAM@UqmU2Q%!bzC$Z9Y`+-lR7zI64~rO-#%k(55G|OUILpI=;~1 z`}&M(OeOrJn@g6blLr`}Up3e&XFV*;3P&gpHd*e!Y`Wbwyxap>HxbFqxJLZI{*hH z7T}(NN# zK{@OX281m}`Welmo9W=RdH-c3%RV4?xD2=CuYXfQxKw{Z90$+TtrGM0T<*8owk6Pq zXWT0u(fWMJ5}=V!eU@+!UB&$W518WPzr#H?K3dnk%2OvpXF5f6zhc}@4xv^Kc}Fcl z*MG%Rjjo^WKDy{Rm1ia`I34nQ+ttZT2lKTB@cQtE=o5Ic-}$A9#Ym@(pynBJm{a{* z?BgWl{~7y8J*CGi9P%GBa88q|XVmegfLkZ`*T20ShR^re|$b~BrSa6s^_sv6_OP*TR0aV`Kt578(sgn z=m=llRVpl9epxuw-t=2!z+${UU{?Rzo;u1i619x01IcQGvUXNvln4cMU~XV}l@#V~ zg8E4U5t?Gn6j_NRtcLBsRzoSQvDhzPTFcb^%52u?AH-*uE4p$W(O*MZ^)Ej(BAY%= zIyyZRlr!=t{Q#|Pg)Q@ecu^b~>+gtqKio-HIK(JM2RFNQlkT7r%5%zT=L`(A7zSM+ z+p3`5L-)FOdPikgJy|ZEuZ4F*ZVIrDxILPX*%P$VqH&_t486R})`!`g5;bx-N{)Qu zDpOTE=lD=?ca#_N@YI_Qzm-?EjX|dFx@hXzGayn%AO8ua97v|Fp22+PsQs3wSV#Nw zv5wcIC3$03zJxgd0P-C;5a|;G3MjUR(LD3MyaK(grI~2eh z7}T;8mF&a|3JcY1Y*m8yP$0FCR#jCEw&ij3rGX&wXadq^u8_~)d#hcyI!fChXngwV ze?WcY{$!Op@%Hj^noAXW#r_3%L|v1XVk*i_I?F;+W28;#pgQSaVUHZZ18iUK$kP)b zQ_>pjvwrV?05bm}?9nP@Ep!s{{}c9*3Z5Gp;&yU%ZaI1Ew)h$M?YC@u5a_qtnq;a3 z+=$rHWa=6lqsLrfFk!Y%E<*euXFH$Umi=v5nBQE^i4GF%kV(xhz{A5M-tB2a>(A=o zr4kRe$(|%G0EdnEWSz@PxB-bnfXpu(lA^eB2)M-JnVl|QhI8*sOZ;6f9IMx3f3Xr@ zUu>5{%>*8}5ob?MDmPE_ ztbSJ6IGzq*Hi)t#$KtAw|7vEXvOeifEybWH>)}G&eGkOcu8cx^Qa??X%j33EPgo@EbFM#DWAZj^U8~vBl6iV9yOCNX+0flQrh5 zPOtZVzD2c%dr*3ByfXnN&i35&eU4lOzq9;&xVr9TkNNre0x+Zfon{2v;|^>-O^}1X zQgI72OQ*K6BbrxEfEJoR`)PR|2t(r5RKpt>Uwv#1Q@T$y2EDhD@P@XL(QR^>Xi4Qt z2M7eHA$s!Ze*WuXVL|G&z=kTfisz7`R1pra?%l4{BMT^pfeh5P@%|<6;q>-BQhO7w zB}EDQZ0t8eYd;7guS4Zox@PIRcJY1Se!#%PaLUmQoF}kN6AV_H8(bv|9F-ymJAC>Jx7q2*9X9=OE|c=(xY#kp!<@axmvIVO8kay zo-Tu0?t^Y4Lc#^s%kpL`;DzDg`%kY z93sGJKH-)PUBj9{Cv;1`v=|fUr;1?u;%`>H|l8g zi#)V#!A*19)g3MgDBvDB&ev~-{Q5D28Y99oj^{3~N9>#LC^cubxgg+)rYldbuD0*3 zl+eE823{heGa;yHoUD3%gIRyzqTnq^4R5V#bi8tNnXd{T(N+MdcY3^H^`n{G;8~(; zgKwCLS&YBgpp)k`HILn^F7b;v{~-*Oj8_)xL5%!9Au_25GW&)-qIk~xX8$X0sr1#|_*1*DH( zu!4A~#h_mw-;>kU6E<*OzheG7?-q!G&g#H49oAx#3$!ojGQQ}HRWGY3+dlsx0i~SK z#`8dNM87S!_N)^sgC*po5KulZ>S4@6^!#9_3pDcx^}y~|)N+WK8Ryqa-PK&qDJ1EZ`(01*s1_ zsqo|0M{znquT_lQs@ze)JDXoyX(w=WEM;9my^e)tRJX8$-0F@dE^4mbxReWfESpOo z-P0_$tF0kXQ9q`r#1~Z;*;ImArACbY8FRQeTTLuJ%m3NYF?T}lks`IwNfdBpArU?? zyH)wm`{cNHrO!TI2iOAr`}tYE^1%TDn$s(%E54WQ?gj%N&3yvFV3&0>f!WcKQy}5u z0XXL1JIJMvggaEH(rk0Xl!)LVDCz zkq`9;{Fe-j45wyhl%{yd?}LeaM!UJUR|l$khygVp-(6;AtKAQ77%u!LGt;leGQ#^^ zv5*>nNUGS%o(uS=?^AkitFOn|UQ zPdz_88W9*DXoXoK6f7(#h>>Ld^K*|y%qzO5&!ePi0?GJ&#WE@ASa9Ch3tk{O%32tc+yOj5Z6O}u>mHzA3n2w@=^ z|BXsmfb{{nXzRr~@Bw;y4*KA{IRMbwvQ*rg)ddl+qCla__BOtL=Dzzjn?*I}2AsOza&UR>gZf)FBVfNnBs4oW2f1crSbFbuEKI5l3s(S$p3fft zE)`Uj?LP-7_2J%@7kIy_7aN|tD+gIs*b%P@@Cswdq}enpfw#4{mkK8jaCC7Ldvcp!Pqg18 zqoY@CFXMQb4j65IPDDZgaEcH?`RFJ!T-W@Z+SNk0#@5R5W?$B5nOHvi8?LUdr*7^o zy-O0+Uwm_OH-ybXVP{Rwft~esjmm|rjpCiXJ}DhxK-K{FkwmL2Ez;pA&89O;Z;R+2 ztM58~DkNX}qFWDG-$vZJS5xe!H_fOz{sehY&t=t_q(n=~l_)6cAi4~WixUnTjQy@*hO;UFV z+gJMhTAP1#;bGUE+_sG$mOUxxD;~$eyL}9HOFhvS?ic)kc|wo|e&r_ibxLmT=t!Nr z?=-T-5WSB!W`aQ0o?e_1uG*WwgB0)Rh`LXYGaI4db^Mv@0gLG@FA{(pDcvw=bd(y( z^Wgt*>ZZYN)tMGh`wNsxT)DW}=o&esRD}F?b_*>jiEJi0T}gt8UHAlMZXB(K1`U`y~wI6jn^|RLB1=qu58UPl0fWEYniGng7?;Rt_z3&NXnP#w?ddqC6&PPcb zzN22Aozc)Z>Fw${N7#NX*m{)+j=D)tGu3?4#v2j2&s!2a*Na`U z?n~&+W%Pqe9{cOpFUne8w?h`GNcUzyK!NbM1RaQ=Zu<=*M_(c1mdp@abtl&P2zf>4Dxyfu#KHN^*OX&={5R!jc=Ty%}_I z2_ARfZ{M0fg3$!}BDo~5=TKg-SOArJ(V`T{sVLakK|Vcj0KD`3B1v!^&a1nmq$acH z2b@PCk`3p-IP1*QM5j*`y@ z)-QX~69@?b&j@V6(>D_2(lj(__o^@8D%{u&N#yocJ4T(!_1Q@vn0i&LVbt|SVmdt( zS`kNaj=TB66oMSB@_J}@?_4162o7_)b|nWCAeRn*06{*_YQjV3?(QXs6P0t<<)BAY zc1~u$DeODR;EPppEnX?ocnFSHxaUN*E2oyW_T2G}i<~kLpCN)lhg=-YWs!7c+nFXz zy@TeSEE6S|obl1y`*KjRiA?cGLW1DIx*?R|Vi2EZ^b=26gr}=!4%O&iW3D;9(S_;s z79J0On&b`(%W+wBj{;XmuS=I6ja@Lx!94FqiHd52TE=KlUZ zGIk>6bqrrQn)3|#&)9`SYn|FdgP`@*kxCyJui+;r5GQw9=Z&383IZ2kZA>`(ySphl zNsFbEu#wxcXldYJ$gA0)%E@)zC@2=>0%KMH zJMFk^D3idK)zwuf5Mi?^Rl0?T7drbLcpYVtsWm*@K=ruiZK|Y=y^U%)I>@Y4kx3`4 zH*U{`|B>r?3OG>ZZPjY)3uYWy;o2R&p>Sr7R>bMKF7+6)?|-2j%t%hA0szBgu;d{S zXIfQGpJ1J*NiE1`T{u5{ZPZ1tn5LKx!vq3y^Xx491VpbMlcb!wIlD_u-X{)tRivRzZ}@3qZLBhA zulDq5oXg%8_H|^@1`&rF8st%RI3^{j-}=7 zSbTa}))}{}YhMA>BX511@5q~?I&@fKCG$**;q%K^%>?M|9guG}i@zwK00lZYYL(lH z#@{;HT@r!uHgA)Yy*u=)ElwO%b2J)LKH&{jnOtVB=K5(==^L8jbylQB2(@g2g0;5V zk+0AGy*^-{j@HY4xe z!Fo&G=31>L8=dsD=_tkVUZzt9(DLH2IkG+SUh5u%#h2D`$jkLWz$UCzt=mE4jtOLJ zGeHkE{i7Nr}26LVoHe?t(lvZVHOrvW^wf!s3qJ(;l%Uq z+tF^9$I6w8Vp+B0D>exJ4iAKxOTBoRxjOwHkpn`AwuY~qa9<=LwRGKI6-reEF#nUF z(`Og^6+J7fu6bS01_RcqjfEh1VsvzLAh`}+K0l{Mq~zI;a8%f>YbD75w4DkUg3S8* zGf$MDePLh%*Gv2DuTDkHHu18#Tf{Pi7h+DTj)a>63U$SvVjI9iYJ-4|0o8BngxR(cn0a&1lK$sS70@v<4x4Fp)_A%At> z3hs^gTlVC{6`Vr%He8&sZwycrvNzEAP-1YZIMKtqe3686DYzYUdBPzxez z=>ky!G3UTOgV+rOqp%Q5+?R+ZeG839I5R5@`xSyM%paVO=4KaAL5hl+nQbqbS!vB5 zN?UDZAJ?Q4l@3CP&qJCYFV6b_!hns54@Ww)}e7<%#U&74P*Pr zNQ{ksGwV^q1?$Uckq;PT?SS5Xm8XL#J2d*u0ki_=FgZqsh{Nt1pY0LU0QDXWdD!^| zrh&2xM{2S%J-5>)4iwvwv$7R_T>l*mR9ED3{~4;&j$rOiozI0~i<<5ugUuJ2$wu-l zNqY&LItzYRZZ4ge*Bv=qjdEqawRUmg@z!yZ$l36Q6l!-j?D9)Ug5o{q)!|fjI>|1b z-6vdt@cYnagB7?lGP99*7^1@FFL^%n=d?@V)G@5RvqI`&P3=Y@x@X;E@=^65`+ zSwzG5cp!AP{uxC5n;tq>{~Y?xadKUVD>bp0xjHmHp7WEj z9{T&&jgMo2#Q~->%fA@*DEAl{!%8RILcyJ%ZtA#GbvB@Bw?3NQr$1Js4Fc(yWZ~_H zM90HseYv_5rZMKE2NHO+EN1(6lZK0%2b&{Jln}qZdbr07-hX0$v5dqh;E@#l6Skm) z9jJK7qgW#VCNFB`hKAyqhLaEyssSLBRzw&X5#RY!A$h3$HQ`vLqdt%ivxC>vJJlMR zf}v7{W%2#nZ3C^hsHn(fbFni>-^y4(F#{$Wq0vZ)2q`ziZN!Ck8lScad_!`R6f^t4 z9wFfK9IqglX|6^Vj|InuJRK=f@F#wZ`(`5|7wYB00ggoi22hk?P#)y@5;S<^XQ+@V zb+K_W+Y(x}+v7)&F{7~e^<)e{UKnK7u}jS6Y&=WnaMMY9uQpW6IWl*2#FQRxCO<&dmVEqpJ$_{(D54`q|0++3mE3Z_^0>zdsgAQ~ zl@xfpiCm426Yj=jT-K8fmOe6rY?1;9l?W*Pg1EaG+DWKK6StQ7*r(=PC<;I9s*E!_ z+Me^j%N_FOO$Zz7&8IdF`x?%+R8V`BhFLqgJTIm^;$Ud5e$Qx7wt$swX<$aex!_(h zb+8rPnF|4wmbbiMv7Y_eZ7ZmGSBLg4w&TIcXvVb_g$>6ps6LTvZK0bX9ls5}Uj2V> z_xJIeL?X*|@?n5mD<>re4i3(D=x?r`_W~7)O%pfRNROt9K1CT^CM>wwli;PLEOKSI zms7c=m}=yC#jYca5~T2YkvN*-=ItgN5g923)fgev`5t4#wiZ_GB;_7wJkHMLT-++* zZTM(Hc}?Tv@oA0Ye4AEO|98KC_vgR*{im(OLUhdG!&tm0USW=LOhKn^BVAwB^^J{v zR5drrdZ4Oa|3OzCIGEQjPCW((RtF>I-d`{tq81KO%W*-sU5KEG0%)XZl8J6XbAoSg zBzY;#r`FawpdS&JI5hXp-Nd}3i7 zq^c=eQ(mE@SR;g12Y+ksALzojzPBv+(w2(Qr2?$~VxKYm#E_6}OsFSzem5=qDfk5h zHN1aax24MQljk^OXz-#fuS6`2nFVWA_c?mjV#-erEdMBWm;AHXeGKPq-n~&Oqe3VE z!IDr+QcPE%SD_1&a)aA*HQz zDAyL$VnDzBKXUlJy&GyXbpCYsb1O05$ Date: Thu, 17 Sep 2020 16:23:55 -0400 Subject: [PATCH 08/26] added extend-data.md --- .../advanced-hunting-extend-data.md | 50 +++++++++++++++++++ .../advanced-hunting-take-action.md | 3 +- .../custom-detection-rules.md | 3 ++ 3 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md new file mode 100644 index 0000000000..b6250bc237 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md @@ -0,0 +1,50 @@ +--- +title: Extend advanced hunting coverage with the right settings +description: Check auditing settings on Windows devices and other settings to help ensure that you get the most comprehensive data in advanced hunting +keywords: advanced hunting, incident, pivot, entity, audit settings, user account management, security group management, threat hunting, cyber threat hunting, search, query, telemetry, mdatp, Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, Windows Defender, Windows Defender ATP, Windows Defender Advanced Threat Protection +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +f1.keywords: +- NOCSH +ms.author: lomayor +author: lomayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +ms.date: 09/20/2020 +--- + +# Extend advanced hunting coverage with the right settings + +## Create custom detection rules + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[Advanced hunting](advanced-hunting-overview.md) relies on data coming from various sources, including your devices, your Office 365 workspaces, Azure AD, and Azure ATP. To get the most comprehensive data possible, ensure that you have the correct settings in the corresponding data sources. + +## Advanced security auditing on Windows devices + +Turn on these advanced auditing settings to ensure you get data about activities on your devices, including local account management, local security group management, and service creation. + +Data | Description | Schema table | How to configure +-|-|-|- +Account management | Events captured as various `ActionType` values indicating local account creation, deletion, and other account-related activities | [DeviceEvents](advanced-hunting-deviceevents-table.md) | - Deploy an advanced security audit policy: [Audit User Account Management](https://docs.microsoft.com/windows/security/threat-protection/auditing/audit-user-account-management)
- [Learn about advanced security audit policies](https://docs.microsoft.com/windows/security/threat-protection/auditing/advanced-security-auditing) +Security group management | Events captured as various `ActionType` values indicating local security group creation and other local group management activities | [DeviceEvents](advanced-hunting-deviceevents-table.md) | - Deploy an advanced security audit policy: [Audit Security Group Management](https://docs.microsoft.com/windows/security/threat-protection/auditing/audit-security-group-management)
- [Learn about advanced security audit policies](https://docs.microsoft.com/windows/security/threat-protection/auditing/advanced-security-auditing) +Service installation | Events captured with the `ActionType` value `ServiceInstalled`, indicating that a service has been created | [DeviceEvents](advanced-hunting-deviceevents-table.md) | - Deploy an advanced security audit policy: [Audit Security System Extension](https://docs.microsoft.com/windows/security/threat-protection/auditing/audit-security-system-extension)
- [Learn about advanced security audit policies](https://docs.microsoft.com/windows/security/threat-protection/auditing/advanced-security-auditing) + +## Related topics + +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) +- [Understand the schema](advanced-hunting-schema-reference.md) +- [Work with query results](advanced-hunting-query-results.md) +- [Apply query best practices](advanced-hunting-best-practices.md) +- [Custom detections overview](overview-custom-detections.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md index d12e51c9d8..f915252f17 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md @@ -4,7 +4,7 @@ description: Quickly address threats and affected assets in your advanced huntin keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, custom detections, schema, kusto, avoid timeout, command lines, process id search.product: eADQiWindows 10XVcnh search.appverid: met150 -ms.prod: microsoft-365-enterprise +ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -17,6 +17,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article +ms.date: 09/20/2020 --- # Take action on advanced hunting query results diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index 6021933e52..947c8c38b5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -16,10 +16,13 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article +ms.date: 09/20/2020 --- # Create custom detection rules + **Applies to:** + - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Custom detection rules built from [advanced hunting](advanced-hunting-overview.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured devices. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches. From 7244f328afef7f3ca6b960d552f34eaa7bc994c5 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Thu, 17 Sep 2020 16:44:16 -0400 Subject: [PATCH 09/26] added function page assignedipaddress --- ...nced-hunting-assignedipaddress-function.md | 78 +++++++++++++++++++ .../advanced-hunting-extend-data.md | 2 - .../advanced-hunting-take-action.md | 2 - 3 files changed, 78 insertions(+), 4 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md new file mode 100644 index 0000000000..0845cc41c0 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md @@ -0,0 +1,78 @@ +--- +title: AssignedIPAddresses() function in advanced hunting for Microsoft Threat Protection +description: Learn how to use the AssignedIPAddresses() function to get the latest IP addresses assigned to a device +keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, Windows Defender, Windows Defender ATP, Windows Defender Advanced Threat Protection, search, query, telemetry, schema reference, kusto, FileProfile, file profile, function, enrichment +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: lomayor +author: lomayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +ms.date: 09/20/2020 +--- + +# AssignedIPAddresses() + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +Use the `AssignedIPAddresses()` function to quickly obtain the latest IP addresses that have been assigned to a device. If you specify a timestamp argument, this function obtains the most recent IP addresses at the specified time. + +This function returns a table with the following columns: + +Column | Data type | Description +-|-|- +`Timestamp` | datetime | Latest time when the device was observed using the IP address +`IPAddress` | string | IP address used by the device +`IPType` | string | Indicates whether the IP address is a public or private address +`NetworkAdapterType` | int | Network adapter type used by the device that has been assigned the IP address. For the possible values, refer to [this enumeration](https://docs.microsoft.com/dotnet/api/system.net.networkinformation.networkinterfacetype) +`ConnectedNetworks` | int | Networks that the adapter with the assigned IP address is connected to. Each JSON array contains the network name, category (public, private, or domain), a description, and a flag indicating if it's connected publicly to the internet + +## Syntax + +```kusto +AssignedIPAddresses(x, y) +``` + +## Arguments + +- **x**—`DeviceId` or `DeviceName` value identifying the device +- **y**—`Timestamp` (datetime) value instructing the function to obtain the most recent assigned IP addresses from a specific time. If not specified, the function returns the latest IP addresses. + +## Examples + +### Get the list of IP addresses used by a device 24 hours ago + +```kusto +AssignedIPAddresses('example-device-name', ago(1d)) +``` + +### Get IP addresses used by a device and find devices communicating with it + +This query uses the `AssignedIPAddresses()` function to get assigned IP addresses for the device (`example-device-name`) on or before a specific date (`example-date`). It then uses the IP addresses to find connections to the device initiated by other devices. + +```kusto +let Date = datetime(example-date); +let DeviceName = "example-device-name"; +// List IP addresses used on or before the specified date +AssignedIPAddresses(DeviceName, Date) +| project DeviceName, IPAddress, AssignedTime = Timestamp +// Get all network events on devices with the assigned IP addresses as the destination addresses +| join kind=inner DeviceNetworkEvents on $left.IPAddress == $right.RemoteIP +// Get only network events around the time the IP address was assigned +| where Timestamp between ((AssignedTime - 1h) .. (AssignedTime + 1h)) +``` + +## Related topics + +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) +- [Understand the schema](advanced-hunting-schema-reference.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md index b6250bc237..9da7deaf78 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md @@ -8,8 +8,6 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -f1.keywords: -- NOCSH ms.author: lomayor author: lomayor ms.localizationpriority: medium diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md index f915252f17..9f5671b224 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md @@ -8,8 +8,6 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -f1.keywords: -- NOCSH ms.author: lomayor author: lomayor ms.localizationpriority: medium From 3a46478e468b4b1ba5c1091cacd98b2cfc287a14 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Thu, 17 Sep 2020 17:09:00 -0400 Subject: [PATCH 10/26] added function page fileprofile --- ...nced-hunting-assignedipaddress-function.md | 2 +- .../advanced-hunting-fileprofile-function.md | 85 +++++++++++++++++++ 2 files changed, 86 insertions(+), 1 deletion(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-fileprofile-function.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md index 0845cc41c0..18be1be4a0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md @@ -1,5 +1,5 @@ --- -title: AssignedIPAddresses() function in advanced hunting for Microsoft Threat Protection +title: AssignedIPAddresses() function in advanced hunting for Microsoft Defender Advanced Threat Protection description: Learn how to use the AssignedIPAddresses() function to get the latest IP addresses assigned to a device keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, Windows Defender, Windows Defender ATP, Windows Defender Advanced Threat Protection, search, query, telemetry, schema reference, kusto, FileProfile, file profile, function, enrichment search.product: eADQiWindows 10XVcnh diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-fileprofile-function.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-fileprofile-function.md new file mode 100644 index 0000000000..f2f93bf6a2 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-fileprofile-function.md @@ -0,0 +1,85 @@ +--- +title: FileProfile() function in advanced hunting for Microsoft Defender Advanced Threat Protection +description: Learn how to use the FileProfile() to enrich information about files in your advanced hunting query results +keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, Windows Defender, Windows Defender ATP, Windows Defender Advanced Threat Protection, search, query, telemetry, schema reference, kusto, FileProfile, file profile, function, enrichment +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: lomayor +author: lomayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +ms.date: 09/20/2020 +--- + +# FileProfile() + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +The `FileProfile()` function is an enrichment function in [advanced hunting](advanced-hunting-overview.md) that adds the following data to files found by the query. + +Column | Data type | Description +-|-|- +SHA1 | string | SHA-1 of the file that the recorded action was applied to +SHA256 | string | SHA-256 of the file that the recorded action was applied to +MD5 | string | MD5 hash of the file that the recorded action was applied to +FileSize | int | Size of the file in bytes +GlobalPrevalence | int | Number of instances of the entity observed by Microsoft globally +GlobalFirstSeen | datetime | Date and time when the entity was first observed by Microsoft globally +GlobalLastSeen | datetime | Date and time when the entity was last observed by Microsoft globally +Signer | string | Information about the signer of the file +Issuer | string | Information about the issuing certificate authority (CA) +SignerHash | string | Unique hash value identifying the signer +IsCertificateValid | boolean | Whether the certificate used to sign the file is valid +IsRootSignerMicrosoft | boolean | Indicates whether the signer of the root certificate is Microsoft +IsExecutable | boolean | Whether the file is a Portable Executable (PE) file +ThreatName | string | Detection name for any malware or other threats found +Publisher | string | Name of the organization that published the file +SoftwareName | string | Name of the software product + +## Syntax + +```kusto +invoke FileProfile(x,y) +``` + +## Arguments + +- **x** — file ID column to use: `SHA1`, `SHA256`, `InitiatingProcessSHA1` or `InitiatingProcessSHA256`; function uses `SHA1` if unspecified +- **y** — limit to the number of records to enrich, 1-1000; function uses 100 if unspecified + +## Examples + +### Project only the SHA1 column and enrich it + +```kusto +DeviceFileEvents +| where isnotempty(SHA1) and Timestamp > ago(1d) +| take 10 +| project SHA1 +| invoke FileProfile() +``` + +### Enrich the first 500 records and list low-prevalence files + +```kusto +DeviceFileEvents +| where ActionType == "FileCreated" and Timestamp > ago(1d) +| project CreatedOn = Timestamp, FileName, FolderPath, SHA1 +| invoke FileProfile("SHA1", 500) +| where GlobalPrevalence < 15 +``` + +## Related topics + +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) +- [Understand the schema](advanced-hunting-schema-reference.md) From 5c9a8ec042c458cc2e217df8c6fe2f3330c58126 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Mon, 21 Sep 2020 14:41:27 -0400 Subject: [PATCH 11/26] some queries updated smaller table to left, time window, filters on both sides --- .../advanced-hunting-best-practices.md | 36 ++++++++++--------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md index 412c20d764..396cb929ca 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md @@ -61,17 +61,17 @@ The [join operator](https://docs.microsoft.com/azure/data-explorer/kusto/query/j - **Smaller table to your left**—The `join` operator matches records in the table on the left side of your join statement to records on the right. By having the smaller table on the left, fewer records will need to be matched, thus speeding up the query. - In the table below, we reduce the left table `DeviceLogonEvents` to cover only three specific devices before joining it with `IdentityLogonEvents` by account SIDs. + In the table below, we reduce the left table `DeviceLogonEvents` to cover only three specific devices before joining it with `DeviceNetworkEvents` by device IDs. ```kusto DeviceLogonEvents | where DeviceName in ("device-1.domain.com", "device-2.domain.com", "device-3.domain.com") | where ActionType == "LogonFailed" | join - (IdentityLogonEvents - | where ActionType == "LogonFailed" - | where Protocol == "Kerberos") - on AccountSid + (DeviceNetworkEvents + | where Protocol == "Kerberos" + | where ActionType == "LogonFailed") + on DeviceId ``` - **Use the inner-join flavor**—The default [join flavor](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator#join-flavors) or the [innerunique-join](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator?pivots=azuredataexplorer#innerunique-join-flavor) deduplicates rows in the left table by the join key before returning a row for each match to the right table. If the left table has multiple rows with the same value for the `join` key, those rows will be deduplicated to leave a single random row for each unique value. @@ -96,29 +96,33 @@ The [join operator](https://docs.microsoft.com/azure/data-explorer/kusto/query/j - **Join records from a time window**—When investigating security events, analysts look for related events that occur around the same time period. Applying the same approach when using `join` also benefits performance by reducing the number of records to check. - The query below checks for logon events within 30 minutes of receiving a malicious file: + The query below checks for logon events within 30 minutes of a credential access alert being raised: ```kusto - EmailEvents + DeviceAlertEvents | where Timestamp > ago(7d) - | where MalwareFilterVerdict == "Malware" - | project EmailReceivedTime = Timestamp, Subject, SenderFromAddress, AccountName = tostring(split(RecipientEmailAddress, "@")[0]) + | where Severity == "High" + | where Category == "CredentialAccess" + | project AlertRaised = Timestamp, DeviceName, AlertId, Title, AttackTechniques | join ( DeviceLogonEvents | where Timestamp > ago(7d) - | project LogonTime = Timestamp, AccountName, DeviceName - ) on AccountName - | where (LogonTime - EmailReceivedTime) between (0min .. 30min) + | project LogonTime = Timestamp, DeviceName, AccountName + ) on DeviceName + | where (LogonTime - AlertRaised) between (0min .. 30min) ``` - **Apply time filters on both sides**—Even if you're not investigating a specific time window, applying time filters on both the left and right tables can reduce the number of records to check and improve `join` performance. The query below applies `Timestamp > ago(1h)` to both tables so that it joins only records from the past hour: ```kusto - EmailAttachmentInfo + DeviceAlertEvents | where Timestamp > ago(1h) - | where Subject == "Document Attachment" and FileName == "Document.pdf" - | join kind=inner (DeviceFileEvents | where Timestamp > ago(1h)) on SHA256 - ``` + | where Severity == "High" + | join (DeviceFileEvents + | where Timestamp > ago(1h) + | where ActionType == "FileCreated" + ) on SHA1 + ``` - **Use hints for performance**—Use hints with the `join` operator to instruct the backend to distribute load when running resource-intensive operations. [Learn more about join hints](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator#join-hints) From a6cde646c77197f683b8eb2d8c8db66497654534 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Tue, 29 Sep 2020 17:22:15 -0400 Subject: [PATCH 12/26] syncing custom-detection-rules with mtp --- .../custom-detection-rules.md | 37 +++++++++++++++---- 1 file changed, 30 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index 947c8c38b5..831853657b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -40,13 +40,19 @@ In Microsoft Defender Security Center, go to **Advanced hunting** and select an >[!IMPORTANT] >To prevent the service from returning too many alerts, each rule is limited to generating only 100 alerts whenever it runs. Before creating a rule, tweak your query to avoid alerting for normal, day-to-day activity. - ### Required columns in the query results -To use a query for a custom detection rule, the query must return the `Timestamp`, `DeviceId`, and `ReportId` columns in the results. Simple queries, such as those that don't use the `project` or `summarize` operator to customize or aggregate results, typically return these common columns. -There are various ways to ensure more complex queries return these columns. For example, if you prefer to aggregate and count by `DeviceId`, you can still return `Timestamp` and `ReportId` by getting them from the most recent event involving each device. +To use a query for a custom detection rule, the query must return the following columns: -The sample query below counts the number of unique devices (`DeviceId`) with antivirus detections and uses this count to find only the devices with more than five detections. To return the latest `Timestamp` and the corresponding `ReportId`, it uses the `summarize` operator with the `arg_max` function. +- `Timestamp` +- `DeviceId` +- `ReportId` + +Simple queries, such as those that don't use the `project` or `summarize` operator to customize or aggregate results, typically return these common columns. + +There are various ways to ensure more complex queries return these columns. For example, if you prefer to aggregate and count by `DeviceId`, you can still return `Timestamp` and `ReportId` by getting them from the most recent event involving each device. + +The sample query below counts the number of unique devices (`DeviceId`) with antivirus detections and uses this to find only those devices with more than five detections. To return the latest `Timestamp` and the corresponding `ReportId`, it uses the `summarize` operator with the `arg_max` function. ```kusto DeviceEvents @@ -56,6 +62,9 @@ DeviceEvents | where count_ > 5 ``` +> [!TIP] +> For better query performance, set a time filter that matches your intended run frequency for the rule. Since the least frequent run is every 24 hours, filtering for the past day will cover all new data. + ## 3. Create new rule and provide alert details With the query in the query editor, select **Create detection rule** and specify the following alert details: @@ -67,12 +76,13 @@ With the query in the query editor, select **Create detection rule** and specify - **Category**—type of threat component or activity, if any. [Read about alert categories](alerts-queue.md#understanding-alert-categories) - **MITRE ATT&CK techniques**—one or more attack techniques identified by the rule as documented in the MITRE ATT&CK framework. This section is not available with certain alert categories, such as malware, ransomware, suspicious activity, and unwanted software - **Description**—more information about the component or activity identified by the rule -- **Recommended actions**—additional actions that responders might take in response to an alert +- **Recommended actions**—additional actions that responders might take in response to an alert For more information about how alert details are displayed, [read about the alert queue](alerts-queue.md). ### Rule frequency -When saved, a new or edited custom detection rule immediately runs and checks for matches from the past 30 days of data. The rule then runs again at fixed intervals and lookback durations based on the frequency you choose: + +When saved, a new custom detection rule immediately runs and checks for matches from the past 30 days of data. The rule then runs again at fixed intervals and lookback durations based on the frequency you choose: - **Every 24 hours**—runs every 24 hours, checking data from the past 30 days - **Every 12 hours**—runs every 12 hours, checking data from the past 24 hours @@ -81,22 +91,34 @@ When saved, a new or edited custom detection rule immediately runs and checks fo Select the frequency that matches how closely you want to monitor detections, and consider your organization's capacity to respond to the alerts. +### Choose the impacted entities + +Identify the columns in your query results where you expect to find the main affected or impacted entity. For example, a query might return both device and user IDs. Identifying which of these columns represent the main impacted entity helps the service aggregate relevant alerts, correlate incidents, and target response actions. + +You can select only one column for each entity type. Columns that are not returned by your query can't be selected. + ## 4. Specify actions on files or devices + Your custom detection rule can automatically take actions on files or devices that are returned by the query. ### Actions on devices + These actions are applied to devices in the `DeviceId` column of the query results: + - **Isolate device**—applies full network isolation, preventing the device from connecting to any application or service, except for the Microsoft Defender ATP service. [Learn more about device isolation](respond-machine-alerts.md#isolate-devices-from-the-network) - **Collect investigation package**—collects device information in a ZIP file. [Learn more about the investigation package](respond-machine-alerts.md#collect-investigation-package-from-devices) - **Run antivirus scan**—performs a full Microsoft Defender Antivirus scan on the device - **Initiate investigation**—starts an [automated investigation](automated-investigations.md) on the device ### Actions on files + These actions are applied to files in the `SHA1` or the `InitiatingProcessSHA1` column of the query results: + - **Allow/Block**—automatically adds the file to your [custom indicator list](manage-indicators.md) so that it is always allowed to run or blocked from running. You can set the scope of this action so that it is taken only on selected device groups. This scope is independent of the scope of the rule. - **Quarantine file**—deletes the file from its current location and places a copy in quarantine ## 5. Set the rule scope + Set the scope to specify which devices are covered by the rule: - All devices @@ -105,10 +127,11 @@ Set the scope to specify which devices are covered by the rule: Only data from devices in scope will be queried. Also, actions will be taken only on those devices. ## 6. Review and turn on the rule + After reviewing the rule, select **Create** to save it. The custom detection rule immediately runs. It runs again based on configured frequency to check for matches, generate alerts, and take response actions. - ## Related topics + - [View and manage detection rules](custom-detections-manage.md) - [Custom detections overview](overview-custom-detections.md) - [Advanced hunting overview](advanced-hunting-overview.md) From 2f41d16e9ec21eccfce9b0e834da8d36f539fd7a Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Tue, 6 Oct 2020 13:10:20 -0400 Subject: [PATCH 13/26] updated custom detection rules page --- .../custom-detection-rules.md | 26 +++++++++++-------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index 831853657b..1445c0ac2c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -27,13 +27,12 @@ ms.date: 09/20/2020 Custom detection rules built from [advanced hunting](advanced-hunting-overview.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured devices. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches. -Read this article to learn how to create new custom detection rules. Or [see viewing and managing existing rules](custom-detections-manage.md). +Read this article to learn how to create new custom detection rules. Or [see viewing and managing existing rules](custom-detections-manage.md). -## 1. Check required permissions +> [!NOTE] +> To create or manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission. -To create or manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission. - -## 2. Prepare the query +## 1. Prepare the query. In Microsoft Defender Security Center, go to **Advanced hunting** and select an existing query or create a new query. When using a new query, run the query to identify errors and understand possible results. @@ -65,7 +64,7 @@ DeviceEvents > [!TIP] > For better query performance, set a time filter that matches your intended run frequency for the rule. Since the least frequent run is every 24 hours, filtering for the past day will cover all new data. -## 3. Create new rule and provide alert details +## 2. Create a new rule and provide alert details. With the query in the query editor, select **Create detection rule** and specify the following alert details: @@ -89,15 +88,18 @@ When saved, a new custom detection rule immediately runs and checks for matches - **Every 3 hours**—runs every 3 hours, checking data from the past 6 hours - **Every hour**—runs hourly, checking data from the past 2 hours +> [!TIP] +> Match the time filters in your query with the lookback duration. Results outside of the lookback duration are ignored. + Select the frequency that matches how closely you want to monitor detections, and consider your organization's capacity to respond to the alerts. -### Choose the impacted entities +## 3. Choose the impacted entities. Identify the columns in your query results where you expect to find the main affected or impacted entity. For example, a query might return both device and user IDs. Identifying which of these columns represent the main impacted entity helps the service aggregate relevant alerts, correlate incidents, and target response actions. You can select only one column for each entity type. Columns that are not returned by your query can't be selected. -## 4. Specify actions on files or devices +## 4. Specify actions. Your custom detection rule can automatically take actions on files or devices that are returned by the query. @@ -117,7 +119,7 @@ These actions are applied to files in the `SHA1` or the `InitiatingProcessSHA1` - **Allow/Block**—automatically adds the file to your [custom indicator list](manage-indicators.md) so that it is always allowed to run or blocked from running. You can set the scope of this action so that it is taken only on selected device groups. This scope is independent of the scope of the rule. - **Quarantine file**—deletes the file from its current location and places a copy in quarantine -## 5. Set the rule scope +## 5. Set the rule scope. Set the scope to specify which devices are covered by the rule: @@ -126,13 +128,15 @@ Set the scope to specify which devices are covered by the rule: Only data from devices in scope will be queried. Also, actions will be taken only on those devices. -## 6. Review and turn on the rule +## 6. Review and turn on the rule. After reviewing the rule, select **Create** to save it. The custom detection rule immediately runs. It runs again based on configured frequency to check for matches, generate alerts, and take response actions. +You can [view and manage custom detection rules](custom-detections-manage.md), check their previous runs, and review the alerts they have triggered. You can also run a rule on demand and modify it. + ## Related topics -- [View and manage detection rules](custom-detections-manage.md) +- [View and manage custom detection rules](custom-detections-manage.md) - [Custom detections overview](overview-custom-detections.md) - [Advanced hunting overview](advanced-hunting-overview.md) - [Learn the advanced hunting query language](advanced-hunting-query-language.md) From 46cb950e6744304c0f1049f0a8f0b12a6894ec1b Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Wed, 7 Oct 2020 14:09:46 -0400 Subject: [PATCH 14/26] added go hunt page --- .../advanced-hunting-go-hunt.md | 107 ++++++++++++++++++ .../images/go-hunt-device.png | Bin 0 -> 45129 bytes .../images/go-hunt-event.png | Bin 0 -> 85534 bytes .../images/go-hunt-evidence-url.png | Bin 0 -> 66806 bytes 4 files changed, 107 insertions(+) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/go-hunt-device.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/go-hunt-event.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/go-hunt-evidence-url.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md new file mode 100644 index 0000000000..5b0d61b4d3 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md @@ -0,0 +1,107 @@ +--- +title: Get relevant info about an entity with go hunt +description: Learn how to use the "go hunt" tool to quickly query for relevant information about an entity or event using advanced hunting. +keywords: advanced hunting, incident, pivot, entity, go hunt, relevant events, threat hunting, cyber threat hunting, search, query, telemetry, Microsoft Threat Protection +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +f1.keywords: +- NOCSH +ms.author: v-maave +author: martyav +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Quickly hunt for entity or event information with go hunt + +[!INCLUDE [Microsoft 365 Defender rebranding](../includes/microsoft-defender.md)] + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +With the *go hunt* action, you can quickly investigate events and various entity types using powerful query-based [advanced hunting](advanced-hunting-overview.md) capabilities. This action automatically runs an advanced hunting query to find relevant information about the selected event or entity. + +The *go hunt* action is available in various sections of the security center whenever event or entity details are displayed. For example, you can use *go hunt* from the following sections: + +- In the [incident page](investigate-incidents.md#incident-overview), you can review details about users, devices, and many other entities associated with an incident. When you select an entity, you get additional information as well as various actions you could take on that entity. In the example below, a device is selected, showing details about the device as well the option to hunt for more information about the device. + + ![Image showing device details with the go hunt option](./images/go-hunt-device.png) + +- In the incident page, you can also access a list of entities under the evidence tab. Selecting one of those entities provides an option to quickly hunt for information about that entity. + + ![Image showing selected url with the go hunt option in the Evidence tab](./images/go-hunt-evidence-url.png) + +- When viewing the timeline for a device, you can select an event in the timeline to view additional information about that event. Once an event is selected, you get the option to hunt for other relevant events in advanced hunting. + + ![Image showing event details with the go hunt option](./images/go-hunt-event.png) + +Selecting **Go hunt** or **Hunt for related events** passes different queries, depending on whether you've selected an entity or an event. + +## Query for entity information + +When using *go hunt* to query for information about a user, device, or any other type of entity, the query checks all relevant schema tables for any events involving that entity. To keep the results manageable, the query is scoped to around the same time period as the earliest activity in the past 30 days that involves the entity and is associated with the incident. + +Here is an example of the go hunt query for a device: + +```kusto +let selectedTimestamp = datetime(2020-06-02T02:06:47.1167157Z); +let deviceName = "fv-az770.example.com"; +let deviceId = "device-guid"; +search in (DeviceLogonEvents, DeviceProcessEvents, DeviceNetworkEvents, DeviceFileEvents, DeviceRegistryEvents, DeviceImageLoadEvents, DeviceEvents, DeviceImageLoadEvents, IdentityLogonEvents, IdentityQueryEvents) +Timestamp between ((selectedTimestamp - 1h) .. (selectedTimestamp + 1h)) +and DeviceName == deviceName +// or RemoteDeviceName == deviceName +// or DeviceId == deviceId +| take 100 +``` + +### Supported entity types + +You can use *go hunt* after selecting any of these entity types: + +- Files +- Users +- Devices +- IP addresses +- URLs + +## Query for event information + +When using *go hunt* to query for information about a timeline event, the query checks all relevant schema tables for other events around the time of the selected event. For example, the following query lists events in various schema tables that occured around the same time period on the same device: + +```kusto +// List relevant events 30 minutes before and after selected RegistryValueSet event +let selectedEventTimestamp = datetime(2020-10-06T21:40:25.3466868Z); +search in (DeviceFileEvents, DeviceProcessEvents, DeviceEvents, DeviceRegistryEvents, DeviceNetworkEvents, DeviceImageLoadEvents, DeviceLogonEvents, ResponseEvents) + Timestamp between ((selectedEventTimestamp - 30m) .. (selectedEventTimestamp + 30m)) + and DeviceId == "a305b52049c4658ec63ae8b55becfe5954c654a4" +| sort by Timestamp desc +| extend Relevance = iff(Timestamp == selectedEventTimestamp, "Selected event", iff(Timestamp < selectedEventTimestamp, "Earlier event", "Later event")) +| project-reorder Relevance +``` + +## Adjust the query + +With some knowledge of the [query language](advanced-hunting-query-language.md), you can adjust the query to your preference. For example, you can adjust this line, which determines the size of the time window: + +```kusto +Timestamp between ((selectedTimestamp - 1h) .. (selectedTimestamp + 1h)) +``` + +In addition to modifying the query to get more relevant results, you can also: + +- [View the results as charts](advanced-hunting-query-results.md#view-query-results-as-a-table-or-chart) +- [Create a custom detection rule](custom-detection-rules.md) + +## Related topics + +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) +- [Work with query results](advanced-hunting-query-results.md) +- [Custom detection rules](custom-detection-rules.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/go-hunt-device.png b/windows/security/threat-protection/microsoft-defender-atp/images/go-hunt-device.png new file mode 100644 index 0000000000000000000000000000000000000000..71d8f65d88bcf6095811d75e6e9a03cf025ee05c GIT binary patch literal 45129 zcmeFZcUY6zw>E4+6cHJfq9CB6pi%_^>0qHskt!{y2%#e-v;YwiQRzyD(0dCIdI=&5 z0wHul=!hhQ0HGxTLg34s-;6WojNhF1zxSW_;v!dglD+p@_bPimd)*K3^mWx)PI8?* zbm$O^rpA4PLx&i#hYlTne}a*IWi6fJLjS|n;od!c2OFD1hpxwhV&%1us<_+H0t$z)s-9 zp1czAM3KLIra!Hf*f$WT)g$UpBiS^f=ujfnB%Y3!(IAXWr*0Nr-@*ihI7&M+) zgMWAaM0^i@{_NuC;(~;-XF2bC(`=Y1Og^eEzJg(fK=)%Cz#)6q)!vSij_Y~`~sZ<+% z>JO@$qJHbqJeQdRxeeOjt^2%l+4}1+4c#2RY&X;D)uZ-PFX27!?Uq092zV)sHRc>> zoJpR0$OzEOvgI9j&2+!@t+*N0rFa#+@UHx+8=t=|gfJ+Rn+%*?j-8078-VGBhMDJ~ zL#$7K|2csAZU57`xp%Qloo;^J9MEKBuC@3q0PlEgefpCk} zW_2fh!4E|NcTzn2WDmIHycU(es~kGa@Y}z<1Rr6)4)o-cc&-u5aTj~y(#u0f{@aU+ zCi^xnBQ3*^ypNHp3IlzuQ_TOw=+e6*l?ipHG8BO&51xp=gWh}ebI4(4`Z7NV&p@%>#To!?c0TNkqbQ>C-PYc05Jn!JLqsg|$3z@J~x&t^D*j4xcxz4hn9KTV@Q z%y4CehqElI@|DMfGOOX^KOwl}PG9F;sypMKv-|}0l78lqN^*)&|EsQxKfj)-a_j_> z{kmB4U*P}rfPrI^7d&E*xRZs6ggaM$&cgCp?ljEv^e|>hBF3qhgzi^kU%=OwvZ#cR4H`nq+bD)VomJBcc zTwX<#K5XG^)X+Z%{#5jLOKIGH`N{H%dG3RMn(gl+FC`vfzzn%{v^ah zNNMMB>j61c$sE!ADa7;G0E@iO>f6+^jN8)Zj(ED?(EJJhPviVuwwS_~EZt>hEm|b* z+rtRzN`d)t9;4+~p2`P%a9%EXHRZjvz+vnJ+Lt|bIf1Oc=hTm<3f~j zR;7V~L7Jzbp<%eyi*mc(l*WxEK#H8L$CueOmTt`dGM^^f6TOD3&kWiAuoK%`mE6oU z3w`%fC?0?NmA7rOZu+SFbE2S{@r&bPZ*V3niZt`o4e}jEMDYJYeEnsnV=t+ zzaW#eYws-l+~PtkH$~!y`KXM0oxT_Wo<;Rz7?IYy_AX)g~SLbd-y8>$J?ZXEIng#;96+Ta{1 z=?_Hv>*e60Rr&Q366n|jfuJD-of)eF1?W_=b3#3i@^4YjStX>7BV2Pd#h`pI0ma{?S$wlGn z-WqCUHK%#@B9uq5v8f z@<6SIZmD7r^=v$C!FXo^HGXPz&1!a~ZiYPa zMJE-p8DDNvW{w#Ay&ymg@_6;PAqH1=sBYGHvYzI8yekd`MGQg%Ho6dliW_U~h{2I^ zs|nM_dro{yLQ}i2sj`dD1eN!<=K~k&JVvyv@%|J{!n8- z@<uPB}x`*bXuS zSJVtvu>_Cr*UYQyTo}+R8`Sj#$nR9chd0N;Y)PCSnsP3^@&plv`-+in{(<<7nD@3~ zHfCy_y#5un4+_cj45dKr3td&j1&SCb`@<&?Pm9LS3;NWi1+Mgj&fm41x*Z(2URCC~ zACQXh^{Ewg1|@g~{n(G1IzDG3&=2u({OS|S*6bG=#X{{K1u>5d7I~i2iLNr5LGhUq zustZx@?#bz2WN(Ah9s3dYu(}4D8$zW#&Lj>(JGKKN$7T=zSBu9xtA!kHJr^pPAJOf z$>`GoYbZ8(odR(7>dNUr!CNd1342@GSGzQDw(|9Xl*EKoTkYeP;LvefQaqUNybJ+E zWB=g3IQ=%HKtu{XrZ$Cc4b$~TqHdwLO3ZM3d8P%C22G_-Fi;q;ztoTY7)jVz&Sh`^ zR&4DlFp=x|IAJ>6`Jh@Jma_`oc@v#_H{YanKTec5EPY3pF(UmOHcm2CC3yx^HA<#E&8s_s7>mcL5%Gh;c(59@r}9LuI!;s5zyVLs71|fXpP@ zt|xzbI5I~KKhc-yxD{bK@?)}RB=2jbK;lWc-B0g#!Dw{jezs7xx6gZ2)0U$Y%vAe; zy2he-@V%fa`m@uIr_KwMs)WuA|Hf&v?R5C$lSPk&XqzOHT zwJ`?|^}$tWs+7DV1m~=~yDQ`6S7%X!5njjhg7?RYr1%h}PNMtzb$Ut9$c@^)GGWSf z2YLrSUx&=0yoK)hH=HodVbwNnW{MKIO&5%1qgm~g3vqU0?z|hO$Zs$9QAiDRg^<{g zwv!B4cPxk4YMxW+vo$E_MC>oz=ak)X0W@g%L}&1RaL1-knYUtjSQZ=Z%0#DT_2|M< z-CQEl2K2bVRE@w3=FBb=RRGD=R%0i`GG`49a^MQ9R5eew%~u|TDw!-4JCdnATnhVN zpB%axIONE(I%PV-fi&1OkKd@#d6xuv`fAKH^-0hok85=8UWIDO0VgfwSnx@pBfdJT zv3E#RUKaq_1<*)TNOtWFgXAWke8N;>fzv`5k+9!&4ph~bm8N0QtA6e_c(}~}33=ja zaG~P(la4X-b4i6i6 zINh)9+1HyNr=b;K-Xw>k<1yi#|B+8WadVXiD+;fvuZBQQeL4Ne#7>Jdl z<6NV7aF&HfQqxLLS)n-F%G`bVTUWP+EI<+vq)PJ#WSf-9EuwB2-gYqpx|~4Odcw!@ z!d#n-l`s0f!6L9a2T5uGv`Go4QvNYM+IfTYR&S%h8~LaL=x<3b-Y;4@@_Ea8O;a3= zi!)&fEz1n2%6X*$J^=L4UNbZ~YvU!r->-R3IVw^qX~Pq18JUxc|H6L+9ORb>-x9U) z`*A_U2wh!rDZ02wq}u+gR^)1G3!epzEVFcO6Ru|>Y+~*>+XmjVNzH$lbcQUh_+oS^ zRI=L3${#80tPfJjXw%g%f4CFkg^t5*4ZPQ@p6vpI^min>CqI^l5z{jl8*&{JiZ+{X z$uRa*f{`NbuS7xL1w>o}@FO5V)=SNPuaZsd!4)h%Wka7_?>q#~otC7*_da6ec2ZM}gJSR-@M zb77B@O>7IV*qH!UkIJ;PFUQXy%H-cDull)dBKB)|lVf-;qJnJ0ID`X)raztZYq5_2 zDcgLphF_`coCFP;I&>rR+$A)fFRG!0#r%F)x9$#I`R7qEy_#`9r{VZS7dz*AFd@d0 z9B5MV$dd>1ZGV^4L`)0YBab2G6kE2iGLHTOER70fs(14V9Af=~cu28DtA%GkF+$ZG zSmSb$i>zf$sRhs$kAqgGENX7Xk>ZTi3M~5{g)QloS<+f7g?9AX@aavnj-mN3szP_THa$vy`!2q&^L2M z>-g^Y0j2oU#)+aXp4A6yLt>*-G;s0s)8oaZWc-ZbdE#q zS9{2h4>}B7HU|3M)ks-++9A%Kx>#^=_%Wr=7sYf4QoVOnrxC|!EagJ+ygK+sO02bz z)Mi%BK4SCjY5|fm4ansMPF(2SkNye=GKN4$!Tnz_x_}<#$N8#?6AZ8cl3R1B)ES^3 za4BgNE!VbQ$Dz!AN_v9Jd3Skpb`T!qXvEghnBl*xV?*=_W>qM?E!`IyF=MQqcw-bQ zRq1}dLCvp+|6q3n#`(*m!uN?P28mUrCUwE5yKa>fzar~l)F(y*2?}o&J_XR$Fa_9P z;02KK=54)0pZS)7P9`Z~EyqjDzSuGd;bZO@BK;#Uet}fHA;UcJG&>X0?h<@jD^I7M3kepNIhOU8Safwzdz3#DN4r) zbJy7yam{nev1T9bF{>ToX12clRGXW@K2y4kON$tgg!B0DQB{h>Euo@r%qnc=Yc#Y8 zawh<#f}UPFM0I%#2}3)qq^P{;;T6J87uaEiaFsf#(#hhQJo4F_L1}hm4d;=}gpZGU zcon^V@H5v;@0eD5bl+*ipR4LH8Znnb?wg1$g_RcXHQ0p8Nh{xa_H~jBOrc%kRFZu# z1QhLmHGwLo=MuSxZ~4@l71$_=Cq7Za1qd>s-ct9N4`=$1&r6Vgc!o}6V5tz4}u4;rjl0%^b4 zGbs*=^S8p7!BVdQ%CNOCIK=dAoavQ$adWGU1bW$9!Y4HN^M>=UgN+kx%E7se*zP!? z0?3Z|?gB1Dr`WOBYJy?ltb#Yq_2`LsuP2e841Ct3W*~LZ#S~MD#V-CaoMMriv!R;B zN~6{Cn_#F$4w>tH3JwVhdoZk`qHZ|y>?@LPD>-!N%Wj#)jS&UQ+PT>8?!)?1F)z(7@OZz5;yIKgs}`&64!SYa zbj&&qI&q;PVZ>`|AnZrh;R&g|?sD^(8cwSnnt>7ATxvwVJb1MAAYXc=;xguy^0fa( z>k{8&NJ+CJkGWxuBYG&P6^0JW_{!@JfJ5SIJh`UYk#~hs0|n(O>@LlkZL2@90!^%# zPx!V_EsK`BDfJ_SkNxJc2oKNK;KUoII_e`u`5@T@T{0G+8n4J_bi+cL;@0`qt+dmm z+`3LzIqry zO)>lKHXvV@=CbSE?#*-Nq6LJo*>^-$4eZP3(OF_P6z)2d8*Jq{6(j@UF5DIbJl)ye zMHr_zj(+cwQ|R^xRu0-K1@xTk<^h?o>a@1HJ+X@pG9q#ah;tT*HV_im9zuo<4LN1u z&%5K4wLV%0-Hn9X$)YZd2)RBHMIBYLAii=vmHmWXFLFhtEa5*76oCsu= z>A=smix4~Oc7CqiR1CM1!?dqU(yGIhoef)k$gwCZ3u(dXfLzX-lk$=_sR%RTo7nEc zv_4zezZ_&iCs{@5F{> zcxe2xGWTaV8xFkMwNUt`)7~1c@qHs2ebw^W)UJA}=Q6^O+~&0yo4gL44ixk<>sB#K z-u1QpZo5-7+4^u+jMpP?DXc{O08IM!O{utoUiA5ifQ#-c+txdr6ur)QeXic5tT!DT zJl`&pa0l+TERg_APv?TCEc8BP>k|c}>}*ZgbxKHb+xIvsZj8OUpOVDC!phg2*Eht! zQpq7SQI;Y%$K*luiBDwpHK6P)V0dU%_B z_OlIIuuy z2_6b_NaowFyPGM>gy|<4wyT)(jFm9MyhiOZGY4s{TI8g>6i4kQeqaP+wb_+O|GTrJPoj+*J*{Fxj*ELdxN6 zV_ngV!H171VZjy%*|N=t6FHKIO?M7x3ZK(ejesgKsWf7$& z%@=MW%Aa)1GfF~`gFbpn5)aDu6^%whB-tfM`4}-LEP~}-`BT4;@>S53^A)M2a3lR8@2d<`|x^%Rcl z2R&|W)>Jj{mPSJjlN)gIQ(me)rNs%4A{>8+ne%#Tf0@*9(ub)J?{)y>@QeI4dJT|j zzjmMQ(_f88gC8YK#NRB;GczE+lM$3}%bLPx;CI8v8Jygxy+JCU5D9^C1F|^l%+B8F z_q7pIcau&?z8HcBT$9fqNnbt>DB~)}8zUH`2&- zS?jj8X|3~K?+xc*dOx}t=Ft=Pj^e(iBHc<`b(4y?X-rcr&|Ke9C{P1Y_&-;sZuTj6 zS*m~I6nXcbZs&FJ!w};1F_VDmh!O(%_?x8|4?LHzpCAb@bC;Q;HQ$s&At#GgK2Uld z9(!}dvD{)ey&waPC=5pti`|FP-BC?7rlu^=h6lJBrWvvFT2}--@n&l0K^>?`zb?vG z1C~^kuPkwwr_Z5G-P(+YEG~a5B5oYyRqt1^Ll3y6IUtsRSMQXS)He}6Us7GYd3z() z!Q8n!RdMCAmCvT)xJ65)T(y!?a(%X7ZZnZrOxC$#It$E4Dmh-?N=` zvgK8kXE(U@^=R?KhW6fj+iCOIOf_7QHo?B;ExPJ?>*~zpo8D1Km4=M9d#tWYP`0k~ zuA7x#C%;*+tj$cF8}g7|yNT7X=y!k%J7|ZcC5`pOYrdLPP(OaBbUT2YLgq?21_ zJG?rs+L-C?!pC#=gq#`}u9eF&!d=_Hu)-fow25BPh%X%}gua;>5Wxm!de293VGgd$ zAe6*UUhTr;K!d8Xt3}?(scgg3sPuREf;GAaOUV+1A2dp)_ao{WJ9cJYTX|!MfujE4 z4gTmcb8SxKD8;VBE<%(`=5Ct=IV1I!Cf3YsrdcC$Od~-2_lW;DMF6 z^5lgFu9!Zyx>xXU&`*%(V-3*2589vIgxUm^M?0!%Jfn!GO8Z3Z0>*V~N`ThtH%6QY zX}YFP&rLF`@8&gfNw!B6%^N}+<7Z%vjaxiL6HOWHHM7kWZQs$k`Ho%7Y;~lRpUP^A z^>yHmRN{{BCrt-I{H*y%NO0N)HE(hIqd9*1hUe{E9Ol+h1>0_8bWBlSVFrG}{6_Gs z6RACF06Jf=G$@&UOoH+#@i41n$LptZE8B8r=zFs%#h!bbjimHPa{NCU-z(bD>PF(8 zF3I~YSw`}Cg}~RPoc1P~%Mng#j9<@B#2(k3RT4i4?c|?6zI*xtEIFEG134}lH-{_f zFD?Qm+lHzayDzDt&U?Zr!HO2xD}_lE>UdjchTAmQjg{=9MKZE-C(!)8eD#1PX3hMu z?&n2d^a{d6(E@}o;_vl6-3+n1>QgxsH{My&d!bWqb)+|ruleaCo1OzHgeNesRa5|KiAh$h7y~oVrne_S=QvE0=z6=!5XXdcmRBj`RSqc79*4 z^s^QJ&Sr`e52m;FSDv+`)mS<-A#83p1H;dbs-^r{IA626G$;|U+P6G2O_Y?BghHAi z#3?7TvWzkuG69Q-IECv8Y6bT3;=sfiGF1|FC#PQ{QN&`YWO=1^H+3E|8;k*4cXn?V z^zM6yDs9Ew3m9>mkZyvx@3n6M_U;RW&g2P;HEut%-U-}T??enPPz(}U5B5`G9?|ls z8ArX0GAn{mYZO#&M+@h3L*F_%_QZdMcktcc&PzK#7F9ZBeS$qt<0t3h7qL%ol)i6L ziM8sks&6-d{4d{ZrZZj6v;L}_``fjvs&q!r*_a!@>Sg_{EgS6d+a-N2hT{C%{%m$3 z?R$m}{PY&EK9Zr>aU1!S3xIUg0sWHf^DXj_B-SIRL-ucL{wyp1cJ1o*PZ13aZ5qFD zgE*7m>S~U>VmzJmOy8D~$cNVW?nE)7(3F{j17eV!bYGn>(CZQG3h6)8pG){7bgGz~ z?6F^U{r_4!PVIN9SS8v)^53aZgTGV7plL^bsoqc4lU5F$*)cdqsJ`%Pv;Dz;qRU37 zis|YG|4sG3MEdzI?-AW94$GkNh+jm-U(CH2FS-hvf(0u7>IuPv*XdNT+hjSH|Ai{n zNLL~Eqv550$HRf`x+xd8PUx}W$OheQ1H{&n-Q3$DI-e(rKDZlR{7Wu!h zvu@Jid9S6X&-(8gouxC!{@-+ei%+`KUH?DEPQUzqT~x0khz51sgvgOhv`=mi)^Pi3od{!U^nVFUcKdfRQaQvT6 zq<{8zTK#K4F3X?JukwN6gOnj^BJJ~aNzF92KNB_mW0kHmV{r9W7G6t_@q60z;0Zo* zmd;RAsdyg#Pf7kOY~nbArwsG$(SZ~PV!lpZURU)wIw;@b={{{)>3;U7I4UZc|&f`~qIJLiFX;WAxkcFn7Zmy+siqNWTdxpy_(7u=jJPAKUzoqg_KiP%*SQai- z4GH5T<7#!tV+}T8qWD2G7-Hi+k!x&|wv|OZwJG~F_tyEY%NgM!)ysPTp@y<2fX-H^ zi0Rz0A?VXGX56L2DjSZSq;@I#L`RGEm8Zs557 z<0uD6zgQwwpnYp6nWGZG{|{1+#SNT=2%@weg{17t!AgzxY|&j zx|*_8wUM5BuoUogw+K{{zWc1xdYn9UlBJPs0A1cP^t2kAmkx|Y^gK@}${SiWD2bAB z(pIV-fvjvKcr;0(8trYStGepoM@cv8!6hw>O{Y)q35qqS&(dt@Y&~;n5nTHr@KhaM zS|dY_@;ZBnFDT+jAcsF6+~pl*^*l_h)NpRgc-dsaf5ADU1&3R%>qndpRNM=~BdpoB zq-G2BJW~bgY%bR=nB7yh5i!}J9NTz!sn&ESzt)$i2KB^VwzIW}U4v+^n9%=44 z_`0b#ph>|0I-%J?k{7*z8|`(Gyz?jf^@DJK9WiqE`ByD^s?0z`aOhYb?pN5jcC)o$m!MKkAqts=;(J8>}8V z_%@4Xq`aV~s89-PB=Kf#DKM5w?C%;ATE`3dWD10~(9l;-z1H$dBbkSzOEzCl3}<#L znTz{X*BZMOg9UU373-|ZXZGvvA7#|-7ma@uo=)@H2yz0=t(pN6@;LoajDX*@)p=A zo%JE!=%zRYxZc+OWt=Ug5rMT;oUEW!J&;tt4q)XlvHp=4PX+|_ZNs*b3Ic;?E!0D& zr>=3|UUD036s@%eA3vHfA?4NuGyh;)`+WL*?-IIary{zA@%?8-&-)4XI=S5Dm1g-ujD<#Ct}L6P#dnxnXO^=H&69~DpRLyw~ks6n|k_Xsylh5*kS=g4f?fX(Pd}(*C5QMoS8awx9 z2(srMGq*NDs4M;>ZV*@TvK7-Z>P;aHV`CXsBIhZ<_>5pdSl=ghL2GqSaG<%`2g7g3hz@yOp#t9R*m@%u*{XER8 zkKxMEw|U!5pKnNaH~LxoSTkEYN(|O}_JI;lkVg3j@@`J$@wD{FH@Z+pW%huvs2;-t zKf4~=Br_L_ROwz)X+tAusnC61z<(~3^ObQG9Jego$ShiaNnHxEx2{fFb`Krm^A?W2 zpeUErff%J#X+zQGxzIe;X^8TVfI6{B_h(kkHkbEO+=);5g4TjRX7r*HfQj!wJq?-d zJLauHf$4W->9wy`m`WA{wm6@+$Pqg17PBD}DTk8&HxU`Uq+w z(pzvprO>b4WuOXUKeOFuDzSR9U`hUPQ|@leL*vN9T-Ap%1j6?t||HVCP244(@ymSKJ>g z8B!~<8h1eTO@JB=h~;{$ap{%XeNhM<5nZQr;~<~1ajrW;TVv%uGk~)BK3zjnDQB?> z%oW?wp#ElmTk;;&MDx*3DW8-xsGNxtl5?#GvC(Px#bBY?REi08F|yj(aDr;Z+R%9p30)8LcM6wL`r76tZ=f>81E<`^;|5r?nTPgVFW4CeP7S>u`}EF>bpNry zNRyYNuk~xum9ei8uh;l@x8F;-PFXewF0A1CJ#0jB8dbwNTn&3TFbDWLIA2ch=~E1k zfsBdGry*`9TG6G}tvaA61qnjuSHg70W{c3qHgYG3dlwwp!sUV?-$zLLBgdYk&v!<9+7U2$r&d1rOlKl(qIEu4 z*i~=I>#4y+q(NQ{h_|=m?QM(-Qb5ms6+Ge<*@z-eAG2F5%puEx7@@) z5^gEl!-G2%I-4!!lKx^Ttc<|1^syAJPEqXgs}G=_mBp`AnNA-M@+Lp7F*ypKo?Nc7 zpSb-Mek!Mz@UpaOW#hewd3wo0c%m=wmE*j3)KUi?ZM_-x7BOp9A{=%wu5ku^;1GFN zyPO+XA5{5cy{IY3?i;|(S~TE+2r=DeZ~3ghdXnC@m~`Ot#JGzeN$_HU^S?b#msn%| zVo;;7@$#)OH)2N%6s@I`Bpgtima4k+h_pqL;XaFk*+cao)toLbwXz8Eer0DZoSMb$ z$_?Aa&EzI>i0BubyXi2jBjdD_0NKi59>)`ToJgzc!Tpn~Wf^#AbWp!6RO}>U=VUFd zh2S*hrRmdBZ&&AfUJ2j{)EjjOGnMMG9H&jIIj(IVa|CbF{2lfU<+3*P8e95Q0^JgZ zEZ6rKBK>z=pfhd}0I3BZW!j0AJw@E9I%Gr{R$1L*WV>GNjBM*;ay7j}8lt;8ta{uw z@48|6o1L$%Z$=@TE(1%i7#!zYOpmSV_{g_~ronxiRq3@0zEIjGy{}O%9gQ}_VLojy z2K$th;H1EzV|l04Q&XSP$ia%dlX=!H#vtI;2JQVRCjlP6#MhDDL}rFB88Vw`PWIJi z=3*XeSM_nr1phpE#B;JoNN`F7ky5w{qGXB(d-(X7arYM9dNr{DB|Eo(3a<=!@dO(n#e?@uHkM}ure1>)ZxN?PZ3ksQ z*`hg)oozjY;!tF_m=a}w1v?Z!o%w7zRcDdvVk}}+r8Gv24dSe#E$x>-p8>B>>tuX! zG^-nHO#}58sZDCINAFS6)J{y!YJ=kNtUf-nNT`N{=5g%b`ko{?tNZS{-Je{5C|J-- z@BQ6yPuF>&zDHU|D33qq@RXz>z@J{om z$XDBRQi(#aMssFP#{Iq@QDK^fmDMZ!OL>d$~^3>RxaeuO6t3Dgk718!n~Hk8 zvd77>Ub+V?{igroAx7+WwVnd z?HI4`IH>>Vrlj+fD@u$0yvn#ryiAhK=7wmK-+gm+II$k|pfY{6j| zyJFwbql1sNTQSEeJ-tWu(Br$7Q%x2cmta9uR|L7bTe{3KXvh9y4F&_}-Rl{{uuWeZ zoRo}KsEVph);sec<=wn8B|FZeAU%0E!hp+XFcSgwS_=-t7f-kiwt=Pb@o1C6)no^` zs=XP1N(j4dp0f4sn;`M0umm7qV$K;SK#;D`P*3r}QJaxGQjuI0z|aaZw17Q~r=-Za zXK`73g_ILt6rWaFw%-i5(X-8ml-lwI@O{wByBW6FefeOdsK!&tWNL>d0AIFb*~FKv z#k^-)6-mo1p+*kH0TCnz1zS#i^9B=@ha^- z#?{Ny)Q838xA?BFtsW%t*lS6l^@>@!xL+QKKbKCPN*rM9o#LNv5i_~$3Z0^s>ZFct zE?w;DB=bn#tY@1!W=dKYR=@7TBC2y8`ec9TqKkEnecNuHHh{$;!(!(9xj1*Hi;bOW zQ`&ujV%_`w_fZ#stC-QY)iS*383!uqG?gi#w7qYeo&%;>6(wp}3-wSupy5(Ix6o-T3(!Mqbno8g2D{yw9R z%Ovs?+z(U&E8*`~y%MSd3_c1>t}x(DbONWA@1f~?8<^7Pj;MoCN-eCANt=F8V^00o z!4SRgFw6L0x%4vk<8be>mmxayLEFL#Yft)WU{t1VjD&O&>on$2h);eT3t|kTL9S?v zMsu`c1Kf^!xvud~`#pGh8*O}N?sdn1l0kCd&R0&y=dVso=Xfl1%j#CbyC!oC^3q_q z#?P8})>oT|?yo%7?P~lwp*;N4(oG}PZ3^t3*7_o76vfbC$t*vFLM2e83GEFm(WjmBo<(b&>F{wKw=6N4o&Vt)L^YjO zPSPo6^7j1wv@M9?uCn7SE+RnJhVK-lDmzD#*=eoXsP8EM!7*d^dfAxq<<2bf%kOu`(1qur02uO!BHPVqu5AQk&jwvn%OH1>)H_z z=IQirbt%VIoW)1LV_|;p7@C%sd1ZToqdqG7kdbG07UQLkuB}>pIGXgsKti$>&n=mg ztwxX&u&>o2jP95Arj$sgqF9Q$n6R9&C*!$_4Z}K8>g_9oR>8H?zBHE+S*n6mk#Scp z3yXIdH6U^a)8^>$x$W|f^GpRmnbSSOJ5a^}8%QmF zfa8|>ksrQ5#BL-4E-K$YfRf*!R-`OL%4yML%_`ti4&YHkbn=sS@6F6f?uP(7yHHHB z&>Z?XjZ9X)FM<>vmPILU-iIrcw#f8uFlc7i0h^a!^mzKNzd*AB_z9WA@Ioy-Is^J%{~)SNsT1 zhsH(}mqWa{hb!7xWG;PYBrned*CJq%;)RK#syQ1HzH{eW?qL>Kn0)#2jJNPayA{_+Up-4- zALF5whjsVqH^(JuvYsYJH-V#t$!3l~6b4g@+U_&QN{rI~-4d`jp@h8A^GI(Km7;xt zkDT%Kd?-d`azy`pmHw}cdA<8HwG6zOIMVl;5b61@|5!nR5~Qg>`J3{ z94&Ww=bfl35Xf6bK^{5@T>f2=`~fBrsfK(sfe1nLS(Lo&5ciX|ApDiXZ;WW*4+T-rJ^ylRXg(K`m6$k{Mok zoFhF>pbDZk;FYZ0_AD*)R3WDW8eI9z5;3B=;AVuxCcw$#Kb^l!FQ&0e$$=WHQxiA0 zAuRB;Ozyq6w}nv9(C0wfeK}>zK}Lz}_=WtMo*m4m2*pVWTAHc3e_5#6cs~l&c(701 z8Zot&g+Rz=17_J0Fxr#Eis~?)MCn7={fT{K?SwpP8R5EGs^t@X*Ug^-mXBKYoAzuu z%nx*{D_t;hk*&0g9Y?$Tf9$<^Jd|trKVFt7SxQmL5*67C$f zqSR@IgiYZtHpxkIdkU0OpGQ+XJ+y3ym?5?aLK$Mgm!`k&vVV* z^K|0d1oF_GM#Tdk-rZJZ{lX)%oo9Txo%5M%%qUJ(7@ljqUGpJvW4u>!eAE3)!BBi( zv`r6}_(qeHR_^U8?URT)&2*Q=@cJn2ZqCsKaerYOu~TgL+V>!Zp^_vSV%>pWNtUZ? zIvJ|#VqFGK1D_kLA4$wPfz{>QOKDP4e3!MO6>{eq=O$JkQVRO;4#lL$Xd#BwF0VMU zIyJYyD*K51t$B{YyrpvvT{A~Em%nKG1uP`3_mID$=945RAuZ+bn^p^hU-)6SN>wjN z5hIUlK;1)cZ2HVUAJH;__1wmQdvZb2_N$I~+%VK&`pdIaam`@P%!~6Jvy<2y9EqqX z?cbRoddy@+jpY?_wTP~$F$n{KTQo0KcB$dm_@ok?o zc|#qcq*cB}YA~~d%FLV9K1isTJ20nfN6gwFgcQmabrrv0D!CIi1`>E3K9#s7>=*QL zbzQF)o^ml>`?W3I1l3-BrDu#Yy#sGsvT303dJD4!xRei35%#rS!TNS9ykV>cj{Mr3 zk14UYegvtke>>HxUbe?-*-`F3GpZx15_IcTO7lKvHj#wGOVm8x*B=m#8HJTdHt+I_ zTMXyes{BVs7mf!Z+rcJt8|8(=YarVzY0S~e+|NX1I5*4cpZWaJQZ&fVJF6<*wR&V_ z$}o9h^P=)-d8eUmvlF{ztczTuox~84IA_6}x$geux^}&Pkc+e?z0Z80*L#VBHQqJ1 zJ|2u7EOAOW`Ll+mvrIdZ;QB>Vf5`aiLN|EfV8*vSDVs2VM2asv{++~vlTKqzavIF6 zCMT9rK8$8u|C}Bp=j}A!S%Xj9eE3@0QZA@7#m2TJ z&u3(C&$|n)ovCS;GMrsL7T}S{18=w(p|rXdl=aqP=$GpntFYY|G&vM*!C$Gx*V@0KPT z+}j#7KHO!i_BnC*%*GtSgg=~FSl8#_{)O^`qR;G!dWoEi4e1iBZsf~$xQlfKlEVq7 zoK0+9vy(*ZsF`hg3HcM$*g)RL+V^r5l_asl{o{ z9mfhtuheC6iLhzgKfD)o^{^GLMRNRNU4!t2t}htgmPsK14|z>Hw5Qdd>(l39=)f4^ zXy4pOs_nJ512f*(WAh?%*L(0a`mZRTGlI|2<>?PN>USN{U8xWBB$@|$ZFP=zqT~R` zme4R4>+Sk|Gj8bjhS4A|&C-A&*LBb&lZ3i!@xCJCxoh0V_{s(KKUFtD6Cd{JR!ela ze#_%2diAKICw$SrJu2F~Ln<1cW0KD$H7o0V9$9l2eYP~thitcb-R`&%mI)(F>lk}c zQr#*~)x$Y4-C{iPV4;7+mse$D!VsK=zjuH1sI@4IV3-e{Va{WqPA_DfQ2M$m$00W1 z^(0*SbjkJkNOdkNie7vmw0K23mEt}=Y`foH;ACj$@O#TUo3jVuZKeXP*B;M@j6)0;8(^L(pnZPgT}i@hcaB7)>H z(#@IcV##*_y!c;~p!+u)Zh=djZ%$d2EV(7A|KJk?cNWUt+nt ztE*{wMfh-{hW0kK5GFjTv2Wze-g%UDRw>jsj=Utwe=Lvx4V-IM-Zdpe6Te>0=n6Bh zz;~(yC5!og4y=;3_@n|fQ=`8)IxM}oo+Dm6cPz9b+5W-kD7dDfzz923@i+}%A=bb4 zVmZ;L{YqO;xJ=!os7cbBL3Kyfvb2rDXCh)lWA2f*?SsqS{UfoeOuAXaE_#EFOd&>? zZ+_;Ui%lh#V|?-*`}vc{g+or@-a+BwV3l6rjG$irt*%$v3Y<|0)n^QkwwSmjBG=`H z9teld23^S}D_13}T7c%b+l*ISCOqSTsY<^x37!xaumqhF-z=`UzA<*V; z)Vh^k1Y^MKb>0E_NE6F~)r{u1x!v@6_0et9M&(V6NTsR8wD zWYo9|t)g<+JGiZzo(PINeHNEE{**6`rX=?9frOPPZR0qClixvZO#Ax;(A_y>-{SZ= z>hUq#*bYwHr)sNjGjB4P(s!V9+T1wK&j_w?`oeD5U(jXDr->bI_r2?oXFT++&@#Nc zXH$$~@oWm;M%1*IZ2Wfv(#+%*;+|a zUCJi9_o-}sKbj~3=SE4dwlQHk2WaBY$1$fk*?ERZZxA2EO}0OC`nV00Yc<>}XPsR) z8ZY$Vu2^I|lr|FRmw7~HFVM`cO7!&~-woWE>kp56oO!Ei&jbtwa0(bt8Nj6>`HgDW zuSa|#MIRsBzD;}DiilhPFjx=*bko#GdI+cVXqaZ$i|zdA`!9d|oQC#uMIOEP0sVjN zm-5{w74QX+DjF7P-TyL5N^WrQ5cc|L;3EkoR!|S)9b_Z?c2cE^S zp8me9zYn$hA{Nbu^(QC)?47zhz^~*&PSXSZ$EYr-{fwk{fBmOCe7{n*3P1n1TYvvk zc^h_hW^ckjbocxf^u)p=-g4|$68`efAOGOlzl~mec>U0SOmF-3Eb-O{{|CZfZg+pZ zrkqXxpFqF80O{xV{X5UUlXdkGfblxbqet`mp7{$e0Q?s9|3LWvOEfG%dgwo}=PxT6 z#RD|d+TVI)r(x;8y%{3Y{BMi9L;W>iZQ^L|{)aq&e={If)_)=4cfS2!vHH1eZ5aNB zXZX6Lw82RB-^E7fD=meDO*`qe{Jr(^Jje#fFW|G<+u?1J=(`J2;H0#9DX`sVJkeH= zkB@H_J%vBGv2+k?XP4}DB~tqJqdylrl9nJP?$doP=gU7pd7}j(Mi3ck7CV(WBIKdj zD*7S|cHh_J^yK}uReP%x{8ul1H{ah=u0Mu6V!1cAMED;YE&pZdgCms@o$*3f=Ckwv zq-Ezyx%kMMOQUpC$=Izw8(S*#inj>-!~PGBtpAdyel%m~rv9H>6}m^$_yX7O^7WTZ z0qjeO|I!x9x9R6b->KB7hYEzg(Y%{*l#cP{U~li?!HXPE_E3F11PJ{}I}Me;%(y+e%Zp6QAt0NWlh|wB$@1wziB$`Vh zf$ZITXo4RDDulO-@z%e=;028K+WKL}h_C`^=jO-c7r@vLXxh^Mr_D`8D+ULXhG^lF=3L1cd=e#)F>p?bs`4%>eiW|yO7p8y!Lq~QSKpYOr zj@gmqzbr8TBkHM8^7yKo;qE(c_}VFT>1@!~10!n_+UpLpXuo_9=e`2nQG(jDusC!owML_<``&WamMxjjx6&gjQ(> z^nI|xAW0`iYy*1utg;7-GLPBAEaBs<|40lEi{W^1o@3v}N0iq9d8Gjwa<-^n)3Ksi zVIXNd)qkNMXvy|Lz6C*Pmq4A47JI?U`d|f#?#t8F2v1M$XxcYZEnS#D=;(bq_FSGS zjg!s-nibJSlv}+wY|iL~-GcdWTe<7oP(Rc@a4PI^6mR^2TmeCE+J-b z)9h01a}ah@o$Z@b$u%7xR@2Q+hwd?#XG1Ae)rx4I@O7f0mxKWa6FefIV~2Q@AMV*p zMMKZ>^J4wFRT`YwMkP!-voO%(4dBOfQY&yo*htihSQ|&XDGlaIY^-eUlmzq|7GG*F zYXghRJkEM08#f!KfhsSYX45LHH_h1hb)x*RO3RfYQPR>Y`%!EB)l!6<5`1fdcJPc# zi?!ue#{`$xndahvtxr8xjtuKpWxiK5R}vOA(VxD(V*_aItN1fNP<7&E!>Sy1M--WKfH4ROeq0p zd4QIb<2Vq=qMB?=%0yzmFT$M=rzh_^>kqM9kW&~1uZ8sBI+Clt2u5Hf*q4qQVI*=03AZq%rEL;E(bC;9*pPK0JL6a-%fYeQ)K=n0 zZ4mF~bP2MAK=4$^t8s5OzC9v(nw(a;pau3{8oTs- zGNEomuFt!IYfPdXywrGJyOTZ;_Gn=)xW;Hcn2I^FfBf=L=XJls?H`e-;hRD)Z+*p> z3JDmd`WPdFCGULxOSaGP8yW&!*JDVkD=}^$u}++b(=~3-hVH>$JhA7UU6`QzJ1Ydti#Kyr_H& z*P1(xfVywpf^JNwhWeYDnpV#}i_3n(V7Qg>o*T5aaU`xyr29&0tK*52R8$^8*2ybT zze$-86;aISr3Ip zAV0s>w%>m0u`aHGKXty_QJC2x1|=Fol`nFF0|E^Q2{=R+LElOE5D=37scxaRbQ4rq z>-(~bOcLYt3GheMnqyGvGYdcPz413Zu1KZn;T z=g}m+O$nb7bk&PC7CLs==CX2bfDGc2k$EO}%v$+%UUQ!ynNfT7LiQ%6q@p+qWxTs= zu4+c&60d;I&fvv1kOOkpp# zFJW;@JU7)z*0splLhpC*4Dx89+@n{E950k_lDgwlR?3A?s4W7>Uj3Ejf2=5=*E&fo>O`MDz7A%d})@3;uK&HxeDh6eW?5Uy6r?Tb&H!ZW_) zZKz7^1wJ1$lka7x@{Lg8Ws}x(Z)18PykS+YRs` zILk4`OVxRCyW4*E0)9%|W~R5#R!BegL__G+IM*17^gB~m+S}sK2l^QpU=Dkdgv*M` zU_vUf1ox$C!X8~3oM`p*`y<2x=R>#NR(O?jmtTKFx%ALnu|OOO%?X?f#?qlHL9qcz z(9vp*Zz5a;Y|%CAt7`V8=N!GVf`y%F_TC{cd9>*#9cQE4vflqO-Yda12AW`U)JMvd zbR8ui(Y!&%TYSQR)SjmHb3!9)QC(=G&Jt<6&MZhRljQzh=FQDUAo4b@Q8(c za4HD+kc|BRam(katFMe}Ku=OWo1EK3W}4>Q5zQ6*ov&@m_PI#p!X?Pz~E4nx)#9n z7NWVLL$Is9^Fz3#I@9D-GX$@>=P)ZSOi$ehIB34gjCrDuu&lYIOMQCm&ib@xM~b!~ zW4qdtBklL?+-V>Ze*$x)d|`%?Q?T*v%8yDNSesuhD5@+^4Glb&^x|qa)LDhpJXM@`E=O5!mJR> zB1QujZ;4uxdQ1A3@8U|D-<`tIP7chu6nn*qSx^I=JqR9YD~5a<`3q+@=Hp^5J#{&% zu&MTi9-a31PKcpGw8e$n9m^j(2AsjdRH_o%6rV(&){v6o`Hu!w;O8aza2P>WHferv zkdjV-AHt{jE-lz|BRdJ|as=Z2avN1g8SlGgSZ404+9Iw(B8;+ys%>aAOt`5e7CL5i zYv>;Q5bh1J?j1`Yjl`0o!KxDFo(@G;6s@Fh5{I9Z-L_AH)%aN)rJ!!L>&dq>yq~ln z*5NW|_qThoYG3@jWGmAjoT@jAG*q_HDY%+ytKE}yHt=YB-o<@~%5e7Yvd3B~#5yqs zWvD=XpTdXT8QQRH!+@m)&$e)}t2MO&X5Kfd;G+IKqs89_J*WJouht;$m~~|{2YZh0 zZ*TIS@Q1`_))f_7f|N$2{Ko?>hm?~ZnbU$cIeGptmqD?7&?k%=;vz@i^xOPreB@CD}!g{9|sKdpA9$;bCAtcH7j?q}7& zE}HT)^fs-I>lNb2rrg^6qm=>-kFO|4`+&p3{pb%SKdc|AA1p}tyN{&&P&tlfpKN?j zR`W&W2@~X-RrMaal7(9Ep=3GNxV|_oGCHF3dW(6TIK1#kdJSmn_+~>_nb+lXkx-?Y zzQ@a1Q8=V_m5|&sOQ+dTj@Sxt*Jn>8|HbQKX(RHQ?=Q|<%^ZVR9A=51J#)2bCsO;9 zKW{~Kd=+J`*vBmOdG%#*J(4kZE?o{gcfYrSRnN=`&c_0QanC7c`5e$Yu$PKaM7->^ zDRl84_`5qI$7R4KsO-~_*#G;>cJ6R&+l}HD?b-i&=Ks@itR7fPTmB0<>Cfw^P-{~A~S_!VU9z`>;Re1%?}GFP|nq~D-<+J8+> zGU#`K+P$N!$3WjMweoG|l1BeO8mI9@Zs8Adw1mHnc%ZUeQ@l+QfuLQ|p73>fnlBrUEW-dVhY6d)F9owI^H4(G_PM!k!bP z=wT&`%M{CTn`{|yW0nltUE*IaQW$`h^vKY^Ial1WfGdakdTpFpAl}_rAYpSd>K@$E z4t^Q82cjaVQ>9eB*nDF6%$>T!8*wJ4@|LLxlj>Hq?(xyvQ2i+xZ1O8xR6-9|^u}U@ z7%JG(2fk90K5{N6xf?T+>Nk_;`Avl`yRza?t|6q2=tkk39P`H)4xDvl2SnZ|Jp<3B zKvBmMhKn`(<4d)rO?Vgp$w_5zC91on+hd7v zSfHinTwJ*0u{Ztw{YT`_`zqwPDmH&SiGQL&Z%!=w~W$fr;CHuEezyEj@4}9GDWFqX4KRBeIioJ z-i;9%U1v2`IWfs1p!Tb9vWEU`;Cc_; z>iXL#u8W%9R5be%l*z{9XOf(vINV}8fDf3Zoz+S#YkQvJHRWSa#f=g(t9)GqqEiaXoUA8@U$!^N*l;VpYJN6Xh3S~hzH|X&0>$del1P#rU-(K%o=Zb3s zl$oK`s5>$-0q61qj#pM%g6ichuN1i(!w8t$1e+;dOA;ZWFEKgp6;{mh&6%{mxVT6x zYWSrR*Gf!|h^wo7Tuv!jQ>^yh5tZ~fS_08gF$ors*XFPhLzr0#G_cdk7v^7Oh}j7G zto_y0ZeG}4h>8!7MwRMDoXklq*wQ+)kolAUpsseu)mqK-^ zs9&n`D1CGtxGm0JXiGl4h0mNq5!*V5Z|ipP>ak}$rJVknMzGHR2nnv^jAkP#5(k5N z0E}eH=Gb$0x%Evwi)Q%JRG*~K*5)lo`vnu{@LH1Micj69bA@0-iqA-7xftOH&QX;y zyZIN_@Dmi!Ans!8hc5P-B~&>dISPub;Y$;KH|N7PD$X3Y`mE!t<0ONN~bA>0j%X2RE4Vb&oVkqfmR zsE-R+P2^Xb%P0IdYW3jq2ZQ;<@6k*s>z+KFUtW8&7A!q>FGGJ-2y=<#UsZ~EFv(+t z0KX_Ju4^UUCPAul9sA!J8!z^C4{${9XFZ$wBtkJ!#4f>gvIPp)Ak>jbDEqePb5EM3 zsP2myfj9NLn>XJ;;D5vbXyXXlJ5^<54`NXb-bG1=6Axc&564byTsbMw30vcOi7h^D z%gy|9V*kNA5C^nEFvTLb!ZifXx_E*gq52iAKH;xbj#gUq&m;S5k<$2to}ET<4-|vn zjs%y<5D>mdkufB?m>eaAh@PfjL*Z5C@1MF>w=Y&6E6}L#MnQr2MR`PazzWC`X75vOg6wgN_ zl6riRlvIbB9KTQUc~r@%;zswv-|O*CzKY3a}Ug++^r>zz0BO>I+A4b@smGYez zu^EJiW*B#LN_ka=2c(6VL-5$}%VL>k-iwW&Ww!C!aSztj0l$bn+1l3lsB+~QFF zW|Hpq$%7FI{1{Vt3!!l~x-Y>eFG2faE?K3)&TZMW@75vtJ?_f!tx_v zJLe*O^#F9RCb=^heV@Y8g%y)Nx-)-zmV1JLf5F8Bd8d9_3f--Tx;TLSaBZ{ro%HSPAdA3YTJw7#DHD^jpY z1=?ogo}so#2_w4CQ4_G%X-DYRL)zcH2)Yroks~0zs!0NgwIN|9IJxdYr_zq@yqrLx z%?+(2A(9^-wv8J{n9EAo#!TM--OSaBflnRYM|12CRZ@jvtCfZneHd)teTk zTC9b!Lh8t7X``gVeje4r1e*K*1lbw_s&fr;%(*?TWUljYbk{;| zX@E?7o3Zq$RrHfR5DT{F^+uqv*4pW|GZ}(*#TdFZq+P#(qXCAJM@D}+B>vnF8MKEp z3;%Xl%&#ltrkNAXz5?Z1u}Oslu~R8v?-n~hVD9o3io*zkhu^z(ob+C*O@1B9&f<3s zk$rB?5$|M0nACv@#ttNWR<494sIGQkF{gQL^9b&alCiT*R1vxPV~|U6T3CgeviO$u zWfG2NUE4y7W}ij+7?TTQ?Q^yr$&h8MtZ~AWobs4zHrr6D}} z2RnMt1fF^qtbFqHLR(4k+7BK=5QmJa+%XQc*oY=C(mZf<`Yv&4wxXh9&fBadtGryQ z=EHn!Z0wvj$!lcHp`dU*n@?lc6Pad(RC!=+F&18Z`u6wIdee1w!d{5t(dU?vY6(_^ z_KB?fJ9l?IX9yFJ0K(D!@lzY#V}TGbg2=dN=a*BCXLq0ad13Vl@X;C9rT;<||7_!NyW}zcmE^$HLHoEAG~guVa~BM_jmRi9`?R^=+-RG8xLRV zQ6P?_#EO`X^}O+u+FBW~OdG3hn#!se)yo~J!LR$6yt7gPzEO-=*Uer0;rKy7ho39G z3m{K&Yi=ympwj6(_qVU~Flb8sA`0K71Y&#mn6!(TANH;BAf_~J(`St+f1u2DZ_0+hp zVqh6_pH0U3hN`s9xqQ#L^DUWA7}&GVTQ_IoLBvPP)dO{k+sB)6>8O+OF7TE9xy4Z* zG#{sLudaRy?>xT}>BaIu9r+9cFBk9;y@ITosYJ)_xs1B_J_)yp56fY$$x&mqnApL? z(Mkw1L3q=9*yYv5QO};`(gJWQVrvth<(lfQ5exe8{1C2@d#nIXkw?{bAFOW^XD{Yl2!){td9#1|nih&&PKzmCf}VHGVE`GZ?# z=@$gpRVpi^>81%DWvjIn>w+pkb)s3-@iz^rb?RFZntXPXgo0&3!J8-SUujt+R(!q_ zQntb6pQ$N|xYR~hF|&gOm_>)<{S2!~Q%S=?x`q~RYQR^KTk^NUl_r;6?MmnG*tZJI zZsNhe(XEu-olpAqe2pDTSJ((`Ub{_b>q+5rH_OwKxqn(Sys1 z4{^Bsx4a{O0Pt0I$OyZ5<2M@ zv#g&@)5*dQmu24&2pn_LhkM8RU7tZ)ofaBH< zO0J`-%!-v73FntYY?}h-9W8+w5K53~m4r5-ZaXG<@xaCDjM70+2)o#g(lJu_AJnYQ z@|4G{8c5g9PO9jfI9po8L=5yQpj7-1VB(&C7fZ=E%H-o`Dmpt)8FD3u$hQC$XFhM3 zLz0NiprmRZ-*1|l!unt)FQ>%gLlb6gGF;Pj?9P%T&`iOTV2Fs4nplB?1A{#}Q#>d3 z56TSPsljC@X<#4K6vHEH@D={mfH-vH!CMIl1Q5wfJzjMbFYnY^`Flo}N*{lpZn_FBlM?y)jUad50p3eK&BxK_I)s(7Rs2oi zga4BMoaTnmGO%T8g9xmH7_3sAET`LtNL+IgMY@U9eJ8}&_It8uq|yxsmz$3sTW*$) zw(U)+YV+-_K;M2QJYVa-a7_+hqS^73+pCwoCr4AF=S`|l?dCkLz*0tLJ4Z3t4hs>h zk_0Tq=HR5RI!(=;SaS^9{EM;-jfO@A;NvJMp4~47NmFewAZMe*=|24$_ntwtwQa}- zo6_@5ic&M)TU4`L>ki)QnzQde zoLQFXYGrepss3X!XTy$5$f^mrG`z==BsKD`)3K_j_TXy?)y%jOcAZ&%-E(Mmg06cdLZ17j5ITHQO@oy` z;+o-HvC2?D_nM^B=N=p`3%T#5R^NY(T76bL9UFf_(V_6Bj!VaKiyT|lK!7!sg)BDQ#{NTYvHfzcRCT{z-rrpOUx}nYm|nl9Gya6dfg*rL#gfzW4;uLF zZ=ZVHU$#Zd(0zrjB_+HmPzin^I1#Sqk~TmZlbDI zWUtBRm%X)%bRPBUKNlrDN`ciK)qt%IIkIa=gGSc=z!}7Lo-(@YPeMwI{H%2RzN)|- z<GX7bE4w?kMEa9UVgFfjgRzVD7XzU>6kDT_tppg zo=3C{2DpW+I10~bz>>(Iwc7@gKW*fkdS*z-&pdXn5@aoO4D<|E=#9(G;tZ^4@p&cy zCCgn7@DYG!P>z&6udhE4F!3r)1BM1|)L;B#es>KN*p8(i_fQ3L?2ei0Y@%B11~NHj z6n-Q1r!588a; z%Y$_DUPAUCZ1@U^SMPCa_g2h*qBsSH@V!f}t&a4o#n3MYX;@E>p{nQ#f zVq>UB{iSGkirYGjt`eKiFaC`Rc+_Pz2PR#+$ViPoCbG-P>Eil59q}h(pT@>Ik(bE) z2fVC?JI-c1Dv6%~TB@-Q^`uFFeK{@w8^s`(=0~#kyA|0c6-L85-QShw%KQ8q@Y#w& z6LXs3eA#4o?@Fi>D0<{BMF40N$I*xEx)BC*mOnbBU)n4afxgnxw_EZB?2yh zN&!HF{^YR)P{}~A=NG!{EPSm^p>Tr=J~6R#$R)*d){;HT$FjH2qpMG-${Pq=(@8X| zo2{UNWY)73HB09ZkB%ml3Zs5OQRz+mR#B8Nfzxg6c7d>UUx10<ryw2L zA;sq`Q@7f<2zr(L>Df(kh9dgT#{x3X*j6n@^`l@R}Yd1i#= zeQm$_yrpi+fRb@Jk(D2sGA8c!z#-73>bOVX#=4FyuxAVvnke$ub?R9MjKtY771`f2?h5u1eWQq8z*sR1+oly@8J zxI{g+%qK^~wl?@s{nMS_mV-w5vkwWG_ULKG`D7qVw#Tnm-v6PYV&3P0X&Xv~UDL3$ z&XuApr4Il3c6M6Xq)je~v1)&pN&z_pf3#~1(#EH_DvEV?YXSndK=ZU6C{4I0aTu9=Y*Pp6X4;+eSkm8tUc0<_z0xlHPoS|+Lq z-Xjs{FK(m#Y&jbODft=BYPf2VCj3Hwe?>1F%+#c0Sfo%S?=MDQ!!G4VgaD+P^1mDX zY)ioC=NXmdM)(a?J6$uWm>XPP*E*Y7MW?MjTvYKE0~SiX~kfxobB<2UQ?f=D;C)yi1Xd+WV7eq`cX6Sr@@4~r$na8#j zgEYEA+tQw(C#&7jtC*+x`d9hcePymRWG{0&?NuZp3-~8I{?q(P`5vfRuy=LF~ z@)XL{1}PUE>nzX_<-eX_ce9w5eKyS4e|s7{GAJ`q!s6Z%^i;Z!}IrSA$t{C%p@9Te)HdUc(c7x-SaY6~gts#z+5=V?PIc%9kthuCsc!Uj*gHdbZzrm?Q5tGSztK zYDb^JzY&-Yp>2W9)&N4(H2@xzRh~mjL8C z?fyvR|BWd|T2}8LzpzJdt|Gb8d{7FwU?EVVOBHF#bNY*VCJ+VXqnlEJ?4KtZ2wz{k zI=kXOD!Ah{A2~YRS3gqCnm8MRDzS@Y^NKD~p-r5Z8cuIaAN-ZY_wGSr06oZI8i+XLyXjzrdhnz?m~XFX^m+cjmqV>w&e zIrS+szOV5{inrX52aXxsYcIS1$Hv=BMSX7kqz82#)aCE&RenVudO})s9??SA^GaJW zfdb?zY~Vl@Kc{t* zs!#_=ZaqZZmgob*`*){NmRnZkbHE#AbHxut+u##9O7>t;F1f|WlcgKPQE4SjkFF=| znXC~?MGnSVe?U+CV23jGegKa0$;w{v7s>wquk=*f{v`2Jj$;!|AwY=zEUuHZx}9_5 z1Tt=4HS8xO85SE*}49FCc< zD6EwQcIwVQuNrcGkN3E z`KG8>hFf#_`a|Vd3x69FehH|o8x!BK!!N;IvF6>578^r1b>_8jU!HNhXoJZw_-*Vh zjSjRm9fW_L7;!JJ0NOyFb*>rp#@QsfB-+le6_t77x|yhbsrO~y`LVWEI`qr(0D3xJf_Mba7p2 zz-{A+SaNsjMcXgtZcW-fTGD1|9c}&qfJF95s=Tkef8y=Nr(TH`R6oT^+42B=yH~oL z!}5~lKIdJI>|Ss($Wzv=aV>FM0`LVds2J^3b`Bl)199XxJa|*6hTD{;pH0Lh-ojL) zCuROU10qRu;|p^)dqnCh3qn*}X5Hres+0Zo9c7uW3ur73o6NFTfBGgrL`O%Rs`&I* z#;gR#;>{&)u=W6%jI}4PE#erSam6aEZs&AsfR;*j*{@Zf*)~*d2jr$2gn9e}b(mkt zgT*((=xtaCtG0Y3$ml@#;LZ|IGv2twUxdI^~4|Cuc1+Ew_dYO9$O&p>-;)-!@1Q&3D7^PXG)*d38IJ zzCrQ=4rO@D6-^#)DELK(Y}c`7^0zp4{m4(n-z`0jp}Chn$AOT)v+`G^2tlv|NI`#V zseiC#yB0^>y3_F&>-Be1A1Z_CrTvk(|cw*(rQnkTXuA{k0MbRYH?il2 zoYbf+v7)bg%!@dRBXDn>?ub91p(Atn(6KqHMT_dZ0P5+FCmDA7B0H!|p zb}!HeU}w|N&@aQ4yR1ywvp1G=nBNYjzridAM)WGDQ)nmPo*%Q6a<`s3oZ4A5k)Xsq@Do~`4x+h}J-l64Sd|$YywEpbNt`WPxj1~w znG8UDirai3>$umkze;I39w@pF5}O?WVN>p5_@GkVCK6knKQh5H)_lS_S`@JsHJ3+^ zXxapF)_#Pn!ilOiSYQ{XB$3OQ?zjqGLKe)&UXVRKCK1x9h5#2+!P9}kPf zc*g_$-t@OL9LiS1^J9q}p(1Dihazlaicn(#H!^P3Xk4N8)MnkWA%TK`?#rn?uWt=rGv+|h%8+$J%Hh^)&z>A@v1pgYiKZvr&Xr%D0^6BWu0lr^NR8yW zLaggN&4RP;P4JjGxs4a~Uocu3Wi9-%rGm716dRXB6dMaVf(f?T?sNM5Yu z1oH}`xFgh(?)Z+?BG#<`7>V%yx?)gKx~Oi%{F9%EBY?KmG`9h^C;;DMGO8-+iSifH zvOB83aj2T8xKU;&RL992yY(%c8$l|$7=shU`}8xRe(vZ%Asxzbi^A-Hsq5;HiU&od z?&}ro8vFpBmV0B3|K>IzG4GkkBdbH95fAlA8%k8>zE+~0r>YjOY?(J-V2;M1S0;(d zG>A5^p4mo$W5EJH;h{+~T6XmeX)_=#ijI;&A&5{p`zE$s;5F~%o)=i(;Iln&rEclM z($YMpq2BM<3Fn`hea5u@X6%ZBq6wfJA=zy20`&Emp`F|CgL)p;=hPUc>&zu81EVS; zEXYsI7h;M>A2c$~@2y;$GzXyKY_WAzypJ&8e=(<)z8Ygn)5R-p;5;i_c@#VyGH%vhErjO% zY>4pkrpy=_lwQ#OD&}fuc#2>nUz4cq_hUG#Z-DE?I95F1@yqbvsZoZ}-ib96*0wzU zIryQuF!OQjYb1<*r0HNa{b!6RsHU_YU?kEgmJa)7E>{lCtK2^r73J%X46;{0>Gr^1 zj_-ky#g#I#Au~Wb687Bw3axl-3)8jv8R#ThSUu<=>ikfWe{mlC%z2n|W9Y`;MA1J~ zdpP@;^@dqir;!X_Y&nYB;m{}Gvjv(5%7tdy>^jxP#X6VRB)-0>{ru)F{Yx)NN6|+? zy3O1A-9IIgUkPt6&uxRXY4(UwX{qGK=7;dyc8WxhYki-{@&S2~ZJjHgOS_w%p_BTf zuu}=htE5zKV=sCnBdxw0`=eTAcRxn`agAR)6|n2Thqn&=)FVL6PBhx3DfsA54N|?* zZwmdcM|Q;mxKMW8|GlL0=DU;SO=b%J)5q!_8cH+=@Cm@Csv*m|xR&=B!26c71+mj& zTrn3%?q?`6L^oZpD(#dly)Ryzci-#jPic$%?tGEAov)H;n+O4$-_r%h?m_4iZLrnD zwn-3|;PoAa%z415t()QTUs%4q-T*w7mnBY&KS5f)Q*~gFG{ceqibL~V2OA6tlcFHd)QnOi_F-q_B||7FUm3?E426UkniRca}2yZB{4UaND+ z)aj2uNBzrBcIZh@2VSKj@bRw$?)>)$Im_FpIQabtzW{M}w&5-n0s=s{4i=3If0ycC zM^XTc-Rz6h+P_i%>mxJ=fbDVganuj+#6ME}P+1%BDE;2>i~SI(-$>b}3GxW=Ole=A z-mPwltz0+WvxiCT+GUknyF~wa@rf1iXZ|m%{*9ym`?BXL@pS1w2qX}JQ#RN$T|tv4 zaN%;41OPMEQ@J?VvmGq@ZP9saHa^=TzU)~U_`>g@{dh=3CDrhl83A> z&so3oI9~H|$C?A$b-yNq20Z-NSDwwjT*qExQvK$XcHOP5rsrdTeU*Va%x983O_p!fz32?#s zvd8{5EB8iDJO|t8BC&?)oS`|ERg8>GcLjF5-L?}n2y!m%)KkZuduBu&Gh!+Ot;PQq za3^j{M&hoQ$DY5x4J%xlV}V<#Htc8mG9M++1EnvpHi8z)FRgo;Hhb+f?Q^=~#!tlb zVrJNG2R5LVt-QQ!>100}McEDi-7m%e`}ADzii##QtpaD5Sf0(w_xTE0s(};$7t)zd zPt(m`frc%<>mZ;e4_Sb0JjHD&|ea~ztZdBAMm_A$St#cfkoU+w~%_6Q{iP) zt%gDFuPeUF-C>GwKR}cS7EMe^WE|^XJvUI_;UT zGKa?vSf(7bc=gK%y?gv(*#YgikEcxP{`@GpxAXZD;H~soQ-kV$G<$>hxIBx_*%H1dwncn9+|Hlo+n>jnan%_`} ztppAV$^QS7UUm9^&fIO)ufIi3?)&#>B6!J^t^Dopz=0Lle_4&Y|GjD61q%UYRRsg{ zfKRXBD`{a#*kr{4;Gr8+&)I$71H9)_4`ZrRs-v1 z{n$XR8@6AcOum^6T7Z11Q+@87WxmyQmhhpWgbl#4MBZ(J*W=Oa4F`P=;Hn0zU{lS zES53<45r3*xvCWb`qv_od!1gY`OFAF3|*k~3{gDlAkW<+5vcRPEbGdPxZIPQ&)Y?> z*aMtq+Z?cKQRlq6UoV|JqobmLZ6@Ga&xIxDZ9e-fECF6;sy$_0#@<#gZPl#oZ0#vq zGJXR`q9Rx90WP8x^9tWmo4s~x*uqa;Y_r^fhOgN3^z?LbXkV^NRTsD~zhvY0_rL*J zuB*S#Tw2Tz$1Q^1k6jHU%M?}mtgi9U<4SSo(CKv1I~njTEx4<7MAE&9OMQLg8@f= zxt7j0&yNE|z36ZKzdH&ab5AY59{V5IfWEOIshw-OestK1JyTnQmYM+X_Hoh_*N+R) zi1qf)URcs^|F2?U32=EYFbx@Px$!#x=clKwr)FEFW-To7*R5Oy8-hzabHnK+a7gaP z?~IF!k{*X$Nd-0EZPyVKVFEE40L7p>b*UM$KAw|jJyU$s@HYsD5TJjZ?1f-TM z{d@b2=VbNo`K_^Qa{qq4{yvHCB(O_z;SN*U8Po4SUO{`?Nbvwqs19?1ht*s?>5##O zC$Nh_dy+@ZLCU%)g_Of+_zbo5!vkD3a_-c#cZ)F3#6v2mB`O;KvkT5`mV9Jad6NMM NJYD@<);T3K0RYxHwEh49 literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/go-hunt-event.png b/windows/security/threat-protection/microsoft-defender-atp/images/go-hunt-event.png new file mode 100644 index 0000000000000000000000000000000000000000..cf3c5d405a93b7138883e96b291e8c1d7369a615 GIT binary patch literal 85534 zcmeFYXIPVK)&@!kMFhLj6)6^^gLIHCU7B>1A`l=-CkPQyP$`k#dkHN;=`92cy%Qi1 zAc)ieA@mlK9A@U*duGqfHRtE~bAFI3Z^HXN>sjkw?S5818X0J@oMk^tMMcG;qpkjg zii(k%ii(DjiQ)83!3myuyVv}*5K7%PN-=ZmU^x(LLd$SV<;NPS}J1xDbt#_U8=F78Tfw~Xfmv$33^IjtP7%#UzX}Yjk{oA9B@F~mb zIp_B>Xfo`1!KeOA$1?|K0<4enEtMcmIzCOJ@_e->F4rEM5%`$*%*ZKCft&UTbNu9N z>o=ZR$$P)W7J=0fe6jasxAvo~65(#8H-=H$ikGt6`5 z#(3qv66-2!8R%BLjb8i+e+J|MIfK_mWD3(>{92EjN;);bnU~s@K2%h!&;IsDU7`$i zqoU%a(ot764YXUIIn$DaI&Ry78e}asGTr2NHov3pl+5(8$E?SwxX-cJ=7v{SAj^%r zCTZXOeEJt5@ek&HkMlpGeUc89*ahbtWY$^-*GJZNR!7brzc$FKJ^-ONLn1>4h%Eq^ zJD*nU^zFjCR~puq0 z;hUdvVt=gk`3H^6?CWaN!MS~uFCCi-74=_V!XDDyqG!NU<(*-`P&$q2Eie4}FIDPq zcpZ}0nbQ9%!r!-1Xw}9|eI4-5VZ~MT?VD08M`Gk3ayprx-sXZRW%;+2PA^Nm!-jt4 zl06tn>p6Z_Mi>7O@{P*I88*5;M2Ke8KbQYQ*03)$c?G0L5^2A3NT9+uxm--|IR1Pz z?*SbX%@S6rp#4A9t1?X^pi;sS!F)2gMw3qE(2)CV`bstRKNn46Vxz0L=zmw^-<3j5 zCobr~NQJj5pr^fYCbf~IrvJy|Rpd?=ELKYr|1W}`V^(M0O)GxKK-%4Vx<klBW%D4{k4wXs)#tUo0 z_g2Sr-GVYWbI8`nX9Xq*ztvIyp5@i}RkEDaKyOVb2?VW(%kDWh)6me6Y!alQ@pCIH zx9i;>_W8U0E|;iOxTz$yJ3k(xSuB|Pb9V;JY^q(j8Lj#M+#a<|*h@Y-JZ~N;w82en z#{K5Ce`>PsRFi$limLK|80}93QH4pKQO~$FN_SGTsvXuQDHZknpN}39QehK~X}BEo z7uo(Upi}u9t`iCBwxKr;uGt=VX8fZ+jWqG(4KJ@2{hzDCkiYn9nW6$@|q2RQZ{TWai5yEg9z)jLH^36kJ5gwss$rKf7pk&^KamrIA75ChyMN$<#Lru&?H0S-uw672bnSA z6V!5&lRxZ``-%R^ zMY>Gs4G;m68*BZVrQw;)l>iZmF^kG!Jvaw3l_{*P?~MubUl8;8%NqtNWTK(FbR5`j z+L-%BRm$`fvewtt&cYvHexKjj`8+?E@6s*0qhdpLk=cidpFJ(F_N5Aid*!5h_Mdeh z1V&L38J81#*VLwZMt#zIJuihOceX;V*1+z_kc)~&Q>$&VNu@tafhfV4$6?_NZwu%@ zWu?a(6(=zl_ok_NB_*BlwEcSZ*Y835lvY93q)8;);LBxcwLfv*bu}zepApldCK5z$ zG#+_4RK4i^!wni3_HB7#qg&)LWISV5r+7zx|N5<*5T)B`w??X9XXvnUyPS<<<#SDR zP==7-Tb)@L3tMT~MZic+sYz=-yI16++Ep)~lF?G@!BXsRcCS|}Jm8aWr7f7+nN`n` zzW$;hlz_ors2I@)`Wi6q^|B{meCV0MQM!zNf6$`ojkJG3URO|9KXuy+#=0a-66wy} zvYVdPqw(!g>fEolbni?~sCunqZ~gXW4Kb9}Pmn7o6hi$Ck|W6y1A5oknio5D!e0I(z?+q;nH5 z#Wgw%6toewY7Kf-W1rleqBmo;w4?-mZaNK0Bb%ggqFPlQkTv_XVPCcA{Jrcgk|{Oj z$)?|owUYkD0Zofk*u&pknUUM7@X=W6OBAV)I!PYPxvOOjE=hG$yJt7+jX-|#qat=2 z+6C<&WXvt~zRAUDyu(W^j zKm*(LwRymej{>5+u)Orul4UXaS@=S!R;M*}eUkWIKVe}y3{f|+x|UPcJv#UzxEj-! zj3z5-YubX5wKD|qmIF_3>qVkP_AT-6>B$n?b?hn%S{VDi0Oa(b5=AAsRaP~Wd6fH@ zytdszzx?;gFqy#DLSQRt+= z9StT<<~4M8=7aa=A%_A z11r-y`>>Pr!!41U2pe9tCjU6v{nt=)vt1}%nHS%oG6 zh<2V_x`2h!DY%{rME_slX2pwFZR>yq#20Tz_EnyvaUX)&=S(eNx=rp;jMDDP4+a}Z zvQ0GjY2h%c3y9Kc;grSg!-?gEiMi#T*k?6&-v$bH5B%sfO_s6V;Ko*qLm8+H;|n@l zE(QWsrU-@hylfBc2iAPj&M~zpo5i}VN$We+aB1;=DPsk!YW*2T{)Xdd6%DG*ANc~$ z4XN4Jt96vpju6pl_qJ0ItB>cGSPF-?Yk&8jXBVrL%e5GCZKIbc4s@iQ>gI;M6=WKt ziN(z-i+Z}2(>CeuR4zSLZG$a@ffa6Fc_tI*$e1mn;j>JSh1B4C=8&Gm0a*ZQfJ&S zKihS!S78-#;c4tt>w-R0tY@bI4dm-_VsKb2;S`^@%e-_EZQk(ZG_or>ARVCo2pjt+JT}M*L=CtaSgavhxYg} z>2cVnJ1Xd|Lu+`7z5heG3y$$sl#GV(l!n%QFK~a!|+dA0>4g&pjT?f<6P(5 zSZO}hKmIkqmClGcSiJ<%M$hq8NYQZgPO2FuQ1pXP960pT^UB`JN4r@EGzEL79w(eL za6$HDDE1k#WKjz57dI`wFw{m=jIdcsQTEKNZ_Pfy{^Eww5+?aBr3_MrgD-w*tT|s{ zG4b>PVo@Am`$OGQ257O-pGT+z*>C$9)BGiay-_JqVZpTq^I6uoCf%R8zEN5IiR#yT zLS-EK!K`)NJ^0cUqX%n``G2RsxgsT*s0NWW!lv%$9grTUZLXMzyH5Q2EJbtA+g%hl z(Y7wt*(>vEy-<4!e$t+C??vVLXKNDel>M<@?-D7%K$b{{iO+(6XIb;JaxZZlk4#qy zHj++Xgk7uthZF3kybMgh{{F7NUg~9GwuZnthRLCt;)6Hdx7>OiiqEuRU10NQ7)8Ub zYft`2PIPQ-sVSc^EPU#+;imbNn4%Ed{gIvB9cjk5%0X(yx-yNwMrrTfn>2{sK$$9~ zZoxdJ_FQE{51hq)%r#1a$9^}8+wbqiru_1|1g5O=rR|6C-2fe5`1tE9%OC17a;9OY zIytEZ_pX|iJB>qgiWS*XV`JeqH-bLWnAle+eA{s?EJ(6@NFd6BwXKosi{e16c#va{ z^L7VqUK0K{a>%i3a(jh#`4AQ9&P#|YB?PIqqAGIp5VjgYTC6jiR5i0%lpg_hFJFD~ z&GrUsJ6}=l?trl-Q6sqHdWoEOn*+an|5$%c=c7sx?n$Fx3EU_&Zd&w`p%A4~c)P~~<_Q|`wtVm~NJ$cbF^s3(Un#u+Sk6=o${ zL^qXZYN7@zO;odAe!C2I@B6gvo7D=)+&62Pa)0TydCwJha#TU}tp-H$=g3WbF>Ktf?Y%r{mRX6qE#9n~;+Jn!6JYcwR7j7K({klNxiGd5`Xu-xCjtg{bR;i>Va*Mw!(E;S`` zJ%DggwZu|6iiJkG;%tFW6_wc_C^>RT%|N*vX-o z!DYX~Mn6ryHTT{yW9-Q)=+xw-FVXPujG4$#a(ivVN6qJHEe2cZ-EJ$yCBZ7L$GDCp z6FS%XuHLu^v!?x!f&K~*!XKRFw!I40y<2yvd(g4{O-t9=&T`@6BQ3h*6j)rdk`>=F z0ewHuU0-ykdeBe5eV&$dEbRIi-KA09o`>Lx{~8v|Q>nYl=Af}TUUAcH!_nqi>bO(` ze6}?mpf9`@gFRVX{;cwnCukXEnS=@(NQ6KKKbIeGEMKcyBQy3^p|ShLbhft%6q7N(KWxTewWLo!y!= z{%!Hq7#lao#>K_}r|s0JyHI|8519*8dVMjlf9BfLcVWBCbc{3Jw5CZmZyOEneK^R*ktq zCw@h1wk}EG5Q6OOED+h`am7!U=J;~^zjC;%UFj0k!)(*f(oz{@aL}>%-jH1~@tPK6 zF+s0*BVvjmWEezU{mGx}cV!k@`7Pvk|B?r!99yBad=FPf8VGx{_G5X; zWaRo&iR`kImbkZR?x+`)MdH8rKZc1z4Vz}ymc>Sd`_eye(S^;Q!MbB-5TCc{?y;SW zKE21*LQ%EL4XipLy}$8{h;^8Pj}Yj9^|J^0U9Tc_dwb&E`Y*xuSA}AbId?^n%dN>y z(?cGA@(qRByf#!rm$Rb6RJf?GKVWlZq~eRYC`mGy^3CmCHcSc)d9Z_C%W#FEq13I6 z51Q>ef(wX!Rw3yDnb)qh)QHcGDLa(dz`cASbUy zAtx#0f-ltx0jC42{c1cBW@l(kyv#4>sg^He>T8Q5M^$nSx^eM!eH@K5VyoxfQgrcN zL1n%Cf!Cen-nP!7J55`VBUGmUJ`FVeZm}KL7Y)Y~ht&eoN$m}(y~b5{k(V-pp9fi6-P=a* zb?V8KeLGDrpYjnk%`#c*63>dEp8TvW`?=>H&OMq$1D$kl?6tLTlP16xUg*ai{U9@j z09oVn4ZV7dP2~!dtxI+TpK4~qw7O|6^y95N6fe6bq)FHOeh*vdI1|v_rE2jZT4B&r zCXV?JzNLgF%#~UN#mPeF-cwYnidV^Hpp(L_w7H_*VNS+0V>ugf#Tj0Y-Ba{90uVOj zw#3ik>Af=v_UD?DXAMyuIy@q54YK%K3ACs%^A;=Pr9R=Fl8OEP+!KLchg!~I{qno< z%Q+nUF^C+s*-MktaN*ghDy|2jrRS)y;MtG|W*~6eJL{p)Ui}P7KkMU`k_c;s2CF?L z@U!=(woorcXy|41OOEK{d5H4EB#Y)cYlMD!W1}RHJrwqFsN?nDn$CTgW%IW?vzBU+ zr%fx?6yp6)mhhBa`6>8C=W)v&e!x|;C}4HPfbG|P>{p#iM2fbcgmpmBq-NuC(tGb- zuyofK?*4_$ftW)5AI}Mdg+ED`=*+q&7{a7_wsL8aq%ToIIxf}%C;jbP)2HH8^e&hf zoVEWLEKNyCN;;Zdqa2%AS*?O`2mJi}u%LOgC z>S{S_YNrz6xP!-rEOgYU`NyUI*E)Vyripv|=Hvd$`HqL;I&n|JrN1v4(P&@{179@qH=wUR=ib~mr|x+nZ46rZB8>zzt!=_3han7x+SIHECO z%4p_bH%LbpZeo9>Y{0HZx5x~#GRRU{&gcfoF**q!D;EX9X09w?fo@=eV0n= zlK1TrTqRRB(K<45H2=QLpJeqvzUZ>0=Atg4Ryl?L%Lg`9v~M)9P4nHi<*7>irT}!B zWwUSyuY>rpN7Nrg-M~r5UCP!=0mI{}o6RMn}!O^rf)iU)t;ca#Q!&iLf>e z=4;38MdDP4&GpF+HEznM-nSH!`1F$Kq+m=K+G$?#l!%PbOa zN=K#NoKH_>yCZs0^h$7=`2W^om1b@z>39S-73KznFwlrx4>iWD=@imv(g@^tNdNDB zFgbmtQf<4Bm6iN2^#8w#8>UW|dS3EE?fr>jji{@ZLub?fOjG|wy-d8HV`!r3`Z^Gg zGXA&lY}$`bj~^}udVKnyCVrzLefE^H{{Nr%2Z#Dc2mJr*@4v$D|4Y2&YF?bGxfU@`8@|A-#brw1BMvh?0b$;po`-9D~R7M-1+*x3nWNPBK0 z*G*woQp1(2V^M`5#O7rbU&;7m<-A0imZ$^k<9Ioz$E)SApnb2JnGnZ*8U z;8MvymFeE1T%BBV)r;uUfYHAkq7= zuCDXMm%P@UH)N92;-@P?s6BNEu}ooUhe7$V)>(0;r{?B&?k4U>)*Y^MO z@boW;6;cQb+F8=cNiaxElX%h76DIF z_>K-LEXnsM#97Kh(uU3He84|u0d^*$qjd!ePDZ%;y>wp4fo_IM2Ss9 zZlfS*K@C}rV5P4W$c-)Q9m7fa!P>^|S!g4USqjbZa%TQEA;;b4piMciw_ibD>!$O>oHcL57FbRSKR3F&aO_#QOQ)7@_44ymE zF*q`Z*{vl4XGyHyJu)jbCRyA65g5WAT??Fhe{CU*apT|yXm8bQg_9md$qB{2HpK0Q z(K;V)MipwtyltxG@V9@lc9cuhMryymBN}q-OHpOf$IJUNJsR5CAJ*zz;@2yjS4!8i zd*oyZJ?nD&7YMlG2WOzdJ8BYhLvH>pe*C+ddEcl!W9lQ4i7Hz1{_E;gUqt=o5$dN& zD*md_hfWP&x?dP6FTUFNtNkj}m=yQ1!pB;4F1Z<||7BEx?o7+xxV893x8OoEp>@X| zUAk{o>(0*yY_)7952C$^_h4)#R?tc>+MNsUzc2JT7!hV9}(|oXbG)ExXhJh;VSRN$8MO4G@Fn;Des>bv^?St zmUF<#UmbapAPA{k$;wkM!0S#p1511>G_y*BSI~;$9xS1jHN9MzD_5+S_8TT6-44bt zc2{bzjl&AK#jMB^T0C(_JIj%tx~28E`%9s_Njafq*Zqq5o@NJoJK5Hcx6=16ID2PY?~YzOitN-!`fs zVP_mS;2WEDz$F{~b&L(6mY5UY`kL?tLx$jxn`}AK$LjpZ4 z;7@NB5IBWhlvipUce92MY-^O7GaW%$Lwgqll@4r%q!gyfXh32J0yXb7_x-*1@(QwB z1bOn?z95oC9<7|BmoDvT<*=L8x<9#Gy*OrJpG4e12)=}I^nt=3dLMIo!^#-$5mkXBAgIqq`t4F2dc_G!6Gfg}{l4f^Ov%Tjw=bqTu zaJqtT8O-e$gk<5+l}H=Ey|GZ~nHP*)6T+fbwnzucyo?}Jnmg!Zt8-y4l6xD89G3_0 zNeEBB0@{av4|-=;DFs;*<5^Q!Ae{|s;W<;XwzBwxscneXocNPHEVJW3oX$vy29)6a zvldO~#SK78eaNN$W)CLmgE&F1Z0!}6)ilbKtxldWs@&ERnPI8^3>m}NHNOg;pQ6+% zA-1&sD5cb^$>zZHHI|@DqbQEL<7$S}BL$geL%A)wBQyt)ZhMtzHJF9%KOmC~t{^S| zpHz_fn{)J!1gKo=7vrNu_M^~ltD4ab4~&wqE#n+(=`Nw$I=oa9CB}TpDn&ZLi#b6{ zY)C_auKdci&|#9)(nhnRw4!YYy3RK68@)G69jJ3jv&eU0PIuSGiXcMXeX5(!nV*QKADuIzsR__OB0vs&8_=T8PUhPTf`{<9FvG zc^E?1{ia_TXLuZ-udh+u3%@Oct(QH@Vm|^94r$3io{S~Vlk$U2mBN~y<^v28tPHl+ zUrHTDukT1_ha`59$v#Ip;)l_yp;Sf*ApPuzBMb>Kv4kRYl;wsr=% z1j;QcW1+g_BZ7CVTNWtG$Y+Nw5(i;lYs_c8sQ#EIsB==|hsZANoAlk|ax^DmK=bjS z0;y(t8=VmjAG7L^u?KV2d|Z=-ap3%n1}9(Sgb1vpj?4p&cOmmt%qd5`BFN~ct>dLR z7EP5VxI$-qJ%t>03w$^i*>+&xm(5jk6}Mci%-V8*mzkw&l>u-Hu>8963)BbAhd;W* zR~i1s*}167#jM@L{3x{sh|&5lrNiez8un;$K5R{np&}_-xyNy}hV{faL<;fCY-g#z zNH+ye9btG6h+SircoBLrFeE2L?wC((cc~V;YiA|v-9JW%)8am#vA39Ff3^iKGYV{( zizv|`AI?L(dxh%{gKUnWp5sbuLJt#sZ>P2v+Yf6}ulB#3hZfYjycS1M!~tgqQpIe2 zf2If^(f|-FDlR&`BX*`GVrV@i|$CQP~XhK#E)46piRbw z)HxNK#?ZOm?8wauacD9dIc;_|y z*TzOh_iYwInK)VZ_}CI@H11^qR!?aLl49rmYINI=$2O>a@zsHBdcxJZ11yoQM{>EQ zb<Q z#=zDAjPn&Vi`&(FTlXXMZ0%i)v6gV670fDUlJz(dI_~UsyQnJLL-^jPG75ixcTKIhC7}_!QU~JV`$%xek=S|-$JO?E zWWbU$A(PcF9zmpt)jc)hIfMOB0lm+0GBc@)^0&K_?~`kvryC@sOS=6Amz#XY)nvPX z#DgCXh_s&E`fRTSO!Y04snS6;6Iw3$@}2CW7>~c*yCgJGztj568lg+v593WgQ-tOdu##Bl%w6mzeVimblI*(z@&Ipgi$ybh#qepf_2VlpD7p!qSCHgt9x0UxpN< zJu#~X4CRIq@|R9+|G~yocH4U{zrRy2tI3aaAT^sEym3bk?^IW)6mm?Lo=;6PLr7o$ zbu5N8eUI7K*3rsJYeSt8%=~58S>|>y6OiIH({wajo)+uFL z2Czu(C}SnR$Hkv9b^kS_goZ{$NBGVde%v4|3m9xeI(G&tQ@>9X+TW{;+L~BxMXkl^ zEag!tjssh80%-W*k(}C;&9p6{;Q++F5{$z@7!D)cvesFO6%~> zPi`qdO2UT(uS%3VK-4gSVWHpkhv8ji`KgVTYDzX}jaIVB(67fpf2Nry(-ir`lXETA zFz9`dodY(OZWJfp+d?Zoo3Jm&1C{STAZb$ARCs0R`t%h@^Fs=?MHD1yV9Ly!53PW^ z4#&J+P{{PbyEVb@-IZSuoIVZ3^AM~=g@?017qfpeeK zaWG-23L(w1>|(Z_^mBE(z}qx!^7wEb)cyI}iw_L&-H1XRMF=c)$s~cHvX8*WV`<{Y z4SL#Mla~`}^|dZbfW^ZWH0d0=`4}~B4HQnXvC|^esaHk& zc{w{c+ZS&o_Q<#%rIL2$3l1PR^1T-PaRui$-um^m$6~q}=)pO5Nl~MPlO8{+J$kOi zfVualQzD9|y(IYn<7FGwcRM)o!}wQw^nY-mz{obXX__k4Pj1;yZO%5IBP*kc5DCJqL4iw}W!hG(Cq{$3nZ zH<<8^RzI8(Xvb&*mNs$ha0KL3gY2e5JGsJs?VNhmiaoP!!kX+=xPcFB>_VkWh#m~x z>W{&H@STw|If(%5jA4JA1D#(3g+Q%X`BMj@0|#+8BwXmqhDjqxFs1GIH3p&$=xPFC zh{l70Gd!43(g?v%Jx?c(Z?|vljFf~{k zWpHE@8w7pZb(yWJm)GIrfqG}eUdHmqzyS#sGN$x*MxReKV8f>IWV@G2=ZVA5)6TWj ze_hb8R@>(ix*{gdNy=k`cat1U=y?{&GiPXFYQ`tVm2O#N8LO}@MCkZ#j5Vpb5|vpG zsE?vlhvInfP*zT%oW2vuRY|VW)i+qZ;ij5_*M`TD1!OT7#$~@xDUZ&LFB4mf!QITM z4mpY}@!9u=i#4hMQd2&m{78|rjdUc%*jYjE9j2jDrAmaqy3wW{S`Sr=HCPFG?GOV8 z*|80_euRBHn^iVK_f1l?0LkHYS6KLr!+I?mJ0QBZie_Dik>2ihaz~&HRGrtPJzE&3 z*B3C#%bLZ!1z5>S;GS8O!fBU56MCoQyT~ou5RtEMf2?{Ii?DdsbE%IXtY5J2-redc zhhO9}bB%}JCp!i-+ zWtfn}H_XT0@zGrr%ZvCS($Z$n`UK@ag)+Etf(yYUnj!ro6TC$RFjj_jjdOtR_*}Y2v%A$`b8Gt(D4=v7Ey#`+z)D7zSmNR(f5(u{irBDt-}D zlP~A@0egE~B{%kGbkZ&T*)ls9@XCR^pLb5e$?x?$-*4fopYFNr5Q`0$1e&--FfX#$ zb#p$95%x+QvwD1f;lQUc6Y7N5=$zdnPoM=;_Y_I9+2*|)&9X~+ZR4XwQJEP{yQ=g= zh!DD}y8mhT1rY3mbo?F6mQzKa7@+Ub;PB9n)vU~7y3edff$|!QfFiK3ww;qumm|yb zNdJdzhNR&w(hxphpX91}H_h>9^uX7(Dq70c5@g&9W!MZKDt(VH6~xD>b=)8QIX#3@ zDo1WGR@*;1cy>!V@9LbAbrqiT>y+c$fMM?ZGg49^=K~P_vg1+^ggt)vRos5gq|E;E z`_`)<1$B7>-e)2cJXfp|v)2ez%6U|Ip*SWEb9q3(hUXFFXb7O&Fh4$;*57GWQ8$S+ ze77%#sU2uFpG3dY?({4J8=gZH!Lc)pAvvI93YbCmHID5Qph5y zl)xCOgk`=Sp?mtPk)W&s(}Ov5dsO(R(b=%jP0gZor{Z*9e2(o?SE}A3JTMSInUu&% zC8%jtC?Bj>SDms%xwmFPYp@TfA)IfnoTqI=l_ShHMSB(>@t!?WuB6^lSvc9aW{(-~ z=_p&b=QV*`f>{&;s5WZROK-wr3mcbK%TM-Q9lU=RE|YLtQV*RWY>4G-F=OiAMsz|(f2ocZnX%aU!uI^OSzcxn39YUl&IBn zo&7!rmswmdMeYi;gcOXgvm(0l7I8J+>7&L#16RA5j%cD1VkANB#P0=*1W)kMfDA$jfQW6z)|8n*HzYr_kWA z-3}VMxr<43RUTE(d0IOtcqvfEa~P1>c-}puKgO^6O-nY!|C1oHS85`Y(!^8a;iHJA z_^s-o{6my$gk5-CxutmI_l=RIE`@Pv26EF~wSk_y4<*pmHmwGw1x=b~%P?qrzpOg#|Ju3!DPjlSjdRSgK z9y{3k>;|L_UD)5R<)2=LE73Vu7A(4d)<5c_<;?T^JG(xM^9|mM@|`X|KKMBV zNH-V@M8(L^DM2eYxxb|C5e830Y%^BAG4e3=!uk9$L41&PoS2~gYp*D`r7E|aNzdUs z3%dc1h`dT0-XvEHD!tVd z%qXs^X$#Tot%ZJ>f;x7pNIf7`PZh37;h3sjbsmvmpmr_2g+` zRgIOS%`UzxNJjT6D2Q{O9@?jGLzFPkvc{fL6yzpAdQGL=;_8IfJtZE;qNgFiiQH$o zAHXN`Qpj0MY$p%+zH5_7Lbq22$Q~clCqWv&BkKnSD656Qo4wuvpC9Lj4MGs}LKn0U z#+3l7SPo@X-vW+Tik0h;kPO^v>uF*#sIvFL8g{9q{{?ZPsq;<(a_gJVio9UZM0mL zk~sn0{9RBTcafNJZbH?m0_n(vIE4Kx<@4+%zE7oGaJmN zl0YWA(!?)Gq2(lV%C!`n<7Jvuw&xwHwF6Pb`c+=|^!x6{E*beDm1fPcrsd|so>u~9 zC{)lY+a2MWtNpR&U(TZii|ieMfCtCBXib*VtGraH?#2h(ef@qrKl8C3k}`Mq81fbG zngE}!uqf`_u3%upyAACIBl4i&=v9$XcA+!%b#EKPfXcA)y_FbQVYPZO=aqg1ge8;$ z7!j}SZ;aoCh)fv~i$j>MT_5Af%qzwO$RpQ;Ea#Wy^ljmR5p_H9x*}UpUv`DSFG!UW zF)X_nsNhio1ARY>6p0UfO6M?movd1krc<)&XJ2LS`~3WHA=Ea-4wOdGiiQW}8Xgws zub1tj9o2znGvavnCBF~Dsh7g2iI8RO0?3a&LSOZO|3+Qo{)+T4T)4PxXh$e6^j)(- zX;RS3@0r#hgA9Tc?{not2RoVNf;y4xlLu%ANB9GBtx1mhKIR7d%FqEGP+Hf{JvQ{i zT98jt`??z=|8vK6k0_g#(+H3);v$)r&Y?A9&u&wlke)FpokDAO5Pm}pu4L7UEfh5e zy-quRj#nn`+}aHsBIV^6?vp=^D>d7LxYHd1YX(D725YnzBLGpj@R0stC3od@fZ3#cU9j@;<+kXzDn!YMf^)2Nmv#%i=GPPip=(@JBM6(4h-3_C3)f*FV${d6}IZyL)!~#arq?%_>ic;o?0`Z>fuMvp7$%{IrnAtqP zQ<4@nv-*P-F;H8JOX0HA8Y>6p-J zgko*#xMOz5h#>WzOO8NDzgIzWDR_P9k+@8cr>WiTW!1+)Mz7 zRs%ScUV7Q*+udR5bmfVD4E6pA5r$AcuRl`jyX&Un7`$t&bqs8mNQx}I=ertjnwaHE zF=@=oezD)hFD#FdYU9!8tkN{PJ9Wt_`An`>bDesba$M-j5y!?-shvFj4tQOzzvPBR zBnovtC;KLtkbpes!T0=*#WDAE;>$z8-#8|INq=fphVrMO6GFfCq z_Bt-$jrLK$pAzO(M$haewMsV^IU~=UUa4LzEBofqn^=LYal+;g)&nhBXP=Q;=q@!s ziybbgMD@In$7;+xb4xBXYyFO@{>u{dt4{jG;nJgx!>N^AWA9S&A+h-Wo5_1792 z*SC8~_qTQpwInppK7V}(rYtj3NrjxAD&!aBN#d-W;YIpg50PCcY;?Zk zHkX^b%e$dkLb@fYx&yF+IhcnKxawv>T%I`kh#y69e8BToDI!m%2IL8^he;Riwa*`( zlKtJkBpA9wZJQ4}E4X$?qyd{2TB*3EWRL=Yo8{`%Hw!ceNie4+2%*%>Dub02H&6Ku zvIpm&Z>X=2qJlpR@#E^)_55|Vyn=_@=fZX2(*7j)a_Z7)Z8rjlv4hys^lUY0_3{kL!jz6x%5}xRnWwY} zKVsGtiXn>>9W+W9Ay^so(sG_{$^sc_YKD)LA>LYHA-0ugxoX&tA++!?J7QX{NQ5Z~n=~|D*S|r@+M??nn-KZb6;kKp#?((N5 za(dRfoARC?!ZK(`^&8;kF)}z9{js~U<*p*)!gc>iJf=25Vo=XZSUqd&SCWPO4mh&R z1Zt2QWVIh7GqVs9tFQ!NLtQqcNCryIl|r5CXZ&~S$1;||N4+@m*Iabs>A5QwY>SkU z0q!kr7cSdxYSm83Ox6y%zwG1!@6->sWh*9CFp%{^_eA-6C5@bmwM>aAEq7dNS@x}B zTqri)-9^R_5p*kn!oAnmH>>6DKG?2T>b538Pw& z7=t7eLZe)|V{hH~{_5AwiFrdhO^3C?{dJ2bk-dlL(xdq!jwKbs1bJ#jo|cU9BFSFK zG0B5#aawMP=F0Amc1q!7^8maN@`CV|?Xou6Rgj)5Vt63(0@`*N@>Xg&C;Jks(q^uS z&jAJiY@F={z?ngPt{n4|B6(MePCaGqO*u?fI)_t6>5F+0cR&*l&p~Ye-Tw0Q6dIQr@r0`fBA#E*UGWzokFrw!KorHCN0kDYL#Skg~6q zP-hH|mEtn2*mvG04Y^h7&E%N?=tE24nFeOW^c5a9fnP7`AbviQ3EXCuDe1HGFv|9b zt_UcqKj&6&ib#qeH+VYOs`__?vG|=VXF=416i+qCwHeJyT9>;8u4pPn1F5bG@VSU= zRA}y0`o8%NfAIZu9P?iKf}AisWI&@SxqUSfUf}GNTw<}}H_|RUtnkq$T;G=c{z#nt z5<8%nRuXL#tlr?|IBx6bR^F&7=$=rHz9V%mYrwK{XQ|qNA_JJdp+%DQ{WSEnV`*oA zj;N9e>sb3^k93+^T*`)=lu+x^@8m7^TKv;)P3v)#E%N*9pvG=z z9r+gO7aDWM4ZvP5R~&KmEjH+n5k3yX-Q@A39jw!tbNU3B&S1R^Hc-vi{i`j1gxW-&Hr8`zDNudfMv%v%et**#~vpO-jw`jKbK9}rO zuiaGJ6hP2}9Q$j*d{w)>{OxktkcYpShAW3Ido^o!`qntkBoa5|33O#lSAwo`1Nr5EBBfL3ZEY$FzNsC zVLK)zPKnmH*_D7J4#&=DbAPRi^20~@-QQ}}Ceu-yNS}TA-X?hU!uEG?XnFj+93a#4%ZVnW=pn(=nuNF?!Np?6X@if0j*n3jnX-Emr3W)Y0xP-lJo50 z9P2)w`+Rtx5ATQPi@$MZ_|J~D_gZ_c>$-MWA(_Oo%lDw0c}(liNn=S z=Yc*NaAD<>u_KZy#&2j2YJ2z1?qeKGEOnRYE=RN?-PG9oc7m zx6v*9*wE?j^W-a2G9bd*jMa$T<_|g3xk9)lFeF)iwNqydyG0?hJ4h;Fr@rZVH`OLK zpUko&iF?;|tGfCb1|wY}fG-d%`PwIej#QGv^!bn^OVT0Cyj7m*yjx27`#>WO`i9%jL@Wmey9&?V>cc`8P?9 zU|CE$Q>mPz7qY$7mqVAZ*P2NuqY#XQy(|^Hp;7y*)%><~ znwPR)QR3jCNPg1UCR+IAa|1WmQjw3(ABRC7BZwzGprcq#&Y6%R|K4K+OL7V}@oPV)@Iu?US1I^>w4{VgIH)94h{)NxLN=wxvG`^Q zJrJ{DPF5e7w``V8ndj@HoIhkcH&G(Z$DJRg+zjpr`p`vw*yT)!`xQpZ<_{EBL+uph z3l~#9j3)H<#@kV>-(d1ym6rEISce^vh6yn_g8b!0dqgg(gEp1(J>WmOgRv5H^d^HQSo2uzJzTNmtQ_!mzQqvejzFBm$i+FMFE%IPQBvNi}a@M-}m#o!OZgi}C?nS7OL)^Jx(94}}m&bl;Yrv8li0ZHh zo-9b+($SMHI<+39>h7Bh18yzlc1yY$UVYixZY|oy=_C7R3{c(7w)gerGb$613zeRxDVKkc7p3SJEDR=B z?rseGyq`@2rMext)BBr7&KwO8iPDsR=9X}FH(2W6es;OHAFYQTGo@`o zJLe+-0{8D3)q2>y<{LQ9TpCdY5e1vIlT>87UDh*4kDV+Bz ztil#}sC7mkl?YJ8&6bEpA{Fp1+lsNuzmDGj!fOS$vB4_TyU97tbVLG>V5KQVOUg)s z!-vxj_Kn0tY=Fc<7w?nkwLKL*G$gD0=uf~-+>T%yWM(O#(&+i?gd7<>8jAMm#CI8!px$vxSIHAi1W=$4pZcjptd z5(8AUJwr~^AXDjhwvlLBruUqUD|vf(g9x2dcr!MpMket->XA9917JBW+z6ziAP%GI zf)P@OcRl9-m3`60 zuNO>PBG{ydW;$ZNU~^aM#kXm(aIq)1BO6}^9gOtpmFN;k(H|`duhVX4$jUMTO$>t6 z03c=>DEK3-V4DK%AOb}Z+1jL&^f+aR-lB1`fpMr=0U5ibd;0ZVe#Kqr#Lw2A*Pt_ax=+b4& zmdp5WZ>tA==(FPe13^H9{VPDs?r_=nq&`(Y=Dj^dm*KSoD^sur_!R{~tKQ5|^}6g9 z4MW3ajm;0w84}j|@(o7VCWcFG64q=73tqDs<>{8jul42W4X_z$n(0VrR7mqiwv*#L5)cDJ627m`FgAR)jeHD1KL0w98B1TIIc;9Km@I!8w>?6 z8tmH3MxX1+biDv9KDhL3a?k;vvdRw(X!=@gX=ZLYeHA%7IH>r zJn80`e&DHLlw`U3g;#gBBy^lhdaG9eZ<8wn$M=I3GyuqcWLVeM|T$^`UY5831wDV0kD{NS=+&;hdl*GO?{F4n%9_*^0sxADi(7St3g8!S zK1ntpg{oLW0z)`TB$Rx9s*z>u!tBG8V|d@&e>m+&qV3|8iSwqi^2zl=PfXV)qo*>G zyw{f5CfIpuzJ&p6Tz{F8dTY(<%c1IDsD!wI~dqy-HAOw83DzkgJ^FQ8aekjNp&nI0@KWr zct6`GBf-_NrTlG>nDA7bSflOyW|hl=Xe5rLpW&4=kn7qqP~l*b;gyzVhv|srci>n7 zpct2Ix9TNbKor2%V&d0qi`xa2wq5N8I@pZ-h&SI(i%o`{RV|lt8@wDNu%PZk^U-rf zIg+RD#nMdDl(4V)OqrNiDas>s;i4VwF`q_xY@8U2)=BLC2gO+7DZNU^H1#^`&;4~b zp3?&-YP|`#O9oZWE-gavokoC2xd}fgG<^yv3$0X3l>>%KQ~T>lC_rqO7`L5Ec3-b^ zV@J6cPb+QD_d8W9K~hZs&&a*dr$xA(k9~?>3#j?xA4bmPgtYX{XO6g`E`KznUFe;JnPT)}QOno2)RB`pk6P(CrO~NuGFz z{=<{un1N3&8Y@2vep#)ZZ;#|Lp~{tF59FC_FR#b=Xi=Jd|FU7Ybl$Ou@c-@~@Y z3CJl)t~zd;nPh33Qw(MI391daFE35Tsv4Flo#gs9c0`;zL_tYhbFz;vjFK?D=ThZ( zp}>z#>(?Q!jR#ki{*tqkXUSEteGuQVX*$Zy<7g6G1c5uG?Q!K^&K zN5{71&3ggD;-T($DJ)DtE>-ELrqCY;6olV3q>z5j{K$go6{qonbiBNP;|N#uTM|e{ z+qT5=0kg>oH?yD84Zo5SVMsE7#ZPbWxa9^;B}qgFw~H=zNtmB*OOi;SlWzE|E9%M} zTB4c=($XygcsZhYmc#XC(62%D&%>WPxbirJ3v-+o`{Q5}oiA`2DMKb6>@1*&dTgqI zu|I+qd>eR=v@09--n}~OD7|ro#}@%kQ*zH^1*iw_9GR>wuU{{>8Cdr^ozN|Smm;7| zfOKoxmKfQN0gU-m_S`1)r&onDuV!|rfBf`kW;5o*Z|<{)RwQ$ zdM>KI&wII}LDnm)DXnRslsD{>T9SJ4llk6;5A`GhZlw5N*ZE$>=U^E!+MJVrV2eSG z2!lj-EHm;WqNBy8IJjLsU)1crCJ~F&uB{qz+H#q%7%Sf1cPmf31K4RmCr@K?tKh-Y zFSVtDwt~TrpY`Jn%uRyra=JJ8^WE~HhA3`>c@4wxON#MpLorp(b0@wzOtU1(q6{0G zDa96N>&q7Mt3@JlhX$^puoLC`3m&5@#hsE$OF5dYwsUFoec52cb4VFEV^PZ38En=X zCDNx??P{ChwZF6J1_V48Jw~gmD$eo%_u=-1`y6+-JJxYr81CBA05 z0@U6YL7sZyV}IUr3+eHB-fyTcsX8O|t#6gF>QT84p6tv9Vi!tAV>fkWSCDT_znyM; zIBb84{jia)3ip_g4 z5$e1u9Ga%`P?RsCbfGsA@MT-l731Rfvj^@$S>oZ(v5^Z|u|kAK6tcf=0zWr~kh4fY zk!m{Uf95=Z)FZ{$n%)A%gtxaq1Ql`)scqyg8!N(X?1W{@09OoaFGmMsu|6Z@`xc7`f z{g#pUc3Ob0bSchXtU+)X%)zRlHwH|2Rgnt?JUdq{u`42WMf_&19N<~Zy>^vM!VcB> z#PM5&^&Jc?NB2E&AFil5OP0BtTT!89s1%*0j@cm*i6xBk2Wemtu|COP?nLRDR2P`+NZc_c9N z$_Hkg%Bp~Do;LuqK1pYhtHl1lKcndw(w7o4&)o~vOZjYGPe3G1|)Qlmpf$4vvG0Bc~q%T@b_n`qT?QyM9~beM*&j)-K7iTzpFm}&xwISx$%7w zS1R~rwX1`a&^nEsI=Z^-W`>tlusl2*>wXUb&42j3aOP{t{hp;9I$C#RJ-yl_5q87p z4}`BDCXEYC=4hbjX*2SPS2uFB;zvRme@rQE!~VxuBX0p(x`s@z-w$j1?O{Kccg%4h zetg=(`iDN_Kc9trKGXzo?fGsf%KZGxKfW@(fm0@r&m#I$qkg`J48)0%pAw+`!-nze zb3;yp(Ts6OKlz6){(Krpzg_|=*CxFh|FK8H%)xA%e~8ijb0>d{WYY_vuo9@M{zHK6 z{|z2+YX9E`&tXVn>N^(TA4d8Atni2J{anibzqi8PrrU~tTyi1d5UEb=IhGN{l<&D8 zBu?_24~-7?Z;5|d?y0)Q0IR7-V^wcnH-K%|c6YDD)XKWM$3%Ee zL`1t|JyDVF*ywqT*_4{DuI_d*#wV-JaK663))S-QhFtr(sCzgYoRh7H(;wir4dmX5 z!4(9-dd{^C;$QcSpI={7LxdvSEA{4RaLxiIN<>PSu3mn*Meu^WNEEq=54ts*?qht; z4jgu5O&PJCJ&&;}2}PJsCY7nxqfX&hZ2K^7Tin0{LYuXr-sXhHa&k|xwfptn%0C@x zlLY>af4fBCx7Bc+7E0QL@B7<(zn)AFKY%6Tw$EZldAFaP_~R>MMOe^}K11I^a*1Bt zxu4DP0KcQsSBel%)(>w+lU{}G#E%g+Yk6FRCTZ#5uAhV1AQ;1I&dV*8}7^M?~ljszK)192?L7BhHC$Z;g2 zZh5n;#9XfF`vBTG&cveMo`#G+VLYj&w3MHFZ!x>Lv!lhe`)`$+wezGejtNbP(ERrO zUz_k(Z)DS8n;Iu?==@@`|Ck!w{HSa~M5Guk`>1;$fACw#TjaO)93PGDuBvTsl~br? zn7`*+UXX7wE6=lOW+o8~$M+O!F?GuPAvoA151gP*rJm)XdHxT}fC(d?85(g;>=&vg zij+o{*chIPkTH^4n0mCfw8AhMb)g(W^}Q#omiXxeT(e`!Gym);a`eQ5b)THH&a)Kd zqL%_7Ikc61Y`Qn2W{2#kuTLLBk0aZ#M3g%u^8DS zCpoE>IKGE|YCOQNZ>C2)0ll7#N08y2AZ@EOxas%H@3G1v%R5F@PwH1c6Lo21V1w=)A=OvHY3w(@y{(12Lse6PJsuf?bx+-G{TcOI z1xM_nBhUjza5kI%+^tqia0h@}iiI|I_x-bzEuB*BnELXCr$Rnz&rM7Si(tmnfx&48 zyOcd8R>i5h)GL+L_6Mo-jUPxgkg!}Q1*ruslrFR9VyT&Q<&s&F4vLhxw`Wiyqs8rt6IpAR&YIby34i+zB>QpWi^h=!>TI}W z!3c51>!RGda{jW|*0DU06^j*kw$JeL(i~<-w@A*u;3SA`_bG+Duscpeyi(sX+XjN4TKL^Ou zQQ^;-z1SMV9Az0LV-r&6m7Dh2Y7Teol$dg(?r)A;Pn2F8&OybRc;x$ZudgI|B~?}~ z3~nUv#QN;qg6G?AV`l8cZZl$p37+2^xnG{Q>Ef+>wVg$ydfDU|9S@~vEu@r|6`m8+ zXiI(XXl3P%Vb^3Ede^TSe+_Li713?7+fTkZ<4VQv0uU5<^Ah+Cw=3BLFK7|AMDkcb zoXgILI?KvOiJu_cGn>LXo*6(S=6kVf*VWi>CS#p!Tk|t)!Z}8Q@@od>u zD0HnnR3y^h6IU-f!EFIYm%#0UBeHG|OcgP=4r3rFIV6`b5W;JK+gb}bKPK&jYa|zXm7dbOLuQFks%Py3%Ee=8Ufbk#eO^0N z{aH(1R%-)WOXqp{Lf|91d4xG<3x^1`d48~8$|81ba z!9--0iAxcxBIWm5J~b&pcHyQ;-3AiINqT)}=t+q;XIto%cV!K;N3vV}bGDkVVD>ou z#z!x*DC#iJwBNq4i{?$+J;IPWrf%aTflu+oD!CDk9yrfMFI$}Ewqi3G9m#RQ_Kmg? zfy#sr79N!RlEQ0<)?Igqxc;ikWWEW3&N4KXSd1XA&1pbnJ-4{+fp4VB(r{(Ph48~H`PX%&^gYkqgpL!{8@eI56-pL z@AL@un`CQT!LOC@bXADV*7WO;M$^xeU!uUXW&_38l>GdAj`d)@U2QbMBfZX=EbX%2 zW{HrHQaH4PnVH*GN07c$O{h+-)THOK3v};Bt@u_66ZOlkovp8l;=#-0TlAD?j#(RW z9dfy>p15nC5wFU#Tc39#?V+xFbhL=|{q6)ceigl{Y$deau*M7BMydO=K86LZrCiub zOXJHLWC9svh2|lw3ggS(4E*BPd!n z^ou?iWFSPF-nQhSg&gwg8v>4mH>fu)(6OmGNv$}-j?mRY)hrc zV&#uP1gCpyZUnT=>sB`qzk1C)7T$Ss%mM{{rsz30E~dOYAOYFOEI%_nBbb-r$^E*+ z4R!sfwvt?)m{e6?(Z5wj+Qiqk1Q_D57@g@1hJY&0f9y&3nt(bcMO1LCL2|s%? zf9$&RHs0vVih$rwPAXbi>e|l6oJk_nK#7&~i|$KcNn|33v350AJPE#n?6iWT<0zJz zE~V$_5#%d2D%P|N;u+^o$^9_(-~~nW|L7`Ef}{~a!Ud^w>`c{i@fy6Lg2sI zi~m%yN_|UL)&Q9O9q2Qy(pA<@niJ7ovx$t$zlU~R(l4>a zSc}5*zx2T}4E90gmA}jDYN-v{dRVd#ssR-kJvCBdXCgl4xi{qgFix-F*|ZdkV#>Ud ze>VQj9;AnNtNP(S0^C@@^V58nY&K@Q9|=F)ThP@$RQ?BITCewPBBDUPha1G|gD9hk zGbYSb4>r<9TplPFj~ey{mS~8iTW^jgcDRFEgzy!Q4Hr0kIg>;3>S;QNjA{cTUT;Ivc!{M-NN=*p#PJ-h zys**nfX|-KL@tEr;VWuqa>M|Ke-rO=`IGn`*A);R&ot!L@vbO+%K6O&#b2>PH@Dfc z;)o&Yo5UPfG@B1w>e-Ea{)&Tu?fV%5rb;I}3;nn@)tc5wtKCAU5Zw$9U!kKQ4`Of& zuAGh&vJXqtHeh2`hzJoH_flW3TIY6OuC#!!_;)7gPndiNj9QlPc(G1m=u^8mSecSp zZ}dV6a)sq16J9S(vd0CgQ%=zV_~%qo3Hcc_mp2DWh9&}fYhr%nrKz~^DF{2}wQdSN zzjsN2L?DV%u~jbS#QUl61qQj|Z04y~It#A^Xm)<22k&Y@U-}_{zvYmKhZ;Vo7ifb6 z@hP*Z&Y|6fn*A+t5$D+u@r|!ER^6}C^zVOq#Ow9#34$(LztXWo(!?)SF|O>2=eg6T zzz9QC@VdY?2Alyaq|<@Foob$p4wc1v@h6|7`7uhNhogj(g)Gyv4_)uHnIgnf4x#1H z`o{e&d%{~FSm3hdv-HKHDNYOY7oZy0e1xY4>f_c?`)LPxNk|f;Bkx{=YT$JRg}{vO z>2uupgNWf@M>#4u@*xFed8}HSyDGDGal!|d2;UOXDVkhAgI^D-f2Wr~S#Y;k$aXa1 z3;FDPJ^0DnKJfY%;3>K3{g6l42XIgopvAgxymf3ETHUVWN z?sI+Fn&CH@64)&g9jcC=>N4`!s?oKp+m3qmHPJYT^xY#EsP#w?;Vqe-2U>-sM}NsM zd_RqTKde9@WThwWw-39Bq>IdVh{@QOje75XJk!Wi_w8t8cPJnX8c%Cb#X5neCR@p?E#{%L(**M_xhif32Je zc*7ra;jg3yDa{?^c}7An+vNqBZ#{f2|4arX&yqzr*fOebn0E#qkw;)OrJH*WYlARD z!T@I~z~YbparFKr)j;I~k)vRc-;Uw?V*fGl)b|m6qLTdJ;bvCQuO0iof_{DP3O6`a zf8e2d`wLk2_d)!tOHehCcnA$pJw!bJ=?j0ohdf1RtlV&_9(MHD_m=!UB;dcS_mG=5 z+H_k~vp=5#y$YUt+*kDvH4Ij3$R>jzx3#)?-S?KmMvsJ0@-Oq8qyG8SKfZ!y;7P;A zkAMHWUwiz^dlz5e&B3S_eR&zdbR=gU;oRRVex=l~_j5u60G3>o1r8zr!LE)IP(8HJ6AB0C`KP)4ZWt$S zfjRIsP)Yx=#17UUYtwUt|zmEvgl=QC=V$FttG-P;gZtg2l z`1CK>a@Z(ou2Hq9-G>&~ccVk@P%tzSLZlmBR2)4DIqVkl6-R-~f|fgwg`EQEwlF`E zWAbV8k*T&LWj&Qn7IO0P>{XZB&iojH1{Nv~qf`gE@6&^Pa01F`DQ>{^;n4R``9V0+ z9u>b*(Wb4k$JCYb5;xL&UfTg$qh>&6yr;-a!F{cn#jGPIsyz$LQ9Nli^nA7n-vFo#toGNhgVdyo5jtYD#Z#>~c{K1c8lEj)w?Lea6nhQTg4 z8mYG{XGJo#PZvFJcT}&=UsDgyFS@@IqF<)^HNy&_OyCVv?~;HdL;JuTdHDb!?%US` z0FyDiW&va;Zm3Z%53>6#kI#rPXPN3`sV~UxhL%LeRSjdy;B#szc3fF{>Z|dp6Gc%Y5VdwR#TNqGUdG%HgVh;((N=P>ukxL1PoETdM_=7q{AO&#BYO zAMeaYcWCQ7$OPdfS5NC$Brt<4W(e?`@^2qgNVJ;`^tTtWXr^lUJ+8wWHPXXI@Xy@i z!52|Zm~=|ZE}fsURQ2K3N34p99x;MnDQ|IN*ALF#)0yyz4 zASRf^2_>7i$I=c9&;IZihl}M2E%Ko(i3i5Ot%Z%HoZslgPP8$qv4x0KkTT&}P;J2n z``us{mJhfP_gzuLO|*UJiTCnNV?5rrk1IXj-t6H|d+2<2JKj{@mA?BV{6nix24$%3 zl!DyT2y(|E3QVh!Rg8Z|BwJD^{C0=Vw@@pO52LV`c=hvek8$>E2kwv6 zGs?uVR+lYZoZ&ND~yeG2Db(F)VQyQL>GWtEQ;>FC-00F;gT>2Q%IX6 z{l=)C=g~%tC!rh|KnkUbhJYQ^556onIPfNqhBNc2a+0KhR-Uezuek@)qIs~*K1_zd zzAD!9L*Qv50gd6`FG-?mN`t-0CA{alx5~Sa730`hv09l*>J>};X}a#<@eD2LcHeeW z=mj9w%@o!TiXPhGC5QV80HI#`I6YdVz~#O^!xWDgx2&9=!?u(ZeldfUi>$p#aBB&A zoG=+$sIB0z-PgP4GOpoXx~39?8Ja1&-+%qIq*>rvhR$jBCYI*hK;=<$R z&(Zl&c}BJ82}qttZ$&Rgqv{{XXP;SK@~5+CjYPp&v#@Tlvcve5_e}^Y3p(7-kKJt9 zJvMQXHYm#w!Pf~#?`|!Hr>3SBP+Tw4)_OW=D)PeP^1GJ$Yio@wK20wJ7hyIX8ZSvq zzf^JEbz5am)M$zBL8pJ?jEUeTIc6psLoSeNJ=OCnXKPEWvsfWa!~VXh=EPYG&Clce z9Yya_cA7=Z3~DQcB!=WjbXS`ODVM@F7q(>IXA7j=9SVEp;>u{(x)pvmw)={GWDjji z)4`Z$!p9=nW?tF^&4+CHm8QWQ)pe7niamqw@DS316Q?$WesbOD`0YV_Si+Nh;&>tZ z#29n~lHgj0V(>yR;YgXSr-p=qYG(OOCOE&gWT9iv%WM8^SQhtfY#IRxrR-c!nu*zL zAi<9v5w}N^vWHM{;Jdgkjg$)cyyMm_VLiuxO2dDX=8wWJ?Ba0 zCf?gz#qyB@RpaqkHz<%=#OR=aeA!R7rot{=#>kW%QBB{M)Nhco@Uus6y0Rt>KvUg>gR%A z8{c*ew-9Ms%zb!&%MKuG}$xNE~!4Hc6VJ!DmL2|a4XKCo~FOd zF{-bdal856y7c0EvR+%ma;<~Gs<$gOi+ITq>^z$Z&M!9^dZSVU35slQZnd=diEYWV zu~bCEb05>R%0?Ra2hXkEnsHx^$eykMIcr1jp-l$)_q=Id`&MJu{Db?lbybTfm)19_ zy?B|^%*S@r(oMt2Cj0DFCg|`=*p!NQ<)W72%By0VBldTDQXf0r+LfO`;lHz0oBDc2 z;gT7+LiHqloA`^+dp&8fWi7*9$rg9n0VR){aFhdLat<$3-EycX4TRqv>xv5`>~V9U zmq@>30fg+MfcWYo4V(mGyCkY?Hv6hU)&bblVxpaCU+r#>Ryw7DB|I%qiv^C!Yvurm zmh_}4&~@*dY^DdJd-&(pyVJlrPY;TwodVbUJQ2T-H6_Em4bM{wn7iY4H1wE(Ny~dZ zU-j>f@h|V1NqX@Xl}f4e)M&`-a{q^D=u5@oEKICCzluY~+r{Cu;*CZ3NL1{u7iK~C z)7(%oe930S13hrhA!)&T>?~#&RrZDZ!0MVy;&S1f3AS=KL)j(Rw)@Q^Rd<3OGT<7) z!Fu0!bg<3=C7Y`ckJ6Qhu3_h=EJ5^2t8Hu-#}bu`0V;rX(k z87%ISNGz&16RGjFR!yE=OFs0dg}~MHd*MuV``6~<9kP3!6IAQH31)^UhbpXsSNh0Z z5@1Gl#0E_>@vg&GIQ-^83zF6(L3Ufdb z7W8srS02c)EM-z;S&gy#@3N_u6{UVFoq}KWpM+V*rbgsVDp=_j>N1C3BY7{t%Vty= zAY%CHo{pRn`!eD2R>rdma%=|K4^4%w)NGsEWHEWJoJN(rS!%ULN3G9?uz*B_-Ec|s zC^-jFrY8g-bjyZX`^VX}a#@pn4l3RAF+2K9QtNGe(}oK(WzMr*ulHuJpM`KDglNR>4Y`0(U4lSH4-4`UV6( zUW|mCyB0(ro6ZK`8nT!Iy4aL)9=ghPQ~e_#D+tceNYTd*CXKR~v)WBWbcQeVC_8>X zF}=DJq9P4bOc*LOX-q~+Q21JfsGvQ)YxfwOcH6g$gj6moX@8n?;L`Q!h^K2evAyQ^ ze9OzA&_bKZT5N^q!Gv4x5)s{w+Tv^_D4T3g>v=UY2wFS$KBDYL5zmg!%$s2GOe@@; zcZ>z;CGbyWat+sc8j2nx2j&$b3sH>a4^@`h*8n&-7Y(Qi0pifawsp!-@hsFCaLy$j zJ01=r_|O=5q6&KALwNk8t)yyuTT*o$pbOOH?P}Yd-?bRsm@qX<~ROCFTMm;J9sxECJvDq6>SrVJB z+}Ou|x@?wdYXEKzN&JAag4tKY3vk!*q)YNnWin-gyHj6dM|lSHN3?ap^%WU{S-&IC zXv$z$iSTLFF@(J($p<;38{nP^Z)1qnGJhNaiJ?8j&F~p9JrEk2V=A#Zmcfg5Es@Z> zr_wV97=bsnUOX6EQT7Y0n)y`Pfx2Vc-AIo(%HL`1)D2DI+RtCG?-;l{;udW2`JJ4h zT;^e1_8j)?Bv%kQVHE+wL%iH2llb*7C*CAh^*1R@zEUERT!c430`voVlJcxvHJt1n5 zP`uB;55Dtg1;}kp1&J+R-c^`up`@UhPD|C`o*|qsA~2U@PDoBDzS^1oro>7d$TLsn zK5kW_jnyxU<*Cg`pE{~l!e!x}U@v1}_~F#f=;D4ByH?&3gZ5TMvHGLwbW5npNTz0K z&En9OzkQmi-SFo#pjLnBqZ0nS62<(|qHkVW&SHrdIN0#ojS8>d#@WjKEXmrye8XCg zOZ%DWn;^$~FfyK_&9glnXMY|2)O(}*rg`bhlN4)n!H)d2ndAIanKFL( z)6Y7g9E%68YVU8O>d=T}ipTD?=2ei+^p0Lc3fHHtRWx4ONeQ7aO)q*=alwWb8j7Pg zP7odytT$fr+)O@;b1TY_WuWY;r_BH^5t<-;wWih&=e_B%G5e{SB4I14X0zeG`<*$- zO8XDjE!-N|d8d)prYk~DrcH2rVUC`n)`_Z($a$&usOiRpi_}I3N_Ot1`J?bYw&~j= z3}+*b8PW4B%qWKQVI6$;)~lX6u9bcGsYU9kWwD+@l6=&hc(_?- z(2~D4$8=twfnG4-zP#`*{>fH7r+9FpK1&E$!at>egjM&TK>Wxao=(_TpWrNzBxyHZ zQwh?b?^Ch88ZTqXHCj(w#Gj)R%@P!#&D>3wI@#Ulqst#zf_1>8J@|+uF$K}3Be+tC zc#P+AZ`#6WS`I(B%xLQAX>>w;d4E%cKU0LBeZ4`ffY|t3+6>$V{49 zduT6fXnX#!lM#d>-JOfR2HoeqToSwNwD0Fg|G=4!f^fbP#G#loq`eJkK4N8xnCu%U zr>`iw%>6x5?rB%?!#V;@34(Z!|7%7T>!u{n?wP0j;r7Kv7h6}hmiR8Du7Ay7=CaAz zkjzVrQ41FoYO%{0KjP*}yX({NUO^+YyVLt(R>wk?r(i3AkP&+aeeqjnosR0eFZN2@ ztF5G5I$ho2JD0N(@7kDR_LunH?l%Rrz84ZULY%z?&N9_gMoa5L@2w0`%E>(MTuS5e z$$R_G#Zq#Yr#-wD&NntAoi(1EXzx=K>yjh);lLojH`c~%B#1!CEiFwy=7iFGm!f~L zt&q*p1c*XkSkY z3)goVJ)g#|(YhJ%MxO!^PQ`i`f;^}#CM-NbT4J&{mytACI$+567VQboXRcR^c3mFT zDYKuj>+zhIm*k4olu?%wvgvOdEtw5~8C(%I`EYby-_IRnOrpTCz7SsM40ZX29ucx{gXK?hX>;3xrf!e!6NzU4=~=xT}3_xRzp593x&+c1;3o z9?(QW{;%aO3;p86cwekO6kh39F?ur72&%f~XfN}L5xivE+LGQYD5gryJpJJ_ZSHmw zSvswinmPA^tjOCJOI|LA)vg$Kl)OSNXt|V5NhvRtE9F_&MJq()ak}iQdCzYzUt!8Z ztvAQeYb*?l47m^O2-0TSwi@tA?OA~{R1oPbxe%A&AYIdkv&AkZ-S(hVxXqi3RuXH^ z-Q&>Ajv$-1>ZbLnA}>&g=B|_EkIYz}!px=w$3`U1#5)B=u!ioVPzSQ6AShGIQezeY zfm^%7n0A@Nmk&3etAbH?b;dS;s8%co0yTacQ0E7h{TUJ zZVD(8SwG7s-Ow$`PqdjaX*B5^NX`gqJv-p;K{1)tH##uUbcIJkDh&2&z+DBGy?(-s z1lOD0rdN6soR&<0AUoDX2nc}rgw7}lgQ+w5me9-B){oPvbsNV5K0r<@2o@~QF4Rf} zr*azAiQjWE=$qjNXw;Ln+tDB+^K2YKyFW4o2x>qTw^V{xp zv%RY)bPDgv1U-IC$uPb5@vh1^L+7<4Vs6V3Ir%kecJ~hy2bj)1U;{Si-Rv{!0!2JTM?5>051!E;sV9g{A4{FAN2Hsg`_8`9dN=8VD#1bS zpj5Ij?GK7EyfQ#P;mc`D?7_a{LS8vBMTfiH6OeETu?Nevy06Y$z0byCN0^U~ud(*v z8_WppS(}!T5f>+^q@chTJcil1jp^ZDd?np5R_!K+J^B1A#Z*PQ;uKJ7=jeLbo+!{N z7ra-&xx1Ew*v~br)#YBkAG)_2^pe-O0Z-XPq|)q2anJT?i}#KxH=eiCg?#s|PZALa z7^Qk|xS~H`zAH7sJ`NU|7>rQLbe1)3q_T+#JZHggIPcUP!wOPY6?ph{Z>nL8qRy-} z9doB~hd`)*gQC#b#Q}XM#dqvgJWPKNlp=-K({OjT*r`TZsn|S1Us^?lnzd-73-moe zC?Hi~Am4Fs)#ur)IQ!rF3b1jaQGA%Kq95`pJ?X7M3HsVQbvkQc z`OT5ZXd~|{E-ti5bz8H&S-cOvE=?Eq@7`Oz>!h#ER43_{@1EPp|0u(!(AJVkcf)YO zdvEppjQ^*ZxW;G$*DT9n6+P_*t7?y1M(8!b9*ixVvuTe#%Oa#N)fIp3?_4`_kNT?- ze&%Z_E_%{llc!pwkm)b9eYHdavom#5ChPov5F4Sf!l#(G3TYcZ$@yS{tiXU9TnZJj zy*{x%RKsVV81K3>2aWFFcv@YXMhAZd7g`*_qMRI*ed z%0$2U@V~q{OrNwjM_U=NVjU)y-qk0~5^lCM6Vd5Inc&}E#=Hg7!ln?#85$IAnn3~H z@lVx8jRRGIV^&=SFOM<`w)Jjrpq1fH%cGUgoaZ-`aV7ALW%zT;DkX!L+G+B%a&mH4 zHUZJ?9H?7wEb?3TCR`eu5rFT=7JmtjM%C^0EDEJAS$4Z_7S?T5@UbXzc&xy~+eJkC zLzTMLKt}rt{`K#n$D|^(_blS+8B(CJRgR&s_=DC5>2BIod_$=B(;e2lCZNFv4siY)0nlt#Y;Z z6dcuN1$}m`9+g-Q@!qU=y`^_B8piYG$kG>D~r6ob^DvYHwZqf{esrl1C0Rs zhlXr^b}dS)RtlivflGIfi?KDtvcz}k*X>WoosqaVT+u9U-!nM~S&T{ltA--$g}h=? zgm$+XRyNqA%N?XeR!Jo%@{P-NGOj#=8rK*}e+b6yXb9L*@~>ttM-6En|2VQ;L^Ob; zz6@r!I8A@s(Q({;CXQz#zbZS!>)UIRSG&ZN^v>ZZC2(idR9duQ*fa=qz>paU+K*qv zN#@*&7j6!hefrkur1eOQPE1d}fv56}j9Qi+#?EmjQ{bwY*O}B zRw4H3Kxs%w8paiSb_3LL_@s-SIwS_PE%qKh4U352!~`;404ZQ<1N^~qd#O%caCGDW z5Z9=KeH7pBF70(H6?DwJw;%W#2e@soD1u8*3*Z~L-GVy|D`DR^gwZ3jSkw(QP{fxT z>CV@?*Y@IyPRjPN0LyALP60)Q6#}FMJ6-B=$%wzPLHgydpZ*#jgDcOGygY*g8{_-H zL!iaWF{e+To-Q0;P{cHM|8x-*KwV&)@4oKOvfq<{hTAiZGVfD*s1tsPxBptJhjaP! zA6PGr$M-xo=$`}jw=Mql!IL0R#hVpIANj-b|M@gLh$^UPo)WMY{mJ0?egFRZXP}~h z7MJqn7SFF8{zC(=D}q8~Z{{57Z;koKBayR!1`!yd5h`4 zCR-IuHcjCi`F~8dC2q1G^TL1W*&j>?3VI7B`&~N6zmMHvcVFR(mGmte{|asT>)|jO zK%4!)I(V`{ca07K$^YIFs;kDB3ui4bLT^Yjewbx$v_!>{$OcelTn$p2+9SwBO_juVcS*~X3D--lU^?-5${79cBq zKxR9|+X{_F14y>vT2lnuc7J(?MN`P@#1ZtBKzb21@GBj+Rj2^q1h+}H)k^&y$gd5HCki|G z>N`4+Oe`#KBqWF$o=0^i*eI2wjJnF6gVUr$qwr=W)&_a$?yeUAWS$oP=886NJ&FC= zezQ?%yKc8FYdBc(!p`nWy#mTmdsppYS@l;44#jz7LE>gT>0~uR3@;NYRcqA^gJwyu zC&Ur|tEqg3;r12)+>2hNzSN{Fl@}7Ov{!xWl$7Mn%PM{k{NgtdW7U`to+$2cb!CY@ zLSo?CO}RTGwe|089qZM2_3R{^b0!|HbRDRiWh6ym#lI%!>Qpaht|z*0iBzVV++45P zf@8)~($G>^HY0Am=>;PK&z%}=lwsm-f*?G$#CAk${K2{+n@&;csMmUZTjlV9qL7)C z_f({I`#ON9$`5cSOm%YUP0m>)3e3=OXx;KKbV;+EpdtKh&>)4E$p+iJ0lhqq;{5VE z{oIj!^zwa#zL#qCnQ{>x@nh7Gn`F4c)w;yQdDFYH#^8kE*wW0^uE^xiv262gV{yn4 z6#5^FrKtoh?A~gm&#sus4SriIwC-8AJ!be4=0Dq8S6)+tB6nQeIZLrAskpJA5>i%@ zAcU*{T1OkGx~k~5By3%Y75avGhnHH1jY~c#+wt6(UTr)ZjaHH}SUx4Hfs1fWK8#=R zr(_H(pGaiE9cR3DmxOrj_6RG}m6>qi@~s!bSI&3mcx**bD+!|HDR4Jap7dZd5Oo8^oC7v4-4bv^4l0yU%=HB#vCODU zUk81i*24Ze{9qn%f1I<9Nr=mIh%RtCb?|j$%L%;L9kwy7N}+^Y;h*&697G+`-rY_`cV$S6Zut2wGQp|$q6azw_#Y0F50 z(JxA>Z0}R4!u&ZZCqUCexE2sXOqPqTK!0;0P-O_v$Z_!|9Pf8SulSKy?SbW0R~g%Bp@n(-;KNfNV#_IUynsyC znU`#9dFgmH)~mWKWnkYS=g_+go^m)_34Vi#2xl^%;E{lH?UC_&#n)Ew)Yv0Ia{rcV zx10qAN-V{tum)%SC7?<#KE(U}&+gtc_+G?6|KQ#u*oj$9i6e5VB#2waa%!MBnUnkQ zRDb&MSYhYfZPW8p*X2rhijV9a#as5Y)(s_%r$f}^H?mT_>pMioj3e(Tb)fJDGDrtT zMfvoz=Bx)tyiRNDz8E;?#Em$gt=CTPE8on$M;%Cmu-6>sw}PqXh}{N&XKpx_!s?3M za43sP?IVOoWs!>UVJfW1dRPTpCw(RL8gEo|U++8wd6ky~A-LrdcTqC!TPZqQ)-iTy zz`VpAH*I}H&ny6jgJ@Zs5d-8!~BYPAYKns&tR%zuv4&D%}^b@DnP z7UjCXryPRZ|4!?d+yB;Q9*fHS%R;jl!mZwauDn?+=wdskK16r|#_v{dM~6U;_3@7& zJ1*+XN}!(+MX}bhG??}HZ9oG< z*uHmrD9q&Si(>|i+IloUdL<Bjye-})|>uN z5hYOHvfWB7MlzeK@*bO+7i(qbg_L5x8iKV!ZkkvVEL*7AJV0gDjmBQM415Ueu?E!) z&o9G*p^3riM1NudBzo{eZgCB5AmOGri^k#scsYcEo6ij1+VnrpxrLxmx0h;F zKUVT8Yx@hnvx7)wZ$i-PX&)+_+;!3$&d#_ZLAa+s?)S3C+o~#xLtRH!V7}Ah4TUZQ zy7^3Sp{G2_4QvYr_@M5o>DdL&(IK4c-L(ohV~%>6GDf`&aa^+ z?kGAPS6Ef%{s4Ud zv~bJoB3uVi4K#BWXa#n>l*iHwH)zeqAn;t~kuL!s7zft*o@G|$jaz}9vgijvtxrdN z@bgS!@g176npIY*$^*`|!fiUl%!cdvD48iW0TwNtz6#_T`DSaeuM1X^i`dBY61wK-E; z&u?xFbQ=9Rq~HpB48inWb5W|&8yVo9-eK*(6bao$DY0VjX&$GB8}P9Lje;M=@v zH=WizYk+(xq<%&utY3Q&Hr&dtjFR}e(&``K5VYN=<^%- zkQxpYTwh+nFj@KhV)>A}UqHXsZIiW=xlG-D&5ynh3fH#;n3AUszMG@9hbLuDOa04n z*f{OVar9LDwjbXMyM)`rkk2_94$6W#jbZDj3Sj(85|=*9`((o`_J)$0ZyTfITmcPe zj9W8;lInhIzHe``YJ^{MEs~R)4Aj&d_Y)Ke5)$16aW3N~iN;v8G#c})LjtJp!S6!C zU+JPl#Y4Ck8nYVfErVLCKZa1{H(|Uwa`j8s{VE{W?NIZwr-gM8OAXi>XYY&W9{SU; ze9tTxb>WS`UO!NPy3;dh`FRy%6WFk->-J-_AJ&BG!&it@){lFK+cC z)p_DALzUd7gjnkg<99As-DuO7Z?3{0%~zk!5u4oDa=y0e`hM|LT8MbMDz@J}YrzdA zA)$G`>b^;7Q#n4lei&L|u*Mi}fDSfr4`;ANWhRU#5pZC7l1{SpM$2=e*fcqG^oNQ6 z-|0noI68>lc-YXz4a%gS7ak8{1|8J&;yb^na~moc=M`KoE;zlI*n9lQt8F1`=H7vg zj$%1_x3+1fCC{c674mhRumyRi_n|i`TJ*^K+-aVS>c)^n#9Rv&`r(Yj6)FAMEY}nd zqc@x#dHVySR$I|#>C2giJhqv_`bJ+)aLVybN$vFfzolC*gb`gpH^HtF)q1r%81hCOKcd6;;>R zAJE?aglW7NW(Rt+L$Txi)v;AJH17C1`b&8}77p6;LH_8u5fzI1m>CQth*gP9|EN?S zz0I@KZ~E?`AHk^a?qv75=v2jFvVT~r0rZ4y=N~O$-qj#VOE_8Ug1t|Q_Un$}=vBh< zn)4J3+E1!Tqr0y~uMq1C0Slo+A4F~PHv>5qZbgOgfR>ZEzD2=X;864_YNwVu32P+~!}Z~?>C#7-Kc<78B)viwz80pnqQyEnA>!viEl}Ew zMZfhb-^QTo>F>2#ltbo-p?ls0D0B!GqX=r#b6eU2d-Q*z#$R!ShT(Ko(ZiFu4VQ2o zN*;^5Ky>(xXCd;mK@7nQR1LF}yw)rmg{p}!sx992Q*dW@k37zn1HkLWp>B@-t5Zc# z;*+gud(#S(zlVpVB&)lL_-QQbb1cboS-tFc%zO~R)}Jz?tNke9G+<@m6aj1Y6`s8TVx1bV-D zNZsmlmtUh*4nLv%1Yd=yJ3WXiVXsqijE9^9KCrC_1cY!7RDRA=wQZ6Yb#(=8s{_-jF9_92gG7NNXVq#@*~dLhIYd#P!f^JWGkiPn3(^2=-C1#JT%N}$ zges&#fX;sg{{|Je+0!vFdde9p2LGiS(-zSLI`7V+Q+N6}Z*mW*Eyd-JI?rOW{9O=M z;sV#i)Rbm4+y^+cFwi^fb%v%!M7#j~)H#=ak%rX;kR9z$_>_d{R^Hx;7S{}Y4tjRt zm@btG*i|i`EPKNmEin9BNG57stwZfx6S+7)seO`%l$R;{Pc2Xrq&5(F^Kay=8#k}aZh!by zsQs@0l0MCy&Fb%q^;fX*XN3@pRRu_~Q*R>0IS2amKWG-|@apIfDqq37!I|b}N%k+* zvcD?M_)oy+VQ9XjkNbTGA6*0LPI5ag|HM}N^CN>R zNl4-`k!!S8{M)ZBJ~!-75fxNYR8%}1(I_?gDl*EZUt5vm1z|HaGx5kzh)LPXOBt8f z*49qR2NM>C)Elz0n3NC8${vc2DkvkC)#|@gAF@K=$Z-QdPf7#8PZb&M?m6I_ze>Cv z2uu>X7Ab%EIUt}2y8JAB|M&3_Tqe<UVT_+7w9q1R&8eMcy&a&iafe12W2W z(7>60M1?^EsK5R>=KV3`%k}i1)YZHdqnt13Q@P<^XZR>I;a{g1M~qrCQ!BY=eVQ(tM74F2;JGhPl}Sy zM$7Q}SW{Em+eq}IbiX*igC97J;u^<+pPD!@2p>NIy#!%r%%SNjOZJ6tvyqvgxLVh} z+m2$FXMAVJ|N3P6iHo_s{U48(WF4InZ3M-aPOowU^T6Knd|DUvjiZO|hz!emIaosV zQkW~MM9ld=r6mFRG^aUd3cX5?=k68Ilm7C#0tvw})b#8nkDeFX)QD8wGRS$nJ|B6k_M+mCn^qY>2MAk(DTqV*w*4){JO|b+|0bh~ z7JAWi1?f35;c}ukSeF^e;xTZ33M5BaY-&IS%76OH&KR4HyM1bXw0rV01H#YQ_M_D+=7 z2wSBS$BO@1fyRlW$Vf7d{`zqHiC!kxFI6(IK|9>9%pztkMAQ7-EvyCz*T>;2kGc6g z?%@#A9;hku*-U)TgZ$b81zM#UIbJx#)H@oS+-%+I4WMi5nXg&vVyS%i@#9Be;T>`a zjgqJFWhrZ*;s<`==hp`Pu%S=g9#-}M*_N{ANn`NN8n$al80&t-0KCNhDTeL^?U4&b zE@*<10={4fNyysom1_%liK2y^wg+596iV`*FZ=*mY!4mDdom6l7^@4aOhtWT!YI(; zC~V^_F44C9MW(Fa(8)@i&57-3ex~nc2c76ix-wM_Y21Ss^&-bje%?7T!e=<1c2n=# zosCZBBRvjGdj5Du;m|AYByH#J3R}91Pce-Q(k6G?6JZN@=-)0Xjb7olWrFsNN4-_Z zFSG_4IC4)Pm+7CF53g8MCfYa3Y;?i20``eT+J+`>DGXk_#k`P$^vg~tkT79G=Qaf(mdoSmMiLqnoh*s{SDzYSF`ivH zXVg}ATw@ik%llINEm7z&A~&>E!Mv8$VN9L7LE{qqMF4<`azd~$Cu8=CJJt`K_H zAzDMy)42eUMvlba2#5%DQi^)H1UwD0{Iwddu4w`KSh0VC09*CL|90M`cXmJ#IfKot z73-U^?M%pTGNeBsIcAbc<;{P~)f9dNW7S7ODUH(V*s{}f3 z(m=hZe_sZm-(XFNeRzCFr3BK@p%m=232*?iHIHjA>*ISIO(`!u`LiyEK>c4AG?J%( z5%3a*YLwi%^-$|#a@VNlIK$0JCd}?3{570eRJ38BiJbF71N&&31@r@$m5nDFpw*V} zK&)*XTl1kdJhQn!ab5p*oolygRxW!tFWk>`-?1=vJ`*j8(E+SZ0Ik2l!F?zI%2UIZRTQAA4u^};Hm%IPm}6p zSzzWAo@%DXa=t+KSdl|eP&@y5(H-4tyI#kQh#}t=1$dxKBAItL;6R!QIFPdV~`py&b$Al26}Ld;=zs=AbV7bh(crF)ngy~ z$rJ!(*b)X3>4!d33ynOfoUnt88SxW{;Ngh+(qMabCy*PX&%;pk!)!1TaQES!HmDAbx5*4+7fq^3Sv_lX)GNGwHs;j)debRa z{NOuA*;@6y38>9<7AU2us9RUrc$Ou3sJTfvE??(v!^Vl_IDgc5{Bu87k5^GN|6KIA z>Dhegc@S|gJ7o@afy6dwI0H9om8Pnm> z#HNCxB1c$IkOFzMfsQY4J%ATMl; zm}vLf_UrEH;kgv*h^L^)=pRl-h8$ciSA19FezB#jtjvwDJQYyf9yT(`zWN`&Flf;J z6$>%J+idmqnR5#;%tZv%*T(zj6vBU{49xyZ-LY`5+P?sAYY{%roM*MJq{xwcMsu{h z)DHda!062|XZ*#5@1oGs8n=irPXk^CVZ5ZEPCe zRkA5Gnd3uz4L8Z3e*n#Y2OVTs(O;BtD18$~{>?4^ak(@LAn0*lXFPH8AAFkQJ%`q& zD^9yIn@%%4>+1Jo01&&o>Ee75xZn1lJ4RklbCPD%W~xDM+gH7NwBh+Iw8~Z-a;jBf zp&IIZSW|aQN9@{z(kog|aZX$CCu#Z6iAqxO@oTRhK zqxqv*2B?che}1cp+$NS?AnVyt(6_my2_cw@^}B2>bu9NLngaL^mRO_osze~Kew|Cq zWoA&kIX%wLPKevEjj0ar@#Naj;QdnWb;w#{K6Cui^?drXPc4#QtP=zd^dK|;MqLH( z^*JZBocNsXDQ2>>X_UGy;4)JMQ-NDSb;kRqVVf$EMB~NC85N(2?}^C<0v5W;a4--R zcV2{?U2lbZfRD#x>?nW$G;+os^VYcaQmz6ddXx3dEuk8?5z=xZSGCF4rhThs^-IOX z`rO9x!V*X#F-7JTUJ4|Uw}ZUIA85}q8@^Z@=KqI!%u93sGShB(AZOvjfBqAe)?EU- zV6AiC#Gm}&mwb9i)q(1TY8HRl%MYN1v{aNdGXaZJ>cf6jUmW@#(*)!zim8xy!k+x4&GY#*rjcZWV58?bDuBdeJ8#4nOXcD_s9(c0kHT3_<@SsQuWBXTLC zAyI#sQ;xH>fBBts{kQF21|fem?v+~`kJdS1apOF;7UO-f@m}Y}n~Xq7m#?G*&{6A; zX3G0JvhWsqjf)U~(U`E15O5F~MjqepWdlOS$8T}+ji)PDVIBHvZ9_;*^fh9MibdD?$Nqd#$;QM zyzB)U6FvA94w6!~QtMvYShsM`K@YYKJKgnDMzM!8xqJ8k${SI`_j08;)7COEB8GaC zR>>gW_SJf8^3X6$Igx{VK~_4|2M+*hmF$g>&p&KgT9R7^}jOT#`XUKf`z6XVsDkG;pv_=d2TR0Rs~Z%e?Fe#D{m){>99%YdLI zI#R5)FH7xlFEl&1z)~ehN%GUoRC+*`4g)_Jy{o~9qPN+&qM%#5)NR_` zQ&USkugvybu3*2PzuzEfKcE7Z8>sgab8c;CpM`ne1p=bHeqd}pOj#rG+b>m3`@*v_)J1v_}N%!3N&XgyR!Oy=(Nba+_J}PzG7# zj9}H)*i`B$)2@=g65hM$FSfR)bg1-~K)G!=7Znt61EvN?LgTYA#Uz1yi|?KiE>2$X z1m|S?qx<_8M;_%h3ql*QsarQ^%`x71m8?o&U^zHvdAJrkAHfKV7#n(iiEV;ZPB2@x z)$kt^KHS@e2+RZVnbjeMrD9daB|j9hvoK{i+Mh;9&j#JIHh=5%tI2dQPPr7k@EQ_l~mk6w&p-5Z1}HHet~)beb5k*X(07mk!^ zUF&Q26PLNvbO}Q&QIJ6EEm1Z`(eXZh(6F-|pM`uD<9Rt=sbKE7jUu<8_R_;}T3e;N zKWv@f%%`tN&JmssNHRItH)mZj^jWCxx{MF+TG2nycrek;yAH>MyUtC8hRO^NsDaz_ z_aFzz-)+tC-GAUu$mmI^TUi-y?lUU@J$X9CaJkfVMT`J|HeqS-(vOsSqIq~;$_!o7 zFT7cYGdXMgOL(2ZG>{iah_u|7smJHugCW1^9k8 z^uMov`r6YL=%4Hz43`7dgAJb4AM#F4M_o0MYpGvDx)K@IxUAkwsQ*BHdqDR zg-<7v%hdaww?C}FV$&eX)1iF|?ZzdEb;>@9=Nm~yerfAj&VypJ3l3rYCH7v(i=pVZ zmw`GxDW(=)9Ij@B;6DTwG7^6@|DH6)^H~h2D2bnkwEBng?VZkygBo4}pl^fxX-4dL zKI5L4c~2aNI$iv2)2^rp1D_vG8Pkm>Ezi?0%`}URIL9p;x;!iiEF2zi0|`xGs(>f` zGbtwJ4n^O(rDb2Q=S=DFrxQLm%188MST3gV*%ZAchHAb&Tx9K0bo&{Em(efaL4?o< zKi9&$MPu#tA414qQN$k5?j{-FgMcdGU?Q1fDn;%MPKe&YGSg6$nvzZr4bXe->#UX> zB0+a#GE_5Lev#T75NCBiG>?AyN#d_Nz+wq^fTCM%S@uRN{=)_Se)Of~;xmoNOVl|Q zFWdeh$462l;rQg9`q&Ax%ai>A3*@>bi}}YVkx?;TDnuLeobeI-JrsXisK1+`ga+0% zR$Kv~FO@;nd{JffOoMdw>ZPBezrd2uii!r2Uho~osn3ULX9&N#rD@w$Gb7jhY&irh zI&z^PI`Z8oh3;k_=wef|)ULRt*}oK&@Yup1NJ`A!)eQ6ldK1bd4_?d{KfS!n-CO=q zWjC{2R&Pum!y&8O=9%6V%)-ZT4n#eRT9K@_XMwq`V1bv+6Zt7ND1zp0+?7Gre+Wr0 zi#_3w{a@js69Ld$4+x$IqtgCJlI!uAVmY=k(G)sk#qA@N`fVbL7?fseO;eN32Pi$u zltowlyan$?#&aNvvphH7d0mE!dbr+ayDVjP=Uz40?j_+1J|G|cBzb=7ba4W|*;Nnm zS~VTs2DC8MyXP!UIaGW$;lAUC{OWo;7iVeet_Fd~JIXQ7K?Vz`wgoDdQCSgQ5EI0DSp~`e=lPd1hLcD()os_R1A$aBkYzAPHcfcib6t{Q=!q~t zehMi^cNmTleSz`v@tsHxjFd@wMLTPzqU3|LJRCPUS%zK>*j4A)_0z-dYRCY1AHW%yB{9amY(g1s6DDGP#>Rjv$mgbG)U9^eD5HT zSnPmz{X%W{9INg*m<~-~GBJ>TC1_jRt;l40&nbCkfzb8*tUc@e%lfqAtB2!_k9t3a zi?O;;`8TDALQVG0Q4##}aa2cz1xeqhmy+wcI$5ft_Gn>uiKi_Xo^_O@DKij?&(|gI z|9t=RaDLo-TSPAKghFK)O+EL!S;g`V>+==Zek#Ys2mAw~EiZLp$Pb*G)`31ZDA$aqC9`FX^Ai$dGUZ;0EL4Uwh_8PKsH6i?j{b z2wR5vZtl1>OcH;5-FuwY@&2W9Puz!>Sz)m& zPJ5kE7H#?Pwr*|j6q7ii;3HNI*6l2;S>4Z}wS@&*3uG=kpEqU^a|AbPUaoxLwH`ml zSKeB|+2odMBc!EYlM=Db$++1lML)8=gW+rK7cqs7u?A+NRxv6*;;D0+mh(wdj!Gj2 zBhbHDK92U@Y4&TqO+%k@A~R6vdb{lGRi(wgNf?%IW@=_qN0D5F(9wj3#E7T(a-8uc zV_?^&gjDji7uVs{Z&U<~F z;k%D?RL=WG(qw$xR>d!W@dlIsN3|*&ipkHGVIoVVIBA;wiYUk6ihQ5%2<}8an@D9o zQ-#&CrBBk5wW}|vj6P~g$KpRaX7c#PbnVt4KKL6JQ^L)2CZ==W7Ba2DV5S!C1*X>hHAjcub z0zpE#@A-Cb;I@+_>^@q&zok!7yqWQcr&zIQJ@lIl6}5BqYeie*R4MTz$8*UmV|<~| zS*c25q=?vh1A(!m-`xoB(b5{9CP&jW*O~bS@16B-+B)`u>8qpe2(AxC--!7}aA>H! z1GkUd5i`^GZD=9ZZPrgAHau$-_v9<>r|l78BsNqKah0ZtP2L}0u`Z^pH9S}KEUBg& zXYH9}Ka<*S9G$B9HJmkbol7cKtT***9%l^B1sjexG8Rcfy>*Q4~Bbw!8{ zWm&54)2vEr%e}BUx|N#^pOrnUI*JSA7Y|)NAni@K#JpGVAv3xecTD zueOfdbZ?Su3Vp^(EG3&R7OQyu!NTY4U|49r*hY9uK0**7$U**4JuPrvDdW3d6xU%sGhibxEkx}c=H#;C;ti3@sj3MEf z?T_~BB#XN==;CX2jHbNI=~F{4?IfL!>`ewUK@YGM+45ag+ZC=lAxS>a*%)56()2m_ znE~Cm)IY|CIiT7P3);EtN{nye6q_H@DhtV-6@6A`SZG{3WV|L`46%8j97op^d78D* zBs}J?&vUBVKZ%}_SV@jCG8i@S`Ncfq?070-%OVh_46&?yF>NjO?A5U2i^5t?V=4+r6c8gvCD6XSS(3*7EiauYgb|z3c$U2 z?;4>|;(2)Q`V}tPw4eUjVk_^XD6dJqXT~4+fKJT2OTwc=2f^JR<{OGy950q7usrx^ zVBjW=OWRT_qwxV<(!{*tAj6}HihZxyI_2O+O;sg=`D&TXV2N(UD9+gt21F#-b)3K` z)%6|!m6`6DK`03YkJBw;B-CY__FDXG2Ik5SNOt?+^VilhIJQ^1$+E$~X7W45(ur6f zWQW#q4@)m>8HgS&`Y){ah$^o?x-|$bn^i6p^EfAwl2PL)KM3+24Z;|#Tki?ua!{NW zKid%^`|vn?{}`EZF7fK%bl0D5Jk4e!S0MTNVQ&hwkW^nC(um}0IvqjsosD}QED(G< z@@hNXK|(iqQ?=?yswylh>YNVtS*BdSSCXB*nzV4XM$xoZTB2~DHlsU4KI)FR6N@lU`}eSIqtF@JqPR2v{?N$R!!*rfDs=u1n{ zbAFNB1u@~}#QH24^V9dn-A@xk#2en7nXleiJ^Yz{3qcez8z^0+qT1mrL9NU~NBdm% zdS3n6SS~iMa%s$2#fOpDSpCSpfwx|`YBR13hV&UynQ=D4Zu%qsDrVb1a#DG9t`n;? zw5d&u1*IfZ4HOiQi!_UiSd1P~c9L4sOyrTBdk?KBP7LCV?1-w#57T>V!@pmjsIsjC z;J!|AlxM(=`sT;fQSsv1so(ADVk^w$oh95^gNLLTA1d{CT0uw?*I zeY6WW69)+`IzgX*&gl+!SIvvIu$_+D6Dv>K-4}Zq5gYevy_fTJOnIkWz(IVdLHkh5 zly3i;uJIC~KdxUO$vKv4e}6XlIK7RFfv)W~S)}pq_IW*{|Kfn}00t?~{-|8t=ii2hrxS#*Dw5WiZewJ=!ME z)1AE#?Sa(nbf%hY^-m7v9Fmr$*-OQ{$eL>J3}Rct8PF~WZ4tt5_z~Q+xw5BA!nF7c z{%r4(_Z~vXH(k6-CsYQz**?X^(kPO@b1tnK-Id+vd|p>23KJtaH_mC;-bg6 z*rDJlqFB2<)TVUuPOM?MlMFt>c}&Iblb>wV&lzx?_?Y*c*1I`SKW2n}AiLKex0v-= zeq2=Q{&E8Y(9Mk;%#=+a7hAa1mmd1o!*!}n_j7jX@_|r`yPiEsIK5$}1WB9M`>3J8 zS#g^QO96&~FNi{oE1liN4dj%V0-XLh#zApcBCuMR@wWycc_in@6JinrcvE#g zI|~_Sw`ap<1|2CGwr+Ce7^^|IkYSqQagWak14PA3JHra5-t&lmFGkPJ?yNfhyj`g! zESb@Bo67+u>X0K{HJ&#%n(NF@ce8G0|1B&q!HUe5=c}_w#KBa~yiQZngb!AOuWf2G z{TNhyxmn4PP~2g&&59)#Rv3E=9kgtL+AON;Rm81=ibsFjEGk-}Jv>5#$|2Avo+qzxW=Wz|ZdZQAP^*54 zg$me^BJV5~_1Qfjy(eld$xeufTZqp&JI=OT+mR5MlN&rc=&!cClY#DWm(@rcfCl3)9bH%qX1EVNSKn$Wrr8ZzI5ox> z_F-IWW)Uu82xU+sX@7S7h8=f}QZc9HlPp$d!zSD5jy%rB(G}N$uy=k{7OO{+nJ%+F z{_mk1w=hB%yeiw#5+Us~k$K~FeX+Vv4->s{g}<01Wpun8zjDD&{6!sPP{)b>{kMph zTYc!hi4M-yaj8YclLyKLl+ziUN4)9n+};kH_ckh;7?%ML>d5=}^t3W!7Lizb_qR=ieUZ8ING+RfH;Iq)yB(y)Tu zEJh4*eplHRcbo z@+5KIAV00!&-CPMwf9FVgv5*uYHuwQo>VvGHlB#4jqh7s_g#_tX<_>VmfSaF%LYm1 zk;zSdPDD)G+}Uk_OwZX2vu&q&okJX7Nqm#QMf7DkK32r3OKSNvv^Nr;Qb;)hs1q!N zaZTP+bgi#yB6ZPc{wb99A%JlQ=0Ng(j0WP zkm6{OYYG%2boqVWeK#bXsD@TYPHjDiA7}`z_uN+YJVNeYNBerRFIWdvyjLf#>vp3I z4flD1Sbr#4lcReD-YYuys9@PI6QnG@$i~%183^f(V8gdJUaTA`W?r2k6@?%jPb$CO znvKA%+PPVxymd&PM?6w_zW;7V@WEr(*4zFLJ?tUarGaiFPk6m>=4XuzvOFK9x{2>f z+a2qt#`*Oag!4dg)+x!Gp$8`E= z&jaHNfxPGEcX-9o>n2&aYHq@)WkQglh|-%a3;aygpQ^B9A19=JMEU?%dhB-w^eg6J zVr-IYVoD^bmAbS)tS6TvVOL{{Rb=utSUFRDt7U}5Y8b*uRt6u@I;*`tveuD2+M2rq z^(FR`Qw!gZy%T(t8(>Oo_K1tqgWvmOm!#vuC+7@O_9|(r;*H6i3dF1bOnYuu zju3yE*IM(VplE0~w^ek6xbOV4`&beV5|~=PM-(CEDH)YdWK%OvdiF2>PWU^_9gGN* z(+D}B2N?(4oAex{LS?JIbuy?H;^S$uX6(q=={A%cO2PXmRCG&V)kkLj%jV}7MtC6& zOJ?!>_K*$>z~wfXDO$Kb{p5;n>n)XQtB89nsW+An;qeLt9yfS?$1CCZnDW^z^a9ww zj@~QRz@+$wI`<9$h*%0vh&CAv|5mpA2K(VBeZrbORDQzvgj-PeI6pNb>}noo&iH+1 z*!I-c2F5Yex7I}Wk3VtwXf7jC0lfR#^;!u$wydB&6SE|KMl#VAM0cUdu|3z@X;u2I z;u1mB=}_uuyyNo~!~Muy#yz#Piqr1!*-Ajur;>~&G+)qx5L#qygGuAP{7iu4Y&eq- z?$mdmzdmN5YA8+j_SZh2mR`fHX;n`N|+|mR*C)=R)bUv%^!43JAjrk>vg+SCii*Iocr2k zT9mwY)D|WMpqB)72leNJBy@~ax@ zsG8!El4Q7_pB_p{0k0sVN<(yh=hx!gH9-%-yl?V-BlK79Mjwy2*fl3AY>KqkU94tL zG+AH%fCK4++rn(4XK$cIdhV@I{p~}7B!A}uxlPbk7pWwqtt7h16OS58^prgZYRGc) zY+ee;{VBN|qRl1HvkiZH-7YdG)oW;k#^ISb#RQ6VpTgBask>x-y!(>wE1VRVjPf~m zU8x`Q^FHNK&ryJfK7@~IigZE`-)dxkzQUkRAhym`(F_L|3WaTmXfIq60|)o4%!k^0 zlir!=96)2DZj0}e)Hb5F>O|1f#+yiPn!`4P1R8;k;Ftc^7+d693hov?i3DY2z3ghb z+W32p8@TazEpqNj?#^yT`Y0g}_Nji-O-w|*sZ#&EbTmv8zjCBIU4Rn0Gfng@quthT z*7iI9yZPPQFabfd%V&J|C+1yrvR%9^i?%PDy zN5oEdq$qfezKrBQQ`o9SLMTL+o91lBg-Ffx>mW8_%C!qh@dB1kv?juC8{z9gdT?n1 zyNIhS$&6Esf*ls-^Ad^-?_^Qu-^JAc(zXWCcn{2Q()V2a5o7{dF`gTqhn}Yt=3o-k zr=@dHR2nt-V(3rpd;DY159MyPGI7wJ-PNI*Y1-DIx;LzB%`9qLD3~L*ytv#|vC3`I z^wNKCYNn>~k%_7{Ipro{b%i|lph`NUe zYU8goMiBZdA(o|T`{KFHmnhJs%U(#?<0`;U7T(?Td?hRn8^G}{llf+mw6PEIT@Z{v`9?`}y~-zTDWD z*PAZBzaZ_%U$FOIK2)u5N=Vdt!WpbKOq?k%u9jq^o0L+~Lg3ryol@Xad zoyvS_w}}^?_0atfo@HQi76tF=olDr=Q)uw($;nBjwja9bV5kZ$qbSGrJ;E?SS&oK^ zM8S*A>iNY|_$bSnt*f2&$#?N>syYuz4KO)PK?|AAKWA}jKe?v2IpIZ8Eu$Nn{inrV2PDO`hhyoa%g^3=cf7VyvBRqOX zT6RMcuh|AjF}y&Y)eOg+l0xB|GO}MPhCN$Kun15()fQBp_Q#l|q%G91}<&if!^cRj}YgSCdYYm^RdiNO~a1)vbP&~}a4wl%KmCxz&b)NtpAvHZyuDR--9 zg*bW?gDrw_Uo{=IBIbo#<|pq=ag1dQ`X12+0@YMLGoXb+{ZMoI?bNUuYpAb~+XfTC zGK|^4yHw+7Yu5Uh-`b77R`vbS`|Vrg@=8iog)T?D(vtZqbwEl_eC)@aXFiIa6rJ~Q zpSJVZ#O2_>lEl@l>LBa?Zb%n!Tbi#92)RqH(fL%6(l6X2VPH6$V(##0I1P{sN)+RI z`6m{D-20XC;1PDnjTfs+nl8Y+{WI8m2pe@j`YF_o-Rql%%HQ-@)`ci<$6 zT+{uLl`kH*q`vTwIw|p_>i@iX^96>l*Q5)Q{E5xMz5=|3tuk+F+*ywIT`W6hMkvxl zWM<;c@8g~eGmeOdi`w$_ueZOWxW9i-dx=YLMbx4NWvMjpjwyOn!gdO=%(z$A=(2r-v@{!ddCBEV8kXW0uX09!H+i!!qx*-n)8(kma3A!%E9%GXd-u zPlxrb5}rc+9vug}K`spS+-H51Y^!dGDZP)Hbq@*;8v$M08KDYev+pg~6nV6Y<+tid|dHqCb zOf2tt=JOdo{LCL?y;KC5R7aA3OS&b{aiU*totO*%sANgo!U;ymLD9|3;c=o@%FD}= zMAw{{*n}0Fl5QkvYxi}Z%%mI7SyTq%rvB|LjFj+x(fSh!Sk1{+p$1ku=S{v3_0>)1ED6^=-Oz*Z@gIMu0}m^k=*y zk$&xa%FEa95|jU)2K~|Q_;sxtn&@;s2kB21YJkjE@-@~lp$E^6TYL+;B~kZkr(!L^SPT_ zRR}G}N`(K+O4_Cze!iMsY;ce5NZcp?HpP>Es9CIck67%1j2Ia8kO#y>HfCznF92e` z+chvK&YkSi#O2J;N3BNW%@F?;`l8`6y#g3m<6 z=i&>BhbEs-`q2pfwAVk)|L+$1$7_kbYjPB%mp*B4(mYit0_u|m=e`$;t~A{%ddlk6HflR;2?|O%~G|b&kOLIs1eq`F>7{TSAZDdauY`*x4SzDpbba z(howlI+ET{f4EE)a3e`s{4gs|_(jTsfzX)|w-2??8HJwL z`Zio`bPKl}{^b1FbEWxSJLq!_+p2*0CP*b>Vf!Y8ba;{vHbN{@Ee}9jC zv9f#XA2#pb9p|st-ndyIxW}h6f=*+Ty*&>Slbu61<{GA@v8_&4T8T|Zf`6zLJZG<2 z--3chd}42&bqUq||IPq3K;(FL{=V)V-6|U{IM8n3ITCi;x=*rJOy`umC{S~dqnOHo zfqgY7nB5n%--!6nqwS=1T)T;!RnK?_|Y3bNH;|IQ?Yic^7` zo5p|F|8woU_x^|ahj89iM^EMc(x!1sb-HNap%cXFAl`3xC-u$xeU-qJ>`3_WZhLAt ze1dlz!UjaJSUFk$B_#j*+2YT{9DeOK{SgWYrYcgYc%T9 zEK!v@Jz6(kE7W&3oi@o&?37xPkdo~`-pymA!7@$O^EQ!O0U+aE_@rxdZO-sJbqN~wl`O& z5Hf+YYy0W{VeBiwqRRfi0YOS(XrzXaR6?b5XcVPH>5y)uyHUDC3F!t!LOO;Jq@|@x zy1Vl|xVx_Iy1)PXJUl#?3*0+%?wNDG@rj}&$_F63ZFo5FUTLx@$YH{L6wQy6^OOld zxVPyzUaT|w@5b>hJfV3#;ku)26_0JIR3m~S%LiC& z`~0DW`D$e{%Yz3LhPPc+qW@$6`+4$G79s~$qxl!dLgv1gbh-;4`*#M;wWGLvbDK&Z z@qO-~2zL&J9BPd1zU8oFk>wX0PhV%xf$@F)RJM%~?H6f0uHoEH7u7PUQ)9*=1Is)vLf9@3d(9!dN= z9equxRc4`-Qpa|hK&9RF=yTKW7nEP)bQIA`R0c>g`T-p=p+6Cz7%}8UFuHhTW=CBm z553Wb2JUAZwKQP2K1!2pofB|rEj1sFhi{d}y-vgh&N^H<3oZv*69*IFctyd9F^wRSx<5 zE5$pvnv^DM@4`%Q$(EI%!?)8b14J?M4q^FQk7WZb%2Ks$@Hspakja$aLmJxtv z6^9ibz@$6&!Ma~w@&)hd(L$0NUvp6bQ#09;>57*%MJ8)UJGeKNT6#KF+;Z zR7T$UR9rYvi;m4<6i}*=@6ZD~foqDaMj60u9p&9f`u#}Qo^rtVIRr~@*+2)YTLm5S z!jfV94bCL)m%B-qixn_j4rd`!XBfnypccwIlz(|0uDM=m^AQ#-YV6^TdK9-4=HHwp zYolP$xus5Yn0Auyk-&0Unv+T3^IHbUdx2QT6TPgk5bHG#CF!pAD!|e_R|@6c_UE_n z?&^``dXC(Hs<&x3*kXKf9KAsz=5a8=^%>24lgM7n^&3j_dIZkk2bbGl-znY8f%O3U z_%Fjs1s_hU4hWpg)LpkeZvz?aS)Pfp08iU!U~Q?%Qn^X3DfFK+D_jogQn@{X=4Csx zZlB)PD~B(bNmkbu{_3TAB75Wgh=Cn32Og>*=~`9{i?M0;WQBpm7RWfr3hbo=i|^p_ zeWiygj%38>_&7+hv9VSzBL&YyTU$ryL4*-FdX@B#y2pRcGz93Pv)8D@k&~E77U#Aq?z7|1x5`5&3=>8Vk=Bf zVwBKtWXlCVMgf^dZuS5e89f}p5J9L-b*>v8-Gm=Zyb)HyeoZc;xq%_m*1x(+23WSi zyGx@=61+%M%Y{Gw`+!+p;v49dbHodA3A- ziTkpDYcwJIV{suDpLa@;etYpZ6we15AP0f(EP^A@`uK7*pE6iTjfm@v;>%05%rJY~funtm*#2TzS!X_<3bMDya5dO3v<4I=AHgdFf;$ zoMbfR;`#U8@DE^Gq#U$j{pO}%v8QA}T-8?w+NVGeqFDwwqlRq{rG>>Po$Pc)pI^y~ z0+fW9ow6}@y3}FdRf4(}wFjCch0Wyjq?{Jd=byjO)^e_z0ge4C`gybdZsZ*f>04yHX65QGYucAq!n1SHny={| zy?x+w6%{$7aOp;Gx%`X|H-=HX|2hh*nk?ar!adw2w zDjm;qw)4CT2YteVhJ#F$fD7EHZAGMYUCV@FQvL(WI?NS-}X9U$msRIuJ)h|0w)W@_OMeEiIk&_4cL? z>RtanR$kPylt5Z({f@TK%lKS30P+1$ZeBq3Yy1P#L8J8kqOnUnvDQ^lQ88atql+!z z+Qg^npZDqSBq)xW(x)R|n-R)=adu3lSY#TGma$FYH9EZc6l$KJ{_Pf;UJ$Qq zAwsTUSt(RvLGSe9U_cqLq_`#ioCPghh=HC*5>i)wvy%N4O&n2ee)GF{v(srx^i>R) zz_9w^3N+4HQt{o`&u=yJ%xo&Fqu z<`I;P=<(Lu_jPI$WA4yAbKeIF*Bzz%cxB=ti%rq9~(Vo33|4&&A6S<+)hVE z%AofPOxMqJTsZ!G5sf6LStF%qz3utLcuKoVcm(TwmaG^h;#Hvb4>=6>c5rRB8fqps z`^Kc8RxGJOUN&lfvpIFRWK?2Vw{`k6)#SGeK%Bezis5RL25V(^9|w7vHHE{9<0O@K zO*JxXcf9t(6SAR8!g(!DN#oXKl`0#nmtLG{zgjld+9L)s1fYkpynFIp^TNo}*+G5; z7zv(go7habL@(1y*))jHoc2SK8kqS5GABZeM%~=_t8bGW@;QMrCc0N)ttO_a^smoP^TLE zx2`a9SFH+b@gZZEnpHf=wR)e7MI1Q*jd)&dO52+~L(o~^{-n-+l=WdD>I(0TwCm5I zUX~WmD4N%xPUW>kyBJ?K#-9dnDr?LyA-rMtO7JGUHZ`j+#G#0W>P1S(ECg)$`aId`_LE zhA-l2O8rD=uI|*(c{ChXVT^KA0?H}8)V<Y;Fp*CFA}ZTct%SeX#S55hwzYb)LD+AFjJh5=%T(3y+3P+ zJAM*6GUzv6%U5EVZtwo^tL%>MReBT5L05*6k%|TH*z=Z|qXk1hH>Fy$`8Kfym9C1% zHY2NJHO9Q!2V;xymW>OYt#jxX(=S6iS@vrjCS5-8%xdMuksdd-amL~`xF*eqwB(th z13$Zy;F_<%tM>T;Z;_LuMw$Cyg#hQ!X4O2rd~Sh6=bsIAZ>sRS)X9^YJU#mqOvJgx z5B^+@QIk9a9qfiJ(zbMw^IMd2)rNXF0wX@r zE$bxIM^z=bVeP|DzoPM+kaW9=^`JK8hzK4_2u1AQzizG7b0--JPprSDQz;-=l5s$j zZ?D=Mlyg_19%_?@(^HOhhwv<-IV0L0^CYwuRXg+~dOzr-nDFr3!sc+kM}OHM(z17s ziv_h+>4DY@)&iXL!w)yigSLha_%+h@`4`^?HX@m#3R!qEpKXa6t;hEdOeOhmEmb~F zdN!yTv>%`Bk^g$KXCQXaZp9&C)F$~N`spM)lK^fRrA-U(-|Nu#ed&cHC9PPUl*^ph zs7v;yToL_W8=4Rzf8AHV5zT?{8XOVqOSIrbBF7iq+_f!)$Kot%zPm+fOCnZ+1EstZ zMuJTygQW{!QJeIG$a{_*lFItLrt1ZKar6DEdR9&FF;<-dZkIAFPTcEmFBM!3!KcOG zJFcU^j(!sCKYy!>o*t1;m3W0@MgAbF@%Ynmv(=au`=@KER0E!H!}L6%;xOAJ>&MUY zdz2raR-V0ZgKtb#wiShC({wyj-<1C>izZ2uLb`I>D+qpIXjH4PI}=}Y@VKOzBq!l` zs#)=cic79=S^&r0$IV!zBZM_0tBMczD#Jz(NQ?W7#NxErJ2}IWPdY!jr*r6bp_~rx z`IbzDrUx}5?X5w%VxU5&M`@@-zSsf8(1C<6z0BMrHafnNVQxm_rmgVK>O8gDm9a#j zj-0`2v1!7Uy@um|j4z6GvTglaRBD*VdNh=)Xa z&`K$LbIzkB8p0;w7wtxzTL>gLlA6Z%ef;x#R!R?>h8Xio5uk3>DLgJ_g!0*GK@1>{)r~g~G(}7>v1Mp7 zu)m_+b*sbhpfq{Qkj7wcr_OuzLzto?!`5;733 zw7ETw)Y4W^&ssW>&f{-a@@~PSL=LVk@UQc%!&Vd{)FBr=^An3`ng} zAEoxF*!Q!f^7wRytP_xIIF=-waiO`bz`27%uno_urb}`9v!qO$Wb{`wWfzIY*n2q$ z36+(~DYPd;!*^9B3xm57GH>Vx?Fo{bCmemao)4zcm4itp0V2$@WSchUe@-J&N?K|} z%&XTw{56QyxZQp+Qga4G2drmymJEEVVtwgUs>o|wo4uBkT>LFhy*eL>pxhD?v6$3G zl_!2H^4P6+rj)$4H2Vta+n12ZttmBVY12xi%e9DOn8s+WV_K@Mg_+ux#FMFSc_)bZ zos6mRlt?B*0l}`l_?ep6=aD;YDN63ht1iBI#_CECeluY#o6w#8%DpO&A-DRg$D67i z>nqpoyv2%gxSvg`jh%l&jc=atc$$_4Br+KW*MGSyRVzFY z?AFz{H>+8u>G3$Vuuk==2f1mw9lot=x$KPO?PV=?Xf^TY%Ff-&y~wDI-i>M|`wI)en?q~!asPe^Ny&6+{mUF-*yD8+Cpj%;8X1Ws4Aa$B5LQefAf8r1 zKLug1AJ!rw!_Ww~2*=bY?P;0Jji_A%9c~Ahq1H1^Kv|IY(%6pCmN8c%U>|XZYCSwC z27k(d7G`H-x*VHt@$rrRTBvCa^mhNbf9MElX=w?64OCi2Tw0K(qDO+?`~DeWNm245 zp8C_pBEuZxg9XLuTS>qi3!qLmrp44@eRw*Fh@?yXpn6FLug5{Y5J%c%F7+41Pb-m_b=X0wvSk20;giT-&hDLW)aTBPGM`nX!UM|=7mTR)G{f2CMM$O`VVFd432 z@BC{H_Tzu?xsVtM(3QvN!e&6o`{&#K`M_&hL|gmfz229%U!OIs?QKl-&TJ=IQ5|-9 zOhjiT#!y{$D*z+gWhCZo?DkPzj>7@`KzgayHJFfSk(hLC7_OG+aqi@_R#I{I9EZ6>j#OTM;lMbmS@p+##w*|2gz9e&kDBmD|Z4CWk=fd5_nZYfw(b zWiok5;6Q6Ja$0SXkgHXzd5P?)u^j#=ez(^mqNvk?Zk%Ps0^qBwBseX`7=YqV8X9qo z?Ku-r3aU`|Xt>_%Q3s2?JLj%@E$Nmb11tBz_O1N+d>`cE%tHr+X*J6lM$q4hR%^;^ zZHb_nO`=a^up!^F?@e#DZl1m0Te{}do9A|d3=t})dl0Nir*+MO;Uf3(`4lg%?uN(d zmftnIJfQ6?eIK-g(+z_o2R^8^r-}#79u0T30>&?mtiVzFm|K?sK=}?6e<Bb!3we{#0iQb{V{Px%mE5@-tBN-BXqT?%&$jEi_ZSdzf8$H?iWJuP)6V-^f*fZm~ zNN&p08L<0ab&o9vh>fLZWVGAJ%-){ZB5$@zq`g3Xny<-B;zrU>B3A2umiHQyrCRQ) zhCoY2{u~J+1ZCqebcQ?3IlBuG8^Yg$yft&a+FJ1+o70~^%9){ELMDoZ@o8k0Ksd=Ne++1_As_g$(&f`>t^q0qOY>`Jx3qicuWr2mPUL(plg`8lh2T zPZH^NywAak58m`8)ozOk0=kt)H+QUq)SSsS0G$@cB-HsZ&z!Pysz_s1H`_GmuCvTq zmHCQQS@_IC*m(YNhTR^S+39L(n9FI*@4ymG%^WitY*^d^{Z`qSw_Q|9| z06R{!VlJw1o*bpwYNFp}8F*I?FPZkMks=!lkWQBH=T@F5M`sPZ97+D5p)I!GA6AKR4aLaUGqf z0OFJGhOIcVo^NLKZdp+(_mbY6WbrfPSD(J>h&!n4a5>{x>Mo4r-&wuA0F{?tc||Dd$#GYIz%;yT_N*sFq^6` zvnw3XJb0WC(W^Nf@@UqtN8an=l?FYs zc`-u@TD64T+#)c-zLY{ z5R(of2T-mQz|r;vkKYCmA;d?!%>WTACa>W#9_cS0JPrdszJnTE++F^Z2=?$r5vQd& zC6Q7^WM9Z&=_56-mY3ceCV1YYs~SC7vJ_e+cteF}3R^f!Qd=L_sO*?ryWLNZ_u_Da z$!olV)}pHfefNOLZ+AteLEF10?`Ic<(yS(3HZ%Z{%pt>RXWqJ#=ZpTSdD)9jK<1SM zMy(!+uPY&q5}f%|Wo3K?4kXA$?Xvue&Yha{kSX>vy8UBmzOtyCH0qJ_fabRwrQv0+ zJ6=*+@uDth4kmbebnvR-_&y}W^}~ktI6=6p@I^M1k(^<*rrJ!hg{7upAl?J2ui*a) zbx7$Bq*Ufz$QrRztCYKcL+rG2Spdajf^b3VZACdF6355y_tOgiFE67wu%JO_3ZeCxWX6HB}Ss}$5H36RHRDNVS z$aU9A-QQ4&UX=zuEFIrlWpY^}p98%)HRnz?YB0&4B4SSyiV2*BVn8aRZflag8wGVf zHXBIKgp-T>;t(ha1{*E1Fk!um@!x^$Q(}E0A~Z{X z3m_U6!sfeG=SO*V{3r_J(I%!2rCCM0WGI62UbiSM7nc%nRME?e1Of`uPxF)+fuM!? z_mz}lukAGpjnTrBn(=a0TVkCX4;E^bB2=^}{F8lRP_3{RHl5bX_(JM3#ZkmuEfv$u zq!fKTQTenkoVB}T(d@cx-;>TGA-62l9^X>vY9|tU>P%+;B)Rd<;T5QSKPs9Jgi~vA ztE}M8a81L@wIHophzHeG5yyS$nd8sB8P;30(cD6g<((bq`vUN-rf>5_HJjuo$?l)Pn5Srwn%dsn3W=S7JHLztW#O8m z#6+w2V|Sch?JkW=Pc?th?F&Zxgqu(|b1#wYQ;%ViJCjddg#;msvXL+PoL?9B04SF` zxgOgNS34CYhg88DMT(O$xBHE9zREO`AoDl`c7dwqAunqE^*yRen3$M`+G5{Je}1ud z5)Sf+U&iShrSONo_GfTs_IQ_)9|mW$vW{+|%)H1(gKA^bs@C=xh@O?CQLk|ta+%Uy z%4ABjRwySrZZpy(UTijCZ?~j{y)~KQd|rnrymv6^5xpL5cMm82(OX~4eQxYKvX5Ov z>Q0^wd9CQH$EjMkb|eKSU%dm-A#c0jT)iiv#g8H~ZB^3n*+UFbq%mk#y0}K02nnib z-y?6UcL&mVKm?_-!vc#XmYcJboeIF+$pwI(|_Hca3X?XVp)2$TrqDCi0 zn&qKuB()M@T(CrG>eqe#%*27XI^zzw;q|Bp41MWN)zvH)2a#;U|x*bmykET@E1#`{@NlG z+(0OhwwJQ=emW@$M%swA0%je)5Yj_b)zkTSnm^bf|BRBosP7}VXfSJ@$}H{y897u6 z)YL13+^MZx?NO~tT5hpf8aWE6?zb*JM2g_M7@eK&bUm}XH0s8CcDU(-{no8mZobQ- zT`VSLjF&~j-F|6UXlK;4XsA*L1^k4jKDY6k{91T7@1YZ*Yj zZVVn^YND+Ig9~?ATiOmh8oXmx2l=qM+cwOIsbgkO&CwfNA zf$}CM*XWv4t=*b$Wr-6%2l;8IHHKlU zLxl}!xkF$DKUt5i=u}Uhy0?E#y~_RrPGTvqOKb{QG#>h}WuoK=Kf(8D(N7Wu^yFnO zRLD7H-m_Y`6rhz>Y4uC$L8(_MaYqDml8v%3_Hd`dRUaQL^zD=MpndCsw!0SN`e{_U5sl#JqZ*axDlnIRdU+vY^$y%W>DuI^{CpH!qc}IC0JUl$} z_a?SJUD5ujwlJI|qNG!uMSzP&?}^rh$+AdI&&~J*7;q5XmzIsrd~`wabg62i=FPQ* zLmWx6Z~nzv?eFtDaaM6!6%LUp+z+Xo2Jc6jB;w7^wynwNC0AYA96xx&#CR*-HscHV z9Regg>2Elmo9Y?X1VxfGf;0(*%<)|yB&A`?XGh{n<#JdbF&4D6OTAj6XtR&2*D8(R zf#-9n%Z!}U#CuaN8TszryS@>gD1k9ezegl|4~D66JY&k9f1`e^AHP%g@gt39a);xo z)y_ngrIyX=hR1~;-se{Bmp<^fl#Aa=I`4a&9PTbPk^8&dGZb7&zXu=l_aV6Tls!ic zc(Aw>j59}_>AD~9uhH0D>~jgL4!1_q`vrIcmG6(hDN^LpUuA=vF$(J8Dp5GwC>#m1 zqP%3uG~Bic{;&1^rW`Vww&mUQx_Dq%7AavJ=k)C!K&t=_0JP)OHLMt|%)C{$yKC>W?rbthPh>G| z!Wm&{T||AZ5{8W=t>T_8NOXg)-K3Z64}%=i7+wKvtC#ziSBOsnNRP@!*~2)0pT@s` z`KMAcqzQj)BmQES#yrTsQfe4wDTS!D!GxZA15neNfOZ9-K|q2z#euBB;b-K#CvqSK zV&)ZQXB&yIKV}X!q;7uZ?^gQdvkG5E-ljnkS>3@yEM&!RtOZ=J7ZY2tKi~~uawRX~ zFsSURXa472{*PxKfhLDMd;HHW@JD3*^8xsLgVc_ZGllF|3MY7KKfds3kpM0ZZPwxq zlOOUsr4*4D07=&xhoEp3l@U=Ysvl6w<$fQnI{=qYeC77j-&d@@ zzXYk9h3AKc31ze}u?r0|WzDX3jo3@0p}tuB={2Gyr!zRd=p*AMj6o;Rb>y550t? zuQm`vo2u>C-Xhr<0vf|wN!Q4k$q}PRPKp1K zrhi|k0?EBVK-}``b5PKDIgd8D>n9qBnM41l9s2dezp7*0`k)XFT_ud(qEdJX_$iM1#( zj=9QyO~-xZQ_Qu0@Nj+^S~)#5AWNxr$)%;9VI>C>5Cp>jw7)A-Yc+HA5}BVK2B)=k z9_n7nkloPqM&o>BR{^SBOXKge?z`|9O(7iFogK@$xl#z4Wf%JFxaBW0U)WHO6<6=} z2K8Q6n#d+tR)RVcv{plbUNbo2Nccwa9 zQ~e;;T|tMXF?kB-=MRzv7rw;NHtGl++KHCG#n}~u9U5m>56Dp@z7s)88Z4Z8V zM}MJu{y6#B3qcHqzmBO)W)P=))5}McQeUi&!}O`&8v0?lvXw?6B&s(9NQdyA73SRS<>AzsWjI>ODtVR2InV(N;rQYeqX%0-iSg#lz?Svk z_`!n!T^~QONHuKT#IiNTmp)_Aj2biYDzIA{ft&q3s z@aAEhpeU1KE@hfzD4Vx_F>cNpNWR}%fuic?7_UjdB900LP}!!K$T-tuGB)kx%Q_7# zKKN;(-RasI+M9K2Ac*KojcKkTp*uj z`3jV&KlcL~^GBSy`P#jwF(DWPw@9cqcKf>gja85NQsXdQ6&VQLx@1g3)pa80~M4x)yO zk|HZ?G~Yay<$DAK8e#a)x)tEgc8>|%gw@sAE|_;dN|(+^r{jKLKDF#k&%wE%yjydy zj!UyI+^ANu4Xcz-7cIG@EYa*&fSe;oD?ibYyugZRw`95*>Z9{a;P;U~5ZMw*?xd=x zkf%@;ROW9u_Z(}BwpVaRVQ?w(QMvsBUkCBQQwug1f;MDQ%cWQK$K$m^%C(Y;=$z0K zBx}YSX2iJN0y*-GF&=Z?ot956JXP>=%=M#!`jbUswRaFnFX7Ihw0Ctm>CNTvQBok) zug7dD%cOEXP7qkW2Kd1Nt~ z>ty3Jy|qL~`wnnJb0Q0elZCI)UL+$8%SJU^>U=N14+Y1WS*_&mr?E9W%g7GkAzI^n zW67ARa2=RwzmC>&mM^s&rSpSo((7%21dKg(dNhde!Tdr}yNA#rEYYE{*=UYTGFz?q zdCG7D1jTz6Pqric<6N7#DO1l#sg3V_F%rR@{>OAoax^4eAcMY_=m&L`E9IGi#crUz zg*>Er1L|5Wc?oq{VkxV?{9E0W)scNxhGH4Ut&D^^nCmT zdnSSXu(`qP@IqGEFf3C?J#MVrS9^@OEHIdX86ln@wJ0q>8jRTm3tXlweLSIb2>CW zbPz^1z?Ss=8+7}d2*qn!CRs9U-5Nj|Uz{Kk9=xgBiiFkw;IV$tcDb*xf=54Qpzy4Q z$K%;6=a?}Is*eShlY*Tq4~)N|<+$sQ6gTUAh~%{evL=x(u-#DPK*USQp>oOL{{ztP zIXI!|d~IWYVQfr&M`N;3AN`UrczQv>>e|`Xb~kCw!PSCrs`*pEjT;~EC6Qc^)>}&# z!n9q=P)3hrZVn#+`4@D~S7ICJ$~k5QvsS34vURK4?J!(8y>>-!eYxWrIAiuo-`>tsp`V^c1)3eAPB1iY1_!7Jf8n)ASs(%EZ#2~XP#BokU|QXM z83WLxTdA4=5G%UL6b#6TxHnwdy_m1Qf&+H=$of6HE%QXa`l(Hld^ce_tCD4ZVF7+Y5EtSw477CsZ4JR{ zB&}!`q8K8Dm#6!qmIgu+e*%!bX{X#5U&4_=!$;wS8hArZx z4!^lowmZgZg95m4CA!qU9jq;cpl&%xUtn>7M&vG8=!|RX`Spn8l%8v#1A2!>uJB<2 z_lx8`+>rbS6=G`X@N{aq6h(y!QN!;$LIkq+*^5VdVa0EHktxv>5FRcu&QF2gyz)e# zI21PXg88629;+5S7oIZ0awA^kB15}hYVI$?AWQ+N+1XE(Q!DnN%$Xo7>@v|->MWn|ImxW?1e0D#_AqAg~AhIw^0hQrkuynJu^*ZoTpyNMG9lcfUSBH zY*DXq5ac&QH@G`Ni&U-{ZRn)5%xJjx^h1x%g@7Mr%g>5%mzm{1ny8Eq5o!+)0vCJH z3XG^_`Hd)&1i$RwNFVC4fV`*FW>%>lV*kun^WOi3UpS;i@np`Dx(RK3z%a+~>; zMwLdfAiF9Su%s`fL`l8TWJVM$d}GS-QUZiJPixBs7KB>8FFH|bKGN3q#zSECh1@Wp zwo?_wh@zzmV$ z-vMSymS4(d?B9tvEQ_OUyDwp^DZX4+jIyti5^^js&-P!FnKAZIx-dK8L^$DYbYWh9 z9qe4&$DkoLWx^{_m8TUb!&=Mn3e#;Fo1oZZG@sG~dV0FY7wTRovCwwrgHU^CxS1v+ zt&yjSMR4?Nm{DwI>rQWc6;U~niv#)GhD`lZnE?m+`_TIf*mh|r8pr3HYPj7B@SY8E4;|fFEWr>w5pUA1_ z%n)Tyy8SZjlcqwXs*U6cA=l)(-j|D)OTEX~d6x=3^^!9_36u&?#tAl9XQmQ8c@d5# zKg6<#xkGFoA5cqebf*W|pevC%33w64+xFfEi90zc7juVxY*WDl{Jv_SULrf;vLVpg z))qL5!naH~NHCC37~gQ#ajWeK3XOoDvvUXe*|LL2w{4C6O}p^3#VMLz2a}sN;qFxZ zrb3W`z2kapuIC}sk|>8MNO?4TCO2lRF-_dv)8N|;*y8NYYJDLl7xwQA@&o#cYgM84 z?2ig2xx25rjoRo>62Y5hLou4+W4BOBM!Y8Nk-0-x$QZh$Y9zPsEFxi58q~Fi?!G*e zG9_HFTP4OjC!De@+HMp8&Y+{5>l?>u`2A%b_&QqBZ#hR+Hn@kTEK{q@b8YZn)2#dh z7=q6N7X26PaqvIS!)nl`Qq+X%V9Tbsn}A<8%6hUX1t&4Ndj3SzHe7njnKu_ zFJdKzOv%` z^lV2%q2OTpx7gSjR4kuW*_lLX6m*P}l1d|vw?4k_VJh%23k__i(OZ(&-MnJSM`da?2TrdT~{ISYHB<9>bHs6JW|F4 zotsJ2;)TMFUJU-G$TLmw`h3R>XZyjuZBo0_Ci1Sc(RQI)tHX>}ilmylOsfK7X-CAi z@T0=PeF!Ng6E$ybsa5UE@K6r_lGKP0cMq3p>Utk*oquFRUb9p{uVpqC)A_GuTONI? zUL)P_i@oZ7zBzrx20;S$ZOVat$8!J0g5(Hedv?iO^Rr%~O1IFjdEe7dYlF?Z$VUSxD#gd_!{ zB$<_%6oR5G*nCYI>y?8ro|Z1oYgU!Y`9e7sc^meOHmLlZE1|R#Yxd>XP6R{Gvr5DT z4)wD->^4%2vxu&bW&27mr*J`h8#q#xfy)wiG-!?ZF6pVf@goJYg{kMl?(yG*d)HA)1=so=$908Zc zNfUcxb5p6W`&&xd5pC_xCg+4V>QrH-Q{xpeF%id%`rU1G>=+I=EkJCkTbY=|JVyzr z^w%3agYZlUn(;AFmmf^_Wk2Xh3QXVXcocre1-%JEsYAdHKkdW!avXwMrW^6k7{vKV zPNfF1yjmMAYmeu#Ne6WNrU-q|P6RGUbJIbrQGg{zX|PaGmblL4*JO_&mQLUQI))q7 zO7^q$m>N4XZRfYd?4@f~offEZnkOce=5?XxMu=|4V!44qyximY%u(*&d_w!ou|Lsu zek;#3v6q|~!EtwYUpWul#PqnL2(h&(R&jbne4baQHHsQCzfX!fGNqYozUs95F$<^3 zUWnME7|I}~rXArLHk&rlbvh5sqjaJBT#ZMhAzQ-$1JBg^HiVN!09y!dwsP!wvA$^2 z5yZS~qL>|6wLi&lFwzZ87*gNnlN4_L7e+YX@2=4F?OxpP87!<9x22;ac$7=b`G;<) z&viV}x?8k2Z_iM%QOLbNG{~yy_w$9AZ&H$PII;oYG%x?@&I1pFtQSR+88t^4Nks>Y zzOtKFQb{QkB~9P!Hj3H=*I!DJzK%S;#^>%fq-%GuP^vpi19-jb^siC*68#}xniMsvuV~bW@R3(4Q=;>XSgjOMah8yGM@o8(k-RD+u(6= z2uZ)v-mf*b)9k-i z_Xg8Zf25ONeASaB77}7FMfn7sa=S}La*@D}Y-I@NgJIBo0DjF4bmA4W0znX#3*%|u z)E36e{6l)_kCc7{8Gz zkZ;H0Cw8O%o$&o54EyCrFJHhdj$wPv{%a%Wm-XbQwWU>RMJ%dBe zwVt%9DFRE7JAR=$S)>;#o!;~MRi^uo%lzxRLL}@#pr`+NyGEJJJNQwiQy4u-!Tr9> z%U(lb5fGKcJvy)2z%8W)*`TCBXZ#yBm;bMkk*h{ePe=1#tZg$kHZa%%v=T}&K{PMO z>6ku1Gi8YSVSRR)d%pW$!}|02`_hziVz3aT-0n0#uh0X>G{lnwC?(`{)mt%z;X|i+ zf}ui0FP^d3mPn;+73Ex3qD|JhZ?_RtRA3F2v$}I8W~8q;I%q@#-o|$i3C@0u$zUt)J-%&qK0FF8esw4KT>QU zM4(b1o&N;Y3iqsfcl#EdIis)88Yxb2#QwbwrDn5-zivsty?yvDvcdyoTS-Kwvs1Av zB14y&h)wvZJCqa8u!X9oxO@FZnyGe;`OrKM^H8RB-1`DR+S?QJUaPj|z8bKp@Dbhr zwgV7SuiUqKg#SOLyO%eWT%~pg1=)Lh{N&LqAy;!JKI%X06dn?NtpNy`t)TBC@R{$? z_>xQmx)l}*5>;cRHxm#kWY`N6tW56c`v;-sr#|4{)kzo*%_WUa3qQFNH5Ji8Uk`2h zO^7_2*lTiRSo*lw@gs*GqiUe0=_Di62t#{O3h}p1xlY1+y6z{NR0`NGhsO03KK@v{w;#1E zUqi|uhbJAe9}SOfbI$ii#hp8Bzc=lssVkI!y z+z7CWe=0R~F3s*y@sd2rw&vDHKB zkJ&@)-FNAXVAu2HeU0#~L~b|BvnSUFXX8jV%Rhq^wzHo4I zLqQ%XgWXUoL0dy9cmF2Rms^`j);35xvJ&>UeerMI$-Pq172P1=`T{}r4|<`O-fEX# zW5508HIJcqW}W;6g;MB09KSsO^mrG?%RY|v6eooo`&^#s=J$H?{wYU3g7r@>igGAO zK%ij1dcAd8}+)C*^DuS{cj_^VmHA;NxYF6&`^BY}6k&gzW(rk08jiWWOKSA2&?a2Ii!goXNI7 zy`dk!{Q0$dd&Xb+?M?o6lEZ)KNvU0b_4WGSr+#|`gM{1seCgjjeJ}4z=jb8NUh?1k z^5@rwhGdQP+nf9~G0-UG*bu!vQAp(~zt4=n&;RR47}ojorGGakG3a2B0_`gg9Deu9 zpUzRDwebAw`oBI^SpB8Zt{H3z>(}!?Kj`lRj*Q5I`qQO<_dpq95QOWzuQQDQA0JvU zxfcF){eL{w-%T!d$*B)z699vBJnRQ`C%zca{kNBGwjdbhuUrPj#D5Q>7c+H%Q4h6R z`STR`{)p+*$B*&A{|a=;n|U>0^A(HpId<|Gj=F5X2h;Cv)NTj@;b`)?(!vT(n}yDj zoo%+tlKrd-w^8bZRJot$gV7zYededQC{%w8HS9gcP0O+C)7Ng(0rbo5u}4F-DhKQ1GtDYo8b!x=nb^(Aj5CVwCM#7u zn(F#UclmPLo0+@R?RGaNCrz3|Z*g3!o{&IUFQ37Re_hpGG=KXGF8xA-B47QZ7x=BNp<~XOwCXVo+wiA2GI6eD~!Eo-V`i3P0F#xXIp@^ z#y6y5n4rIKjYMzMtmqM<^L?W4(?h+^hojXq9!W&D%YB5xbu;CaGKMX)%17>d%8|Dl zR&FmC%s>;}G6h@akN6QXn=v5Ax+S7(`^Vec?;bx`Ig^Rfc-LoK4=?7oZpE-a&W)<3 z)KSjNdOV&c5t6%Mc()eG%wgQl&__Eb8gE~vi?MqE(3@t8=Yk)DLe6n7QljAc3G_M4 zfKSb4UnZw;eyGzdZ&VLTZN@^Xjx8mY@)^#Hb zy8zYW9^CzA6swkn=v6JfE-@~N9jrNdo{iet;#mexTJzRV*0|XMTmvCp4+|Z)bokDS z5laD12dwUuUt&+X6UG?S7#j?YF=Qu;*6s}%HZqo{-|(YQZ*PCk{$K?$M{n54{ITZ) zLh=9VQ<=iX+R)+~-rt zHaKHsAffo?_@c{nKYgT0ejEviU=?LZM>n;5E_YiB4D9fln3_Jiu>7D4;ILnob30{G zO7`$r46|#`oUmC|&hkASW190xE9ae@Gqz|xkiny(CZbam-QN&IrSYFvYd$_N-ajlE z)Y>_Yw0n2WvZ~kDt>3hDj{FTLj|=w)>{i=n!zzR-R~GdvOb;t?Refg&OBpNp^*>e@ zXy(&cs#;zpH2bs(g0k01%0XX4NcPgaj@7!bFS9zo2ORR$t(6=PSKj-d3<#q zgJb$ZNzw*Jx+6p#(MV(FwWJre5VqZQwCK?%YTIo+X0ydBu_H5c*_sK1&RXwoeq}K^G!a5zK@boT z=}llMp(FtV0wIvBvJ@8rt4I+9!eS_bpb!Y5Bq|CbQlteE2~9!?p(K=00`KTK?{D4T zyYttanKSp?IWzaU_xrg|Nu&{NSC_PiH^FPe>B}BmT(#j&?(>L=hWXo01%!H4$Y|1( z9o)+@$=F>gdap$p_R^K`t#t3#@pkptEG@2D_b2-trSV8Q3=+4sbKaai$Z|2jW56hY z^iC;xQ>#W7R#Xe1N5?fsk~=ccLB4GRx`!59fKB3cARC%{&#jipXOXEwMU5l_pjax( zudP_q73BZT?n8wIM~6Fs(&=&(QNrA^T-OBFW7J^)Yc4tTs5Z*oK0r{#GGgjNL5K8$ zh|5{`a88!Hg;QggZL43H34cZQ1af<96N?#qAQRY?CtTKiqBzXlt_H+NVy4<>#ltUG zuqTT02GFge@rM{mm9oEgDM)gN1-}Z#04qk~L~9ZqVAjyL$wyYEEHhL_=$}ZGU*3tL zX7ZyZ4+J@l14-{-N%DwftRkqf13OT6#zVqISnbfsMf@D~Vt$C#k|0L-0N<^2{C6R+ zkN3F>`TSy66BW?X4B;MXWmDd>sfN7&NPQ_f01?r}tslb3p3+c_J(&=cXl=cPrz?y)cpEJ3i2VuTbk|);ksiTLwO^^-2PUku>GYsdNkYm&ufF#;JHvM85|Fx^ z_4MLU)9f@_@crJ$>D@1YrTj<~xwgp@2albm+#C=u>~7o@iW@{mU~Sl z>zr?)Np@Sz0^=_h-zJA9Aw?-s2%1~ zXHF}WK6Q@XclmU*Y&Sz3a*-C6`){l6&fbM_>-YEldU=ORH+A7%;C7>thVk?9JB`b6x@$+Le0$LFwuHAgdt!OKbo_AA5G~T?*oZ zTBZujyda=%?nD(;>dUo~4jR$nj(Q8Z@~|Qhg{C%G|AiGpVYxA>*Sywi2V?~L$mbvE zmDs?X_2;bXUOu__NTr9-d37t>y}pWK5|V`A){)6ap>F_^0*#QgZ4yC`jyB z&CSnv;*;SNz^_5y=bzB2H5Y8DJOwMiF*v7%GxWkwJ#wmU`-rKzmmzv1FbgNq1@B;) zs{7ummJrlD*toser02F34%h(r&_iyc(QGVt;{l^b6zzzJ_O^PBuS7@*h(orrp0!td zkwd+5j6R?2&z`bD^~`Qb4?Vudsy)6&UVoJ{Kd9qDJtXP2)t9HyGluC{ugK3;E)^gj zoXrh>*64^n{i!2WIbs(na-4dgJ(IRD6~ul#Li{xBCVsB&6K1V?F5OlvhEDsP4Ip@Lm&4h$Mgg2y6JI@1j~=N`RnZByS?}{RWw;G}>gRWFrXb zl3y4J=ho!n(~=Z-u=%|kZ!e9P`YtP*LLCVEO9RG&kbSc0hVsHQx6=A|RyJp*Tz?5czd;fK&}a}F4%pk9j01} zV_uB}2fb*8uet+=72{nDCtvfZAx#vZ8jI#SM;vLI!qK@GL(JD^Ri46sF4fe@9a0&U zUvGKB;Urq;$6yAG2J7(Y&ECNbP9>g}>A|da*s7$SmMyhn-8Ay*zM)s`9(>@JaGEJY z^W6Ec@mIV(S4daxF}49nsp^K8Rlk)q;DK1u0@Sazftw+Q%0-vsCf`u4*cS7hUK*5h zk8>Q;?nPKlO($s`ti6nToB&vT4dLM(x5}2qofKKu+5%wFrfADTP0s0e@qWnGaSZdM zCVvs1ByeI$pTY{S2p7bP1PIlA^Zm1XZwv2 zWZE*kLoOX5Z}~TQ{O$MD9=j(-oTy(DzKd;Zg$&j)E`B=Y{!t^7{&7j7ajc z7|Kc_f2Raf2YjD@OEi1xZ5^OTjm6p2?n&*i`tT{R)Bq;vJpXkxsh7~&&p>W4Lp4H3 zp9oVlmPPyBw-r_L!3GO2;;{-|GUp_pc^B;#l`C85Or1wYu!ca3wiI$Z{bl=F{e$8v z*dJd$$!b9X3Lm+MoY9HCrI&E0RgYwrQ-GPmQnfaW%b6>sY(ValUsY6--O!U}R+{^W zKBFgC&7D=pvQ65ujx4wAKD5@ESE+{om{{Abz5Q>JD$eLsgl{weUd!(`zQ~;D^PAw3 z&HOoSr9@3uNgSf^=epKVMD~Y@tycW`41fPRb!e2E0(rHJ=nCWXd}^jXWQ+8xK$got zE;E}s0c(0A=ddQ1hJrfp24FKbTIA_BgJNZkC9g(fTJb9%K-F%{d}HM!7RS<{PJQ|T$MX75&aC*D*S~t zWT{ph0<=Q?`EyYyjZkjazoXBW*c$>#fY!$VkJ;qCp-_I{u~YonP*3h!6we*Q()#r; zAcu?D-Gjh4!^YUon}psqx4p#mF3m=y4OQ`Im7;5Okg}x6(yCLiK>%nF?l; z%lqg1J%5Z7+mHcMI;v83eZXh8B7>cjdbJ|hG|lVW;;D3Ecn^qT5+}MdH+$#v?a00A zr8*>cw*jf%Yk&QIA=OAjR7hi-$d9B`XZQh4ktE2?^fJjP2GXKf$=j)9Z>L`@a`ghZ zte`d{>tA2Byq_qKgPf?8P`(e6f zLdYoxc;RWw(iJK%Xhc74QcUeVl@vb1+w*M4%E?p*UkL2Q)nsjJlDo6!imFUA7s?y` z-Av2>A1oPEyV0P8J23IYWQJDT^ReEN`1uziKiI1Hwye9muZ*Ym@MW{RP5Dua1A(@$ zK*f1-G_kOqVOn&XH$wUr&G@98@MghdkU_3pL!koli`{yMYT(?4hVRsvXKOl#A?I4mPw1`lj8C6OGH2Igf1a=2k}FIj8@~ z)a|^Yg{jGcas~VuIRCoxC(Rmq&qt9kQTjtCiy9E}tSH&P>w`$Adg(c(F~At7nKUoLhfVa49<03qNStaxJJ#{$~X8(N}GcUaN~ zrMYQ^JFCGVGQwlp21`R78I$}&w)|j<)U8I$-j$}9VV$)rLDCc0qwtzM)!jE$ zycIB&SPqfxgr+vGyEP$ZkFEEbQtA|-2Hh$q(MiJ7&*%Iiv47sdK~T>9Ky~CB=wx{1>B6!xsLK~uZXuIvgCkdAVui? zhle>rz!THha>4H~+R$Nd+gC$3O8$?!;bMeENvhs!5*GfNU`|;vl=-n8`r(m!Wb5oF zChBmN%gZwK*uyQtrMdpYni6?M%HAZ<7sCa zP_PWzt`G$^zwh@ApZpVk{C2G@;4A+#j8TUz9cP2y|1aqIe&{T(N%NT0rtMY5f9TA2 zf5_d*uN;_>(|78>;^MEHxG*8r4RFW$0^|AXo=55w4G-{O5fC|1k5(-R1mbpl0`?Zk z+i(MJ>fL&PTt3t7Js#|lea7|XARo8#tuuqFFK*H+95-hI)z?A?1_q!SnaR}eAlyH` dD_}x*Pg=!J&GX)k;{<@i^2&9ys-L~@{Rg|@=#u~d literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/go-hunt-evidence-url.png b/windows/security/threat-protection/microsoft-defender-atp/images/go-hunt-evidence-url.png new file mode 100644 index 0000000000000000000000000000000000000000..a489b3c7b98d79b27da2782e14538a86270490d1 GIT binary patch literal 66806 zcmeFYc|6qX8$aBFqNIhK$Wn?Bk}bPR*_Z4~W0ZZJgc-Y3R0>7*ecuhn&I~167`tJZ zQMO?ilVxTw#yrl_`JV6hoZor=e4amkfB1L}bKjrqeqYOd-S>69-x%s^u(EKm96EG} zRZCOd=+Gf1!l6TlvyU?!{KbJ|2Xyek)8+16Ll--{Lx-+?@cp2ubM!WQceuTGs|-&wR((8&Pg(_zu_KI{&isJQ zy0;M{)9oK${9IC)Q2sbKvOmp^nZgXQ-pR34iD}aEZn~i;P;2bSDb6hTCi{`0eXys3Bu;tOyHT^W|kOLqFU`e7>mKmp88G%dXk9b$X* z>(AjL)k2p;hxiX^soys7vsuM3r}dA~yVfDqdjdM!_wKR2FgotgVt+p$enA+}VPhlYG}WLzKr+ zm1c;L3L-9JK%TgR%cL8yGn`gCbogH$-8aJ0>J|VV^3ohRcPk zZqlbhh;$Af9x+gN57d%>OPsfBunA zN5EJGxYYXI3%@F-rTm&;vc{j&cV9fhK)Bg;Yw*P1hqeiQ<15=_T77)%$79e@zTc%h z5LIpbJil{dZC4Cd;HT`rE#TnMCNFq8P_JcsUvF^jBDdeEV}D>&4L@|d**%oy(EkoN zbYxlhw0n8eHrn8tZDK}nf!LpNgw=2!yoTIa^Y<~w^ECOhYY9dsl8XNk!Jg{?gk;BS zOUM6|^d~^}ki*2jCfnNzZgcbiaQ*D|nLqR#=B@WE3)3i@bCK=ugH9YCujxJC-go=* z?-HoVo;?sKiYfK(y+85$IZv7J>6yOfGJokUu0PF!Kk3kIMdUvK%m0G0#YMsnB0wIn zD;#(SYCWlPG37rx(Tq3%%RZ~>#NR~v(^h`NyI5FlP+Uf)_{5)Y{9mzt`$w4l@zXUr zOkB1haO|h_XjAvR1Js4`kok|XCuK6X>t}9y5%H!J9mx`BJfSfY- ze^BaQW_xdRn7cAn)}h+7H8)vY%1tRi;d2;|tQi-So+x%M$v5s!hesR@rbqvPnS z_uhK^ROmlL5qtd`>qM>F%e`xoL4uAHu^!m@Ma zv=AQF{2ubd-48!14By$cz>HO!YTkwosJtEKJ9aARn{8>HY<$5~9Iup~fAPgXCHg0M z`NbHY;*bP})dIcb>!}4dvmYM?bGKr$7RA=Iy%P6~A2V6ci5IgT7-z{ZQ~&YfznH+MG#q3a%V z(%aH8vcgxLjAR|H|E}%-g5@UcncNe~c!QUM_hJn!0^pkWrKT%ry@PXQombg3OYM^% zvpe;T$2oT=N3_EtED~|)&-MQkCRZ%mn2@~q;d_Y>pSqMVuC}CW9)!@39*_Chr3kS~ zeXIXEn*aU7Fdgwmb$CXQLSyr*mQ2=ZwZlj`L94nTe|4K+Ut?9lpM-0o?bfAyVL%WB?6I9hW>370sO!yE8-gFBk=L0(>55 zPC1O;54||SXEai%pULdfd?%cxqZxn*+PPEmBI^H~jCP+o(pS@aDz{JakJRM<;9K^t zzotY1eoGhsE&M-I1D`(dDxUkvcIy8Xu>Mzo?$KY9MbeMKpBvymyMEXz|9ir7u&C2X zvvRI8DTt?m;9r2zXAbrXP1CSAje7id$NHtF64dg3mj-??dC8FNy9QR@U6idJj6@W9 zMy;5@z;^IfSB>iEu=M|xTkTL-nfUutx0?a3bAd_o!9^w=N*^1wAhn)QbD{o`usI=E zlN}eC4vGp|eRPj->tlq6q0EtFQ+}}lx-)HKPMdXk(o~OYdOq;=!}9wcwKpgQa!wk{ zCXNn0Z6U$RPAO(|SE9zy?*7}3UC)84ldG(H0?*X&$1e^k&J`{Xsupqt?-nKW0m`=E z)uBTTL&TLY%g*WhPMIneKm73*&)5FNoqq;xOI?1R=imy>PrcBg^!`*T0*|@|wWHR% zY0s<4z<12xRkpz?!6j3ny7(GGA=FG`8LQw>-E9acIu%ntJW;`RrlI$;zq!-nfvGbH)DGEQ>1Qy4Y4$46vw8!K_LD zAEVDQW(IT8T|Zub9FlMsHR@6J^-=iEo)76`#3{tcJPJ5W6I&a>^`v=x)H)^D-|R&m zWe%7{A8af-=KITyz{6Hoj5H~}o`sh==Z&HtGL98F80Qn?gBzQ+8m#@j z7Yr*-M3#>6kcRzMbA7idJiE5TD*+96z4hLr<2wltl>ctKr&H9BgR(k1W*s8q=Jb6Y zJ5%=ZOq7IKEB3B*b|?h!9+ab?{xEr?6IsO-`BKAqI@O5tT*F8zNci%!%8f$)_sR@L z)V&xLZ%qjwd{&Gcv6uH*&#kY}8SZ?W4=2);du7Vc7~aizZjL9hsp{P?cY*gp@sqnD zw0UV`X@Ckt?6}6q1QKz_H9=u3Xl$&h#KlTBJ|B-niksh`h8iGRR9|$8zPgN7E|usr z-~DLEg()pP?5mCx~ez(V?m;dUt_&l%U~0x7Z{C7evG`Y5{)C$w}F4|j2z zytnIo_k)rLFvpTQJ`Rq28|A=l{KNW?7n^XJf2$J}-Eu+dZK1L;jDMvKS)ku0c@ z&uZ2ugFjh%7x|0{rflt}ilnaq;mYP#{{TM z46BjxrKLm0*b&ZB#0Q!I${ZL}zzjWUSUXH_=lkz0kN@rQcf88lg$9}9s`Nd(=dbt* zt)X2pe7G8ysSGKIep9W^-9L8qC!Q>MQ@YJBw>Q|!ijFCcj=(_WgN34yY8 ze1!u{XsQ2=cTI0zW$y=3sK{93-2rm2NⅇsVSae<9_0>xyEN1?`7*IB`4d98{HKg zu9%#{uaJv*=1nsNMOw793s*22{W64?JHEZhU8)JRMZtzUWO})*G`3#t3}$-Gg*B)$ z8`M1aDr9^rSHo>Ba!kQ-Jfz1utHBdA1Bj_{%L@we$W&@FAGr)1FEcP-`B8OF5Mz8e z9y+QifL*d%e0BwT#i4U(rVH~Wq#3eyyts-lWSVOj97tI^h}f<4Q({%N87IV#7b64? z0{bwSqe7f-82t4Ny113pMZ8-=Y`K`-(MsQ4A-=~`Ta_B`qAM)cb?&0qzRYMGJc*%q ztbrR7LxcEIi(;b|LPTP8Bl7O@Ln9=88?T56jS?KNnhR|73!jqlo!u0fg%B2d%+*Xi zTSkHy$Di&EN~9?Jr!9)x6f0-=q%cN)G$h4b0C8epjVg&aigE5-uCpFj--*K zYMijQSVJ9}$Vt@OVV57_$$L6Y&E$B&o;+(o3aGrBaZRb}sUF{mA}!T!1sFU)7!F;%Hc)T62a=?wrXh3}~&sS$U_O_}Cr&GDKP zcnzUFkfBf(Q)n=}MLF+MSjbCN%)g!L8Boy6v#X5sXSXAOoSeS)r$|mDB7gjlSdqbZ zNFKI(xLV!oW0$%XP~hPLL%Mqpyi<=EPhczoj?vU>=)}&vv`y?x?ONlUym@rRa2w8M z{6387@rPJc3GT$vu_d&q&&HBxl;lik&C^_OPoOnXoYilQ8SvnS!Sj8usib_J5bNwu z?K6XH1*~qU79Ef>R`Bw;zeJ;8E@^U?FQ|2a34TXhNKGDV z8t_xbRHuy0w1oi5BsZN(_1_#JzZ-d}QcmiOB`i|uBT{oJhP|$9%8FM}J*zU%m3Ay# z+O6Y$yvMll2Z9cRucH5!A_i6YB1D$x{ z34J@ok7LHlnQ}OKCVn0N5Mz$pU>G3grJd{HiJRcjj9HQW^kVVe@1fMlGD{;S1Cb1d zOb=a;cZ+FlLZ&xwJECh{Cq*#m{7Zjih_~bz@4S7O*ItEkp0Eg?u`0-{BYq6J-5i&q z@Z$lT++$EOnH8>pF?m3(FCPjVQ8lCn);T{<&W1RAy6hUD!6O#)umFmf%2&U71weaxV9t5}vL324|9Ro1h4kGD&r(ArO<1UF zrPg=(nZ(ahR?V_vruF)TGTvlOj!lMe_mY7ywrNh$F`NrQ(rqJZZS(!O$6D?q_*w$@ zk?6*O#+V=Qg_`2PeA!f)Z(m>L+xz9#hJ0EHXrWJ4jUSPA(;&=b3wQ1wG+`t$vwVp8T#b(Yr0bF3bltXFmE$95 z`joiGo>zVG%^F*O?SUNvP}h_`6c0&4=r)5=&&TgPA5V@>+i2WUr1yxPYc zr&S?%%s$K?dRfl7KA6DOszy2NeQMA3IT)2>e#&(dLQVI0IxmvHQZnJDoR89~!OFqH zJ=&1xQ=bd_$rrmwuu>RTH_jKAJ!;QBC)mnY zG>ru=FY37Foy!}lF4cN!@5u*1=oWQMw01M*oc^FEEmk-(?Hf}jydy9e;)<{laOxk8 zx&-}{Tm!p3cf+9OiJsI)1IZ%y)tjrn9?$XhWe=34OYljImvHsEVq(2%4I3=@sODz*>=`jvSU`IaG;#_Cv zR{NCU)-rIcwf)8I0Rj*eQc^4UrwsZscI~J%ePp0!JgwIaRW>~MDpkSmd~iT! zLBGZPH2t!|DOp?_i%g@)qJRlFqF9-p=;v5g;FAUx2WI(J9obmt@zI`Q@zA|<$>3nS z`502k`oBk!No)QQ2Ey#A_DlV;Y!+W-JW83&&!6yX)ZAt*0TON!9@b-n5Efs}%W_=J z#Vhy{LbxggvDsp7wVsp*W1fbpVFrnOLuJc+!jMlT0U>IEP6ZDupE~z)TD6enYL}-i zJNAaZO^$-(rY9dJCTD$*h>|>f*t!eYMQCYCiiK)^@LMrhbNPi{xEg0IK)v+dm%-@i zKJLcbxJ=H^*`8LnG-h~cD42td?=L@^&K<8}dkN$o9PK(!WT^og-@L71&RCrGG zGZzITws-*6Uz%UBZ+=r9=PmRuUiks(dx7&!QP?{JlM>R@!1fr0r0<{@qf2(b|R3=lROFZ1~8F{?TMO69c<4by91K1Q#9 z5KEV7mz%n#Q8A0BEM70%mnrSbS>*wd7!|?Sfkk@9UgQtxH5ngo$H7uy-xOySQPa~8 z-ljd9QVXG^-}Av zT687kZ_;>|a7OLafWTeYZPD}n!|AASS#EJpfl!y2ophYo&IYHExKsrWhjbf;W6KZ6 z)SrBFT?V-`T)Q@A1k<-)_1+)M4jm>)pP*XGXL+sCTI}sm^|V->Fg+m2F_<2)@4T${kb?|_0nHY7q zc+OgSN$+_l`a&Ww4dEY!zc)Sq%Y@1+tJS*P`_a;T{H-0RXj;g6&b`B?U+U8_a&;Oe zCMIf`9``asc8lHVdtIIT)6pMz%!$9ST~N9ecJfR%FUQpHXXp393^xzzmLHj)Opet& zO*yt)mv(C#R+sWB#=6f+drS$`*#i1nQEFuk(>+9})XHBD8CK3r!HikZd1;@tJ}ip? zB>;J?PveKuAtq4}bpsx{-V8{-Xjm})_A2Se9t6FU9z1cbygLKJ*z%z2;O?dp79zzR z=){~*>|MHP8`3%0H3pf#LTgbS?NZN9_j?6aFV;bsla^9J%Lx{T`v+ZZMH#9q)B-Z; zsd62A$2Lj|(zi5W+#kCb?mV6E%T4KDGk*!Hi(nmRu;#w03(shrVJ=#bk_uk)0H9v+ zc^FMGrtW|{^vcK965MpNL|;`jE{Knj7>=$+W7QV;QsopWJl6ZlO*Z|dKwPsNW=3^U zwStWBaUWnqubxn~08 z#;dAAZp*BUTP{5H55?>i^rx~h6pJ5Zd>I}4X7W$tQJWIVC2#fG`a_mxXNTpM!s;a5 zocxc9GmpV3h0sx`wc=R0SGwyMTr0{Ge%EfXjAGqU@Us_Si!iHdr(~hLg8I_OA`v_i z9Du+nXY41{u1Cfj*W0jNNwJagql=qyY=)f&B};9b83PSI%oY6gmM^>9+=ZgIBcBQM z;AZOg-SIG{+`U}R8RGdp?Y4TvwNnfvk1T~8 zPev!o3u^=l)Mc=Y6H`sP(JXe)6mB(ni>8J3H8R9d$%78aoj^n+$J_LK{OG(@-nBk* zeMiOAWW9Bqx)DMUJTD0qB4Ov@*ww~wSgGccF}+8ZVvTq!u zEx$tR^cjx2%<#GNg`|zTI~U@Ot(Pjh zyyeo|RFl?9XywCiWks-YpMUZV%tH!Xb1A=ff)jsmz3pW~{r-w?G@C{fW;sM7QGojJ zQgbMobjh`YMR|m}Y!cqOkYF7|3MP%29}eDkBv{S3ncMiruO^Dg-WcCQI_l4~-0zC! z@jmIE=}{?BRUI%UBI7b_F;dui?(`Dua1#`*J@1c8RyF4%$&Px8M4{nS00ChsPom7|pN4AZQpcJy z0NjEWjf3?n4<}z+vuC(P#$ATRTcX5Yomv{X%574zrYvGNuJ8t$wmtU@hMbm3Ow=@7 z1#NaBRR*0Y_6C5>)}-W{`-%XI>2#M5h2P>MgCHq3+`G>gbwf=L(!ZvsD49X2qtqp| z&WQ-wo9pfie3h?XJJHJ6W!jL(?H~VorrQyhmb#&|@GZd?-9&G2efj?KNVCE6@S`f; z5Kbe%hGc*pFSZN#bmdNK;NT8UC}gVN`%%b%f=}J}rcVfq(4W^f@EUn(+hDL>6}MC?TJ^2q8F;%?1} z_~U|j0e+AAhyc2`%998;8;<5Ld8=Ff_IkQVI;l;zg>PF+n^kK@7FvQTTMcsV?#oB9 zIYzb3K1IQrbIe%Bph>{Etw!cAL@Bn9r||OwYwvpZ5^c&$)7y+}cL(MHLLDY5VLmfA zFO}4~!5@jlC2Xd!G+hg)#2g}B!KTjIfEwdxh|`+xC-*n0ws*h(*bq5m@T0dmp;FEw z`QR21@UgX0#EfkO<((Lz)Glrj8Y`vWA@VSHJFdDbbhO7sloSHY>+(&Vc)h9cYlhd> zC}Mk5sW(w5ZRqiM8N{^M=&FqCsw3+KY3KK+7?S~xp>_5>vG&G#p*S9(T3>7IfC^Rj z7#pw2P>!T)*KEey-sm3_}$P{53>)cMsf=*zvBJjdksWm$BvNsWZtsE0*CANm>Cw_-af8VNu z(cAc#qid;ZKN=!!Y-F(e)3%NkemaQD`J}Dx9;>>oyS}aUVPp@h68-)umni15SL*Ym zZ9hzdC)vXK_}_Ek=)N+pJB%2z%k%^#jqTV=D>4lsG2Yi8usHHclC670=*j8&db-mv z6)CeUhpELKX`PnA?7dCD#2(-p4_ohJ((QJKdTmGyIh|T@$}~Q;$yZymKX$Gh=7ec9 ztLmL;rB~Qh8C_bNzOcz`L?pia)&;r4r<=OKJi%c?*V?T08M@P-vR7a=Uiu5(g}o9p zP7HnL6xI5&l-eHj?TUr)SsRTwoW#%7S|gPywg_P+`QC91u>UEP$m8-cY>5B`vR-)Fg9wP_Gns#*7%kx z-e16vk9XWwNRvfrJ*brvz6>{?KwH{veL^RlWa#nI=~3~5*3Y4-*0V6K7q$L=U1kK< zr~7CRIkCMqx#l08;G=zoqpD+jG1w6p#_DUue3FIMwXvt@cg8<>^PQ~UB>(u$QV$&| z7QW$&X9xPCk|??-IK{x&#L0ue40pgP$*I}DaN56(NCj0uq2}e|co{d+^s~dlYv^~$ zLlGykt zx|5872iEU7G47_;AaJ}+fo?8S8|M`_J@GY=G+Dlzy}f>KSs$)V#(5ESj1@9ge{T~| z3t-73#f`j=c5oZ@fqRT|mkgJcm-sot*{_|ch!yl0hq|>&dN1A)ZuDL8(DV5kcX_jS zK_`A?7~eG6*Q8VAH#LcHjj|*O?;Guwl=e3X5A8a>Q0!10jfHkE;0IT(!d3E0pJwix zzExq)C{?c7H4?D>V8PuIt>(y~S-z=SrhgQGt1p=A9~+{&Snx$L5dSjdAxyo!v)^|gkoAQ_1g~S@Z<3oqfXYmTK%(0{n;mBJ%qZ?7;Dcg}|LG;vf-;@IJMOdDl$dHY^hB$Hac#)2~ z@?Y59y(fZfA4hoy)v=2Ku|Ze9h>agql9Cm`UoYIFk!eq(GOIqL#^c8-%=?1+CIGjJ zhzJ^n(jM9;WI~YS-FJwx;Zaqc-;ao|D?W>1~ zU=HkU!3A}ylM<$jvFTXCjCX?-CEa&#O1rY4~61Ai8)lzM#$@>mo@}N zHN{zG@KucTy0ZAST~(m%hz$tTB012AT~+q(dC4h5nQF@lxg)bXgUc}hp}rMrIIj?2 zrLU~bueV#>SoU?=tJ^!hiCyh$721L}W@ak;T7X)mI}`8U$_A?d>vX$pK5?wJR_DS^DioKK_93;kN}lAd-c`)OuD!|6X*hTN(&{Sey!HJr3U<*7=&Q zSTChhY6(+3`uvd=VG~Zl6pBK9=riNlcfTFGXps8M$~9q%*nly|h{V+mpI4kirtVfh zT@dMPqh)@r=O$RqdtQ)y?AKO(9UOHFq;>5FiG%`D>tJ2}G0bI_a@N|3;^j!kbY*K< z5A@Phh091mba5?dH(d8WV{CypeKZ!D&Q$Z-4C)v0U^Rb2ttHN}|o z_d5>UbF~O2Le9WNRF2l&v091+zz{D;3azf4DQlQ@9W097M>iWm^{jZ^z&bSux=#k; zO)Zn2Mfz@ud$oZ$ef6jqpv7`5MfTM0GPy0R*+k50YR7#Byj6)a zFFAAv>1I_WaHGX3#tvIEnL#4CD^%b0!V4SioptJLXQU@?kphiGZN0?PDlgt8pVRE$ zRMkM94RBR6-w|rS?2?pxU4xrl{l{OHat|5Cs7UFihC+-dO+BB!(hfXgGgQdtVjn{_ z!St0>xd|%E&jJR@MB^eVtc=G>PrIw=q2F0%SK>>6{j|J1R&v?ylQK^!H~C3l*-}(l zIkib87es03dN1IVgr0`vLIqxdL&`nNQ*U)Wswa#)l|^s&t59b;B)is$L;bEZS<%Jy zVL7wRo)c~AaK)6~)IG|V?DBwWj0Z9xZ_Mq!^L&{^5aow!`BYKR5#hISPzNJ18+`iF zt6~@E@4SON`gTKhB26C%08a~8i8{f{0%V|aT|Vh+&L|yg<(1HdZc`%<>y9!IXT8LZ z=>`jgc0F$7frKg=E#Jum0S_5;P5a8<5tgfQCMXv6u~h8xSGRJFmM?D=-X4)nsb6y{ zOvy0^3Q)Wv6g!DAL4EQC0a1$1sN^IASZB@7+g;_YcPezxS3);@&8T47tfGd);zim( z9ClK*^07*98N!209*3MS0wj~u*g9mNq+V=Vh*k_nH7iSGuAn=;%YlUf_0ttYBZ>aw z>E0CG?hZ^&k%$?Xuk0e#x0!rvWisC6Dh}PMX77ZZ|<(h%;zs_rI@DqtRyLmS3G%90{9N+R$qzJdXcu$kCmb#5SlouirRZW z(eTf%%d#`Iq8_x};93u>nZ`BOv2rNxGEQL*(&K;)%+`{V34G}(P1(fDthnJhRXboA zKpVir>yD?e6dkM&xv|zm_1p~us8@AYW`@Vrwe(>zvwoi3h}zOpM}oC<09kt`m_9$m zgZDMC!|_5OiI)`Sslndb-d#$BGBzu@S#Up~Su`JD8~W=-dDwOS(~c@ZOTfo;Me?PO zr`TfRjMiu0+NmVPkKRRshJyojtemvpynemY8qTVTuK5UrMlzSlkn@h{;U&M+!|B&s zB020-f>I1=`8r(yk*s%;24(Y7d^b)mE`d_4itnFWIRX8>SMo^(bDs5}CmqtOtG~e+ z1cW!$n$uG8#lZPvB9@!ta2c)BOOpw<#&VaVN$`s>3OM@MCEc(n&YX? z8P8KP%i{ynxU)9RBh9VN_nn7Bl-WxM)nDw^upWQixn}U@Yrjk$3bU@HZcvQwa2=Hv zr0Lpv_>b=Fd@nH;**7gXsM9!)2XSZPnJc{fK5$`d;%h36zIV%0kPv#x$2+pNCc|Y;xbz->-|#l+;>2X1 zl>9yHR36GV7HZ*33fcnCG&XsCV(5Q|PVs58Cp=J3=LPX?*%-EbCb(h-0d%>V$52f6 zBHZ@#%3&Zx$BrY$TX|uO7Nc?nhIf7+Yfa*oeND0XXftQ8n2_NS?wB!M9_{>THO6-- zb3}nQa7iqqd4lq&E|^=zeAECO;ZOsv2nO=)ID&~|fyN2=m&tE}XD4{!a;lEw-cJKR zh5WYhB?H?kniqkqx=NsR1K1L6QY8+n0@m&(C_WyZa#|Fq3oB3cZ0bRE)ViVY=UPeI zTyidFYp4bXS)-B*M($b_e_{P+zRu*kasYU*xkNtjIX3N<#)ozf z?TCva56eDUsen^K?VkDENp?99k zJXzFr?n)I+OvPWWI(r$WzwgF(Tgc|AzmfZux&?pv*z?o4ox13jipF*MnEK0`*9UH9s)Mc^a?c z+du&y^pAu*?l0I~0n@6rhy&w&%utuL*?6>fH$b#R?ZerU5Mu$~<@4tzswj>7=Vr`l zY)(t%7rcYIR_fA%L;9k^NvA2e4lhXEFFkJvq1>j>< z@D8&{zX_zq&`QsmqsC6OAHxq^6^NBakSRT{yi46auYi)+-(tPL*1D3^bOss|tvxb% z@?ki((fNC#Q8-IrV0cK%xjgs@Q-Pd_{avqSa$vLsijmO-VZ>S+TvUoT7b8%b>t1JM z-q7FKg=ck?hTg!1iUX{PycnArIaUFrJI+JYq> zJPn#&N4SoaP=nDYDMA!QmR8@zg7Wy&l+x^MI0mOSAbSTH#f5wju!3Kl|22_ zHP>pNS{1B2-@Eid>!Zg?@5eKXWX@AAX_>d)%*n+jn-~dbv=+#uf|twID<;3$kOC{- zo@aGU&0`@1ev-q57BP+pI->*M2B9k817n_}R;D`ahGA)P$seokZhdZ(MAx`w?nBj> zeerS@^@;LjF&f7}YxqvUR^-l@@?QKh+HP&xzh8w-d3X+n)Ah>y<)qouz@s3mHj0Fe`5gJcX!XJbaK)I zJC|~6-DC1XglVanuj2(?l^}~aAw8qF&1>2>oN>Uek3DgE+I>&PO3eqfJ~SRwD9SAm z(^?<=YkQWeY(E_-G~f%_&UQ`4@ya$hzsMyHWbk~m&ex8w5zGnsqgej>>J#kdL0M$x znTbU==VYJo6TH3ir#z`4^1AQr)n-P*0jZ|-%Y(l2420)WSJ`WN9ribG|6YXu*@26^ z7iN2q{OtG}f0{ zw|?4@MaJue0y-%5c8-b9KJHNaJKR+D2^ zX1G4vL2{k9fF*c0AZA)DDKj(TScMk5r+o}}xKqlG+O%(jiyT$T$cqhL$li6Hz{g!g z;tC=3G4AjmInVoaMy692lkQu7t%iwoMgK$F^S9$ZE96SghEM7DIDyMUxrGw8PWAq) z>q5^xU5{$9a?9!(PfDoJr zr<7^Oi^xw+9Ws7<9+GV7@Im3pw-{;Vwc~L{)d%;E`rPEe)LE&k9R=N668$MM-i~V> z;s%tp^6o0AeAg;#(XSUk<>?S*MQS}EQLHZ07t}Ij9`BpBvv$2}Y&U@5&I7?!8O8K+Szb=!Xhq2l&pl@py-e~g@6xCu5j4~l8WS8H|w4vql{NWvH2aP5N zb5>lW{u9F`ue9wsBOmn$7<}GpK}6DRINwdf`Q*QO`E-q9;{7<@xiaM#cwR8dq1NKhEBNApd(SxLPDb1=LJ0 zPS8N>0ndNfP4@Q=TKg@%Mq>wY)BYPTYkb$<*TrrmT)QxvP~2>ZOv_F$@xP;l9VMjO zbGGUC$108<*6P2n2auO&xe@P{r|?r1Kf}#mlz99ezs5E0s=qZm{FhhL^;f{sWixFN;;79Kq+V7arE6<*K(Tu2k$1~a7}X39)Rgwi&yPQ)_@4>vD-SJ8O8Fgf=KZ^tx}%SP zqnf+B%}Jlq8YkC($p2}#{Lu$QU452+T8PiN%9V-9rwgX$J)yzPJ}ZY<|Fq&{lLI>x zg)$TGv8|rA7uO~6@M<{u&Aw5%m@>cN8nGU`Yi~<*O#x{ zP{?$zQ_j?Ao^{^&!E6bIWl4_|-9Mw;vuEmq(XjtGIzPa1Vn?d5>zzsj#~&~a8+=>b zt^dN@HfiZor>?HfK+v?XNNR$F>IPHETCLH;XaCgQn_r1~v!Alv{;mo&v(uGfjURIF zuT-4xcR-cFfSK26>Qat2{geW6Ebr_Yv!T~jVlr!_uIs8ldjWgNI0N-L#fBeHor()kl+5vl(*M7e88>jdVov%_aJjKUQLh%&GUd>$GSJnC;clK zDVasI+1C*=dPR!&Q|F^ZGy}~)fO(Rv7x1nKaG14ojX1wwK3340s;XMbKIKGb=Ox51D_XH7zT7K8V|8B(y5)6TKYNTa5x#8iGB`F~a57;>iYX?eCfsre{vjgvx(t zHlh#|u669uX*bo)cN*8)@nrc$i)rFH)reooQ&r>T(ji0j>#}oLjk8eEk0Aw%vIpfc zmo{3xOIzMTq$~$CjU06GMN(CQJ};*HJ6xftpsLuCDoEm$w-)LT8UGf>wMcwij!(6n>XwIbe0aW+ZD^q^W|`SEmo)fk z%5A%&+k>k$Bw-Kwn7WyKA|$p#WM$QpDibm)?z={<78&^EVx>pPT!sJ#+IFcSvt7p9 zP$TmZKB^qfrVs4GXCQp*InYeS9Bn9~Pf#Bh-mO)>gjqk$rrVD#aIM%trxAw;(3@qaiFP5PfLvWxAq+=MSwCv0zzb zxm&4C&Kbf~vQMIew6i-ODJUy)kq9@VBz#av$((vT;*6bf&gTWGiri3MoJFMImy4S9 zlCR{Ubu$I>{$MKo*LEqzY#*5n)&LVmAH^Fhw;nSi-`-D8-Z*UL$c3m`>HPrUuDSa? z;M=F>TEUHeU71|x#UsVWWwtYGMU9K!Ls-4f?4Gllua_}-Umao zy+8wcy^cokHGfcRF@7*hKW;Yes&~dK0`W*NrC3v+Qrs}3S4&ex6U;Z)41{MR_pH{3?(j%K6QdgL%19{Z2}@NYX&7o)+(g)dsP3S=JfE#r zW|(rmglfi;Wu|9y9RUk{8~L!*ileu9$ss-nwj^R>W^zxWpD#}bOiowime}_g#%Ve; z{@s(hS&k%Mb~e9O_K{^psQh*O+TaOir+9_}c^~5f{}C;JV2qahLIER8l~TaBY0&7P zI_7D-*}n;2D|ohLV1B*~o@C-E>C)BW8%55OsR^#8{QwQ{YINo&>R?^A36TygAVc7z zN2VsUlJ@oJDCx(v@=U3j5Z--kRMVl#yN@#66W#{9^gM4b z0YbIgvM0!nYu8Gf@vpiRzTCjzIiG1^EmOS$JK)Dm*D*(1D97pSg<-01XV7|q7m`j5 zM|(lL8FyVil_F{VJg^446;*w5%1I@;$Ato5qKju>e?MkBE1bj4wpp1IY6#$X9&@M>;{WecM^$h^%*&aTR@v;J)TNVy=?aBvauX zvY+Lm=-ApOfQ5l;!5Ii$IjnPmlmAy}Gem@*-{E`vbXsQpURG#-OM4`Tj-QQKj++Sk zNLarr-T)_bZ*(hK!K&Hz!>O0isgJCiq~6Vie7gdE^&DRKnx;5T57_i<9g@JfR=VN4 zE3UN$YT@(rF);sRsSzYq#x*C<<_o)`6!B7ds{G)jW5*&;sxLF*@7rNm+2!}b&%uJn z3b09bMj0gcj8$L1)uZlXe2zx?9)=L9H-+K;4Gp@a^w5C|q$K9kjL7qf4Gv-B{xk=W{NoHWTspDkE0+zXWF2zpFYGDm zPmcbAy&#ZGpTCvkpabzcBL1e|492!(tsSD`0PZ_(0a_E0?%DSZXX>|b z?JP=j=hCD&h3l$)((_-IsQ}`0vUHn6umv~s+mG0IQwZGBzIoiIRm##WgP6>}d2Q#% z`69KXdT%@}@BC^H31j2&2xPf*S;D1nRVGBn z12uI{&SkI$vSpvjO~ORF1O%=r;7B~8g{8rTPNadWG9>&*igbuNo0OoFJ*tq~)p0na zX8B_TT*|;$AkZaql05l=sJJrLA+A^tGW}j!G32mwB<33wo>^Mu)Zb+DLTDvP$YPs{ zozdk8H>p-X3^XP4eg|qN!i~Bp`#Gx7nP0aALPqnXYlXv3L=28h5QYCA_TD?HsjYh# zK2k(PMMXh6M@6KoH0dacB2DQvpa@9sL5P5WiiM)md+$|3=nxbEDG9w3ij+V|KuQuw z2>G_>9Mp5(bKmx40C z;+v&WL2W-hs^n|gQj`@!lB|Qmoo4xaYVM+K&xN&+T0>u*8!DPgyjaehIs=& zcdKhUrFC!BQN#48M1>F2dgsB7#jf^|Js{Vhf(LI%{>Gmu+}xx_LNu~|$yA4< zJ9V5gW^AWb=PD3!Ndg^#ao53gsq29@>Ap!X5v}R**yw5m$ve;U{O&L5DgkwdenR`R|@3-AI0PFSmHxJX@Iv5tNJ;c&Jv6LT~<)dG6v;i*vqaIBnBQfvXl38L}Ep(lP2Hc(`u_c zTaVd+?Xc^DBZIlg#b~CPn_iMoEksy{n60hZq{oek>iCX=0}`{7CD)usvV&Sugu3wq9pD(s&6Fy@$UszX{)A-+Bl6p<|J-BeZ@ zLRy`e_EvAH_j+Z=Ew`qj>^k8FL` zILX@ScOOGkHL0arx*;?FsLdTnz*qrStp}#z_)3pv(io9{ykeBm91=1}Ac8`#xd^Sf zD+^3cWSf_*LJ|iBvq*%O)tLq7NDdBfjc(!n&oAb^32}{*Ys_NZKV|<63d~HheDS&_ zA2-Uf)p@>P1KU!;ol~D^mC5OLXyHJTgghd5Uh>*&{tEF{zPffUzXcVtV^q)LDGwSKuz<3;YC2!@Jgmr~cuXUvImj`wY z{Q7Vo!(y56+^+zHw9%a_^pNM{M1mzlHCGtRqhd>MZ{L9RE(^4Zcs)sbSYd=%{HEYIEdYNcd}{ijoXIVJtc&w^b)+H!;)D#l?Rf+#=W&36 zi{!l+a5XCn`U14VdZE!pAxNIej`%nZ6RH0Re3sucQ(-@mVuO*hLorean6xHA|t;TljG;!3iex%GgN0$hF?ON z(OA`hwH70CIU$e!4QygyEni*SF@y29Y#n!AaC`PcFLJE$hoEq2Tjxe4XL39&t*$NU z`lSzk{bc;Mu5X(~To*2ZGwf1O+|zXphqA~=UetR{?B~G^bHaPeYd{Sip%}kV+F?5a z-YjihI67Kea45^Vq$GB5&t{$gMgSaFB2un$*X3ESI9}BzWLt)#3kG@W<2{&A$ zJhuJ4E@=HrYNP*1Oye=H_e6x$1h=50mf4&u2A2=4 z-{iRRpfF&Pkd+&Lrtq}9_2QgCzL`#|CvJ#ST&Fkn95oR|9Wvt88D>-Fau2pIU4N}4xM6G2WV+*<-Mo&n8<=+gszwRYdQqg5&jKqv!S6CG zPKeuuRBI5b;5eM%>&Y?Znr&E2(Vi}`D7_ZxGt!T)E4>5`pOV8 zjF3A=D1E*RaM%o5y9^LOIYxYlD(i`?UleXXE_&$mq3^K;!be=WTr=5tf2MK7P83YF&Dj2+iM$_4-2e_`A!sKjhb(t0(wz5WZ`9)_&z z6bn#fK!Xn^J+Qq5J|cMBVZevgW&C2c^T2gUS#L4Pg5zu?3#MU@yDFrHOO5w8n5tZ6 z6$Mb6S1usZIr%WBYY|u5(jxi~D&8tgvvkm_J|-V1)I<_aN{Er5jKfCkznPr7yi#*> zdpJb%c8gLxGK0iy8{^2oe9o~4#fBKIx;)1&p(;B2Vb`_&h=5J8#3$|X(Fi0Fe6-e` zkSOudjA+V))d{^eSJ{$1v<1=wFJ@Z|xP(GY9uOsc!f(i14qW=bITjQ zi^jushZ2>n4d=T!T2pek9^+~htKpjm+dYrJvM5_^ob9n`^tR|pn;dr%LcLwBcTZ}_ zFmxUh{~0|0c@$7-JCsb^-Rz;tST#Qlv!`&m4rvM2p3BCMA>Ci=D=N4amXEHiv^sxA z>N*yDL%Ke%Ts18OzwcBiV4fa)%<{DH>JJ~`x_apu z)_BZ7ptZeGqi5@hfwP>?YXQakuQ|U|o%T8-sX2iN%h~Q%^}Bz8xRwb7KN&}DdJ`Vl z#cVBu3{w!KXO}xj!Osk}5?heAY6iSeq}edY_fkl@>Z4&TL33k##i&T-%LtvqumtCL zW4UXbHRTc-mK^iQ8`%%lg18*|OVS(`cZaiEKrXhs{P1LjIs@@z3HcLg*til}a0lB% zo&CZ7bWwf_>K1C&td~5)F3%$3@lj_(XFcH{;x0b`O&r&6M#`<6Uharoa+=Le)^ch) zmkiM2!oK57u(mf-f7HZ06#pLlFI!)Hv>)vV8a!SufxFV02rh8Hlu!_HEX1~;CB1v_ z90}ML$JCokjcSlj?j2W|nPe?@+!K3swL0=$mg+Af`YTvh5v3A=^(yBQ-bYD(ShT-e zxrBQFWMs>An)KhX%eN%}hG45# z^y}5zx4%i?t}6c;$o?_TpOX4w1qgs$;Wx?u&Qlx`XKXfh#%c>!ehv!ADL(R@^ztLE%I3d6;>W{|SI%+$dgHI-`Rmia)6b6oN6^!MDksJ50BuKbttAH93q zf7a}JX8ud*XZc&yTa=p*5%2pm&uUcOi_SjP(cd(XisDnx_+1F`H88*~*?qANARdp$ zA)lm! zK;eJ;0N`&GCV=uur~UQ|sr0|<#nW`|k)Qk9zh8}s0C^8dI{yu`=^rb zU#U#7mOn))_b8`TpQv!#;?LFT`853K@Ly7^_?}$@#tcaRr&&9mL37ik;qr9|4?F6@ zB@TADesmY3nX9@WKZku8~yo5L7GR$xn-6@ zvp@2lF;%>!+FSdD?V@3^an-S}P#vYtVS@cX2$T8j4spqOE#*gSPj7-Ipv2p^Z@Yms z7#Y{^xPi`pmhVAA){&mcjS)I`&CMrg(^Ak^A<9VqGWWSQS?ifCnjd4DiKn|F^~gt4 zG3ye|i3@If^lUecBbUYg{=F);hq6yqZU%b|mo{o28Rqt_;!9yG_M`=C-$gPFx3;y_ zl~H;Ki9ffdxAJrw3laA({aa$hk5>aze%9z|0{9(dbxHQ`FZ`}gZ|CS1pFoWw11imw zR~7Oz=~>|7dp=IV$b5ZcYGZzK-Jod997!{DU(7+te1N(MB-4|AShb&8GEWmEKRud( zuiqPDN-10#Y?8YO^l$jHN5IDO_u*fr;0r@I(t33W$56!su`{BoKeYae;nRi762npB z`!D+W0YM7F<&RMT-U>zY_YTO@e&Cx5$7`%CxDpplcn|(aG0Z;StSMj0{BK^#5tjH( zJm}~XNS;`}seUUHe}Ls~Gn|q1aAmsCOM&;M%^Atle`SrRl(Nid3y!4d9{efhA0PTK zt@%CA(5WQ1+i>2OBlVnwmB#{ZBl!-O4KAimTgYvWk4^NWYU4nD>MT55X~nyWRL=aB z(t0rqZ}1uzsumugVo<2BZsdFTM~Vu&VDm;idx5&e{zCb=#8r6M9$k?#ou>NT9lFCd zD2k4~hlXm@mf;$kn84X)dDkd@K!72t$rL8HyiWQgGfDJtAZWNo{iGLJ zOWcL z`R0v)jX3nCf9&WSKT_LF>^GOC-=C%+uCstXgeD)V3;H?s{j2$dL50ZTy3>uBmHZbB z0nSLhg0nkOFYpD>G7HlIApN%3Xb};GC}a{CdmlF)KrTtb1Np$i-6lP`rroydz8$t3 zz8zCUs*?oTu-N?Fsf$~&BMlY)^;w`!E-9!CwASR~~t@i^{CN~!H9Nqrdt459~q z*~aZZbji($hLQAjXx(ANGq}I1d~Q0ix2UlVPI`VaqJ;K@f!{bfaH*h3TmM7wEhP`k zRC?uuy;mbsfhV_iF=tW&Jw8Z=7j$+A2#ESDpRTk@Mu0XMx*OPi?F*BCSbCLX-(AiS z?SmFSQYL>WNb&`@yTa3;%vOnmMb4u^@=T)^8Dv|LVfi;k7%Oc~-3tV}meoK5;^(us zV0RH?=+#L0oVRVxS--Xf_qf=HT@S`L;-%}wVDmVeI8&vFAMTp$cVAswLHJ*sYmb*I z_fQi4@7gB&jd`D)uGypk^X9LMGA|+QiTRI?v8x+;Wwi>n;=f`VI}%@qD`%HgQL`k3 zSYr`&!tvA^NgtcRB?igakL!Y~GIo$Q6Sp3?Kngv{DYD*;(84ra&}=n3prfPiIW73Z zHarssrrlg{7z#}9}bFTutNy^|yj?g!l{Q%(!mP*3c9zn?z2k*X5ZAoEb|Kh?N^ad&s_ z3T3V8Kq7HU=C$V)pF{VocB1zjhI}e8mVFjb9*2VKa_J+fPh>RWo=w87W9lqCp#UXp zmLTnTj&!9LkIs=vb!Vwj+ez6nRxM&rrpA%cqsW#6@*yRUpB(TfrX|+-tZN@N-YU`t z$F_30+uyX%ZHzZnhTdcfBn?>bNGL*a#Q{v6Ik6%&Y%Yh3dxAsuhz(Zv^GUkGt_%JB zX>MdKrN1_UFDc)b1=`m}|DVf(E2azitZhP%gpZjjdzeZ~IrQBb{IsqFH_ z34o=wv=1rLV5t4g#kVY9ay;sXZ}^2mBNCZF?zw#KM^@cmi-ZqBgFC3%N8S`Dx{vn| zj1@H~4BH!R(1n61*FUP-209{Z0tyXF=Vx;y#QP?ccR4bV(VMFiJ6R;}h8z5EPI;|3 z^t!(_l*UHfp)P@Kqw8*B%4=$fvAex_m=3!!ENEA`ue}F@ULF}QF_F{K5^K6`gg;X-Z^o&? z+i*!YT->FMxoY%X31)SEMG3Pb`8GRM>UWoFo~EKuHRVn1m(;gcMFYPz3`D-!`ou6> z{58!li9Nx(aiCgwf;dF-XTYNgkwbmUdH5m7wgt;qf;}OGI$(p~C{l-Nc$3owDg}^x zoZ!3SVVEM$wUqZc8mSMnX}$lkytwLBs%LfbRZ&;!))F`MDanS3#J$KSs<6Nk%-!F6 zAl+`r`;+<2GO9jX>|`NQ)U{X5E)qH~xX{2r^e+SBIhMzCh>lp#H(PTuT|@Ah(4>8#>?UL0 zg5tjn>;ebg7XQ?;YjkJbe7lVstDR~c21|-8;XC@4#S21fx7sZUKTc$LWERcac*@ss}?u{Ic- z!#Pxv8+cq0?Og6%I5mAwMMB9>OHr(Nk(J9IY)zE4Y^`uX-MkZRu+S-RwQM+V)CHFY z8YG3}NRgkL)MchFlx5{vS1mOpwJjbu_{CRv%SL}zaB4m^jTY`-lEb@~OQ_!J8xv@A zT;Aw`?lznj0jcVUJTcNag2@avnIe6V+Wt7nw$;vfbg0Qhv^rCjkL@*?gUSa@BviaTlK;9at_ET6ZnUbuD;ds46CJ^z5)!ClCx ztOU-*zL?qeh~Y#kOY%)w^`9zpC|if`YcN>3sahAJky6TpNh?ufOD!~T717O)`KBkJ z-b)k)4Iagr)oZANrkaXapL`e-BvkWIdZZl22*)f@uhuO3Y|2^E<^0AF&eNg>(<|fk zcynJ1UjK@Y;T~dMh#&F!tGYTwj&^EW-8kbj{|ed5k=5Dg%$})%6c_GrAks>%95ZR^ z*I*#rSn0dwkFpWMJ&wGlcZ_}bQ(5h5uoodS^+!kM81ipuRqe)G-tq)B;U%n;%<2(>_m*xa(?Dbl^c2^o<_N}6{SWh!@cMar^Hw!kk?7Ksi z^A4;KazBTG`%tqZ;o}*(-16t?8yeJ@cL_OrKIq#N-SpfxMM|+6!LfwDtZ8{gFL)~O zez2OBuSOi|vgsx$u~e?r$6+*3?NNQba&nIHR`>k#x}BhQDH1%T(hhM)@rw03$azBZ zg`?PEJy*)NY8UQ}x1h%aMyW#6{vFVRt9YK}7r55yk0#oc$OOBCk8vZkjb$FeL0aCb zY1c>r?MlRLSNN)%>BX!lA>N&;`!I*0s2I_OUGt0?%kc_lqdMe)=l?JWXHBfCNj?qN zi4lKHAxEVwRjhV$z> z5i_fB1|a#Zv?SLd`LvRLc~9Qq<`0`KS5E{TsD~u;tBCFpYdDLA{Vvam9nq}#>ATY% zx}o3e(o<(Z@|#F=@Cs1%DIvYKlhH5H?VosKM3SyOM&zOv7^Map@b|csK}eM&j0;6e zxqHDr6N1h~G^^Am4zQLB_ z`x*oCidn6ta9G}|TG?UO&_@@V4HY?`OSzj9OWLZv7D^}{X0UWpPA+>}H@RmimCv4Y zVPrC&$uYWbc&#Z8VMksCoJCum0Mt(NRSVSDCk90(MvY{!0VA68MZpLpn={abI#y7Y zTxj6kdo0fb#^Lz+3j==Cnz_)jdYEL53&jMkP>@ID?F9R2$t}$y1%*RhOV!f}_G|}P zP5w54LFO0k8V?Dv^r2Q433PS*nhUQ5PXiytw`XJohq+V|krwUXmZB z4KyQ~E`{q9E*9^cjMqh)ZOkv4?k!)Jl3UgR7?kRYts=wZ;s9;eYSNIk6rs#w0i}w=`h!UbjS`J=v_N23+jq~{bN&bJXv)mnV;LoA;{FS zfzKoj^SM=)3`@xcJNFES*$8hz(sKO*7upN^vcr)D#*-aMPnNqxlVs%940`SJ#sY7j z)LVZLD}EV=sxX1eJL15$c?yHP|VaoDJoEX=p?QGMD;{*+Y_Og z70XUhw^KhO6W_0ZGqi(+Z`m>KI+@SMBSr#KAGi8GX=2x&LHd#r_ESy`x0?%Ja4T3dUwLWxz} zM9ng{!YKfTsT$r3HARa!n+&m?(JYx#345?0oL|G@Hd*0a#=*O4=T`nX-5gNkWM5zE z5}9|TNR`5pQp`AB6AgVd+@%@0 z(!^4eWNT(?{!YZr=zM5Igv(EtaGopZCF3}yf}~f1BA3ZkH?}3P8_KI+ntjjVN6z6l zB@9p032I%dKUtT(<7>M6dBP8TO$+5V)QXI*!6j0$SG>8#rcM0%cMe*%_VCv1oB&Lyd`%KYa#aKGCR1n ztElr;yJJhPmhN2PYEX3=#5@pa_~GdgH)13_)e98|*rN_|dsVSS3zr^r7*BrM!g$!q9+&c@$z5aN2{6|=woLBP$V$*1XyH@uW97 zZ%+Go(59ffP0#;Sra!lyw`97Fg4rQjeA|#ccLMz?>xI*D6^9;~u5{GyP<{7yk|$*S zUhIdvZlpK6w}dh)OFE5~Yc7-AL!88`K6_c^<092MU4lZ$0s1|{)GWhu0xK`t^0@ST z9xyxIg=_m8)T50l)h)H{`bKJ}#0*7}k3UkYyutm8TlmLVp0Qq?pUCU!T4=QE*&AVG zWL)i;@_h27fjpjyJHf_=R>FEaITe$~sZM2_GA_wEdFPbmOasGtQgWOZhuU5rWzXEb zchA>*JB;%W0~Vyff9b*JLv|Icf;x<+#C%_@^7=-trhY3&mXY(dMH8lO${oWjykd4- z6GZZa$nsgmuPT%YMqmcpWH8=ncc+4K zmou2|Vfm^%|Ma(ko7yjyOO21!r~Zt&9$yEJ?PvE+UHQ*;b6>h>46+>N7iJ~E`_3KT z$f5ZzsdM-F{wcGc{=*+vH}U~I_K>2x*PkNzyCMH2EJ_3#a&{@A-@p6E{r~v&|2}Si z0{-8~P9>-tOU(FSXKRZe{KpY&Uyt^uQ>FB{Rjx(p)$k)fA(fx6{CNfJ#fQdkZj5EE z?cce-H2*$xwbudt{2x8;inmVv?H3vU`n&=rr|_w0zY88e9$tGp-9bNGll|zmdd>Se zy8j{_*Fz77Lk)dZBk%oy`ft%0^F$T>3%vO2F$qBCfB-8(;OXLj&o}`3#I;NPQ+)pr zf{HW~px%ot{}Z^HRhEp$ii^O z0?D1e9yD-eX)?e$uQm94!LW)c-C2B-)o^!01p^~+Fbg8G5}CQ*iyDJd76DRIXyllO z?xUZ67O=d50ZZk*58`_(LkA!prc>vHgzgZ^(+1vSRbRvi8|CI4@;z}oPGtt4Xv%L< z4|b>Ri=`=ZrhXX2%wGMz4XO|rZ}j`CoySX&k&loLV}Y*s6`|yi!S^V$XHnw%ir{H1 zbHDe>l*PGQ;o2o*nzB4D6SIq5(b~F#zwDyz0QR+d=G(>B|CA{Bkns#QI#FupiYa(z z;KDDrBmm&CSd>)(D**bcHB%AyT}=ed`q^- z8kr*RuGb^ zG0_!0iBtm0b%Tmo5A7y7;wGl`A=A{gDw#QvQTXy6B&0bdRdv9 zJV5e{N7PelONCX}1MS4E$Ne4&1m3Lx%4)P|spI} zQNPJJ4|g9;91T4WQf^?TYaldO6YjST7U(cIi_4^Nws};lp_q-W zK9S8Z{_LOjw1_;53)JeV4fElRD`V4-#C^SeiR^^xC*NkSspI{+j*KflhpoYNJ_Jf& z(ajIN{U{Y1J>BuEQ&FRh&t+K4G|M5p!YtST{!zty<>d4RkCgcr?xeMIP6}YHF_`tp zD~r%67zbu*xN|#@Ss^M^Kg|ZoHC{On0RCQ)hv7B z3s1*M^~;h>2Nqoiq^bvdReijNRx|NiTiqYzY9HM=CP6f}38M=-a_Y9|rCDmZaG{?! zF@ynfj5VEUxWp9ZSkIfeqx^KD+&znodk|Q`Jew)w3Z5qNIszO9y3%VQ2OTF!*E%6I z8KooEjnX1O>1)#%LkHo0F}1D>(i!%>d;4vZW^$4vk(NO0XF5X{P~#fJC~ji)ku2}H zwgZ1QOF75%-z32r98Nzz6Gd_R=Fe%K9|K%%32S zrmVieM8!bG<$Vi$*36<1a$Cd^%(rnEUls*)m3r;VjzApGPvxGM4SE@7d-|eZ!-hcg zFhxguxYgheCUYauafW&@zX4o;Yi6w5>mL|e{W^{r2z(bIU=@cJb2u3GRA9zm0@YOD zcn#X@n#B-R!F;5_rWhMSzt$3LWn(8x9b-=J2vwpn`Q3_FZY&fw<)lM?8uo|B^j4OJ zRpHwzZG(v;fjGkZM5DllN_iI7qnsoM1DQ1=gHM1h=Ma<7E8xfn%qwa5*46vLD6;XC z+nUjJ6hqGNtq8lcr-+)$l@^VUO_xq#{g}Y65V%AV()N|woeDl1tKTl^lC+h7*?A7} zAI~Vd6??DoV7nt;W@6GkC16?0Z)R#@kT~_Bt`Bgx#|a1r?&s`ZjOywKbu=MdG;nW^e>rx5d>2t_PmY!4HMVJI zPuHS5{>7PQ&;KKK+TTYyf+ZO`Pf5XVJXX%DO3Pn>l3z8azcQMFqn-01hXbw7jy8s| zWv^Gy!inlDlshy2cU|OrYV8%KJl;;dKFQjkg-fhl53Q?)LEdZ?ADeX@AfwdZK=JMH z>69Thq!3MP`*aokrC;N++w{k{uBO-2)V#d@Dm@)_Abhz`4Pja}@SB}_`Ocd2@E!%i zY|Unv@&a9OzeP^y$#zO3nJ7$ZH1eLFsrRz!y5KM|cYyn4zMiVx36&XR`i4eFEa%di zh`)e6ReX(>k$Qm$GK(F7Jnq^VWw2yDv(5|MB^-D~PfJ-ND?ib2rQ&$sTLJ+$!^wb% z%0R1r`MpVfv67J&{whuyDLcwF8wxa$V|Y8>ZzQ-yS`zlm_s;ZhxoM`RogF7)m!QAJ z(jVMigHS3=>1?P0kMMMULmBd-Ia3S?RsZa>g=p0z%5 zy>lFXV%V@8k`}#cM6>oP7{y@I?wgM2rP=d*h(^JC%x9#QQ7eAe9tb;**w+xNK)&@a zM7Et4XlZ+coc-YP_OhWtln-Qr6&X!GZ11}Z4_Um{2?`P(2Z=%Ga+`@ow+y1F?w}S= zJYm9B;ItXWoEAKpIuLaoe@@YxKK6qW%pPSb58nOC!*MAcK4G-aaWSuOfGh%YomRs1 zWkGKEm-3IH)+=b8FgAs_8 z%Ju{!A5(m%ka@GeQCj0=oqCOtyDfDwTQdls!q!oC2aEd2%Mns)s`a3v>S64i!n`NA zDnDPsqZp;O#B+I%E9(Z=(hXTG^{R7oqI~I0i<6f{G_Edx0a;NduiSh63Y3B5ZhzFf z>+8S~<1>F2%{4H9J+(a-sfc_JCqA10(#N5M4LHgrd7Gsza-@bqARpk28XJ=uN8YC) z%$him6&B0I2EJ!&@ZCB*8pkj4^z>d7!e-sZAnhUdC#?lLp^I;CP2-rh?}nbD;hIo)_J+L zhE4BHgiQSokN?(*5=%H}bFneglT+F&#JdrK?;o@u7`(#$ar7?b(7~+^e&+J0aNnCMcY1XNYCK)?9Q9!j=~E_ZO60hYjpC-ZGh7}G-0@NRmVH6F zSEppcYv>lIkGyqf-sXh&@Ip9e;q{Kfx?ErZiNE$qz6)wQ&!jZQkV9C~^=y>$;m(W? zE0Aj+x#GB_lG5**$@yfWVnb>Ot0wUIr4Y4BAJ+>iWconfvEy@3PY!hjm9mh zfx%Z6Qs8f@zHOrIX~uH#)^wfGf<>V`0XK-#$~Wr46zyiQ_T+@*p?7X^5uGNDxib6b z3YEn}qs8^Ph(sIhg~7yG8UyXp%&wG#Zo=cQ9eI-^`1Zz|Bd!9l!$kQa$?r`xwD}~Z zVa2QNOxO~O>Zzln@BRw2@Yx*(FbmdvXlTyu1b4RIuhj?Y&u_o>TX}UN5%w_VE3+jN zqr37-lM>6|a)uoqQ!MD`FzlF!@AdY}@3EqAp`W9_!W=p@!yi9*C&Xi^Pks2wd(e6C zaf}5NH1!}Qq4!2aLBH)6g!=^~9-F$Imf@gPU;j~F+`?Of7iUsAdbC?MLlz}f7}$U0 zvx8RBvZS5T{NmE*Z@Cn6Fv5;R`qm?B`__vth>Ook0wdz)<1tj&UEXy7eJ;=YquGX3 za!!_q>GU%5zQgjQFY^F`xbl6)2Np5e4>{{KoRV?&?w-Y7vxZEKHTu6Rw zwY8LW@EgFuw~|;SU)N=v>b=OW?(3vx`DXD|nzO=EvD1Tg8RzkASNP5aL3pFjLJaOS zOVqY(+kA%({{oZK7t#Zq8Rx3gb-OX0q>fwH|2zW*6|)>VGCI~R2f3j;BX&I)-0C%y zVhwXc(vlu-C<3ji42dGtIv~O>U-Vq84Dyij&B0sTXcJ0Ujv9j3`Bnv7HKP>>%#hAL|K-n1Fe?2Pj~n|_*ib()L0q8 zRlRW4>_QA41N{_aV_OmiUO9qq;?|goM23bqfrRw5EnLbPEG&^=ac#wDUKQ4Vr83Vn8fePvyS45`K}&7i>N%u) zvfN~inS#7|*l2;FOLh8=dA^2)Ac6IWRX|M=W$ zJ;PFVl(sG!Ig(Sm(U)~gme?v@s59NI%A$vd>3^4OstpPl1PWP;?HQdWm%N?(d zvkd4cAvcj<)Yv4+xQhKcJ0}jYmT#IyWH(zpqr+7!X6IJN&`adf(NzG<6S-Gb1NnfO z{?&t>2Q^L0c0%J`?K%uOj$bN(?_R6=OhFlP?dgO<=d&jgK2tUaJ-*Enjh3Rrq0Dh_ z`dUKT^ELXfq?8F_+!AKi1P)@`#0>g9Vwj2Y21K4?LVg;c3wwEX&rS8kS)$MR4fv(# zp8JrKr5Bc~lTxy2T6H_o0?o`PrpGkWl9uU^TzE7ob3jAqKbxq(y!5@5RySibYEg+p zT0y5Pw(Rx@kA$afk71Iuv)70P#XwZ(&Rm;vew2=qth)77gYT+SbzU;N2e<)1XX?Iv zV#2?M27+ckJvS(Q;w$62KKG^wAfa>N72$K*!P-HTHoGNYU__!MW1N`9IPMMofqgIJ z?GB9~J+@)^9KYLlD-q)7xp5q}=8-10B!A69OuJ!OHe>3!&<^EFBOdYYXkhh|&DhvL zOI@}>`Hu)a{MS;BX(G+hWsm1Cv;*`QB$i0=gK*V;Y&E|F_wg{HGBej@x0;+YqGqH7 zk`~umQVMI185uV8-sTk)C$i)Nf`9C=P51VUO$&PkD(M-C)-rwFADe_7t9R6u6|Q&R zTx`MJkewC@yTgI%TN5B;X{@EHAAseeAa~R?Ogh;VgmHu3+P4c5hl&_vW6xMk-h~#a zaf9Rru8d82YaC+`HhYv{y_kj)Fen4*L8M(CTGk(_6Dv6QkAOo^^7-Rzyk)`kO#Cal z?L}qaD&%P90oqltU1uY84`RQ%5i4r8wFajaBFF3mgjXzWJrRj%lh$k?x1jomIf_6A zk9BL?9%n`4BeZ8Mbq}pARh#{xelRC+5p*Y|G9lQa9#l5l61t3)v!k~tlt6@J?;rG^ z@mo>%Oe<_IiC$$B0+23HLOI8mPnsE!wC5?e8w-NRsqM!s0@^QmI~phpLYim{wwj|M zUPf@UttYK|`s(tq+3K$x(hHXj1ZP^$Z59O-t#VYM*|es2^A6`u85_%zWF;ndA+^uN zPGucMvQ?Pgh|!L1J!&WlvoZ*icA3md6pc9cY)m(*zEYbz#YUJ?0JtRD1^paSkW|i# zjx*ik@+G*GP}Qsm1 zCf7sv)OKh>gBB9Oyd?oia*lOS$$aJVI8zGOt)C&azYJ@#=-t{4^$P#5VC?oyfmGu$ zTybNSiGz&K3Tx%2&(=yFU>6L1CIjk~$h%BqM__JIq6PN$EiaC$-^7{`;JX`dgp9PE z;9%SU3hfgoI;GU~ZZ>2nL6F(pU!-I3W_Xt%@rhhDBDAF8iD}60}=>VXFO` zvq^tNVwKl|gQ)u9e3Pdx1!R!0sP?#WkL^4+r3s%^#iMN+Eb###i4@gJoV5#*hq&I= zDDWKl{dYS!cS37iO&|yzp(i;c$ObyTxnvn~gJIv%{SjC^bfZuuuG9imY6(F|`K^xG zp+XzQ^z+}k)GaT*ZK?C=foXco9sW3J5%1!B_ zRb+tA`J$|wZ&+Q(Kr_BU-axE-BqEJk$a%3cS~)O)=nLCSc!6jpuhzSw#vrk;Pl*=<=lDg_i7(66%nXr(**77BnPcw~LI92h?fa1p#Y#q%q5JFq$4o4rcr;v` z0QH$Xb=o`FqU8l@O-cLeEFB_s^S#4h{)vh^^21O&aZ&T_I>X|t8#|%&UmN__uw#T= zCQa+M2v6HKSbvSX_0U4y${;dfXc18XZ7{5c!TrfS4g+;Cj+8ZQ8k%kxAWvR2wCNeH zLLA4Uit_Xb=ZR?Ilv#lWhh;Ge0ip9z`6!-HrOY}k%*`R+TG z34dWx-3fKP_V!cTAQHZqT4-rj?<y)z;M2G1zRK(N*L+mfvMDGytqYRN;nFpd+`SJX2zFJI=yuE0AL2@3Gn3Wlk_rB-( zd4zFlxne?7$ zdB9(Mt$S;;-q?~{*c#u_QG8|l**)%kS8_jyZ6f5h)SHntzBvW8qpm!AMn|+;lbsr) zMFRC0icTH3AfqdzqsBxSbqplqGI>>_{g(B*k~0Rpz6sUP)qU+m&La zy1L4Z@>+nSm%V{J=Eg=yNl%SSE%jFpOjn|?EqBz;>0g+`ZFq&V=1&-B^;}-lunX#( z(v!)xr#2`Y?V0%{4DvlVe)c<-a3lGG+^cudttpV?q@( z{4ZC0GKX(`)2yF-EO&;5W|?gix>CKxmV5s1U#^n-y*}q+0cZ`T$e?r*I0qBIrl6l~ zKOXCGM|wUnZ`kCD+vZ|JD?C7=_#9X(ge3=B++SY|4;{L zg-7UbUDk^cn_n*emrwkzJ>RPk>CzPH{-s>u7uf-oK8MB^{=ar7%+S zZxgQK@*S*mx%wvTzhhc_ncu;>t>vu$P1R)WH9$oFe?5*b6X5KaEjjxVoVcA!N*~SONz8paba<1zv8>cT>8;L>puIBvEP zs1;AyN^NxYZJ6(IZ5Juyr;uhL#ybXRY>5>s zv8Xo$T8(IT!U3*+3*Uv9`*A&;VeQ;L$-`HzO99G%Lun1OUsUR0El?X=k(_++kI*TW z7M!HW5|35&bUmn5J_iaQ1BHc~ZBxvIRCoZ@y)3+$T^1DJIMHS8e^_Q`1vWAp4GW-; z7_!v4b8J{V(6YqbDu67TBd6f$O1M{Jjd-(TSOzL#(NVYu(5^HB3qS`q`azYRiFNSv zE0#ZEWak-6SVrilgU{502^O+yN)s?+WLhvQ4OFh_R|e4PGe^;XDU{1KQcM; zu6oK(qk1|3qK)P7|H~-`OzD>!-|NI*Y77CUdYy(fyRObUG)t(8Z!%jwvR>j5_CC~c zS7Xwb9veaid_jIh!+Iu;y9cO!*N$D(H}e%0-K|6Z15m( z3Dq3G${OfDJlw*B|Q2bR${W}$Rq+^1!6x5vGN7#SX%c?6A~ufS?4ZQ5 zkNu`CaV>PZOWsz3U6<*T>v-k8dqYL_H+OM4EA#h&O7<&S&9+h#?>`GF78;f$+T-*t z)35`_I_VfuGqo6@lo`XF{$$y@VH2>tsC{qxH5VXyx!Opas?@*sHwx`9bl;`>^iB*Q zU0Ir`P$KKY!B$JR_XS>rCy2RIMM zQ%dO$woxb*bF`%C82z{yV(B?~>BryFvq@N@%%$}Ihq(6+Ycl(yMiq?(R4fz$DHf!I zfP!=!6hx}@9uVnGdI^MLK~X?KdKIL1Lg)k#1tCDBL+HH*qy`8H-@(ywW`1+O``3N$ zKRzMCn>Xh@=j^@LT6-OPR~Qi~Iq15`BW&gGnA6arql=*EX{wXl@y$q~JU&yMTvg#g zEF87rGqztL9El@Idlj-&Zw~Ly?bjg2gb^xTuxYh3{$I}*#&l&#fJ*X9Oik48Bv^Nv zw?m_&FFs%IM_7b@@>~Lz=Hud@=HsS|(h?gyKhDfBhURizvGKA&EO`w%y&jAvigjl` zyoyI%9(pX;4~n34D#W1TP5rP=rqcMbsHNAkTZMSCP)|f(wbRH0G9%rBH;kaoXuZtL zbr4h9x1y|-xg~A}9fk3^Y5A?L z%^cGk5=Ad$n+Z(6Dx|O?+ReD{)pgw>W`%zF zO@kmtTyTK)NYfj-3(NCt%ztGr(r0Kvk>3gW%e13rTb#;svsV*9Vt#+dESP#$u z_+m@HBif=lz&Ns6KxlAfz#_@@X;7&^Jt(QdT)PGXG0QpC0$Nd07tOh7`uVw}9({h9 z`hrf!_qMB7gwB4o8|Zk6>-P1%s+F|Kartt+k2gT?ITFJ`+hxP)PedYqbXjd)+raTT zY{eWOlpyBb3p_rD*V^J?wEEBM7s@0=_X(r>*62u{tV9Qa-znVPNFY7?Dhk~IS#QXl zI*PG0nvd(k@AT*>ct6tIrYJ*`>SPPkB#4_jV+{dx^aggbyPyWP(BvsNHfFB9WIfD>u2svP<+l!ViWh9R6^q^i^gs`Ar_TIye{NC9$M-Ed z$qi(uNoK2^YGqOdJ>!%*{ij&?p3vUD3bs!-83=QY^c&hY@^&g>`?;Kp>V+(K$KKo_ zXu0e0blHS6v<#G`cG^%JT-8~VCcBs%9Uv6+>?;Eu@gQ;Hls1Z$s?A}@rp3~_mI#X%2s=`Hnaw9r{; z>1BaP0F)^NQBni|3OtK!YenzFACLstv%Os~?S}2OGF9shkGVDq3f}bDJvHm`L8Hn6 ze~rXqkPQ)Fe=01~1}im=fb>)!GCp=IJgY~iu03vgmQr<>LCNmAsqt|YG2Bge2UCTS zwdfep6P&*>zONl*5GR+Fxl3S&dh&*hMA?ozLMUkuI;qu2c6@|nIPQHTskdgq_UlNP zpFa`l7XUf>i7^l&W@~k4U+sne$I>YiYkxV0jJC+)Egnk~X8JU(nTslh`JDF5bq4UA z>1C$}rI=8hqlLmH03LlIerrX~ev2)&inCB*k`S}W` zAptmSF`kDV$Ldg;04b`$6JhtUo8!0y3$rD?)qI$kd0(_Ioici{_Bu{)Evig3_YKnG zuxL(0A+2mzdpt${L58;|ZOYvd^cPL(n;E^?}%#kh?wXKFUKeHsF+Mhb@tJYmHQ2 z=|~MEKnlPe4@j8%W`HK9o{dv60>6`Lk%PMPjHHOm>BC1q(Vp0QGBPNKCX9)v4G4bF z0}oy@w`@Rmr1hHbKwXT4n{686aj-9C(RaBi@8k(@_H)s;%pwkSO8fj2A9bX!2p)mZ z+@urtcw42IB4r#N$v-_^UE{Usbi}>XHvuQJ2H5?@ZgrKOukWsg>&&#p&2l?$Mpq>b z=Nnc9EH|7F`LMrR;ukGdw?Mi50{fb$o8V7)uzSQ|3%idn3@1q}2N2u02TyW4Om5%@ z;~W=)rQ&_2Y=tu0GS~T#bh*qQw$P_+yKDyI=opp^`d7RQ>Ac6|h1Y=SuaV+2$cB7j zAOv64=j4ljeE6Ah{qrX+VaNSjsVqlH4+bXdS0{V+Dre@&`#p&Wzj(u0A?H>FqcL=d zt~5r>{BT)a&2*=zGMB@qu3uZ2wuP~NDW^YVtGZ6xc#!4>qAm(Vp2t!duBCwdAMc)r zh)G1L`YRIjO(zRAFH{#{QEozR`mx=SN05By`WwPxFo!CWT&oX zfV-dCnzCH=Nqx&lklP6}w3*{P?vUv#W6WoDit%=%1;&UGZs|GS(E!ttmClIgScw8PB#u&H7wVT4-77S@c7;KIgBh_IYNq z7#hR(F(jYwxp{R-c3=EK2-Bz8UYo_&o)MoZ5G)K}xfUq&6GFKcUheoVNXE?TO28*&!e%% zCwH;j+qgWFhH9g4()~nP$on3zlf}q&zCZ=y6l#U=5RA21P z>tajt4kNW7iazdFuJiH71RFZVow1NLlHKI*ZmoWko#X{nA2_mG39N3o6+1nAHrKB%buXTdsZMw5Hxdx1`1NcMp-IaR+ zIaXi;JSZZi{h{z3)*kGmN2L1)XpmN}ht3W-HH!)WK~b%U7>V&~4q3I`YhHq{)X=o{ zEInJ>S6IpWxvRJa%lhcrX?;420~z51SI^o;CgBr((-VAOBnWr4!$X&l5->sBl6#}k z@%9o#63&E6@_7Wi#_MG<(jiV4Q_Dc&r@^oCcp|ad(AL|Ep+mQ1$!7b=UeP`M= zJuO}hzgK&MkV;SMY=@6u`!m-By^o(?o_myTcnx$<0{qS7RJ$OZF z@Qr)@5pfR+pcq54`2i@Wgjr{g$S;2x>CfaE`353AsK9Wxo(EqK0NAM~{?~!bqeJfc z!eprA1DX=T7zn<}(uak0B0HMRH)?L;BMP%6o*38m7C=|H`CukGJI(J6>d0IotNjvc zO6lBUM9?A5e`2}PM$})Uw2!x!{}(nDVpvD!Ol#y)gxXzDa5qngvgJS@JKgRY)j9;g zuw`biBrMWyQgR7drm?(43ssHN;@MotDY%WUGrA12{jh`Vksr;x!u@JqWeXM6H?j{D zRPuHnW|A)E`@>i+M~BtfBv@~r&0;T4ljNMZ##7pO!t7?>(-3TA(MDwEhCshstPz}I zcR*2MWxQr30%5TNa4fXN=5{zEzR#>F0J(xOEg&|-x5(aY!Hva8LS%y&nT&)FKg67m z!$H1o8<3&~|R77CB_*1&2{6T}hkw3D0{ZeQd*I-(1S;X_qup zk=VIgJkAH*%AaY2X+AwRn$bsFJ#%b;7q$IJDT!Yl;1io*uYWOBY-}>B5391IsN(UJ2SkiMa5&ypbn8v)GHF!0M|_&9$Kjha51&n1+6uS4mMg}nMlkPZuYpYzPtjL z`A++aN6Pyx5qvAW1M&~z{Mt$p(vgr+Zg!g62wo(1B0f1OY7cEoQ?uImn9!^Hb}6aC zIW)W7yiwN=Q|oJ3NL=Qg(<(HonQ|2+Onk{VO0ab^d_Y82*YCz+FN*w$ze~%WxI1Oo zf`XztzLD??2s^c^MKLSyQG&}K^H=hlr1)#C2Ri$1*VmI-B)Dn_aoM`T z*37vMUq--(MH9UAJnWwJoD+ahvv+2NPrZ5b(sbc^Y{woXu&BkJ@DAJ>cTpDI^9 zO?#WTku12$?VIUmY;0&`+-Z&{E_cg~@h){K${tKf|5ImQW=`|FI~XheQ2Ak7p?5;0 zNB#m14x)sCwcR7Oq_mqg0!Hgv?F;xYTpTS(v*U2)i0M67$RMGe%)YmDKN^pX;5&7kzu#wqrr9Hcd;m>1a1i>IXx8>)sYiJTZEX+S=74Ny4GFhF8X7x8)ipiIlJF zyTE8KT%-)3Tf@Mwi_?)2g5e|h5H?BoUUz%w(_ju_P0GJmxq~<(;Sc1Z~Bt7Cs+V45t=ib4!K9jX3&-VN%P%qfGquiscUI{uE)T*cFB3#U$Qf-yw=oE!r zm)tFHiR8&S-W1y9yWge4&+l8lnKV_>mG1-d*_o!L=YOO#BF52l`w@lFKxbrWR06&* z#%-iCnuZ-=##dw78}G}3E(Z-4qUQCI``lt&v|UJ>&eij#O)a&v3AKwt`h11?#xjU$ zF(MHuR1*V_tOa;zbI71mv{CV)k8SzujgOj6j4)0@?*720{BNGTB<#KYU8W&k$;jCY zyE}i$m0=^_oF^eY+h5^Pdgsow^1Mpqw30RdmWW|r<^unjo`A2CL#7#2|}oMZnD?Pzk=F& zrqrQ1gy*468(oit<)*(GOl3GT$|5wnJ$)&>6DaLDSZJ zIF^vFa1#>M)7A&yxx{Hp?C6Re47`ORsBL z{;(KfCtH8l5|i=;d;VieDq2W=;8xQ7VygMs^j?bJc3!_Loxi=hlq2ntqsU~#)nouK z=*=6>S#OunU)?9A)sljHNInGW0}s9gpJh+%tgU$!KAI3lO?{2mbDqak#APNZIT&8^ zD5j;<&d1~WXov0=_C*^~MKg;fjkYy9Wqo&ZH6mCor_>B-`(+{bB8%N`u?I>v=jm~uH8KiW z2fYGy>yi@>p>GiN>$VAfPTwD*4ZRRc>G==hKg_0O(q~x9A8S9V=$ica?~LSMb0C~- zB+H8`AA8+}eB|9h3wS0f&wRU#u9)qMdF=ugc{q&BjR$5qPvb@r)>&b{GBLxFf ze?*9Ls;t^p9_r1S9H(^pv(zUoNtPJ1<=cb26sLd~@MW2fflR8=a#Gu1j%yNMar>R=h0?mE4u8c}u+gl^7aJoEjjcC;vUJDB1#MzAB zY=dqV3-0srzuYQBv`%L>5HM-o!S<;}kuTibBAdJorftf4&uZv~Tw@yMbh?KNKWXJNL{8k~QF!~SbX@1K7eojh!Xd@#SxSKEU;&6T6m{Mis2 zMD^g39E$AV04jRg=-EL&DeY!Gi(|v1Ja&CDRtakQK_PB4sjL*=zF0QI8j_=Q%&bmd z6zo5l9^BDlzWFKE&ceUSKJ{aSU|{Bf9PEfYgRn!S`UkORpZ$iZlnjxgQo&?$AsDJ)^gcYh ziHu36Mx@W-yReytso7SXbezsz%c+}BYSqKHa%{$y^vmw%-LlZYQ!P4RiS`K@m~QvE z){oxdyY5dS>vN+vqLBi!X7S=YXKMS3_8%#oJ~t(np-TZI^E&$8d8k`izQwz_%eq{t z;ZAqKa@FFAh0I$3rDkgeO}nD>@4NefwEycL>0a`mk>tf`G*+u?0J|KFc2(~)S=g?l za;@EHyIT|t~JhoXb7;{IB6FoSSAs=ia;uV0gXapKKI{wr_FwO`zf;E#Bp zGhm>iR3o>(QgyH4I$yVc`8Vg~^Al(0f}8OaJ=n4gU>{AeZBvhopdZ`FT=2mbXLep+^t!pH9dCU20Etsb=9PYmVuU53k8Jw&m;J*&x97PQS%vz z=Xw+Nhkz>T0bBf8EmU-Lbm7{UFO4rE_@L3VSBKWMitoNE#10pl$mr~}yysy6s9BSK zu|{*@LJnwP584TOu|v41W%^6Y{MTT!P*Oa@pVVYJ_Gs?UZ~ypX-ADOwmyUb1^Fdts z-+J@(k)};&h(MgQ3s5N_q~Yz!H`E752D!=#{g;vO!JwZ#d|;T0deAcne#fnhlrW!I}0q{c(#l^fN;d=~7c}~Mh@khduxalIv=W%@}K4W_~@dF``7~9A95Y+Yr1+lh<;1`}ld~pE%UJT9M+754Dyj3s|16$@;5z9gEEw99jIM4LI=TPT_EKXS5 zvgvK5;np#>Nb)I-xNgu%3H!M#Wg3$0!XC{GyAKX|uG`hs-RaHIb{G^H?`#U|48Gg4 z%*V%9;86|ecgWNJDt8Bpr!VPe?;K}*U$**X5ToDVX**YcoVi4Sx8hnTPbbyyty>8g zJ!oIZKW_>;{>cwRvb^F)d??OA#;+^K8}n6fhryO=N8ubttjT#fSUOQYu)Y^YTsmp^ z&WP`qAX&>vx2jT-rn$5<$n&kd7Y0LROoNV}P~V(66iDhPusp~H?O~uT8esfrCR4qp<&*1ujnkOpP(fTKGE1h>v zHF7w=3f>fZYp{BMwv|qB>5U+!)ruq&c*eE9vhWn0z_kpa%zx~fI|sT5Uv)k3ovhD) z*R>-T_<{zYpEZ#H)mzYehZDPqB02Vbdk3s7J|*~DGL z$D!QbA19Cjz6*o2!SbdGY68KRdv?0gm5bDsMbbJiL$3Nrs~uOKa|y^ZsJJ4J&u{;l zx0IpqMM|QWj%PtQP18gkD4uN}yw}Ge+)`;A_cut1$JEalV(Zw3uDR(LMJYM`!MmA%!WMRi{NJ} zzT6(6&fiFKTro>8a8kr%GrQN??rOzz%| zn3n?MpI9E1Qfg#7vfs!O`5fBJ8dZweG;D3!gao5p4mO%#CJ8L>87L^Joryzr%9;nBjJ0;YK;L5ucQY)WLk_|#jO z&ffKUp<0)jn1?jbi+)|BJc21pl1W*##~P_D*JnAt&pg%G75kc$I+>l3!V(=MB{u*E zy=?Ax?(uLj?d#vifgvXjPhlSFo7}MN&DC9wZtsKFuby|1l8-~34#wbfY6thW8zj3E z8-b+lI^JXaIjw+EIMB*eunf^cy-fg_gWxr+EN7Tpu3lFbTg*k|e*E}3Vf6B@`{b;wPx>P4G-5|3KS}~^I4fXlxetXz|fs!rhn$LDKu5iaI!JI*l|*} z>e07Daqz(s&R_={Oo3WP{I41cd7v=QD{oZp)yeSoKK4y8WojP zP+H;GcEL#C`y;fCVq9BM0kzE>L!-)*F%mGVja=DZS^&3u4DhAlN>^v1IhQ>4)Zlk# z)$alksf{W8tUR%=$y_Qwa2e{Nyem#KiT9gfcbvfGu@^cxuRPa65r&7Cf-cJpPx>7> zQzB-cWKS`J;VLn~zBtXWl;A#6L@Bj*qobd+8oG~6oQ-wXJSw#{4Of_tJ%LB4(eDir;k_7v1SC-`-}X{dZc?GE>E=qiI>7kyEq`n>@!7=wJRH5>Qa$HW_6`wLAXhs zJdJQm9@D+}4DIztBIow0Tl=}Sp;Q_aN1k{tWMg9=*0o#gJU`r0*kBv;X0@KtW6XbR zItp4@MqG>T5%RbDRygzRGWnIoRYHM-z+UY>q1Nu3v%R5Zyx>X&hPU?0fKiCUJ#_ej zds~zN24m;a{b!%gA%845W+Yz->N67}&2#p|5qaLA!?v9eJ&@*@D+?pKS zC*g5GqO2gUG@Rx$r2Ib5NBX|X4Cbxc*h{%R+rF#Qgb?ED(m9C5L738yrw@2J#uxfP=>Fmdy zqP_BJ{BrcdO6Lh1cVu}QVzSu>JNWkLn4)qhH?nw!lc^)`JUvz+0l?dYs(T2+O0BO; zLQ|y=&O7FYNkG-f+_$fbJ2XB?&>{`eBip(KB531B2S>bY*5lvTr{mwp;Hz@rlW@tE zA;j?N@tM|Ad&8>!tc-YDVWQQeG>!}#l?WHb*(@HUE{$2ni+d|J&5F?OQs%gJ^;*vC zRL3lX?y^uTI@O5n9p>tNl%eDkKZcB?(VT}f*?cIJ){Tb=g`t0-Lf!!3#*civG*6mn zH^^9X5O{m8Cf7v=$V=XzJ)%HD1}Kq>POGUUr1~WsJfa}l%`{^z9h!Rzz1tEiPV@S% z>JUOnXgpL_&=zz2oU`t(VBf0cekE7IC3+v-!cS(q51lT23zH=h@MRf^UM=)DE#Iy_ z#;K#Gx8(+L+`^<>#!6v%W$e%DfQAyd0(kwjQ4GpnaHisN>}00t9c@p zP_Z^cg>Y*TRh(gNU=V3$5%flX@dgR4jhUHQZ-ukP;s7FpVoG9XD%_rLYBF@+TxyZQ zzPx_x6)B&KhbNCj2|XiW2}J>!#8ATOcNt3EhB=281V*H(M(eCneE}(o6iOUB9w;Zw zNg8=^2K9;L)F%w%A8{Y8=}=3SNi~}ildCUoYoe6gK3lb1$*`0jN3vW`NjA?=W{V|l zwRI;(PH8|HQ{%?kCGg^~?eSV{4Sp!W@%l;)A<>W!xY`SZu)?MK_NZn(xmt?aAQBES z=w54sAN5TNCN`8?BHz@MSy-L-1CyG7LA`x5dM#7?r)ve*TUHgasBqGHlj1?ArI{LBr;qyZi9|GS2J-gQpSm;@;A#bbeU@k@r^bWH-u#5ZpNI zI-H@BWVw^gVRgivm6dflwpm2~NdbMJLf6kKQPq!(m6f^Nr#yD4+PR(1ZFQdgcDh`4 z81H@B0%p`1e7$5Z7mFcfwaFbcUH1 zfiU1}esJ*}%`*}u5pB_)p;l0f2s-y+E4Fx#FjvX6*RbIX2dOHjuf{M*z2HX}8dxPB zTee~>$L#!uu=Bk^e-Jz*izrH_i2xIDELCK%2hLq<&EypY*35e4og7msP)=!c`(`nm zMSf1hDro1^Nu(d-Y<&h2okSGJSnurx==9(ysnlmyY;+*yRUnhW*j5H=7oR%RuOS;+ z)9ba*O@5KISh(RQ`yjIWJJtaAiGM-~DElhz%FWs5y(i>VxcQM(fL)^MtR;(YYF6Opl3c*Ph!dfigDy5OjlsM#{nR{XFAOe|5ta}I!%mBj34!Lu2px--Rx)8oat9zu*1S z*4TdnbpB|I_l3o*{EJKz4QPoc*sTa=v4I;Pdd zzrn>+n;^<&2oBV~qAn)iMBn=w!x|x>>s~=zuzID)(|pru>i%M1L6Vp*ngwY)&}lYq zWyQ(UEc2I>@*kk)Xp42NWuzbO4@Wb(v0o{aI0~mXYdsJd@jT38y-q1IrCLTgxtfqt zv(Ub%X?0(3YwzjYdV<2kE&cSZSmDtIEgzrtbceF3ryD*)l0>00?-|WnhUG~81A`KS zZ~RuPXejUNnWZD{%(8U;oGoD={{my=Awqn`$_FDr? zxles#S)2{_QHE|s3EpG|PP#fDGpg)be>2G){mq$6pUr~q2G5VC` z>1~!09X|z^KH71@?=4sDKgii>W{X3NZ&F9-t|VITbWG!-a7Y;i;h8MU;Jvi8`SYrtg<_$?0$l!5C_Q)I|;sBDY13# z++V270s6+Sc$mi~3wJob*1me!ceG|}@$gf{`U3fI`=VD5&nm%&U4ysya;=-YjS5C) zm*BQ@`tOA>waH?U?_>b(1H{?469(++1vctabv+`d3 zLi-B44r{oUZE!RKsC07fBG~!(R5bYJSL9L}vp=YH?u2EjpWeQC0M2>yyj|GmAW29B zN-eG&uGzwX@VIOtvG}33Y~vdyEiG+%_PefBnN8oBU(g2tU+H-d+HXxgTj}BF=p_F_ zFMie+zrej8KT5ZO;$M5c;IiO<@h`vM%N!?b?#<2~4}ZM<^Y06FSw_*jtcF_xS-wTw zuoxGV>*5Tal!Yx_GEnr0w$Aopk#JV@Lg+W6MEFI>DF3=TgpXXb7Fd!_dMnQXq#o^yXIcbxo# ziOKYzN8efp*YzI7QN=6JmVo1DP!!5QiC8e9E9J0~QrFLyLR?H&MD=*Z!($VMDiE9V zT^Ps;yn9AYXp3^v_WShHT)EKw(&Y?%p&^QB2QzNBEgKy!9Jj-PmYSkh7wk)j_S z@Gr&$bb{bgb>i&Z7*Dx@0=R1y$ooH&c7~(`m7VMNJcS&V4XU=opacAJ%%)xG95>1% zlZUrRPrgb0+z_U&sS0OcHGUSF|D01S*T3OPmfhAr>gR2qlPe$7ElAodDI3w7CvzVS z32@;IcE>iy!tqt!SmNoJTR!S6YGb1B8PCP3K_rwqT zR!sB465R7$7qMTo^1NU`+4LYvJ+JE|TmO`NS-EX(9O)*=JPP*4FZPrQClWL-TV`sd5g%u+)nYW=8*-;o!$Qp|c({%=?89 ziW&W;$q?t78l+Pik+`CwU7e42t-}TPLCa{N9`(7(j8U&LIzfShC%uI>%zuTfHL`earB# z{SP3#UA+70B`^PXkL{-SH;h}hW@WB+=nE!1H54;1;fa>QDC4j_a0%nLf|eaA&tXK+ zS3U6ZTthC%>y|eszVHp~)cBf%Sv_*4D_><4zBK|{!H#hq8+gGdtOEq~I9l5MPD#?# z1ws!i?O>SjXo+cvNa-h!zPasf$3Cp51g2=-HxZO{J%b@)DD}LGV~W3Qhl6B(N7hRS z6Po`RMmHJ|FGn98{Sg&GziIQ|!s45o5*yA|R#^lQ?_LZJiyUkhO#fSC%%i>th?aL& zWyqlT|Chsz>$J$h#CagC{JUf4KQ_d((#AHRpWZHyW%mC{!Ga7Yf^4&F&HG=Mvrec3 z`Pun4U6=|hhuCttX_&QrQqHw|Fz7S__}Slh=nVDQ)J*XLW38;=0FbN)8leyVF(%Ud zC*E3VpVEH!3(fl9XZ&LxbXx){=+^EUzsIko@oQ86M}YQ!bU<GrVHUxU{Z$&Zl7V>z%+kWmq=?aQac_=<) zv47B^#_WJK%1On$Eag|3YtVlI&F@RePbuA2f~$A&yx-kP7~jN@#82P_}l@!dfPIBf#vy^uxwkESc2F{S|KRq!U2=IUf9Gr|O8*8%HQ!c&#T_qQ=GtvD3pHW(j&=G?*L9)S~Z zL2sf8dCXAT-1JH3!n66znzvgSe8qcU;}zqMqjKWoFgoS>Fazd`_;wQ`_t_>UD9~O!QJd|TYw}r+XVaSrk0g(g_gnU*n>?=+hjU*BI z@@@_TrpfH}eh5|N@kyCvA&S-nu|5F1TTsyQwr-biPrM%XP2xB~Rapn%T-$$AgDdf5 zZl;ZI91mBmt*r$$F*sB|ywTM=DoZK;UHXg1&35l&OA|QS*3VD<#ka?vx&exXYT_I4 zNBOl7rEh_~B1hIBR`!tp9tHdTp2>}6{hPTg@d76Ac~S$5Z9Yw}?18gD;q?I!>KI|K zJmZKF1?^AHR3FvSLsl$yf~X?`Y!=jg2$S^c;?mLC%*-2Wv-2YQG@;De{fWEuzQdc; z#6_LbF{lpIRE7GZg7ERS&@e^gwW;QGK4?BLC~#-1BJ%+J69QOjM592R;|8#d7g-}< z$Ii9s%io$y4ZUt7uBDJP|D;)taqBSl`|bn%?vB$XTgA627%8 z##$|_F-7vzsA_vEs^5|lWI2(f~fW%Xad=myyHmX{Q)PyCI98 z1Rj5VYY?0Kk0Y5io`QvLEuAKR^lT>6;r;2F0L9f5K1_q+MYFz-qWonDj2<&&bQ(7Fi8?2w_>FzU)ztl`9fndR>(DoV~~woZvn#x z$;3w}l{ifYeWtyOCe6Q2)p=rIgIgn4nAl%V0etD^SZLj&1sBB zLrI7Xmyuz6EV<5Ev*kbL^yy5(+SR zlF(frbz=j&xl0LLRW7D)LODocX``;hcC<`wRaWuB&Cu`eI;K&E)pG{H!C<38YD?>O z$uj}(y%lyCA7Sz-rDWl?P>^rxhcyAh$XcF>*>|sq)$#VR8~tD~%a^&Z-5S8~E`r;p^(A1WoKNr=Io`fw9fxZ?71q3oc6&2j3T zT&1;_mK5p$RE*>`TrgUoUoM{vSr!FS?NOqbY>wa%qnWx8VDz=_`a0(tRCMZ<+Rh7{ zIbibU8|#3{C2P%I_wP)b{RxO?5V-$ECQv0`{Y9u!6q|26uS6AwTD*KtCzzdj=uS4@ za)V^2*;HmoWZ$~3$O4xET&3w&x}vT(DoGKou*;oR7_zHYCtd$e@m|amlS5YqXE}Oq zQw@E)G|@B_rZ70L%R4iPZBix_8hFj8xdFe2%B+Q*^f>!sAXXU_bz8EOA`D=L!t6MA zb)iFw38KgrZj!s%=!y>pqD`C?Z@tomS#8zy$)_q`({+>-Q%c&rVa#M6uz)zX^`Wka zGI~B5`yH2s^C(oXTNIpGoO51$+D0C|!@uk2Qps=rsdGi~qPWJ}8?7`OG4OHU3sjdB zX@_#wo{!)CbIUIM0}!?u3{OTp)=yXMF1%ajcb;j@&9k9X9KQBGf7>_?D!Sgv{+jPp z9fyL7FwKr)&5axB(s5EM{=&>3fq~zDaJ6}g-zQ%4Y0;;T2CDdK?>KjBT|Ctl1QAVN zmwR)u=*!JX9Gg{_aLVcqTrQN!ke^g|0hz%MB6zce5g=^e^gRX!oV+LSUudD_(r&;} zb7)j^SAR7Z(Ow)DcHSKxI5$eI_xujdCbS*RTh$6c$B0cY_1~^V$>s<3yl&s?jw^n3 zS|_#-8I`ga_TK~4tHD=5y^2oVD12vag(+l&NUE9bXDXN58Xu6Z_CHA1(#W5rYgU;L zgsQ*G;uqkDA*+ym(ISj%Ju91PQKlx6S ze$yGo;o`vqmR5@ivLt|m;#;^1%IjkI$Tc_)&AtxMg!_s>Ha?Y7v9I6r7l!m{l#~^0 zeOuSH_EM?OfGthJnRnP&@D-OsGLa+BDkk`&d11S3B+Ssq_d2_Foa{5ZM=2P{x<%vmx$)Rt>UMK3ur5 znW&uq83_HSY4-4vnCuYji6b;E*Vg>2JY0%O*ku7c@;LNsX09s-N_%wl&|xLA4;GQJa&I(@n9 zUWdiKFDtV&$1HvJ$(0u?3FqPY8#^cP!Ww5=`9iZWR@sV5$Vq&Sx{z@t@tmgIVNq&k zZmk!_+59iG;FMzfi2*_5+sLInjA%Du6;rccvtAnoryDNsDJ_@W0Oy_WocpE*d_?iJ zf|686Kd`7~lI{B19MHG5=N2kh?`ygZ+6kAPTIjY?w`+Ny)v@|QH?W{q{u7Hq?}asu zdW*~*3rG%?#`@tpaaZ-cHg@A##NMYvX8l&BijCWc4q|>;Sy2#_38BY!=Vu4cK?V)s z0Rx)MNBI=khvZTJgNlX9sz4_K6^^Fc2=~=2bcYnrsqy4wNxvfVlHb)7qc^QIe#u-A zDZb(V$^{+T@^C(H6`HPk|w9aLDXn-eU1E?`XWq2H2KrU3l*JcEiWiWu+ z9Hd9fA$C4Rxn7cW+J;QzFLziukfHJU2+1S6Z+7sTxhaczEK$Bvm%`iEVYBn)0mCHc z0#oo`HB&C)O!u`0$9J+*M+G67JsDV4^LVn>Vg=#G^6U0RvXhXV`I{4nIEi{LYOK_De_;%d=)yVzh7X@hO2V{WLLjZnFnFMbYs90_-H~J= zEl((-8oC#khpQ|Y{=iPk4{rGEvZO|iD{8*S%|-2>3PtxE-|g<5`0|=7LDKRYOIhIX zP=#}ur4~9Xlu@h~XETd_cJji|X!vs-CYZ~I1n);|gnPB9S1*LUx^LyfE7vxcS7ha>i)7&x zbTQNulHkOV)!rec_C8_~VfSfkB1S@##(aIMvuq)qe2e4TTkBVn5PGU)wAnnypeZ%^ z)z;B2fmh^(s!kW?2FnU4hOG8QL5Kb~8Onjf$1fRQl?%zWoC7ISaAZYg2hIWy2(OHx zKvwyJ@mcl5MK|i`kD06UsAp|;)i9503!GwFoc)fJ3@5G63Cd5JQW9Pz6;zIw`^>~S zTphmHAo>1u_8W1jSr@{i^j)8jP)%Z>4`*f~@7IJW`iI94A1w`*KB$l#Rx%%^Dk@B~ za*(sI-~YgR7$nDG(tY{EilH{CV@gd3F)a?`+1XUqYnvk4Gtqo-4h2SaX$-S^9S^F^ zAfHzhisPtDpBQ|DPt!cPQ8oL2<$m{jEt&Lg)nhaXSgU2dSPis46MTDo`9q2X&TC`t zA%7AORO;#K#t$STT1{kwL|Rz5{m;VlUYGV zi?K>i9Llnfb{jMYz<4Zqqz(wyXvsdMl-zFyf=d%uzgdV6&x#wqW?X)nftn~l zPDp2mW%EH$pLWMFtEMJ#|7KWcuF(>MX=xxtsyFJZ3eOfShCinPf^{TaDUP#EU)XW} z63=kXp#%Zk20qn@V1ayxM)~dRTuXPDZlF|H+L=v4JTz^@x^_tVyrz-3^DV!!!;1MQ zXc+VWD5V}6DqnvpjiWvh)fXN>rYZSkCaMC>O2N}5LVl+4HO5Ij3Eq6C2k2yuQqOFrk5U~!8^ zu1c{tn=ywhA^zeNinVr?NQrEm*72n^aqd`|ZLexx-g($9)`P-cUsARJa9TWz#_VguKVtw|4(~Y9uDRD z_fgYA%Q={o5*3oQ2t^o&l0&u`$ucuZV;M_?QN~{Clq{!&$nvwBgfRBC4zgt5hlnhL zA~%A7${M_@%STDaO)0n-)Mi`$a*)3~_%I8OA zOUzB|9L`_ifo8x9S0q-VEuntz;`Fb2+)~+zHucQ6PGkU^!x!-olv{QBL|9xPNE(*d zS>S95s}rJ&7WF=Z_Jm|78$mzcctug zI&rJ{Jf@Vrbqz!my5#-AFBJ}6Gv3D!H1dw+o4?i{dZ~GTDemRO%j2s-L+6M9rRrRm z9z>RDVF2bM=}xvUhj3ksyX1e{#(!-6n5T1igWYWq>i=S4-I;OQT+cR4$x+me85}@? zhBEIQ9CvgS$QWHyJ^g=z-KPb2{?1&{zVfDIw))%GM!EVXzfN{qc2y)Z_y zxNqdn2%)~Hzsj`q+YR;X3DlxyQvA~TL(mDA8a(=z;-y;8vxYC~J7(v`?q{#88l+D< zyYnhGa;=hjJwt#-_k^HiukV)_;3JzvLpfk^pp^x> zN4z!wT%y`_pmEeZ+Z9h`m%bzb!lD>22*~=VEL&imcGS=+_$!^36jztyEbc|CC+O?) zO?LiXby#hRK2tCMswZ&gkvrEb@Smo?s7C*qL;#6_h9DWs%y-q-jgH&#Y(V`xo}FrEx&S+)5+H(Su8#srE&+_)lqA&F1-=D z%(dev)ySKO5FouA99h6s6G#UPq7)h9KEMuEq)ErKuJ0)Q=GmQufGJB+q&mjveJH< zo;wwRbcJz(V?m8wOJ=BI?T4LpXHgiIr9A+Q*tIQiT26h~B+@a?mJxb-cb_Pm2_ude zNx`>(hu{y4w*uc3iyv3%=S;GeVt$tMXycm!hgAqyLClN!H2C?k(Ky>SLM|l`uvyUB z(83Xyz7>OtJKZ@7H7gfzb(SFAVMpwcBySdeD(Z!Ekx%%QzgFFC?J*C~z8E_$%7~zKoQMPpw$8r>|Yxt$D&3Yn!z7&9iswX6Gkp7$F z1JHcmvgLe7qt%c?4e)b_02k+ZnL*;9*Puq*&{X%M_vize6sDb8!_T)W9&WP}WHdN7R$ z5_uNVJlkL8)@I@d9#z3h8iqcI$2=iUcOY*mXicGX4K?6PD?M|mb#jn*h+yxeLDF$j z{mwn_#3at5s8dygRiHkGR8CmxM|jZbBZb4yZ0oz)l0gs!o(3lAEe8tcO7P0qT+8fk z-OOaVNp!pyS|es1zD7m8iw2cpKBMSsv}{%swXyk`>*z>xvmVWHAvKyrw620G$HYK_ zi`#+f4C-C%b5sHU4A!kyuH14)KUIZi`aM6bSuPOA)aB`ble!EBdb6;Rw$x} zzjb<9`>u=&!|kIEKLCWAD+aL(EU`Y7$yLLw-Y5so^?CRnXl4Vncm4E>c747GqnG;P zYlaeZxxdMLVnV=|n2Y5%YI3X}Xx1n3-w2Wzd%*NSCyAyvx6T9*8UF28qN>->8S83a z^YE>I2vYI};PSHcC5=ZAkdy3Lo;dUeGnaR`Ac!v$k!LD5gy3tRCLz80n{cJu_x#ux zAvxxdD$xRsn)^R*>&Aa$!vU5Wj;lEMvt$yREr&Jj23^pE)DuJ)LjbRWHcqN9`muRF z?3amC37*;wpBg~XmD}m>ELKdeUL8IPTm?@1S4@nIjHXj*b4L5u=^4;?m;<0*MFPg( zi~f=UkdnB+^^^`1i!nzw++G~nnC7vvB<^L9jw*g^v7-51eD#aaKE_k7-C=V|{^Saq z0iKfEZTg_x-^XI>2yAW8Pj0f=k^g_YAG+<^Ua>it|2O-tRU*LZG~2fw02@$-pDMNh zVRbgBo>ZWmjx1~kXtI_2(%hR8ce)Yd6ctqmB1n$NS#U_=C*)eUBt9CGW)QB$fH=IM zTf9Ua6CiY0R`GDOkupBjs#3?=ui$v$D@%LXi8Nr{5Fi*xd~%b0{#*c??lf4bO2u_y zLRG0?>(`ETm8WFGV_mH~Qm-J=L3WZyW3N%ga=OL-2?>wJ+OFJDc#6u6j5w>_ItB1M zjy8IITA?5z)Tso-1CFutfI5i=x6@p}zeql_Da%!Y1{9ToF9f5#ti(WBK>~v z8rN3AV~y)|VQ1z6>rcwW)J}jTg2WwrORBrE?3mAtog4^&48b$DOb|OzB5Bo9hc`Cf zh%yG*zmMXHMQT$9j`GN710I$xnlv9OYIwsLYftEgsWRWdSa&9G<(X6Z#TF`5_(+6`N!|{OhX?c(1C#4Bm!@M(R7KA zA;=$RUp3e1S-K+Z<8E3wW~>}MPaze;!g=r28%)Wf_sX2W^-|^AQ@e&&lq~AQfKvLdxz;SNoKrGeyD#Q_(6RGGWz704 zSlb`omonJ;h-Tp4L)spt+%OR(=1vN7mSf z1~rFtx!%tX`LNOR`b~%wk{MNEtMmY&;gN_{BJ2H&8=V(#DW^&`&b33*&VkJA zNNI(K8g64#Zxb{^3(N{00JTS4VZiK2gUeSzGH^Te0{ROJeE@Chqly@$WdqMw!4s9< ze&|PpEGTjFS4Z^Y%_Zy0z@jtK_s0P&dJl`3@g&#Ep!3B9Zq|&*M)Lh&i&O8RJIE&U zCYZNILg~mzZ{3b%C67V&#t%> zj8B_$>g)^T0ifPI;Evh_1&24PbsKIUFvJ;|4*cLJ#3o}-1Lbs3Hq|ZTgGA(A^WX}u z9sP4IwNHc!8!X0rz0W|pm+!I`E%H5I-8VBbnm3jrv@3C-K{uxlr0z%R=+-{2`g%YQ zZ`2O=l>Np~MMztR$S2Mc(e_1uk+ho=Z>bD|lrU2=N~;gC2oMNXY^7;*Vy6*&z!^MZWr)ZjmnR65oWw=W`ljwBd`>rVMH%Rq9MQ4Xy37~|WL z`zE&CG366ajazMo)ZZ??w!~f;DBXs-Yl`2tbGiGHKX+s%8>Z}3&}i0P$3tob6ABRd zcSAB+`JbCDYzZU)wlHGtR8TEo(r)~jmRvQE3ya`sy)M06I-lNje|~GSen#Va0Sm+A zGTe;QmAhpu8;9E8sHhp|*u04JSRxx9)+-ZlS#?e?nt9CjaxoV6oW;IG=-Lo16b_TH z(eRc;bKZg5Ul{@^zi)evFNjJPC-t|0@);arXirT089M8#V3NJ3yuZc#L>JU{;f>39 z`v+>oYkn&!n|BS$<+X?aZokUlY)f(0M)HF+C(Po^5XfGCJ=AKX7Tgl6ttu<3w|Te% zp?nO|0jX_%57xvgWSLmpksTPh-^SO_F+7h&{S$k*tG2gDsrJi|6ip)9SnzD*GjX#k zgN+9X>__})hXPuro{wyE2`~IO>#b6p?g59eLt7DiXG{*9B|ZF&8Fq_MkW%lzW(FkO zoWUH{cyqKP^vtT3L+_soKs=Or^I^QgTRk^B@UX_ZCX&F#L2uGob39IjLot3gan%pA=YH7|Ig z43UQR)FmXB?6*l|oA<@<5cX0EZMQtF!76v@!h)RSZ;b6;1Pfh1c??n=4B?toOQNl?hdt!M zT}v1`?F`q=QTUQs4M%wR8mdmxkn7_=bY7hv z4`d98(*HugsHF(-L!ZEZpkHjQX@1$5K9Xe&0 z9wDN&UE6#-=kU z`9r+&ZXevEb1heoTjn}@s5fYF|J99BE{vbOY$QQ;+ubbyO*qQpdqPKV#v7?HgB|Ck zScF(VKz^!=#XaF~`wCyi15cXzsKtuHFNz|TNwm4thpQi(Rg^?7Cq;uexCdm^?q;qP z-3XW&nC{-?YCF8djqQmKm{_FMVCBcq124>KU~n%nQC9m?ozRfeo$;`6$x63E(+Jk! zl=yC0@u=!VS4GPNzE~FHk}JF!pwp~VY=}+*FQY4;+wHES+^yiuXqAi)ChQ)qpMJz~ zvKvr`{ZZO-mR%o0&?xPeg2Zu zj$QBU4)6OjjRkz|!nw_cd=`c!BGYcPsxf){aOw<)N|piV>RD5Q`#7Qdq2zoHPCK74 z|KYCh$;Q}=Y!PRzp5k>j-YDMuEFZ$9b1kA)ES?fJykctyS8r}%08mQLy**>I{g;JH zF>*epi+eg9UT=JIGx*rJdM~IWYYh2^2MT1+4OTXw0J|na$*K?>Tx+fIeM{}RGu^1z z${e!ibEC$SP_>Xp`Ody`vZl+8s6^!k;dO Date: Wed, 7 Oct 2020 14:33:04 -0400 Subject: [PATCH 15/26] build warnings --- .../microsoft-defender-atp/advanced-hunting-go-hunt.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md index 5b0d61b4d3..31a266ff9c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md @@ -21,7 +21,7 @@ ms.topic: article # Quickly hunt for entity or event information with go hunt -[!INCLUDE [Microsoft 365 Defender rebranding](../includes/microsoft-defender.md)] +[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) @@ -29,7 +29,7 @@ With the *go hunt* action, you can quickly investigate events and various entity The *go hunt* action is available in various sections of the security center whenever event or entity details are displayed. For example, you can use *go hunt* from the following sections: -- In the [incident page](investigate-incidents.md#incident-overview), you can review details about users, devices, and many other entities associated with an incident. When you select an entity, you get additional information as well as various actions you could take on that entity. In the example below, a device is selected, showing details about the device as well the option to hunt for more information about the device. +- In the [incident page](investigate-incidents.md), you can review details about users, devices, and many other entities associated with an incident. When you select an entity, you get additional information as well as various actions you could take on that entity. In the example below, a device is selected, showing details about the device as well the option to hunt for more information about the device. ![Image showing device details with the go hunt option](./images/go-hunt-device.png) From a6b6ad342809fcddfd797a723633dfede5186b93 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Wed, 7 Oct 2020 17:48:05 -0400 Subject: [PATCH 16/26] edit pass after submitting draft --- .../advanced-hunting-assignedipaddress-function.md | 4 +++- .../microsoft-defender-atp/advanced-hunting-best-practices.md | 1 - .../microsoft-defender-atp/advanced-hunting-extend-data.md | 2 +- .../microsoft-defender-atp/advanced-hunting-query-results.md | 2 +- .../advanced-hunting-schema-reference.md | 4 +--- 5 files changed, 6 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md index 18be1be4a0..b1576974be 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md @@ -20,11 +20,13 @@ ms.date: 09/20/2020 # AssignedIPAddresses() +[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] + **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Use the `AssignedIPAddresses()` function to quickly obtain the latest IP addresses that have been assigned to a device. If you specify a timestamp argument, this function obtains the most recent IP addresses at the specified time. +Use the `AssignedIPAddresses()` function in your advanced hunting queries to quickly obtain the latest IP addresses that have been assigned to a device. If you specify a timestamp argument, this function obtains the most recent IP addresses at the specified time. This function returns a table with the following columns: diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md index a4ab079ca9..f82f5473a7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md @@ -21,7 +21,6 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md index 9da7deaf78..5a8a4ad77b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md @@ -20,7 +20,7 @@ ms.date: 09/20/2020 # Extend advanced hunting coverage with the right settings -## Create custom detection rules +[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md index 7b15790500..b06237a57a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md @@ -134,7 +134,7 @@ Right-click a value in the result set to quickly enhance your query. You can use ## Filter the query results The filters displayed in the right pane provide a summary of the result set. Every column has its own section in the pane, each of which lists the values found in that column, and the number of instances. -Refine your query by selecting the `+` or `-` buttons on the values that you want to include or exclude. Then selecting **Run query**. +Refine your query by selecting the `+` or `-` buttons on the values that you want to include or exclude. Then select **Run query**. ![Image of advanced hunting filter](images/advanced-hunting-filter.png) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md index 3bb2a7ef3e..c41443181f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md @@ -64,13 +64,11 @@ Table and column names are also listed within the Microsoft Defender Security Ce | **[DeviceImageLoadEvents](advanced-hunting-deviceimageloadevents-table.md)** | DLL loading events | | **[DeviceEvents](advanced-hunting-deviceevents-table.md)** | Multiple event types, including events triggered by security controls such as Microsoft Defender Antivirus and exploit protection | | **[DeviceFileCertificateInfo](advanced-hunting-devicefilecertificateinfo-table.md)** | Certificate information of signed files obtained from certificate verification events on endpoints | -| **[DynamicEventCollection]()** | | -| **[DeviceInventory]()** | | | **[DeviceTvmSoftwareInventoryVulnerabilities](advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md)** | Inventory of software on devices as well as any known vulnerabilities in these software products | | **[DeviceTvmSoftwareVulnerabilitiesKB ](advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md)** | Knowledge base of publicly disclosed vulnerabilities, including whether exploit code is publicly available | | **[DeviceTvmSecureConfigurationAssessment](advanced-hunting-devicetvmsecureconfigurationassessment-table.md)** | Threat & Vulnerability Management assessment events, indicating the status of various security configurations on devices | | **[DeviceTvmSecureConfigurationAssessmentKB](advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md)** | Knowledge base of various security configurations used by Threat & Vulnerability Management to assess devices; includes mappings to various standards and benchmarks | -| **[DeviceInternetFacing]()** | | + ## Related topics - [Advanced hunting overview](advanced-hunting-overview.md) From 67acc71d0da74638200937bc9c6a118c59e7dd65 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 7 Oct 2020 14:55:13 -0700 Subject: [PATCH 17/26] update sections --- windows/security/threat-protection/TOC.md | 2 +- .../configure-server-endpoints.md | 61 ++++++++++++------- 2 files changed, 40 insertions(+), 23 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index f69cdfadb5..c7f7335c43 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -448,7 +448,7 @@ ##### [Onboard devices using a local script](microsoft-defender-atp/configure-endpoints-script.md) ##### [Onboard non-persistent virtual desktop infrastructure (VDI) devices](microsoft-defender-atp/configure-endpoints-vdi.md) -#### [Onboard servers](microsoft-defender-atp/configure-server-endpoints.md) +#### [Onboard Windows servers](microsoft-defender-atp/configure-server-endpoints.md) #### [Onboard non-Windows devices](microsoft-defender-atp/configure-endpoints-non-windows.md) #### [Onboard devices without Internet access](microsoft-defender-atp/onboard-offline-machines.md) #### [Run a detection test on a newly onboarded device](microsoft-defender-atp/run-detection-test.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md index 38b47a18f9..d1a8195e28 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md @@ -54,16 +54,36 @@ For guidance on how to download and use Windows Security Baselines for Windows s You can onboard Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016 to Microsoft Defender ATP by using any of the following options: -- **Option 1**: [Onboard through Microsoft Defender Security Center](#option-1-onboard-windows-servers-through-microsoft-defender-security-center) +- **Option 1**: Onboard by installing and configuring Microsoft Monitoring Agent (MMA) - **Option 2**: [Onboard through Azure Security Center](#option-2-onboard-windows-servers-through-azure-security-center) - **Option 3**: [Onboard through Microsoft Endpoint Configuration Manager version 2002 and later (only for Windows Server 2012 R2 and Windows Server 2016)](#option-3-onboard-windows-servers-through-microsoft-endpoint-configuration-manager-version-2002-and-later) + +After completing the onboarding steps using any of the provided options, you'll need to [Configure and update System Center Endpoint Protection clients](#configure-and-update-system-center-endpoint-protection-clients). + + > [!NOTE] > Microsoft defender ATP standalone server license is required, per node, in order to onboard a Windows server through Microsoft Defender Security Center (Option 1), or an Azure Security Center Standard license is required, per node, in order to onboard a Windows server through Azure Security Center (Option 2), see [Supported features available in Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-services). -### Option 1: Onboard Windows servers through Microsoft Defender Security Center -Perform the following steps to onboard Windows servers through Microsoft Defender Security Center: +### Option 1: Onboard by installing and configuring Microsoft Monitoring Agent (MMA) +You'll need to install and configure MMA for Windows servers to report sensor data to Microsoft Defender ATP. For more information, see [Collect log data with Azure Log Analytics agent](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent). + +If you're already leveraging System Center Operations Manager (SCOM) or Azure Monitor (formerly known as Operations Management Suite (OMS)), attach the Microsoft Monitoring Agent (MMA) to report to your Microsoft Defender ATP workspace through Multihoming support. + +In general, you'll need to take the following steps: +1. Fulfill the onboarding requirements outlined in **Before you begin section**. +2. Turn on server monitoring from Microsoft Defender Security center. +3. Install and configure MMA for the server to report sensor data to Microsoft Defender ATP. +4. Configure and update System Center Endpoint Protection clients. + + +> [!TIP] +> After onboarding the device, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP endpoint](run-detection-test.md). + + +#### Before you begin +Perform the following steps to fulfill the onboarding requirements: - For Windows Server 2008 R2 SP1 or Windows Server 2012 R2, ensure that you install the following hotfix: - [Update for customer experience and diagnostic telemetry](https://support.microsoft.com/help/3080149/update-for-customer-experience-and-diagnostic-telemetry) @@ -77,26 +97,8 @@ Perform the following steps to onboard Windows servers through Microsoft Defende > [!NOTE] > This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2008 R2 SP1 and Windows Server 2012 R2. - - [Turn on server monitoring from Microsoft Defender Security Center](#turn-on-server-monitoring-from-the-microsoft-defender-security-center-portal). - - If you're already leveraging System Center Operations Manager (SCOM) or Azure Monitor (formerly known as Operations Management Suite (OMS)), attach the Microsoft Monitoring Agent (MMA) to report to your Microsoft Defender ATP workspace through Multihoming support. - - Otherwise, [install and configure MMA to report sensor data to Microsoft Defender ATP](#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-atp). For more information, see [Collect log data with Azure Log Analytics agent](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent). - -> [!TIP] -> After onboarding the device, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP endpoint](run-detection-test.md). - -### Configure and update System Center Endpoint Protection clients - -Microsoft Defender ATP integrates with System Center Endpoint Protection. The integration provides visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware. - -The following steps are required to enable this integration: -- Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie). - -- Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting. - - -### Turn on Server monitoring from the Microsoft Defender Security Center portal +### Turn on Server monitoring from the Microsoft Defender Security Center portal -MICHAEL TO VERIFY 1. In the navigation pane, select **Settings** > **Device management** > **Onboarding**. @@ -135,9 +137,24 @@ Once completed, you should see onboarded Windows servers in the portal within an 4. Follow the onboarding instructions in [Microsoft Defender Advanced Threat Protection with Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp). +After completing the onboarding steps, you'll need to [Configure and update System Center Endpoint Protection clients](#configure-and-update-system-center-endpoint-protection-clients). + ### Option 3: Onboard Windows servers through Microsoft Endpoint Configuration Manager version 2002 and later You can onboard Windows Server 2012 R2 and Windows Server 2016 by using Microsoft Endpoint Configuration Manager version 2002 and later. For more information, see [Microsoft Defender Advanced Threat Protection in Microsoft Endpoint Configuration Manager current branch](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection). +After completing the onboarding steps, you'll need to [Configure and update System Center Endpoint Protection clients](#configure-and-update-system-center-endpoint-protection-clients). + +## Configure and update System Center Endpoint Protection clients + +Microsoft Defender ATP integrates with System Center Endpoint Protection. The integration provides visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware. + +The following steps are required to enable this integration: +- Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie). + +- Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting. + + + ## Windows Server (SAC) version 1803, Windows Server 2019, and Windows Server 2019 Core edition You can onboard Windows Server (SAC) version 1803, Windows Server 2019, or Windows Server 2019 Core edition by using the following deployment methods: From a84b75dab2eef7e2cedfe87eca78142937593cf0 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 7 Oct 2020 15:09:39 -0700 Subject: [PATCH 18/26] update anchor --- .../microsoft-defender-atp/configure-server-endpoints.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md index d1a8195e28..85b7f737b9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md @@ -54,7 +54,7 @@ For guidance on how to download and use Windows Security Baselines for Windows s You can onboard Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016 to Microsoft Defender ATP by using any of the following options: -- **Option 1**: Onboard by installing and configuring Microsoft Monitoring Agent (MMA) +- **Option 1**: [Onboard by installing and configuring Microsoft Monitoring Agent (MMA)](#option-1-onboard-by-installing-and-configuring-microsoft-monitoring-agent-mma) - **Option 2**: [Onboard through Azure Security Center](#option-2-onboard-windows-servers-through-azure-security-center) - **Option 3**: [Onboard through Microsoft Endpoint Configuration Manager version 2002 and later (only for Windows Server 2012 R2 and Windows Server 2016)](#option-3-onboard-windows-servers-through-microsoft-endpoint-configuration-manager-version-2002-and-later) @@ -72,7 +72,7 @@ You'll need to install and configure MMA for Windows servers to report sensor da If you're already leveraging System Center Operations Manager (SCOM) or Azure Monitor (formerly known as Operations Management Suite (OMS)), attach the Microsoft Monitoring Agent (MMA) to report to your Microsoft Defender ATP workspace through Multihoming support. In general, you'll need to take the following steps: -1. Fulfill the onboarding requirements outlined in **Before you begin section**. +1. Fulfill the onboarding requirements outlined in **Before you begin** section. 2. Turn on server monitoring from Microsoft Defender Security center. 3. Install and configure MMA for the server to report sensor data to Microsoft Defender ATP. 4. Configure and update System Center Endpoint Protection clients. From 2f6d859736821e089e3addc72bbc07391fc9b1e4 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Thu, 8 Oct 2020 15:12:16 -0400 Subject: [PATCH 19/26] second pass adding pages --- .../microsoft-defender-atp/advanced-hunting-extend-data.md | 4 ++-- .../microsoft-defender-atp/advanced-hunting-go-hunt.md | 4 ++-- .../microsoft-defender-atp/advanced-hunting-overview.md | 3 +++ .../microsoft-defender-atp/advanced-hunting-query-language.md | 2 +- 4 files changed, 8 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md index 5a8a4ad77b..371cfbed8c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 09/20/2020 +ms.date: 10/10/2020 --- # Extend advanced hunting coverage with the right settings @@ -26,7 +26,7 @@ ms.date: 09/20/2020 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -[Advanced hunting](advanced-hunting-overview.md) relies on data coming from various sources, including your devices, your Office 365 workspaces, Azure AD, and Azure ATP. To get the most comprehensive data possible, ensure that you have the correct settings in the corresponding data sources. +[Advanced hunting](advanced-hunting-overview.md) relies on data coming from across your organization. To get the most comprehensive data possible, ensure that you have the correct settings in the corresponding data sources. ## Advanced security auditing on Windows devices diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md index 31a266ff9c..cab2d3160b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md @@ -73,12 +73,12 @@ You can use *go hunt* after selecting any of these entity types: ## Query for event information -When using *go hunt* to query for information about a timeline event, the query checks all relevant schema tables for other events around the time of the selected event. For example, the following query lists events in various schema tables that occured around the same time period on the same device: +When using *go hunt* to query for information about a timeline event, the query checks all relevant schema tables for other events around the time of the selected event. For example, the following query lists events in various schema tables that occurred around the same time period on the same device: ```kusto // List relevant events 30 minutes before and after selected RegistryValueSet event let selectedEventTimestamp = datetime(2020-10-06T21:40:25.3466868Z); -search in (DeviceFileEvents, DeviceProcessEvents, DeviceEvents, DeviceRegistryEvents, DeviceNetworkEvents, DeviceImageLoadEvents, DeviceLogonEvents, ResponseEvents) +search in (DeviceFileEvents, DeviceProcessEvents, DeviceEvents, DeviceRegistryEvents, DeviceNetworkEvents, DeviceImageLoadEvents, DeviceLogonEvents) Timestamp between ((selectedEventTimestamp - 30m) .. (selectedEventTimestamp + 30m)) and DeviceId == "a305b52049c4658ec63ae8b55becfe5954c654a4" | sort by Timestamp desc diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md index dafbbe5cfa..19ef98383c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md @@ -52,6 +52,9 @@ We recommend going through several steps to quickly get up and running with adva | **Understand the schema** | Get a good, high-level understanding of the tables in the schema and their columns. Learn where to look for data when constructing your queries. | [Schema reference](advanced-hunting-schema-reference.md) | | **Use predefined queries** | Explore collections of predefined queries covering different threat hunting scenarios. | [Shared queries](advanced-hunting-shared-queries.md) | | **Optimize queries and handle errors** | Understand how to create efficient and error-free queries. | - [Query best practices](advanced-hunting-best-practices.md)
- [Handle errors](advanced-hunting-errors.md) | +| **Get the most complete coverage** | Use audit settings to provide better data coverage for your organization. | - [Extend advanced hunting coverage](advanced-hunting-extend-data.md) | +| **Run a quick investigation** | Quickly run an advanced hunting query to investigate suspicious activity. | - [Quickly hunt for entity or event information with *go hunt*](advanced-hunting-go-hunt.md) | +| **Contain threats and address compromises** | Respond to attacks by quarantining files, restricting app execution, and other actions | - [Take action on advanced hunting query results](advanced-hunting-take-action.md) | | **Create custom detection rules** | Understand how you can use advanced hunting queries to trigger alerts and take response actions automatically. | - [Custom detections overview](overview-custom-detections.md)
- [Custom detection rules](custom-detection-rules.md) | ## Data freshness and update frequency diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md index e11d004596..db801d3730 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md @@ -180,6 +180,6 @@ For detailed information about the query language, see [Kusto query language doc ## Related topics - [Advanced hunting overview](advanced-hunting-overview.md) - [Work with query results](advanced-hunting-query-results.md) -- [Use shared queries](advanced-hunting-shared-queries) +- [Use shared queries](advanced-hunting-shared-queries.md) - [Understand the schema](advanced-hunting-schema-reference.md) - [Apply query best practices](advanced-hunting-best-practices.md) From db33b71b9c8a914c06ea4780e1b8fde25b9a19d2 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 8 Oct 2020 16:34:25 -0700 Subject: [PATCH 20/26] Update configure-server-endpoints.md --- .../configure-server-endpoints.md | 54 ++++++++----------- 1 file changed, 23 insertions(+), 31 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md index 85b7f737b9..1544d16c1a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md @@ -37,14 +37,6 @@ ms.topic: article Microsoft Defender ATP extends support to also include the Windows Server operating system. This support provides advanced attack detection and investigation capabilities seamlessly through the Microsoft Defender Security Center console. -The service supports the onboarding of the following Windows servers: -- Windows Server 2008 R2 SP1 -- Windows Server 2012 R2 -- Windows Server 2016 -- Windows Server (SAC) version 1803 and later -- Windows Server 2019 and later -- Windows Server 2019 core edition - For a practical guidance on what needs to be in place for licensing and infrastructure, see [Protecting Windows Servers with Microsoft Defender ATP](https://techcommunity.microsoft.com/t5/What-s-New/Protecting-Windows-Server-with-Windows-Defender-ATP/m-p/267114#M128). For guidance on how to download and use Windows Security Baselines for Windows servers, see [Windows Security Baselines](https://docs.microsoft.com/windows/device-security/windows-security-baselines). @@ -56,7 +48,7 @@ You can onboard Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows - **Option 1**: [Onboard by installing and configuring Microsoft Monitoring Agent (MMA)](#option-1-onboard-by-installing-and-configuring-microsoft-monitoring-agent-mma) - **Option 2**: [Onboard through Azure Security Center](#option-2-onboard-windows-servers-through-azure-security-center) -- **Option 3**: [Onboard through Microsoft Endpoint Configuration Manager version 2002 and later (only for Windows Server 2012 R2 and Windows Server 2016)](#option-3-onboard-windows-servers-through-microsoft-endpoint-configuration-manager-version-2002-and-later) +- **Option 3**: [Onboard through Microsoft Endpoint Configuration Manager version 2002 and later](#option-3-onboard-windows-servers-through-microsoft-endpoint-configuration-manager-version-2002-and-later) After completing the onboarding steps using any of the provided options, you'll need to [Configure and update System Center Endpoint Protection clients](#configure-and-update-system-center-endpoint-protection-clients). @@ -98,14 +90,6 @@ Perform the following steps to fulfill the onboarding requirements: > This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2008 R2 SP1 and Windows Server 2012 R2. -### Turn on Server monitoring from the Microsoft Defender Security Center portal -MICHAEL TO VERIFY - -1. In the navigation pane, select **Settings** > **Device management** > **Onboarding**. - -2. Select **Windows Server 2008 R2 SP1, 2012 R2 and 2016** as the operating system. - -3. Click **Turn on server monitoring** and confirm that you'd like to proceed with the environment setup. When the setup completes, the **Workspace ID** and **Workspace key** fields are populated with unique values. You'll need to use these values to configure the MMA agent. - ### Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender ATP @@ -117,16 +101,22 @@ Perform the following steps to fulfill the onboarding requirements: On the **Agent Setup Options** page, choose **Connect the agent to Azure Log Analytics (OMS)**. - [Install the agent using the command line](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-the-agent-using-the-command-line) and [configure the agent using a script](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#add-a-workspace-using-a-script). -3. You'll need to configure proxy settings for the Microsoft Monitoring Agent. For more information, see [Configure proxy settings](configure-proxy-internet.md). -Once completed, you should see onboarded Windows servers in the portal within an hour. -### Configure Windows server proxy and Internet connectivity settings +### Configure Windows server proxy and Internet connectivity settings if needed +If your servers need to use a proxy to communicate with Microsoft Defender ATP, use one of the following methods to configure the MMA to use the proxy server: -- Each Windows server must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the OMS Gateway. -- If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that you [enable access to Microsoft Defender ATP service URLs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server). + +- [Configure the MMA to use a proxy server](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#install-agent-using-setup-wizard). + +- [Configure the Windows to use a proxy server for all connections](configure-proxy-internet.md) + +If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that you [enable access to Microsoft Defender ATP service URLs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server). + + +Once completed, you should see onboarded Windows servers in the portal within an hour. ### Option 2: Onboard Windows servers through Azure Security Center 1. In the Microsoft Defender Security Center navigation pane, select **Settings** > **Device management** > **Onboarding**. @@ -144,15 +134,6 @@ You can onboard Windows Server 2012 R2 and Windows Server 2016 by using Microsof After completing the onboarding steps, you'll need to [Configure and update System Center Endpoint Protection clients](#configure-and-update-system-center-endpoint-protection-clients). -## Configure and update System Center Endpoint Protection clients - -Microsoft Defender ATP integrates with System Center Endpoint Protection. The integration provides visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware. - -The following steps are required to enable this integration: -- Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie). - -- Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting. - ## Windows Server (SAC) version 1803, Windows Server 2019, and Windows Server 2019 Core edition @@ -218,6 +199,17 @@ Data collected by Microsoft Defender ATP is stored in the geo-location of the te Server endpoint monitoring utilizing this integration has been disabled for Office 365 GCC customers. +## Configure and update System Center Endpoint Protection clients + +Microsoft Defender ATP integrates with System Center Endpoint Protection. The integration provides visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware. + +The following steps are required to enable this integration: +- Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie). + +- Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting. + + + ## Offboard Windows servers You can offboard Windows Server (SAC), Windows Server 2019, and Windows Server 2019 Core edition in the same method available for Windows 10 client devices. From 5411d76ba7c0f5e424a77389ac6c438244bb59f3 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 8 Oct 2020 16:58:56 -0700 Subject: [PATCH 21/26] period --- .../microsoft-defender-atp/configure-server-endpoints.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md index 1544d16c1a..59eabd5750 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md @@ -109,7 +109,7 @@ Perform the following steps to fulfill the onboarding requirements: If your servers need to use a proxy to communicate with Microsoft Defender ATP, use one of the following methods to configure the MMA to use the proxy server: -- [Configure the MMA to use a proxy server](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#install-agent-using-setup-wizard). +- [Configure the MMA to use a proxy server](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#install-agent-using-setup-wizard) - [Configure the Windows to use a proxy server for all connections](configure-proxy-internet.md) From 281a3d2c2589984f9c245deed896da24c7723fd9 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Thu, 15 Oct 2020 15:33:46 -0400 Subject: [PATCH 22/26] reverted best ahq practices page attempted rebase was complicated by hundreds of commits applied after the removed commits --- .../advanced-hunting-best-practices.md | 234 ++---------------- 1 file changed, 27 insertions(+), 207 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md index f82f5473a7..194abff0c8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md @@ -25,204 +25,54 @@ ms.topic: article - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-abovefoldlink) -Apply these recommendations to get results faster and avoid timeouts while running complex queries. For more guidance on improving query performance, read [Kusto query best practices](https://docs.microsoft.com/azure/kusto/query/best-practices). +## Optimize query performance -## General guidance +Apply these recommendations to get results faster and avoid timeouts while running complex queries. -- **Size new queries**—If you suspect that a query will return a large result set, assess it first using the [count operator](https://docs.microsoft.com/azure/data-explorer/kusto/query/countoperator). Use [limit](https://docs.microsoft.com/azure/data-explorer/kusto/query/limitoperator) or its synonym `take` to avoid large result sets. +- When trying new queries, always use `limit` to avoid extremely large result sets. You can also initially assess the size of the result set using `count`. +- Use time filters first. Ideally, limit your queries to seven days. +- Put filters that are expected to remove most of the data in the beginning of the query, right after the time filter. +- Use the `has` operator over `contains` when looking for full tokens. +- Look in a specific column rather than running full text searches across all columns. +- When joining tables, specify the table with fewer rows first. +- `project` only the necessary columns from tables you've joined. -- **Apply filters early**—Apply time filters and other filters to reduce the data set, especially before using transformation and parsing functions, such as [substring()](https://docs.microsoft.com/azure/data-explorer/kusto/query/substringfunction), [replace()](https://docs.microsoft.com/azure/data-explorer/kusto/query/replacefunction), [trim()](https://docs.microsoft.com/azure/data-explorer/kusto/query/trimfunction), [toupper()](https://docs.microsoft.com/azure/data-explorer/kusto/query/toupperfunction), or [parse_json()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parsejsonfunction). In the example below, the parsing function [extractjson()](https://docs.microsoft.com/azure/data-explorer/kusto/query/extractjsonfunction) is used after filtering operators have reduced the number of records. +>[!TIP] +>For more guidance on improving query performance, read [Kusto query best practices](https://docs.microsoft.com/azure/kusto/query/best-practices). - ```kusto - DeviceEvents - | where Timestamp > ago(1d) - | where ActionType == "UsbDriveMount" - | where DeviceName == "user-desktop.domain.com" - | extend DriveLetter = extractjson("$.DriveLetter", AdditionalFields) - ``` +## Query tips and pitfalls -- ***Has* beats *contains*** —To avoid searching substrings within words unnecessarily, use the `has` operator instead of `contains`. [Learn about string operators](https://docs.microsoft.com/azure/data-explorer/kusto/query/datatypes-string-operators) +### Queries with process IDs -- **Look in specific columns**—Look in a specific column rather than running full text searches across all columns. Don't use `*` to check all columns. - -- **Case-sensitive for speed**—Case-sensitive searches are more specific and generally more performant. Names of case-sensitive [string operators](https://docs.microsoft.com/azure/data-explorer/kusto/query/datatypes-string-operators), such as `has_cs` and `contains_cs`, generally end with `_cs`. You can also use the case-sensitive equals operator `==` instead of `~=`. - -- **Parse, don't extract**—Whenever possible, use the [parse operator](https://docs.microsoft.com/azure/data-explorer/kusto/query/parseoperator) or a parsing function like [parse_json()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parsejsonfunction). Avoid the `matches regex` string operator or the [extract() function](https://docs.microsoft.com/azure/data-explorer/kusto/query/extractfunction), both of which use regular expression. Reserve the use of regular expression for more complex scenarios. [Read more about parsing functions](#parse-strings) - -- **Filter tables not expressions**—Don't filter on a calculated column if you can filter on a table column. - -- **No three-character terms**—Avoid comparing or filtering using terms with three characters or fewer. These terms are not indexed and matching them will require more resources. - -- **Project selectively**—Make your results easier to understand by projecting only the columns you need. Projecting specific columns prior to running [join](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator) or similar operations also helps improve performance. - -## Optimize the `join` operator - -The [join operator](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator) merges rows from two tables by matching values in specified columns. Apply these tips to optimize queries that use this operator. - -- **Smaller table to your left**—The `join` operator matches records in the table on the left side of your join statement to records on the right. By having the smaller table on the left, fewer records will need to be matched, thus speeding up the query. - - In the table below, we reduce the left table `DeviceLogonEvents` to cover only three specific devices before joining it with `DeviceNetworkEvents` by device IDs. - - ```kusto - DeviceLogonEvents - | where DeviceName in ("device-1.domain.com", "device-2.domain.com", "device-3.domain.com") - | where ActionType == "LogonFailed" - | join - (DeviceNetworkEvents - | where Protocol == "Kerberos" - | where ActionType == "LogonFailed") - on DeviceId - ``` - -- **Use the inner-join flavor**—The default [join flavor](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator#join-flavors) or the [innerunique-join](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator?pivots=azuredataexplorer#innerunique-join-flavor) deduplicates rows in the left table by the join key before returning a row for each match to the right table. If the left table has multiple rows with the same value for the `join` key, those rows will be deduplicated to leave a single random row for each unique value. - - This default behavior can leave out important information from the left table that can provide useful insight. For example, the query below will only show one email containing a particular attachment, even if that same attachment was sent using multiple emails messages: - - ```kusto - EmailAttachmentInfo - | where Timestamp > ago(1h) - | where Subject == "Document Attachment" and FileName == "Document.pdf" - | join (DeviceFileEvents | where Timestamp > ago(1h)) on SHA256 - ``` - - To address this limitation, we apply the [inner-join](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator?pivots=azuredataexplorer#inner-join-flavor) flavor by specifying `kind=inner` to show all rows in the left table with matching values in the right: - - ```kusto - EmailAttachmentInfo - | where Timestamp > ago(1h) - | where Subject == "Document Attachment" and FileName == "Document.pdf" - | join kind=inner (DeviceFileEvents | where Timestamp > ago(1h)) on SHA256 - ``` - -- **Join records from a time window**—When investigating security events, analysts look for related events that occur around the same time period. Applying the same approach when using `join` also benefits performance by reducing the number of records to check. - - The query below checks for logon events within 30 minutes of a credential access alert being raised: - - ```kusto - DeviceAlertEvents - | where Timestamp > ago(7d) - | where Severity == "High" - | where Category == "CredentialAccess" - | project AlertRaised = Timestamp, DeviceName, AlertId, Title, AttackTechniques - | join ( - DeviceLogonEvents - | where Timestamp > ago(7d) - | project LogonTime = Timestamp, DeviceName, AccountName - ) on DeviceName - | where (LogonTime - AlertRaised) between (0min .. 30min) - ``` - -- **Apply time filters on both sides**—Even if you're not investigating a specific time window, applying time filters on both the left and right tables can reduce the number of records to check and improve `join` performance. The query below applies `Timestamp > ago(1h)` to both tables so that it joins only records from the past hour: - - ```kusto - DeviceAlertEvents - | where Timestamp > ago(1h) - | where Severity == "High" - | join (DeviceFileEvents - | where Timestamp > ago(1h) - | where ActionType == "FileCreated" - ) on SHA1 - ``` - -- **Use hints for performance**—Use hints with the `join` operator to instruct the backend to distribute load when running resource-intensive operations. [Learn more about join hints](https://docs.microsoft.com/azure/data-explorer/kusto/query/joinoperator#join-hints) - - For example, the **[shuffle hint](https://docs.microsoft.com/azure/data-explorer/kusto/query/shufflequery)** helps improve query performance when joining tables using a key with high cardinality—a key with many unique values—such as the `AccountObjectId` in the query below: - - ```kusto - IdentityInfo - | where JobTitle == "CONSULTANT" - | join hint.shufflekey = AccountObjectId - (IdentityDirectoryEvents - | where Application == "Active Directory" - | where ActionType == "Private data retrieval") - on AccountObjectId - ``` - - The **[broadcast hint](https://docs.microsoft.com/azure/data-explorer/kusto/query/broadcastjoin)** helps when the left table is small (up to 100,000 records) and the right table is extremely large. For example, the query below is trying to join a few emails that have specific subjects with _all_ messages containing links in the `EmailUrlInfo` table: - - ```kusto - EmailEvents - | where Subject in ("Warning: Update your credentials now", "Action required: Update your credentials now") - | join hint.strategy = broadcast EmailUrlInfo on NetworkMessageId - ``` - -## Optimize the `summarize` operator - -The [summarize operator](https://docs.microsoft.com/azure/data-explorer/kusto/query/summarizeoperator) aggregates the contents of a table. Apply these tips to optimize queries that use this operator. - -- **Find distinct values**—In general, use `summarize` to find distinct values that can be repetitive. It can be unnecessary to use it to aggregate columns that don't have repetitive values. - - While a single email can be part of multiple events, the example below is _not_ an efficient use of `summarize` because a network message ID for an individual email always comes with a unique sender address. - - ```kusto - EmailEvents - | where Timestamp > ago(1h) - | summarize by NetworkMessageId, SenderFromAddress - ``` - - The `summarize` operator can be easily replaced with `project`, yielding potentially the same results while consuming fewer resources: - - ```kusto - EmailEvents - | where Timestamp > ago(1h) - | project NetworkMessageId, SenderFromAddress - ``` - - The following example is a more efficient use of `summarize` because there can be multiple distinct instances of a sender address sending email to the same recipient address. Such combinations are less distinct and are likely to have duplicates. - - ```kusto - EmailEvents - | where Timestamp > ago(1h) - | summarize by SenderFromAddress, RecipientEmailAddress - ``` - -- **Shuffle the query**—While `summarize` is best used in columns with repetitive values, the same columns can also have _high cardinality_ or large numbers of unique values. Like the `join` operator, you can also apply the [shuffle hint](https://docs.microsoft.com/azure/data-explorer/kusto/query/shufflequery) with `summarize` to distribute processing load and potentially improve performance when operating on columns with high cardinality. - - The query below uses `summarize` to count distinct recipient email address, which can run in the hundreds of thousands in large organizations. To improve performance, it incorporates `hint.shufflekey`: - - ```kusto - EmailEvents - | where Timestamp > ago(1h) - | summarize hint.shufflekey = RecipientEmailAddress count() by Subject, RecipientEmailAddress - ``` - -## Query scenarios - -### Identify unique processes with process IDs - -Process IDs (PIDs) are recycled in Windows and reused for new processes. On their own, they can't serve as unique identifiers for specific processes. - -To get a unique identifier for a process on a specific machine, use the process ID together with the process creation time. When you join or summarize data around processes, include columns for the machine identifier (either `DeviceId` or `DeviceName`), the process ID (`ProcessId` or `InitiatingProcessId`), and the process creation time (`ProcessCreationTime` or `InitiatingProcessCreationTime`) +Process IDs (PIDs) are recycled in Windows and reused for new processes. On their own, they can't serve as unique identifiers for specific processes. To get a unique identifier for a process on a specific device, use the process ID together with the process creation time. When you join or summarize data around processes, include columns for the device identifier (either `DeviceId` or `DeviceName`), the process ID (`ProcessId` or `InitiatingProcessId`), and the process creation time (`ProcessCreationTime` or `InitiatingProcessCreationTime`). The following example query finds processes that access more than 10 IP addresses over port 445 (SMB), possibly scanning for file shares. -Example query: - ```kusto DeviceNetworkEvents | where RemotePort == 445 and Timestamp > ago(12h) and InitiatingProcessId !in (0, 4) -| summarize RemoteIPCount=dcount(RemoteIP) by DeviceName, InitiatingProcessId -InitiatingProcessCreationTime, InitiatingProcessFileName +| summarize RemoteIPCount=dcount(RemoteIP) by DeviceName, InitiatingProcessId, InitiatingProcessCreationTime, InitiatingProcessFileName | where RemoteIPCount > 10 ``` The query summarizes by both `InitiatingProcessId` and `InitiatingProcessCreationTime` so that it looks at a single process, without mixing multiple processes with the same process ID. -### Query command lines +### Queries with command lines -There are numerous ways to construct a command line to accomplish a task. For example, an attacker could reference an image file without a path, without a file extension, using environment variables, or with quotes. The attacker could also change the order of parameters or add multiple quotes and spaces. +Command lines can vary. When applicable, filter on file names and do fuzzy matching. -To create more durable queries around command lines, apply the following practices: +There are numerous ways to construct a command line to accomplish a task. For example, an attacker could reference an image file with or without a path, without a file extension, using environment variables, or with quotes. In addition, the attacker could also change the order of parameters or add multiple quotes and spaces. -- Identify the known processes (such as *net.exe* or *psexec.exe*) by matching on the file name fields, instead of filtering on the command-line itself. -- Parse command-line sections using the [parse_command_line() function](https://docs.microsoft.com/azure/data-explorer/kusto/query/parse-command-line) +To create more durable queries using command lines, apply the following practices: + +- Identify the known processes (such as *net.exe* or *psexec.exe*) by matching on the filename fields, instead of filtering on the command-line field. - When querying for command-line arguments, don't look for an exact match on multiple unrelated arguments in a certain order. Instead, use regular expressions or use multiple separate contains operators. -- Use case insensitive matches. For example, use `=~`, `in~`, and `contains` instead of `==`, `in`, and `contains_cs`. -- To mitigate command-line obfuscation techniques, consider removing quotes, replacing commas with spaces, and replacing multiple consecutive spaces with a single space. There are more complex obfuscation techniques that require other approaches, but these tweaks can help address common ones. +- Use case insensitive matches. For example, use `=~`, `in~`, and `contains` instead of `==`, `in` and `contains_cs` +- To mitigate DOS command-line obfuscation techniques, consider removing quotes, replacing commas with spaces, and replacing multiple consecutive spaces with a single space. Note that there are more complex DOS obfuscation techniques that require other approaches, but these can help address the most common ones. -The following examples show various ways to construct a query that looks for the file *net.exe* to stop the firewall service "MpsSvc": +The following examples show various ways to construct a query that looks for the file *net.exe* to stop the Windows Defender Firewall service: ```kusto // Non-durable query - do not use @@ -230,7 +80,7 @@ DeviceProcessEvents | where ProcessCommandLine == "net stop MpsSvc" | limit 10 -// Better query - filters on file name, does case-insensitive matches +// Better query - filters on filename, does case-insensitive matches DeviceProcessEvents | where Timestamp > ago(7d) and FileName in~ ("net.exe", "net1.exe") and ProcessCommandLine contains "stop" and ProcessCommandLine contains "MpsSvc" @@ -241,37 +91,7 @@ DeviceProcessEvents | where CanonicalCommandLine contains "stop" and CanonicalCommandLine contains "MpsSvc" ``` -### Ingest data from external sources - -To incorporate long lists or large tables into your query, use the [externaldata operator](https://docs.microsoft.com/azure/data-explorer/kusto/query/externaldata-operator) to ingest data from a specified URI. You can get data from files in TXT, CSV, JSON, or [other formats](https://docs.microsoft.com/azure/data-explorer/ingestion-supported-formats). The example below shows how you can utilize the extensive list of malware SHA-256 hashes provided by MalwareBazaar (abuse.ch) to check attachments on emails: - -```kusto -let abuse_sha256 = (externaldata(sha256_hash: string ) -[@"https://bazaar.abuse.ch/export/txt/sha256/recent/"] -with (format="txt")) -| where sha256_hash !startswith "#" -| project sha256_hash; -abuse_sha256 -| join (EmailAttachmentInfo -| where Timestamp > ago(1d) -) on $left.sha256_hash == $right.SHA256 -| project Timestamp,SenderFromAddress,RecipientEmailAddress,FileName,FileType, -SHA256,MalwareFilterVerdict,MalwareDetectionMethod -``` - -### Parse strings - -There are various functions you can use to efficiently handle strings that need parsing or conversion. - -| String | Function | Usage example | -|--|--|--| -| Command-lines | [parse_command_line()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parse-command-line) | Extract the command and all arguments. | -| Paths | [parse_path()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parsepathfunction) | Extract the sections of a file or folder path. | -| Version numbers | [parse_version()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parse-versionfunction) | Deconstruct a version number with up to four sections and up to eight characters per section. Use the parsed data to compare version age. | -| IPv4 addresses | [parse_ipv4()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parse-ipv4function) | Convert an IPv4 address to a long integer. To compare IPv4 addresses without converting them, use [ipv4_compare()](https://docs.microsoft.com/azure/data-explorer/kusto/query/ipv4-comparefunction). | -| IPv6 addresses | [parse_ipv6()](https://docs.microsoft.com/azure/data-explorer/kusto/query/parse-ipv6function) | Convert an IPv4 or IPv6 address to the canonical IPv6 notation. To compare IPv6 addresses, use [ipv6_compare()](https://docs.microsoft.com/azure/data-explorer/kusto/query/ipv6-comparefunction). | - -To learn about all supported parsing functions, [read about Kusto string functions](https://docs.microsoft.com/azure/data-explorer/kusto/query/scalarfunctions#string-functions). +> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-belowfoldlink) ## Related topics From f1cb8d1c4460f1469feaa4c5cfe2eedd4242ab23 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 15 Oct 2020 15:41:46 -0700 Subject: [PATCH 23/26] Acrolinx grammar --- .../microsoft-defender-atp/advanced-hunting-shared-queries.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md index 4bc9a7c98f..46610a6772 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md @@ -43,7 +43,7 @@ You can save a new or existing query so that it is only accessible to you or sha ![Image of saving a query](images/advanced-hunting-save-query.png) 4. Select the folder where you'd like to save the query. - - **Shared queries** — shared to all users in the your organization + - **Shared queries** — shared to all users in your organization - **My queries** — accessible only to you 5. Select **Save**. From e240e6213ee07fe525c7fabd46a5460ef0c9385b Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 15 Oct 2020 15:42:54 -0700 Subject: [PATCH 24/26] Acrolinx grammar --- .../microsoft-defender-atp/advanced-hunting-take-action.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md index 9f5671b224..b06baf7444 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md @@ -38,7 +38,7 @@ To be able to take action through advanced hunting, you need a role in Microsoft ## Take various actions on devices -You can take the following actions on devices identified by the `DeviceId` column in you query results: +You can take the following actions on devices identified by the `DeviceId` column in your query results: - Isolate affected devices to contain an infection or prevent attacks from moving laterally - Collect investigation package to obtain more forensic information From d2fe6ae9a12873962509b3ec309e06f48740a9eb Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 16 Oct 2020 10:19:37 -0700 Subject: [PATCH 25/26] minor updates --- .../microsoft-defender-atp/configure-server-endpoints.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md index 59eabd5750..0ddcd8c630 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md @@ -111,10 +111,9 @@ If your servers need to use a proxy to communicate with Microsoft Defender ATP, - [Configure the MMA to use a proxy server](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#install-agent-using-setup-wizard) -- [Configure the Windows to use a proxy server for all connections](configure-proxy-internet.md) - -If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that you [enable access to Microsoft Defender ATP service URLs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server). +- [Configure Windows to use a proxy server for all connections](configure-proxy-internet.md) +If a proxy or firewall is in use, please ensure that servers can access all of the Microsoft Defender ATP service URLs directly and without SSL interception. For more information, see [enable access to Microsoft Defender ATP service URLs](configure-proxy-internet.md#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server). Use of SSL interception will prevent the system from communicating with the Defender for Endpoint service. Once completed, you should see onboarded Windows servers in the portal within an hour. From 5bd71e4a71d3a64f6e34485f6c7c69e659d5cb27 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Fri, 16 Oct 2020 13:13:53 -0700 Subject: [PATCH 26/26] Add note on panics on Big Sur --- .../threat-protection/microsoft-defender-atp/mac-whatsnew.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md index ca4617cc28..98c20cb71d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md @@ -46,6 +46,10 @@ ms.topic: conceptual ## 101.09.50 - This product version has been validated on macOS Big Sur 11 beta 9 + + > [!IMPORTANT] + > Extensive testing of MDE (Microsoft Defender for Endpoint) with new macOS system extensions revealed an intermittent issue that impacts macOS devices with specific graphic cards models. In rare cases on impacted macOS devices calls into macOS system extensions were seen resulting in kernel panic. Microsoft is actively working with Apple engineering to clarify profile of impacted devices and to address this macOS issue. + - The new syntax for the `mdatp` command-line tool is now the default one. For more information on the new syntax, see [Resources for Microsoft Defender ATP for Mac](mac-resources.md#configuring-from-the-command-line) > [!NOTE]