From 2e384f69c95a2bcf262d36c9361c8a699623f3a0 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 22 Mar 2017 14:10:56 -0700 Subject: [PATCH 01/10] add new event IDs 9-69 --- ...g-windows-defender-advanced-threat-protection.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md index e95197be01..d071f08968 100644 --- a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md @@ -151,8 +151,21 @@ Event ID | Message | Resolution steps 5 | Windows Defender Advanced Threat Protection service failed to connect to the server at _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection). 6 | Windows Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found. Failure code: _variable_ | [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md). 7 | Windows Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure code: _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection), then run the entire onboarding process again. +9 | Windows Defender Advanced Threat Protection service failed to change its start type. Failure code: variable | If the event happened during onboarding, reboot and re-attempt running the onboarding script. For more information, see [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md).

If the event happened during offboarding, contact support. +10 | Windows Defender Advanced Threat Protection service failed to persist the onboarding information. Failure code: variable | If the event happened during onboarding, reboot and re-attempt running the onboarding script. For more information, see [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md).

If the event happened during offboarding, contact support. 15 | Windows Defender Advanced Threat Protection cannot start command channel with URL: _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection). +17 | Windows Defender Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: variable | [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md). If the problem persists, contact support. 25 | Windows Defender Advanced Threat Protection service failed to reset health status in the registry. Failure code: _variable_ | Contact support. +27 | Failed to enable Windows Defender Advanced Threat Protection mode in Windows Defender. Onboarding process failed. Failure code: variable | Contact support. +29 | Failed to read the offboarding parameters. Error type: %1, Error code: %2, Description: %3 | Ensure the endpoint has Internet access, then run the entire offboarding process again. +30 | Failed to disable $(build.sense.productDisplayName) mode in Windows Defender. Failure code: %1 | Contact support. +32 | $(build.sense.productDisplayName) service failed to request to stop itself after offboarding process. Failure code: %1 | Verify that the service start type is manual and reboot the machine. +55 | Failed to create the Secure ETW autologger. Failure code: %1 | Reboot the machine. +63 | Updating the start type of external service. Name: %1, actual start type: %2, expected start type: %3, exit code: %4 | Identify what is causing changes in start type of mentioned service. If the exit code is not 0, fix the start type manually to expected start type. +64 | Starting stopped external service. Name: %1, exit code: %2 | Contact support if the event keeps re-appearing. +68 | The start type of the service is unexpected. Service name: %1, actual start type: %2, expected start type: %3 | Identify what is causing changes in start type. Fix mentioned service start type. +69 | The service is stopped. Service name: %1 | Start the mentioned service. Contact support if persists. +
There are additional components on the endpoint that the Windows Defender ATP agent depends on to function properly. If there are no onboarding related errors in the Windows Defender ATP agent event log, proceed with the following steps to ensure that the additional components are configured correctly. From cc72c58bd4da00923d056236d5dfdfbdab963407 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 22 Mar 2017 14:53:09 -0700 Subject: [PATCH 02/10] fix product name --- ...ot-onboarding-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md index d071f08968..d674dbcf62 100644 --- a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md @@ -158,7 +158,7 @@ Event ID | Message | Resolution steps 25 | Windows Defender Advanced Threat Protection service failed to reset health status in the registry. Failure code: _variable_ | Contact support. 27 | Failed to enable Windows Defender Advanced Threat Protection mode in Windows Defender. Onboarding process failed. Failure code: variable | Contact support. 29 | Failed to read the offboarding parameters. Error type: %1, Error code: %2, Description: %3 | Ensure the endpoint has Internet access, then run the entire offboarding process again. -30 | Failed to disable $(build.sense.productDisplayName) mode in Windows Defender. Failure code: %1 | Contact support. +30 | Failed to disable $(build.sense.productDisplayName) mode in Windows Defender Advanced Threat Protection. Failure code: %1 | Contact support. 32 | $(build.sense.productDisplayName) service failed to request to stop itself after offboarding process. Failure code: %1 | Verify that the service start type is manual and reboot the machine. 55 | Failed to create the Secure ETW autologger. Failure code: %1 | Reboot the machine. 63 | Updating the start type of external service. Name: %1, actual start type: %2, expected start type: %3, exit code: %4 | Identify what is causing changes in start type of mentioned service. If the exit code is not 0, fix the start type manually to expected start type. From d23d16f86ca5b1ddb0b325d457ef7941cf351a7a Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 23 Mar 2017 13:47:50 -0700 Subject: [PATCH 03/10] update event 10 --- ...ot-onboarding-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md index 7f6b2fda10..1569534348 100644 --- a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md @@ -152,7 +152,7 @@ Event ID | Message | Resolution steps 6 | Windows Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found. Failure code: _variable_ | [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md). 7 | Windows Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure code: _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection), then run the entire onboarding process again. 9 | Windows Defender Advanced Threat Protection service failed to change its start type. Failure code: variable | If the event happened during onboarding, reboot and re-attempt running the onboarding script. For more information, see [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md).

If the event happened during offboarding, contact support. -10 | Windows Defender Advanced Threat Protection service failed to persist the onboarding information. Failure code: variable | If the event happened during onboarding, reboot and re-attempt running the onboarding script. For more information, see [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md).

If the event happened during offboarding, contact support. +10 | Windows Defender Advanced Threat Protection service failed to persist the onboarding information. Failure code: variable | If the event happened during onboarding, re-attempt running the onboarding script. For more information, see [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md).

If the problem persists, contact support. 15 | Windows Defender Advanced Threat Protection cannot start command channel with URL: _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection). 17 | Windows Defender Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: variable | [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md). If the problem persists, contact support. 25 | Windows Defender Advanced Threat Protection service failed to reset health status in the registry. Failure code: _variable_ | Contact support. From d2f42e3f4398b483bb7c9d96e2188dd923241a78 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 29 Mar 2017 13:55:39 -0700 Subject: [PATCH 04/10] new troubleshoot topic - get secret --- ...ows-defender-advanced-threat-protection.md | 1 + ...ows-defender-advanced-threat-protection.md | 1 + ...ows-defender-advanced-threat-protection.md | 1 + ...ows-defender-advanced-threat-protection.md | 1 + ...ows-defender-advanced-threat-protection.md | 1 + ...ows-defender-advanced-threat-protection.md | 52 +++++++++++++++++++ 6 files changed, 57 insertions(+) create mode 100644 windows/keep-secure/troubleshoot-siem-windows-defender-advanced-threat-protection.md diff --git a/windows/keep-secure/api-portal-mapping-windows-defender-advanced-threat-protection.md b/windows/keep-secure/api-portal-mapping-windows-defender-advanced-threat-protection.md index d551629b2e..b3c77c715f 100644 --- a/windows/keep-secure/api-portal-mapping-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/api-portal-mapping-windows-defender-advanced-threat-protection.md @@ -78,3 +78,4 @@ Portal label | SIEM field name | Description - [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md) - [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md) - [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) +- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md index 21b8b172ec..24a44e8c0a 100644 --- a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md @@ -183,3 +183,4 @@ Windows Defender ATP alerts will appear as discrete events, with "Microsoft” a - [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md) - [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) - [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) +- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md index f40c7d579d..976071237b 100644 --- a/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md @@ -138,3 +138,4 @@ Use the solution explorer to view alerts in Splunk. - [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md) - [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) - [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) +- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md b/windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md index a645f8ccad..d58165e02a 100644 --- a/windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md @@ -53,3 +53,4 @@ You can now proceed with configuring your SIEM solution or connecting to the ale - [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md) - [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) - [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) +- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md b/windows/keep-secure/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md index 670143cd10..785b003629 100644 --- a/windows/keep-secure/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md @@ -193,3 +193,4 @@ HTTP error code | Description - [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md) - [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md) - [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) +- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/troubleshoot-siem-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-siem-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..a032c56479 --- /dev/null +++ b/windows/keep-secure/troubleshoot-siem-windows-defender-advanced-threat-protection.md @@ -0,0 +1,52 @@ +--- +title: Troubleshoot SIEM tool integration issues in Windows Defender ATP +description: Troubleshoot issues that might arise when using SIEM tools with Windows Defender ATP. +keywords: troubleshoot, siem, client secret, secret +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +author: mjcaparas +localizationpriority: high +--- + +# Troubleshoot SIEM tool integration issues + +**Applies to:** + +- Windows 10 Enterprise +- Windows 10 Education +- Windows 10 Pro +- Windows 10 Pro Education +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +You might need to troubleshoot issues while pulling alerts in your SIEM tools. + +This page provides detailed steps to troubleshoot issues you might encounter. + + +## Learn how to get a new client secret +If your client secret expires or if you've misplaced the copy provided when you were enabling the custom threat intelligence application, you'll need to get a new secret. + +1. Login to the [Azure management portal](https://ms.portal.azure.com). + +2. Select **Active Directory**. + +3. Select your tenant. + +4. Click **Application**, then select your custom threat intelligence application. The application name is **GET FROM SME**. + +5. Select **Keys** section, then provide a key description and specify the key validity duration. + +6. Click **Save**. The key value is displayed. + +7. Copy the value and save it in a safe place. + + +## Related topics +- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md) +- [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md) +- [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md) +- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) +- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) From 811d6a560733a03fc2bbad8aaf2a85c893f85a10 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 4 Apr 2017 11:23:32 -0700 Subject: [PATCH 05/10] replace code blocks!? --- ...ows-defender-advanced-threat-protection.md | 66 +++++++++- ...ows-defender-advanced-threat-protection.md | 114 +++++++++++++++++- ...ows-defender-advanced-threat-protection.md | 114 +++++++++++++++++- 3 files changed, 281 insertions(+), 13 deletions(-) diff --git a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md index b7f9bce85f..df1301d438 100644 --- a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md @@ -45,7 +45,71 @@ This step will guide you in creating an alert definition and an IOC for a malici NOTE:
Make sure you replace the `authUrl`, `clientId`, and `clientSecret` values with your details which you saved in when you enabled the threat intelligence application. - [!code[ExampleScript](./code/example-script.ps1#L1-L60)] + ``` + $authUrl = 'Your Authorization URL' + $clientId = 'Your Client ID' + $clientSecret = 'Your Client Secret' + + + Try + { + $tokenPayload = @{ + "resource" = 'https://graph.windows.net' + "client_id" = $clientId + "client_secret" = $clientSecret + "grant_type"='client_credentials'} + + "Fetching an access token" + $response = Invoke-RestMethod $authUrl -Method Post -Body $tokenPayload + $token = $response.access_token + "Token fetched successfully" + + $headers = @{ + "Content-Type" = "application/json" + "Accept" = "application/json" + "Authorization" = "Bearer {0}" -f $token } + + $apiBaseUrl = "https://ti.securitycenter.windows.com/V1.0/" + + $alertDefinitionPayload = @{ + "Name" = "Test Alert" + "Severity" = "Medium" + "InternalDescription" = "A test alert used to demonstrate the Windows Defender ATP TI API feature" + "Title" = "Test alert." + "UxDescription" = "This is a test alert based on a sample custom alert definition. This alert was triggered manually using a provided test command. It indicates that the Threat Intelligence API has been properly enabled." + "RecommendedAction" = "No recommended action for this test alert." + "Category" = "SuspiciousNetworkTraffic" + "Enabled" = "true"} + + "Creating an Alert Definition" + $alertDefinition = + Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) ` + -Method Post -Headers $headers -Body ($alertDefinitionPayload | ConvertTo-Json) + + "Alert Definition created successfully" + $alertDefinitionId = $alertDefinition.Id + + $iocPayload = @{ + "Type"="IpAddress" + "Value"="52.184.197.12" + "DetectionFunction"="Equals" + "Enabled"="true" + "AlertDefinition@odata.bind"="AlertDefinitions({0})" -f $alertDefinitionId } + + "Creating an Indicator of Compromise" + $ioc = + Invoke-RestMethod ("{0}IndicatorsOfCompromise" -f $apiBaseUrl) ` + -Method Post -Headers $headers -Body ($iocPayload | ConvertTo-Json) + "Indicator of Compromise created successfully" + + "All done!" + } + Catch + { + 'Something went wrong! Got the following exception message: {0}' -f $_.Exception.Message + } + + ``` 3. Run the script and verify that the operation succeeded in the results the window. Wait up to 20 minutes until the new or updated alert definition propagates to the detection engines. diff --git a/windows/keep-secure/powershell-example-code-windows-defender-advanced-threat-protection.md b/windows/keep-secure/powershell-example-code-windows-defender-advanced-threat-protection.md index b41b8bdaae..9bf4342870 100644 --- a/windows/keep-secure/powershell-example-code-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/powershell-example-code-windows-defender-advanced-threat-protection.md @@ -36,19 +36,43 @@ The following example demonstrates how to obtain an Azure AD access token that y Replace the *authUrl*, *clientid*, and *clientSecret* values with the ones you got from **Preferences settings** page in the portal: -[!code[CustomTIAPI](./code/example.ps1#L1-L14)] +```powershell +$authUrl = 'Your Authorization URL' +$clientId = 'Your Client ID' +$clientSecret = 'Your Client Secret' + +$tokenPayload = @{ + "resource"='https://graph.windows.net' + "client_id" = $clientId + "client_secret" = $clientSecret + "grant_type"='client_credentials'} + +$response = Invoke-RestMethod $authUrl -Method Post -Body $tokenPayload +$token = $response.access_token + +``` ## Step 2: Create headers used for the requests with the API Use the following code to create the headers used for the requests with the API: -[!code[CustomTIAPI](./code/example.ps1#L16-L19)] +```powershell +$headers = @{ + "Content-Type"="application/json" + "Accept"="application/json" + "Authorization"="Bearer {0}" -f $token } + +$apiBaseUrl = "https://ti.securitycenter.windows.com/V1.0/" +``` ## Step 3: Create calls to the custom threat intelligence API After creating the headers, you can now create calls to the API. The following example demonstrates how you can view all the alert definition entities: -[!code[CustomTIAPI](./code/example.ps1#L21-L24)] +```powershell +$alertDefinitions = + (Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) -Method Get -Headers $headers).value +``` The response is empty on initial use of the API. @@ -56,18 +80,96 @@ The response is empty on initial use of the API. ## Step 4: Create a new alert definition The following example demonstrates how you to create a new alert definition. -[!code[CustomTIAPI](./code/example.ps1#L26-L39)] +```powershell +$alertDefinitionPayload = @{ + "Name"= "The alert's name" + "Severity"= "Low" + "InternalDescription"= "An internal description of the Alert" + "Title"= "The Title" + "UxDescription"= "Description of the alerts" + "RecommendedAction"= "The alert's recommended action" + "Category"= "Trojan" + "Enabled"= "true"} + +$alertDefinition = + Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) ` + -Method Post -Headers $headers -Body ($alertDefinitionPayload | ConvertTo-Json) +``` ## Step 5: Create a new indicator of compromise You can now use the alert ID obtained from creating a new alert definition to create a new indicator of compromise. -[!code[CustomTIAPI](./code/example.ps1#L43-L53)] +```powershell +$iocPayload = @{ + "Type"="Sha1" + "Value"="dead1111eeaabbccddeeaabbccddee11ffffffff" + "DetectionFunction"="Equals" + "Enabled"="true" + "AlertDefinition@odata.bind"="AlertDefinitions({0})" -f $alertDefinitionId } + + +$ioc = + Invoke-RestMethod ("{0}IndicatorsOfCompromise" -f $apiBaseUrl) ` + -Method Post -Headers $headers -Body ($iocPayload | ConvertTo-Json) +``` ## Complete code You can use the complete code to create calls to the API. -[!code[CustomTIAPI](./code/example.ps1#L1-L53)] +```powershell +$authUrl = 'Your Authorization URL' +$clientId = 'Your Client ID' +$clientSecret = 'Your Client Secret' + +$tokenPayload = @{ + "resource"='https://graph.windows.net' + "client_id" = $clientId + "client_secret" = $clientSecret + "grant_type"='client_credentials'} + +$response = Invoke-RestMethod $authUrl -Method Post -Body $tokenPayload +$token = $response.access_token + +$headers = @{ + "Content-Type"="application/json" + "Accept"="application/json" + "Authorization"="Bearer {0}" -f $token } + +$apiBaseUrl = "https://ti.securitycenter.windows.com/V1.0/" + +$alertDefinitions = + (Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) -Method Get -Headers $headers).value + +$alertDefinitionPayload = @{ + "Name"= "The alert's name" + "Severity"= "Low" + "InternalDescription"= "An internal description of the Alert" + "Title"= "The Title" + "UxDescription"= "Description of the alerts" + "RecommendedAction"= "The alert's recommended action" + "Category"= "Trojan" + "Enabled"= "true"} + +$alertDefinition = + Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) ` + -Method Post -Headers $headers -Body ($alertDefinitionPayload | ConvertTo-Json) + +$alertDefinitionId = $alertDefinition.Id + +$iocPayload = @{ + "Type"="Sha1" + "Value"="dead1111eeaabbccddeeaabbccddee11ffffffff" + "DetectionFunction"="Equals" + "Enabled"="true" + "AlertDefinition@odata.bind"="AlertDefinitions({0})" -f $alertDefinitionId } + + +$ioc = + Invoke-RestMethod ("{0}IndicatorsOfCompromise" -f $apiBaseUrl) ` + -Method Post -Headers $headers -Body ($iocPayload | ConvertTo-Json) + +``` ## Related topics - [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/python-example-code-windows-defender-advanced-threat-protection.md b/windows/keep-secure/python-example-code-windows-defender-advanced-threat-protection.md index a67b250923..dc44b7cbea 100644 --- a/windows/keep-secure/python-example-code-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/python-example-code-windows-defender-advanced-threat-protection.md @@ -38,20 +38,45 @@ The following example demonstrates how to obtain an Azure AD access token that y Replace the *auth_url*, *client_id*, and *client_secret* values with the ones you got from **Preferences settings** page in the portal: -[!code[CustomTIAPI](./code/example.py#L1-L17)] +``` +import json +import requests +from pprint import pprint + +auth_url="Your Authorization URL" +client_id="Your Client ID" +client_secret="Your Client Secret" + +payload = {"resource": "https://graph.windows.net", + "client_id": client_id, + "client_secret": client_secret, + "grant_type": "client_credentials"} + +response = requests.post(auth_url, payload) +token = json.loads(response.text)["access_token"] +``` ## Step 2: Create request session object Add HTTP headers to the session object, including the Authorization header with the token that was obtained. -[!code[CustomTIAPI](./code/example.py#L19-L23)] +``` +with requests.Session() as session: + session.headers = { + 'Authorization': 'Bearer {}'.format(token), + 'Content-Type': 'application/json', + 'Accept': 'application/json'} +``` ## Step 3: Create calls to the custom threat intelligence API After adding HTTP headers to the session object, you can now create calls to the API. The following example demonstrates how you can view all the alert definition entities: -[!code[CustomTIAPI](./code/example.py#L25-L26)] +``` + response = session.get("https://ti.securitycenter.windows.com/V1.0/AlertDefinitions") + pprint(json.loads(response.text)) +``` The response is empty on initial use of the API. @@ -59,18 +84,95 @@ The response is empty on initial use of the API. ## Step 4: Create a new alert definition The following example demonstrates how you to create a new alert definition. -[!code[CustomTIAPI](./code/example.py#L28-L39)] +``` + alert_definition = {"Name": "The alert's name", + "Severity": "Low", + "InternalDescription": "An internal description of the alert", + "Title": "The Title", + "UxDescription": "Description of the alerts", + "RecommendedAction": "The alert's recommended action", + "Category": "Trojan", + "Enabled": True} + + response = session.post( + "https://ti.securitycenter.windows.com/V1.0/AlertDefinitions", + json=alert_definition) +``` ## Step 5: Create a new indicator of compromise You can now use the alert ID obtained from creating a new alert definition to create a new indicator of compromise. -[!code[CustomTIAPI](./code/example.py#L41-L51)] +``` + alert_definition_id = json.loads(response.text)["Id"] + + ioc = {'Type': "Sha1", + 'Value': "dead1111eeaabbccddeeaabbccddee11ffffffff", + 'DetectionFunction': "Equals", + 'Enabled': True, + "AlertDefinition@odata.bind": "AlertDefinitions({0})".format(alert_definition_id)} + + response = session.post( + "https://ti.securitycenter.windows.com/V1.0/IndicatorsOfCompromise", + json=ioc) +``` ## Complete code You can use the complete code to create calls to the API. -[!code[CustomTIAPI](./code/example.py#L1-L53)] +```syntax +import json +import requests +from pprint import pprint + +auth_url="Your Authorization URL" +client_id="Your Client ID" +client_secret="Your Client Secret" + +payload = {"resource": "https://graph.windows.net", + "client_id": client_id, + "client_secret": client_secret, + "grant_type": "client_credentials"} + +response = requests.post(auth_url, payload) +token = json.loads(response.text)["access_token"] + +with requests.Session() as session: + session.headers = { + 'Authorization': 'Bearer {}'.format(token), + 'Content-Type': 'application/json', + 'Accept': 'application/json'} + + response = session.get("https://ti.securitycenter.windows.com/V1.0/AlertDefinitions") + pprint(json.loads(response.text)) + + alert_definition = {"Name": "The alert's name", + "Severity": "Low", + "InternalDescription": "An internal description of the alert", + "Title": "The Title", + "UxDescription": "Description of the alerts", + "RecommendedAction": "The alert's recommended action", + "Category": "Trojan", + "Enabled": True} + + response = session.post( + "https://ti.securitycenter.windows.com/V1.0/AlertDefinitions", + json=alert_definition) + + alert_definition_id = json.loads(response.text)["Id"] + + ioc = {'Type': "Sha1", + 'Value': "dead1111eeaabbccddeeaabbccddee11ffffffff", + 'DetectionFunction': "Equals", + 'Enabled': True, + "AlertDefinition@odata.bind": "AlertDefinitions({0})".format(alert_definition_id)} + + response = session.post( + "https://ti.securitycenter.windows.com/V1.0/IndicatorsOfCompromise", + json=ioc) + + pprint(json.loads(response.text)) +``` ## Related topics - [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) From 8106da2644d2e195b731d6ae73081df6aee4c1d4 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 4 Apr 2017 11:34:54 -0700 Subject: [PATCH 06/10] add luba events --- ...g-windows-defender-advanced-threat-protection.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md index f05e878db5..a02feda9ea 100644 --- a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md @@ -151,8 +151,21 @@ Event ID | Message | Resolution steps 5 | Windows Defender Advanced Threat Protection service failed to connect to the server at _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection). 6 | Windows Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found. Failure code: _variable_ | [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md). 7 | Windows Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure code: _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection), then run the entire onboarding process again. +9 | Windows Defender Advanced Threat Protection service failed to change its start type. Failure code: variable | If the event happened during onboarding, reboot and re-attempt running the onboarding script. For more information, see [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md).

If the event happened during offboarding, contact support. +10 | Windows Defender Advanced Threat Protection service failed to persist the onboarding information. Failure code: variable | If the event happened during onboarding, re-attempt running the onboarding script. For more information, see [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md).

If the problem persists, contact support. 15 | Windows Defender Advanced Threat Protection cannot start command channel with URL: _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection). +17 | Windows Defender Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: variable | [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md). If the problem persists, contact support. 25 | Windows Defender Advanced Threat Protection service failed to reset health status in the registry. Failure code: _variable_ | Contact support. +27 | Failed to enable Windows Defender Advanced Threat Protection mode in Windows Defender. Onboarding process failed. Failure code: variable | Contact support. +29 | Failed to read the offboarding parameters. Error type: %1, Error code: %2, Description: %3 | Ensure the endpoint has Internet access, then run the entire offboarding process again. +30 | Failed to disable $(build.sense.productDisplayName) mode in Windows Defender Advanced Threat Protection. Failure code: %1 | Contact support. +32 | $(build.sense.productDisplayName) service failed to request to stop itself after offboarding process. Failure code: %1 | Verify that the service start type is manual and reboot the machine. +55 | Failed to create the Secure ETW autologger. Failure code: %1 | Reboot the machine. +63 | Updating the start type of external service. Name: %1, actual start type: %2, expected start type: %3, exit code: %4 | Identify what is causing changes in start type of mentioned service. If the exit code is not 0, fix the start type manually to expected start type. +64 | Starting stopped external service. Name: %1, exit code: %2 | Contact support if the event keeps re-appearing. +68 | The start type of the service is unexpected. Service name: %1, actual start type: %2, expected start type: %3 | Identify what is causing changes in start type. Fix mentioned service start type. +69 | The service is stopped. Service name: %1 | Start the mentioned service. Contact support if persists. +
There are additional components on the endpoint that the Windows Defender ATP agent depends on to function properly. If there are no onboarding related errors in the Windows Defender ATP agent event log, proceed with the following steps to ensure that the additional components are configured correctly. From 82bf9dd09f8daa6e2f2ffbbf76b462c2a8abd882 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 4 Apr 2017 11:35:59 -0700 Subject: [PATCH 07/10] remove code folder --- windows/keep-secure/code/example-script.ps1 | 60 --------------------- windows/keep-secure/code/example.ps1 | 50 ----------------- windows/keep-secure/code/example.py | 51 ------------------ 3 files changed, 161 deletions(-) delete mode 100644 windows/keep-secure/code/example-script.ps1 delete mode 100644 windows/keep-secure/code/example.ps1 delete mode 100644 windows/keep-secure/code/example.py diff --git a/windows/keep-secure/code/example-script.ps1 b/windows/keep-secure/code/example-script.ps1 deleted file mode 100644 index e6563c2378..0000000000 --- a/windows/keep-secure/code/example-script.ps1 +++ /dev/null @@ -1,60 +0,0 @@ -$authUrl = 'Your Authorization URL' -$clientId = 'Your Client ID' -$clientSecret = 'Your Client Secret' - - -Try -{ - $tokenPayload = @{ - "resource" = 'https://graph.windows.net' - "client_id" = $clientId - "client_secret" = $clientSecret - "grant_type"='client_credentials'} - - "Fetching an access token" - $response = Invoke-RestMethod $authUrl -Method Post -Body $tokenPayload - $token = $response.access_token - "Token fetched successfully" - - $headers = @{ - "Content-Type" = "application/json" - "Accept" = "application/json" - "Authorization" = "Bearer {0}" -f $token } - - $apiBaseUrl = "https://ti.securitycenter.windows.com/V1.0/" - - $alertDefinitionPayload = @{ - "Name" = "Test Alert" - "Severity" = "Medium" - "InternalDescription" = "A test alert used to demonstrate the Windows Defender ATP TI API feature" - "Title" = "Test alert." - "UxDescription" = "This is a test alert based on a sample custom alert definition. This alert was triggered manually using a provided test command. It indicates that the Threat Intelligence API has been properly enabled." - "RecommendedAction" = "No recommended action for this test alert." - "Category" = "SuspiciousNetworkTraffic" - "Enabled" = "true"} - "Creating an Alert Definition" - $alertDefinition = - Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) ` - -Method Post -Headers $headers -Body ($alertDefinitionPayload | ConvertTo-Json) - "Alert Definition created successfully" - $alertDefinitionId = $alertDefinition.Id - - $iocPayload = @{ - "Type"="IpAddress" - "Value"="52.184.197.12" - "DetectionFunction"="Equals" - "Enabled"="true" - "AlertDefinition@odata.bind"="AlertDefinitions({0})" -f $alertDefinitionId } - - "Creating an Indicator of Compromise" - $ioc = - Invoke-RestMethod ("{0}IndicatorsOfCompromise" -f $apiBaseUrl) ` - -Method Post -Headers $headers -Body ($iocPayload | ConvertTo-Json) - "Indicator of Compromise created successfully" - - "All done!" -} -Catch -{ - 'Something went wrong! Got the following exception message: {0}' -f $_.Exception.Message -} diff --git a/windows/keep-secure/code/example.ps1 b/windows/keep-secure/code/example.ps1 deleted file mode 100644 index 6941c80627..0000000000 --- a/windows/keep-secure/code/example.ps1 +++ /dev/null @@ -1,50 +0,0 @@ -$authUrl = 'Your Authorization URL' -$clientId = 'Your Client ID' -$clientSecret = 'Your Client Secret' - -$tokenPayload = @{ - "resource"='https://graph.windows.net' - "client_id" = $clientId - "client_secret" = $clientSecret - "grant_type"='client_credentials'} - -$response = Invoke-RestMethod $authUrl -Method Post -Body $tokenPayload -$token = $response.access_token - -$headers = @{ - "Content-Type"="application/json" - "Accept"="application/json" - "Authorization"="Bearer {0}" -f $token } - -$apiBaseUrl = "https://ti.securitycenter.windows.com/V1.0/" - -$alertDefinitions = - (Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) -Method Get -Headers $headers).value - -$alertDefinitionPayload = @{ - "Name"= "The alert's name" - "Severity"= "Low" - "InternalDescription"= "An internal description of the Alert" - "Title"= "The Title" - "UxDescription"= "Description of the alerts" - "RecommendedAction"= "The alert's recommended action" - "Category"= "Trojan" - "Enabled"= "true"} - -$alertDefinition = - Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) ` - -Method Post -Headers $headers -Body ($alertDefinitionPayload | ConvertTo-Json) - -$alertDefinitionId = $alertDefinition.Id - -$iocPayload = @{ - "Type"="Sha1" - "Value"="dead1111eeaabbccddeeaabbccddee11ffffffff" - "DetectionFunction"="Equals" - "Enabled"="true" - "AlertDefinition@odata.bind"="AlertDefinitions({0})" -f $alertDefinitionId } - - -$ioc = - Invoke-RestMethod ("{0}IndicatorsOfCompromise" -f $apiBaseUrl) ` - -Method Post -Headers $headers -Body ($iocPayload | ConvertTo-Json) diff --git a/windows/keep-secure/code/example.py b/windows/keep-secure/code/example.py deleted file mode 100644 index 6203b5230b..0000000000 --- a/windows/keep-secure/code/example.py +++ /dev/null @@ -1,51 +0,0 @@ -import json -import requests -from pprint import pprint - -auth_url="Your Authorization URL" -client_id="Your Client ID" -client_secret="Your Client Secret" - -payload = {"resource": "https://graph.windows.net", - "client_id": client_id, - "client_secret": client_secret, - "grant_type": "client_credentials"} - -response = requests.post(auth_url, payload) -token = json.loads(response.text)["access_token"] - -with requests.Session() as session: - session.headers = { - 'Authorization': 'Bearer {}'.format(token), - 'Content-Type': 'application/json', - 'Accept': 'application/json'} - - response = session.get("https://ti.securitycenter.windows.com/V1.0/AlertDefinitions") - pprint(json.loads(response.text)) - - alert_definition = {"Name": "The alert's name", - "Severity": "Low", - "InternalDescription": "An internal description of the alert", - "Title": "The Title", - "UxDescription": "Description of the alerts", - "RecommendedAction": "The alert's recommended action", - "Category": "Trojan", - "Enabled": True} - - response = session.post( - "https://ti.securitycenter.windows.com/V1.0/AlertDefinitions", - json=alert_definition) - - alert_definition_id = json.loads(response.text)["Id"] - - ioc = {'Type': "Sha1", - 'Value': "dead1111eeaabbccddeeaabbccddee11ffffffff", - 'DetectionFunction': "Equals", - 'Enabled': True, - "AlertDefinition@odata.bind": "AlertDefinitions({0})".format(alert_definition_id)} - - response = session.post( - "https://ti.securitycenter.windows.com/V1.0/IndicatorsOfCompromise", - json=ioc) - - pprint(json.loads(response.text)) From 5bdb8c63b6932eef60b63892a04321235080e4e0 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 4 Apr 2017 11:45:05 -0700 Subject: [PATCH 08/10] add example email notif --- ...ndows-defender-advanced-threat-protection.md | 4 ++++ .../images/atp-example-email-notification.png | Bin 0 -> 77772 bytes 2 files changed, 4 insertions(+) create mode 100644 windows/keep-secure/images/atp-example-email-notification.png diff --git a/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md index c4a85d0274..1853b3421a 100644 --- a/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md @@ -46,6 +46,10 @@ The email notifications feature is turned off by default. Turn it on to start re Check that email recipients are able to receive the email notifications by selecting **Send test email**. All recipients in the list will receive the test email. +Here's an example email notification: + +![Image of example email notification]() + ## Remove email recipients 1. Select the trash bin icon beside the email address you’d like to remove. diff --git a/windows/keep-secure/images/atp-example-email-notification.png b/windows/keep-secure/images/atp-example-email-notification.png new file mode 100644 index 0000000000000000000000000000000000000000..e11de0cba9083882a757065dbe25e36fc4c0c15f GIT binary patch literal 77772 zcmb@tRZv__*fpBq5}e@f1a}|Y2^t)NI|TOuf(3W?;32rXy9al77~K8e@AsYm?p&OU z(^XSbGgZB7@0sqW*Rv!{Sy37Vi2&)thYu*SG7_pEK0pP3`0()p0SfrWKq0^uc>CzA zDlPV*VuI)h_yA)e`c?G9hw2#Q7b95UGopixw)2M%sJ;KaJ`URdG5zr2y--#{^qa?b zNER#@djV?@&7B@+b#1Mj7u((4J-ksy-jNAAg`yvGb&WUxR`w@4QG6_n`?KHu{^EBQ ze>ge0E#b~dbhnKOZ~N>wbGQ35Mtf|eV6j|f@DDsNWNWKhI#-zv8>#=GYbsyb4m>to zs#(eF;R0C<>?8m;W8)^i`+v z7h4;G9v4@8qaxs!i><3vHe4OX2=#COGsIL4SInmJJDdI9iNP=9JR^hu&qO9T(!tPN za9Q4e|8~KYcS_KA!|JhGt$ld8ci|Mtc~Gu}#340&u%C1v+?#PsZ{d5> zP}|cEa@`AQ_>x1&O$?5H?w9w2E5GhR+r$Z@-U|5~U(H~ojO)E;zZISh%1_Kfwd86= zS$iW>d_yfRN15UwZpz43-H}n+wW z4-I*exFJY;4!7d{TDe9&W%3!xP>tAhzZt&my{o;^lV;?q$6A*$tRCF+P89|4_GdbY zj1=F-Roi)%Y2jLo{kD1wLG!CXzYv%75^q@$J*3dNoNO!)&J{a-Ium%Ols?4oK5h5r zF&(~QamQe4Iff{l@@Q0k&!QUc6c%Aej6+NJxDnpw^5#zN1Yeo@Jl*8Dt-o0WYp{e7 zJwmFCIA1PrPaK?M)l|0EHW6MYxm}E|Op)50uc(mkawbnFnd^FT((m@VD)g3alOB$@^`ifvP7Kt9`-Nj^X0bw(+*m?oA*YCpI_@cLM~6TL?qqX zGw$PAYnIvQ4+d4!ui@BrCpmS&ZG^R^mn)4iKRkU8q9+^dcp2{3*4)+09$2oC)?(=soSPg_H8-duF(|+rO$Of>^JNQlulAF&H!=n8w|}=u&9}1AnT@dKyd$ecTV2P2 z6=ZbxOOEGC&ELm61mN~7yt4w9^fCSu>H~&h6 zon`S|@88}S!Wi@U#2`Bzj&w37hMZ@Kt+4sMQ!o=N${?)*IA;G|i@>Id{tCT>LR46^vA`QbO8vq^=0)tBoyXUG?5 zF~SSosDefsaa$;cS`PoziidP~J>AS*AG9*4i*>&pcanX=X?P?Rr1P0zTvPqsCDuyo zNJm!VVIbt)05TbP@7XRS6b6B$8gN*;d_G%!+?{8_gavk;Rx;hxpbC4$uEbnB&e?2QCG^TM_L8mjW5V&k@f?MMevaMB;=|C@>_W)^a2Wg!5PGLl?vs^U!vRZLC4nGNT4M3}9p)NyrNWOaFSn}%15Z0V2yO~m>;pk$mk zHQP-jSTyvr54NC@{4sc6t?UHx`mG<%^Vn}f(>+o?g-bd;9pun|49ViUo^resPMI7U zoWP)5U#<)LTgj|*b8%&c>OiDVA<1rWq1cXjEVP0CRs;oGRCF%W}>l@P2x8A`dY z-sjP4vae9_#`B1W+=$CCAlKbA&7BQ|5#i2FW9<_Qm7I-UW zwa_{3Dy^tO63O6+P8TojPhV)o^l80r<6G`DDt{Q@iu+YLnz%WcI-jk+zqS09NprMDyT~_jQDA5}S{i6QD@#fH@$<&hsy^7psUebP}ZWnXcdKK&o?9b7Z zmv--`n|K6_v0-V8a)nrtrcA^y?SWnVwPk*iDC8>1%!AmYAB!n&erx}3=lvrp$a$p? zRzOTNsf<}nVMLP*O52Iiufn`VhvW4`%D*F7#pfVxwd3%pM>aiSzt zDVs>c!Jz+xmI7Cjh(cv#4)W^2Q$nc!>_o9|D{Wv=5S2d zXcduvyR#jOWQ1aQ?Wh#$@=<#A3ut8!vUthuot5W1jE~Nnwa&CNkx-H!J<&*K$Wf)j zsfz;ilJ3&OLQ|u73n=6Jb1A%Yr(+IG@;g|K?lelS2=*2#mr}I~jbVJMX{=Pew)PTe zB?c0Qi#lsC%;>U|SkpQU8Au}i3mOucnt1HFYJf$;<_ z=R$#uDB2EDlSHUU^`h0uK=|jz-BIbNJ9A3xi2MOE)s#PWOy5HLBIYeZP{Cs#=YNbP z+W|;x+TQz%dLB|y8K=Z7s|kP==oq6g`dDn;KC#Y0A>WRyXh{srdRupW zc)GqlSwL-P5@SkiSbF*uYUH^$G8VE|Z9*vjbZZkBQ{G70h{HUl4wsJV_$Pgfo8Wu> zmo++}-k{=?RBtVtMZNkj&Pw}ZIiBLdIvF%5Ym%)pgAx6LDn%>R(q6-5!6vF2eNi@y z{&GpmJ1nE&*xp~G)3#<6$@i(cAE@If(smfca1I={8gS?gSJUd;AoF>WR*!t{a{DA?anXQzMyM z6;++W?VAMsrGK2CFE8lyc!;GQqjql9!WRa;+S_={{k=)Wo-lw(ag;uqW`DJ0fgU8V zm>TxLN1|7&37=F-y|_A38@bP9mxL5pB{E9p+TMI$Z*v*Vww^Oxr4K2wysHXj6Yu$D zMw>WC%T+@^MT>0=mZ`CxlXu>iX>xTtR4zeA#+S=avzj5WX>-~Gkeuus#jNqz)^>lC zae4m0#}i}qo}fR&7vw}$?aoQzyoH?BJU8Xf988kk-%uI#df>Kpt^o*Tvm+H)u-?YE z_-BgZqzBs*m()3OY2Zw=B)$yQ+G0tyXbA_uhPY6U4=jNdSe;;0^ZudW+hDXP4ts}< zLEZ(hDPf+I`y=VkvNzV-A-t-W+f_zrvz1EQy%D%aAajzzf4|yxe~CE#czud{7@Lf_ zrI9RGjNk3J&+nLohK>qI-|7jOmNXR z2tU%cr9BS-?tsUh z`RQOFiX(*x3)OGCBnItB6PJZ1)gcTMwwP=4P(=l2mCrYm+K6C>te`U_2E*$Y-)^f7 zE|QXu&;3F zpQF4S-#bnNK6~5@wz%pN&_<8xTkj^im{=VB^OrN5Mkev{B(_?ar#4q`{ux=AD#$m> za887*_$1MLWoJtzgn}Gg+(i&c5!?(@Msr*U7>c zT+Af*AhZ=fKQ_Ym*@sRi$(Le^!gsc7ap8=eLB^tGFFmyYjg(>KeS9vtdV0J@PM}%S zYdo8az`bBwpPDAb5n>>WB)hKLYy!Cf!)uEsUjCwmnJPfK(E!{&MOwIlg7GLt(c{y z!HvR@z1rckpJD*XiE-+>^C^>08C~1e=l1 zsNIbE0*}ury1rdLPtqi!cmv`t+?D7+%I8#)fF=L)i)l7Yn2+o6Z}9_0i}~Ag79N_f ztm=yIFV|O%YZPwG5rp?z2NUjVtG03)4?QUAr4wkR*=hFjPYf59^2I5hDET?*#c z`04d&90qSYXdzL-kDi|0P;I@E_6L|n-}PG(QP8@d(nTRYsOdX3Ue00DZz$I zT(SL7>uB09R)c;#bdCDLCo=-E_9nk1y=2qWmhlZijf<#f`kty{IhI<}TO*cw$p{_2 z^jv_eY$!Rbfp>AYgTiU0o+ptRKVNW#oXR#nkWx30p(aM|p8_qHU=?pp-JUE?u3igxDCeP+EhkbAiZQtN zxB*z&>+%o-B?V=Bs@}$h9i?vH_j-4}9EJ5zH_yz1EhIy+qr(_>B3!|WKj%W8zi(9u zA8OKShFKxwS5ZOL`KZOWNT}Xl{d@6{NOq}ptyT>JI%K4f&6z7U4pBiwZWM(U3m-aY z%YN09jQ0VFa9kx42W7H`?vDztg5-j%I)h!+7{eA=OfOu@QSx5gLAOCV#JpJM3_GgWG!1&DhO|K+055Sg#Cef z&*tjK`BIAzV*rux566Q_S**U~qQ*@K%G&CgErG;BDhl+po0MNPA${uo?Y`8tQ9el)v-C@NMxc_Dp55UwkvsH8QoqCnsv`<35FBgixaafci)S(+ z$A*h6bTn~byxH(?#uL~OrF3yY@u(tku=9BOJy`SO*Uk6~HeGlSb!)OMd-2o#L88t- z#IZrD3fVN(JAO#<93#pkK1Wp)wnLjP&p{}LO1{WaR_JPwJ4QIy9Vdffwb=%k@^zS? zdqZTpwWu{QDaadm9lB0HClE@i}Y$uZpUm&SB8F;$3Y8X%JCBO_fNrx zqm|`be5EBlUnCE+L?VUO>8b0|G>fiKjN6`uEZLW-`B&-kr(gno`^23h#Y-d52Ad1( zqm`!%Bwke0oztnyk<8*kF`#_nQP{(>qwr{&88ZuFyBbguw}a(ghU} z@vr_N5q=#cW%Knt{HK7c7={-b8_J@MhgU^ox12%99Xm0-tXW%>YgIi~rKNaxB%b$r zZDOsBPBV6t<4ZyO#3$_gQp4+55PQ2+Bg>2W5xx5#Gy<5>2jOrf(T=cK`q8gIA`E)!d^;2x2P|nrrOs{0k=f-lMFPJe5U9P)7qRCWHxB)fo@g?;OU2I?=3PEUPFM645N;IhZuUWM*K2})! z&8>~Cx%#vzs%h0(Q!}yE(lno~7SfV_d&}ysz+wU7GoEYpe4l2%@af5RB{V4^B?+jl ztxsH%vE7bZ&X858ORVc1-5>;!9`unLffU+}iPtqNY2Q7O$;R7$|It~4`ZM268^WAQ zXjF{fdlp|+&#>$dBzB_)En#udIaDxXvxAZm4#Y@%D`r}9QK@fiMDj5#1`S7*1zDP# znfv4A^DwGzntQxq$lN@dQv8pBnG1w6xxBz`iqxB!2Ru=q7RX4qg~X@~r0FE_veE111v*6UCI~xFamQxy zA^F9M;dKWj=5Aw-G=;z@>0yGTESH1n)nv#!_-4z}#_)Q%Yl4vaUy`#>7vkkdclrhF zZyE4EHJg3iYVCZE#@Xm#EhH=S%v}w^%6=NqR*24@2_@?ojj=P5Ct1L% z?vSCSV>yjR1gTIFKO;>AEAU;}eO+uL7l*sP#h=Fgg~|jOU2ox*M3Ni$B%4bPPrywj z&>yZW8QY^}QjWe`&8*+IB{^>~!FccF0A;9l?qr&bc5pM;l1)`m@nl*Oq~gtvkANH#!OEni;AD0`W$LogUz4>wgX4n*!#=`wExr@ znxJmLOS5ueA5C@9O7jRve72ZKUH_1NSnJvnLv%z0dYK-I^C`PN?r3e5f4EQ}{5yb& zs+{o9`@ku2_^-??08w%2`J%Ld2uUK%D8AD5dH0en0v9Ub;N&niZg}#nn|ktSMpi-r z^vh%7ACvf7axYTi1D$!TYQe116HK7d@0$3SV{g3BG_4O)8QUH zcI!;Rw8%e~?%vhLHCv0qnO-Ts4X-Ze3gz83DpAv#dw$yo7PtQRu_Bk$1J}2^Qw##_ z#`|}%1{GD$Qz3uE?~j*xr28#Z_aVh0?6!l#&6e4S);pkSh&Q?@OX^)B%*pZi+jN@Y zL-#-05rn#t*`z4kPE&w%OH@$kp%=Kz-5;NdlcSFsk5XCGXks-_@XfPO+S(CP|GRjP zm_qcBs*(?F=Jsg2Hlm>v62UH6E|&~xsE7X!0?TZf(yBb*5z>Ww$|H?n_ursjt!uZ` zQNiIX%SY9~dcM91)JCuyk#5nq2?=VdLS0vjuAB|%i_a637cnU3tHK3*m~7&^f4ZG; z+QZQy_Q@zdJfJ1SK=z+7+LF&<9gozVH|kZLNH-ncJ%eIw5cG06n(PvLqTMu^J=4)g z-Igp;F+0B>6|BYc}BcHxn!*m62@N;Z{V91O*BwQ ze!`9KGP^Pz_~j5nJ${5`fBrnr8XfHxhL80%HHHm(%qm_spbQImwB)3&jV^GcdWddAqU9%P zU*{6lyWq^jHC;V1%P@#3+nJ_rhE(ez&J6cHTQ|RJ~Wrw>lz0nfnnb|qu+9Jj_Jl4SfR zd!?5A_A({p>o##OQik(BCu8*lsi)3xPvEzLe01h1q(>a&7q~4G%%zMV59aY~CQ?tT z%k*0#JpJ}BqEItp;Q^wEfek5)RyKygNLM8=Gep6P9FD)~CexY9_JvwV zM{Z6R`}u-jcrz-k`0%y=vX?IXwxTq?VneZju4f5nHtWDA+&)=gT(>hDNyYNeU8<25 zaQ8K@@3xsB!k7NC{c}$tsB7di7fu936PHF2o9oS&lT_eme?O=zbdWZ&Xd4cz~69@?*LCjn-^w|96F$bK?5I#)-Os!drs!}W_@RsSv!OVylfIw z$OMpj206cG6NJ*J*Uk+^AvI8@gktpL!RI>c59ff11h|Wv)~@tEa8y}~rm{Bl+YAo6 zq$_aWV^EI0#nIPQDiYrjF~`|x&;G$4dZV{9jiG?_VR}xW5RM3-Fp_TlOYnK_@O{hd z$jc9SDPqOo6#huc5=C%Zk=tq*3b zv}`B+CQWY2_L$l=>np0-R6K`ofxNEWAs9Joo9z82E#MN{qClSidJq$}K9Qvhr+KCd zgXl)L#E8DN!!R+Skn8SR(#|U#PL<;`cw*emFazDS21<<%&&{|K#`H^lB(FmhobFfI&52Y6D zo_Ms9NdfInqxCj9sh7`76!-+p`tN2)|Mr4hIWnQVb{c3-b{itmxJFpKCt7sv ztHbQ6%{Ll5l4}1<41*aSEXXHwA6kcQ6QSTE`u*Xg&G_C#BSURMl#b&8tPtK-(^a#cR zy=JFId(V##G8x=?^do?YqT1wJ_lJD?36`l(NJZ?Lftx#Rp43P|F~t0#awwn%?r!f< zoJ5u1FpsvMD)5m#Q`@(w(9bQb=ZRLh5Fy$8DlEc;03k)q>v+H^Byu1@p^3?cC5IF#9IEFAtXx z0Y-SJf0A20#OAmj7e8fd0Ifnr#DRv)!$#enBvW9pfXmB!iG7JPaM$D-r=@ON2?TPF zMwCjk_=Unzv|XxszHL&&k+9d!YJPRQHyQ}h)nM>6`qA8d=zg);IXLL|3PNXp8y*}@ zHWCJ^?G^%(IUmA~+3IhoN`sm9^YpGV+U-@lCWq)V|H@3g*cWR;9nRSSgKr zpTCFLZ*tr^Nd7%B216&hs4t?i!PY3>$hYfv>lclJV1(dJXZ*^>cHi+oLkXHs*k5b% z$%0?7KvFXo8f6(xfES`5bwr9%`_wH**qqyTBuO4>zH~I1?;o@#kLd*C6l*?(T8LgG z=^cmF1S+ZTZ&Bz9OrbKxlxSCq>t5$47d_!#7SG44u~_muXH*m3J(k^FKF=C0RBA~1 z_q9yxJ26*awNXp}evFaz(^i{>7TYDQO!%;vauA4<@AMRBlgym&e0#@4za7v>8v|K=P>cl8l6e(_m> zXxk=N*@MUpEy@qNDdhrj^qP8lra0{$4-Of(Cj@lL>%RiK`UL4imYYpiHyUbb{tG@H)ik4K@;0oPr`hMXr^^R|z66yR- z>p+&=LdUBF4!D8M+wGae+>$Q5Q*|HyvifE5<4%ulqdiSPz@?S!2?`-tqk1>tn(gRi zO}nFQ^=zQsJg~45^0?>`X~q>u&3M9AB@;y_5Q5|iAnUC){k;+WMqdvY&0og|V+A-A zCOi4~_vbSz-d{9*frSTi4f;r$A6O)4-Gi_cdfwbRO8rKFH99Q2{>RvOxEASMJfv!j z6E(|kXi!4l7~00_WJU9QsAsWKF@4qz`StYL#0`GcNcAim)c(cQI2o4|BzG_Roi> zA1peFYBRQ|5IYfG6cFi5I5oh5>ESs%u+B{TLrO*gaWsrLpM`HSuDVj>vj1|mk$kq`eHq$Y1(QJsyEZ$ddqR9X zeV8FRM7K`F08)@VSE9DF77w8K^;jAirg#iW`qd?!nl>0z6^zju5eY2f{V!P!15f3m znd}^P1-cDo+PHqr*bk3vC~>;+dODUq(e(9%@EDZK$%_fJsOQc;Iv|`CJPjOdK_uB~ zpDl$9pv*D^8vvB(`V||pguhyliR=~&c_G+_P&eE(2udqeFNw{JCAj!P?Cs8+D$jrkbE{6>>m2_A~aYkJqWD>-t!C#46xZn%X8 zJK2vCR5q%G#^Jx4>m7`)-T&;qS|_GR#P|Yqy)2dTVk`%3e+?cWZP0*IUY9-O^SoS- zKC(?dkilR-yzqVh%#_r~Iow~C)G&HQld1D`hm|RxFSTa=TElurshDzVgMry#(3=)(}CLRA8&WM0k-trfLh=>Z@@U9_~o|dhc#r4Gi@B9-N1#a97IG0fgn+0G;H)ut2*TydzStPMrr20QMX6 zacyH%I5@?hLeq3KJ5sI=`yLZ9XSQAbv;&+}WFPYA2B5~(=ULvD^-D0J?H2KAA|KW9 z9^h@aZ-nb@Co=ADSUQIe!B>+4ui~KnFDExGT&mr&{9J}z$BkI2on^#_{(K6Ebqkv& zHVmnJ5oH^kBHPm*mx^cv5(lwo=%f)jUe2dF<}8IZI4C)A~ofXbm)}TF;a1 z(yl8E%>h6VCF}Yjgy@y36}dcb!Cz8d_Gr?4mD`9X!2~m=0Avcq#yiUZ2h&#&x0Cky z*i?wLPQ6YNBfiwMRt<;$(#YbgmV~98N+`G|KtHil8QSLSF+a}_BB3sc_^sA`)f_J6lXsiYM$ezLEc{8Lzon+evyF?Z0jQ}wSItU zW**okslXyK+jE(A7N{a>4*s;25Sh z6(@f{;T$xXrNhT{%(O2vU;&T)teA`sCZWWrqS>OdUDR!4*4;I+N$qiopUQP0BxTWW zIbJisAPZn0#WTZ;j#^(g$4HaWT=yN0X6wrpuT+SanCHG&t37ZSP4)=6N`q>kH5ZUy z-Zh~&m7V=_HAOGl6^6CHqNV4G`dRKw+<4$9$8TM|di!i7X>Y;&Q=2cb1o&mU|M_uI z85Q@;^7*c2^j~4h{)CWn<@)e?``$c$Ei61j{ahHcs1|8KNxKO3OgoQ z0$3$8L~iic$V8UB$UzOGy^>o)N<)KJV?A5_U=W_3g++NKeAZXDKYXNwn@2#REo&C zK^-o`aWN+gDTJSa|3yoic?tPC#3gMv#eDKR22aIJj9y+{Lc3Sk0@R^;LJWp^L@a~a z-c$Hzyy0D=dlP|pGs_N%0Cwc1hk2P&P5A89CjSUBNeuWA5ZaJToArB14jC+^FbZk@ zKsbBIKaV?&Ke3!j*sK`hX4kN2f=ZvWlJOVA#Zo zTqWz}H_e_1bQzMY1tZ#QIYT|(D`?N>p@WwrLuSvuEv)FMe`Hpndc$53{b z*boKJOc&74oigP*cya^;H=eYf7dY@Ih$gbovWvR2<%V7H4cJ~&3Yi*-VU=VkW(%EV z^VL3{(y~1;od0HrVK~KOs50ydr;^=e$RVSBPN{_i?_=?g##X~}*jo_@)PtqENP-w~ zi!Z42p69-#^FtXeB+A1nN$5BKQm6xlX*Bt4Yq68rrL6+d z>FUzADqNbe?q4X92l|r*5|K=2r}t)J@0k0`$a~_ADY(p>JW5zi^d5PH&U-a1IZ~n| zcUvFvFYo9EfA4PhFJ1P%z9N6`G+!|5m-SQKjCR^HG!BVEzN20=JTJtVJv`>MAj{(CwuFkhY_s8$QVg+(&lv0R@v&3=>WIPR4IP5MKvLT{f=jfIjS z7k0I?=V^}LY4|%`kjrK2QfPALt8$>{=b~8J)SnNoKEFPx!loS3y`Ul95nc2=eXSln zJ@cgm{PkS-bQ{D18d}1-W^_SFW={$br@PL(2WIkx;w_W>;H_R#>t$?QLL=5b4K-0~ z3VrO0Wr&}z3ihJf#3%e7buo3-COPPfJz0Nmt>mJPTq0W3XVer2+wqoNL%^7)kUo07 z?>GmLnY<=eiF6*SdA1D*U!yPM)}HQZQ+K}fka+!oXc@DVNCGUJ*+Uq&#I?iq{#|Vl zisH26C(XsRezB0MU*i!pn_eq_@r1LPST2@1f}xI3=93bwkUWKGl|TaE2hxFMNtB1mis2Iyc%?ki<^d2M!;ONOVOqp3ZFkq9+~SGL~}pO;2BSUFE* z9?&XEc>1liF#G?|h=^_CSE0Dy>QxaCFb;ay#G|~o>c{j7JZk*nxE%$!a#GoY|GDiM z2z!Z=e`1S68KGm0z!~5AQtTqY&~w<;ACX4bBn<=#=Ih1bqm|w+pzU%Qv}gcleBPEr z;A^9`8k7(jGLpf}8wmmRd8zh{$rv6pd7>Y1*t*VFF5nQu5Yyl#EM-1MA_ThrH4ttP zwq}#x@eogDRN%7}iF(|euO#i2`14hhwUP+ODOQZ!w3*cklbYy!3Cri1k*HP}6YMrfRRD##Z&d(M|#0fH|cnF}@a zfUHM;%=v__>YKJ6e7QUFgH5thyUP{e92$dKQUH`Pg%-L+4wrt@}$yoP8onvl5It+e~=#O48% zOQ+Kgbj7tRk_k!jLkt2ROrkd0R-VEud~%ct92+3E-<=QGnQh}!`_{!M#KugH8A75T?JJl2I8GCg9hTY4U5{e=8k$ z3k(=MoMM1}J%lApuYMlSj)Lkr&R5lu4pB?gPX8A4n%4lpk);&$16CtEGFgjCkN0^h zF_oNOF_MSMQW%I%8b&BbdFZ<^T%RG8@pRfmjBH8J3;mmEpUK(BR22=)!s|70h@aDp zSj-DU#j*a(j-ACWfKp0KCaT;KoB#BHQt16MgodQZQGMvR;T3Ta70Jy@p;O2PI!jg6 z3QDQj92()55EGC7fv2`AeT-v`xsP8*_G2#>IEQn^d1+wd)Zj-ko|EA^!eN+W8K-fg zzjD=Pb_L70d7EJ%Int%I5V?$TFU!ZK`=3&=Pz<7uoMTQ&ug_gik9EPqO~{1bOt*$( zIJ{j(7Q(g=?3Illuo7_fOng@_%CzLpnlD4-Kpd)Y<$Y z8el7L_?6M+58F`7E<8RpwL`U@6CL-^a-kM8->jw1Z6oosFV{>@m->+U@DHS7R3WSI zk|X7mB@R&y3@yv$;@$rZf_+YkLI3|d6ZZchWQI3tn0-rI?$Q9{&A`k+*zD0SMG|Ke z2;$r=l)5*mmwxtpUE=yLsOI+-h^KWp89~WIB48dzZRh|;io9={pKct5AB^h5eLv^o z_uY_{_1hgsgUn4h*@%7kmV&&icX}Y-W>8yoR0-HmMP8qzm+M4%Q3Z2k`TjLs&a5=1 zJpyXj3j_=y;=g(0ckSC0E_6MCMj?Qd=y`svG1Yn~tdtuF_OUQHU4A~9TLIXwUiHsO z?@IsOYI^YEiN|ENf|dVsD29B#q;u*t94U|O!|VcXF#5Jhn0p}BvT-CJ8&AHx_8Y>t zd0cD)zzMJfxQ5|f<}fN$9~fK+QXv#EhmfVtplH{$`QC<0>8A-B@Zf*`92EQ;Ty`~w zgzYicA58yxyu{)5F1=7;HXPRU!l?gbfBHyk4AVW8 zPinimSZ}vtCmFtI5D>$&H$*;uxzv%R;U}T{?OO-?e-CUOT+&MI_x4OeQfbi9R_}S8 zpxYSPtl!K|W!L$fkK+Vp{4CU<;qzm)2_R$I{6rn+c1_MtSF*%|pVkNrDimT34c1yL zetq&hJ{Y9daj8)vMS52z$bSJWju7KP}E**4p-BM>|And28uZhD{(}=^N zK`rCp+Y^MGKuc;py-P^|CknN)SZT8hCZzC#tlHbg@oHCH{Nc@E#Fw6`p zm0kXsoX8sNe1DSxCh9bP#}V?14HB&uy{h(1`a7wVDFcoSIH<|q#3$3R*H!RbB>`7c8yaPJOk7B!{4R@{ z#S_c3CB!m{k-1V{la@};cYuVws@@^UU%(Q9f9J+xrTTKggI6?<|pPexn4@&t<0G$acr{#x!orrg=b=}6ZausN`k{@Pm z9u2c1yzA}H+se6g)<7Q{qT5)+)PQX7=)Bef!~zlOBeD<@JqO3fi;VgK+W??@@JmOv z0D%i#RkE%dm#e2p{Jop$)#hoKH~tWm)>_*o8~KzG{U2Blq(Ds3mPuo*z*KHgrG_d6 zNGsOX>NOMEEQA+rW{1F+%cZb1OmL^;GO{=AXiFroj}OLZ9Y11RI^xZf4(9e zzL6^)WJyEJ-V1$QEtJ(8eJ~i~PRM&P_AeLmR`6dDV#QX)rMP^0yD?zZ~@@6Xo4!=q|NNqEZbk##ZuWP#^kJc3}Gh#vFDxV%ji3n{3r z!}_zzv)u_Q)P*LHA@O#DEXrT+w}W3&vGw4;h)tjpk2w4rKAA2Al4V_m5gZnBJXh|{ z*@9@y-|LbuX@F!v3?f#Q#uL#dwJp7>1b+}FLVzsz@*+2K4RGfR`aX{X;$i7oMhGs; z4;GEF-1~3e-bQ;|)Pb6~95n8uz1q~#>duii`EoTntyP^m0NDg^Q9P8r9fRubE4YnQ z>eKMsztI!JK)8Rkf^Vxp!VFVjozE8xoG?AXJ%dzGe*+)rjl>5c(TfF{enmC8xb-27 zJT@H+-XY0TNHo=Zav&+M$$ZWGTj_G@Xsh=!6kLWJbMZzY_Dm}zQD?i_$eI4lup2!tXfLa@QURUOV zvmgdP2lM9MAB0BCuxIS z04u`g+eUf1Zs#kG#=yc>{QdqoFV0Qi@Ze^DApEC~a5F7Q!wG~V8Xk&iVs6jtYATN` z$jG8V!M4HTc3*Hi4V5$K^r)s+BH{fhVScrKJQpk(N|quO!|a^Vi3@g8vIA@H>t--f1kE66o|FL-^vHlVR0DZ!YN{E9>rhixN#@krPAz zk6J9~ghAu?#nn{)o)Buy1V~X%({An6AcL$r+^S3zax77 zhYT&|JieI}j^Hs#Zsyf%0%Q)y+qs!yi;z!Se}@MX{i=+_9T5t4fdIc;$WHx#HA=Kc zOc~fje}hiF^&4zI4#sdKoM(Z2j*D~jT3z_elPI(JABlNI_^Y!XMNQ2;3_%^{K9cfh zaUIARPWyESI~KmaCs6H$)CE_FkEv=vZ$PCL6b?jihpm2=G8CVG`IwmRv-ge45M^9lo#W|A)4> zjH)~NwncH*4Z+MkG%U z>}_}KzKHb?n>}}~c4STjjNY*^4D1nT18KKP-uw4eohElz&KIY9m7p=nnUc%c?C#34 zo9m^>#pNU6RXW@|dgVLNkc)qqC)mj9<+5F6bd)W`jO3x5LlRPN0{wn}Riw)CsVymP zy)VhVB-g_`FOUC(Bea!mTPltsIpDJgOkRB4yWUt|&sB+{i_254W8fN0eB3axKf3?B zmv!U6x~`P<1f8k={kG<8e4h$tKu1|q965SIdUuHrX}^Z3==GuEKMQQU8I~4D*%QH2 z*4P675eEaJC~`r>X9rB)M+T~TzSy8s?86r%EFZIb{&;{I*l}r^LeRJEG1I82qtmwA zvEcGD=i@&Rt#-82oadiyvMsWm#L`A4k_kN{*R;h>V7i7#embXtk$E^E> zCfGS%A-h8_*&LSuF}(F7@SV9fYls&_nDXm8d!v~u+e0iLMfS#a-%aWh&{?9!shz4o zCaDmCg8^7=+szJ;2q2U|wWH8t5|tI%;s{gQjkWKn_l;tvGBml^Pe!7|Bk1tFzu7F3 z@wWK^`esI_240sc>Cp78m^{~CTxgn{y~!{ctYNi&6Xe&dymsZ#`;D2cP#m& z&)@UijILn0WD;iNQQ^0xU`|7>1_W49+N*r8<3#yWz5_)7Ydp?sE(|1mSlC1Sp&i+S zAHxirZLZJLj%|Ng3`?WF`39 zgPa%4x^9Ld?~_V%^RX2l``1NSDR;pA~UA<~S51VfH=4n6o!f~UI&(Xd% zK3puhZVDBw_RGxyBfrYjV2A$zcEXPP2W!pUR5--gI$JBhb?9t?WKK^QF9ympYd}Yh zmm38CJsx`2Q#DgP7$nvvsE{Ty_5Cj(<#T#Mi=@xxl09;erWEIFX7G6b6iyVlC$lo= z4&6I%Uuc##fLxfVDDZr(uV^~9&Z@RlPk@Q6W+9$_xYS~NqWAACVD}RT64Z1v_)kFk zH`I=ZZ`|c01+uM>?i2%U~W#|0%s%QLcaKAU)hU9^h^y-Ni_`Q0w2K;&t~Hw|bnT zlmd2ft;L&<9j*;waqep7#+NF>xiqWv53#^Ai-D0_c=&rEC_Qs&nFAlnbpZ=%S zapQh1+oLZ<8kVRgFPq=AvvQ?=IjtW0O^wqzshpGExw0Qmt+2$M8l3NDx4^F^_^V{P z`*`*8X9e3Nh3;LRpvPBLWZk+Z=d}>aIe2cj+tu(-%RZ87Z>X2kuEAuD>l({invhbI zP4vD@DhHPde52+r=y*A$FIF@NJIi_<50=natfNr1zC-5 zvRp0S&f9L^YuM6x?@N}aL}kn>_Ef4#rkA!1r7`jcGiuVy_uN0F&v}@%pm=_&4w0Lrz$DVexOi@q`XQuvdUQ<`gXK@Lt{W2sD|f z@;K-GS$@>|U2&Xxg;_WVTLVr}El>}O$?R;-56msV3q9DLvJ=vr8>PKCPQ2;1uX%yc* zt&HKN>Ci7ke89%+zh0khF%Br*)vJjPmYsic+yX^r>KLduC7+s z371W6?B!-A5?f2a8%)|n=hP4W`vw4Yp@uO%ed22r$!jfoA~4?R=`S(B!!wLHtp?+) zLO8){22l?|pFXks|Lz~i4xF7tJ$v3CP3(Ly$2;G=Hkvh@#sQjd#~&UZ8qWL!ZZD6p zDMjuE5@;(8IvVJGMaYCa947L`+uPe4oS#z&du^<(al8I`Gw*qfgM-8Ad*fnZVKIL# z+H<(rqT6VhksQodf#-6>ZiT8HJXJA zp$qs9cgA&FbS|03u79}DY@&ckF(X2BQt&jE=kHJ|K89j8KbP0}&f(!9_?7JMThm4T zA2fkOm6=we+L%Z=5@VuVw=t8~Mp}M*EC-v6Uu>w&`|{@EAWPWWE&M(wY$Tn_z{>RyMmGPM0~xvLr_oFp^vNKlshk4k(stvd%|D-91o;dNUgJ+T%kH@FK!~VQ*BXookQzI=I$3wjH)H3@xTnn{TXmftGi6*&rljU{g==Ce=bFi=L@J<@)xavjSS zh@%j;7Q~k097lh~(%Ud*hyL~Vg5HA$m5*F1YergH+QA*=3izrS+-8}4_PM@1+WV^d zryGObfB(D|{ZXck*8nEJlpHu6!`QqM5SUdC3J1)BIx~C1!9rBZ^LL+B@*WnNoyl%* zZyT+qLAzlcx7f4inq-`YFg}q`)goz3b+GX?YfJ~9zpKb^^?!W8Am%R9K1*As>_KFG z`|VA$)28iqS10%eXB&f(goDgTFYFeyVhP#xBBrG&hjuNxmfF0H#9ImGuMJ>T7?ra< zW~z+9;=#AYY*)MNs?U3J2DtNs)EJSsZaZ58nxf>UPP~amN3-~btqfNtdZV7%fQRQa z)bzq?N-Fjl);}i;AuCSMWe28>UM|tJHv;!*)#e)QRgAyADcKs!dCpAs1Dpe^>CdXX z8nO6S{O*SfRaZ0BCcn#dWzeW`p`?6vbz2@ho~Nc-Nx`%-v8w2^fba9}7Ezy(i!?_u zW{MZfjxJVZezpHiL`38l+=JBLKRA%|3v>H&}6RRgF>>3+KdWQ57%n@@p3RS_6o$Q-fmIn zDkUKCmzq7JHuzBtKq|Z`}G#7v+CX5-DjmN2J^d%d3&wbR$Kg2 zF)#9{sS^CmpMUW=t>KmVNKpR1&Fj3ivXUcPJWj1By-VwS?{{3GESLQq7}z19a^7)& zp&L7!s2YLC7~9+@ImJnX#4ji)>UAE0@5K-JB1n>_mlxQmxvLF-NDMX44;Qm4f(v)( zlP8I}O$UnQlB!IHl9_kJ?8%%{Qk~?_FBaXGCrPhQH%-bSx2xh&YD}Q9SuZ~nBJ5gs zI;_`Epe8dgGbrc0dd<_^+o|8?m4d$j*Da&|)n@XkC$2J`FDjMCKh+gMbiMudN z(&Q!D$}iPS{$7MGm$Z;>utyEso12?g$+_99xUHkHrX$4}6WppZEwK!13JlrCkr))a zf)K$n53Nio3YE*JuuLj|>2zHf3*u+hp{1pzWj3}TjHS{&bo?6u!}P%xR0s3-tbcw( zJ*nyjvkJ%j68P-jyIHH7kLT()g85oj9=N%w*I>q5rm1e3e#^@@(6PP;S)pF8Hwg?% znP3WHt!FiQm0Uv3L85A8dA6^>`&JJo$-sTAea+WV_yssFGrXK~mbzjg2`{YFZL4xR z5J{O<@mroX4~$)ii%GxwU}OP(Gga~lEa#7IF7}QIQg6NUoyl21x*g@x%3!^85p%9F zAJqXzcfQeH14Wn9N3kLrwAE!Tw|NtC_dI~$)gxJ~0q4^9r|4&K5BvS?rA3wrEglcT z1ZkENh~tr#yT}snwPGR&Y}Wf@6vib7t7siD!U{$-2O2(d-(v)JSu;>d+S=y7q5i_a zgsI7}*2|(3XhR>}*KS*_#k38j^el%6litT3cvA|oFOK(wOm_1PXHzk^|p zQZCY$fT=Yfby``s`CY+fL}zOpT%l9X@*!D49PTuq=45gBCkR0hQOY=tllke@tCw5!ISR?B|I7I$Wru`(0!PV?8Dt34}+c8VEtftI4c_<&)6F!R&Qya@s^o=}sUDo7H%*$1s=~vgZ9u2aFBu?cnQn*pE@OLyEVer4(3r$Q@m;Iec-!ZVqER_z+#f-C3o)fUsjfCaxdY4;TfmEMO&EMKB^f917AQbNn?bSC$c;!Yh?rp^!Me(3u%e`kbp2UwM9y;Z!#8 ztHCgn7Ckt!+K#H_*|BA~tU>xq_yT19tb^d3LXd{jsVhr6M{VWy-N|Y%tCPB|r7|3X z7g&l1je5f9^|sPSNstnu=3D(rCbPpc_X6fn(?>`UD-cLX2^=v3$!{lXEyiW(UWQ6- zR+I&7%9)Jf>nIJ*z!(Aatw~136lfQCN=<=ZT>7p;Pp-}X?j(E=%Cw?e_3qU|7(HAM z=Y^&~sHGJm@(h`Plj((TEUMNno)CPj5eLz4)%u%P=WP80%;bH_Y}m{*mNO9? zc+Qqg`^6B%LyShL&a0d<{H?4XV=RWzvKCl8_balRIHrmQT$^RhF;K}e^mAe}qJ-*r zmpQDB^!I&4p9!AhlBW_yN*(i4j-XBAiiP7)BV)YsVP!|8Rpv{~>DKt7%%)`iea)1} zv&>!aSmTquI~b7@q2R2@xi=7jP4~s4tqBFPv+gia{UYhDip-!AqNXK?TO(t49YLqn z@|+uzS45&|_p!XJmr1Lf1fu9Eyv#lrgG!k%P;a{4GNyy}=Wgi!ilT&D%wmf>9)C?` z^|%uT53bR0j&3uuf{$1r0C*PuMve5*w2M_MqofzyFA>v`$c@q62qf^D5ws2*%I}p~ zI-gKi7T?g!7)tsK4K>?-a(SLqREnUj6wkf^nFbXd+rETeceSmj7MLQGP^-TtY^YM9 z*F4i|y1d#1a%+wD^eeH0fXy2*`b{nrl}7A;B(@bj4JlOLF=NcF%;NC%uR*x_lX9$ za7C{sNx|kwE~Ay=ejJ8$;u-s{7E=hiv6}Qp10=u6@-bH8_}y1T@~hnFGV)&xcv@kk zqA&&%4}QFcD?6Uwc7BzUDp4&!2lEk5cx7TpQW%s-?uc$+v$U&RXm^jfdZ-nmFVriq zG2RDYM=3D!ASbiDje5qy0Tq8dJ~^0goPDlUi$VNz(zQ%GHE!q8;Gg^lB8_4^tU?UA zAc0KNhxrDaKLDy@QHm&Lv-pgh60jK0;%Unl9-jcPsQtCfjX>14tD!mCL}9@V zrmb3A%!ICHa}c?DL*(1;+_acHfk-N{{r=SiTlq>lX4)?>Fn7mxXkTzfvU*<-vNDBA z#C%IzZwT|Lnz9;O-Y~>{trL1osr#~p6Bk2QXz~n{J`N-+Cea0ZGtWytSxy$>1KKDV z`?=upNfM*VvB${7uaMrREe){-zg9FP{EAN*6GV}{Ll^|>a9v`LA<>1=SY;EX?>GeX zYt1qB*#s;3jikcKkYnR^>A&h+r5_gZ&D3uu!gIoiBzdziPzlKQb5!T(=83FW%c`PR zg%BIJx7T@`tO1RR8y@w6Q{>7AV=>Cf5EKxV4y)ZBu604_DYzD=@yf{D>If}A`Vh=b zGmfLVnH9}_@Ub>x(G9J{K7op8Qq>QP}+|kWg^?25Va)qb(TDA?O%^x3UJ05OIn<0;tIEg;l zg(dWICJND+saJo=IZAxApVEM}fvV#cT}<(*&B=iGM5^&>%aYvjHxYUH`k7 zl~YG%4wp`y<&+j|vZN3rU(#+izvJ43ci?sUhfLwj4+#W=7K*baY7DP0RAEo_LQrt& zzJd-$+Y^LKBC!`7k;Gc}6P}F18V`Y?m+ilH>Bn&dU>}+lV&|$6Uz|z~p z)z({AX3!x51=kWck;*8-`rL_LDf11`mJcTce5A*-d@!mOS`9t~aixf5 zn9#h*7P#Gp!cfL4o8)q0rdKG+Zeb^bF&bA|snnRDHv7bzRPD0_&=#Sv$>XnQ zU4tEA1GDYgU*m~Mky~1AgAkDSHEeZl`BGjefY!%`>+AD7;_59-4ltCpMP2o_d&K}dG}tefQ69>lSG;NvJmJnUM(4Hb3QYl$9I(d(wY*ZAK&UK^qgotHHc0N8n`JPYf z$ySoDQsW~!P@Fa3o(D~uR=`Ok&}L*ewJH+%!~#Z#rwwpaBlz9!)Phtr7G=yyauOLt zgURL(1J9Q)It_X~x;0{vvB(Cv%s;xL$nnseHghi^raFI;Pf1@=WH~#7UQG{zsb!bl z2=L(?-RgaD#XQA&U_alX{LJNf?;U&c(gyF5T!ov4md6Mxvnak`LS~*SiEWYk?;8v?NqR?KS{Jy>i>vxJA+N@v}t z!bkMPx$A=6|I)1s^FT{rp};RMv`YIBK1U8|L(DO1jnYN|$69Mi<4LGIqQr+#edwPuHM`C#CPiu}veACX{o# zFkXNY2wSv5e>-jE!FEMgv zB{N0eYVxqcv+AmSc8>~@BxZ7TxN?#7*_h}Bj}cSg6sOkGfke1;iNBwI#N!mrz~yYZc5oY zWGp<95FfNVz)6y2+2Og2iG8#g{sclbw{W`Oi1X*Vru4c5E2`N8acm8a^@tKyCTqf2 zi*L>>JlTcE@V$m;X?!mqmY?=lv12mE2QO^b2hY22cos2g#N3Wbj|mF8e{*umeI8SN z%?Zmz_|oCuoaV)%JZ;qa1LGj*cZNB8LP7hX^Vb6&Z!sOASOn5#0iTl%0-ex$P^qyA9J z#l!c$;~5T{v#vs+G{F}n=BNv=>pwrg?(TI^w(bmJin3!8wG_%Haana7!1KA^ni)l7 zeCQur*xB=cgs!r$n}2BEb#8PEA4H7|w!@rLnBAEAB zQz5A#m_qDJIvw|>Uz10p39HD5-d$ry{TDGWLQHwP>^WmHu;$S$DA^yb;uWeg4Uum+ zIf1!q+P+7Q(_ds~GjR9lQEp7*Fd%>B#|4Ibr_uZum49{a<8$1!U4TbOe#QT`I`_ey zqHMvZY4_R`2-o zG7nI!`(mQopEy?!4i-E7{cn$6s`;?{@KZ9{Kp4!! z=(pAEbBroFyAX-trH)IIE%oZYO0L=l`w3T_UrzTiQxHDu2{WC_Rra><796=W+kAt$ zznikhR~~Ph(Q6kjnLLgy*{ntZOE0BWN@0WyN` z-Bop5oXXKso0&9PKk&E#1jq=82_R+cOcb!`)WzFVz<@H1T)?T=XBlOd^o6Brxejks zVIincv57bXOfW0~)nBet&wn^mO{+T&sDA=>y{kVzOO>)-{ymug&59XK!W+e%C+hD9 zKE)4=;++gs7?529W#cFZBdW;C4**7cfFZlzt4@t3_x))^t+EZxI5~+N@ds2v@#TYJaq($3PZ4u+yG->ON%$q z8bn>F@Tmi_w@nf}{zh|L;=JS)Nn4nKoE==g>6zfNCV@0ooO~y+E*`c>>nJg6p);tk zO8tCFnYMCr0un2=EKL=_l_{V^Gnv6hvzo2h~E+^w)bQ$3m&2oK(}P_gL|Q0+vD{otd9 z8y!(kx5rgzE(RKr{h6$Pl|^=47}$_0c0vIOuAIV>a__F=i*T$Dp_9eA(uGK(V7LIS zVQl7}qyj!77t~vJf~XV@HgokhP{k*uWru4EhSm-&VHbcU z*01rbnE>akXOI4&mXIfZQcn(AZLqA^88L-^|W4E#n;O)>Q zE!t2jo5G5Mkh~U5hBzZW{qm{|-RKGP9ySR9o6e8BIa6<(Oi9#>ojk`qE;vc)S`$^luA5C<>(gG3Oxapy*S1o@Z%EGrXsq@+i^&vKqbs36yt5AB6_R@ zo>9b@T<<&CWG37tq*W43pNsvBj8d<^e@sH_L8Ko(hm}IsawN- z?BZOnVu}NV%3KV9-08uD;ltfEI6m~%GI115go!99myscWb(UBqlD29<|8;~RlP7hS z76+?oL>jr(sHV>0_Y9Y12n-~5zY>QNa|H|g*=?UXI@r!E0^EP0NWBq6uCJ$Oi5o5P zh$oiBZ`_OG0v`W#lcNdqZ1f`>92}80WVaL){_Cq;AC6OH6DqYYE-s|=G)^-qrGWn< ziq06RKV1}b-tZ+@MZ#SSyes1&I|pNu?@`;WoW^s74>~S!MGco)J@t&Y9OP$4BL?1? zbHfuGmnh^Ss`5W9L-s0_7FyinU{jW(mRj67njH|-Qt@HwCkW8&r;1T8W|s90nj8u+ z2r8(*lqDq6D@aE|=$*Gl^jqBe{`MMPAG)9&feLxV!n|8W^j-=LTE@y1hm}yt-{!ja z3+S3emft@C%>jeva9?$AJj&4d_TpglXyDD=@IQhQ$aCHv9>pqoxjEf#cK6THKxsDX zPt6uc;>d!(dF(p0Pq@Dl($H|mXV0QpHXs5=S!+>^TkA;3td1ZN%DZ`qpd?~WnZSBs zD5#J~7wIEj9YAzxf1Mr*<6a}UJ(vW&%Ulb?ByD)oqzWX!E^unHU-<57lN}76XLV)u z<)FJZ-eh+^5vp&^Ulky00-f+hfkB6#6ExQ@@W?9Rt`iBP*Sh$tYyyoMRtryoXlv-_ zW5;MPcQjtP$Q!7^Dl1qelB77#M&ujCgy$Z<#69)aYJgW zlls@%L8QP{4i$bM}__FMG5O(pGjrPmt+!Hu1{6J#D(l@OgM|0}RK}5qB z3!Ib#VI17ou|cRxWVuVGV>E2IX(EkgW46D891FC-k6+#vNFas<7aA&!nEzPek*)&e zpQSOjMr^^VmLF57vWd&cQ6&-(`HElTN5F?G$RH107II!z#V}xy@yGuSk_5pL@g|U< ztMZ44^OhohZX^JQ z_OFnm$)^Lb(k#TH{3(H#qAT9NA9{@GNIlQDF~soNHc%Pp^s@%GB=)eBwTbq3ivfphvLRk%>f@v_9)Y5(}LIgrW z$QG6XKO(Ng`2KI3@{X@@9T1N9LJ{%N=086YuoX)GF&mC0V9WGe@1iiJuEEcR0ku^( zV?Z%#5NbCa?nUSuA0Hng-tX@qvt>pavYCI3`=gmv@-L5;<4Us1J09q$2u!P1NCoIq zKgH}nxS){Hb~MQ8QXws%#1_zBzcv-)glZ{-i+#o6X>&i{Q43S?-bJQR= z-(*vUO(4w7$c{!RNEQRn{Pg@hWN^o`^gAZlzEI91y4DP{7))hl> zoeP!cdiwf~SsTCUkTHl{%kQPHTuQEsIF$}kOgd>bI6zHas%!ZN!9|RuO<3xA- zx7eT;0sJTW4s(XS<|Mun#ltJy>?2~6MpK{=OQohlu<(`hh#6&y$2GeXV$!s;U%6LZ zUx&t7A=-s6WEyK~pqoHn3}^5#1~#=0iN#7I%l93&;*7*a^@F5p@Q)S~ z7>hs($Ra|NX^m;s>^8dnFe3JVFyM!H9ki?S%Zv<#;*p(QbanM2&}b5 zlU4g&H-Zww8XXS4FUgv^HU z*>MAB*|nC*X^laL&A)SexP6~tN{gnqx~MhdsJb-HH~qN z_UhL7heUfGH(po$T3lS*Fj>I&NG@Da@Ji%QAM3sC3dS`XihTC`SH5`gMAxlRKC?fF zvErU`S48<3jg#JFJn$Le>6p!H zoZ@wbJitc+RJU|K9RwG+AE6?%8J`qWK>9=b9RzOoo60+;nTFpoiI6k>Hl1`jJ?0=( zXD!->IHHmoE!0KNVIqGQ^Ssk`HJzeor9|TkMB0R{yk|ZhItUXBrTc6Kz=Z$9wFO3g zb@q_1H_$s@{6_pB4t$!p$6R(e8v0YKCaDnVnuufgToGTE-G76$%KaS?jV_)$!`}b3Sv?oolXM7~)R6Dn#nc;vR5i zN8h~Rea1Ywpj#)@X&UreYW`4YVpStah=QjC$vR^tPSg4B{&E?w*eSZ}n5%^}@&~Wm zzE+d`;U=1Rg+T|!P4exy?Q9j+D@(WCDSCdN=uOU1P*FrOZ>9>)b7eF7uu@@t1Vc!D z8=x3+U>1;-$KSX?1p zkRFgILKZ(Okv7wHns@v9pvPv2y6~H+pDu%8p^v~mGKlW~kt6iE80n@+FCeFk|9RBqT1<+>qmfdA|8C;tHoxH%>?w z0*o>}!Bg}jCD6^KgP>LA;L76CDdh^yrk;&v0smRerLfOcJR1i9lIvv62s`~eA9#J|RFWBtT3l*o)>5@qY4U&UW?es5hI6LF+tXrM8vDBz;3VVoF1G&if-JB@1 zP$&ok^>C!Y$=G!`-<38eVGr5}axcMpL_#AR2e&{b*5Mb{lUTyvOK-2Y=f?ws6A%r$ z-bZtE(VwZhL`-IoUR;*KViNN^bs^gDoeo@Z(n#0~_+y4KSV%@iOzkaSG}zSaVmM`vV7GFIJu z11=FAjF_hNzdhfTyZ}a-waxTgrdKY4Sd_82^gPecp~a$v|9C1Xf!GXgzpErrhE(~2 zBWuBPh@IVizZS`bv+^p6u8z^FD7M+CbQj}mM(=r>A#rbdIIK%dbad2Rx`g}86*;(kASoA^EO9Ra){$X0iOf(p z`-K%Gv`n`Vi*}QlV>GaoDSJS&TeI6houB^nGjf$)rpo&>_%}1s)FEG-Sj32(XqHl3 zVo%Rh&V6;0t)cbrM=*BbQRQqmY))VX_LmL8&>mUAU|Hgg&$`-_yJl% z6AGJ%FPo_vr+3Oid@rUz|GU-m%(N_nqRFlp2MzC00AV6P!XaHXfL4tvG^#2)k`B#< zTr+{`3qv|lFVu-oODv`?0wjP8o&fg5i?t9gi{esh2_!X|ciyUS!py$iL`K2aM4|A+ zN&%I$kym6yDvbj|7EWvHL*KeaH;E8S3t@HmK-#M@$ql*1AVZg-IEVQTN4uE}myvWq zd9Hq!^>1MX2)*YHRNvhWbjq~2lH8v~si6F8n>F%X<^&gBV%di?t^20f z5bU4Rtp7#-T&xsrTtb5gjfv5LSQS4sZ!T}HgM$kc zH9vqB097qfa3$J_eCn9kZ=}({Z*R&Oh^?EF{f8KlehF*$(#-|n3YQSrJzB>&X!bqQt zp8QX|)Gj#wb@Xk7Aj2`M7eD!aL443@u$={H7Z{pnE11ER!tbK6S52Nrrdsp=`J?n$ z&BIr}!@D;T`B5}hkAxlQJ!^o+_G-w_fLGhnLgR{PXzwd&ceD-Z(But~YL+J$r1+xT z>ry`Sf+VM7jw3a_o;&pcwsh_?%OX-AsuNUiN^959KY>a@^o8Xy=*f}l`p2|dD?2;; zrR|KNg4dZj_@aQMpdpW{2j3I~m(g6|+qJ%rpsH^J{24qlmXO!^fSVH7L+$E-fMB#D z6ZtTlpz(Vd%LB$nr@bVn-E>(m#Sbl|$?@t3+h?{J$CdQ$hoan$(OEd{{^3Q>zRxDS zb4nrKip*_q&#qFEwm#I-S>p>x?!DEGrQ|=9^H{V=M<*lWc(*<1Z@bOHby*W5GyH-= z*lz1{J8i1w2Z4uVXg#33J@wn#tcR;9WjJ!U{ad<*PWBj?kM9@EZoRPGtNTW=+`joZ zp}wSa2TUt?9Dp?d{@?(%-O(&SK5m0vaKOa^DkdR$Fo}_n1>BtnWF6oyeG37$+8f!hnve0;VuRnjpeYAZXF zMS%O&E!AX;1%6u!92`Tor*q#9aWx3)p`&-Tl8B0wD=U+-09_L+P?bZISWek z6Mba1)=lq5pQ6b@G}rBw>$9{m8|=4V`GN+n8XoU+kcHK^_U3?o09DBy)oa~r@#@)g z%RJpVncfmM2M;O*C_ZVG?=f?m<|2ku;vNyfV)euVmggHl6`^R)l=DQChQN)spa`D> z)&wDNgGf{HNVWhEFi-`vXepKV(=a(?EyqznDF+Pka(ZwL?`17NA@5I@S+fGkV>nj8T z%pi9MjmyeeFUt+Pf&h&}{|TgM92Quv6X4LY1?1j`(wi*6#TR()PJP0qm45R6?YIHz z8Em!ibOCnV2HRjH%=A>z$2;e02T2fv8Nd3R*(JHTunv>rM{bqkMqdsZ%a zb${iuTYU4{d-jUoPJeC18=Hc3JPz+gM0WM4y>sKCYg;^(!EX(U-xxR8k&P{HgOagV z*WnP+JUl<)@au+}$rhq`+$hr9EK{ei*yPXGPF;P_XKAeM&DI50iUwe7pm823VBw z9KrDJ*;)&50Gl0FC1M{_<08Mw#FEJsc69isvT6e|s^`hE#e4x&l+AyR5Q+~KP;{(Y zUvIuyhO~XAmn)i8xXeB~Rn~94yjEDsa?h*y>8D<=xjy`oBB$ka9JEcXZS8M3p8Sdp zKKwGSpVwkrNpBPk_tU@G`ADr}a=5hdq1?Lku7JH?|p>uJaC5U*Id6rwYC9#dcn?Q$cRJ6a zQ2Z?wB_+B;4GbWC|IU|h|1K$x!{AJ}adBmR#LN$zfXM*I=Nl=uFQ~5=Rq|SLzvFXw z%d~0VAIVi+KN;kt+H!Mqfpxm7&zP9Y7$M2}$ycjhdF6fwpDeM=#o%0k;LA7@Ln->eppqs@R zgVJIk-Ux(lGSI%%M;Hh;TCq|$y}f!#UnT4%1-Zzs>;8F4mWVsrPa=qj+`9c4W)n8xL;6p+7e+EcT&(n=&=WX_P6=bv2_E+g*%^>Sq-dtVb z1mQ_LM{{R(Pyc66z#qM1v{FpgtGk%6{=o3&gK*bXvcug?|D^@Jb#mj-c<~#XGt#uv zx8(RNuX$cbezDaoT#CqkhD<^{nA?Ply!?wa5DTsz?^Igxca&32$`Qw=4mcC_b2@Brfm-pE=+tA4CXQiN3_rYkrVi`@yTOu7$V$ ztDc_b!eF6`Ic;RWxYsW$2fisAe~5aCw|1b!xB5=$2dDC{3!WVJJeLjvj_{?j2X}zV zo|@mH;v^@0$ari7*W1{3jyq^i{(NGa+-`V;Uzg)KXFaJN>Y$zc7MD@-pH8`m{Og&k z8@59Ay)>iycXaRDRGBl)pD&AQ7aU689pKA~({Iq}eM*@ArOO!o4`fCF2pnKKkcig2 zriOnWO!>%a2pwt>Q4E{2ae?t8qYm)g8~eKddh-~0FmYt#O|QYrais`!bZj^2*vRp}FkW{&d`Ihuvh#E*cU}%S>NNjdN$_aBC0_K}H7^nuG8!qc< z_5buKN`O8^gElYU{d2SRG&~irlCMNg=iTM=?&beaqvA|v1z3Bu(6wbr9G|G|M@gIBCfeyl3V(k=YW=@+i`8WHua(bb##cE$hH zF!v&9eoJzj9EExA>Q8_0f3Lp!9~ESj!_fZmwU-TYH4L%ulvW{`SdlCS+5gpM2?`Uf z0j=01#~VBOhTm_loiH42CZt4X1?#gNjMs z_?QbwNr37{&Rbkv2liDkp5p$gz@Y<~s&5Vc8f2=k#Ph5=zQ?IYixBXPIp!;^_f9N? z?frD^LsH^M!{v?M29x0NMkiK}j`X$o-XF>+{?3g40?1Z?7b=$PDuy*mEvv`RTK$PJk~0 z$aY;ix>H$v0KwL1v4SK_@6tez2oEAtrTV8RQ!CJ58iqlv3ED4ujNIq^Ku}VH_n&9S z_q*OCWMpK#)q}fjCCmCk2FzBB;z0;=u^l-;ox4UpOAVl%&>V1D2v) zg^QSs0;Tw)1kWquG%_EJ{yhB#qjaG4k7Q=t)P@!wn)o37Pox= zPQa>F1=@Vl9d{qvm`*{q= zC0q{x5|M$HP9!tK{&orq3edUQtI_px3hX-1qa|TmT2o+U5sH;~+Qe;b%*_C53pi~s zsTZT5nU-l)7vh7ITM8g_(o?6i5APL@i1HM_&z~*PXuUrN-W-mBcB#F;kb8~|_UF{5 z8Z-Ib_b%=&oPGI@TejBk;3yjQc?6wj{n%}=7tfnDzHY^1gnoyPFPi1;g%*8b-)1>8 ziD|&IM;7`z?dTMwm(zG8*s}cB=lZjW@^^zapG6MeRSMKIms!^xvXPv|k+^z6<%^D6 zhlOZNu9~{Mwq8z`ZP-h_<%^O9>%04Kl?Sc%aY(KC=P6O71@Agg&#YH8ojS?_n^Afv z)*qUI+MJHiv^2tA_&qUKP#J(emXg|9o?Y;pV{oV?z(bMac>4{17d)+1euH+OV@%Vn zt*um`<^dy1OHCEJ#LT0qPw2_5UVp7oNbP9>3aW#P6?NMu`T{ubUReU>eBGUK;2F6G zB{(ph_5BXSUSCJq)rrY#yUzYy9>Qu_L-Fy| z={h1F=c3S&utO>9oH9Di%1n4^+Q#56DIURj~LjXc<127;sjf4cRX1@F|q!{eGngUK` z(o(rD-+($wVm?k{@O(Z!zZD?A>AK}WL!A@GE@+B%>x+6u=I!MrU)*Fm2uVlH+yJqA zs5cpS00Jd|aPNJ9dAB!bo__Y8w~S*pJBQ@rbMP zA->S5bQ029Ayu|Z2vGrn3^O@V#5ti(DN!V;*n*wa34(=At4J|(e=N{udr0qc#y^e@nI72c~Kl`{%Ui9L~5GFM0*M!rCGi@OE z+RLZOT?@PbibKB%E^$QLcTgV)DDCA*hn{;`Fg)^s5e2Oac2@A_CrC2Y!M^l|u2tmS zp4fCp)I+c+vS<|1Y01!(V5xNM&O&aT0fOX^z2iW1OM(XmMh0m?)TfZDDxp^5-<%FE z(2~Fs{`kf>eR0bre45r99J*_S%4GC%H|oLa+ZObXW*Mx9G+`t%dUxuHBEhkDuc77T z-vIaGH|^pskLm>zK0_WV*=&uDH9b4i878s+dRC@q=M*I9&Axoss(W9BCv+#?`j1VD z?^BttKc2_0-RE6L&M$a8mi9q2x))r#?wNEn)X}OrJzJ3ZT79O!U3;0aP6$tE?~+#f z7;U&?Ur8+`RAul$77K-knDpFgnw@#XlUy5m_V3HiwkNm6Wg6)Wb-Lxf)>dT6MA2rS&<-Vk{&q_1&T z$OK-+Zvq)Z&!4B7O}ec+S?k^SUB70Fv*owMTS_lF+3>bT7Y>6ae;Djs+}zCn zb5r6#GT??Jejj&b|0o3O2N|#aN6F*LM>>uL9*dbAODnmpjTxrH>oGn`Ng_!_dT!-B zk4E?77FRv%T*jyM3Hz0_zKupvT&OHq^Qn(zQb}nT49Kb#g+igvD|h3?+%tRMaQDV^ zGphgzmZ=+s9Uo(RC{x0 ze-yZozi|W9O!Xc~*bG7BoHO9L?UuaG!AY=zZ^T0>5rsj*(U8!9FQ z7#O;vAH~_&`{CZ7GMzT$>P`@fku1kAqGOvQ{|QS9B$oC7G=j5Iw?Gdqz`O1$L&Yy} z0aOXlg-j^%cn71|P@hmv)_Ect*q*1LN2N&EOadwaT2A$c@`n*>MZ$nI z&dz`T$VM1an@;|4+(Ce$0SmppoEV??HzBh73nwj5(=MK#o*k{b5AJ{MiQ{9B;cw9h zAY)IwTGU9c7B!8CKe7}i%%huInEAUg)go+ThZ(<>jhcO91br|>ST@YuBufL#h( zG(yZ6VsJ@?CH}LzDK-#9{qKze)+@xC`zc#;f!|^mpoxF$90JBLqmpi>{D3d-3%R>? zl@h%qVAF5>dq?`_n7iaL{^i1W#*C4bG)mZW{)6bOA!~qc-CN7q*hxSw%wsYR1+V5+ zfRs6cvI^*f@V2GK6BEYjsb>Oa`@@0E2fwK`AfZ#npiacOxfNWlUL_Mm2qIR~ zc%xX29G}mGk)O+;^3~mE=VAuwT%rsQ`$cp%x|NN8%qggluE*w9+d7XNE!oUGrJO4< zrsGsh=LIjn{qon%Hq+H&kI^de;=(f2W~X||Z;Wq56o}OD9cnkP`#X`a;`OR!@mAa{u#qfu}V7e&+pq=zhBisr10ZnU_6+Riq(4gfoq$S z7i^31+1EqZwaS0dM+RgiqX-4&)jMwhod%eCcWdjx)=gt47Mg^e`6uP?6+cVj()rji zJz4WpDfF(KBW#^(zSc2EKKuN$-1|SVDc6?6z0Qg0AE^Ra&V!5(4SUlPY(87V(v+E~ z5K$0iC>x+V8I2)rCr@)?xAI0rYNr1uooRo{zfJtCZ8L|?ud>*Vb&jVKJHgU-el|rO zyy8xtvowp8HKo+d#*Qg+Ez>0(->cEAOy2J@Bc2QIV2lA->Pk99p(6uBMFZ%#CvfF- zvo?EGK#Dos-Kt)89B>X@b!EJ6PGfp|{#W?7Ck@rwW$Qx4n@c_gEzWPvZ79S4tAOZJ zPiw3HKCV3|Y4A9)yZNAL{619rl5cLasxU}*<<$2}+;!&mGW5%4NqY5P3hB1SG5LpZ zA|4Ja+n_efb-lp3^KYyy2*&@FLV$F`j@191aQHu}LBjYNnrdWah~j)T^Asdj$vnY# zzS}A?K)oenP@{LXZreFxnVdIV6*3w8J9a!U{%@KD0}1SAmqL=zKkJ)6ehkf}Uw)Ks z>0!B|K4`r0(Gi+`AojvFJafA$cM@?8`@R+`yXzqPx}Xa5)w`pe>Sv4W=vNg{GZC~) zi>(BGWkpR{mS^S3fmnojf8mb)Z&KykvAXDH+74N7j}WMa|9=-eeF~kKZ3<=$n80eq zRl83Yt12pM*t&NpSH$4i-pnbUl8KKBOOgMmP|O_v5%2NZr3#V&!95Cw;nf4yHn8;q>6i_3>hb9*l!zR{_+l6J5yB912729z zoQ6+<0fBi_zL3fP>-tv`h@#wq$2lR(QuY;W=-vhjhWsRtf1$9B~Uh)2? z*fP{)$c+twhqxtlmKL%jP3ZythzHc={$Uesf5HqBRx(%y?fW)V)K?t`4uQtW<~tXd zs9toa z5K;lo``+o%6`wHI76!v9fFf3{a%FNWki&qYq2UC=24*0W))=j83(%$Y6sQV)AB|#T zqpq(cKcTZKU#I4^Kj{IaFf^bcN|s&u+b@vIWzy7F%>JgydZA;!iN4_?0+QN~55TJ1 zWCE4$;o)INqD-tB^H7Zqum*7O;gV)yDKo91bx__UTXLHetZhgj6^MiMuTtM4YA{?g zLrqQOGSG5zCy;|yf6@Y~RlxN$8T%LCpGg@2-T^7jVy6VNvJxV@JjWo6hKmQowkr>z zh~)!e1$&5qhzq!Im(o3KlL-ccD^X&4)zT;y2@7yCAaXUlRG2Oy`z-*2F_)l2H~eMv z^xz_asUuYc;$wlHUU+k}-gjmemuFU;J?9rvWw9N4l#4cNQ_1osv5q|ch^MH_g+HBs zQT6~QIH87?;L%Ak(c{h+rAhgh=fPD<&0WLH1}mh0D4w$yI>KXMS@>8uCPx;~q*Vwqw)F`phJ*n9r4U)C30pBIreT|mQwL^T zr4-L9XD@eH<#XJ926Ho>N7B-3lJzoSEEkBYdt^Ze>@-fEOM_`*^*}em7<==+9Zn&* z>%3*14!1 z(H!EqO%(0)hago$M-b>W2PrN%6mwGSbvTCq7y6C8t*ti5+JI19U0v;qhuD~#b2vM) z?fuYLPE7k0r#g7`Uw%XbOL1s1GrGz4Rz{{ zKngVP*^L_;A}9NYT`fwoEk9x_IzwBPbRm&?XANm|QQEg?jqhdn>mrrx)@A9to-li2 zpDtBRg=<{wy{6dFXiMRH4OB?iN7I`S zKphg*KZw2(>g~p@`!@PM{|F8R_&WbL!7UVcqk(eb48>ZOj~nBj!iL*<)s4hOfB4D8AuGgx+kbg*=2X)}{Wn zvzY%hdp&yxNr{K5S>AqV5*Z3{q!i%((kQplpEeZt)VlI{*r0&t_D4-O_^4kedv-0j z2Q9U6@`zF^fyXplVs!Zj_$y}9Eheh(*69NYPAC2gLZodGjCj+Jr7&evKT}KGQd3hC zzfzHJ`Gp32ltRN^M>tk?|#1g(d@*ioThoZCkHf1bshgO6cFne<>TCd3;+bsV=eF zCX_t$HF3TW<<3Jb^S5JK3DtSWY#N?Tg!wu-l=nm9_eR|2P!_ABs@}< zGPaFgG3w{iBD5O8lt`oT!ag;Q{c}`&#!gSI$6-e2q+;-DX%fG~825{_Tefx%BbA$- z^|NHO&DoogRnSb8p=K#y6`)+<5tGU1zWMjZTTBW?LR2 zKr~_r*e__6yoKIKtnvz|!h^QV@VG)Knu%|~=QM2b-j#p#{uwpnu5a-as3MYn09XLQ zp>6XB7eb7;0t!g42Z6Wii6X>_5Oi=HwNP|F6DJohlkZ6o&Tl#` zpIFjpgK#wmyTNLGBjaK&mYUU3J%9}-XUD1%t5exoTzi9ABR09t*UQiLfY3e!v)Xhw z0Q34*2!@A5SFCTcRka%gXohCZ&MlR{9eBc|a^wQ;i8dkmEYce-xnjp3k6g|}BC2rT zsi(Z8?Vl+B-NnT6VgN`k0u$?@WnT|~l1U<-9}aEmf1mC+iX!Sx&s$iFn^cgv_dXn# z!v+coFE3lm#aCP#KyB2bj^&?vvtTTPTco8{=?|t7hmfrGXek_QND`nRb?4U`?-Bga z>N3Z>Z5@_gQnnWUfLwh~R5VPAhW)rnwVn`xIw71q( zt#J*pIVCjRtV|H_be~l$1N2UWo`iH30iMVhQkA@lq{J(7wslV)+1ZxcZMBlGniXg{yegHTYnI z0@RyEgQ2=%8fSgu3Fg6JFty$hVZ(zn`hp7xS$T6`D>MdAB<5^qOztJezdGkd?hi|Mr3#V&`E=l<4@h{S4!VG|qFSV}^*zyhvg?*)>^kuw&Arq8A3|-f zFEJI_W!!AztE#8;B$!XEuOqFrh@K{901ZT$hAVo*M}6)3Mqzi$((6aI&>p zi;oYtXPmoQeH43hWDjH2tdG>ti4<2000~{0~X`0eVxeA&RRL5W-tj8;F zKKzA%Vh&L7;zitehv7+-O2cU66bdj;cH*w2w+7%sL?2nigZyPq~8pOa` z`r-F9NrUvx73gJ|A&iuuKBIpPyW9^~w_&ORvgQzo=|R#TdN;nKcRs+r4X^X@?27Gw zuI|OPZ$M?c0?h&b4u!EYP{CHH?lRMaxr9a2r2U`}2D#6OfXGsi8C?=CK6FD?Px*aX zKmjw_&1Y=7wZgrkXVOx8n5;4+22|e9Gz)^?M)6)(Qc_x~u$^t`AE?fejncVGgID-$D@pad-97Q?9GN>Y~Ich*9Cr|_>H;LD+e&3tB5ravC@!}J8Uhho$nAB~zX8Cd z+#W|D9rC59``;x}pXWIP+7j&8)319qN>09kH`ql$h<$SIUEkuyck{C3#S-}lXaq;lo@Z84y1 ziw{DK=3LgvKf>^W&{YUEfvKzwk*)7EClOXu&ygMK?=p?i{}`WcrYMo}=B-2!#yqC0Y#LKYuGH}T zRO|EWpUVf|aZ;!RXYG49KETfc3xF%i&K-uQ;#?I<;S37r}>wJcA-Gc3C2dxeq{8*ms)yRDvbh~#>B&<&h) z9b6g4=bwnZnn-?8y&`B$li~R!u9u#njuYXK#Srrmt*PTccZ~!eU(E5v*M9nMg~U=d zFo!{0^4W(u`tdbl^)wv=-frbjjc0`CuU2mrNef)gR~%1{q<%f>&A9sR_o?>8;lXreBmnISY$6Lxg0K$52PO6fyCZWjDrej<~s`)cyHrU4W6FB~Z?k0eo z4`sE>@iVD;rRhmsPcoUS>`)TvlPyk){L67a4>Y`&FD+&~FWXgSV?JJy+XUj^Mzl>i z(@ssZBA}O`0Fr#>-=$^V#acD|&E5~Z7G{6Mj;PNJa(j3wOWh23X|(q#_`kh>e^5E# z>N^fvT1@y4&isEAi~1kg_WrMeS0F3!YY@$roe?r`UoJ}hS4<1h-P->39^J~z$uMc6 z$6SOJZ<3CvWC!UiR!9S|Q3w#F{2b&OZh^;~RW|O7UVEOqgRG$y4Gj&*D_9+3*Uxml zLqkK8k|trMv{;1evi$*`Z^c0#hYsVcg+trj17g|3QBdNx*8%!JBj zz@-2>60{2ITaAW$1w$x93m76GCUS^0{|YGsq6WXgEdEfp=uMqE4|ia`!3E^*Jr6Ts zP$Pt&8hl~W683CAZ4Qb7sET{#D})NnnWu2~+!ZpP-6dnkOWMOqN~dRj`h}vdmVk3N zMy1^&d_yQ-#3H^W*Su*ElcJ@2*fe@~!}7FyA@8i1UY2&2F#7XNPK9ua z@zN$e={Xj}BV7!{;ZiRxxR-!ADM-+S@+NJtrvce9Uh6&@O)RVhF$$oJ!BzH9CA|~4 zdCSaAF_@l#={+_*{?a@Ip$iD;c>K8f6Xcrwc5H8CXeC&?+&-FgUvk=bUDCOZlc(@! zDlX@~Vp5f2%BfErL0>6P8<(u1!Puwoo-!IGCQyd6cXDCRLdSkD`fg7qa&x?jQE<-7uH2iU zo{8DJ*v`V&7obv_Op2@K5vb=dpF+o2I=bRj$P`s=HC_o3nM5#4d%aGP53m&w3uXnq z{0;S6hUV9u6j+jel6ZKb@DtArAkYTvLL~U+fOpmlr5m|1%7hhhqzR-mFi)6>KDI(E z3dx8-j`vxZPQ9&C59R^E54o-mKI%ntxUbgk@0Ip>6*z{Mk{Q!P-^56RW$~m8~bJN#9dAYI*!u6kQy}iqs;|fOvf;4S?I+;IiTV#7% zNWW2w#B;_0%+Ew7`A=m=xwIO5rOfWsIP4$z$RQ!>v`U|C8{)Cb=yH%#BEMTRVVTZJxO@KC)@0@3r&gc1 zn7r}yvoEouKC(j`x=~MF&e=}i3aG+M3ibPWQXp`Z${PdR2Jvek_c;M(!mUKXX&?#r z9KSCE$UHcA-gJF+1gf?n5<+g^&S&!O1yl+bL&6l|4NTCY{@fID90J`Dj6L9G=-u1h zHJ_{%VFrSh4MYiOUy<=v`wBb_G_k_8qMG}fr1BomTgZl9^E7PoFMQie;~FhLjsEqs z0z|5yvr3}yO~7651*jPKvh`;O91_#x@P=^U1@OL#cH3mPQ^0l!cR6l&DAd6}>*HWH z>5ivVZU(sofkc7JPrBpwP=WiY(>?5hEVxO4^oiyLGiMcu4FGZ$)xE6wztpDibbiy6 zX)1u}IXp}bsKyz>#3w)^8a4+?odE6GghK>qHI+{}6^jykBuMl9U1AxUaqNV?lqAm! zpieqqe&~V*OQ6be>qT1U#!D?JqDBH$AVJDD#01J6b?<;?Xk+TCQ#{>VaCq{5w**z5 zRSfTjozSw!W_WM({MhgPDoX^}?xPEXh+_z;)u4 zmmZ?dEhhg|ViCOy+UmNsOZna{IN8T+hE0`UKrt_nCiCt5Hx(BUjWW0@L@vbl5c?{1SpiR z$|QbVUyuWpDOf7W>8hv1KNg>Ku$AILAU%uE&FSY^zR9Mv%|#4_Xl3tTDI>IHl?T9dbZwo@ovnlw{pdOw9RCJ-k6)ohaYgeI&A z&2OO2I-?--+1&Pb!#QRgrsC;YobMi6b*Fj&38JmdzO#%3y>;0^jAm}E+^LI-3pHjP zOH~f8A3aEDCgHG(Gxw*wa%x;@d83uWo8IR7S^~zY)=(k*2}4yP#e6X5L$Kag*ck19 z!szFn+*CzLbY1*|9ge2M=0t)(JLeo)Asj?`&(7x+HAj(HrQKnitNb+ZI^B`X5t2RN zcxS-!P7`Rk@u2$Y?GXkRpJiD{gEDzPi}mj1;ETr+s;q!LGJFmqYEncS7K)*~o$XSiND`w-BKgV!dzrU~cIrh)JDh?g$;3N*Z1B{mf z*tB7!nCgb*f3YJ9n^(K&4JIoarTimkFQ6}9R2P%#%TUT#Ux+Xkv;@!Q4_T}XFv0(l z*xBFr37s}x<};fnXZIrnDOq+=Y+~>_q^9cbL{Hz|-ToPO0Y-6|SLL^J1Rz5T%O@3b zI_iP-KO+jQp7=Tf2BYFF)7Oe$%c6#2rUuxj>IK+0$u&kpLFp~WzGKT^Wr2Fd@>F4Z zRw^6s^~^u;X{`44#lXb3@~hRund(z~=>%aJTVc^Z)yaU}()9CEKKk2Z?k*cMk0h$A z7xVeQp(u+WGKs?-i^A#c;QVlZn@O@^5bvRUf?$+Q1yqCC;Hf>AfHOL|zP1u$JR;at z&3r)*Gz)r>WDnGO&ahbAX|>TyQOnnXe+)a!p1zvDff$T4bVIVe%K5UzSSsiu#US?co&9#F~? zc^}V_-~2*25A}F`PiOwsx}OqSj_z{qDdEdU!|@|Ceb56o@#7a(^dnBTF4v>2WJnQH zT(=4gCmumUX$)ljo)d?0CSs9d-R_ffxpD2E-vkjh348#dp>wmQ*v_D1Nu}jSvw9Ev+A%C8@_?s*7M`sF z=p%2uQsSDW?4N5${>ajZtS29Dp~ooS*Dv(*yG?m3 zK_a{9s@O75EkCh(7`;nO*oIu5cAN9L^=A~0ZpW%(Q)?O#0;uhKxY06#95%!t+nUtk zND+ZXiebqt0G(Fh*k0ZXn1i;oFuMnKHJFtX;Af15Fd%tTUHQqa(jTSS!zmNq}YE3nyqJ^{dz zcI{mi99T1?gp#LISa-lMM7!PCwY7aX>6w3Jv3!c+KuG-Xt_DpLFDYHBd7;HpE9M-f%UzN>QQ)M&GPns}z`EKn-GhWioVUQwX#N)=TqEwC5ph}(Lvm|3 z4awa2oSO6ev7Uvor1&$vilmXcDWxnK_|1Vh2ZKog9Y^(K<8N394;n@ESY7+&?uNxg zjvkKG*xUjt>2TP@V>j+<6OG*!S=83T%Zc>Z7B(2m>3jCrwErZR?9{`iNos#E=k)sR z+1c}+93k_G9cSsewRdOt%bj|Ql(x1D=~q4XyUHvpaT{BuwfD9H2a=rJ*OlB7TozY1 z72_kTel#`X#V~2qH5uK(6<(bJ7X3v~ zz;-@ER_C&sTgGL-^HBRnLCk>^nYQ=e7jaCi&C<4*8$gA-fMvpI#54me``_YW7u$e? zrrtqky4et*4ut#O^LQTp26TIHPy`tDS$io7E~jZ)*F;gC1^*+Gf++A@6OmG9dwU`2 zbXLn4ipfcq=?63nBF14@+RP%L23KNP3NC^?$|!~EwG2fh-*#(4ZgV@6mKvZtDdZr9yWdFS91KI!bjKQ9baj3zD1#-m4^ z#~sPcWGBUgj$Fi-T76;#JkQO+X>&)}$Slsvpfp&xU=|V?1f^Nq-b9N0i}Ch=c|K<2 zh`nBxGu9G6vhNY`dtjTT1_+pkexQS88J@=7eLt#qGB=a5Isx!xxettuAUuw!HyCf@ zo1BoTmv_+~V*>s;n+am4L(52fw*sv(I5xWY6>6|AimbS=WM+iFdL^*(BegT?Hr=hC zCGt|0?{A7c<9~DGz$f%4R1~I*m~>PA{ToOO4|vVr$%m%F!p6X4p&T)= zD*Fi#?b+^|Au!lorR5y%rL&WtrQL{aQ*Y20`1)tJ<6(YDiW98y_@#5cKVa@PXS{Rc z!>^vuM{~1hcr9IL1Z?XcA71{Oypa6&^xT8x>*Z;|isxqM=4Es8fQO^{ekX#k9ieh$ zS*oybC{)LOImPlr`(ylGyNukdFDbvH1!dz&*H_QbWF)jK`FKRTXXu;N6RTog$kAe4+ojy+fYN;eu#I~_y_ z+S-&do+~H>=ltkIoU|b_85KCwx84Vj3@ep#BS)8uhf&o6GIdz%prF*-KfuR8FAWc! z-Ay_;mOU;9EEuEnZW#)Mu@Y~55PN`+qD<;KIZH!P>IUAr{^3_T1~R0_80GN-iHrWf zf9Vwp|5s0l_J|)Dw~hH9-&+4PHG5>y!g$1g^#Sl>226Ue=KlaM1cWcMZ>{E}i1wsxm)A01U~UU1n@?2Kv1*_*HjDWSNM z?gstKIi;D@zxqD~+FOm6iRKxEWn`!B6`hwa`H|b($Lo$t&Q$T699LIji0w!p2@keV z;JQlfl;?Z$q@y+U%7LJ(Mc_ff{q05+Pr0|e&}*L!)3tW z_N$Jw$yg7#DW05$D%dW%ZBv?u0)YB7n^5(+WWZuAS;_NW-{DK$h-d1lv zTt<<*GnSACmnt+sd6Gp5IQcN@kZI6CfpQS`E6%2mh^rfoR1P8UURnIDuy7-9`$6+Eja zzjZHO{MpaHgUbPH@zshyRe=vndNB+=d64Iua?Rd?rj2f3QD9oR+4JGoL4EYrc74>< z!`rGmu~q(?;%w$m)|Z94OXc;U@cq!b6n$S)+^oHz8C5*t(+QP4tFzw{+3U71){FD3 zootUY*s}K=+BIKOsqBQ|7$*OsTf`d(DKD6a{T_EWNf3{}*y^6EVk~2K#kQ?w(kz>G zd1KgPMfQQY20JC4cfb2i4h7aX>K;b3FMhV)==qdCwh|urDl;j$W$&O>^tS57!1O?9 z<@7r*|wQ)#XhCha7(Vgt|#mrcf0U%O8N@Rk~9|r zit{|z%B26vyB$xMd>o_ep|LfS(ZZO7 z;sV!Ye%(do)N#g*c{oW)%GKogpZ(B6P-S*|L@z^xHiqKsrEsaUfh3f^@7VuTCx!!c zv;|42I*2RZ?7778{&oPXKC$p3Eh8grBi*iB^|yZxH@&Yv*6V@bsUl+*I2GC;Vq<%$ zrt2Oh%6wz^m)mAd%q`EoUg>w$3H-Jx(t!|&W4&`DW(HpOA24HYi}%|6b{37q{HJml z@930SB`hxw0Nzt!Y+i~G%nYl33v6J?-&s{&-RWPjmG{ZA=Drw&gB~3cG-7wiX^S;w zutvp!8v9Gy`D`JDgnl1lRw-NeW0CHa-C(kl9pvlSdLzIVQ)6D$EIYvS<^IxwO`i;} zJ|C#Ao1!<{VR+BT9Vc;^Z+v8*%2)Yzj}p4XpGsf3M(+h``)qn~Hr=axKK(?5khcT- zd#S~eqNSpfc~sZJ?D@kDyRrM8U-?ZYW>o8tGq2=}PXm5t^ypOXMD*Yy7i$epqt!4D zThl{`q&a>A8=tkut*TnuCosix)t1cm(S6o za8fIV`J}I`&oq#8<#hbFj>h+a7>e48%K+p}6zbQbI+2r7T#-rL^1X;uHdi`s<0LFU z?X9VY=dGh{PZouhxAw1@$||OZ*B+Oc$FaUXkuCctO{Bi{_B)TqWJC8?EX>Xn%jBZA$>Bxp^215z<-Y4#E7r+cyiDeX5^FzG%7m&y{ zYYr#a)a!$i?pfFD4?=LLHn@2V&nwredb39hD zyvEj<`;@N)uE1QZNg}h$g$c}kw=X7`8doQ3PGuPr=-6m)cw7O(q%WaDo7E~?32?@4 z=8Nwkz~s<|@Hf2HxU!B~f^dr~xb%(Z=zENg_{2ms;E!3f+my&yfb}1Tn zz9$al>xw2Ut(VV+i~>-4VFE^%Fw#1+vGVO+X+*9c-W3<6)vb5t&?`l@T;j9aErds~ zB46OFpA5NcI2-fu2+nCs0+4@9qeLeyD)h$nd^sa&Lf`K`xr$Zfy9;K>ogVy=z`J^f z#Y8u@J1QCR?~_5>s)erv%lq5Y&gOt8D*K_4N%YwYsUPIgBE4u zPP4a$vjeT@i4>!~EvD;7ilXJ%YhGrITXtKH5F(L3{^nmOuh+KfXw)3+HnO{5Y_Gl3 z%8fEdo_fMCAX$ahhAE=dt?6Ab5Td%_*;^3wP*~OCFwRNf-~f-IQ={tQcPhKxk|9P;ph zjH1@Hz;&`yFS1(6=VN!R^;!Qh0>z&(6!LG=b3ufA@ljG_)t0lL8sB>^vMA3NVYx2j ztC3YQ65m_32dBIr-b+*~J#IFNi^=LWp4szB*K$(Xon^OvpXJP-^0Ynhk-K6|I%jF= z35n`!+3Oo_XKtvm(or{i(j4KP89#0mN_k!v;jubRhKxKGe3yjf7XMOnS!?F+NsOwg z`|}FML!nu!z|2iDR*i`1+536pnN90tV`DS#i&uc_-N`$EQvia}y6oX5&jbcpp* zDlbp?wdMz!4BjEfXUCZx5BAkLNjSG4Wu4IgE!uar##0+aa)0RXg(F8MI>tyMH@=KD z+@$SVCs{ZcGQ?ApYsf|?C@$JF9(NEJ?=10liyKts8;YS4-EB3-=z0An@cO|QwgTyC zw}0Bs>wmuoDSYoAWx-;%?;~gC&C+8dT4tCrX`0tH{N4NK+Bac!?NLdzn8bJLJu<2x z+A3e(OmoEv2P`8{TOWSj!XbYk4|m15#(4yN^X*dlK5;r1qxav~#TK#KB2}22gZ zw$*qq3ANLHyqMI}^GGrRo)nt4G}r5^a5!=$;OvpTF&JlwnqMm>9zq+fIW5&WtRNlo zM-=$U-c$Skbe&Q0bD^GRvrlEI?=ua8wbyGAC4)e?tra!}?WxV!D-Qm?*F=RUv{nGk z>-_v$;kDOnz6xH=-BrI@!*LYD2@d(n@6)wC$4cByCRE^iT?PK+C6+Kg+O$vlu=`6> zxz53Y8JEjEU(R%AQcgleiL_g$NyY?gV`11N>5=Y}*kSwQ46&95f)KK>oJ2uz^C*MU zIL@jvK*W;Hapargi5!S!gydxrz#SN*B#QAu1LMQ zlAUk$H!YxX92d1#Z0$3dWcROQAPG5cy2Xx{_hP2#WL0#u05xCf{8XOZNpF5!soK8& z@8d^;IA;U;1KZnKN=OO6*er+qxI^Un21&N)ePNbEvgYgyyU9Q`H8K`x~cyqNisM(M1JJre`fr)?Jn7-M$_qp7#dE?uw?nu0ItCI?vmikMevUnzSm| zS#TXWk%8K_-;7bmxf`XqR+q=>W^$?|I>}+YQ{5i1@JO>TZ}LyO8>Ra4TsA_x+(Ds= zs?mAq*mtq=j^^dC+CNpdbg`+r-zLS!= z!z6EdM53leE!ZZqUxk;xR??@~BXSsDKyNb!WRI1XqO*HxfXCIB6&$)W&8i6a=9!fIP(j}ri4o;Sf%rcsa>o)O9fd&Oh_N zm-{yNH+!9y-s4_{r_a+h_tff6NSvPk#S-35c^^ccK0E$r!VWu7Ysy!^C(^Py~sl6(Gr4ZD^2twZU;P1V~xz$;?ZBf9IDxB!2YR`1AZcu?~X5h zhb*cylmFVRrq`=?bd)RHZuMC4Ds@y7zaRAxjLKbLc}Asjfb_Fo(mp48bVFZ;*yZKD z2r*0aDW1o34{^(&@{oCVs)oW{h=p74#ZzOV>BQtFopUboQAtBn@`B=zw1XNp7Tu;% zbfm6n7U87_KJS^0f4}&_!-uV99{R&;v^Z2-Gvty(4SYg8Yrpq+)L9lz__a=(bILVV zjIjfrTPP$vqc^A4YfUgVs_$0Rb=TcGPsN{5s4a5k35H9He%~#rpLEf&*wzmNj>? zgzL!CSIDs0*&gI&<&HZ$>FDwaww2k33r(kcB?O2%QL9&llaXBCCGro+*iPs07Dd$y zH?U<6Q|uo7nYh32rsqI%KtMLAS#EJBm!*GMY{ZIj%ybziX4B5FaJ(Z?r_%IPXY;ZL zk+o@ecAuAj?&FxjrTzNC);9Ix*kwk5{iLhsyFy(p)sxc2FWcX15yTIjmV~RO3-a)P$(0{fd^ekEYHbLln7{ruRdxMkA$_^% zhAT@t=(8;SSSO*P7v&tuhL zt9YGB$)n9CZ&~FAz`5!1J;EjNbk8H&and5oxz7@~vJ_!)6uwhN)KS5Lt|x1HQOYSg+;TRm)Q z6QJPRA;QBkd%UQEOs;N+3SrY67FRo+l=>j{TK^it3$WJBxU{3_DsPnXNb!UW0I4MHELwl6{ML!Xf+%nVi+J(p*p8bw&s;kz~;>HcU; zS?Ftz3S_CQzdZeLn@TJtg`(k`Xh>@piaR_^F)vk>QbhviS5BqYS`4P2SF;a-`MOP`c2 z4o;n-9p11;P<w4lCym^p95L73R1VB`@eSf09av3#RE_Gl2>Y?2pBh zx9HUy*#26_EVTp!|EXYE>w&iOh>Kx^UWK!Oj@BneGbVyHb{Doq24ZJca~GTiBezab}C-T=id%| znxJ!6K)|_|{Zjdk#!PYps`@a~nby#U7PB=vr|xL>r}N{D@2_4}bbr0HUC=eXf7FP| z89HCdwoY2-DzR8UP)8YbH>9$?(NpQX(%Ec{ zo2a#R$VWDMo=zCUt6sep!K>{@*DX7FI%t@~t7$erG;Vww|`@>nqdGk|n!?(#cq+mzNUa; zr3tbM2&Lb_;6Jt80#v8uk3C%D<{V{Y;2^eZ=QQ0pPdpgR7j%=5o=#>xiq=1#0YLQ` z$Q5El)1$AKu|?|lB2^R#EHwfet{ZXP%#z5)_}c_b%qV#>kze~^Zrs~%99ywWPrbb0mud( z8nVpo*js{c@ENVldFgGqL)N*;c4(_@Y;maWD;($&zNZ4HoK5hfyYWSuDTtWTjJe(y zJT3Z}aS64&xjJs^k6(s;S2A{mDSEA0W3|i{W&IJNr_Y~Zt+Gz#YLIE!pm}gLySCr! zbKoGH%*dA)qvVsPO6{^&|0pNK97?IarQn*jGK{vZPEmH#Bnx3~z+nCTx^PFm5iM6z zm?`JYB>g;vV}5r>9Ldb&goM<+B{Tdu^*h*q0R;wjSJ9NwnZ(09Totvw%Q59dt^ z6=+F^R5CnB-Cc`@$cphJ@(L=g8!u$ zG0SzicQUoPyS@2)9VXJ{;^-Ms)L_9toG$8Ep@vbnDrwKd&WABv{h3p zkdgQik2GqX?7AD05p%}q8=i8;1!$))`M1{G2uv1)7RP*Ecn`AUG9Og^mDbj>-tda5 znWT!L9uct?k1vUmp!BGR2PntGek-jrX7u#s(BYojt%iRLt zW23hU$-}J5DMiQ4D49_~xy(6rKnVC8t7CAphJDtfvq{_RI^!`1G-=V79()ufT6!(7 zY>3+UJNv2_d2`FW=Vx!_=lZV@oFGT!&vPZ zk?9{*B`epgzc4N289YGaImeaPr*JNXiS!k?P@l$gN2^gk=bPnPF(=Yv{&+}$HN$Nhd%8JQBxdkz4wEz z(Yum7u}og=GHdU@Zz)U;t&;DdE|ERu+D%~6NsflXj6aSI>L2?X<{2r=?h;pFw#Oy-ID_Oe zzbt54T0Ho$dVr_VrR0zZZEN}`!fWKGd^kTs=GBIo`0%q3!AT>8EV=d`RQ(N*ft;xi z{!ZX$B8waCyi*H{L%^WlrEl5c7XMfhn?4&Ofy-5lwl=wbDU%`i4UvFRjZw4eC2Q9( z>xuQnLP8;p*Ylt&-}3n=nzk9=xBt62(Wqw4l;LhtXBZfm&M&|*C{yz`bfmtsdCf^X zVo%_4vxFDV=>@2d@zuKCPYhETeAb;c>QY)a^+D2OUd9=^)iw{_H+#BX+POOOBfdM~ zVhVbyaqZr^{0{$)4LrABK6E^)cDOudsk`pKb2kJ*z>AQ>ULVbema5UOzLyJ6qmP94 z3j8$QAALm(OPCA5l@%k_#TE<7)q7hI&2N zH)Z?ww&FgC-KlwxXu;GR@f%$9TaGtvR2noVJbipzB3|m~FA~^o7E-}wv--nan)qb; z3tQ?=oB}Bp%SJ2w8XiiN4fg6G97Pq01JwZ& z#Gf!^A>IV$A|97$Cr1JL#F;=L{3nd+{`gd*PS`u*;r>mCRfELqqb21}*&kz&ey>BC zc2XYeRpVW-AW^W>a2umT{d5u-yBTj*k|`BP;|0Wcq~Tm;nwxAEsk^~Ur#mq(FYp*J8(#gQqMVd+ zKi^)JdCUOq-InyK0+f=p+e;Vejryx|ZW_+y7)a@+RN$eJQW=YrV&cY;fj;G^%iqj44>P%-dE({{0m?eHvRfFT*rMUA+Vhtm*0b3&TOf!tWGl}9cOuZ zT23$nLYCpNR_x)B*L&mGrir7frt4)tw!P7q(xh6A|DSx~u@}MG>*P#7ETL$#0-7O_ z&VkZe(3$gnIkoYQsO>hE=5+$crs+LBKh-(T2SMmK`Y)Jxa%;jEK{I9NA9>(x zTB&0g6|ij3E%O}d-}lEnAr40w4!@cM4%#tT1x)9rUY><(U$|=)(NEZP7fZEYc6^Cc z5ou^+ECr@yw3kY)Uo2_szBrf6`>fvFOsbuPAEkOfon+w&E+La)EtQQ#iml!*Hlqvb zG(JyU5nf}}lMJL>C7NP&^?R;*JvgWM&f5V>AP(i6QbW~pq5mSg>0Iof`;V{_O_mp_ zk*Q@IJ2bkMf|C920@(v;8 zuAdCL=bdr?igqs+$lqjAroe{m{&;#wEh#a*oDkD!(>eYN?e(wOkoBc?x-iREr9@%e zvbd(Ls!OSF!oBB@dT*GvdYkO7uI!xk11n?wb^Y42E%6eN;oV zjsga_ST;C0rj~OdAVQ)9zywXa^x@f7utkzUd4~;Gy|sQMeVNm=opp&v3yEK91&1bl z8e@m^RnIeZB)kn}ybpF4mC|D|`MyDY(|M}*d(6?Q%i+cN;Y<{8>rmEE8B0ks5rU@e z5-?JEv)0i&IA2Twi|W3Su&-q|)spLH$Z;O_#N^S3r%AXhr@2M^AnEi`^TyzqMS8tz znCjSYTI(U1jWF!MmCO0@9!q!RL+1p5LEI_BSMcSbL=uL;ljOIKU~`0Nvd?t-oQD)& z16{xzYZ*fvL8jW3_s)o_Mkd@WAUjTFf$a$?&9j++75Ry4Fe0vxg-Po9GO0cOqM~eP zsy7M#4^xuVqj5*q%s%_;V0UagN5Ml+$!he{s-r(suAR1v=dJ%th7G80h{g{15<5N;$L2EPY(x$wbS)t>A_1^6gFEru=Hq3sw7mF0fwjO62bwt0WSp7CutnpCj!Js#=@RM>d{}S>f$3^PIOOzcOvs z9Nm^q&oKWX{GMqSoGZQ8yJ|x(@L{Jh-QXoF(3LM2sazSx5UC^$}M@!l*eRTod=Xx$%)h?ZoDj8%Y7g0 zB4fTsrSP2%MxF^Q=o2epJdQep?L(K28cJ86DHLo1M+zpt6?pl+Bv+9^kkSq)nTY8MkOtXSDp6ZfRi{2r1`eD=*Z+9;!Uf7iUn z_U(sg46stgOmeuVZsv^p*o9&(`f|gDoWiL)+`(glG&f~HYg-&b`D?kiVxQIno0LY# z=bAugdm@bAgi5QQaJ|3SeS^7zt12QQBKDiXs$h=WA(y*NdlspD^POor5|ZX{gFY1~rDnDrkS>%%^YaR-(hV$f zl0j>noM#3!Ejui7>_m8D)O(OmF{+4|dIpLb3`#>IQ z+-K#yUsd70u{I_&HQ{7{jzjfFmWR?P3rVOec+uF_oZ-@56gOpVDyqw!b^UpyagL+jSh}lXMcv0jdDN6L~TS~BU*%+)ebUjk=SrX}ya;rDN`jzFU z(NL{o{92h@^69)1?9OmqH5XYjg({KSJjm+upDs)Yf{Yy=`bv&f>U!F^cj%-UmvzO6 z7S5gtb@0Qo*C4Q00IXLSlfIgtN%+6nDJ`PS#>tI?mZtfKtn7=TIo5v=ckjXd^0;vw zg22`uKgvWpEmm7>dUkoQiPWp7)x=w=f z=lPEYaO146xnLgNKO5G8vc2UjYg5lE-7mK6TsIg#%lp*_ch?e6c&#h@EK6}b)hAYR zpG|*Wq-4s77RYrjMI;V$K38`5K8^2QRBCLWcwGje*N*`RO+LS_-g&~ink>oRDde7ClST1eCL2bA))gs_@9f#< z*b%-n_W>snLHVK4JWtXQ--+DmmxGQC>nhE8o8`L-o{FeQd#or1IY$W_9KdE>dvMt%>{I84cUJ3#@z?aksIty)#S^3tnk=(rKndc)Q>haZ_izUpx?Jck_p>sp}rxo1?E=u>M zaYS*KssrA^PwQ0QI&K2mamPvjbGa>Ku6=z6jAL*9?>gK5PkyccD?8j4aH{=4e0c<( zP>jcwn_d?tyjN>mFQe@$$raVmt0%7_;~diK-_6IDvmo9@9o5spVOoBI*DuOXYh}6f ze8H;%ZZ+6{HU9?(9Lax1Jcw^OV(0d+o<9hYsQ=t}uux%y|2f!DU@`drv*Zz@P_3YxJ z#0Q;ceTqR%n!o;8Ux0=pTC85#=l2gm*Q7~bxz z9F?Wv{lPyEGagP1rPACZG-=$0_{|G^b<^L@w_ANoW~bL>X$T84t>2QooW>j$Li2JB zG3**%7=sl*V4f5K>llcr6S;54fb`|f$#eZ#fc~wAxyDQWm`2K;h?7pmi)dT2@nclYx*3w+q7U0+YeimT=mY224Q=~^% zbbX(0kO+9p@?z4Ed7=PXxN$Gj(Cfs1mEoPtv25O*JCs?hw|Mz4U*HLE z@dg!kX^K^uU&w)DuneLanUL=eNWaTX;+tp@_}rHfA6JvXypRY}PxO{(9ZivCbqSQo zRx*}khRn2id&0kno3ZlW_X(jzV+QSTLIvCd*1VX z-UEgvV2*$M-F({gYL7M-0G(d!j^HQJ27FDj#!rBIJ712eU+uW!LQ$JD@v}g5s+&2A zW<|>IAN}&#KlV?NqRJa$C&%KM+YBiW_eV5^>5A1RGKi^aKhPh|u~pdco6TZ^LgyqQ zS}DSy_yJXX5qNX}`{ZXFd$~Ip-`AX`WxVz~-w|z#=A{@kiCA-T3`nO&N6#un1)W$z znrHbu(7blMdI7^6DsxJo{F1D$*F`V*C|AdLKbK2HE!vhzK6)7cjz1LR2~^~D2qW{8 zn^$-!b~`nhGjqWa#;N51kEigluT+s#XDP7?e%oTFJLd5E(6>ykVdKL0bVK->|_Y1?Dutbyxpb7 z@RcypdM#sJdpiu>4=K2}X7F%?(>nX<&X~--no(FoW2ExFxY8;fsg}v2Xs0m*id6d& zR6A4(2S(Kh2kcyB`ATW{;u)eEUCdF79yK!3QM-zi*5n6?fJEe*nu&D-t8;HI&6@pn z(R|DI`6?@c9oQ?MfWM7zcd4Ocpoi6Dku~LeT7E`d^q9gxVl8M?Rqf247OIQJ$hMeT z$aR@wHjj0QfpMFGft+&K_63`6g8`6G{MClG(-2%6t5&I9;c<|k*eZRpE;*`mgBx#l4~U${ zFt|#9zX3+O%HRHqvL}4;d1{~K00<|8QGpWZlAk*dla&yIxx-yGHlK5&1P&E47^H{0 z>{@V@H~xTT5h1Q`7d#OM3)NKb&`{kR!ClepeAMS`GMajGw-x2Nlq-g8n^B@ij!S6Y zg9?US|F;g6i42YFU5gs6N0^+zGGRCxXmtkW;2~4`r zz;0lSvhbc?7pzDGhT6?7t0jeblvF}N()QLtH*66DCPS>SDYZAdz_{e_qTDcwNDQM#$HFpQZxE~x zzO?SOaSe#(LnKa zs+nkSrBL0$E9&&Fuv%(8gyOe_-ASd!WPIN|D+Iagj`wQ`DjD#`t&>GC?9?JVI5TR= z&gblvVkzrHRd~=XF$=qM#q~(Vc3~Cir3B5B= zYVBPn#*r|_1_yt#0so7;#&g2Z02P}%@A%&^WT(^R6x=CYsbA+HZi)J?-(Z%)HA77LUY`16*mW3b+jO z{W5tyT^{RBbF?v7O0FT7ldr+;ycl)n?v)_H^hH!h97< zRt<`^wHEt2c4Sn-T@-(6dDhDQ?|wJUiNR+|v|fl^2dTgFXmhn>ngyYC&E3aXtQ1U4 za(!@K2}_Q)#Z^XtDpQ-0+scIi@w;&sH{<;nYZ7@-v5hXB5QjbAgNdg8A?A0?5b(npU)V z4y1v5{sm-v{v!L{1;7J;{Ww-qMpJ|1AVrcE&{oa-e6#Gj;D+Sq2PycDE4sJ+A|?NI zJp^4~zRd^NfPMnkbWCWBq_7`9P`_%~LzB>~xn9@-!T)%xup+0^6;nsG1-M^DyuL~6 zHyxEX7ylgR+6o7jlMGOKpXlP*h#=rHXl_Q<1r^%>{x`}XI4jT^X@Pq<{L^tLRi+w% z`?u}u5O|$;;*X($ySG8j1a2Ni_tI7>ZHLF*8TeooV%rmGRp2|Dm0j{W4`PDJCtZra z{+5jZ>e&gfCv9{-XbZ&zu2oYhAxxjHW_q5wgNGig0#MJSov6blvh|D@G^+{Ha;ovV zkjlT43FkOfBq{H+g>2)nv2;P7|La6AXzB`99ODWC*ZTjX;0UT374k z5asM}0sRJUz<^tsoSYy0IsJpoekgX2Dv4+}rwC$qa%61cF0G5jaKURT&Oh=5gGon= z3f=rl@pm56j0+E6+!+fjqIxC-O~SR3UKLY;o^^qt>E5e^)qc16BQl_?rB|+e;Avoc z)8P&!yUB+5 zP$_1R&IdKR5U8;rm$r@aGkqBKh|y8wZ6`}3gt9@t5#63_CE#BXb0fyTD2( z!YoT)uK@#h?TTb1`6jPAcZ5&j;7JD3njR5!zGZKqvUzDwoO=u+D|B%D2UdaLJWlI{ zXb6)^&Lm(r;T58;A20vI+AXaq12pEj%XB9|3K(Mmq%ggGaZoo{Xn@8+g6-@)&Z3jj5+Y;V5xC zq(rdyc7`UV?=_O1Nu#=V%x$vjmj`zY7~zNS@qblpl`ce=4Qz}buUkwflEJxR*o9J$ z@M}?Y1}n7!UwXI+ZJ{`@47PdI3=ENr2Tpeu?Je*eaMI7y z=IeG!sbWq_o)Q-u78|Wir@3T$ws1Z*Ao2W39$d$%9ni(*GoG63R`PYkhYW9F&r?6ck2TQ3Rp{0ijrCoHg>DahM z@_jB^0bqO!3p&Nj4TZim%TTQmQ_w8)vmbP&3lSkFzp`z!6uXx8Dvf0MVKko^GmV2v zT^{;@-fI5XPyup4Uv7RWHz*{VE1QA9E}T&8Q`>%D7h_t*z}RVHAp3V_rEMZGR#1%E z=Lz?J8abW3XU+bTksP}?^}&M&m##pUl$ljwJDZv^CkWPTSZkml9132%Odjb+9Y3n_`pTMr!c=U^$# zjXyf?P~AZ+|5zFp-JaRm=)vVn3^_iVfT^Af{@Ij0Bwl4An}bCGFQx1$ zLv7KwKBuaH18Q|hG9I#}`-h|7aC;245 z6tM<<=N3cfb}aMU4vk>+N>9MAudYBaF;Wb+9RBWUOqPgcdi~>gBocRpBRH)q5~DMe zZs5fIi)p>>Zs8zUmA#J zI^E-JH<2EF;FfCD$A6==(&vsHZCOdBXwNVv32Y%R`_)ckV!;pC8@Zfhm;K3;KyO~(P)?9mi;1eVa}YwyYwyZF zDGccFDvO8IJ}Cnv>=Q~)N;fPs-OhhJ?*Dh&J${1DA;ni|9VzHN}V4w5NHVUJrMBmh0%}>yv2i=&I-KtG{D>*`u}VvS;QAm6R(#;)V++d@oA|sj5VkcW{R#d2#PQq$^5isvdoWKuMtu! z8gfv@J-LiRfOBdT6&>1M=s0kCYqzI=6GIGjh~|^EN7GB9xEKAUgR#pU7#=75j(X}F zDBsoU!u0l2R$(G)li-sHV#>ET=!@_FsU#zGU{FY93A|5U^UP~clOTFhHn2mIL2u~_ z#eqWngRm9iL8(Z2!9wZ;PsxM(h^AQSU*V5hCRHjgqFiinfkQ$l;_m50k>0js+%mlN zz*4LI1J($hLbj(dI-oWE!_JBwE^EUZk{Su((xd%eNg-;#^Y;Y|84L_FP1~EWWJ^i- z%PJUEMH^iBC^Gm9pdzag@zB|Y6u~eoxqyHdFZO?*`qv8OBl(=f%=Vcjx|`p_95hcO6zY*BQ#0} z^1&X@KzDWDj+=10vLy@S@ha=ZsyYnWQ=dW;>q$hS%R25XW#{lG%Bnby)E_Pv)WuJb z`byH7or5@WRO{li)t{pHj+26;#~}%HAB>?=EM(qUV@}4|Feb^;@xcDL?4T!llz97h zz~Ox_7mQiM7bMxm4b`UNQ=|_vURH@R>ad>`HHrI-j{kuXhrH_D2N|AC*nQvysg-H# znRY9^@bdG*+SQOAP5NcsGVO#?Cn4u$#azb48K>b-xtoJ;n?XZH2x?%o>Mg%J|4>Hd{u$Ixs|fDXIrOnkDzl@yxbD_Su1#2+bYeRE0opI0 z=2yd9hI&^%q9&qW`RFhj+8w#k`otzpjA~E)Rtg~*%@vCHjj$h@*~nT@S#G)I5KH;} z;KN&`yNNSOaX%>5`Vj9w5x<8u;f!z~@xzAA$*zrbH2Y8rszcMZII99aQBK%-^Qb9s zp=97Jv~54yAn=R8zxx?Bb>@ftjgl4eqL-q+JeOU^jCqxrM)?70p$v=bJFNvo%n>&ZlpmI9h&BnBos>Kh;rwbkcgihJR5!}n5{Rp^IKh|YO-9usB{NLJFx9GHY7*%YJyUiGM4<(H5?kLCywjd{HCpeE|k?tj+DZg5BhIq--JT0QG-BO($>i*5M7zMeun*jukaPa_N5>5Yv;9&FhZXQm{5R8{#J=H-_63)<=&hErsHLC& zpy9$acI40L+S;6EIduD=m_Q_(^>ElcJ6hZ1VZD!wbERVg^r8~CeBhw0Mu?y9pVs>w zfh4IbuhFcl6lvS-H%8LyE8RJ1H%Osl=9fL#-IffZ4^+W&C=`3nd_kd>P-X;EE1H60g|2Ib!c*e6 zvJ_UWx54zhH%}vtf#IjyNeQ_&S&FBBvu(?y(`9D7K-Lj<2BjDuB-J{;SZs0PeU2WH z3i)(EkB{g$DIbsOu}qqHJy%qMup<0HIJrW}fT6JST{7%S7+JY7Yw0I?rQ0~j3P?-& z1Xl89?RcjKgUZes6MmuZcwLj>Vvg1e;&`aKuuj*r(n(lhFz9&P?E9Y| z)J$VxL8TjZ2f0(2u`OtzqK9gqOHq$>NFi)%`wwfvHLv&5hT&>ec&M}_2C;0^cZ7m+ z7y-TL>jC70^_Zhe#5$QyOG9mW&w;{q&q^)LI@JbIffM%XkYvfRO)(x&E-8x>X) zXm#rq_&B<(8K#SYmSaIqb_?zTM4U;T)Avm+Am3pCg;<{X%#VtUA)&asjyd0}Le9(; zTuHWP>G}^{%TYl18#p741D`|AkvKp~cId zUfLa(%&ty3Vn`G|DTiXi_4FisBww4J>`y^fKfd?GodZt65z+zG)?^gNxU_;1Gccz| zth{`gwC^R*xS<9Q%0%K`CZml$bUW;7C?IdBmtEuOVFtvFnUiC~Nod*^+mX?vdy|KG z5DxC?7b!*gWI!nrGl-S23$(JbG8F6Q$ez@c`%F~@R6odPb}E@_jLA(SiZ=%sDLTfX zz~_lMu2_()Vs2hn>DjJG2*uW!J7?s@m`A-g<}NP4RC==Z%c4)z?k&mtnb9Owo@3Ua z-wo6KUcBq`lGYYn;roDS+XSz&m*+KJ3I&OX@c!+r+}f$7V+;+r(VSS36Dg|upaq|e z3!c_4&7yS7&lLzSKVb${CAz64C|D7L$osLo0%5FTYA$KHqu#zxs|~OJlq%aTZB(BJ z2S=Wk%;CU#2MTB`!qZ`dlcBF!SP`YB2PIfrNk1bM?@HClK(@%3>Pst*jI(FDPaEQ< zq%-s5>LrR1f0M+@Z&%0Q{F56aZ5jZhx#$Erg<*SeP*(SLu|XzJ)v_w#BAP&2pmIU1 z1TRaQ+FT@?;@a~Xe##^t15NCUF*&&|ws9y? z68t<=#!e6BeuVJTVo`77H<}z!jf47+XNMOhc~c^TFa{n-6pE~|5@NgZaL!a%b744~ zER1HK$KM8U#RDTY>31?^3BL0VNHkIR^zU>8rtAHkHWncOpHy(2pZ&KmpgCUAp>RtU z>)M7$4Ph8Qr0X3M!~P1C4ab^1qxeWnC2pXBrqgU7@`V}iia*8~JfRQ9ZOH95kzjyz zJ#75o;2>%SFmc?FnO5H0H4MpwYJ=ykg2?ByTc}eUP#PooTo}{i2jmy!Vr7Z^kd#=% za}@Vj$*&^f_w1Lti0LPRA9UmcEis&|F#%1kL`P0n7xNmX4(FxZEB!jrm&Qr4OXZyO zJXi1IWL)FFWx{^Rg66}zm-jZpZ4v*b_u)jt4z$3r{3T5YH)bgH#CnMV!Z_BzBHO>* z8YZQP^3i<&yEK`$+Sg*K)Miu8r6S02;~xJwOOl#aK0Jsu%6f*Gu5g|E9G%2{vYqIE z*3jp^aR0wqQU9-{`BG0m0JZ9Z#1(*r*2HDY3EY3#1FKrF)s5-1;(!HxB9jj{M__BJ zJ#lk}oMu48`yfWSBAwg@TBZ8la+*>{S+zwNd?doEN^iC54KtzF{5RPY^`TTZ=AK?V z{y^es_yd#L{wA*W zFF$#2`6@aAsp1b<0%}dvs(ktm>=Q=mAZp5Cv&=& z-esh0isbLTt10S_yAMqN2s}e~3|1=iZSMCwNmMea+hr{KMDNJWB}y-7WuKrd3Vryabrce6!k2H3lu#x7 zZ}+l%%b$SQ0+!GI5b82c{_lx-lLQL#-kS4fPiuCU4nwSJXe?=YP*P00p@qM8jDcej zISZ&Bn6NcU&1{pMfGpaSj-rh9Yc%G3sE++c-6y!89RP~y+{d{0z^XiT!M^&r6jgCD zoynP>L|uuB+oNV$hfip+K-O}Smd*Of1Mw-yJWW>IqnE`7{FvVnx^>V!7(qkqOoQ}K zLJ-A39v)m?nbw2C*1XB7{oidV4Qav44H`_I?XhIGmuXCdkEJ?XcFW7bI+-jci!I}- zCfG=HxlJ60EB_35CRh8V;D>Y*oHmtJIB-Rq#Q&YJIF6ffwi^97z+Bo9_&ZkmY`ABz zv#fpb^rYEg8}QK5b=wF8GWu6j;P$n<1*KV;UY8P4I;ck~V2cNI{Z;Ud zkOlvpgY}#Ur}NPq|GFO}WAkwpNP@_)e-tqX8^vlcU4+Eqewpkk0a&ZSYe33XkHl4@ zZS87SDv&OUK~^CM!sc=MrE=Q#cuCOB-K+el8s|S!9tNC(*Q+@pD0~5>ZbS`^Rl@kS<3qYxR z4aow}3da#J8xe3?{Q(OWF(2UnI0H+Nw~#RMzd^E^y)g4)5ikZ)@;b3&F)`-po-o(dnkPVz6MY`U)am8_26w zkY!-kUu!d4)xVnTe!Dd-Dx30mb3(nJBUPh)T>99}GpU8@arF3h^_cSaxYgg&uy+}$=ZQ|T-Lr4kNde%phY4L6hHi!0^6BiC|||_dJ1)PavW@pLK|C~fbDrGiOKh*c3uat zQ@9TD;$)k^)-EP1`%3+YA>%qJ*Bj_yft{cPvfd^zhfZJpw`P-Pi8dKCGGGqte?lKnuY$$sVHO4Edrp%JBwia}4 z`z%Lg68ZkK_X;=jyx!LbfLp;q7&|x>`z0Vyc>&+^WcoH(5T~Mw*Qw9a!hxdmuf&^% zIaUi{yRkH=_b0Z#mLl+enZW6{GzM&cIg=p8$ZpF6ZzSQ8-Ke5AqL;pB4SJvzS>OZj zu}9Maqf(3k6gWgnqaz3dkKHW#mCeYia9AUgy8jvwJ6S>HyXZmhDYnsd-@(M=14x-A zfD7a$NDrNfBUS6_Qx~2y&<$Fc2iNi5%t-GJ8qxxGz^ftU75%q0fpt+G&^iz&{kr}s z8~8o)+udSa3;;eW7^!+X^?kgvWNm#hQD>8h6H_gv-k4EQS&)O@ty z>3MbVaphy6k(SSSYYIz7&`8ty;DHM7HsO+)#pCDdh~=Bp!Fj&4>Tz!+BN%1=^EMi% zj%BG=Q(ecLLE4>KM=usc>#rwpZP5<%h3(4m-^BBb$SwQ*c`YoNVy5d;Q8yqEp&~hC zv(nF_mHE_90U!*k;8#i#VrcxYutw!rHcNmYgIHwt=R{Og3_3hGW1xB{3IDjkhIpHN zxgLN_iWhH^01QUBOpqPIrWwwvK`;Q91{jXS=;JZB;F|oYSz5q2(_sNh{@h-k{!Wr_ zSbWC(Nvcv*sMf=;7WO$0dH`)npBPO(p5fQa%#W}!@LXk)-84+;2d50Fh73iR`^q5J zq*q_eQO}T%qMCcem3W0c*^@HQ%l){os)Q78a(rM}iG|#4zyCEi;J>ioD_tKiD0Ov) z4`BWTppxtDI5`t9(-{zYUJ}c%ONrCi4!eX)9Q(Brwoy3;U9%56N?f_3^yLsg12vxB9pGThQ-(DPq}x)>kpO+t*Ls9c8Y?$&hX@yDY@PHq|9EO(Wo z^f6)665fly#&R-(+dqpMP>9+;+MnvqF)4rY^s>BOmLzagnLSdaPyQ%)W$f_6;yCc- zms|_?w9p=VmdU@IKq7aq?Ed%U7DL{xm*uu;ypE@0d$q|rP0q4U0&FhjY>nds+-`r1 zeAtM*t#{udOXF}DuLdxUb3I-hh|OhrSalb1=ngHNJ=1&@WFvU1J8#lt@Q`ZiFkv?< z+c+&0Z4c89Gy_e%jX10UG&gxnuoFkb5ljtj9PzG1}VX@d{W!!f`t zHMv(??;`>QWu5r1h*WM6;r+b11(^TY?#i?eWM9cHD$OFf9UL7m%6X83H@+IM5E;0E zXVc)vNj+)1Ud*q*0>JTWk3pwXPMiQT-|6#bY202)>102Gi28EQNRrPmdI1*lPHuM_ z!RV1TPhYm*=S0%06l0M1cqk{+Qk)P}k~pK=b8r2!v0n276OMrm2dRmH!It$Lvol}w zPe!bBrA|pXoFI7K3zo5JU4#u;cbGs>n-&mDAhv1vw7(n~Zo~+lau+OHX08WQB7iN$ zUf3OeNz%(NDOzrtZV!`^otWUhu1tSKY$Sqlo@jI*Y=9e64VT7CAc3q=tNth%s=R3^ z$!fT17_3;L$}pGs>Q@x^&O_iF&?Kje7fUg#x)WAnG-r9rBxEZXOJ93xd#c1dQ6PLVgG;+GBzO<5uV`_q?l&FkLcKuq3k)sy(b zK9T$$hv}#!`a6@+u6Cc+KlJ&x3YDZi~_2GM2faUI8idqPx&oD-fU~p z(}!)D?rggw?YAlEiz}BQtp(1queRPlqE_fcbZ1{IC~N`WN5lduG)`XV_VEy$JhaI5U+|M`1*O_>pUTcn;tF14|f$>`qwJ z1ypgaA1P*aY}68%W`cvo3&K-xfJa&>${?2=l`Y094?N^>bbcZ(1o)JcFxmS8133#8 zR^{h^R3aVjA6J~v>s0HC%Vd7yIS9=TDU~{cQDsT$K^AX=#4!3@b`!7>&YW5)Wke*D z{n}3OH~Y842Wh=EB|03%*V6?4J?@8w*Wnxhf6$ugk zk`Mfv1#BwPM6F(sh z`p|h;vS{*1G@$4${vJ%50x~cR?CC)02sq2S<+FBE5Gs`BFg!Igzt{JoAHabv~@98fpV^$8854~zO;E}mXX zts-LB9)_3VTPZr}n3`B+4-&iz#!>zpq8~$?GYy=U?`z{?K@q2jxKS|^e~wG+V5N5i zpc#>sfzIt=A#o+$DH-=6B=H}TBmS)Y5qSNv`_V-i;^1H%{ZXLKRdj!~wK-_(TxoPj zHPPpG!PHzNRf(An=W}ci()%L?q#BRZL+qwqX}*URM$L11|XdxF+~blT_Yokz5J~KZMy{Ff6+d19i(a zxL90$3Q1CYJ9@`4vXx9mbgTBsL=LxG?tP!EV*GEOGuaMr2SBk(Ai`=EJ2KPiEVu1t z`2AUUnr6%D%*SW;{)!tqtmxZ^tlgQD6xXlwEn*KNS~cgnA_xK=4=3v2@+4P9lW&&N z0iQR!Bah;};eJ`*Jbi<_%kJger>%V%p2B-Zrd)PT@X?#_M*e65dC$eymUEB*X0+`w zzoofpXEZhK{+;nzcviE=f`1a`_0}Fz8rSawJhrsLf1kf5s{d6k z?;k^0DRTHXWa_(5Z@TRJcoUo=^pP&2qE_IPiqJuolC^LvL6Z8pmaD&QnI_wC;d3Z` z0=%}0DZjW>Ykp$!3_#A<-TNavJ5uJ<43ZPE|4M>UqeJY72c$s78&VR_%EU&Pb*YnM zvgl|ZXv<`6HxA1=`h0RBW2LQ|YQMMaB-|YG#Be?y&69^Ng%PuMX~i|biWWqHM@jZ+ z4pvn+L{VOKK3&G?#=N#6qz{V*CpS0puM^EX9f3oV zy}u+=1)y7Bp4BSJub^)jtl8GCZHC{GQ8Jd!asM_5j#zsxB`R?pAmH_0RlITgZzOs~ zzGSgh`6V8|3$3k*By`?%$%t7B{we>io1?i-Eg|I;$tmlYtKTr1>W%DIg`87aGk1bl z>eo;05Ln>VYC_pRzu^Aw>YZ)y{}RpqKbG{ z@uHXVZ=I)Zpkct#EVK&9I-0aU*TU~+Y5r|vIuVdd%!q*YSMOuA(ydceLlL!sf#zwFEOXWoab%$%qM+vK2 zPzqks0+5AEU?iObKLt>50XR`}nug*NZO2u^7JIqior9(yMtXEtTtkLW`4aD}C1ZfYm z9at-KIslSc2RJxi(Z7HgENC`CyvzsgV94^u-BbWb2dYc+>$VouD_y_pBs>XqV7FAN z4zg$={Q$K(O{;^tsRCML0bt%0m{v1DLIAvvC7_{zuRG4<_uRYzy$S5*Q$5M!m*2$f z^DuAXX;mb(Wo1D(0mdmM`0u>-ObO>Uud3M=5!0hOnJ3n(a@&WFk^k&~~Lkd@iw zaPc^xVh8YL8^J(Zaszy@-ai%xl;rsHUwa;*fOq{TD8Rq~B?;{Ougp}4+}AJ^aYgMP z4}rcPpxvYKwCRYkVI2aK_K*imJz(nE1qWU*?_ji&%!Bh6hU`ae4ccOuLNe?@J&tB z@O7XvP6L&(YYJd)bMw@Ty`C`GT!CK<1nFvMbYY0dapx9WQAU+N9YzHJng`=2uEC(Re1m zW=2`DXap>#3fKbxT0Bri92^`h03raCk$}tdy|K-oinrdyd2pZ+*alqUw93Eq-mGS@ z7{aLbJz(rFRPV9$;|D~&N;zqYzo*4w%Gz{WJ)FT~W41X&b+Dwt7iiYiUS6Ptqt13M z6T(D&;0}m%3Q@6OBo^HONgag$!SHhebpgAcM390BR|$pASEZa9D_?&T1aRKn=(sEx zi{lc2!iA!3P^EJNr~oa8#U6V=4c7@Y_axq5u)-PH;Q@nYlig2JJcJ z@{te!1q+uV!IBIb0c#}fBakdtJ;7CLGL{}n9FypwjL8d5=GO5+6`nVTfwRo%vRY>F z=8K0jfbFc?n39%e*#VeX!MKCu6LjRoGn}z%-(|+=ezz!sCc})r{eEAN%wR!_2QM?v z4SerdVWLCzr&p-BE!OGGZzJ6nHx@+AT8sSM+mLzVH(WPcQG%K5=4ce=mq4;n^Z~aZ z?xCkpNKTz{2fcexI%M95!>vlgev9p$ok`jhivMDfW!MLHZ=hJ=uP22ok+*piTP>`RFp zMb@O4G)(he&-DHa@8|ROlTW|Q%=3J|_jTRNb={KMQ_dA+k@)U9pv>YoR!zb`Xc6T) z4Ck=|TDH8T{;SBOC*Pcr?dEyWIjLx5C@ad9@t&pq^XG2&uI4>f9lPU!Rdj^+gX@?{ zCam->NdL4*o{m{gF*yc~QeL^|cI}h7`8`8;Ro~&9C70aR= z^p={bzs&hIXu3G_CGr0&f4*bwk+`zSR;0LI?h>)a;lPNi&|qsbqLNc`Eb7dAU8<`x zzh9w-(o({;E^-|8mVb}Ux@1CSitaL3%$GoScL-nHXDK9xT+ z2QP4erw91}F}$CQxp~Oyw2*aP;c;PcZczZ1!2!3oO7urO1BL}$?AD~TU)yF>3@idDTISS?txRd36Z=a zJERS}*@DicZ)J-i(e(h#0H84T7v-a2MbsLN`(imLS*=!lv3Vc*+ox~30;lOS2s3k) zbxdz;E7CdyZ3>p7^y5(k%ndW~#r2vTxCX4H_>9kN^55N99<|t)9oIPZyr}G4I;npF z4UF#?%O_d~uVDoI{gZ0^$Nqb7MNX%6<{y;^e5wKDd*j>uJ9DvLyj^p8k2Z96UbpY; z9$$#9R@tNXgHH?!A^9@&ht3k`-3NTcg6JuA48voNg`%6*uUw zoEfZ`g+qA|F4o=Iw6rwj+Jo<4vaWyl!9y+;GNN4=JjuM~-vCBZFxKy3ZJ9c@ z!C1&QAc~#<==T;4^du4h^!n|}xZ3r%gHUzE;J8r#9fCGbHUMxo3`Nz-8B4!Txs-v| zk{yv7G!khUY0i&6gS3S}DMljYegOZPhwXy2j;(}U zk^MZ{TvY%FvxCD0OuWGUD>`L+EO+;y9?wA0UwbUk>Q}ccrIW1_W#@=ei7ctarG|m# z(%70LV(3?}?b6WHdtJsvHk62WpJHE9`3@HAMin|&sL{lz&~E)XImQRbwGK}$*wr*9 zWt>=mRv1KNy}_UxR@XHg&|-oR|5DdSw`sAA=NEsC+&D+JNakK4Fr> z*bD(c!;aXM+Q1_Z_UQ{R$|ZHhc?A0nI!hz4LNkaW_knFC-`d1O8bfRdMQ6i!5KuQ7 z+)Ev`X@?G{fc`s7V>c?l-e>8w{m>*S ze0M4Nm^*pQp~eiHLY8-;4J?-GFA+4cUHdh7Q>DXXs`oS5VO25K5Da%j&$upnLVHN5 z=I+B$;hQ9lf%0azG?kIy@#C_!C*RlZF z#R|`9C{mT7uQGE|t=V=csT6qEp|{Th6#Qz2lya~`|_owas^QhiTB8< z^F3ZVNI=7y3TgDh1n!6N?_~bYpB6bR_~g}3Ijbji!;IZuGSpdfhveH?uA)v2Zts(4 z?H=UGXqG>SzfjV~Iy*2m6jHdBC1S&vOYaKfro7LO5ZoTq?yAAbY|QgcAO|syrp7-+ z($liaT<4p|v&zJVTj5?m5aTFWR)QtLIbPvgeqTwd4g zy$%88y5Wt&PA{A7k9+`yIR9Uc1QcOn1-yXj=IEuZr9F*N0@J-TwO~57GzC@ud_4@M zRO}$`H#eCe@(HjJHM9-!!UHC|#$dJgEDTVkJcB@x4)P7GA-Z{z-Ga2Og$ckq+)~iW29G z8sr%}b6oA}FrI<_lHhhhg=vs87{3=^t*39rccR+Jy1(QmP~XjpEF~d*E_h|WnOMz6 z?2dpG5KR8I@@ex571Q4QR-jK^V+io&^UDb#TdLbU7&@ zuuT)fK@dAbljXuU+f+O|FnjU}!D2yJjcCy0!jO?%Xf8&J?Wd!5ydMdYpPyg1V3%p! z0j+QE6F?=7JoX%H1a}`rlszzu%@b;NQ-s+(0Y0ccKKoO+xdRcoxv+{3CEp|bJnsNZ z4p`@UFa+)_^b-|4pXzyoB61KijICk^U_1EB9dEN#v-}zXOFQ zf!U`qWdO*$d+a=_n1r6V>k}Mu(zOEbhi{q9qG9$$MzicQu<_bAq6xg9QiL25&fhi` zQ+5w-=e}3nXtkpPhU0`Acwk^4nrar|8KB)kMLdG_6A0i+UC!1q(Q+O^7!zrE5>iEn z!^)%Cib41Vq$F+|xgdD|}09 z99$PGzYEEj1R6)eSg@J!D1b&YBEHNLjvDi_4NV8`)zC#hAAacRGc!;|b>R!?1Am0l zbVHOV(HbQ{0c8rypxY&$bWeMH6U%oX-f^|2<|fi&rI}A|EtNHkTlM2meMRza8)x;@ zd2OZh6DNOKfz6K8g1oSIF>1GefbHiLF8j7}v5l`-Vk#&hT$ovM-K$W|M&+ z^dtZo=%L8gBQw{0vD(;=(1(KgMr_wDFQRHPkI_+?5Z5@r^SnOIUSYBnLuytEOxR3> z^Pn%Uy?F5&w~*ldzAhtey|Y1}ltSHkOW#0`3;v)~x4uCkrd4{z($}Y&qkjY~W0`rI zmFur)VBVu{jix#`#FRYNbM^dUM(xZx9EpT67+jb4Zl;}tZJp!iO|XBpI}V>Qp{B=+THpD^M~dEI)JG{(I-e%pv6 zw`?n6BZS+~+5I?vmD2L!^yyY;>0S_yHSm>Lc_c&c&I5>9orb&-Ji;b zCZQ4MzkN}x--z@x1Ey6S?6cwF)C*>n7Dd#l1!?@_!2@{-{ z-KaZB08D)z_@{Y&fTscH7nx1)qeXIprxHv{SG(}&#( zN|ZXU>WtyMx|G}k8?_JeE~^d|#aEojQOsL1x?jnVI}&@d2Xtd{9`b=f^+#f<%oE@!Ou z6y7)f4#9kHoi6)H*0--)S-z-qN8v#){smt2K^M*8M@C5PO?{{wX2p#cB@ literal 0 HcmV?d00001 From 4efa259125f1ea25089f47d72bc6996ed0924769 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 4 Apr 2017 11:45:29 -0700 Subject: [PATCH 09/10] image of email notif --- ...notifications-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md index 1853b3421a..37f79222e6 100644 --- a/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md @@ -48,7 +48,7 @@ Check that email recipients are able to receive the email notifications by selec Here's an example email notification: -![Image of example email notification]() +![Image of example email notification](images/atp-example-email-notification.png) ## Remove email recipients From 7604d2b7209fc09ddc44f721cf725b520e1fbacb Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 4 Apr 2017 12:39:24 -0700 Subject: [PATCH 10/10] add siem troubleshooting topic --- windows/keep-secure/TOC.md | 1 + ...e-siem-windows-defender-advanced-threat-protection.md | 9 +++++---- ...t-siem-windows-defender-advanced-threat-protection.md | 8 ++++---- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md index e249568df7..a6e97434bf 100644 --- a/windows/keep-secure/TOC.md +++ b/windows/keep-secure/TOC.md @@ -786,6 +786,7 @@ ##### [Configure HP ArcSight to pull alerts](configure-arcsight-windows-defender-advanced-threat-protection.md) ##### [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) ##### [Pull alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) +##### [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md) #### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md) ##### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) ##### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/configure-siem-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-siem-windows-defender-advanced-threat-protection.md index 31ea81e97e..5bd33553ac 100644 --- a/windows/keep-secure/configure-siem-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-siem-windows-defender-advanced-threat-protection.md @@ -34,8 +34,8 @@ To use either of these supported SIEM tools you'll need to: - [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md) - Configure the supported SIEM tool: - - [Configure Splunk to pull alerts](configure-splunk-windows-defender-advanced-threat-protection.md) - - [Configure HP ArcSight to pull alerts](configure-arcsight-windows-defender-advanced-threat-protection.md) + - [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md) + - [Configure HP ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md) For more information on the list of fields exposed in the alerts API see, [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md). @@ -51,7 +51,8 @@ For more information, see [Pull Windows Defender ATP alerts using REST API](pull Topic | Description :---|:--- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)| Learn about enabling the SIEM integration feature in the **Preferences setup** page in the portal so that you can use and generate the required information to configure supported SIEM tools. -[Configure Splunk to pull alerts](configure-splunk-windows-defender-advanced-threat-protection.md)| Learn about installing the REST API Modular Input app and other configuration settings to enable Splunk to pull Windows Defender ATP alerts. -[Configure ArcSight to pull alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)| Learn about installing the HP ArcSight REST FlexConnector package and the files you need to configure ArcSight to pull Windows Defender ATP alerts. +[Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)| Learn about installing the REST API Modular Input app and other configuration settings to enable Splunk to pull Windows Defender ATP alerts. +[Configure ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)| Learn about installing the HP ArcSight REST FlexConnector package and the files you need to configure ArcSight to pull Windows Defender ATP alerts. [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) | Understand what data fields are exposed as part of the alerts API and how they map to the Windows Defender ATP portal. [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) | Use the Client credentials OAuth 2.0 flow to pull alerts from Windows Defender ATP using REST API. +[Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md) | Address issues you might encounter when using the SIEM integration feature. diff --git a/windows/keep-secure/troubleshoot-siem-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-siem-windows-defender-advanced-threat-protection.md index a032c56479..c782fef5df 100644 --- a/windows/keep-secure/troubleshoot-siem-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/troubleshoot-siem-windows-defender-advanced-threat-protection.md @@ -27,7 +27,7 @@ This page provides detailed steps to troubleshoot issues you might encounter. ## Learn how to get a new client secret -If your client secret expires or if you've misplaced the copy provided when you were enabling the custom threat intelligence application, you'll need to get a new secret. +If your client secret expires or if you've misplaced the copy provided when you were enabling the SIEM tool application, you'll need to get a new secret. 1. Login to the [Azure management portal](https://ms.portal.azure.com). @@ -35,7 +35,7 @@ If your client secret expires or if you've misplaced the copy provided when you 3. Select your tenant. -4. Click **Application**, then select your custom threat intelligence application. The application name is **GET FROM SME**. +4. Click **Application**, then select your SIEM tool application. The application name is `https://windowsdefenderatpsiemconnector`. 5. Select **Keys** section, then provide a key description and specify the key validity duration. @@ -46,7 +46,7 @@ If your client secret expires or if you've misplaced the copy provided when you ## Related topics - [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md) -- [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md) -- [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md) +- [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md) +- [Configure ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md) - [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) - [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)