From dc6c0063ab982be234f2fe9f4931158787ab33a0 Mon Sep 17 00:00:00 2001 From: illfated Date: Fri, 19 Apr 2019 13:18:34 +0200 Subject: [PATCH] Auditing: Add an event example in event-5159.md Description: The page event-5159.md does not yet contain any example outputs from the event being triggered on a running computer or server. Changes proposed: Add examples based on its predecessor page event-5158.md and samples provided by audi5411 in issue ticket #3291 (windows event log 5159 xml example) To do: - [ ] Verify the validity of the added content - [ ] Get precise sample images from the docs team Closes #3291 --- .../threat-protection/auditing/event-5159.md | 129 ++++++++++++++---- .../auditing/images/event-5159.png | Bin 0 -> 24435 bytes 2 files changed, 105 insertions(+), 24 deletions(-) create mode 100644 windows/security/threat-protection/auditing/images/event-5159.png diff --git a/windows/security/threat-protection/auditing/event-5159.md b/windows/security/threat-protection/auditing/event-5159.md index 74fd606119..a1cf9746d1 100644 --- a/windows/security/threat-protection/auditing/event-5159.md +++ b/windows/security/threat-protection/auditing/event-5159.md @@ -17,37 +17,48 @@ ms.date: 04/19/2017 - Windows Server 2016 -This event is logged if the Windows Filtering Platform has blocked a bind to a local port. - -There is no example of this event in this document. +Event 5159 illustration ***Subcategory:*** [Audit Filtering Platform Connection](audit-filtering-platform-connection.md) -***Event Schema:*** +***Event Description:*** -*The Windows Filtering Platform has blocked a bind to a local port.* +This event is logged if the Windows Filtering Platform has blocked a bind to a local port. -*Application Information:* +
-> *Process ID:%1* -> -> *Application Name:%2* +***Event XML:*** +``` +- +- + + 5159 + 0 + 0 + 12810 + 0 + 0x8010000000000000 + + 44097 + + + Security + DC01.contoso.local + + +- + 7924 + \device\harddiskvolume2\users\test\desktop\netcat\nc.exe + 0.0.0.0 + 5555 + 6 + 84614 + %%14608 + 36 + + -*Network Information:* - -> *Source Address:%3* -> -> *Source Port:%4* -> -> *Protocol:%5* - -*Filter Information:* - -> *Filter Run-Time ID:%6* -> -> *Layer Name:%7* -> -> *Layer Run-Time ID:%8* +``` ***Required Server Roles:*** None. @@ -55,6 +66,76 @@ There is no example of this event in this document. ***Event Versions:*** 0. +***Field Descriptions:*** + +**Application Information**: + +- **Process ID** \[Type = Pointer\]: hexadecimal Process ID of the process which was permitted to bind to the local port. Process ID (PID) is a number used by the operating system to uniquely identify an active process. To see the PID for a specific process you can, for example, use Task Manager (Details tab, PID column): + + Task manager illustration + + If you convert the hexadecimal value to decimal, you can compare it to the values in Task Manager. + + You can also correlate this process ID with a process ID in other events, for example, “[4688](event-4688.md): A new process has been created” **Process Information\\New Process ID**. + + + +- **Application Name** \[Type = UnicodeString\]**:** full path and the name of the executable for the process. + + Logical disk is displayed in format \\device\\harddiskvolume\#. You can get all local volume numbers by using **diskpart** utility. The command to get volume numbers using diskpart is “**list volume”**: + +DiskPart illustration + +**Network Information:** + +- **Source Address** \[Type = UnicodeString\]**:** the local IP address of the computer running the application. + + - IPv4 Address + + - IPv6 Address + + - :: - all IP addresses in IPv6 format + + - 0.0.0.0 - all IP addresses in IPv4 format + + - 127.0.0.1 , ::1 - localhost + +- **Source Port** \[Type = UnicodeString\]**:** the port number used by the application. + +- **Protocol** \[Type = UInt32\]: the protocol number being used. + +| Service | Protocol Number | +|----------------------------------------------------|-----------------| +| Internet Control Message Protocol (ICMP) | 1 | +| Transmission Control Protocol (TCP) | 6 | +| User Datagram Protocol (UDP) | 17 | +| General Routing Encapsulation (PPTP data over GRE) | 47 | +| Authentication Header (AH) IPSec | 51 | +| Encapsulation Security Payload (ESP) IPSec | 50 | +| Exterior Gateway Protocol (EGP) | 8 | +| Gateway-Gateway Protocol (GGP) | 3 | +| Host Monitoring Protocol (HMP) | 20 | +| Internet Group Management Protocol (IGMP) | 88 | +| MIT Remote Virtual Disk (RVD) | 66 | +| OSPF Open Shortest Path First | 89 | +| PARC Universal Packet Protocol (PUP) | 12 | +| Reliable Datagram Protocol (RDP) | 27 | +| Reservation Protocol (RSVP) QoS | 46 | + +**Filter Information:** + +- **Filter Run-Time ID** \[Type = UInt64\]: unique filter ID which blocks the application from binding to the port. By default, Windows firewall won't prevent a port from binding by an application, and if this application doesn’t match any filters, you will get value 0 in this field. + + To find specific Windows Filtering Platform filter by ID you need to execute the following command: **netsh wfp show filters**. As a result of this command, **filters.xml** file will be generated. You need to open this file and find the specific substring with the required filter ID (**<filterId>**)**,** for example: + + Filters.xml file illustration + +- **Layer Name** \[Type = UnicodeString\]: [Application Layer Enforcement](https://msdn.microsoft.com/library/windows/desktop/aa363971(v=vs.85).aspx) layer name. + +- **Layer Run-Time ID** \[Type = UInt64\]: Windows Filtering Platform layer identifier. To find specific Windows Filtering Platform layer ID you need to execute the following command: **netsh wfp show state**. As result of this command **wfpstate.xml** file will be generated. You need to open this file and find specific substring with required layer ID (**<layerId>**)**,** for example: + +Wfpstate xml illustration + ## Security Monitoring Recommendations - There is no recommendation for this event in this document. diff --git a/windows/security/threat-protection/auditing/images/event-5159.png b/windows/security/threat-protection/auditing/images/event-5159.png new file mode 100644 index 0000000000000000000000000000000000000000..a2f9134fe87579fbb507e6941f68aee995754664 GIT binary patch literal 24435 zcmd42cT|(z_AVL~C5jX)NDEfBANC_>80>bBq5EW@6pduh5 z1d(160VOI;1PmmEfOJA=Aqk}3H@Mq5caL%Q_}#JZIDargR@S@TwdR^@&SySr&IcE* z&q{An+ynxFq|cu_bqNGo+XVc%gEs&z7SDcW03U0DE}cCAD(O(30=`Ii!K`2)(0i;D z-+evsePh5mryvkWrdj;AhUow11_%TPpFah=9OlNL!oQe0p=q3n1N%rd4@$OLs=-E^ z?%k_AdS2_!aDv?Hg!PYgu3i4rfjy|U=T}%-%F((f(%$`UxsPK4-X%VN{6y_*JK0Hn z7e(W?!-v$P8a_Q5pZ;q1t~aRLvoBOxVb{ZGoy*ga!po@6!XRtGlsUE6b#9$D+SR_m zI?LGJRS^D`&N0=dEl%LcYk{doF1GulKj_2KPrST%aQmkFC;BZO^LZ>BCQHro?=22M zOC5n%C*cnKE^hpW|7(VgNNMO2D|Xvf&|Sm&URja>M(%`6XE*?&ymeLC4HHYMc@;Q#t;@FAjrMMZRP>7`_7n?eBau z_apW4)du(jgPc6yVMqFcCd+FZDi2s9W#`6P(GLP2x34+iwo?fpA{Jc43PHw-eu(%! z47k8~Vvr_i!~8&xSrV;n;0>s zx@Kf>gr=!--|!Hm+`mB!#CZZDM&zc2nLFuc(}t13u6o3bnNw*z^lEuh;r}4?YL>*aFV|QESqK87{!& z0sFR$X>+Ae9y@tQIjX#}AS$(9!E=_8 z7VwlxZF&nV%mpfgTv)2^GjEtCEB5NSUs}5?p46ui2L+pr_-V;wyW$=ELzvuv!_aFk zweYc#71J>{UIt~>ttAW4k^BT1JeTzYm{kL3&>4Ald6_iGnA;$lfs62LQIv>w3p0@* zy2&#Wtq{n7Gk(nZDnJyzCr2Dv)uDW3y}F)Er;daYM%*B&W<}6dCPHLZB|$D zr!Zaw8J}9(9wINedcnI5krh61!5fv4^;Vl9!*rWF!B`68;-^tv z#6!k6BOqsqojZCBDU$lC8G_Ao19U{l>7Tk%dLCVA$2?M?P+!3<$^(IFQYQR>NQO~g zAJJN_v}8k2zx-IB`je^gl>0qpW_g^umoaTHK-VW?0pX~YFN5k0BrKeiWA{s7_#+TQ zK&@tMWJJ4X=Lj4QSzCz3lnD43Q4B*H#UBZc=N;`Y+jq4OhKwUR;lQPuqh@v_@ZsL0l+>g5nBJErta+89r{62~hn&_kRW zDX;G{AModgobOEz$7fZ);Wn~;6%;+g(WR(E z3&D=j9%CIup;kmGf|>;E*0MB8Z|?D}h8qM{Wi4q@;V(#zP%>rI@y!#L5}szVQ2DTm zl07uNQXq@Xbld57mb2f;|4H8WpSPTDM@>|{=P%m=Hf|)9Gq)vHpyIx6BK(;Z2AVfbXIfl%J5bT*RQ6al!*XGM2l4_cWjLE41gV$e< zP_t!RyCQBlbtPB)kwkz`kYthk0q?&;gIV6sCy$ zr2nj4Pq`w*`ITp$pad4}DPt1kA+d6UWm3HNJHe%rj4b3rD*k*4DW}!0Q ztLR%-PS)0tF5T49sI&p>C)OznoQh%5^E`W1+(i%PIie~IaX=c)>EvJInLro!GDvt% zBn1~W!;_o!xtZxioUZ&wHXe}rQM#5WuGdU?w<#+#wmTqFN6~5)k^+NnEK|>@9=V2GgEw4O} z6q~<`ku|G3tfG+Xi8^1Ali5+B`*bEg==~?k<*@@JxW9INsLp;@RE4`xhISZDa@k(q zvVS_cF2Qidp+v-%d>+orF>#1HqWs~K;4&q`SgR5{Orli^_=c)^h`taM?RDpHRtF#b zOh9jX0nyGtv%W#U$)y%D4ONQ*sRQrdGkNCEJj{>;R$0jxVFu^aQJOqzcKyV}Wypn* z%m_`-uVu#=fF1tEZspzo=zKL*L%im0%z}SL9Ue0Q6>MXWYQy2jR4LjR5vK|xfbvJA z=D~5_DdOpP}oA9CKZTDQ-Qe--`?FvJJu;q0< ztuRm(o2xZzwwM0t-Z4sifD;$mnsL<@vsAW-ZbRe%_N&ru)cDG#+A>SPkBe7}hl&X0 zm~m|pgB_0-;mR=#nrMX4De|HH5RO6wm264Eoc6O7w_{+a#qc`MgwxR{4L)2vsPU~i z$8J3S&rh-{0I(=)E}Kp&6%}ux@%Caos+pO3;b)hfHo?LoPbY1JEI-xQx$$u_mg-xV zUiVEFFAF?zr?|`r%-b^@`d~sEfJ9^A37FC0Ewqv8Kr}h2=1)T^VJt3F> z8-Bff0Z!1AK%&P}>Xw z-F4jqUI+Y?_V0eWx;>V_uE3d9^q2#EhK^~)g*f?i{0A_0Hkdy zYU0OcT3Ior8ynr{qb7Qbw2}skR-e=f9aH1Oct7ddj3Qp%;HjE@;2iQ9TK}wa(!{BT zlnx?${?09|S4Jvgh19(|v$PsNIRj*j`mAsR)@r#{>m8o;R`xlLK6=#=7?{KhpQ~RC zF-9p8j)Lg{)6s!JmqIS3-oKh47Dj*tNw#S^d`Nci$)i6SdnCIKKE*S?t#`}7HTf7~ zwm;FMOWdo`j>x(tu*{H;H5u3P>&}jj&=rgG<4@{PQt75wjajb5Senth5~l)<1IKw0 z=>C+L`S=NTSlI2%_bD*Q^`=kMBHr6x!;yV%vQP5hZHZ#5+8Kbi8+BW+6Y6g9O6AsNFYYK>_ ztF!kkQH{0QsA_vqK&D&Aeu zr5Y=0?`BV_N5929e2Lp8nlREU7BVR>Z)X;oG&Oo`pQ2ra$pO(-^=4RK%2}yY33oud zTIFJ0cdzP*6s&K@>U{D4zUeUv(4>!!f5@A!i`MxaqHNml3~sVkjwOp*q z>Imp_yTK-_!wVh(%KTfaci&f=`K_@hH^KUTzcYS&bm>X)ocd%BNw~+07g7qj1a6X9 z)p6+m*8wMB0>9$???|Jqb*A!n|y&1h}y8xEUI%^{DEeOK+A3e7)9X+Pg-QI7N` zr;YcZ!^|t=?J2eIu&rMzw~lOI5^NGUne99lNC=^5@HB{4WMgGYkoQV&uTe*yfi`u} zjHLaJCpV{u`)M%uUK^CX23B2SLfc}EGICkIH+-@r#{kk~euEM|F|s?|Z8jC+9aNb| zA1L$R?+(4u77wZm&fy31Pg*1NTgrOI^C)!_+$!ZFMarUgh3kjTSD`%6?0q#C5_7#f zfZdZ`N|cWGwbPpyYRpu%1Rtx%;ya!rri`m*oX-zn^H7J2F&g@nPTtHP3~G?TImtc| z5ne$q>G!g&LxDIaDQp|b@a@)Q zdZbdJkI6}Ha5rS@UlYfTpqRr!ytnOCZB7KMW{llxF$?z|DDLOI=PHa=ZmFOIF}+;p zme`C4wlXAD>8oJv{2Opn2;wLhDIbJ!AeqWP+f)+jH2-q=i=-`Nvx`Z=?7HT6@}|Zw zDM1ug>luoQd93fMVq9|->t*1O88|x(@I3Fmu#6?MQA4O!Pr=ru%`$FRv z5-5&(JFix|+W9Yb{aGzrYwc~UH|ytA?N1d-Ogz1+I+K%nRokHx;XK`TEF0f$OK3)& zo6C{D)+`K1qw4D6hPSG^S++Urx`~$($eYGHX*i#3=Y@#j%Aj8cmzWle@uYh@t5PU# zw+HS}s#=?ZOnc4mo;@qxC1flw+?yOF7YtFn`bY4x&Z`p-WV3~EX9s_u>vh7IKPnDy zI*XEXpl7IQAyIARQGZUeEFfa1#{AyyA!{;Y>?e$mEtk^$Z9 z=@z8C_Dx|?mHvC`fMoDO^S6J&qkJl^CmuO~>){X3tzThASR+$SWj`F3m=~D2o-k35 zEI7~nOK{+T`p>NA9qkU?{b*+fg`JQ^Yw#PSqA_c-<*_p?o) z*lX7v#M{+GSrtIvIQ(yM5)?< zE@XqyhnR$C=B3Npitde`GXm4;mFkrmkO03-01p;W=39T&PKB!HK-)WH>FI)}Y(D+~ z@m)C~&oc{<=`Vvjt$bO{tdrda(^{_8kO%Ct5%Vq)pa4;3SyP<0kwQ_j9VGY{Bc(&b zj-<^*?BmMEmc2w{{Mw9DS3HiU*TK8YTe?4R^+J*gNKR!C0sk{mttv5$U}gd}^ULa= zSboTnx*LB=u7utJQ;_Y9x>&Fla`(2x6_BUIa4op0`p+7v9n^419eJ3-@m;Idc;_X! zKyg5N!_U3obqDu?NvBuc$U#7lRvk~`p8tEBLO5zs-fn=KIQopxQHXGpVJr+Zm_sNr zn5=hoAN46mUguavUeHQ-{)|1Ar<4o0`+`*3k6t2x_MXbc(rf+YQm=*FB98|Y2joQu z+*xrUd8>Q*$)!eUBZ4ky*4-zM0N(8aV9}`h;2dl`JHV79n)aldddT6ua0R+C!>qD(Eu68au8|V%^EFQmS^7jDEHLsuwJ94OkkOrGkm%3-FVk#!%p*8yXkr3 zg_Ui4*PhH8PAV=!24nStf2@H|uc$qDR-ZXb>-bceIsUypt#}ENPy~ zAkguRVowYB#WUu?w`&4!%}wT?yyBM;ktNmC7=>~$9z0W195361R07s;5%7I3mGqHfdMnFya83p+){xSON)M9F=J2!RYktrJl zQWMYAHM(@*nDYG}9rIza($;J!y1(u-YUtVf!;oKbb)BIqN{`y>CrQ=kA?;DUIe5)& z+=0a|gA3ge!e?p&P7RD7OVY%908aYoE8fDOvtgH%Uyo}6xFt+=^`rnhuXI|jWEFCk z+5$}misC5Y_`f!-;<4Yo>i;q=n86?%`9;l@XSi=M_L;LtE~#%gv<;rxF=P$4|-gm=*Lfno+=zUKs?twC3+g-htJ#qGBp>U z-C_F+us(bxX2p8_E)J^#+8$M2Zi2iD%U;oE!{*eO4URNn3WkwquV8KW!p zeBmb^7jBEqb$43n+Mx32Rj73IJfje#wB9{P>#MB(g04MOVLfzabbK8sdo5saz7lc- zGhQ2;TKfX%b4@ZxU%`>=P9}DzMUmjNwB4p zN#|nSG1(H007_VMhsnDQ`q&KExcw^}dGs(4X|^5)H)$;|t3xkQTR9^4kN?1AJ~BW+B4h zA=f0v{hI1{rU`0m6gOOJAb))QYm`bX%5@9tzFJhIG59Reg+}Ed`O+aILqiAv^a0bd zMXXf@f2p|u78!ujxj@r-A&S{e{BO2h&d1%(N75l3-@UF`5fDIhLxhpZMrZGB@bpra#1uccvUZM%9N|9L6 zlYiBqMw>L_oG571Bgt@z=4R$Fsf^BJhTeq@f*J*r;=m zXO%VNoP+qE_v^j zjASWUNWY#S!3dUe?4B6C;X#mf7KE^*m=ZQeuiF=JVJ(k zm0in~4d@x1O@0JbA zJa>V}@+OY|5Wd@GXL@AyH1xib#a&i=`a&U!bu1{O=Hq913*JP!z@bnmb9X>`o;j1d zsm#qg+uMR$G`$(Q&81;vo;3Yq4d#|jWzH<-t^eC3GNvCdl)Bw$5QDG9fgnQdp~9fE zoesPRBULG)WlLkWY-837w9BiJtYgS09+@+g<@70!%f=m6dx^ajW-pjOB zpQ+~eItEnwH9|;3wPr7&r_7>b_-?tO2R|9*bjOzw(X4yESjiv$bJz3|(Xbyq;O0&3 z5#DE5p|98 z)2!KMW7sVvfVq^1g=vP5aNG~$z1++6M0jgzi*|WtSdr}1Rh8|^bYtgd< zU(0t9X6Y?N-;VH?RXznwo}mXVSD->p84HE-n6*X*ZwKFT;NJcBCrX`eo~K2J=NjL~ zpWXztC8!gCR^j{=c|PN_Rn<$owM?B*2b@&rWTUMug_>3 zZwb0b*9tpx-PH~^a0Tzb5PTEA)HoA)UHAn5xjP?+MtLm_bKcYndfeUE`e05_3vBw0 zY%W?5M*UP{r%ZX{U)#{L^nAp$0@Kep&8kH_gw8XV(<3Vn-k*O+9OZRZ>H0Vwbyc2d zl06hegz6vYN1S2oBidQ|LP_YdhUz)LY(MzVR)qiO${!Oa21GTa;|*<^@G##qsGP2x z!FN7yGOOOeGZ^9hcx00l+n<4tG3)^ac<5gL{3k=!@8v;y%*&X(OWHtC3X*K!j}D1tmZADTJBI%Sl7C6L$8 zE?!vJ<9IP9suXsK!8I^#<@`8_ZgYH3m!GIG04uyp!ed3I{LKlw3a!vNnN zl~6Fo`hTG(J3_qG6{s}_M`!qX zz473gA5K$~o3RP?9e*ye1w9e8u?vqPstgsqZsUSUhZRJZ;2Vb1N0U~<%yi$;$E{RF zO*P%;RdQZ*yb&zcybpFBu94&H9vEC!zDVEDdRcI6F0s1Ut-d3Vg!Bp}Tp&p_B)X{V zk`?(EYW?jf-S3ht@z5F?KXF6*ARC(3SNB$w<%<1eS2F1Ix%yptIa_$ zML8mGUlmoJ_#-$Ry}TxsPU$gtHT43g(hm`=S@?eAVGsV|rT zJ5>j?nb~X*OuIn5H5)kll&xK7S&=*ant%#KO?4*r^aYP+iy|V&p|1P6Pp@icTR;4O z!o3O4nt%3+NJyqz+_5zN>fzi+Fq%0{k;SP~>o4;%*k|a9D}v0BS@o(sj<%`%H-Q7? z4&pVgGkcb|=%LLddhDS~vr=7Y)XLN)jhco+JVg{c-DwvjBMEaQ^$MEuR`<2&Pi^C% zG{9#S`TjdJ_R!!6Jd&4bO1SBkQ^g$|GUGk{-4o#bK8_4?A2N1}@k>cGfVQyl zbiK;>e|2{M#{d0iP5+yh{HG_}Ct6(P{5Jf1+UeggQU6&}t(}~CMSH6S@5l3K<51yC zvuswqb7r?>VRw1KXxW#-+wdE3St9%SRkX!~M`Sf`c`fK}4Il}sE*L^?9?nBp*A5QI zUDa!I)dO2JghBiZ*^X;Kcb|#7=z}3PM6Jzqlf0mllY7?>M{ekf^oIaEHGsfKsF(ox z@7C=Wkw)2PneF8(e~3PtU%eJxaG2AbHGbnKWVZUiPYxC?fk-6XeilQH^KV9IuYdup zT_Wr4No1 zw)>Gyw<+JhL340GqM@~+sL7*@Gxy4AN%>V7WOQ}ICHNEGKAafQ3`hV`g0#eNQf$$3 zl4o$$k1y2T;KrGrU?z{Kx$nz#Wz%<~f%8e^pzcNfqTB_KO9iW8hVNb-vWg)3{_$C;4BVjM*gb8mZL)gIAKQHFXU4x#lW;Szfy_Px5z&)tqzfh-!szz-=( z`TG^}=Qden?SS=JYR?fz%h4{4056w9enisXHi<#lz-C}M3}86|>@{yRBuNDse`W34 zY?)^G^@yHSw<}=OtToGM`Fxf>top-Sh+TI{&W~|`NERjqm|n3}^5LEUqV1uZVih@b?v zRolwv=q)!~NtHEv%J)NiTZY3n^HN+>Cq2rv3(@N1W*=p@RXl9Ewf%~}D=;JwwbTMh zH~dbKDJ-mJ_rQI3Lz!atM>Fdt4ua{|5EPlUZMU+l<-J=%jA6_6FZ(RxQBPkS<%f?= zc{a0;pw6!^9x#nAO;N~k{<#L^E58~e%r$USVPX16ho0E8OyhbB4Uv2MhSq~d8@jv7 zPMI|GhdbUr2I~hdKc2$7$vwGG4!!MEhJApqUV$xNXs5h)jvF`zkn$A3epxJPW6!v} zk$rYxzE`H{!OEK38k^q4Iopt{ugZ0BK0iEP<%&TbGxSe;rDMFQsH$WgsPFJ9_SCl~ z?v~qt)$NlbOE#z-CPxU4Y&=-=$SLaR^|{`Wy@=5<${7k@j6hL#OenAzvA3~ z32Mc+2;$K9-!}Oa!q4}LE|gkQg=vnAabzA%;wz zQ!{P1PxOzsG?J1)>#9rdyu2j6O%h}(`CCAve)Bg)3a6B>kv3e74zMaXU{?7r!xWu6 z*TxSYp2QVPBk32`^y2+$FX}}#AVh~3-(V~YLxYMo4KNURq|ZU;CPs`#IWM4 zKs+}J^l|Sh5r%(S*X-St7p^jxr;cOOwj=-vyZ++@(9LF6hfPrf!)?d= z+zfZYeMBCf3s}!e*}JXQ8L=t#OqO!7aDB@UE8p#0jp$%-?NjvU!thMCDPCg z9F!cdXj7fzqFeX@yb%nwDnZok!ld=2q5Y$u?`z!0+w&ZN>?|N z21AWE7rWn*Sr<}LBHcKG>-MU&ksFj@7F5QMba-q9-BtemHs9qXB#cGOPWwuA)`PC(jQv9N zeWyddf}8!lRifu_PIk$%LCQ67*ueKIfcBCd<$f{+J}VApXS$yIx-!4q&6!(QBEJ9f&Q@=2iXi4jO1$z= zZP#Iv$B6@MWo`i1(j)=dKM9C-TpnFiVNU1o9bWLhT1h}S7oWn>TB{) z1^n<9Kv9sJn@*-Ht<91_)sP-cX-!V46*Z3^Pn}X5K#=0SnU(?DpTr;vKOT!nasmdX zpDc*{X#{?qdsl18z>XqY=-wu0xl+0?qBH^y50!`8>$a-*FP#t}{o1{^(8|Sce|Lk6X%{&JjO4WVfB9Y^G z&OQCz-=SBACML)`%6zQ=8j||Hop{S3XYXL)+X@Eus04MPgOI$b4918WZAtqaH&#z$?HsxL)VwhNz}A*GX zbWLXxPI8B*1XA#vCz!*Z*N^7gdfcEFP&S^|LDxd|fv%}%9|B{BrQmP=sAxX~@S=+^ zJ#@5Rx5-xpCK_0HS3!~)W6=TX;5b=p_G!Vr+zoG) zq@16{9bnuak@KSr?$C#6_i@hdZ+Dub4`WO^Q)+m}K{(pR`!OP|1w?i9a+!9DIxwnxcUZmUSy>~%@q zjuw`$Hed@?n5?T7$Zq{gJierGEF<)=%F{I<>|{pFydhzwJz=s^ypm1c3*y_p0A!DD zqdKYNVrv`MSne}@N2QrJk+WNdxDc^Wf1++7I240&g=78z6Pc<{9};`^N{>rE2*a=x zLh{Lv$G#qy77Iu<7P>qXV-IdZ{%zQ#jd6kV+iOCJtxY1(4xB?@XrR*7w}VeYdx7!v z3xR~259F}TxuW_5FAcXi64y9kyMj&1qN36iK=bF=im{j>N%RZBCw243E(gS;ip4Iz z@?(Kdl~8+*m=&ukJ@Ra%e)D0#;&~rh;Fl)FJ{@`t3X0c5 zUsfZPC}`_-CUezpG~xU$(Ct@hA!CSJzu(psd`B!5xTL$i;Vdy%ayaQ&=z`-ZkE8g^ zBI1_|mC1!tpfJ-&sU~v?(Ii%Qi&toadMkL4v;5$O!T~YHH?1*S?+%IH50a|cdl=?8 z{@Hys@nn9Ky)~AVb#3EEbBRbOQxCc=)_s-pO{ScbWAE;x33}H!b|Zla14q)vPZriE zDloE{6;6ZrU08IvddTVzCZ$!P!)a1Yfo8v--3#6pYj}{`d(ChRUE#P$!cvQD99vXQ zj_nf8-(T5rFPC}e0JCVs2(w1*jNAdR|M!NN`Ilys&=)Vqx9wAf1;1;XyNjNut!Tj5 z-^<(WL|bGBJwSf`SeRq{wdnZ+R45R*ZZ%zkqzs+p27V$=FJQAoL7hU{xw2E$QPB7Um_G&irg2nn%pVFIX%+6 zqqFgE_wFWZCZnea);nXWD3r5qtg@ed0!Q!M@z}J;51YDf?T!Fm{`gj6R+y)l|Q{nE><*VE^|+d`giy_5_Qx|#`IDn;GmEE(63uDTTPO*}cY~fOU}@n|xM}qy6&nU#M05yyk5PXgYFSEy_w_IP+VS+A~=P$iXHP5A(wkFL%GerI-hd zc(VQ6f-W&X2>v8#T6*!~TJMjT&pj`-{4#SQb7S3uS|I1lZsKnFj`bJzx@b=#?_^IW z`*IGzj4J#s$dY%t;3lSAtp6X(dk2y3F?9`ZlU4$-B8P@@y%CM6LeHDdTg?afzR+JG z7Tt@+U4~SHD_3=AzsWsEP|aO740nj`j;3b#gO?1J*a+%UxZ|t^H|ozyhQvM0QGe47 zXp~ZV5DH6b)wJl%Vh$#dx>`Xm%%kT`fyIHCFC<;l_a z5wd%Kv^JGKqMxmw{S^GxUt(B80dg{k9}RKaIx^U4hddHf>z>(YY=u-^YPFkq)W&3d z8jeVZ}XoIi86F! zW9JqCQ<47WWs93%rf!PY=iQ;BQpA37VhUa0TTb9V)Ax~2fqdQgK=?z-!-*PF0gzn9=1Lr?pe7>xr5^B6P6`_+vo|^9eevlai z>(yfJ){C-Kn@!6OrB8iN+5GB#b$eL04=LWDyJR}DH0w<<8bb|+PprfQh+?A6(Kp}4 z3C46cfFg`X_bog_)VTI$o)_P{PS~YLqM4 zcyUN17ONmSz;y23)Vv061oSa`6$;^=Y`T@DmL7M{Y8Ld3Y9^Yi#;4wfzCV1+ zzdSozOH<=~uk(+RXB~j&XGy`rt|(#iL~(b4=;6=5Jq^BfBHALL%Axo16p#thNVUAJ z&SD|+1*1pIRLro41ygA$KY>BInfc^Ix;2Wb9dZZOR|1)#?KM{nG%i$wV6hk#6${Wu zt>3K9^>rD-zi4qLN^WiSwv!>E$6EMiueHqYNv^7r#}V~yrv8d%xjvL9qOg=rPK8s? zFPoY9zop(Xt|8z{aJZP#w@RE5+n9i(8(@9Ct<_4vE^sVi%X&F0miC1Rv4#9TpED{3 zf@aQg!WKik?Rr=ky)Ac(Y#3)Nz=27xVwamM#Qm>uEC9|QFb$H!my1oC*i()7$IQ=( zgmbt(r>jw` z=5^lL8n+*80kWoUWWWCV;%@rG9G6Ag)1(?t{N=YwLC@dFHUraN#gxPjyMTB8b7dqo z)6@Ux!rmU6wv)P3eB(RxRV=LozrFQtaOY|kXV?*mVIW=kxA*`;WOWzBL0gaB`eDug zG)n)kMtT3`Nz~q!ON{}}?cJ5sn!49E{io^Dq;C(@4!c5u)%QO0H%#8uiP_LyMDTgwmA3A1yM+<=gMr|LY* z1k8o+Bo#7U0u_R^np0KAS+(pV`)gN-T7WcHeiUZ&h(}2QgP#95Fg28aqz*yrun0QJ z*f8;_JJArJN)G_}$u5Rq%22nY%C_=gN5$0sfM-5?H#?4q(Ug>nxnqr&2T$%+K58g| zOi#^-u-VlXcg-aBdz-MXc4SByD+(Kk5BcRe9J<7$Ev~bYd$4ujJ(49Xf0>B3Loh9`)Ko%u0!FFPiolV-cBIt2^o7?@uQSM%Px)>;a5ngD_Y zlJw&)1SrBMC zSu8fi*!C!vJyPy%lP6O(F~HK~4(Ufb39Fs%iAUG_-6pfWwtotybPfey=HVcbUuH1u zF0g3bgG>YD=)}Xw`gePYGvCXtMC$-DwR#7Tob82@lObH0i?M@TwGUv?3yHhN`CiA& zpqo1ko@P`=AGhCh@B21!j1cB3|>V<>CF8^UR%8Vr{H=i;KUGG7i~GDg}5e9Xr#0 z=>1GHJIXYeI0xi{QG%yVfi_pbAvo%!aKuU01%J*APM2iZD-@ zCPpN9aH5Fa^%%Rk9hh1A)Ut7L$#DEgcseev&R|rK`p((gqurpPr#5fJ?G-9AQHkrH zNcl3Go2=sVxm>sQr&jd__0)CxVyP8Hm#)a!%RlksD#UK}jTg*Al`qL(Mcx~1JKe|j z0$1N3+5-vW#(aLBJS>?W^>I7YSA9pN=(6|B#7^RDe^SAW4M(VQ|3gsZ3~g@l>Iuj0 zUTIu^v%aam*4xA(ZVCMx{j!oz)uAKwn-e}Y!q_LI`!nX#;f3$7+z`pQiq4R(QU*O- zV&2P(_5H2d;oUcWseAa|ZvY!w{rctK^g624cWjR`2K2f6ua)n+I$$dSK1tMibLAr0 zJA{tw_ZiR>MPAM4_mL$d{W;8q3dcdEuXRsO-hJ3SbWr&KMQ$3kL!e_UlP*=Y3rxz& zre(}v55A)*!A)Klk2-3gBS#qD3?O5Q4;#eg23OX*Gg~^MD)!4?WNs@-A=DKV#7lji zPf4j;Cnvtyncmta#W!jtaMyi=&k%|3MrR5=9vNNf_b{JOm=28(kDonx)&@(s(gV2? z0q2{y;Brx>p%az_%@EZhe82gdg)cK+%jt20sm{bDGrgS+$2@jG2-WCv#wWBav0XbE z6CdjKEcdqIB<(H7VL*PrUeZF@kL5IMqGG{-F&5qaNbrPt0Vok}j;-uk*-!LPNHcnu zmrq3e`7+CPC?R_C2O_R1*>@Sd9#RrtPK1O92vNLY;O2end`Jbl?{nUv@8 zVuCU?s%wLiOPQ9W*jUBK38toNMljRSgJG0fl{x`BqlXTCK68X-xN=PeU$!~Tlk*`` z6Mm1oFa>>{?D2A68XZkBuB2wnVXu+dP*cAMr)m{yn$BeB4$kRLZ52`Y2-IySn>Op^ zuF_A8Z@9S(>TQ^%5z!el%r;QJ4ROM*L^@JyIRZ%4N;^BzUWRDdITKG2O$pxwGF!Jz z+#Mt?I%+hQ-7?AV42|F_ZXSpOszg4RgH6U`+8S!w>GQvK#HI|jmlWiBJ_wCl5td-> zHpx%EdC$X>8vo86fQvZas6?Pq|F}-a^)zm(2w&GbJi9xsGu%UHL2sa$7 zZd5gbni-Uu3bJIIDI;$alhOqFFW}n!Ek@PWlAY@*%DZsR+0b0*kt;CK^=&*OCa$vHAR@(lH1Mvfse_P96OxqX4pX)!EzxmwSOP_JHffNm= zJCE}x&H3EY57Wx$A63>0j6xV3N^M_p1f}%>=s5dY8QBP!U6Fi>cvoG-uQobd!9!8*`o;CgygnFd(20w8f zkJFCWI>Uwe{1n4V(IK*%95=ygevK!c)jImBm#{J-b%9{f$ zh3PSF$dtmQhbQ(tH(fSPHt%<3=1rc_^RrEr5L0!`5gg@_P#;$o zjzDUyxU&N~JBOpRf7fO@EvhDPoVDrcav5C6e9(UK%tTs}sD8mlQwe+4Jdu*cj#xBBX}>~-nqm#m=tO5KwzDMghwH#}bRsi@ox4LAr~rTjjISDgvmdoqTkF(y-)&4$apje0TH? zY_ZD=mgGY>Rg#rTOtrN-vW>Oy6XMn%bYq}$K>rBq2;|a%fm6i6ciVb$$i(2BR?%*a znF80HB&#Z=xTObUjRqzH^m#)3ihy^r$}S3fzgt|3IkMGVbV}3+S0w&e?ld=0q0J2# z9}(>;*;PjKgN`|*F^`vl3wOwQGQN)Jx=X!Tgr?vSIvvGQZWp%qm{*N-( z>875~jY35PaPRuNF6-mD@mZ2)hRKf%^QWn6K;M4XXx+VsstjEE(qy%ah~y^u-`)kf zw(-AF(e;0Ts`TjjLIjtv;;&zDx#8*!o>k;DJRWsSxzkpFGJ(i?NAatV72G_k?M&2)S#PSTiGf>vJGELIH`teUMo^&+&9)=YCQtWL$FA{J0iX9g3o7>SWnZP&5%^ zVIHmG7feVsWvP`9_dHEXQMJ&phntr#QR~AL&()1y)%9}at)njL1fM6&BCKg4S;aFx ze=p$j>8x_DB~}l0iO~T`s_B7LY!qS)^9u<*O~E~RB^UXSa3^gA@8=babVyB`wSJ4A zG@p4=$5eWVb1NYpf#;|_3~8C`9D4si*r1Y)WE;OCrI2dzdL!|J3v3tX#`+S!Ma3N* zP-X0}P=Y>5&tXJ%3oahQf|T!&TI@*$3+YJ{Jdy?5p5rvWpRD9sYd4xDZ;Xj}D?6ooSTljrL&4Gv7mQZkE475W zispTP%R4M=FU#Mu<_%8@;kEpiS;XE@){IhH#R%y!i)R>KZhbs8WqM0&_a%=!;*tDm zNn%Tqw)}ZZi>#mro?R7tT}lQ!8yAzJ-gKfdbo?j5U-`K{Pid9X7iy(@wYTXsc?u%; zkqJU_^)&YeMYV*0myLkj!ENjA!pqFjs}p}z7#p4u7jxlgoB*eYtZHlTi1CGhZUMVp zc#5bI;`-c_me0GW*zA;ZpL&GSIS^v>7GgU z*Z2PlT?+P7LOYG`asRS@Pt`2`t7JgfaF55ae7Y>sVkRqPVZFki`v-Hz*ZqV`4IDux zD&%Cc{k+*OdUUHO$AU_Ejs`OE$qH=VmcG9-OE65cR4+*^`h+MLpKwFo;Td~ZeUHo5 zO0UT`7ZC6Gx)4ku;M0J5G#nG&>lKyiN9iDUR~L2D@)QpZ zXzuK1q;T`T@QWmd+bRN60x2WFO-R-NK8gIhpsc4;qaB;NUZA1;AuOV6!O@tZd5rch z9Ch$;s|s#_e;?5f*=xEDupbj-SYLgYj1?s~&M>pbhT40mVc~-R38!(2O~p&C%Xhqn zU)5>bd~%T((e3rvb^hm^PJX&(1ZFx&JqRrg3v_fafA?Xyi)yyH={%`&1A5HSGabgXKP1OGktQO5vCiS-ika5<&bUQ5oSqgV=dqN&a5XG?yKC?vyZu;gjK^Srch*#QtYUu7*b=&hhsZ!o)BE4j?P?hTXh*L>d<$coqGXlU@iN^Ob{tih{l&3^PZ1U5qr$^)!)5-F!#JcIc5NYYc|cW`TGRXd za#nHJ0KL7iCfKqU--+)0YD^7HXFs`w0jT@}o*m%7I>Loh9 zj%kF6SiCp*9$N;z))CfnM3J>Lp+haSQBOgkfpWk_rVewZ%$n+eM>8{Q;O(5ple<>37unmL1&~HvjEodC$uyQJrNtOp%UphiNh;hW_rM(KEBZjK z--57aOCABZoD1XD5)yeDV|h z$X>;mO%~6t{~emtnCz3jlc>ra)e6k7)C`T@R;Doqz|?-w^`Tp4ijV8Eu4%P=gJv(i z({zGWH^0NFL4HpfOOk&7Rd=5VM*0tX6WRVXP6PsShJ?@$_mrNy(Z><-TH;Ra`(6=yvK|wE)Zxug`D2tr!BjuIGFmn z`VN(G@iAtDml`EANBLM3!|q(vvg*d@t$BcJ$fPCmxBF<__IKG_N^6{a*wkZ9c9Lr? zM~j;&D|7+WQd#A!5tL04ElM@;>>aB)h8k(x4etnGTr8GnaXs53o-?TjqLSdBE3E?>a8N z0#cqe>vv7*E?l%l*B*elonrL1gQg#W$aFOkkQ;VOf1pw!jFJ+38}$6=t(cX;-=IwQ zQJA3HFaI`N>A$%+p{jrbCnPq^O;9PC`ZU+jqsaF%cc6eQHf~r$v_$aV8yyk&yt0JV z^u{6<7niwAv;;z3+P9I2Xb&p6ieI=FX9Q5Xd(rcxpK9C-jY?MU@>7Y2-R35?rCj*a z>D_XZa+iMv*~Q#gK%W2Y{&;6X58&yL<~r|orZXDY*In_S*qY)7PoxFHU7uSW(rR2VCU}R(Kq+2?KCkfMUBDw3lx!ZSI?f0FVGPILM z5Q6k0R^6tP_Kt5eScVSrX6GRoZoIjuYo0zJ|Fy&CJe9Ma@gx{Ao&9Wby^Mch>3HaC z5b_t`)?tfPRgM7Ry6vHlaol^->5IoxrE?Z6&$@sA z=&qQ&+gEo!VpD}AULj`8sD(RV9=NJc6yZ#aQygg{xajyw0JfCuiI*j1CX=V8Kkt6h?Ifpx zSxB1-B{eSh_w6)aQMHHsS}*nJiG;^9G(7=&m<@luJ3j_pr~a0bs9IcFpC9=J9^F&b z^8$CNj+eOX^^K=AI6tup5xoYd<_rM~N@&&P#XSy!ah-Ax!Pgz;yyXk-5Y+%w`tlEL ze=g?uduorkW_!ZrB*pQ0C%Vp_KC>0WOPnb3UYcIuvF z$KuI6J+O8b)%MLyUd1K5T;2JpDQ>VoJ#3v&Fss1Z-EqrM`uACN(oc=$QD~CK4u^I8E0#b|R0x@&g+37(~I&$DqE4l>oI#F#b@4)u+t!C}Lf?FMiuX0HrFu$2nO!^8mt-TtnU8bHj)dCFU)qAqzmM(c_?R)Z@>wk< zPD-Ig#3-SjqiG1MhkxWtN8d7=%-Ct6XYOaykH_-s_q>tC;$A>ejkO=G>dfDv=ikmx zxy;i~n{-C?ZFJ)OzH2*EGW+~)!PVr({l3#kUCSDFPHSl^H+QIH3ScIE@%7!8HysE~ zw>$5)lPGfK{4cD6rW|VziB}$L?X5A-Kd*j6t%SV!DwZ`sx$SFazE{U-BZo3S>zQe8 z#e(DY0%6q6ZeQxI9v}2E|7Xv^oOVLye9uGzFc_BC6!&`rH@FlVPDSyb5f(UcVk%dRfn4S{;2{{JbDIdHBySh~ zn+AZ3|9$E!ZhN<|@J}Ynq$!jOaDA31#~KOl&mNsyb?w=%q9*3TV)hkQ-LxTq)LQ{n z&@*LHZR&bcAb-o*8J%cADMc&%WKqbd-6hf~8Lcd(_(G3xQ(z+fg8UBvN+_YM@;c+G zMtMhH^M4j$R;gJ$4HW?~h6Il0B_>3F!MbJ1>%-2M|7heWnHnG0&>@&~@L%0u=~?U@ zKQ0l{iV9K+ZvPI@!ir$22Q3U0G?%a*auv~L zvZZdGA1mgEBGws&l!xiqlmxAUDW9MBBDQ^wH^x-%YNH*$VH=ql)u6VkGiK(GP^lCk zwTrwg@KsADZ9f}g73IpR*d_p?Q*Tl1NIlM$MCeFD)*@{>fVz+q#Fya`1Hc5gw%E}E zNj}jQI{Arxoy^tR)y70US`;1zHh{|kQY0p=l<8BLRDSu7ec{Sw-D`H0)6<{nie8l2 zjGgRzT^%WBC(R9kl44VF!mA4qAbGk_yfq!?S{?RX#O}aKf5jh4OUA&m754xcC`HZw zZRPp+t9()zI7$zr+Hg=DVNC>5wx)*#7p^~4-BQJ`0L|K?TW8__P~^d)1o>ak)kDBO z{w;bw!jOM_tPp*}_P!4UKf%gFM;W~#a*#t~*QtLBB~(D%q5oOLRIINK=W&8&hJ!AM ze*DQ1w||J=Tx=p*1eI8x583dWLLDj%o`6m!4_2>bQYVbOL*o{=gJzPqU}m7`>A=1j zw{uOmWbnM&z~25D`M{%ZM-Dot;q9W<)kWCLn=Vw|1^p8el(5;8 z#s0fYmXVt}!Yivo6UW)sbXc5zB5_ZA#xX*wWMe)gx|>FWW`{Nn{MpwC=-c>bUm{%D zn&d9O$Z-_cOWFC}{aS$dQGAZbv>e^`SA%`XC4E|C^4yP!$&%x`v7bF4WIt}ZkQeN} z{@!Z9cVa*yaF}?e4XBM8Pw7PF*86<3>^PGWRe*6k_{#_EU_0dV>{Hb#$jOB}pQ_=? zDwdT9cOU+ObDIr^l%T(aD)E%NsWF}68fnP4sDF5qk;daJ!FgA@!W%myj5`c8*h-55N`$sCHPFRnkVsTzgdzOnP$)9_#-hyoZnmk)I6vj z$0C}f4|{0HPZUF1rH}Z7K_Fk@(n_{jt_+K*A;7LByM-of!!s1rFjxX+G@dOSn64?%%Nm@(_q4)T?>|eFRk{_ z2ri3_n2XTEf*~-2(%dX)KsIq!0$K?I>EsGvo=}U5J2!2Oi-%rd6;>=_cLls>OzRcHt%t<6j$!lTc@oLCtVn{?yFMZ;Na9S6_D+ z1!=r)27xXJAX+WyHZa0UkCzzNuzUa~8{cwyvVXSVoS@XJ+N>FJqR5BNlLo!G2*VBB zYw+lkYbzklX*U(%Aok zOA9GL|G!#j|89g>!@p#sa|pt~;y)h~XGH%J25Z6NZ&fQyI3gXIMiDLX@cc2;Io zN5E@xeo%ID_I}&~VO9fn>jumtn_@oHlvP$E6d0-`^Qy?yStV^;b#AmlMY9=6A)d~= zzV3?nWfWJjW0-{klo*j8zDN0~n2<{rK+_KRF~tyw)IAWnKA61gwWBWL%#eRWMY(sd z^|UdClWkG^z2EZMs*HbrE94l59f3Pam)tMd&`L6`D!s>{aKtBlHJDBdGa%8`^v`;& zqH?swFPYU;9T86mY+Uc8bhm!nTw4kd1S-JL(yPZsy$p`kmB#8Fv}=B$A<+h|8=Mmx zAhAUwS8|j5U33`0_`+Cm2l{c1eNBt5NJ{N~;Tp4>T)O-U?dKFF3>5M;uMELOy}U$S zX;&yIx*}cS#nobS4-IB6spsz)d7OLAfAkN^UyBNkXQBL?cK2TiXT8d$Gy4*+-j{Ma z6>ZWiB&9hAWVr+Y>V$Xht7<~?Mi|h}DB<+>TObuJ3?J=o<8w#S=J&&twsu`6=U;dI zp=yKI*4r)tiWbOr;Wv*}k>3zRy)M{11kRO~)XNnu&i*qm+?0i;VfA1C|4(9}+&a>h zodD9L|6(VHS2O&C<|EWc1kF78N{4N{g9!;?o-m+_^piGk%cRx;?d;vKmF+_N5;QVm zS2KiU`Ok8l&9IFxa(^|N*IqXJ#|dg)Dm4HN@QmS2$eY9fvr~5sOMz#g^Ji>NSDf<1 F{1ZTYZh8O! literal 0 HcmV?d00001