From 0c97749f83762322414b5774fa07b00e1c830ae7 Mon Sep 17 00:00:00 2001 From: Varun Kohli Date: Wed, 8 Oct 2025 14:54:09 +0530 Subject: [PATCH 1/8] GDPR Compliance Solution --- ...ion_GDPR Compliance And Data Security.json | 21 + .../SolutionMetadata.json | 19 + .../GDPRComplianceAndDataSecurity.json | 12795 ++++++++++++++++ 3 files changed, 12835 insertions(+) create mode 100644 Solutions/GDPR Compliance & Data Security/Data/Solution_GDPR Compliance And Data Security.json create mode 100644 Solutions/GDPR Compliance & Data Security/SolutionMetadata.json create mode 100644 Solutions/GDPR Compliance & Data Security/Workbooks/GDPRComplianceAndDataSecurity.json diff --git a/Solutions/GDPR Compliance & Data Security/Data/Solution_GDPR Compliance And Data Security.json b/Solutions/GDPR Compliance & Data Security/Data/Solution_GDPR Compliance And Data Security.json new file mode 100644 index 00000000000..43e17607e73 --- /dev/null +++ b/Solutions/GDPR Compliance & Data Security/Data/Solution_GDPR Compliance And Data Security.json @@ -0,0 +1,21 @@ +{ + "Name": "GDPR Compliance And Data Security", + "Author": "Microsoft - support@microsoft.com", + "Logo": "", + "Description": "This workbook helps you track, visualize and monitor GDPR related requirements across your enterprise. It consolidates data from Defender XDR, Microsoft Purview, Azure SQL Databases, Microsoft 365, UEBA and Entra ID solution.", + "Workbooks": [ + "Workbooks/GDPRComplianceAndDataSecurity.json" + ], + "dependentDomainSolutionIds": [ + "azuresentinel.azure-sentinel-solution-microsoft365defender", + "azuresentinel.azure-sentinel-solution-azurepurview", + "azuresentinel.azure-sentinel-solution-mip", + "azuresentinel.sentinel4sql", + "azuresentinel.azure-sentinel-solution-office365", + "azuresentinel.azure-sentinel-solution-azureactivedirectory" + ], + "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\GDPR Compliance & Data Security\\", + "Version": "3.0.0", + "TemplateSpec": true, + "Metadata": "SolutionMetadata.json" +} \ No newline at end of file diff --git a/Solutions/GDPR Compliance & Data Security/SolutionMetadata.json b/Solutions/GDPR Compliance & Data Security/SolutionMetadata.json new file mode 100644 index 00000000000..b01eff370fa --- /dev/null +++ b/Solutions/GDPR Compliance & Data Security/SolutionMetadata.json @@ -0,0 +1,19 @@ +{ + "publisherId": "azuresentinel", + "offerId": "gdpr-compliance-and-data-security", + "firstPublishDate": "2025-10-08", + "providers": [ + "Microsoft" + ], + "categories": { + "domains": [ + "Compliance" + ] + }, + "support": { + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "tier": "Microsoft", + "link": "https://support.microsoft.com" + } +} \ No newline at end of file diff --git a/Solutions/GDPR Compliance & Data Security/Workbooks/GDPRComplianceAndDataSecurity.json b/Solutions/GDPR Compliance & Data Security/Workbooks/GDPRComplianceAndDataSecurity.json new file mode 100644 index 00000000000..10c071e8d59 --- /dev/null +++ b/Solutions/GDPR Compliance & Data Security/Workbooks/GDPRComplianceAndDataSecurity.json @@ -0,0 +1,12795 @@ +{ + "version": "Notebook/1.0", + "items": [ + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "parameters": [ + { + "version": "KqlParameterItem/1.0", + "name": "DefaultSubscription_Internal", + "type": 1, + "isRequired": true, + "query": "where type =~ 'microsoft.operationalinsights/workspaces'\r\n| take 1\r\n| project subscriptionId", + "crossComponentResources": [ + "value::selected" + ], + "isHiddenWhenLocked": true, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "id": "314d02bf-4691-43fa-af59-d67073c8b8fa" + }, + { + "id": "e6ded9a1-a83c-4762-938d-5bf8ff3d3d38", + "version": "KqlParameterItem/1.0", + "name": "Subscription", + "type": 6, + "isRequired": true, + "query": "summarize by subscriptionId\r\n| project value = strcat(\"/subscriptions/\", subscriptionId), label = subscriptionId, selected = iff(subscriptionId =~ '{DefaultSubscription_Internal}', true, false)", + "typeSettings": { + "showDefault": false + }, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources" + }, + { + "id": "e3225ed0-6210-40a1-b2d0-66e42ffa71d6", + "version": "KqlParameterItem/1.0", + "name": "Workspace", + "type": 5, + "isRequired": true, + "query": "resources\r\n| where type =~ 'microsoft.operationalinsights/workspaces'\r\n| order by name asc\r\n| summarize Selected = makelist(id, 10), All = makelist(id, 1000)\r\n| mvexpand All limit 100\r\n| project value = tostring(All), label = tostring(All), selected = iff(Selected contains All, true, false)", + "crossComponentResources": [ + "{Subscription}" + ], + "typeSettings": { + "showDefault": false + }, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources" + }, + { + "id": "15b2c181-7397-43c1-900a-28e175ae8a6f", + "version": "KqlParameterItem/1.0", + "name": "TimeRange", + "type": 4, + "isRequired": true, + "typeSettings": { + "selectableValues": [ + { + "durationMs": 86400000 + }, + { + "durationMs": 172800000 + }, + { + "durationMs": 259200000 + }, + { + "durationMs": 604800000 + }, + { + "durationMs": 1209600000 + }, + { + "durationMs": 2592000000 + }, + { + "durationMs": 5184000000 + }, + { + "durationMs": 7776000000 + } + ], + "allowCustom": true + }, + "value": { + "durationMs": 1209600000 + } + } + ], + "style": "pills", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "name": "Parameter Selectors" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "# [GDPR Compliance & Data Security Workbook for Microsoft Sentinel](https://learn.microsoft.com/en-us/compliance/regulatory/gdpr)\n---\n\nWelcome to the **GDPR(General Data Protection Regulation) Compliance & Data Security Workbook for Microsoft Sentinel**. \nThis workbook helps you **track, visualize and monitor GDPR related requirements** across your enterprise. \nIt consolidates data from **Defender XDR, Microsoft Purview, Azure SQL Databases, Microsoft 365, UEBA and Entra ID solution.**\n\nUse this workbook to:\n- 🔍 Monitor **GDPR and data-theft related alerts and incidents** across Microsoft Defender XDR \n- 🗂 Gain visibility into **data classification and sensitivity labeling coverage** with Microsoft Purview\n- 🗄 Detect **sensitive data queries, anomalous database activity, and unusual access patterns** in Azure SQL Databases\n- ⚠ Investigate **identity risks, anomalous sign-ins, and insider behaviors** with Entra ID and UEBA \n- 📝 Provide **clear audit evidence and compliance reports** across Microsoft 365 and related services" + }, + "name": "text - 2" + } + ] + }, + "customWidth": "78", + "name": "group - 5" + }, + { + "type": 1, + "content": { + "json": "![Image Name](https://azure.microsoft.com/svghandler/azure-sentinel?width=600&height=315) " + }, + "customWidth": "21", + "name": "Microsoft Sentinel Logo" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "parameters": [ + { + "id": "ac6f7462-59ff-4d82-86b0-0a6eccc35a51", + "version": "KqlParameterItem/1.0", + "name": "UserPrincipalName", + "label": "🔀 User Selector", + "type": 2, + "description": "This filter applies to metrics derived from Microsoft 365, UEBA, and Entra ID data sources.", + "isRequired": true, + "multiSelect": true, + "quote": "'", + "delimiter": ",", + "query": "SigninLogs\r\n| summarize by UserPrincipalName ", + "typeSettings": { + "additionalResourceOptions": [ + "value::all" + ], + "showDefault": false + }, + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "value": [ + "value::all" + ] + } + ], + "style": "pills", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "name": "User Selector Parameter - Copy" + }, + { + "type": 1, + "content": { + "json": "✅ **How to use this workbook** \r\n\r\nSelect one or more checkboxes below to display the GDPR relevant metrics for the corresponding source (e.g., Security Alerts, Purview, SQL, Microsoft 365).\r\n" + }, + "name": "text - 16" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "{\"version\":\"1.0.0\",\"content\":\"[\\r\\n\\t{ \\\"Data Sources\\\": \\\"Getting Started\\\", \\\"tab\\\": \\\"Help\\\" },\\r\\n\\t{ \\\"Data Sources\\\": \\\"Security Alerts and Incidents (6)\\\", \\\"tab\\\": \\\"SecurityAlerts\\\" },\\r\\n\\t{ \\\"Data Sources\\\": \\\"Data Loss Prevention (7)\\\", \\\"tab\\\": \\\"DLP\\\" },\\r\\n\\t{ \\\"Data Sources\\\": \\\"Purview Logs (8)\\\", \\\"tab\\\": \\\"PurviewLogs\\\" },\\r\\n\\t{ \\\"Data Sources\\\": \\\"Azure SQL Databases (9)\\\", \\\"tab\\\":\\\"AzureSQLDatabases\\\"},\\r\\n\\t{ \\\"Data Sources\\\": \\\"Microsoft 365 Activity (20)\\\", \\\"tab\\\": \\\"M365Activity\\\" },\\r\\n\\t{ \\\"Data Sources\\\": \\\"User & Entity Behavior Analytics (12)\\\", \\\"tab\\\": \\\"UEBA\\\" },\\r\\n\\t{ \\\"Data Sources\\\": \\\"Sign-Ins (12)\\\", \\\"tab\\\": \\\"SignIns\\\" },\\r\\n\\t{ \\\"Data Sources\\\": \\\"Audit Logs (5)\\\", \\\"tab\\\": \\\"AuditLogs\\\" }\\r\\n]\",\"transformers\":null}", + "size": 3, + "exportMultipleValues": true, + "exportedParameters": [ + { + "fieldName": "tab", + "parameterName": "tab2" + } + ], + "queryType": 8, + "gridSettings": { + "formatters": [ + { + "columnMatch": "tab", + "formatter": 5 + } + ] + } + }, + "customWidth": "40", + "name": "Control Family ", + "styleSettings": { + "showBorder": true + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "parameters": [ + { + "id": "cbb7a53e-ea3b-44e3-804e-734662e21144", + "version": "KqlParameterItem/1.0", + "name": "isHelpVisible", + "type": 1, + "isHiddenWhenLocked": true, + "criteriaData": [ + { + "criteriaContext": { + "leftOperand": "tab2", + "operator": "contains", + "rightValType": "static", + "rightVal": "Help", + "resultValType": "static", + "resultVal": "true" + } + }, + { + "criteriaContext": { + "operator": "Default", + "rightValType": "param", + "resultValType": "static", + "resultVal": "false" + } + } + ], + "timeContext": { + "durationMs": 86400000 + } + }, + { + "version": "KqlParameterItem/1.0", + "name": "isSecurityAlertsVisible", + "type": 1, + "isHiddenWhenLocked": true, + "criteriaData": [ + { + "criteriaContext": { + "leftOperand": "tab2", + "operator": "contains", + "rightValType": "static", + "rightVal": "SecurityAlerts", + "resultValType": "static", + "resultVal": "true" + } + }, + { + "criteriaContext": { + "operator": "Default", + "rightValType": "param", + "resultValType": "static", + "resultVal": "false" + } + } + ], + "timeContext": { + "durationMs": 86400000 + }, + "id": "9ade41e9-0382-49a7-847a-472bfb7e284b" + }, + { + "id": "17988544-c3d6-46c0-9645-2d1ce07d8655", + "version": "KqlParameterItem/1.0", + "name": "isDLPVisible", + "type": 1, + "isHiddenWhenLocked": true, + "criteriaData": [ + { + "criteriaContext": { + "leftOperand": "tab2", + "operator": "contains", + "rightValType": "static", + "rightVal": "DLP", + "resultValType": "static", + "resultVal": "true" + } + }, + { + "criteriaContext": { + "operator": "Default", + "resultValType": "static", + "resultVal": "false" + } + } + ], + "timeContext": { + "durationMs": 86400000 + } + }, + { + "id": "0299a507-8d53-4e80-bc8c-e3aa12522bab", + "version": "KqlParameterItem/1.0", + "name": "isPurviewLogsVisible", + "type": 1, + "isHiddenWhenLocked": true, + "criteriaData": [ + { + "criteriaContext": { + "leftOperand": "tab2", + "operator": "contains", + "rightValType": "static", + "rightVal": "PurviewLogs", + "resultValType": "static", + "resultVal": "true" + } + }, + { + "criteriaContext": { + "operator": "Default", + "resultValType": "static", + "resultVal": "false" + } + } + ] + }, + { + "id": "553d4aff-e76d-418b-9edf-7fdcdacb6e0f", + "version": "KqlParameterItem/1.0", + "name": "isAzureSQLDatabasesVisible", + "type": 1, + "isHiddenWhenLocked": true, + "criteriaData": [ + { + "criteriaContext": { + "leftOperand": "tab2", + "operator": "contains", + "rightValType": "static", + "rightVal": "AzureSQLDatabases", + "resultValType": "static", + "resultVal": "true" + } + }, + { + "criteriaContext": { + "operator": "Default", + "resultValType": "static", + "resultVal": "false" + } + } + ], + "timeContext": { + "durationMs": 86400000 + } + }, + { + "id": "f145d46a-1e01-49ff-99e7-87f6059ed960", + "version": "KqlParameterItem/1.0", + "name": "isM365ActivityVisible", + "type": 1, + "isHiddenWhenLocked": true, + "criteriaData": [ + { + "criteriaContext": { + "leftOperand": "tab2", + "operator": "contains", + "rightValType": "static", + "rightVal": "M365Activity", + "resultValType": "static", + "resultVal": "true" + } + }, + { + "criteriaContext": { + "operator": "Default", + "resultValType": "static", + "resultVal": "false" + } + } + ] + }, + { + "version": "KqlParameterItem/1.0", + "name": "isUEBAVisible", + "type": 1, + "isHiddenWhenLocked": true, + "criteriaData": [ + { + "criteriaContext": { + "leftOperand": "tab2", + "operator": "contains", + "rightValType": "static", + "rightVal": "UEBA", + "resultValType": "static", + "resultVal": "true" + } + }, + { + "criteriaContext": { + "operator": "Default", + "rightValType": "param", + "resultValType": "static", + "resultVal": "false" + } + } + ], + "timeContext": { + "durationMs": 86400000 + }, + "id": "70014e2e-d25a-4cca-b78d-b6063795d138" + }, + { + "id": "14403a6f-fb83-492a-bea3-941048e30bb7", + "version": "KqlParameterItem/1.0", + "name": "isSignInsVisible", + "type": 1, + "isHiddenWhenLocked": true, + "criteriaData": [ + { + "criteriaContext": { + "leftOperand": "tab2", + "operator": "contains", + "rightValType": "static", + "rightVal": "SignIns", + "resultValType": "static", + "resultVal": "true" + } + }, + { + "criteriaContext": { + "operator": "Default", + "resultValType": "static", + "resultVal": "false" + } + } + ] + }, + { + "id": "af09b9c4-3218-40de-8a1f-26f4a1c38a19", + "version": "KqlParameterItem/1.0", + "name": "isAuditLogsVisible", + "type": 1, + "isHiddenWhenLocked": true, + "criteriaData": [ + { + "criteriaContext": { + "leftOperand": "tab2", + "operator": "contains", + "rightValType": "static", + "rightVal": "AuditLogs", + "resultValType": "static", + "resultVal": "true" + } + }, + { + "criteriaContext": { + "operator": "Default", + "resultValType": "static", + "resultVal": "false" + } + } + ] + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "10", + "name": "Hidden Parameters Selectors" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "## 📂 Workbook Structure\r\n\r\nThis workbook is organized into the following sections:\r\n\r\n| Section | Description |\r\n|---------|-------------|\r\n| 🚨 **Security Alerts & Incidents** | Investigate security Alerts & incidents from hosts and resources hosting personal data. |\r\n| 🛡 **Data Loss Prevention (DLP)** | Monitor sensitive data access, leaks, and geolocation-based usage. |\r\n| 🔍 **Purview Logs** | Discover and classify assets, monitor sensitivity labeling, and track data governance. |\r\n| 🗄 **Azure SQL Databases** | Detect anomalies and monitor classified data queries. |\r\n| 📂 **Microsoft 365 Activity** | Monitor sensitive document/email activity. |\r\n| 📊 **UEBA** | Analyze anomalous user & entity behaviors. |\r\n| 👤 **Sign-Ins (Entra ID)** | Track risky sign-ins and monitor identity compliance. |\r\n| 📝 **Audit Logs** | Provide accountability and traceability of administrative activities. |\r\n" + }, + "customWidth": "40", + "name": "text - 2" + }, + { + "type": 1, + "content": { + "json": "" + }, + "customWidth": "10", + "name": "text - 12" + }, + { + "type": 1, + "content": { + "json": "## 🔗 Data Sources & Permissions\r\n\r\nEnsure the following data connectors are enabled and ingested into Microsoft Sentinel:\r\n\r\n### 📂 Data Governance\r\n- ✅ **Microsoft Purview** (data classification & sensitivity logs. PurviewDataSensitivityLogs table) \r\n- ✅ **Microsoft Purview Information Protection** (DLP, labels, document access. MicrosoftPurviewInformationProtection table) \r\n- ✅ **Azure SQL Databases** (classification & anomaly scores. AzureDiagnostics table)\r\n\r\n\r\n### 👤 Identity & Access\r\n- ✅ **Microsoft Entra ID** (Sign-ins. SigninLogs table) \r\n- ✅ **BehaviorAnalytics** (UEBA. BehaviorAnalytics table) \r\n\r\n### 🛡 Security Monitoring\r\n- ✅ **Microsoft 365** (Microsoft 365 activity. OfficeActivity table) \r\n- ✅ **SecurityAlert / SecurityIncident** (Microsoft Defender XDR. SecurityAlert and SecurityIncident tables) \r\n- ✅ **AuditLogs** (Entra ID administrative traceability. AuditLogs table) \r\n\r\n📘 [How to configure data connectors in Microsoft Sentinel](https://learn.microsoft.com/azure/sentinel/connect-data-sources)\r\n" + }, + "customWidth": "40", + "name": "text - 3" + }, + { + "type": 1, + "content": { + "json": "---\r\n\r\n### 1. Security Alerts and Incidents\r\n\r\nFrom the Azure portal, install the **[Microsoft Defender XDR](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/dontDiscardJourney~/true/id/azuresentinel.azure-sentinel-solution-microsoft365defender)** solution via **Content Hub**. \r\nThen, enable the **Microsoft Defender XDR** data connector to stream security alerts and incidents from Defender products into Microsoft Sentinel. \r\nThese records populate the **`SecurityAlert`** and **`SecurityIncident`** tables. \r\n\r\n⚠️ **Important:** \r\nAll workbook metrics in this section use a **watchlist** to filter only alerts and incidents involving servers that host **personal data**. \r\nYou must configure this watchlist in Sentinel and populate it with the names of your personal data hosting servers.\r\n\r\n#### 📂 Sample Watchlist (GDPR_PersonalData_Assets)\r\n\r\n| HostName |\r\n|------------------------|\r\n| server1 |\r\n| server2 |\r\n| server3 |\r\n| server4 |\r\n\r\n1. Save the watchlist as a CSV or TXT file. \r\n2. In Sentinel → **Configuration > Watchlists**, create a new watchlist (e.g., `GDPR_PersonalData_Assets`). \r\n3. Upload the file and confirm `HostName` is recognized as the search key.\r\n\r\nThis allows you to: \r\n- Focus alerts and incidents on GDPR-relevant systems \r\n- Monitor attack tactics and timelines against personal data servers \r\n- Provide auditors with clear evidence of incident detection and response for regulated data \r\n\r\nAll **Security Alerts & Incidents** visuals in this workbook will only display events related to servers listed in this watchlist.\r\n\r\n📘 [Setup guide – Microsoft Defender XDR connector](https://learn.microsoft.com/azure/sentinel/connect-microsoft-365-defender) \r\n📘 [How to create and use watchlists](https://learn.microsoft.com/azure/sentinel/watchlists)\r\n" + }, + "customWidth": "40", + "name": "text - 6" + }, + { + "type": 1, + "content": { + "json": "" + }, + "customWidth": "10", + "name": "text - 5" + }, + { + "type": 1, + "content": { + "json": "---\r\n\r\n### 2. Data Loss Prevention (Microsoft Purview Information Protection)\r\nFrom the Azure portal, install the **[Microsoft Purview Information Protection](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/dontDiscardJourney~/true/id/azuresentinel.azure-sentinel-solution-mip)** solution via **Content Hub**. \r\nThen, enable the **Microsoft Purview Information Protection** data connector to ingest **sensitivity labeling and protection events** into the **`MicrosoftPurviewInformationProtection`** table. \r\nWith this configuration, you can: \r\n- Track **sensitivity label adoption and usage trends** \r\n- Monitor **labeled/protected documents and emails** across Microsoft 365 \r\n- Detect **label changes, downgrades, and policy enforcement outcomes** \r\n- Provide auditors with **evidence of applied protections on personal and sensitive data** \r\n\r\n📘 [Setup guide – Microsoft Purview Information Protection connector](https://learn.microsoft.com/azure/sentinel/connect-microsoft-purview)\r\n\r\n---" + }, + "customWidth": "40", + "name": "text - 4" + }, + { + "type": 1, + "content": { + "json": "---\r\n\r\n### 3. Microsoft Purview (Data Classification & Sensitivity Logs)\r\nFrom the Azure portal, install the **[Microsoft Purview](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/dontDiscardJourney~/true/id/azuresentinel.azure-sentinel-solution-azurepurview)** solution via **Content Hub**. \r\nThen, configure the **Microsoft Purview** data connector to stream **Data Classification and Sensitivity scan events** into the **`PurviewDataSensitivityLogs`** table. \r\n\r\nWith this configuration, you can: \r\n- Discover **where personal and sensitive data resides** across your cloud resources \r\n- Monitor **assets with classifications and sensitivity labels** over time \r\n- Track **data types and categories** detected by Purview scans \r\n- Provide auditors with **an inventory of sensitive data processing** \r\n\r\n📘 [Setup guide – Microsoft Purview solution](https://learn.microsoft.com/azure/sentinel/purview-solution)\r\n\r\n---" + }, + "customWidth": "40", + "name": "text - 3" + }, + { + "type": 1, + "content": { + "json": "" + }, + "customWidth": "10", + "name": "text - 10" + }, + { + "type": 1, + "content": { + "json": "\r\n### 4. Azure SQL Databases\r\nFrom the Azure portal, install the **[Azure SQL Database](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/dontDiscardJourney~/true/id/sentinel4sql.sentinel4sql)** solution via **Content Hub**. \r\nThen, connect the **Azure SQL Databases** data connector to stream **audit and diagnostic logs** into Microsoft Sentinel. \r\nThese logs populate the **`AzureDiagnostics`** table (and SQL-specific audit tables if enabled). \r\n\r\nWith this configuration, you can: \r\n- Monitor **sensitive queries by label, information type, and principal** \r\n- Detect **anomalous activity and anomaly scores** across databases \r\n- Track **application and IP access to classified data** \r\n- Provide auditors with **evidence of monitoring structured personal data in SQL systems** \r\n\r\n📘 [Setup guide – Configure Azure SQL logging to Sentinel](https://learn.microsoft.com/azure/azure-sql/database/metrics-diagnostic-telemetry-logging-streaming-export-configure?view=azuresql&tabs=azure-portal)\r\n\r\n---" + }, + "customWidth": "40", + "name": "text - 8" + }, + { + "type": 1, + "content": { + "json": "### 5. Microsoft 365 Activity\r\n\r\nFrom the Azure portal, install the **[Microsoft 365](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/dontDiscardJourney~/true/id/azuresentinel.azure-sentinel-solution-office365)** solution via **Content Hub**. \r\nThen, enable the **Microsoft 365 (formerly Office 365)** data connector to stream **unified audit logs** into Microsoft Sentinel. \r\nThese logs populate the **`OfficeActivity`** table. \r\n\r\nWith this configuration, you can: \r\n- Monitor **user and administrator activity** across Exchange, SharePoint, OneDrive, and Teams \r\n- Detect **risky file sharing, mailbox access by non-owners, and suspicious admin operations** \r\n- Identify **unusual Teams or SharePoint activity** (e.g., mass deletions, uploads from unseen devices) \r\n- Provide auditors with a **comprehensive audit trail of data activity** in Microsoft 365 services\r\n\r\n---" + }, + "customWidth": "40", + "name": "text - 9" + }, + { + "type": 1, + "content": { + "json": "" + }, + "customWidth": "10", + "name": "text - 10" + }, + { + "type": 1, + "content": { + "json": "### 6. User & Entity Behavior Analytics (UEBA)\r\n\r\nFrom the Azure portal, enable **User and Entity Behavior Analytics (UEBA)** in Microsoft Sentinel settings. \r\nUEBA builds baselines of user and entity activities and writes enriched risk insights into the **`BehaviorAnalytics`** table.\r\n\r\nThis enables you to: \r\n- Detect anomalous behaviors across users and entities \r\n- Correlate activities across multiple data sources \r\n- Identify potential insider threats and compromised accounts \r\n\r\n📘 [Setup guide](https://learn.microsoft.com/azure/sentinel/enable-entity-behavior-analytics?tabs=azure)\r\n\r\n---" + }, + "customWidth": "40", + "name": "text - 11" + }, + { + "type": 1, + "content": { + "json": "### 7. Sign-ins and Audit (Microsoft Entra ID)\r\n\r\nFrom the Azure portal, install the **[Microsoft Entra ID](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/dontDiscardJourney~/true/id/azuresentinel.azure-sentinel-solution-azureactivedirectory)** solution via **Content Hub**. \r\nThen, enable the **Microsoft Entra ID (Sign-in, Audit Logs)** data connector to stream authentication events into Microsoft Sentinel. \r\n\r\nThese logs populate the **`SigninLogs`** and **`AuditLogs`** table and allow you to: \r\n- Monitor successful vs. failed sign-ins \r\n- Detect risky logins, brute-force attempts, and unusual geolocations \r\n- Investigate access patterns to applications and resources handling personal data\r\n- Monitor changes to users, groups, and applications \r\n- Track administrative actions such as role assignments, policy changes, and resource access grants \r\n- Provide a traceable record of identity-related activities for GDPR accountability \r\n\r\n📘 [Setup guide](https://learn.microsoft.com/azure/sentinel/connect-azure-active-directory)\r\n\r\n---" + }, + "customWidth": "40", + "name": "text - 12" + } + ] + }, + "conditionalVisibility": { + "parameterName": "isHelpVisible", + "comparison": "isEqualTo", + "value": "true" + }, + "name": "Overview Group" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "7afa304d-b448-4d6c-8c54-69e51a7249a9", + "version": "KqlParameterItem/1.0", + "name": "Results113", + "type": 1, + "query": "// Load personal data servers from Sentinel watchlist\r\nlet PersonalDataServers = _GetWatchlist('GDPR_PersonalData_Assets')\r\n | project HostName = tolower(HostName);\r\nSecurityAlert\r\n| mv-expand Entity = todynamic(Entities)\r\n| extend EntityType = tostring(Entity.Type)\r\n| extend HostName = iff(EntityType == \"host\",tolower(tostring(Entity.HostName)), \"\")\r\n| where HostName <> \"\"\r\n// Keep only alerts where HostName is in the watchlist\r\n| join kind=inner (PersonalDataServers) on HostName\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "33", + "name": "Results113", + "styleSettings": { + "maxWidth": "33" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "9b6b6d2b-a6d9-46c6-882d-722c0c9d455f", + "version": "KqlParameterItem/1.0", + "name": "Results114", + "type": 1, + "query": "// Load personal data servers from Sentinel watchlist\r\nlet PersonalDataServers = _GetWatchlist('GDPR_PersonalData_Assets')\r\n| project HostName = tolower(HostName);\r\nSecurityIncident\r\n | summarize hint.strategy = shuffle arg_max(LastModifiedTime, *) by IncidentNumber\r\n | mv-expand AlertIds\r\n | extend AlertId = tostring(AlertIds)\r\n | join kind= innerunique ( \r\n SecurityAlert \r\n )\r\n on $left.AlertId == $right.SystemAlertId\r\n | summarize hint.strategy = shuffle arg_max(TimeGenerated, *), NumberOfUpdates = count() by SystemAlertId\r\n | mv-expand todynamic(Entities)\r\n | where Entities[\"Type\"] =~ \"host\"\r\n | extend HostName = tolower(tostring(Entities.HostName))\r\n | where Entities[\"HostName\"] <> \"\"\r\n // Keep only alerts where HostName is in the watchlist\r\n | join kind=inner (PersonalDataServers) on HostName\r\n | extend Href_ = tostring(parse_json(ExtendedLinks)[0].Href)\r\n | summarize DeviceNames = make_set(HostName,10), arg_max(TimeGenerated, *) by IncidentNumber\r\n | parse IncidentUrl with * '/#asset/Microsoft_Azure_Security_Insights/Incident' IncidentBlade\r\n | distinct Title, Severity, IncidentBlade, tostring(DeviceNames), TimeGenerated, IncidentNumber\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "33", + "name": "Results114" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "572e4329-8e88-4492-972a-86267f66f8a2", + "version": "KqlParameterItem/1.0", + "name": "Results115", + "type": 1, + "query": "// Load personal data servers from Sentinel watchlist\r\nlet PersonalDataServers = _GetWatchlist('GDPR_PersonalData_Assets')\r\n | project HostName = tolower(HostName);\r\nSecurityIncident\r\n | summarize hint.strategy = shuffle arg_max(LastModifiedTime, *) by IncidentNumber\r\n | mv-expand AlertIds\r\n | extend AlertId = tostring(AlertIds)\r\n | join kind= innerunique ( \r\n SecurityAlert \r\n )\r\n on $left.AlertId == $right.SystemAlertId\r\n | summarize hint.strategy = shuffle arg_max(TimeGenerated, *), NumberOfUpdates = count() by SystemAlertId\r\n | extend EntitiesSet = todynamic(Entities)\r\n | mv-expand todynamic(Entities)\r\n | where Entities[\"Type\"] =~ \"host\"\r\n | extend HostName = tolower(tostring(Entities.HostName))\r\n | where Entities[\"HostName\"] <> \"\"\r\n // Keep only alerts where HostName is in the watchlist\r\n | join kind=inner (PersonalDataServers) on HostName\r\n | extend Href_ = tostring(parse_json(ExtendedLinks)[0].Href)\r\n | summarize DeviceNames = make_set(HostName,10), arg_max(TimeGenerated, *) by IncidentNumber\r\n | parse IncidentUrl with * '/#asset/Microsoft_Azure_Security_Insights/Incident' IncidentBlade\r\n | mv-expand todynamic(EntitiesSet)\r\n | extend Name = tostring(tolower(EntitiesSet[\"Name\"])), UPNSuffix = tostring(EntitiesSet[\"UPNSuffix\"])\r\n | extend UPN = iff(Name != \"\" and UPNSuffix != \"\", strcat(Name, \"@\", UPNSuffix), \"\")\r\n | where UPN <> \"\"\r\n | summarize count() by UPN\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "33", + "name": "Results115" + }, + { + "type": 1, + "content": { + "json": "# 🚨 [Security Alerts and Incidents](https://docs.microsoft.com/azure/sentinel/create-incidents-from-alerts)\n---\n\nThis section consolidates security alerts and incidents that may involve systems storing or processing personal data. It supports GDPR obligations for **security of processing (Art. 32)**, **breach notification (Art. 33 & 34)**, and **accountability (Art. 5(2))** by ensuring that organizations can quickly detect, investigate, and respond to threats that impact personal data. \n\nKey objectives of this section: \n- Track **security alerts involving personal data servers** to prioritize investigations of GDPR-relevant risks \n- Monitor **alerts mapped to MITRE ATT&CK® tactics** to understand adversary techniques targeting personal data \n- Review **incident counts and timelines** to measure responsiveness and compliance with breach notification requirements \n- Provide auditors with documented evidence of **security monitoring, incident management, and remediation activities** \n\nBy analyzing these metrics, analysts can ensure that **personal data risks are rapidly identified and addressed**, and that the organization maintains the ability to **demonstrate incident response readiness** in alignment with GDPR." + }, + "customWidth": "40", + "name": "text - 2" + }, + { + "type": 1, + "content": { + "json": "" + }, + "customWidth": "10", + "name": "text - 15" + }, + { + "type": 1, + "content": { + "json": "| Security Alerts And Incidents | | |\r\n|:--| - | - |\r\n| Alerts Over Time for Personal Data Hosting Systems | Alerts Details | Alerts by MITRE ATT&CK® Tactics|\r\n| Security Incidents Over Time for Personal Data Hosting Systems | Security Incidents By Users |Security Incidents Details|\r\n\r\nPanels in this section are dynamically rendered based on the selected Subscription, Workspace, and Time range. Only panels with data are shown.\r\n" + }, + "customWidth": "40", + "name": "SI OV" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "// Load personal data servers from Sentinel watchlist\r\nlet PersonalDataServers = _GetWatchlist('GDPR_PersonalData_Assets')\r\n | project HostName = tolower(HostName);\r\nSecurityAlert\r\n| mv-expand Entity = todynamic(Entities)\r\n| extend EntityType = tostring(Entity.Type)\r\n| extend HostName = iff(EntityType == \"host\",tolower(tostring(Entity.HostName)), \"\")\r\n| where HostName <> \"\"\r\n// Keep only alerts where HostName is in the watchlist\r\n| join kind=inner (PersonalDataServers) on HostName\r\n| extend DeviceName = HostName, AlertId = SystemAlertId\r\n| summarize by AlertId, AlertName, TimeGenerated\r\n| make-series Alerts = count() on TimeGenerated step 1d by AlertName", + "size": 0, + "title": "Alerts Over Time for Personal Data Hosting Systems", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "timechart" + }, + "conditionalVisibility": { + "parameterName": "Results113", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "query - 1" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "// Load personal data servers from Sentinel watchlist\r\nlet PersonalDataServers = _GetWatchlist('GDPR_PersonalData_Assets')\r\n | project HostName = tolower(HostName);\r\nSecurityAlert\r\n| mv-expand Entity = todynamic(Entities)\r\n| extend EntityType = tostring(Entity.Type)\r\n| extend HostName = iff(EntityType == \"host\",tolower(tostring(Entity.HostName)), \"\")\r\n| where HostName <> \"\"\r\n// Keep only alerts where HostName is in the watchlist\r\n| join kind=inner (PersonalDataServers) on HostName\r\n| summarize \r\n AlertName = any(AlertName),\r\n AlertSeverity = any(AlertSeverity),\r\n DeviceNames = make_set(HostName,10),\r\n TimeGenerated = any(TimeGenerated)\r\n by AlertId = SystemAlertId, AlertLink\r\n | project-reorder AlertName, AlertSeverity, AlertLink, DeviceNames, TimeGenerated, AlertId\r\n| order by TimeGenerated desc\r\n| take 100", + "size": 0, + "title": "Alerts Details", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "formatters": [ + { + "columnMatch": "AlertLink", + "formatter": 7, + "formatOptions": { + "linkTarget": "Url", + "linkLabel": "Alert >>" + } + } + ] + } + }, + "conditionalVisibility": { + "parameterName": "Results113", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "query - 2" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "// Load personal data servers from Sentinel watchlist\r\nlet PersonalDataServers = _GetWatchlist('GDPR_PersonalData_Assets')\r\n | project HostName = tolower(HostName);\r\nSecurityAlert\r\n| mv-expand Entity = todynamic(Entities)\r\n| extend EntityType = tostring(Entity.Type)\r\n| extend HostName = iff(EntityType == \"host\",tolower(tostring(Entity.HostName)), \"\")\r\n| where HostName <> \"\"\r\n// Keep only alerts where HostName is in the watchlist\r\n| join kind=inner (PersonalDataServers) on HostName\r\n| summarize by Tactics, SystemAlertId\r\n| summarize Count=count() by Tactics\r\n| sort by Count desc", + "size": 0, + "title": "Alerts by MITRE ATT&CK® Tactics", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "tiles", + "tileSettings": { + "titleContent": { + "columnMatch": "Tactics" + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "yellowOrangeRed" + } + }, + "showBorder": false + } + }, + "conditionalVisibility": { + "parameterName": "Results113", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "query - 3" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "// Load personal data servers from Sentinel watchlist\r\nlet PersonalDataServers = _GetWatchlist('GDPR_PersonalData_Assets')\r\n | project HostName = tolower(HostName);\r\nSecurityIncident\r\n | summarize hint.strategy = shuffle arg_max(LastModifiedTime, *) by IncidentNumber\r\n | mv-expand AlertIds\r\n | extend AlertId = tostring(AlertIds)\r\n | join kind= innerunique ( \r\n SecurityAlert \r\n )\r\n on $left.AlertId == $right.SystemAlertId\r\n | summarize hint.strategy = shuffle arg_max(TimeGenerated, *), NumberOfUpdates = count() by SystemAlertId\r\n | mv-expand todynamic(Entities)\r\n | where Entities[\"Type\"] =~ \"host\"\r\n | extend HostName = tolower(tostring(Entities.HostName))\r\n | where Entities[\"HostName\"] <> \"\"\r\n // Keep only alerts where HostName is in the watchlist\r\n | join kind=inner (PersonalDataServers) on HostName\r\n | extend Href_ = tostring(parse_json(ExtendedLinks)[0].Href)\r\n | summarize DeviceNames = make_set(HostName,10), arg_max(TimeGenerated, *) by IncidentNumber\r\n | parse IncidentUrl with * '/#asset/Microsoft_Azure_Security_Insights/Incident' IncidentBlade\r\n | distinct Title, Severity, IncidentBlade, tostring(DeviceNames), TimeGenerated, IncidentNumber\r\n| make-series count() default=0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step 1d by Title\r\n| render timechart\r\n\r\n\r\n\r\n", + "size": 0, + "showAnalytics": true, + "title": "Security Incidents Over Time for Personal Data Hosting Systems", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "Severity", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "High", + "representation": "redBright", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Medium", + "representation": "orange", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Low", + "representation": "yellow", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "redBright" + } + }, + { + "columnMatch": "city_", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "state_", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark", + "text": "{0}{1}" + } + ] + } + } + ] + }, + "tileSettings": { + "titleContent": { + "columnMatch": "UserPrincipalName", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "count_", + "formatter": 12, + "formatOptions": { + "palette": "redBright" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results114", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results114e", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "// Load personal data servers from Sentinel watchlist\r\nlet PersonalDataServers = _GetWatchlist('GDPR_PersonalData_Assets')\r\n | project HostName = tolower(HostName);\r\nSecurityIncident\r\n | summarize hint.strategy = shuffle arg_max(LastModifiedTime, *) by IncidentNumber\r\n | mv-expand AlertIds\r\n | extend AlertId = tostring(AlertIds)\r\n | join kind= innerunique ( \r\n SecurityAlert \r\n )\r\n on $left.AlertId == $right.SystemAlertId\r\n | summarize hint.strategy = shuffle arg_max(TimeGenerated, *), NumberOfUpdates = count() by SystemAlertId\r\n | extend EntitiesSet = todynamic(Entities)\r\n | mv-expand todynamic(Entities)\r\n | where Entities[\"Type\"] =~ \"host\"\r\n | extend HostName = tolower(tostring(Entities.HostName))\r\n | where Entities[\"HostName\"] <> \"\"\r\n // Keep only alerts where HostName is in the watchlist\r\n | join kind=inner (PersonalDataServers) on HostName\r\n | extend Href_ = tostring(parse_json(ExtendedLinks)[0].Href)\r\n | summarize DeviceNames = make_set(HostName,10), arg_max(TimeGenerated, *) by IncidentNumber\r\n | parse IncidentUrl with * '/#asset/Microsoft_Azure_Security_Insights/Incident' IncidentBlade\r\n | mv-expand todynamic(EntitiesSet)\r\n | extend Name = tostring(tolower(EntitiesSet[\"Name\"])), UPNSuffix = tostring(EntitiesSet[\"UPNSuffix\"])\r\n | extend UPN = iff(Name != \"\" and UPNSuffix != \"\", strcat(Name, \"@\", UPNSuffix), \"\")\r\n | where UPN <> \"\"\r\n | summarize count() by UPN\r\n | render piechart", + "size": 0, + "showAnalytics": true, + "title": "Security Incidents by Users", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UPN", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "Severity", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "High", + "representation": "redBright", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Medium", + "representation": "orange", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Low", + "representation": "yellow", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "AlertName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "3", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "ProductName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "uninitialized", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "yellowOrangeRed" + } + }, + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "city_", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "state_", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true + }, + "sortBy": [], + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results115", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results113h", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "// Load personal data servers from Sentinel watchlist\r\nlet PersonalDataServers = _GetWatchlist('GDPR_PersonalData_Assets')\r\n | project HostName = tolower(HostName);\r\nSecurityIncident\r\n | summarize hint.strategy = shuffle arg_max(LastModifiedTime, *) by IncidentNumber\r\n | mv-expand AlertIds\r\n | extend AlertId = tostring(AlertIds)\r\n | join kind= innerunique ( \r\n SecurityAlert \r\n )\r\n on $left.AlertId == $right.SystemAlertId\r\n | summarize hint.strategy = shuffle arg_max(TimeGenerated, *), NumberOfUpdates = count() by SystemAlertId\r\n | mv-expand todynamic(Entities)\r\n | where Entities[\"Type\"] =~ \"host\"\r\n | extend HostName = tolower(tostring(Entities.HostName))\r\n | where Entities[\"HostName\"] <> \"\"\r\n // Keep only alerts where HostName is in the watchlist\r\n | join kind=inner (PersonalDataServers) on HostName\r\n | extend Href_ = tostring(parse_json(ExtendedLinks)[0].Href)\r\n | summarize DeviceNames = make_set(HostName,10), arg_max(TimeGenerated, *) by IncidentNumber\r\n | parse IncidentUrl with * '/#asset/Microsoft_Azure_Security_Insights/Incident' IncidentBlade\r\n | distinct Title, Severity, IncidentBlade, tostring(DeviceNames), TimeGenerated, IncidentNumber \r\n | sort by TimeGenerated desc\r\n | limit 100", + "size": 0, + "showAnalytics": true, + "title": "Security Incidents Details", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "Title", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Alert", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "Severity", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "High", + "representation": "Sev0", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Medium", + "representation": "Sev1", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Low", + "representation": "Sev2", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "Sev3", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "IncidentBlade", + "formatter": 7, + "formatOptions": { + "linkTarget": "OpenBlade", + "linkLabel": "Incident >>", + "bladeOpenContext": { + "bladeName": "CaseBlade", + "extensionName": "Microsoft_Azure_Security_Insights", + "bladeParameters": [ + { + "name": "id", + "source": "column", + "value": "IncidentBlade" + } + ] + } + } + }, + { + "columnMatch": "UPN", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "ProductName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "uninitialized", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true, + "sortBy": [ + { + "itemKey": "IncidentNumber", + "sortOrder": 2 + } + ] + }, + "sortBy": [ + { + "itemKey": "IncidentNumber", + "sortOrder": 2 + } + ], + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "conditionalVisibility": { + "parameterName": "Results114", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results153" + } + ] + }, + "conditionalVisibility": { + "parameterName": "isSecurityAlertsVisible", + "comparison": "isEqualTo", + "value": "true" + }, + "name": "Security Alerts Group" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "# 🛡 [Data Loss Prevention](https://docs.microsoft.com/microsoft-365/solutions/information-protection-deploy)\n---\n\nThis section helps you monitor and control the **movement of sensitive and personal data**, directly supporting GDPR principles of **data protection by design (Art. 25)** and **security of processing (Art. 32)**. \n\nKey objectives of this section: \n- Track **where sensitive data is accessed** and from which geolocations \n- Detect and investigate **potential leaks or unauthorized transfers** of personal data \n- Measure **label-based access patterns** (sensitivity labels applied through Microsoft Information Protection) \n- Provide evidence of **preventive and detective controls** for GDPR audits \n\nBy monitoring these metrics, you can quickly identify risky behaviors such as **unusual data access locations**, **exfiltration attempts**, or **leak alerts**, and take corrective actions to protect personal data.\n" + }, + "customWidth": "40", + "name": "text - 2" + }, + { + "type": 1, + "content": { + "json": "" + }, + "customWidth": "10", + "name": "text - 12" + }, + { + "type": 1, + "content": { + "json": "| Data Loss Prevention | | |\r\n|:--| - | - |\r\n| Sensitive Label Access by Geolocations | Sensitive Label Access by Geolocation Details | Sensitive Data Alerts over Time|\r\n| Sensitive Data Alert Details | Data Access by Sensitivity Labels Over Time | Data Access by Sensitivity Label |\r\n|Sensitive Data Access Details|\r\n\r\nPanels in this section are dynamically rendered based on the selected Subscription, Workspace, and Time range. Only panels with data are shown. \r\n" + }, + "customWidth": "50", + "name": "text - 13" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "7afa304d-b448-4d6c-8c54-69e51a7249a9", + "version": "KqlParameterItem/1.0", + "name": "Results305", + "type": 1, + "query": "SecurityAlert\r\n | summarize hint.strategy = shuffle arg_max(TimeGenerated, *), NumberOfUpdates = count() by SystemAlertId\r\n | mv-expand todynamic(Entities)\r\n | where Entities[\"Type\"] =~ \"account\"\r\n | extend Name = tostring(tolower(Entities[\"Name\"])), NTDomain = tostring(Entities[\"NTDomain\"]), UPNSuffix = tostring(Entities[\"UPNSuffix\"]), AadUserId = tostring(Entities[\"AadUserId\"]), AadTenantId = tostring(Entities[\"AadTenantId\"]), \r\n Sid = tostring(Entities[\"Sid\"]), IsDomainJoined = tobool(Entities[\"IsDomainJoined\"]), Host = tostring(Entities[\"Host\"])\r\n | extend UPN = iff(Name != \"\" and UPNSuffix != \"\", strcat(Name, \"@\", UPNSuffix), \"\")\r\n| extend Href_ = tostring(parse_json(ExtendedLinks)[0].Href)\r\n| extend UserPrincipalName = UPN\r\n| distinct AlertName, ProductName, Status, AlertLink, UserPrincipalName, Tactics, TimeGenerated\r\n| where AlertName contains \"sensitive\" or AlertName contains \"data\" or AlertName contains \"leak\" or Tactics contains \"exfil\" or AlertName contains \"theft\" or AlertName contains \"steal\" or AlertName contains \"PII\" or AlertName contains \"intellectual\" or AlertName contains \"confidential\" or AlertName contains \"spill\"\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "10", + "name": "Results305", + "styleSettings": { + "maxWidth": "10" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "04a06f0b-7190-4af9-9d04-473d54a3f923", + "version": "KqlParameterItem/1.0", + "name": "Results306", + "type": 1, + "query": "MicrosoftPurviewInformationProtection\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "10", + "name": "Results306", + "styleSettings": { + "maxWidth": "10" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "84d1a90a-923f-4fe1-88a0-b5603f0530b6", + "version": "KqlParameterItem/1.0", + "name": "Results307", + "type": 1, + "query": "MicrosoftPurviewInformationProtection\r\n| extend UserPrincipalName = UserId\r\n| where LabelName <> \"\"\r\n| join (SigninLogs) on UserPrincipalName\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "50", + "name": "Results307" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "MicrosoftPurviewInformationProtection\r\n| extend UserPrincipalName = UserId\r\n| where LabelName <> \"\"\r\n// 🔎 Filter out common or non-critical labels here (example excludes \"General\").\r\n// Update the list inside !in(...) and uncomment below line to exclude labels that are considered low-sensitivity in your org.\r\n// | where LabelName !in (\"General\")\r\n| join (SigninLogs) on UserPrincipalName\r\n| extend City = tostring(LocationDetails.city)\r\n| extend State = tostring(LocationDetails.state)\r\n| extend Country_Region = tostring(LocationDetails.countryOrRegion)\r\n| project Location", + "size": 3, + "showAnalytics": true, + "title": "Sensitive Label Access by Geolocations", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "visualization": "map", + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "warning", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "UncommonActionVolume", + "formatter": 4, + "formatOptions": { + "palette": "redBright" + } + }, + { + "columnMatch": "UncommonAction", + "formatter": 4, + "formatOptions": { + "palette": "green" + } + }, + { + "columnMatch": "FirstTimeUserAction", + "formatter": 4, + "formatOptions": { + "palette": "blue" + } + }, + { + "columnMatch": "FirstTimeDeviceLogon", + "formatter": 4, + "formatOptions": { + "palette": "yellow" + } + }, + { + "columnMatch": "IncidentCount", + "formatter": 8, + "formatOptions": { + "palette": "redBright" + } + }, + { + "columnMatch": "AlertCount", + "formatter": 8, + "formatOptions": { + "palette": "orange" + } + }, + { + "columnMatch": "AnomalyCount", + "formatter": 8, + "formatOptions": { + "palette": "yellow" + } + } + ] + }, + "sortBy": [], + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "latitude_", + "longitude": "longitude_", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "labelSettings": "city_", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "yellow" + } + ] + } + } + }, + "customWidth": "60", + "conditionalVisibility": { + "parameterName": "Results307", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "query - 12" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "MicrosoftPurviewInformationProtection\r\n| extend UserPrincipalName = UserId\r\n| where LabelName <> \"\"\r\n// 🔎 Filter out common or non-critical labels here (example excludes \"General\").\r\n// Update the list inside !in(...) and uncomment below line to exclude labels that are considered low-sensitivity in your org.\r\n// | where LabelName !in (\"General\")\r\n| join (SigninLogs) on UserPrincipalName\r\n| extend City = tostring(LocationDetails.city)\r\n| extend State = tostring(LocationDetails.state)\r\n| extend Country_Region = tostring(LocationDetails.countryOrRegion)\r\n| summarize count() by UserPrincipalName, LabelName, City, State, Country_Region\r\n| sort by count_ desc\r\n| limit 100\r\n", + "size": 0, + "showAnalytics": true, + "title": "Sensitive Label Access by Geolocation Details", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "LabelName_s", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Sev2", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "City", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Globe", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "State", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Globe", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "Country_Region", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Globe", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 4, + "formatOptions": { + "palette": "yellow" + } + }, + { + "columnMatch": "UncommonActionVolume", + "formatter": 4, + "formatOptions": { + "palette": "redBright" + } + }, + { + "columnMatch": "UncommonAction", + "formatter": 4, + "formatOptions": { + "palette": "green" + } + }, + { + "columnMatch": "FirstTimeUserAction", + "formatter": 4, + "formatOptions": { + "palette": "blue" + } + }, + { + "columnMatch": "FirstTimeDeviceLogon", + "formatter": 4, + "formatOptions": { + "palette": "yellow" + } + }, + { + "columnMatch": "IncidentCount", + "formatter": 8, + "formatOptions": { + "palette": "redBright" + } + }, + { + "columnMatch": "AlertCount", + "formatter": 8, + "formatOptions": { + "palette": "orange" + } + }, + { + "columnMatch": "AnomalyCount", + "formatter": 8, + "formatOptions": { + "palette": "yellow" + } + } + ], + "filter": true + }, + "sortBy": [], + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "latitude_", + "longitude": "longitude_", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "labelSettings": "city_", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "turquoise" + } + ] + } + } + }, + "customWidth": "40", + "conditionalVisibility": { + "parameterName": "Results307", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "query - 12" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "SecurityAlert\r\n | summarize hint.strategy = shuffle arg_max(TimeGenerated, *), NumberOfUpdates = count() by SystemAlertId\r\n | mv-expand todynamic(Entities)\r\n | where Entities[\"Type\"] =~ \"account\"\r\n | extend Name = tostring(tolower(Entities[\"Name\"])), NTDomain = tostring(Entities[\"NTDomain\"]), UPNSuffix = tostring(Entities[\"UPNSuffix\"]), AadUserId = tostring(Entities[\"AadUserId\"]), AadTenantId = tostring(Entities[\"AadTenantId\"]), \r\n Sid = tostring(Entities[\"Sid\"]), IsDomainJoined = tobool(Entities[\"IsDomainJoined\"]), Host = tostring(Entities[\"Host\"]), UserPrincipalName = tostring(Entities[\"UserPrincipalName\"])\r\n | extend UPN = coalesce (UserPrincipalName, iff(Name != \"\" and UPNSuffix != \"\", strcat(Name, \"@\", UPNSuffix), \"\"))\r\n| extend Href_ = tostring(parse_json(ExtendedLinks)[0].Href)\r\n| extend UserPrincipalName = UPN\r\n| where UserPrincipalName in ({UserPrincipalName})\r\n| distinct AlertName, ProductName, Status, AlertLink, UserPrincipalName, Tactics, TimeGenerated\r\n| where (AlertName contains \"sensitive\" or AlertName contains \"leak\" or AlertName contains \"theft\" or AlertName contains \"steal\" or AlertName contains \"PII\" or AlertName contains \"intellectual\" or AlertName contains \"confidential\" or AlertName contains \"spill\") or (Tactics contains \"exfil\")\r\n| make-series count() default=0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step 1d by AlertName\r\n| render timechart", + "size": 0, + "title": "Sensitive Data Alerts over Time", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "AlertName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "3", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "Severity", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "High", + "representation": "red", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Medium", + "representation": "orange", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Low", + "representation": "yellow", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "ProductName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "uninitialized", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "AlertLink", + "formatter": 7, + "formatOptions": { + "linkTarget": "Url", + "linkLabel": "Go to Alert >" + } + }, + { + "columnMatch": "UPN", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "2", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "IncidentUrl", + "formatter": 7, + "formatOptions": { + "linkTarget": "Url", + "linkLabel": "Go to Incident >" + }, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "blue" + } + }, + { + "columnMatch": "city_", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "state_", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true + }, + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "conditionalVisibility": { + "parameterName": "Results305", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "305" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "SecurityAlert\r\n | summarize hint.strategy = shuffle arg_max(TimeGenerated, *), NumberOfUpdates = count() by SystemAlertId\r\n | mv-expand todynamic(Entities)\r\n | where Entities[\"Type\"] =~ \"account\"\r\n | extend Name = tostring(tolower(Entities[\"Name\"])), NTDomain = tostring(Entities[\"NTDomain\"]), UPNSuffix = tostring(Entities[\"UPNSuffix\"]), AadUserId = tostring(Entities[\"AadUserId\"]), AadTenantId = tostring(Entities[\"AadTenantId\"]), \r\n Sid = tostring(Entities[\"Sid\"]), IsDomainJoined = tobool(Entities[\"IsDomainJoined\"]), Host = tostring(Entities[\"Host\"]), UserPrincipalName = tostring(Entities[\"UserPrincipalName\"])\r\n | extend UPN = coalesce (UserPrincipalName, iff(Name != \"\" and UPNSuffix != \"\", strcat(Name, \"@\", UPNSuffix), \"\"))\r\n| extend Href_ = tostring(parse_json(ExtendedLinks)[0].Href)\r\n| extend UserPrincipalName = UPN\r\n| where UserPrincipalName in ({UserPrincipalName})\r\n| distinct UserPrincipalName, AlertName, ProductName, Status, AlertLink, Tactics, TimeGenerated\r\n| where (AlertName contains \"sensitive\" or AlertName contains \"leak\" or AlertName contains \"theft\" or AlertName contains \"steal\" or AlertName contains \"PII\" or AlertName contains \"intellectual\" or AlertName contains \"confidential\" or AlertName contains \"spill\") or (Tactics contains \"exfil\")\r\n| sort by TimeGenerated desc\r\n| limit 100", + "size": 0, + "title": "Sensitive Data Alert Details", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "AlertName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "3", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "ProductName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "uninitialized", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "AlertLink", + "formatter": 7, + "formatOptions": { + "linkTarget": "Url", + "linkLabel": "Go to Alert >" + } + }, + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "Severity", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "High", + "representation": "red", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Medium", + "representation": "orange", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Low", + "representation": "yellow", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "UPN", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "2", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "IncidentUrl", + "formatter": 7, + "formatOptions": { + "linkTarget": "Url", + "linkLabel": "Go to Incident >" + }, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "blue" + } + }, + { + "columnMatch": "city_", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "state_", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true + }, + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "conditionalVisibility": { + "parameterName": "Results305", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "305b" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "MicrosoftPurviewInformationProtection\r\n| where LabelName <> \"\"\r\n| extend CommonProperties = parse_json(Common)\r\n| extend ApplicationName = tostring(CommonProperties.ApplicationName)\r\n| make-series count() default=0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step 1d by LabelName, ApplicationName\r\n| render timechart", + "size": 0, + "title": "Data Access by Sensitivity Labels Over Time", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "AlertName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "3", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "Severity", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "High", + "representation": "red", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Medium", + "representation": "orange", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Low", + "representation": "yellow", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "ProductName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "uninitialized", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "AlertLink", + "formatter": 7, + "formatOptions": { + "linkTarget": "Url", + "linkLabel": "Go to Alert >" + } + }, + { + "columnMatch": "UPN", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "2", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "IncidentUrl", + "formatter": 7, + "formatOptions": { + "linkTarget": "Url", + "linkLabel": "Go to Incident >" + }, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "blue" + } + }, + { + "columnMatch": "city_", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "state_", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true + }, + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results306", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "306a" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "MicrosoftPurviewInformationProtection\r\n| where LabelName <> \"\"\r\n// 🔎 Filter out common or non-critical labels here (example excludes \"General\").\r\n// Update the list inside !in(...) and uncomment below line to exclude labels that are considered low-sensitivity in your org.\r\n// | where LabelName !in (\"General\")\r\n| summarize count() by LabelName\r\n| render piechart", + "size": 0, + "title": "Data Access by Sensitivity Label", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "AlertName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "3", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "Severity", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "High", + "representation": "red", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Medium", + "representation": "orange", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Low", + "representation": "yellow", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "ProductName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "uninitialized", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "AlertLink", + "formatter": 7, + "formatOptions": { + "linkTarget": "Url", + "linkLabel": "Go to Alert >" + } + }, + { + "columnMatch": "UPN", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "2", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "IncidentUrl", + "formatter": 7, + "formatOptions": { + "linkTarget": "Url", + "linkLabel": "Go to Incident >" + }, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "blue" + } + }, + { + "columnMatch": "city_", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "state_", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true + }, + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results306", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "306b" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "MicrosoftPurviewInformationProtection\r\n| where LabelName <> \"\"\r\n| extend CommonProperties = parse_json(Common)\r\n| extend ApplicationName = tostring(CommonProperties.ApplicationName)\r\n| extend properties = parse_json(ProtectionEventData)\r\n| extend ProtectionOwner = tostring(properties.ProtectionOwner)\r\n| extend IsProtected = tostring(properties.IsProtected)\r\n| distinct UserId, LabelName, ApplicationName, Operation, IsProtected, Platform, ProtectionOwner, TimeGenerated\r\n| sort by TimeGenerated desc\r\n| limit 100\r\n\r\n", + "size": 0, + "showAnalytics": true, + "title": "Sensitive Data Access Details", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserId_s", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "AlertName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "3", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "Severity", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "High", + "representation": "red", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Medium", + "representation": "orange", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Low", + "representation": "yellow", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "ProductName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "uninitialized", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "AlertLink", + "formatter": 7, + "formatOptions": { + "linkTarget": "Url", + "linkLabel": "Go to Alert >" + } + }, + { + "columnMatch": "UPN", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "2", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "IncidentUrl", + "formatter": 7, + "formatOptions": { + "linkTarget": "Url", + "linkLabel": "Go to Incident >" + }, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "blue" + } + }, + { + "columnMatch": "city_", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "state_", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true + }, + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "conditionalVisibility": { + "parameterName": "Results306", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results306c" + } + ] + }, + "conditionalVisibility": { + "parameterName": "isDLPVisible", + "comparison": "isEqualTo", + "value": "true" + }, + "name": "DLP" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "## 🔍 Purview Logs\r\n\r\nThis section provides visibility into the **classification and labeling of personal and sensitive data** across your Azure and Microsoft 365 environment. It directly supports GDPR principles of **lawfulness, fairness, transparency, and accountability (Art. 5)** as well as requirements for **records of processing activities (Art. 30)** and **data protection by design and by default (Art. 25)**. \r\n\r\nKey objectives of this section: \r\n- Track **classified Azure sources by region** to understand where personal data is stored and processed \r\n- Monitor the **volume and types of classified assets** across different resource types \r\n- Drill down to the **asset and file level** to validate that personal data is discovered and properly classified \r\n- Assess the application of **sensitivity labels** to ensure data is protected according to organizational policy \r\n- Provide auditors with clear evidence of **data inventory and classification coverage** \r\n\r\nBy reviewing these metrics, analysts can verify that **data discovery, classification, and labeling controls** are functioning as required, and quickly spot gaps where sensitive data may not be properly governed.\r\n" + }, + "customWidth": "40", + "name": "text - 12" + }, + { + "type": 1, + "content": { + "json": "" + }, + "customWidth": "10", + "name": "text - 13" + }, + { + "type": 1, + "content": { + "json": "| Purview Logs | | |\r\n|:--| - | - |\r\n| Classified Azure Sources by Region | Total Classified Assets by Resource Type | Select 'Data Source' below to view Assets Drilldown |\r\n| Assets Drilldown | Classifications by Asset Count and File Size |Classifications Drilldown- Asset Level|\r\n|Sensitivity Labels by Asset Count and File Size|Sensitivity Labels Drilldown- Asset Level|\r\n\r\nPanels in this section are dynamically rendered based on the selected Subscription, Workspace, Time range, Purview Account, Source Collectiona and Resource Type. Only panels with data are shown.\r\n" + }, + "customWidth": "40", + "name": "text - 14" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "a5b9cb0c-6219-4782-a10d-1370a8a6edb4", + "version": "KqlParameterItem/1.0", + "name": "PurviewAccount", + "label": "Purview Account", + "type": 2, + "isRequired": true, + "multiSelect": true, + "quote": "'", + "delimiter": ",", + "query": "PurviewDataSensitivityLogs\r\n|distinct PurviewAccountName", + "typeSettings": { + "additionalResourceOptions": [ + "value::all" + ], + "selectAllValue": "All", + "showDefault": false + }, + "timeContext": { + "durationMs": 2592000000 + }, + "defaultValue": "value::all", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + { + "id": "ea62a59c-3799-400d-a7af-f0ad14cc46c7", + "version": "KqlParameterItem/1.0", + "name": "Collection", + "label": "Source Collection", + "type": 2, + "isRequired": true, + "isGlobal": true, + "multiSelect": true, + "quote": "'", + "delimiter": ",", + "query": "PurviewDataSensitivityLogs\r\n| where ActivityType == \"Classification\"\r\n| distinct SourceCollectionName \r\n| extend Collection = iff(SourceCollectionName == \"\",\"No Collection\", SourceCollectionName)\r\n| project Collection", + "crossComponentResources": [ + "{Workspace}" + ], + "typeSettings": { + "additionalResourceOptions": [ + "value::all" + ], + "showDefault": false + }, + "defaultValue": "value::all", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + { + "id": "817265c3-f308-44e0-a24c-33dac7ee2c91", + "version": "KqlParameterItem/1.0", + "name": "DataSource", + "label": "Resource Type", + "type": 2, + "isRequired": true, + "multiSelect": true, + "quote": "", + "delimiter": ",", + "query": "PurviewDataSensitivityLogs\r\n| where ActivityType == \"Classification\"\r\n| distinct SourceType ", + "value": [ + "value::all" + ], + "typeSettings": { + "additionalResourceOptions": [ + "value::all" + ], + "showDefault": false + }, + "timeContext": { + "durationMs": 2592000000 + }, + "defaultValue": "value::all", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "name": "parameters - 0" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "7afa304d-b448-4d6c-8c54-69e51a7249a9", + "version": "KqlParameterItem/1.0", + "name": "Results200", + "type": 1, + "query": "let NumberofSourcesByRegion = PurviewDataSensitivityLogs\r\n| where ActivityType == \"Classification\" \r\n| where SourceType contains \"Azure\"\r\n// GDPR filter: keep only sources with classification or sensitivity label\r\n| where array_length(todynamic(Classification)) > 0 or array_length(todynamic(SensitivityLabel)) > 0\r\n| where \"{PurviewAccount:label}\" == \"All\" or PurviewAccountName in~ (split(\"{PurviewAccount:label}\", \", \"))\r\n| where \"{DataSource:label}\" == \"All\" or SourceType in~ (split(\"{DataSource:label}\", \", \"))\r\n| extend CollectionName = iff(SourceCollectionName == \"\",\"No Collection\",SourceCollectionName)\r\n| where \"{Collection:label}\" == \"All\" or CollectionName in~ (split(\"{Collection:label}\", \", \"));\r\nNumberofSourcesByRegion\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results305" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "34376939-8858-4c9e-b1ff-a89df0cbd3e7", + "version": "KqlParameterItem/1.0", + "name": "Results201", + "type": 1, + "query": "let MostRecentScanLogs = PurviewDataSensitivityLogs\r\n | where ActivityType == \"Classification\" \r\n | where \"{PurviewAccount:label}\" == \"All\" or PurviewAccountName in~ (split(\"{PurviewAccount:label}\", \", \"))\r\n | where SourceType in~ (split(\"{DataSource}\", \",\"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where \"{Collection:label}\" == \"All\" or CollectionName in~ (split(\"{Collection:label}\", \", \"))\r\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType ;\r\nlet AllAssets = MostRecentScanLogs\r\n | summarize AssetCount = count() by SourceType;\r\nlet ClassifiedAssets = MostRecentScanLogs\r\n | where Classification != \"[]\"\r\n | summarize AssetClassifiedCount = count() by SourceType;\r\nlet ClassifiedAssetsByResourceType = AllAssets\r\n | join kind= leftouter ClassifiedAssets on SourceType\r\n | extend AssetCount = strcat(AssetCount, \" assets found in total\")\r\n | project SourceType, AssetCount, AssetClassifiedCount;\r\nClassifiedAssetsByResourceType\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results305 - Copy" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "84a173b6-3660-49aa-8949-729ed6cdbacb", + "version": "KqlParameterItem/1.0", + "name": "Results202", + "type": 1, + "query": "let MostRecentScanLogs = PurviewDataSensitivityLogs\r\n | where ActivityType == \"Classification\"\r\n | where \"{PurviewAccount:label}\" == \"All\" or PurviewAccountName in~ (split(\"{PurviewAccount:label}\", \", \"))\r\n | where SourceType in~ (split(\"{DataSource}\", \",\"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where \"{Collection:label}\" == \"All\" or CollectionName in~ (split(\"{Collection:label}\", \", \"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName) \r\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType ;\r\nlet AllAssets = MostRecentScanLogs\r\n| summarize AssetCount = count() by DataSource = SourcePath, SourceRegion, SourceType;\r\nlet ClassifiedAssets = MostRecentScanLogs\r\n| where Classification != \"[]\"\r\n| summarize AssetClassifiedCount = count() by DataSource = SourcePath, SourceRegion, SourceType;\r\nlet AssetsDrilldown = AllAssets\r\n| join kind= leftouter ClassifiedAssets on DataSource, SourceType\r\n| extend PathName = substring(DataSource, 1)\r\n| extend ClassifiedPercentage = round((100.0 * AssetClassifiedCount / AssetCount),1)\r\n| project DataSource, SourceRegion, SourceType, ClassifiedPercentage, AssetClassifiedCount, AssetCount, PathName;\r\nAssetsDrilldown\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results202" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "5b145cf1-1b6e-41be-8266-b7e3f928bae8", + "version": "KqlParameterItem/1.0", + "name": "Results203", + "type": 1, + "query": "let MostRecentScanLogs = PurviewDataSensitivityLogs\r\n | where \"{PurviewAccount:label}\" == \"All\" or PurviewAccountName in~ (split(\"{PurviewAccount:label}\", \", \"))\r\n | where SourceType in~ (split(\"{DataSource}\", \",\"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where \"{Collection:label}\" == \"All\" or CollectionName in~ (split(\"{Collection:label}\", \", \"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where ActivityType == \"Classification\" \r\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType;\r\nlet Classifications = MostRecentScanLogs\r\n| summarize arg_max(TimeGenerated, Classification, FileSize, AssetType) by AssetPath \r\n| extend classifications = split(Classification, ',')\r\n| mv-expand classifications\r\n| extend Classification = trim(@\"[^\\w]+\", tostring(classifications))\r\n| where Classification != \"\"\r\n| summarize FileSize = round(sum(FileSize)/1000000,2), AssetCount = count() by Classification\r\n| project Classification, AssetCount, FileSize;\r\nClassifications\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results203" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "0d1bdef8-7287-4e24-a185-070cf1179d38", + "version": "KqlParameterItem/1.0", + "name": "Results204", + "type": 1, + "query": "let SensitivityLabels = PurviewDataSensitivityLogs\r\n | where \"{PurviewAccount:label}\" == \"All\" or PurviewAccountName in~ (split(\"{PurviewAccount:label}\", \", \"))\r\n | where SourceType in~ (split(\"{DataSource}\", \",\"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where \"{Collection:label}\" == \"All\" or CollectionName in~ (split(\"{Collection:label}\", \", \"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where ActivityType == \"Labeling\" \r\n | extend SensitivityLabel = iff(SensitivityLabel[0] == \"\", \"No Label\", SensitivityLabel[0])\r\n | extend Label = replace(@\"\\\\\", \"/\", SensitivityLabel)\r\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType\r\n | summarize FileSize = round(sum(FileSize)/1000000,2), AssetCount = count() by SensitivityLabel, Label\r\n | project SensitivityLabel, FileSize, AssetCount, Label\r\n | sort by AssetCount;\r\nSensitivityLabels\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results204" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let NumberofSourcesByRegion = PurviewDataSensitivityLogs\r\n| where ActivityType == \"Classification\" \r\n| where SourceType contains \"Azure\"\r\n// GDPR filter: keep only sources with classification or sensitivity label\r\n| where array_length(todynamic(Classification)) > 0 or array_length(todynamic(SensitivityLabel)) > 0\r\n| where \"{PurviewAccount:label}\" == \"All\" or PurviewAccountName in~ (split(\"{PurviewAccount:label}\", \", \"))\r\n| where \"{DataSource:label}\" == \"All\" or SourceType in~ (split(\"{DataSource:label}\", \", \"))\r\n| extend CollectionName = iff(SourceCollectionName == \"\",\"No Collection\",SourceCollectionName)\r\n| where \"{Collection:label}\" == \"All\" or CollectionName in~ (split(\"{Collection:label}\", \", \"))\r\n| distinct SourcePath, SourceRegion\r\n| summarize AssetCount = count() by SourceRegion;\r\nNumberofSourcesByRegion", + "size": 0, + "title": "Classified Azure Sources by Region", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "map", + "mapSettings": { + "locInfo": "AzureLoc", + "locInfoColumn": "SourceRegion", + "sizeSettings": "AssetCount", + "sizeAggregation": "Sum", + "legendMetric": "AssetCount", + "legendAggregation": "Sum", + "itemColorSettings": { + "nodeColorField": "AssetCount", + "colorAggregation": "Sum", + "type": "heatmap", + "heatmapPalette": "greenRed" + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results200", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "query - 2" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let MostRecentScanLogs = PurviewDataSensitivityLogs\r\n | where ActivityType == \"Classification\" \r\n | where \"{PurviewAccount:label}\" == \"All\" or PurviewAccountName in~ (split(\"{PurviewAccount:label}\", \", \"))\r\n | where SourceType in~ (split(\"{DataSource}\", \",\"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where \"{Collection:label}\" == \"All\" or CollectionName in~ (split(\"{Collection:label}\", \", \"))\r\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType ;\r\nlet AllAssets = MostRecentScanLogs\r\n | summarize AssetCount = count() by SourceType;\r\nlet ClassifiedAssets = MostRecentScanLogs\r\n | where Classification != \"[]\"\r\n | summarize AssetClassifiedCount = count() by SourceType;\r\nlet ClassifiedAssetsByResourceType = AllAssets\r\n | join kind= leftouter ClassifiedAssets on SourceType\r\n | extend AssetCount = strcat(AssetCount, \" assets found in total\")\r\n | project SourceType, AssetCount, AssetClassifiedCount;\r\nClassifiedAssetsByResourceType", + "size": 0, + "title": "Total Classified Assets by Resource Type", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "tiles", + "tileSettings": { + "titleContent": { + "columnMatch": "SourceType", + "formatter": 16, + "formatOptions": { + "showIcon": true + } + }, + "leftContent": { + "columnMatch": "AssetClassifiedCount", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + }, + "emptyValCustomText": "0" + } + }, + "secondaryContent": { + "columnMatch": "AssetCount" + }, + "showBorder": true + }, + "mapSettings": { + "locInfo": "LatLong", + "sizeSettings": "AssetClassifiedCount", + "sizeAggregation": "Sum", + "legendMetric": "AssetClassifiedCount", + "legendAggregation": "Sum", + "itemColorSettings": { + "type": "heatmap", + "colorAggregation": "Sum", + "nodeColorField": "AssetClassifiedCount", + "heatmapPalette": "greenRed" + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results201", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "query - 25" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let MostRecentScanLogs = PurviewDataSensitivityLogs\r\n | where ActivityType == \"Classification\"\r\n | where \"{PurviewAccount:label}\" == \"All\" or PurviewAccountName in~ (split(\"{PurviewAccount:label}\", \", \"))\r\n | where SourceType in~ (split(\"{DataSource}\", \",\"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where \"{Collection:label}\" == \"All\" or CollectionName in~ (split(\"{Collection:label}\", \", \"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName) \r\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType ;\r\nlet AllAssets = MostRecentScanLogs\r\n| summarize AssetCount = count() by DataSource = SourcePath, SourceRegion, SourceType;\r\nlet ClassifiedAssets = MostRecentScanLogs\r\n| where Classification != \"[]\"\r\n| summarize AssetClassifiedCount = count() by DataSource = SourcePath, SourceRegion, SourceType;\r\nlet AssetsDrilldown = AllAssets\r\n| join kind= leftouter ClassifiedAssets on DataSource, SourceType\r\n| extend PathName = substring(DataSource, 1)\r\n| extend ClassifiedPercentage = round((100.0 * AssetClassifiedCount / AssetCount),1)\r\n| project DataSource, SourceRegion, SourceType, ClassifiedPercentage, AssetClassifiedCount, AssetCount, PathName;\r\nAssetsDrilldown", + "size": 0, + "showAnalytics": true, + "title": "Select 'Data Source' below to view Assets Drilldown", + "timeContextFromParameter": "TimeRange", + "showRefreshButton": true, + "exportFieldName": "PathName", + "exportParameterName": "UserSelectedDataSource", + "exportDefaultValue": "All", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "formatters": [ + { + "columnMatch": "DataSource", + "formatter": 0, + "formatOptions": { + "customColumnWidthSetting": "25ch" + } + }, + { + "columnMatch": "ClassifiedPercentage", + "formatter": 0, + "formatOptions": { + "customColumnWidthSetting": "20ch" + }, + "numberFormat": { + "unit": 1, + "options": { + "style": "decimal", + "maximumFractionDigits": 1 + } + } + }, + { + "columnMatch": "AssetClassifiedCount", + "formatter": 2, + "formatOptions": { + "customColumnWidthSetting": "20ch" + }, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + }, + "emptyValCustomText": "0" + } + }, + { + "columnMatch": "AssetCount", + "formatter": 2, + "formatOptions": { + "customColumnWidthSetting": "20ch" + } + }, + { + "columnMatch": "PathName", + "formatter": 5 + } + ], + "filter": true, + "sortBy": [ + { + "itemKey": "SourceType", + "sortOrder": 2 + } + ], + "labelSettings": [ + { + "columnId": "DataSource", + "label": "Data Source" + }, + { + "columnId": "SourceRegion", + "label": "Source Region" + }, + { + "columnId": "SourceType", + "label": "Source Type" + }, + { + "columnId": "ClassifiedPercentage", + "label": "% Classified" + }, + { + "columnId": "AssetClassifiedCount", + "label": "Classified Assets" + }, + { + "columnId": "AssetCount", + "label": "Total Assets" + }, + { + "columnId": "PathName", + "label": "Source Path" + } + ] + }, + "sortBy": [ + { + "itemKey": "SourceType", + "sortOrder": 2 + } + ] + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results202", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "query - 8", + "styleSettings": { + "showBorder": true + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let MostRecentScanLogs = PurviewDataSensitivityLogs\r\n | where \"{PurviewAccount:label}\" == \"All\" or PurviewAccountName in~ (split(\"{PurviewAccount:label}\", \", \"))\r\n | where SourceType in~ (split(\"{DataSource}\", \",\"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where \"{Collection:label}\" == \"All\" or CollectionName in~ (split(\"{Collection:label}\", \", \"))\r\n | where \"{UserSelectedDataSource:label}\" == \"All\" or (SourcePath contains \"{UserSelectedDataSource:label}\")\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType ;\r\nlet ClassificationCounts = MostRecentScanLogs\r\n | where ActivityType == \"Classification\"\r\n | mv-expand Classification\r\n | summarize ClassificationCount= count(todynamic(Classification)) by AssetPath\r\n | project ClassificationCount, AssetPath;\r\nlet ClassifiedAssetsWithCounts = MostRecentScanLogs\r\n | where ActivityType == \"Classification\"\r\n | join kind= leftouter ClassificationCounts on AssetPath\r\n | summarize arg_max(TimeGenerated, PurviewTenantId, PurviewAccountName, PurviewRegion, SourceName, SourceType, SourcePath, SourceSubscriptionId, SourceRegion, SourceCollectionName, AssetName, AssetPath, AssetType, AssetCreationTime, AssetModifiedTime, AssetLastScanTime, FileExtension, FileSize, ActivityType, Classification, ClassificationCount, ClassificationTrigger, ClassificationDetails, SourceScanId) by AssetPath ;\r\nlet LabeledAssets = MostRecentScanLogs\r\n | where ActivityType == \"Labeling\" \r\n | mv-expand SensitivityLabel to typeof(string)\r\n | where SensitivityLabel != int(null)\r\n | mv-expand SensitivityLabelDetails\r\n | summarize arg_max(SensitivityLabel, SourceType, SensitivityLabelTrigger, SensitivityLabelDetails) by AssetPath\r\n | project AssetPath, SensitivityLabel, SensitivityLabelTrigger, SensitivityLabelDetails;\r\nlet ClassificationCountWithSensitivityInformation = ClassifiedAssetsWithCounts\r\n | join kind= leftouter LabeledAssets on AssetPath\r\n | project\r\n TimeGenerated,\r\n PurviewTenantId,\r\n PurviewAccountName,\r\n PurviewRegion,\r\n AssetName,\r\n AssetPath,\r\n AssetType,\r\n AssetCreationTime,\r\n AssetModifiedTime,\r\n AssetLastScanTime,\r\n FileExtension,\r\n FileSize,\r\n ActivityType,\r\n ClassificationTrigger,\r\n Classification,\r\n ClassificationCount,\r\n ClassificationDetails,\r\n SensitivityLabelTrigger,\r\n SensitivityLabel,\r\n SensitivityLabelDetails,\r\n SourceName,\r\n SourceType,\r\n SourcePath,\r\n SourceSubscriptionId,\r\n SourceRegion,\r\n SourceCollectionName,\r\n SourceScanId\r\n | sort by ClassificationCount;\r\nClassificationCountWithSensitivityInformation", + "size": 0, + "showAnalytics": true, + "title": "Assets Drilldown", + "timeContextFromParameter": "TimeRange", + "showRefreshButton": true, + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "TimeGenerated", + "formatter": 5 + }, + { + "columnMatch": "PurviewTenantId", + "formatter": 5 + }, + { + "columnMatch": "PurviewAccountName", + "formatter": 5 + }, + { + "columnMatch": "PurviewRegion", + "formatter": 5 + }, + { + "columnMatch": "AssetName", + "formatter": 5 + }, + { + "columnMatch": "AssetPath", + "formatter": 7, + "formatOptions": { + "linkTarget": "GenericDetails", + "linkIsContextBlade": true, + "customColumnWidthSetting": "60ch" + } + }, + { + "columnMatch": "AssetType", + "formatter": 5 + }, + { + "columnMatch": "AssetCreationTime", + "formatter": 5 + }, + { + "columnMatch": "AssetModifiedTime", + "formatter": 5 + }, + { + "columnMatch": "AssetLastScanTime", + "formatter": 5 + }, + { + "columnMatch": "FileExtension", + "formatter": 5 + }, + { + "columnMatch": "FileSize", + "formatter": 5 + }, + { + "columnMatch": "ActivityType", + "formatter": 5 + }, + { + "columnMatch": "Classification", + "formatter": 5 + }, + { + "columnMatch": "ClassificationCount", + "formatter": 4, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + }, + "emptyValCustomText": "0" + } + }, + { + "columnMatch": "ClassificationDetails", + "formatter": 5 + }, + { + "columnMatch": "SensitivityLabelTrigger", + "formatter": 5 + }, + { + "columnMatch": "SensitivityLabel", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + }, + "emptyValCustomText": "No Label" + } + }, + { + "columnMatch": "SensitivityLabelDetails", + "formatter": 5 + }, + { + "columnMatch": "SourceName", + "formatter": 5 + }, + { + "columnMatch": "SourceType", + "formatter": 5 + }, + { + "columnMatch": "SourcePath", + "formatter": 13, + "formatOptions": { + "linkTarget": "Resource", + "showIcon": true + } + }, + { + "columnMatch": "SourceSubscriptionId", + "formatter": 5 + }, + { + "columnMatch": "SourceRegion", + "formatter": 5 + }, + { + "columnMatch": "SourceCollectionName", + "formatter": 5 + }, + { + "columnMatch": "SourceScanId", + "formatter": 5 + }, + { + "columnMatch": "PurviewSubscriptionId", + "formatter": 5 + }, + { + "columnMatch": "SourceOwner", + "formatter": 5 + }, + { + "columnMatch": "AssetOwner", + "formatter": 5 + }, + { + "columnMatch": "ClassificationActivityTrigger", + "formatter": 5 + }, + { + "columnMatch": "SensitivityLabelActivityTrigger", + "formatter": 5 + }, + { + "columnMatch": "SensitivityLabelGuid", + "formatter": 5 + }, + { + "columnMatch": "UserId", + "formatter": 5 + }, + { + "columnMatch": "ActivityTrigger", + "formatter": 5 + }, + { + "columnMatch": "SensitivityLabelName", + "formatter": 5, + "formatOptions": { + "customColumnWidthSetting": "25ch" + } + } + ], + "rowLimit": 1000, + "filter": true, + "labelSettings": [ + { + "columnId": "AssetPath", + "label": "Asset Path" + }, + { + "columnId": "ClassificationCount", + "label": "Classifications" + }, + { + "columnId": "SensitivityLabel", + "label": "Sensitivity Label" + }, + { + "columnId": "SourcePath", + "label": "Data Source" + } + ] + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results202", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "query - 9", + "styleSettings": { + "showBorder": true + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let MostRecentScanLogs = PurviewDataSensitivityLogs\r\n | where \"{PurviewAccount:label}\" == \"All\" or PurviewAccountName in~ (split(\"{PurviewAccount:label}\", \", \"))\r\n | where SourceType in~ (split(\"{DataSource}\", \",\"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where \"{Collection:label}\" == \"All\" or CollectionName in~ (split(\"{Collection:label}\", \", \"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where ActivityType == \"Classification\" \r\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType;\r\nlet Classifications = MostRecentScanLogs\r\n| summarize arg_max(TimeGenerated, Classification, FileSize, AssetType) by AssetPath \r\n| extend classifications = split(Classification, ',')\r\n| mv-expand classifications\r\n| extend Classification = trim(@\"[^\\w]+\", tostring(classifications))\r\n| where Classification != \"\"\r\n| summarize FileSize = round(sum(FileSize)/1000000,2), AssetCount = count() by Classification\r\n| project Classification, AssetCount, FileSize;\r\nClassifications\r\n", + "size": 0, + "showAnalytics": true, + "title": "Select 'Classification' below to view Classification Drilldown", + "timeContextFromParameter": "TimeRange", + "showRefreshButton": true, + "exportFieldName": "Classification", + "exportParameterName": "UserSelectedClassification", + "exportDefaultValue": "All", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "Classification", + "formatter": 0, + "formatOptions": { + "customColumnWidthSetting": "50ch" + }, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + }, + "emptyValCustomText": "No Classifications" + } + }, + { + "columnMatch": "AssetCount", + "formatter": 4, + "formatOptions": { + "palette": "blue", + "customColumnWidthSetting": "25ch" + } + }, + { + "columnMatch": "FileSize", + "formatter": 8, + "formatOptions": { + "palette": "blue", + "customColumnWidthSetting": "25ch" + } + } + ], + "filter": true, + "sortBy": [ + { + "itemKey": "$gen_bar_AssetCount_1", + "sortOrder": 2 + } + ], + "labelSettings": [ + { + "columnId": "AssetCount", + "label": "Classified Asset Count" + }, + { + "columnId": "FileSize", + "label": "Total Size of Files (MB)" + } + ] + }, + "sortBy": [ + { + "itemKey": "$gen_bar_AssetCount_1", + "sortOrder": 2 + } + ], + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "Classification", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Size", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results203", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "query - 4 - Copy", + "styleSettings": { + "showBorder": true + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let MostRecentScanLogs = PurviewDataSensitivityLogs\r\n | where \"{PurviewAccount:label}\" == \"All\" or PurviewAccountName in~ (split(\"{PurviewAccount:label}\", \", \"))\r\n | where SourceType in~ (split(\"{DataSource}\", \",\"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where \"{Collection:label}\" == \"All\" or CollectionName in~ (split(\"{Collection:label}\", \", \"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where ActivityType == \"Classification\" \r\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType;\r\nlet ClassificationsDrilldown = MostRecentScanLogs\r\n| extend classifications = split(Classification, ',')\r\n| mv-expand classifications\r\n| extend SelectedClassification = trim(@\"[^\\w]+\", tostring(classifications))\r\n| where SelectedClassification != \"\"\r\n| where \"{UserSelectedClassification:label}\" == \"All\" or (split(\"{UserSelectedClassification:label}\", \", \") contains SelectedClassification)\r\n| summarize arg_max(TimeGenerated, PurviewTenantId, PurviewAccountName, PurviewRegion, SourceName, SourceType, SourcePath, SourceSubscriptionId, SourceRegion, SourceCollectionName, AssetName, AssetPath, AssetType, AssetCreationTime, AssetModifiedTime, AssetLastScanTime, FileExtension, FileSize, ActivityType, ClassificationTrigger, Classification, ClassificationDetails, SourceScanId) by AssetPath \r\n| project TimeGenerated, PurviewTenantId, PurviewAccountName, PurviewRegion, AssetName, AssetPath, AssetType, AssetCreationTime, AssetModifiedTime, AssetLastScanTime, FileExtension, FileSize, ActivityType, ClassificationTrigger, Classification, ClassificationDetails, SourceName, SourceType, SourcePath, SourceSubscriptionId, SourceRegion, SourceCollectionName, SourceScanId;\r\nClassificationsDrilldown\r\n| take 100", + "size": 0, + "showAnalytics": true, + "title": "Classifications Drilldown- Asset Level", + "timeContextFromParameter": "TimeRange", + "showRefreshButton": true, + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "formatters": [ + { + "columnMatch": "TimeGenerated", + "formatter": 5 + }, + { + "columnMatch": "PurviewTenantId", + "formatter": 5 + }, + { + "columnMatch": "PurviewAccountName", + "formatter": 5 + }, + { + "columnMatch": "PurviewRegion", + "formatter": 5 + }, + { + "columnMatch": "AssetName", + "formatter": 5 + }, + { + "columnMatch": "AssetPath", + "formatter": 7, + "formatOptions": { + "linkTarget": "GenericDetails", + "linkIsContextBlade": true, + "customColumnWidthSetting": "70ch" + } + }, + { + "columnMatch": "AssetType", + "formatter": 5 + }, + { + "columnMatch": "AssetCreationTime", + "formatter": 5 + }, + { + "columnMatch": "AssetModifiedTime", + "formatter": 5 + }, + { + "columnMatch": "AssetLastScanTime", + "formatter": 0, + "formatOptions": { + "customColumnWidthSetting": "30ch" + } + }, + { + "columnMatch": "FileExtension", + "formatter": 5 + }, + { + "columnMatch": "FileSize", + "formatter": 5 + }, + { + "columnMatch": "ActivityType", + "formatter": 5 + }, + { + "columnMatch": "Classification", + "formatter": 5 + }, + { + "columnMatch": "SourceName", + "formatter": 5 + }, + { + "columnMatch": "SourceType", + "formatter": 5 + }, + { + "columnMatch": "SourcePath", + "formatter": 13, + "formatOptions": { + "linkTarget": "Resource", + "showIcon": true + } + }, + { + "columnMatch": "SourceSubscriptionId", + "formatter": 5 + }, + { + "columnMatch": "SourceRegion", + "formatter": 5 + }, + { + "columnMatch": "SourceCollectionName", + "formatter": 5 + }, + { + "columnMatch": "SourceScanId", + "formatter": 5 + }, + { + "columnMatch": "PurviewSubscriptionId", + "formatter": 5 + }, + { + "columnMatch": "SourceOwner", + "formatter": 5 + }, + { + "columnMatch": "AssetOwner", + "formatter": 5 + }, + { + "columnMatch": "ActivityTrigger", + "formatter": 5 + }, + { + "columnMatch": "SensitivityLabelGuid", + "formatter": 5 + }, + { + "columnMatch": "SensitivityLabelName", + "formatter": 5 + }, + { + "columnMatch": "UserId", + "formatter": 5 + } + ], + "filter": true, + "labelSettings": [ + { + "columnId": "AssetPath", + "label": "Asset Path" + }, + { + "columnId": "AssetLastScanTime", + "label": "Asset Last Scan Time" + }, + { + "columnId": "SourcePath", + "label": "Data Source" + } + ] + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results203", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "query - 10", + "styleSettings": { + "showBorder": true + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let SensitivityLabels = PurviewDataSensitivityLogs\r\n | where \"{PurviewAccount:label}\" == \"All\" or PurviewAccountName in~ (split(\"{PurviewAccount:label}\", \", \"))\r\n | where SourceType in~ (split(\"{DataSource}\", \",\"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where \"{Collection:label}\" == \"All\" or CollectionName in~ (split(\"{Collection:label}\", \", \"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where ActivityType == \"Labeling\" \r\n | extend SensitivityLabel = iff(SensitivityLabel[0] == \"\", \"No Label\", SensitivityLabel[0])\r\n | extend Label = replace(@\"\\\\\", \"/\", SensitivityLabel)\r\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType\r\n | summarize FileSize = round(sum(FileSize)/1000000,2), AssetCount = count() by SensitivityLabel, Label\r\n | project SensitivityLabel, FileSize, AssetCount, Label\r\n | sort by AssetCount;\r\nSensitivityLabels", + "size": 0, + "showAnalytics": true, + "title": "Select 'Sensitivity Label' below to view Sensitivity Labels Drilldown", + "showRefreshButton": true, + "exportFieldName": "Label", + "exportParameterName": "UserSelectedLabel", + "exportDefaultValue": "All", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "SensitivityLabel", + "formatter": 1 + }, + { + "columnMatch": "FileSize", + "formatter": 8, + "formatOptions": { + "palette": "blue", + "customColumnWidthSetting": "20ch" + } + }, + { + "columnMatch": "Count", + "formatter": 4, + "formatOptions": { + "palette": "blue", + "customColumnWidthSetting": "20ch" + } + }, + { + "columnMatch": "Label", + "formatter": 5 + }, + { + "columnMatch": "SensitivityLabelName", + "formatter": 1, + "formatOptions": { + "customColumnWidthSetting": "60ch" + }, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + } + ], + "filter": true, + "labelSettings": [ + { + "columnId": "SensitivityLabel", + "label": "Sensitivity Label" + }, + { + "columnId": "FileSize", + "label": "File Size" + }, + { + "columnId": "AssetCount", + "label": "Asset Count" + } + ] + }, + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "SensitivityLabelName", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "LabelCount", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results204", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "query - 14 - Copy", + "styleSettings": { + "showBorder": true + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let MostRecentScanLogs = PurviewDataSensitivityLogs\r\n | where \"{PurviewAccount:label}\" == \"All\" or PurviewAccountName in~ (split(\"{PurviewAccount:label}\", \", \"))\r\n | where SourceType in~ (split(\"{DataSource}\", \",\"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where \"{Collection:label}\" == \"All\" or CollectionName in~ (split(\"{Collection:label}\", \", \"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where ActivityType == \"Labeling\" \r\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType;\r\nlet LabelDrilldown = MostRecentScanLogs \r\n| extend SensitivityLabel = iff(SensitivityLabel[0] == \"\", \"No Label\", SensitivityLabel[0])\r\n| extend Label = replace(@\"\\\\\", \"/\", SensitivityLabel)\r\n| where \"{UserSelectedLabel:label}\" == \"All\" or \"{UserSelectedLabel:label}\" == Label\r\n| summarize arg_max(TimeGenerated, PurviewTenantId, PurviewAccountName, PurviewRegion, SourceName, SourceType, SourcePath, SourceSubscriptionId, SourceRegion, SourceCollectionName, AssetName, AssetPath, AssetType, AssetCreationTime, AssetModifiedTime, AssetLastScanTime, FileExtension, FileSize, ActivityType, SensitivityLabelTrigger, SensitivityLabel, SensitivityLabelDetails, SourceScanId) by AssetPath \r\n| project TimeGenerated, PurviewTenantId, PurviewAccountName, PurviewRegion, AssetName, AssetPath, AssetType, AssetCreationTime, AssetModifiedTime, AssetLastScanTime, FileExtension, FileSize, ActivityType, SensitivityLabelTrigger, SensitivityLabel, SensitivityLabelDetails, SourceName, SourceType, SourcePath, SourceSubscriptionId, SourceRegion, SourceCollectionName, SourceScanId;\r\nLabelDrilldown\r\n| take 100", + "size": 0, + "showAnalytics": true, + "title": "Sensitivity Labels Drilldown- Asset Level", + "showRefreshButton": true, + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "formatters": [ + { + "columnMatch": "TimeGenerated", + "formatter": 5 + }, + { + "columnMatch": "PurviewTenantId", + "formatter": 5 + }, + { + "columnMatch": "PurviewAccountName", + "formatter": 5 + }, + { + "columnMatch": "PurviewRegion", + "formatter": 5 + }, + { + "columnMatch": "AssetName", + "formatter": 5 + }, + { + "columnMatch": "AssetPath", + "formatter": 7, + "formatOptions": { + "linkTarget": "GenericDetails", + "linkIsContextBlade": true, + "customColumnWidthSetting": "70ch" + } + }, + { + "columnMatch": "AssetType", + "formatter": 5 + }, + { + "columnMatch": "AssetCreationTime", + "formatter": 5 + }, + { + "columnMatch": "AssetModifiedTime", + "formatter": 5 + }, + { + "columnMatch": "FileExtension", + "formatter": 5 + }, + { + "columnMatch": "FileSize", + "formatter": 5 + }, + { + "columnMatch": "ActivityType", + "formatter": 5 + }, + { + "columnMatch": "SensitivityLabelTrigger", + "formatter": 5, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + }, + "emptyValCustomText": "No Label" + } + }, + { + "columnMatch": "SensitivityLabel", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + }, + "emptyValCustomText": "No Label" + } + }, + { + "columnMatch": "SensitivityLabelDetails", + "formatter": 5, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + }, + "emptyValCustomText": "No Label" + } + }, + { + "columnMatch": "SourceName", + "formatter": 5 + }, + { + "columnMatch": "SourceType", + "formatter": 5 + }, + { + "columnMatch": "SourcePath", + "formatter": 13, + "formatOptions": { + "linkTarget": "Resource", + "showIcon": true + } + }, + { + "columnMatch": "SourceSubscriptionId", + "formatter": 5 + }, + { + "columnMatch": "SourceRegion", + "formatter": 5 + }, + { + "columnMatch": "SourceCollectionName", + "formatter": 5 + }, + { + "columnMatch": "SourceScanId", + "formatter": 5 + }, + { + "columnMatch": "SensitivityLabelName", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + }, + "emptyValCustomText": "No Label" + } + }, + { + "columnMatch": "PurviewSubscriptionId", + "formatter": 5 + }, + { + "columnMatch": "SourceOwner", + "formatter": 5 + }, + { + "columnMatch": "AssetOwner", + "formatter": 5 + }, + { + "columnMatch": "ActivityTrigger", + "formatter": 5 + }, + { + "columnMatch": "Classification", + "formatter": 5 + }, + { + "columnMatch": "ClassificationCount", + "formatter": 5 + }, + { + "columnMatch": "SensitivityLabelGuid", + "formatter": 5 + }, + { + "columnMatch": "UserId", + "formatter": 5 + } + ], + "filter": true, + "labelSettings": [ + { + "columnId": "AssetPath", + "label": "Asset Path" + }, + { + "columnId": "AssetLastScanTime", + "label": "Asset Last Scan Time" + }, + { + "columnId": "SensitivityLabel", + "label": "Sensitivity Label" + }, + { + "columnId": "SourcePath", + "label": "Source Path" + } + ] + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results204", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "query - 13", + "styleSettings": { + "showBorder": true + } + } + ] + }, + "conditionalVisibility": { + "parameterName": "isPurviewLogsVisible", + "comparison": "isEqualTo", + "value": "true" + }, + "name": "Purview Logs" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "## 🗄 Azure SQL Databases\r\n\r\nThis section helps you monitor **access to classified and sensitive data stored in Azure SQL databases**. It supports GDPR requirements for **security of processing (Art. 32)** and **data protection by design and by default (Art. 25)** by detecting anomalies, tracking access patterns, and providing evidence of safeguards around personal data. \r\n\r\nKey objectives of this section: \r\n- Identify **daily anomaly scores** to highlight unusual database activity that may indicate misuse or data exfiltration \r\n- Monitor **queries by sensitivity labels and information types** to ensure personal data is accessed only for legitimate purposes \r\n- Track **application and IP access** to classified data for accountability and traceability \r\n- Detect potential **privilege misuse or unauthorized access attempts** by reviewing query and principal activity over time \r\n- Provide auditors with proof of **continuous monitoring of database activity** against sensitive data assets \r\n\r\nBy analyzing these metrics, analysts can confirm that **personal data stored in databases is accessed appropriately**, and that monitoring controls are in place to detect and respond to suspicious or non-compliant activity.\r\n" + }, + "customWidth": "40", + "name": "text - 4" + }, + { + "type": 1, + "content": { + "json": "" + }, + "customWidth": "10", + "name": "text - 5" + }, + { + "type": 1, + "content": { + "json": "| Azure SQL Databases | | |\r\n|:--| - | - |\r\n| Daily anomaly scores, by database | Anomaly score over time for the selected database (from the list above) | Daily activity over time for the selected database (from the list above) |\r\n| Number of queries, by sensitivity label | Number of queries, by information type | Number of queries, by principal |\r\n|Number of queries, Details|Application access to classified data (by information type)|IP access to classified data (by information type)|\r\n\r\nPanels in this section are dynamically rendered based on the selected Subscription, Workspace, Time range, Servers and Databases. Only panels with data are shown. \r\n" + }, + "customWidth": "40", + "name": "text - 6" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "value::selected" + ], + "parameters": [ + { + "id": "332be9fd-33ad-407e-843e-5f2c49a50b6a", + "version": "KqlParameterItem/1.0", + "name": "Servers", + "type": 5, + "isRequired": true, + "multiSelect": true, + "quote": "\"", + "delimiter": ",", + "query": "where type == \"microsoft.sql/servers\"\r\n| project id=tolower(id)", + "crossComponentResources": [ + "{Subscription}" + ], + "typeSettings": { + "additionalResourceOptions": [ + "value::all" + ], + "selectAllValue": "", + "showDefault": false + }, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "value": [ + "value::all" + ] + }, + { + "id": "b4cc825f-166b-4929-916a-21b8073748c2", + "version": "KqlParameterItem/1.0", + "name": "Databases", + "type": 5, + "isRequired": true, + "multiSelect": true, + "quote": "'", + "delimiter": ",", + "query": "where type == \"microsoft.sql/servers/databases\"\r\n| project id=tolower(id)\r\n| extend serverName = split(id,'/databases/')[0]\r\n| where serverName in ({Servers})\r\n| project id", + "crossComponentResources": [ + "value::selected" + ], + "typeSettings": { + "additionalResourceOptions": [ + "value::all" + ], + "selectAllValue": "", + "showDefault": false + }, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "value": [ + "value::all" + ] + } + ], + "style": "pills", + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources" + }, + "name": "parameters - 1" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "7afa304d-b448-4d6c-8c54-69e51a7249a9", + "version": "KqlParameterItem/1.0", + "name": "Results205", + "type": 1, + "query": "AzureDiagnostics\r\n| where TimeGenerated > {TimeRange:start}\r\n| where ResourceType == \"SERVERS/DATABASES\"\r\n| where Category == \"SQLSecurityAuditEvents\"\r\n| where tolower(ResourceId) in ({Databases})\r\n| extend Database = strcat(LogicalServerName_s, '/', database_name_s)\r\n| summarize DailyCount = count() by ResourceId, Database, bin_at(TimeGenerated, 1d, now())\r\n| make-series metric = sum(DailyCount) on TimeGenerated in range({TimeRange:start}, now()-1d, 1d) by ResourceId, Database\r\n| extend series_decompose_anomalies(metric) // Anomaly detection\r\n| project ResourceId, Database, day = (TimeGenerated), DailyCounts = metric, AnomalyScore = series_decompose_anomalies_metric_ad_score\r\n| extend MaxAnomalyScore = AnomalyScore, MinAnomalyScore = AnomalyScore, AnomlyScoreTrend = AnomalyScore\r\n| mv-apply MaxAnomalyScore to typeof(real) on (top 1 by MaxAnomalyScore desc)\r\n| mv-apply MinAnomalyScore to typeof(real) on (top 1 by MinAnomalyScore asc)\r\n| mv-expand with_itemindex=Index AnomalyScore\r\n| where Index == array_length(DailyCounts)-1\r\n| project-away day, Index\r\n| extend AnomalyScoreAbs = abs(toreal(AnomalyScore))\r\n| extend WasAnomalous = iif(MaxAnomalyScore > 3 or MinAnomalyScore < -3, true, false)\r\n| extend Anomalous = iif(AnomalyScoreAbs > 3, true, false)\r\n| order by AnomalyScoreAbs desc\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results205" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "c303d4f8-4af1-4516-945e-66798123d9d9", + "version": "KqlParameterItem/1.0", + "name": "Results206", + "type": 1, + "query": "AzureDiagnostics \r\n| where tolower(ResourceId) in ({Databases})\r\n| where data_sensitivity_information_s != \"\" \r\n| extend parsed=parse_xml(data_sensitivity_information_s).sensitivity_attributes.sensitivity_attribute \r\n| mvexpand parsed \r\n| extend label = tostring(parsed[\"@label\"]) \r\n| where label != \"\" \r\n| summarize dcount = dcount(sequence_group_id_g) by label\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results206" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "3ce1ba31-e991-4012-a9f9-b1196c54f4e5", + "version": "KqlParameterItem/1.0", + "name": "Results207", + "type": 1, + "query": "AzureDiagnostics \r\n| where tolower(ResourceId) in ({Databases})\r\n| where data_sensitivity_information_s != \"\" \r\n| extend parsed=parse_xml(data_sensitivity_information_s).sensitivity_attributes.sensitivity_attribute \r\n| mvexpand parsed \r\n| extend info_type = tostring(parsed[\"@information_type\"]) \r\n| where info_type != \"\" \r\n| summarize dcount = dcount(sequence_group_id_g) by info_type\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results207" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "a13bcd2c-8f8b-4087-94fe-862c41b78c56", + "version": "KqlParameterItem/1.0", + "name": "Results208", + "type": 1, + "query": "AzureDiagnostics \r\n| where tolower(ResourceId) in ({Databases})\r\n| where data_sensitivity_information_s != \"\" \r\n| extend parsed=parse_xml(data_sensitivity_information_s).sensitivity_attributes.sensitivity_attribute \r\n| mvexpand parsed \r\n| extend Principal = server_principal_name_s\r\n| summarize dcount = dcount(sequence_group_id_g) by Principal\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results208" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "3cc27864-9c39-42e8-9cd6-25e1dfb9bcca", + "version": "KqlParameterItem/1.0", + "name": "Results210", + "type": 1, + "query": "AzureDiagnostics \r\n| where tolower(ResourceId) in ({Databases})\r\n| where data_sensitivity_information_s != \"\" \r\n| extend parsed=parse_xml(data_sensitivity_information_s).sensitivity_attributes.sensitivity_attribute \r\n| mvexpand parsed \r\n| extend label = tostring(parsed[\"@label\"]) \r\n| where label != \"\" \r\n| summarize dcount = dcount(sequence_group_id_g) by label_and_app = strcat(label, \" | \", application_name_s)\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results210" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "59b17e09-3c6d-4a11-a18d-2bc61a3ceba3", + "version": "KqlParameterItem/1.0", + "name": "Results211", + "type": 1, + "query": "AzureDiagnostics \r\n| where tolower(ResourceId) in ({Databases})\r\n| where data_sensitivity_information_s != \"\" \r\n| extend parsed=parse_xml(data_sensitivity_information_s).sensitivity_attributes.sensitivity_attribute \r\n| mvexpand parsed \r\n| extend label = tostring(parsed[\"@label\"]) \r\n| where label != \"\" \r\n| summarize dcount = dcount(sequence_group_id_g) by label_and_ip = strcat(label, \" | \", client_ip_s) \r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results211" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "AzureDiagnostics\r\n| where TimeGenerated > {TimeRange:start}\r\n| where ResourceType == \"SERVERS/DATABASES\"\r\n| where Category == \"SQLSecurityAuditEvents\"\r\n| where tolower(ResourceId) in ({Databases})\r\n| extend Database = strcat(LogicalServerName_s, '/', database_name_s)\r\n| summarize DailyCount = count() by ResourceId, Database, bin_at(TimeGenerated, 1d, now())\r\n| make-series metric = sum(DailyCount) on TimeGenerated in range({TimeRange:start}, now()-1d, 1d) by ResourceId, Database\r\n| extend series_decompose_anomalies(metric) // Anomaly detection\r\n| project ResourceId, Database, day = (TimeGenerated), DailyCounts = metric, AnomalyScore = series_decompose_anomalies_metric_ad_score\r\n| extend MaxAnomalyScore = AnomalyScore, MinAnomalyScore = AnomalyScore, AnomlyScoreTrend = AnomalyScore\r\n| mv-apply MaxAnomalyScore to typeof(real) on (top 1 by MaxAnomalyScore desc)\r\n| mv-apply MinAnomalyScore to typeof(real) on (top 1 by MinAnomalyScore asc)\r\n| mv-expand with_itemindex=Index AnomalyScore\r\n| where Index == array_length(DailyCounts)-1\r\n| project-away day, Index\r\n| extend AnomalyScoreAbs = abs(toreal(AnomalyScore))\r\n| extend WasAnomalous = iif(MaxAnomalyScore > 3 or MinAnomalyScore < -3, true, false)\r\n| extend Anomalous = iif(AnomalyScoreAbs > 3, true, false)\r\n| order by AnomalyScoreAbs desc\r\n", + "size": 0, + "title": "Daily anomaly scores, by database", + "timeContextFromParameter": "TimeRange", + "exportFieldName": "ResourceId", + "exportParameterName": "SelectedResource", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "DailyCounts", + "formatter": 9, + "formatOptions": { + "palette": "blue" + } + }, + { + "columnMatch": "AnomalyScore", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "startsWith", + "thresholdValue": "-", + "representation": "trenddown", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "right", + "text": "{0}{1}" + }, + { + "operator": "Default", + "representation": "trendup", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "MaxAnomalyScore", + "formatter": 1 + }, + { + "columnMatch": "MinAnomalyScore", + "formatter": 5 + }, + { + "columnMatch": "AnomlyScoreTrend", + "formatter": 9, + "formatOptions": { + "palette": "orange" + } + }, + { + "columnMatch": "AnomalyScoreAbs", + "formatter": 5 + }, + { + "columnMatch": "WasAnomalous", + "formatter": 1 + }, + { + "columnMatch": "Anomalous", + "formatter": 8, + "formatOptions": { + "palette": "blue" + } + } + ] + } + }, + "conditionalVisibility": { + "parameterName": "Results205", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "query - 1" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "AzureDiagnostics\r\n| where TimeGenerated > {TimeRange:start}\r\n| where ResourceType == \"SERVERS/DATABASES\"\r\n| where Category == \"SQLSecurityAuditEvents\"\r\n| where tolower(ResourceId) == tolower('{SelectedResource}')\r\n| summarize DailyCount = count() by ResourceId, bin_at(TimeGenerated, 1d, now())\r\n| make-series metric = sum(DailyCount) on TimeGenerated in range({TimeRange:start}, now()-1d, 1d) by ResourceId\r\n| extend series_decompose_anomalies(metric) // Anomaly detection\r\n| project ResourceId, day = (TimeGenerated), DailyCounts = metric, AnomalyScore = series_decompose_anomalies_metric_ad_score\r\n", + "size": 0, + "title": "Anomaly score over time for the selected database (from the list above)", + "color": "orange", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "visualization": "timechart", + "chartSettings": { + "yAxis": [ + "AnomalyScore" + ], + "ySettings": { + "numberFormatSettings": { + "unit": 0, + "options": { + "style": "decimal", + "useGrouping": true + } + } + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results205", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "query - 2 - Copy" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "AzureDiagnostics\r\n| where TimeGenerated > {TimeRange:start}\r\n| where ResourceType == \"SERVERS/DATABASES\"\r\n| where Category == \"SQLSecurityAuditEvents\"\r\n| where tolower(ResourceId) == tolower('{SelectedResource}')\r\n| summarize DailyCount = count() by ResourceId, bin_at(TimeGenerated, 1d, now())\r\n| make-series metric = sum(DailyCount) on TimeGenerated in range({TimeRange:start}, now()-1d, 1d) by ResourceId\r\n| extend series_decompose_anomalies(metric) // Anomaly detection\r\n| project ResourceId, day = (TimeGenerated), DailyCounts = metric, AnomalyScore = series_decompose_anomalies_metric_ad_score\r\n", + "size": 0, + "title": "Daily activity over time for the selected database (from the list above)", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "visualization": "timechart", + "chartSettings": { + "yAxis": [ + "DailyCounts" + ], + "ySettings": { + "numberFormatSettings": { + "unit": 0, + "options": { + "style": "decimal", + "useGrouping": true + } + } + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results205", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "query - 2" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "AzureDiagnostics \r\n| where tolower(ResourceId) in ({Databases})\r\n| where data_sensitivity_information_s != \"\" \r\n| extend parsed=parse_xml(data_sensitivity_information_s).sensitivity_attributes.sensitivity_attribute \r\n| mvexpand parsed \r\n| extend label = tostring(parsed[\"@label\"]) \r\n| where label != \"\" \r\n| summarize dcount = dcount(sequence_group_id_g) by label", + "size": 0, + "title": "Number of queries, by sensitivity label", + "timeContextFromParameter": "TimeRange", + "exportMultipleValues": true, + "exportedParameters": [ + { + "fieldName": "label", + "parameterName": "SelectedLabel", + "parameterType": 1 + } + ], + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "visualization": "tiles", + "tileSettings": { + "titleContent": { + "columnMatch": "label", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "dcount", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "showBorder": false + } + }, + "customWidth": "33", + "conditionalVisibility": { + "parameterName": "Results206", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "query - 3 - Copy", + "styleSettings": { + "margin": "0", + "padding": "0" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "AzureDiagnostics \r\n| where tolower(ResourceId) in ({Databases})\r\n| where data_sensitivity_information_s != \"\" \r\n| extend parsed=parse_xml(data_sensitivity_information_s).sensitivity_attributes.sensitivity_attribute \r\n| mvexpand parsed \r\n| extend info_type = tostring(parsed[\"@information_type\"]) \r\n| where info_type != \"\" \r\n| summarize dcount = dcount(sequence_group_id_g) by info_type", + "size": 0, + "title": "Number of queries, by information type", + "timeContextFromParameter": "TimeRange", + "exportMultipleValues": true, + "exportedParameters": [ + { + "fieldName": "info_type", + "parameterName": "SelectedInformationType", + "parameterType": 1 + } + ], + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "visualization": "tiles", + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "info_type", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "dcount", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + }, + "chartSettings": { + "createOtherGroup": 10 + } + }, + "customWidth": "33", + "conditionalVisibility": { + "parameterName": "Results207", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "query - 3 - Copy - Copy", + "styleSettings": { + "margin": "0", + "padding": "0" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "AzureDiagnostics \r\n| where tolower(ResourceId) in ({Databases})\r\n| where data_sensitivity_information_s != \"\" \r\n| extend parsed=parse_xml(data_sensitivity_information_s).sensitivity_attributes.sensitivity_attribute \r\n| mvexpand parsed \r\n| extend Principal = server_principal_name_s\r\n| summarize dcount = dcount(sequence_group_id_g) by Principal", + "size": 0, + "title": "Number of queries, by principal", + "timeContextFromParameter": "TimeRange", + "exportMultipleValues": true, + "exportedParameters": [ + { + "fieldName": "Principal", + "parameterName": "SelectedPrincipal", + "parameterType": 1 + } + ], + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "visualization": "tiles", + "tileSettings": { + "titleContent": { + "columnMatch": "Principal", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "dcount", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + }, + "showBorder": false + }, + "chartSettings": { + "createOtherGroup": 10 + } + }, + "customWidth": "33", + "conditionalVisibility": { + "parameterName": "Results208", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "query - 3 - Copy - Copy - Copy", + "styleSettings": { + "margin": "0", + "padding": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "387f6bac-5c95-41e3-9556-641188130759", + "version": "KqlParameterItem/1.0", + "name": "Results209", + "type": 1, + "query": "AzureDiagnostics\r\n| where tolower(ResourceId) in ({Databases})\r\n| where isempty(data_sensitivity_information_s) == false\r\n| extend parsed=parse_xml(data_sensitivity_information_s).sensitivity_attributes.sensitivity_attribute \r\n//| evaluate bag_unpack(parsed, columnsConflict='keep_source')\r\n| mvexpand parsed \r\n| project TimeGenerated, ResourceId, Label = tostring(parsed.['@label']), InformationType = tostring(parsed.['@information_type'])\r\n , Succeeded = succeeded_s, Principal = server_principal_name_s, ClientIP = client_ip_s, Application = application_name_s, Statement = statement_s, Rows = response_rows_d, Action = action_name_s\r\n| where Label != \"\" or InformationType != \"\"\r\n| where isempty('{SelectedLabel}') or (strcat('\"',Label,'\"') in (split('{SelectedLabel}',',')))\r\n| where isempty('{SelectedInformationType}') or (strcat('\"',InformationType,'\"') in (split('{SelectedInformationType}',',')))\r\n| where isempty('{SelectedPrincipal}') or (strcat('\"',Principal,'\"') in (split('{SelectedPrincipal}',',')))\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results208" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "AzureDiagnostics\r\n| where tolower(ResourceId) in ({Databases})\r\n| where isempty(data_sensitivity_information_s) == false\r\n| extend parsed=parse_xml(data_sensitivity_information_s).sensitivity_attributes.sensitivity_attribute \r\n//| evaluate bag_unpack(parsed, columnsConflict='keep_source')\r\n| mvexpand parsed \r\n| project TimeGenerated, ResourceId, Label = tostring(parsed.['@label']), InformationType = tostring(parsed.['@information_type'])\r\n , Succeeded = succeeded_s, Principal = server_principal_name_s, ClientIP = client_ip_s, Application = application_name_s, Statement = statement_s, Rows = response_rows_d, Action = action_name_s\r\n| where Label != \"\" or InformationType != \"\"\r\n| where isempty('{SelectedLabel}') or (strcat('\"',Label,'\"') in (split('{SelectedLabel}',',')))\r\n| where isempty('{SelectedInformationType}') or (strcat('\"',InformationType,'\"') in (split('{SelectedInformationType}',',')))\r\n| where isempty('{SelectedPrincipal}') or (strcat('\"',Principal,'\"') in (split('{SelectedPrincipal}',',')))", + "size": 0, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ] + }, + "conditionalVisibility": { + "parameterName": "Results209", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "query - 15" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "AzureDiagnostics \r\n| where tolower(ResourceId) in ({Databases})\r\n| where data_sensitivity_information_s != \"\" \r\n| extend parsed=parse_xml(data_sensitivity_information_s).sensitivity_attributes.sensitivity_attribute \r\n| mvexpand parsed \r\n| extend label = tostring(parsed[\"@label\"]) \r\n| where label != \"\" \r\n| summarize dcount = dcount(sequence_group_id_g) by label_and_app = strcat(label, \" | \", application_name_s)\r\n| order by label_and_app asc, dcount desc", + "size": 0, + "title": "Application access to classified data (by sensitivity label)", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "visualization": "piechart" + }, + "customWidth": "40", + "conditionalVisibility": { + "parameterName": "Results210", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "query - 3 - Copy - Copy", + "styleSettings": { + "margin": "0", + "padding": "0" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "AzureDiagnostics \r\n| where tolower(ResourceId) in ({Databases})\r\n| where data_sensitivity_information_s != \"\" \r\n| extend parsed=parse_xml(data_sensitivity_information_s).sensitivity_attributes.sensitivity_attribute \r\n| mvexpand parsed \r\n| extend label = tostring(parsed[\"@label\"]) \r\n| where label != \"\" \r\n| summarize dcount = dcount(sequence_group_id_g) by label_and_ip = strcat(label, \" | \", client_ip_s) \r\n| order by label_and_ip asc, dcount desc", + "size": 0, + "title": "IP access to classified data (by sensitivity label)", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "visualization": "piechart", + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "action_name_s", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "count_", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + }, + "graphSettings": { + "type": 0, + "topContent": { + "columnMatch": "action_name_s", + "formatter": 1 + }, + "centerContent": { + "columnMatch": "count_", + "formatter": 1, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + } + }, + "customWidth": "40", + "conditionalVisibility": { + "parameterName": "Results211", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "query - 3", + "styleSettings": { + "margin": "0", + "padding": "0" + } + } + ] + }, + "conditionalVisibility": { + "parameterName": "isAzureSQLDatabasesVisible", + "comparison": "isEqualTo", + "value": "true" + }, + "name": "Azure SQL Databases" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "7afa304d-b448-4d6c-8c54-69e51a7249a9", + "version": "KqlParameterItem/1.0", + "name": "Results46", + "type": 1, + "query": "let AnomalySignIns = BehaviorAnalytics\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| extend FirstTimeDeviceLogon = tostring(ActivityInsights.FirstTimeUserLoggedOnToDevice)\r\n| extend FirstTimeUserAction = tostring(ActivityInsights.FirstTimeUserPerformedAction)\r\n| extend UncommonAction = tostring(ActivityInsights.ActionUncommonlyPerformedByUser)\r\n| extend UncommonVolumeOfActions = tostring(ActivityInsights.UncommonHighVolumeOfActions)\r\n| where FirstTimeDeviceLogon == \"True\" or FirstTimeUserAction == \"True\" or UncommonAction == \"True\" or UncommonVolumeOfActions == \"True\";\r\nAnomalySignIns | join (SigninLogs) on UserPrincipalName\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "value": null + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results205" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "1ba464d7-3754-40c5-9518-7fa597d2e910", + "version": "KqlParameterItem/1.0", + "name": "Results47", + "type": 1, + "query": "let AnomalySignIns = BehaviorAnalytics\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| extend FirstTimeDeviceLogon = tostring(ActivityInsights.FirstTimeUserLoggedOnToDevice)\r\n| extend FirstTimeUserAction = tostring(ActivityInsights.FirstTimeUserPerformedAction)\r\n| extend UncommonAction = tostring(ActivityInsights.ActionUncommonlyPerformedByUser)\r\n| extend UncommonVolumeOfActions = tostring(ActivityInsights.UncommonHighVolumeOfActions)\r\n| where FirstTimeDeviceLogon == \"True\" or FirstTimeUserAction == \"True\" or UncommonAction == \"True\" or UncommonVolumeOfActions == \"True\";\r\nAnomalySignIns | join (SigninLogs) on UserPrincipalName\r\n| where SourceIPLocation <> \"\"\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "value": null + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results47" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "65c2cb9f-754e-4a6e-9f49-f8d6b656a4f0", + "version": "KqlParameterItem/1.0", + "name": "Results48", + "type": 1, + "query": "let UncommonActionVolume = BehaviorAnalytics\r\n| extend UncommonActionVolume = tostring(ActivityInsights.UncommonHighVolumeOfActions)\r\n| where UncommonActionVolume == \"True\"\r\n| summarize count() by UserPrincipalName\r\n| project-rename UncommonActionVolume = count_;\r\nlet UncommonAction = BehaviorAnalytics\r\n| extend UncommonAction = tostring(ActivityInsights.ActionUncommonlyPerformedByUser)\r\n| where UncommonAction == \"True\"\r\n| summarize count() by UserPrincipalName\r\n| project-rename UncommonAction = count_;\r\nlet Uncommon = UncommonActionVolume | join(UncommonAction) on UserPrincipalName;\r\nlet FirstTimeDeviceLogon = BehaviorAnalytics\r\n| extend FirstTimeDeviceLogon = tostring(ActivityInsights.FirstTimeUserLoggedOnToDevice)\r\n| where FirstTimeDeviceLogon == \"True\"\r\n| summarize count() by UserPrincipalName\r\n| project-rename FirstTimeDeviceLogon = count_;\r\nlet FirstTimeUserAction = BehaviorAnalytics\r\n| extend FirstTimeUserAction = tostring(ActivityInsights.FirstTimeUserPerformedAction)\r\n| where FirstTimeUserAction == \"True\"\r\n| summarize count() by UserPrincipalName\r\n| project-rename FirstTimeUserAction = count_;\r\nlet FirstTime = FirstTimeUserAction | join(FirstTimeDeviceLogon) on UserPrincipalName;\r\nUncommon | join kind=fullouter(FirstTime) on UserPrincipalName\r\n| where UserPrincipalName <> \"\"\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| project UserPrincipalName, UncommonActionVolume, UncommonAction, FirstTimeUserAction, FirstTimeDeviceLogon\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "value": null + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results48" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "802544a8-295d-49ac-ac30-7669812ffc07", + "version": "KqlParameterItem/1.0", + "name": "Results49", + "type": 1, + "query": "AADUserRiskEvents\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results49" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "292eaf4d-ee6f-4b78-acf1-2f625846dfdb", + "version": "KqlParameterItem/1.0", + "name": "Results50", + "type": 1, + "query": "BehaviorAnalytics\r\n| where ActionType == \"Reset user password\"\r\n| where ActivityInsights has \"True\"\r\n| join (\r\n AuditLogs\r\n )\r\n on $left.SourceRecordId == $right._ItemId\r\n| mv-expand TargetResources\r\n| extend Target = iff(tostring(TargetResources.userPrincipalName) has \"#EXT#\", replace(\"_\", \"@\", tostring(split(TargetResources.userPrincipalName, \"#\")[0])), TargetResources.userPrincipalName), tostring(TargetResources.userPrincipalName)\r\n| extend UserPrincipalName = iff(UserPrincipalName has \"#EXT#\", replace(\"_\", \"@\", tostring(split(UserPrincipalName, \"#\")[0])), UserPrincipalName),\r\n UserName = iff(UserName has \"#EXT#\", replace(\"_\", \"@\", tostring(split(UserPrincipalName, \"#\")[0])), UserName)\r\n| sort by TimeGenerated desc\r\n| project TimeGenerated, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\"TargetUser\"]=Target, ActivityInsights, SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "value": null + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results50" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "402cb027-2e34-4a17-8ede-e0778b245e49", + "version": "KqlParameterItem/1.0", + "name": "Results51", + "type": 1, + "query": "BehaviorAnalytics\r\n| where ActivityType == \"LogOn\"\r\n| where UsersInsights.BlastRadius == \"High\"\r\n| join (\r\nSigninLogs | where Status.errorCode == 50126\r\n) on $left.SourceRecordId == $right._ItemId\r\n| extend UserPrincipalName = iff(UserPrincipalName contains \"#EXT#\",replace(\"_\",\"@\",tostring(split(UserPrincipalName, \"#\")[0])),UserPrincipalName),\r\nUserName = iff(UserName contains \"#EXT#\",replace(\"_\",\"@\",tostring(split(UserPrincipalName, \"#\")[0])),UserName)\r\n| project TimeGenerated, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType,[\"Evidence\"]=ActivityInsights, ResourceDisplayName,AppDisplayName ,SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "value": null + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results51" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "d6c529ca-65d1-49fc-87a0-5013578dcecf", + "version": "KqlParameterItem/1.0", + "name": "Results52", + "type": 1, + "query": "BehaviorAnalytics\r\n| where ActionType == \"Sign-in\"\r\n| where ActivityInsights.FirstTimeConnectionFromCountryObservedInTenant == True and ActivityInsights.CountryUncommonlyConnectedFromAmongPeers == True\r\n | join (\r\nSigninLogs\r\n) on $left.SourceRecordId == $right._ItemId\r\n| extend UserPrincipalName = iff(UserPrincipalName contains \"#EXT#\",replace(\"_\",\"@\",tostring(split(UserPrincipalName, \"#\")[0])),UserPrincipalName),\r\nUserName = iff(UserName contains \"#EXT#\",replace(\"_\",\"@\",tostring(split(UserPrincipalName, \"#\")[0])),UserName)\r\n| project TimeGenerated, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType,[\"Evidence\"]=ActivityInsights, ResourceDisplayName,AppDisplayName ,SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "value": null + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results52" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "776977c6-0e80-44ca-ac00-b875a0dbb650", + "version": "KqlParameterItem/1.0", + "name": "Results53", + "type": 1, + "query": "//Critical Roles: can impersonate any user or app, can update passwords for users or service principals (if the role can let a user update passwords for privileged users, if an attacker compromises this user then attacker can update passwords for privileged users hence gaining more privileges so users with this role are equally critical)\r\n//High Roles: Administrators that can manage all aspects or permissions of important products but can't update credentials and impersonate another user/app\r\nlet critical = dynamic(['9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3','c4e39bd9-1100-46d3-8c65-fb160da0071f','158c047a-c907-4556-b7ef-446551a6b5f7','62e90394-69f5-4237-9190-012177145e10','d29b2b05-8046-44ba-8758-1e26182fcf32','729827e3-9c14-49f7-bb1b-9608f156bbb8','966707d0-3269-4727-9be2-8c3a10f19b9d','194ae4cb-b126-40b2-bd5b-6091b380977d','fe930be7-5e62-47db-91af-98c3a49a38b1']);\r\nlet high = dynamic(['cf1c38e5-3621-4004-a7cb-879624dced7c','7495fdc4-34c4-4d15-a289-98788ce399fd','aaf43236-0c0d-4d5f-883a-6955382ac081','3edaf663-341e-4475-9f94-5c398ef6c070','7698a772-787b-4ac8-901f-60d6b08affd2','b1be1c3e-b65d-4f19-8427-f6fa0d97feb9','9f06204d-73c1-4d4c-880a-6edb90606fd8','29232cdf-9323-42fd-ade2-1d097af3e4de','be2f45a1-457d-42af-a067-6ec1fa63bc45','7be44c8a-adaf-4e2a-84d6-ab2649e08a13','e8611ab8-c189-46e8-94e1-60213ab1f814']);\r\nAuditLogs\r\n| where OperationName == \"Update user\"\r\n| mv-expand AdditionalDetails\r\n| mv-expand TargetResources\r\n| where AdditionalDetails.key == \"UserPrincipalName\"\r\n| mv-expand TargetResources\r\n| extend RoleId = tostring(TargetResources.modifiedProperties[0].newValue)\r\n| extend RoleName = tostring(TargetResources.modifiedProperties[1].newValue)\r\n| where RoleId in (critical,high)\r\n| where isnotempty(RoleId) or isnotempty(RoleName)\r\n| extend TargetId = tostring(TargetResources.id)\r\n| extend Target = iff(tostring(TargetResources.userPrincipalName) has \"#EXT#\",replace(\"_\",\"@\",tostring(split(TargetResources.userPrincipalName, \"#\")[0])),TargetResources.userPrincipalName),tostring(TargetResources.userPrincipalName)\r\n| join kind=inner ( BehaviorAnalytics\r\n) on $left._ItemId == $right.SourceRecordId\r\n| where UsersInsights.BlastRadius == \"High\" or ActivityInsights has \"True\"\r\n| extend UserPrincipalName = iff(UserPrincipalName has \"#EXT#\",replace(\"_\",\"@\",tostring(split(UserPrincipalName, \"#\")[0])),UserPrincipalName),\r\nUserName = iff(UserName has \"#EXT#\",replace(\"_\",\"@\",tostring(split(UserPrincipalName, \"#\")[0])),UserName) \r\n| project TimeGenerated, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\"TargetUser\"]=Target,RoleName,ActivityInsights ,SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| summarize count() by UserPrincipalName\r\n| sort by count_ desc\r\n| limit 100\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "value": null + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results53" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "48c0ca65-2da9-4c48-a95b-ea7b5aebc36b", + "version": "KqlParameterItem/1.0", + "name": "Results54", + "type": 1, + "query": "//Critical Roles: can impersonate any user or app, can update passwords for users or service principals (if the role can let a user update passwords for privileged users, if an attacker compromises this user then attacker can update passwords for privileged users hence gaining more privileges so users with this role are equally critical)\r\n//High Roles: Administrators that can manage all aspects or permissions of important products but can't update credentials and impersonate another user/app\r\nlet critical = dynamic(['9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3','c4e39bd9-1100-46d3-8c65-fb160da0071f','158c047a-c907-4556-b7ef-446551a6b5f7','62e90394-69f5-4237-9190-012177145e10','d29b2b05-8046-44ba-8758-1e26182fcf32','729827e3-9c14-49f7-bb1b-9608f156bbb8','966707d0-3269-4727-9be2-8c3a10f19b9d','194ae4cb-b126-40b2-bd5b-6091b380977d','fe930be7-5e62-47db-91af-98c3a49a38b1']);\r\nlet high = dynamic(['cf1c38e5-3621-4004-a7cb-879624dced7c','7495fdc4-34c4-4d15-a289-98788ce399fd','aaf43236-0c0d-4d5f-883a-6955382ac081','3edaf663-341e-4475-9f94-5c398ef6c070','7698a772-787b-4ac8-901f-60d6b08affd2','b1be1c3e-b65d-4f19-8427-f6fa0d97feb9','9f06204d-73c1-4d4c-880a-6edb90606fd8','29232cdf-9323-42fd-ade2-1d097af3e4de','be2f45a1-457d-42af-a067-6ec1fa63bc45','7be44c8a-adaf-4e2a-84d6-ab2649e08a13','e8611ab8-c189-46e8-94e1-60213ab1f814']);\r\nAuditLogs\r\n| where OperationName == \"Add user\"\r\n| mv-expand AdditionalDetails\r\n| mv-expand TargetResources\r\n| where AdditionalDetails.key == \"UserPrincipalName\"\r\n| mv-expand TargetResources\r\n| extend RoleId = tostring(TargetResources.modifiedProperties[0].newValue)\r\n| extend RoleName = tostring(TargetResources.modifiedProperties[1].newValue)\r\n| where RoleId in (critical,high)\r\n| where isnotempty(RoleId) or isnotempty(RoleName)\r\n| extend TargetId = tostring(TargetResources.id)\r\n| extend Target = iff(tostring(TargetResources.userPrincipalName) has \"#EXT#\",replace(\"_\",\"@\",tostring(split(TargetResources.userPrincipalName, \"#\")[0])),TargetResources.userPrincipalName),tostring(TargetResources.userPrincipalName)\r\n| join kind=inner ( BehaviorAnalytics\r\n) on $left._ItemId == $right.SourceRecordId\r\n| where UsersInsights.BlastRadius == \"High\" or ActivityInsights has \"True\"\r\n| extend UserPrincipalName = iff(UserPrincipalName has \"#EXT#\",replace(\"_\",\"@\",tostring(split(UserPrincipalName, \"#\")[0])),UserPrincipalName),\r\nUserName = iff(UserName has \"#EXT#\",replace(\"_\",\"@\",tostring(split(UserPrincipalName, \"#\")[0])),UserName) \r\n| project TimeGenerated, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\"TargetUser\"]=Target,RoleName,ActivityInsights ,SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "value": null + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results54" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "ef5b3c8e-c859-4e9a-8b73-c60f23732867", + "version": "KqlParameterItem/1.0", + "name": "Results55", + "type": 1, + "query": "let critical = dynamic(['9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3','c4e39bd9-1100-46d3-8c65-fb160da0071f','158c047a-c907-4556-b7ef-446551a6b5f7','62e90394-69f5-4237-9190-012177145e10','d29b2b05-8046-44ba-8758-1e26182fcf32','729827e3-9c14-49f7-bb1b-9608f156bbb8','966707d0-3269-4727-9be2-8c3a10f19b9d','194ae4cb-b126-40b2-bd5b-6091b380977d','fe930be7-5e62-47db-91af-98c3a49a38b1']);\r\nlet high = dynamic(['cf1c38e5-3621-4004-a7cb-879624dced7c','7495fdc4-34c4-4d15-a289-98788ce399fd','aaf43236-0c0d-4d5f-883a-6955382ac081','3edaf663-341e-4475-9f94-5c398ef6c070','7698a772-787b-4ac8-901f-60d6b08affd2','b1be1c3e-b65d-4f19-8427-f6fa0d97feb9','9f06204d-73c1-4d4c-880a-6edb90606fd8','29232cdf-9323-42fd-ade2-1d097af3e4de','be2f45a1-457d-42af-a067-6ec1fa63bc45','7be44c8a-adaf-4e2a-84d6-ab2649e08a13','e8611ab8-c189-46e8-94e1-60213ab1f814']);\r\nAuditLogs\r\n| where OperationName == \"Add member to role\"\r\n| mv-expand TargetResources\r\n| extend RoleId = tostring(TargetResources.modifiedProperties[0].newValue)\r\n| extend RoleName = tostring(TargetResources.modifiedProperties[1].newValue)\r\n| where RoleId in (critical,high)\r\n| extend TargetId = tostring(TargetResources.id)\r\n| extend Target = tostring(TargetResources.userPrincipalName)\r\n| where isnotempty(RoleId) or isnotempty(RoleName)\r\n| join kind=inner ( BehaviorAnalytics\r\n) on $left._ItemId == $right.SourceRecordId\r\n| where UsersInsights.BlasrRadius == \"High\" or ActivityInsights has \"True\"\r\n| project TimeGenerated, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\"TargetUser\"]=Target,RoleName,ActivityInsights ,SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "value": null + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results55" + }, + { + "type": 1, + "content": { + "json": "# 📊 [User & Entity Behavior Analytics (UEBA)](https://docs.microsoft.com/azure/sentinel/identify-threats-with-entity-behavior-analytics)\n---\n\nThis section focuses on detecting **anomalous behaviors by users and entities** that may indicate insider threats, compromised accounts, or attempts to exfiltrate personal data. It supports GDPR obligations around **security of processing (Art. 32)** and **accountability (Art. 5(2))** by helping organizations proactively identify suspicious activity that could put personal data at risk. \n\nKey objectives of this section: \n- Highlight **user anomalies** such as unusual access times, geolocations, or activity volumes \n- Detect **high-risk behaviors** flagged by Microsoft’s identity protection and analytics models \n- Monitor **entity risk scores** to prioritize investigations of potentially compromised accounts or devices \n- Correlate **web session anomalies** to identify potential data exfiltration attempts \n- Provide auditors with evidence of **continuous monitoring of user activity and proactive risk detection** \n\nBy reviewing these metrics, analysts can ensure that **unusual or risky behaviors are identified early**, reducing the likelihood of personal data misuse or unauthorized disclosure, and demonstrating effective monitoring controls under GDPR.\n" + }, + "customWidth": "40", + "name": "text - 2" + }, + { + "type": 1, + "content": { + "json": "" + }, + "customWidth": "10", + "name": "text - 14" + }, + { + "type": 1, + "content": { + "json": "| User & Entity Behavior Analytics (UEBA) | - | - |\r\n|:--| :--| :--| \r\n| Anomalous Activity by Geolocation | Anomalous Activity by User & GeoLocation | Entity Behavior Analytics Alerts |\r\n| User Anomalies | EntraID Identity Protection: User Sign-in Risk Details |ASim WebSession: Detect potential data exfilteration using timeseries anomaly|\r\n| Anomalous Password Reset | Anomalous Failed Logon |Anomalous Geolocation Logon|\r\n| Anomalous AAD Account Manipulation | Anomalous Account Creation |Anomalous Role Assignment|\r\n\r\nPanels in this section are dynamically rendered based on the selected Subscription, Workspace, Time range and User." + }, + "customWidth": "40", + "name": "text - 14" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let AnomalySignIns = BehaviorAnalytics\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| extend FirstTimeDeviceLogon = tostring(ActivityInsights.FirstTimeUserLoggedOnToDevice)\r\n| extend FirstTimeUserAction = tostring(ActivityInsights.FirstTimeUserPerformedAction)\r\n| extend UncommonAction = tostring(ActivityInsights.ActionUncommonlyPerformedByUser)\r\n| extend UncommonVolumeOfActions = tostring(ActivityInsights.UncommonHighVolumeOfActions)\r\n| where FirstTimeDeviceLogon == \"True\" or FirstTimeUserAction == \"True\" or UncommonAction == \"True\" or UncommonVolumeOfActions == \"True\";\r\nAnomalySignIns | join (SigninLogs) on UserPrincipalName", + "size": 3, + "showAnalytics": true, + "title": "Anomalous Activity by Geolocation", + "noDataMessage": "There are no results within the selected thresholds (time, workspace, subscription). See Enable User and Entity Behavior Analytics (UEBA) in Microsoft Sentinel for respective UEBA configurations (https://docs.microsoft.com/azure/sentinel/enable-entity-behavior-analytics)", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "visualization": "map", + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "warning", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "UncommonActionVolume", + "formatter": 4, + "formatOptions": { + "palette": "redBright" + } + }, + { + "columnMatch": "UncommonAction", + "formatter": 4, + "formatOptions": { + "palette": "green" + } + }, + { + "columnMatch": "FirstTimeUserAction", + "formatter": 4, + "formatOptions": { + "palette": "blue" + } + }, + { + "columnMatch": "FirstTimeDeviceLogon", + "formatter": 4, + "formatOptions": { + "palette": "yellow" + } + }, + { + "columnMatch": "IncidentCount", + "formatter": 8, + "formatOptions": { + "palette": "redBright" + } + }, + { + "columnMatch": "AlertCount", + "formatter": 8, + "formatOptions": { + "palette": "orange" + } + }, + { + "columnMatch": "AnomalyCount", + "formatter": 8, + "formatOptions": { + "palette": "yellow" + } + } + ] + }, + "sortBy": [], + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "latitude_", + "longitude": "longitude_", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "labelSettings": "city_", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "redBright" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results46", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results46" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let AnomalySignIns = BehaviorAnalytics\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| extend FirstTimeDeviceLogon = tostring(ActivityInsights.FirstTimeUserLoggedOnToDevice)\r\n| extend FirstTimeUserAction = tostring(ActivityInsights.FirstTimeUserPerformedAction)\r\n| extend UncommonAction = tostring(ActivityInsights.ActionUncommonlyPerformedByUser)\r\n| extend UncommonVolumeOfActions = tostring(ActivityInsights.UncommonHighVolumeOfActions)\r\n| where FirstTimeDeviceLogon == \"True\" or FirstTimeUserAction == \"True\" or UncommonAction == \"True\" or UncommonVolumeOfActions == \"True\";\r\nAnomalySignIns | join (SigninLogs) on UserPrincipalName\r\n| where SourceIPLocation <> \"\"\r\n| summarize count() by UserPrincipalName, SourceIPLocation\r\n| sort by count_ desc\r\n| limit 100", + "size": 0, + "showAnalytics": true, + "title": "Anomalous Activity by User & GeoLocation", + "noDataMessage": "There are no results within the selected thresholds (time, workspace, subscription). See Enable User and Entity Behavior Analytics (UEBA) in Microsoft Sentinel for respective UEBA configurations (https://docs.microsoft.com/azure/sentinel/enable-entity-behavior-analytics)", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "Location", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Globe", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "SourceIPLocation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Globe", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 4, + "formatOptions": { + "palette": "redBright" + } + } + ], + "filter": true + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results47", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "query - 14" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let AnomalousSigninActivity = BehaviorAnalytics\r\n | where ActionType == \"Sign-in\"\r\n | where (UsersInsights.NewAccount == True or UsersInsights.DormantAccount == True) and (\r\n ActivityInsights.FirstTimeUserAccessedResource == True and ActivityInsights.ResourceUncommonlyAccessedAmongPeers == True\r\n or ActivityInsights.FirstTimeUserUsedApp == True and ActivityInsights.AppUncommonlyUsedAmongPeers == False)\r\n | join (\r\n SigninLogs | where Status.errorCode == 0 or Status.errorCode == 0 and RiskDetail != \"none\"\r\n )\r\n on $left.SourceRecordId == $right._ItemId\r\n | extend UserPrincipalName = iff(UserPrincipalName contains \"#EXT#\", replace(\"_\", \"@\", tostring(split(UserPrincipalName, \"#\")[0])), UserPrincipalName),\r\n UserName = iff(UserName contains \"#EXT#\", replace(\"_\", \"@\", tostring(split(UserPrincipalName, \"#\")[0])), UserName)\r\n | extend AnomalyName = \"Anomalous Successful Logon\",\r\n Tactic = \"Persistence\",\r\n Technique = \"Valid Accounts\",\r\n SubTechnique = \"\",\r\n Description = \"Successful Sign-in with one or more of the following indications: sign by new or recently dormant accounts and sign in with resource for the first time (while none of their peers did) or to an app for the first time (while none of their peers did) or performed by a user with Risk indication from AAD\"\r\n | project TimeGenerated, AnomalyName, Tactic, Technique, SubTechnique, Description, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\"Evidence\"]=ActivityInsights, ResourceDisplayName, AppDisplayName, SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights, [\"Anomaly Score\"]=InvestigationPriority; \r\nlet critical = dynamic(['9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3', 'c4e39bd9-1100-46d3-8c65-fb160da0071f', '158c047a-c907-4556-b7ef-446551a6b5f7', '62e90394-69f5-4237-9190-012177145e10', 'd29b2b05-8046-44ba-8758-1e26182fcf32', '729827e3-9c14-49f7-bb1b-9608f156bbb8', '966707d0-3269-4727-9be2-8c3a10f19b9d', '194ae4cb-b126-40b2-bd5b-6091b380977d', 'fe930be7-5e62-47db-91af-98c3a49a38b1']);\r\nlet high = dynamic(['cf1c38e5-3621-4004-a7cb-879624dced7c', '7495fdc4-34c4-4d15-a289-98788ce399fd', 'aaf43236-0c0d-4d5f-883a-6955382ac081', '3edaf663-341e-4475-9f94-5c398ef6c070', '7698a772-787b-4ac8-901f-60d6b08affd2', 'b1be1c3e-b65d-4f19-8427-f6fa0d97feb9', '9f06204d-73c1-4d4c-880a-6edb90606fd8', '29232cdf-9323-42fd-ade2-1d097af3e4de', 'be2f45a1-457d-42af-a067-6ec1fa63bc45', '7be44c8a-adaf-4e2a-84d6-ab2649e08a13', 'e8611ab8-c189-46e8-94e1-60213ab1f814']);//insider\r\nlet AnomalousRoleAssignment = AuditLogs\r\n | where TimeGenerated > ago(28d)\r\n | where OperationName == \"Add member to role\"\r\n | mv-expand TargetResources\r\n | extend RoleId = tostring(TargetResources.modifiedProperties[0].newValue)\r\n | where isnotempty(RoleId) and RoleId in (critical, high)\r\n | extend RoleName = tostring(TargetResources.modifiedProperties[1].newValue)\r\n | where isnotempty(RoleName)\r\n | extend TargetId = tostring(TargetResources.id)\r\n | extend Target = tostring(TargetResources.userPrincipalName)\r\n | join kind=inner (\r\n BehaviorAnalytics\r\n | where ActionType == \"Add member to role\"\r\n | where UsersInsights.BlasrRadius == \"High\" or ActivityInsights.FirstTimeUserPerformedAction == true\r\n )\r\n on $left._ItemId == $right.SourceRecordId\r\n | extend AnomalyName = \"Anomalous Role Assignment\",\r\n Tactic = \"Persistence\",\r\n Technique = \"Account Manipulation\",\r\n SubTechnique = \"\",\r\n Description = \"Adversaries may manipulate accounts to maintain access to victim systems. These actions include adding new accounts to high privileged groups. Dragonfly 2.0, for example, added newly created accounts to the administrators group to maintain elevated access. The query below generates an output of all high Blast Radius users performing Add member to privileged role, or ones that add users for the first time.\"\r\n | project TimeGenerated, AnomalyName, Tactic, Technique, SubTechnique, Description, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\"TargetUser\"]=Target, RoleName, [\"Evidence\"]=ActivityInsights, SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights, [\"Anomaly Score\"]=InvestigationPriority; let LogOns=materialize(\r\n BehaviorAnalytics\r\n | where ActivityType == \"LogOn\");\r\nlet AnomalousResourceAccess = LogOns\r\n | where ActionType == \"ResourceAccess\"\r\n | where ActivityInsights.FirstTimeUserLoggedOnToDevice == true\r\n | extend AnomalyName = \"Anomalous Resource Access\",\r\n Tactic = \"Lateral Movement\",\r\n Technique = \"\",\r\n SubTechnique = \"\",\r\n Description = \"Adversary may be trying to move through the environment. APT29 and APT32, for example, has used PtH & PtT techniques to lateral move around the network. The query below generates an output of all users performing an resource access (4624:3) to devices for the first time.\"\r\n | project TimeGenerated, AnomalyName, Tactic, Technique, SubTechnique, Description, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\"Evidence\"]=ActivityInsights, SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights, [\"Anomaly Score\"]=InvestigationPriority; \r\nlet AnomalousRDPActivity = LogOns\r\n | where ActionType == \"RemoteInteractiveLogon\"\r\n | where ActivityInsights.FirstTimeUserLoggedOnToDevice == true\r\n | extend AnomalyName = \"Anomalous RDP Activity\",\r\n Tactic = \"Lateral Movement\",\r\n Technique = \"\",\r\n SubTechnique = \"\",\r\n Description = \"Adversaries may use Valid Accounts to log into a computer using the Remote Desktop Protocol (RDP). The adversary may then perform actions as the logged-on user. FIN10, for example, has used RDP to move laterally to systems in the victim environment. The query below generates an output of all users performing a remote interactive logon (4624:10) to a device for the first time.\"\r\n | project TimeGenerated, AnomalyName, Tactic, Technique, SubTechnique, Description, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\"Evidence\"]=ActivityInsights, SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights, [\"Anomaly Score\"]=InvestigationPriority; \r\nlet AnomalousLogintoDevices = LogOns\r\n | where ActionType == \"InteractiveLogon\"\r\n | where ActivityInsights.FirstTimeUserLoggedOnToDevice == true\r\n | where UsersInsights.DormantAccount == true or DevicesInsights.LocalAdmin == true\r\n | extend AnomalyName = \"Anomalous Login To Devices\",\r\n Tactic = \"Privilege Escalation\",\r\n Technique = \"Valid Accounts\",\r\n SubTechnique = \"\",\r\n Description = \"Adversaries may steal the credentials of a specific user or service account using Credential Access techniques or capture credentials earlier in their reconnaissance process through social engineering for means of gaining Initial Access. APT33, for example, has used valid accounts for initial access and privilege escalation. The query below generates an output of all administrator users performing an interactive logon (4624:2) to a device for the first time.\"\r\n | project TimeGenerated, AnomalyName, Tactic, Technique, SubTechnique, Description, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\"Evidence\"]=ActivityInsights, SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights, [\"Anomaly Score\"]=InvestigationPriority; \r\nlet AnomalousPasswordReset = BehaviorAnalytics\r\n | where ActionType == \"Reset user password\"\r\n | where ActivityInsights.FirstTimeUserPerformedAction == \"True\"\r\n | join (\r\n AuditLogs\r\n | where OperationName == \"Reset user password\"\r\n )\r\n on $left.SourceRecordId == $right._ItemId\r\n | mv-expand TargetResources\r\n | extend Target = iff(tostring(TargetResources.userPrincipalName) contains \"#EXT#\", replace(\"_\", \"@\", tostring(split(TargetResources.userPrincipalName, \"#\")[0])), TargetResources.userPrincipalName), tostring(TargetResources.userPrincipalName)\r\n | extend UserPrincipalName = iff(UserPrincipalName contains \"#EXT#\", replace(\"_\", \"@\", tostring(split(UserPrincipalName, \"#\")[0])), UserPrincipalName),\r\n UserName = iff(UserName contains \"#EXT#\", replace(\"_\", \"@\", tostring(split(UserPrincipalName, \"#\")[0])), UserName)\r\n | extend AnomalyName = \"Anomalous Password Reset\",\r\n Tactic = \"Impact\",\r\n Technique = \"Account Access Removal\",\r\n SubTechnique = \"\",\r\n Description = \"Adversaries may interrupt availability of system and network resources by inhibiting access to accounts utilized by legitimate users. Accounts may be deleted, locked, or manipulated (ex: changed credentials) to remove access to accounts. LockerGoga, for example, has been observed changing account passwords and logging off current users. The query below generates an output of all users performing Reset user password for the first time.\"\r\n | project TimeGenerated, AnomalyName, Tactic, Technique, SubTechnique, Description, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\"TargetUser\"]=Target, [\"Evidence\"]=ActivityInsights, SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights, [\"Anomaly Score\"]=InvestigationPriority\r\n | sort by TimeGenerated desc;\r\nlet AnomalousGeoLocationLogon = BehaviorAnalytics\r\n | where ActionType == \"Sign-in\"\r\n | where ActivityInsights.FirstTimeUserConnectedFromCountry == True and (ActivityInsights.FirstTimeConnectionFromCountryObservedInTenant == True or ActivityInsights.CountryUncommonlyConnectedFromAmongPeers == True)\r\n | join (\r\n SigninLogs\r\n )\r\n on $left.SourceRecordId == $right._ItemId\r\n | extend UserPrincipalName = iff(UserPrincipalName contains \"#EXT#\", replace(\"_\", \"@\", tostring(split(UserPrincipalName, \"#\")[0])), UserPrincipalName),\r\n UserName = iff(UserName contains \"#EXT#\", replace(\"_\", \"@\", tostring(split(UserPrincipalName, \"#\")[0])), UserName)\r\n | extend AnomalyName = \"Anomalous Successful Logon\",\r\n Tactic = \"Initial Access\",\r\n Technique = \"Valid Accounts\",\r\n SubTechnique = \"\",\r\n Description = \"Adversaries may steal the credentials of a specific user or service account using Credential Access techniques or capture credentials earlier in their reconnaissance process through social engineering for means of gaining Initial Access. APT33, for example, has used valid accounts for initial access. The query below generates an output of successful Sign-in performed by a user from a new geo location he has never connected from before, and none of his peers as well.\"\r\n | project TimeGenerated, AnomalyName, Tactic, Technique, SubTechnique, Description, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\"Evidence\"]=ActivityInsights, ResourceDisplayName, AppDisplayName, SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights, [\"Anomaly Score\"]=InvestigationPriority; \r\nlet AnomalousFailedLogon = BehaviorAnalytics\r\n | where ActivityType == \"LogOn\"\r\n | where UsersInsights.BlastRadius == \"High\"\r\n | join (\r\n SigninLogs \r\n | where Status.errorCode == 50126\r\n )\r\n on $left.SourceRecordId == $right._ItemId\r\n | extend UserPrincipalName = iff(UserPrincipalName contains \"#EXT#\", replace(\"_\", \"@\", tostring(split(UserPrincipalName, \"#\")[0])), UserPrincipalName),\r\n UserName = iff(UserName contains \"#EXT#\", replace(\"_\", \"@\", tostring(split(UserPrincipalName, \"#\")[0])), UserName)\r\n | extend AnomalyName = \"Anomalous Failed Logon\",\r\n Tactic = \"Credential Access\",\r\n Technique = \"Brute Force\",\r\n SubTechnique = \"Password Guessing\",\r\n Description = \"Adversaries with no prior knowledge of legitimate credentials within the system or environment may guess passwords to attempt access to accounts. Emotet, for example, has been observed using a hard coded list of passwords to brute force user accounts. The query below generates an output of all users with 'High' BlastRadius that perform failed Sign-in:Invalid username or password.\"\r\n | project TimeGenerated, AnomalyName, Tactic, Technique, SubTechnique, Description, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\"Evidence\"]=ActivityInsights, ResourceDisplayName, AppDisplayName, SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights, [\"Anomaly Score\"]=InvestigationPriority; \r\nlet AnomalousAADAccountManipulation = AuditLogs\r\n | where OperationName == \"Update user\"\r\n | mv-expand AdditionalDetails\r\n | where AdditionalDetails.key == \"UserPrincipalName\"\r\n | mv-expand TargetResources\r\n | extend RoleId = tostring(TargetResources.modifiedProperties[0].newValue)\r\n | where isnotempty(RoleId) and RoleId in (critical, high)\r\n | extend RoleName = tostring(TargetResources.modifiedProperties[1].newValue)\r\n | where isnotempty(RoleName)\r\n | extend TargetId = tostring(TargetResources.id)\r\n | extend Target = iff(tostring(TargetResources.userPrincipalName) contains \"#EXT#\", replace(\"_\", \"@\", tostring(split(TargetResources.userPrincipalName, \"#\")[0])), TargetResources.userPrincipalName), tostring(TargetResources.userPrincipalName)\r\n | join kind=inner ( \r\n BehaviorAnalytics\r\n | where ActionType == \"Update user\"\r\n | where UsersInsights.BlasrRadius == \"High\" or ActivityInsights.FirstTimeUserPerformedAction == true\r\n )\r\n on $left._ItemId == $right.SourceRecordId\r\n | extend UserPrincipalName = iff(UserPrincipalName contains \"#EXT#\", replace(\"_\", \"@\", tostring(split(UserPrincipalName, \"#\")[0])), UserPrincipalName),\r\n UserName = iff(UserName contains \"#EXT#\", replace(\"_\", \"@\", tostring(split(UserPrincipalName, \"#\")[0])), UserName) \r\n | extend AnomalyName = \"Anomalous Account Manipulation\",\r\n Tactic = \"Persistence\",\r\n Technique = \"Account Manipulation\",\r\n SubTechnique = \"\",\r\n Description = \"Adversaries may manipulate accounts to maintain access to victim systems. These actions include adding new accounts to high privileged groups. Dragonfly 2.0, for example, added newly created accounts to the administrators group to maintain elevated access. The query below generates an output of all high Blast Radius users performing 'Update user' (name change) to privileged role, or ones that changed users for the first time.\"\r\n | project TimeGenerated, AnomalyName, Tactic, Technique, SubTechnique, Description, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\"TargetUser\"]=Target, RoleName, [\"Evidence\"]=ActivityInsights, SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights, [\"Anomaly Score\"]=InvestigationPriority; let AnomalousAADAccountCreation = BehaviorAnalytics\r\n | where ActionType == \"Add user\"\r\n | where ActivityInsights.FirstTimeUserPerformedAction == True or ActivityInsights.FirstTimeActionPerformedInTenant == True or ActivityInsights.ActionUncommonlyPerformedAmongPeers == true\r\n | join(\r\n AuditLogs\r\n | where OperationName == \"Add user\"\r\n )\r\n on $left.SourceRecordId == $right._ItemId\r\n | mv-expand TargetResources\r\n | extend Target = iff(tostring(TargetResources.userPrincipalName) contains \"#EXT#\", replace(\"_\", \"@\", tostring(split(TargetResources.userPrincipalName, \"#\")[0])), TargetResources.userPrincipalName), tostring(TargetResources.userPrincipalName)\r\n | extend DisplayName = tostring(UsersInsights.AccountDisplayName),\r\n UserPrincipalName = iff(UserPrincipalName contains \"#EXT#\", replace(\"_\", \"@\", tostring(split(UserPrincipalName, \"#\")[0])), UserPrincipalName),\r\n UserName = iff(UserName contains \"#EXT#\", replace(\"_\", \"@\", tostring(split(UserPrincipalName, \"#\")[0])), UserName)\r\n | extend AnomalyName = \"Anomalous Account Creation\",\r\n Tactic = \"Persistence\",\r\n Technique = \"Create Account\",\r\n SubTechnique = \"Cloud Account\",\r\n Description = \"Adversaries may create a cloud account to maintain access to victim systems. With a sufficient level of access, such accounts may be used to establish secondary credentialed access that does not require persistent remote access tools to be deployed on the system. The query below generates an output of all the users performing user creation for the first time and the target users that were created.\"\t\r\n | project TimeGenerated, AnomalyName, Tactic, Technique, SubTechnique, Description, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\"TargetUser\"]=Target, [\"Evidence\"]=ActivityInsights, SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights, [\"Anomaly Score\"]=InvestigationPriority\r\n | sort by TimeGenerated desc;\r\nlet AnomalyTable = union kind=outer AnomalousSigninActivity, AnomalousRoleAssignment, AnomalousResourceAccess, AnomalousRDPActivity, AnomalousPasswordReset, AnomalousLogintoDevices, AnomalousGeoLocationLogon, AnomalousAADAccountManipulation, AnomalousAADAccountCreation, AnomalousFailedLogon;\r\nlet TopUsersByAnomalies = AnomalyTable\r\n | summarize hint.strategy = shuffle AnomalyCount=count() by UserName, UserPrincipalName, tostring(UsersInsights.OnPremSid), tostring(UsersInsights.AccountObjectId)\r\n | project Name=tolower(UserName), UPN=tolower(UserPrincipalName), AadUserId=UsersInsights_AccountObjectId, Sid=UsersInsights_OnPremSid, AnomalyCount\r\n | sort by AnomalyCount desc;\r\nlet TopUsersByIncidents = SecurityIncident\r\n | summarize hint.strategy = shuffle arg_max(LastModifiedTime, *) by IncidentNumber\r\n | where Status == \"New\" or Status == \"Active\"\r\n | mv-expand AlertIds\r\n | extend AlertId = tostring(AlertIds)\r\n | join kind= innerunique ( \r\n SecurityAlert \r\n )\r\n on $left.AlertId == $right.SystemAlertId\r\n | summarize hint.strategy = shuffle arg_max(TimeGenerated, *), NumberOfUpdates = count() by SystemAlertId\r\n | mv-expand todynamic(Entities)\r\n | where Entities[\"Type\"] =~ \"account\"\r\n | extend Name = tostring(tolower(Entities[\"Name\"])), NTDomain = tostring(Entities[\"NTDomain\"]), UPNSuffix = tostring(Entities[\"UPNSuffix\"]), AadUserId = tostring(Entities[\"AadUserId\"]), AadTenantId = tostring(Entities[\"AadTenantId\"]), \r\n Sid = tostring(Entities[\"Sid\"]), IsDomainJoined = tobool(Entities[\"IsDomainJoined\"]), Host = tostring(Entities[\"Host\"])\r\n | extend UPN = iff(Name != \"\" and UPNSuffix != \"\", strcat(Name, \"@\", UPNSuffix), \"\")\r\n | union TopUsersByAnomalies\r\n | extend \r\n AadPivot = iff(isempty(AadUserId), iff(isempty(Sid), Name, Sid), AadUserId),\r\n SidPivot = iff(isempty(Sid), iff(isempty(AadUserId), Name, AadUserId), Sid),\r\n UPNExists = iff(isempty(UPN), false, true),\r\n NameExists = iff(isempty(Name), false, true),\r\n SidExists = iff(isempty(Sid), false, true),\r\n AADExists = iff(isempty(AadUserId), false, true)\r\n | summarize hint.strategy = shuffle IncidentCount=dcount(IncidentNumber, 4), AlertCount=dcountif(AlertId, isnotempty(AlertId), 4), AnomalyCount=sum(AnomalyCount), any(Title, Severity, Status, StartTime, IncidentNumber, IncidentUrl, Owner), UPNAnchor=anyif(UPN, UPNExists == true), NameAnchor=anyif(Name, NameExists == true), AadAnchor=anyif(AadUserId, AADExists == true), SidAnchor=anyif(Sid, SidExists == true), any(SidPivot) by AadPivot\r\n | summarize hint.strategy = shuffle IncidentCount=sum(IncidentCount), AlertCount=sum(AlertCount), AnomalyCount=sum(AnomalyCount), UPNAnchor=anyif(UPNAnchor, isempty(UPNAnchor) == false), NameAnchor=anyif(NameAnchor, isempty(NameAnchor) == false), AadAnchor=anyif(AadAnchor, isempty(AadAnchor) == false), SidAnchor=anyif(SidAnchor, isempty(SidAnchor) == false), any(any_Title, any_Severity, any_StartTime, any_IncidentNumber, any_IncidentUrl) by any_SidPivot\r\n | summarize hint.strategy = shuffle IncidentCount=sum(IncidentCount), AlertCount=sum(AlertCount), AnomalyCount=sum(AnomalyCount), UPNAnchor=anyif(UPNAnchor, isempty(UPNAnchor) == false), AadAnchor=anyif(AadAnchor, isempty(AadAnchor) == false), SidAnchor=anyif(SidAnchor, isempty(SidAnchor) == false), any(any_any_Title, any_any_Severity, any_any_StartTime, any_any_IncidentNumber, any_any_IncidentUrl) by NameAnchor\r\n | project [\"UserName\"]=NameAnchor, IncidentCount, AlertCount, AnomalyCount, [\"AadUserId\"]=AadAnchor, [\"OnPremSid\"]=SidAnchor, [\"UserPrincipalName\"]=UPNAnchor;\r\nTopUsersByIncidents\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| project UserPrincipalName, IncidentCount, AlertCount, AnomalyCount\r\n| sort by AlertCount desc\r\n| limit 100", + "size": 0, + "showAnalytics": true, + "title": "Entity Behavior Analytics Alerts", + "noDataMessage": "No results, Confirm Sentinel Entity Behavior is Enabled", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "IncidentCount", + "formatter": 8, + "formatOptions": { + "palette": "redBright" + } + }, + { + "columnMatch": "AlertCount", + "formatter": 8, + "formatOptions": { + "palette": "orange" + } + }, + { + "columnMatch": "AnomalyCount", + "formatter": 8, + "formatOptions": { + "palette": "yellow" + } + } + ], + "rowLimit": 2500, + "filter": true, + "sortBy": [ + { + "itemKey": "$gen_heatmap_AlertCount_2", + "sortOrder": 2 + } + ] + }, + "sortBy": [ + { + "itemKey": "$gen_heatmap_AlertCount_2", + "sortOrder": 2 + } + ], + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "name": "query - 1", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let UncommonActionVolume = BehaviorAnalytics\r\n| extend UncommonActionVolume = tostring(ActivityInsights.UncommonHighVolumeOfActions)\r\n| where UncommonActionVolume == \"True\"\r\n| summarize count() by UserPrincipalName\r\n| project-rename UncommonActionVolume = count_;\r\nlet UncommonAction = BehaviorAnalytics\r\n| extend UncommonAction = tostring(ActivityInsights.ActionUncommonlyPerformedByUser)\r\n| where UncommonAction == \"True\"\r\n| summarize count() by UserPrincipalName\r\n| project-rename UncommonAction = count_;\r\nlet Uncommon = UncommonActionVolume | join(UncommonAction) on UserPrincipalName;\r\nlet FirstTimeDeviceLogon = BehaviorAnalytics\r\n| extend FirstTimeDeviceLogon = tostring(ActivityInsights.FirstTimeUserLoggedOnToDevice)\r\n| where FirstTimeDeviceLogon == \"True\"\r\n| summarize count() by UserPrincipalName\r\n| project-rename FirstTimeDeviceLogon = count_;\r\nlet FirstTimeUserAction = BehaviorAnalytics\r\n| extend FirstTimeUserAction = tostring(ActivityInsights.FirstTimeUserPerformedAction)\r\n| where FirstTimeUserAction == \"True\"\r\n| summarize count() by UserPrincipalName\r\n| project-rename FirstTimeUserAction = count_;\r\nlet FirstTime = FirstTimeUserAction | join(FirstTimeDeviceLogon) on UserPrincipalName;\r\nUncommon | join kind=fullouter(FirstTime) on UserPrincipalName\r\n| where UserPrincipalName <> \"\"\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| project UserPrincipalName, UncommonActionVolume, UncommonAction, FirstTimeUserAction, FirstTimeDeviceLogon\r\n| sort by UncommonActionVolume desc \r\n| limit 100", + "size": 0, + "showAnalytics": true, + "title": "User Anomalies", + "noDataMessage": "There are no results within the selected thresholds (time, workspace, subscription). See Enable User and Entity Behavior Analytics (UEBA) in Microsoft Sentinel for respective UEBA configurations (https://docs.microsoft.com/azure/sentinel/enable-entity-behavior-analytics)", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "UncommonActionVolume", + "formatter": 4, + "formatOptions": { + "palette": "redBright" + } + }, + { + "columnMatch": "UncommonAction", + "formatter": 4, + "formatOptions": { + "palette": "green" + } + }, + { + "columnMatch": "FirstTimeUserAction", + "formatter": 4, + "formatOptions": { + "palette": "blue" + } + }, + { + "columnMatch": "FirstTimeDeviceLogon", + "formatter": 4, + "formatOptions": { + "palette": "yellow" + } + }, + { + "columnMatch": "IncidentCount", + "formatter": 8, + "formatOptions": { + "palette": "redBright" + } + }, + { + "columnMatch": "AlertCount", + "formatter": 8, + "formatOptions": { + "palette": "orange" + } + }, + { + "columnMatch": "AnomalyCount", + "formatter": 8, + "formatOptions": { + "palette": "yellow" + } + } + ], + "filter": true, + "sortBy": [ + { + "itemKey": "$gen_bar_FirstTimeDeviceLogon_4", + "sortOrder": 2 + } + ] + }, + "sortBy": [ + { + "itemKey": "$gen_bar_FirstTimeDeviceLogon_4", + "sortOrder": 2 + } + ], + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results48", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "query - 4", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "AADUserRiskEvents\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| extend UserProfile = strcat(\"#blade/Microsoft_AAD_IAM/UserDetailsMenuBlade/Profile/userId/\",UserId)\r\n| extend countryOrRegion_ = tostring(Location.countryOrRegion)\r\n| extend city_ = tostring(Location.city)\r\n| extend state_ = tostring(Location.state)\r\n| extend latitude_ = tostring(parse_json(tostring(Location.geoCoordinates)).latitude)\r\n| extend longitude_ = tostring(parse_json(tostring(Location.geoCoordinates)).longitude)\r\n| distinct UserPrincipalName, UserProfile, RiskLevel, RiskEventType, city_, state_, countryOrRegion_, UserId\r\n| limit 100", + "size": 0, + "showAnalytics": true, + "title": "EntraID Identity Protection: User Sign-in Risk Details", + "noDataMessage": "There are no results within the selected thresholds (time, workspace, subscription). See How To: Configure and enable Microsoft Entra ID: Identity Protection risk policies (https://docs.microsoft.com/azure/active-directory/identity-protection/howto-identity-protection-configure-risk-policies)", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "UserProfile", + "formatter": 7, + "formatOptions": { + "linkTarget": "OpenBlade", + "linkLabel": "EntraID User Profile >>", + "bladeOpenContext": { + "bladeName": "UserDetailsMenuBlade", + "extensionName": "Microsoft_AAD_IAM", + "bladeParameters": [ + { + "name": "userId", + "source": "column", + "value": "UserId" + } + ] + } + } + }, + { + "columnMatch": "RiskLevel", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "high", + "representation": "Sev0", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "medium", + "representation": "Sev1", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "low", + "representation": "Sev2", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "Sev3", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "UserId", + "formatter": 5 + } + ], + "filter": true + } + }, + "conditionalVisibility": { + "parameterName": "Results49", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "query - 14" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let start = {TimeRange:grain};\r\nlet end = 1d;\r\nlet timeframe = 1h;\r\nlet scorethreshold = 5;\r\nlet bytessentperhourthreshold = 10;\r\nlet TimeSeriesData = _Im_WebSession(starttime=start, endtime=now())\r\n | where isnotempty(DstIpAddr)\r\n and not(ipv4_is_private(DstIpAddr))\r\n | summarize SrcBytesSum=tolong(sum(SrcBytes)) by EventProduct, bin(TimeGenerated, 1h)\r\n | extend EventTime = TimeGenerated\r\n | make-series TotalBytesSent = sum(SrcBytesSum) on EventTime from startofday(ago(start)) to startofday(now()) step timeframe by EventProduct;\r\n// TimeSeriesData block ends here\r\n//Take only anomalies in TimeSeriesData\r\nlet TimeSeriesAnomalies = materialize(TimeSeriesData\r\n | extend (anomalies, score, baseline) = series_decompose_anomalies(TotalBytesSent, scorethreshold, -1, 'linefit')\r\n | mv-expand\r\n TotalBytesSent to typeof(long),\r\n EventTime to typeof(datetime),\r\n anomalies to typeof(double),\r\n score to typeof(double),\r\n baseline to typeof(long)\r\n | where anomalies > 0 and baseline > 0\r\n | extend AnomalyHour = EventTime\r\n | extend\r\n TotalBytesSentinMBperHour = round(((TotalBytesSent / 1024) / 1024), 2),\r\n BaselineBytesSentinMBperHour = round(((baseline / 1024) / 1024), 2),\r\n score = round(score, 2)\r\n | project\r\n EventProduct,\r\n AnomalyHour,\r\n TotalBytesSentinMBperHour,\r\n BaselineBytesSentinMBperHour,\r\n anomalies,\r\n score\r\n //| where AnomalyHour between (startofday(ago(end)) .. startofday(now())) // Get TimeSeriesAnomalies in previous day\r\n );\r\n let AnomalyHours = materialize (TimeSeriesAnomalies\r\n | project AnomalyHour);\r\n //Previous day aggregated per hour\r\n let Last14DayLogs = \r\n _Im_WebSession(starttime=start, endtime=now())\r\n | extend DateHour = bin(TimeGenerated, timeframe) // create a new column and round to hour\r\n | where DateHour in (AnomalyHours) // Filter dataset to include only anomaly AnomalyHours\r\n | where isnotempty(DstIpAddr) and isnotempty(SrcIpAddr) and isnotempty(SrcBytes)\r\n | where not(ipv4_is_private(DstIpAddr))\r\n | project\r\n TimeGenerated,\r\n DateHour,\r\n DstIpAddr,\r\n SrcIpAddr,\r\n SrcBytes,\r\n DstBytes,\r\n DstPortNumber,\r\n EventProduct\r\n | summarize\r\n HourlyCount = count(),\r\n TimeGeneratedMax = arg_max(TimeGenerated, *),\r\n DestinationIPList = make_set(DstIpAddr, 100),\r\n DestinationPortList = make_set(DstPortNumber, 100),\r\n TotalSentBytes = tolong(sum(SrcBytes)),\r\n TotalReceivedBytes = tolong(sum(DstBytes))\r\n by SrcIpAddr, EventProduct, TimeGeneratedHour = bin(TimeGenerated, timeframe)\r\n | extend\r\n SentBytesinMB = ((TotalSentBytes / 1024) / 1024),\r\n ReceivedBytesinMB = ((TotalReceivedBytes / 1024) / 1024)\r\n | where SentBytesinMB > bytessentperhourthreshold\r\n | sort by TimeGeneratedHour asc, SentBytesinMB desc\r\n | extend Rank=row_number(1, prev(TimeGeneratedHour) != TimeGeneratedHour) // Ranking the dataset per Hourly Partition\r\n | where Rank <= 10 // Selecting Top 10 records with Highest BytesSent in each Hour\r\n | project\r\n EventProduct,\r\n TimeGeneratedHour,\r\n TimeGeneratedMax,\r\n SrcIpAddr,\r\n DestinationIPList,\r\n DestinationPortList,\r\n SentBytesinMB,\r\n ReceivedBytesinMB,\r\n Rank,\r\n HourlyCount;\r\n Last14DayLogs", + "size": 0, + "showAnalytics": true, + "title": "ASim WebSession: Detect potential data exfilteration using timeseries anomaly", + "noDataMessage": "There are no results within the selected thresholds.", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "UserProfile", + "formatter": 7, + "formatOptions": { + "linkTarget": "OpenBlade", + "linkLabel": "EntraID User Profile >>", + "bladeOpenContext": { + "bladeName": "UserDetailsMenuBlade", + "extensionName": "Microsoft_AAD_IAM", + "bladeParameters": [ + { + "name": "userId", + "source": "column", + "value": "UserId" + } + ] + } + } + }, + { + "columnMatch": "RiskLevel", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "high", + "representation": "Sev0", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "medium", + "representation": "Sev1", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "low", + "representation": "Sev2", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "Sev3", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "UserId", + "formatter": 5 + } + ], + "filter": true + } + }, + "name": "query - 14" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "BehaviorAnalytics\r\n| where ActionType == \"Reset user password\"\r\n| where ActivityInsights has \"True\"\r\n| join (\r\n AuditLogs\r\n )\r\n on $left.SourceRecordId == $right._ItemId\r\n| mv-expand TargetResources\r\n| extend Target = iff(tostring(TargetResources.userPrincipalName) has \"#EXT#\", replace(\"_\", \"@\", tostring(split(TargetResources.userPrincipalName, \"#\")[0])), TargetResources.userPrincipalName), tostring(TargetResources.userPrincipalName)\r\n| extend UserPrincipalName = iff(UserPrincipalName has \"#EXT#\", replace(\"_\", \"@\", tostring(split(UserPrincipalName, \"#\")[0])), UserPrincipalName),\r\n UserName = iff(UserName has \"#EXT#\", replace(\"_\", \"@\", tostring(split(UserPrincipalName, \"#\")[0])), UserName)\r\n| sort by TimeGenerated desc\r\n| project TimeGenerated, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\"TargetUser\"]=Target, ActivityInsights, SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| summarize count() by UserPrincipalName\r\n| sort by count_ desc\r\n| limit 100", + "size": 0, + "showAnalytics": true, + "title": "Anomalous Password Reset", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "blue" + } + }, + { + "columnMatch": "IPAddress", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "uninitialized", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results50", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results50", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "BehaviorAnalytics\r\n| where ActivityType == \"LogOn\"\r\n| where UsersInsights.BlastRadius == \"High\"\r\n| join (\r\nSigninLogs | where Status.errorCode == 50126\r\n) on $left.SourceRecordId == $right._ItemId\r\n| extend UserPrincipalName = iff(UserPrincipalName contains \"#EXT#\",replace(\"_\",\"@\",tostring(split(UserPrincipalName, \"#\")[0])),UserPrincipalName),\r\nUserName = iff(UserName contains \"#EXT#\",replace(\"_\",\"@\",tostring(split(UserPrincipalName, \"#\")[0])),UserName)\r\n| project TimeGenerated, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType,[\"Evidence\"]=ActivityInsights, ResourceDisplayName,AppDisplayName ,SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| summarize count() by UserPrincipalName\r\n| sort by count_ desc\r\n| limit 100", + "size": 0, + "showAnalytics": true, + "title": "Anomalous Failed Logon", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "IPAddress", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "uninitialized", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "blue" + } + } + ] + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results51", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results51", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "BehaviorAnalytics\r\n| where ActionType == \"Sign-in\"\r\n| where ActivityInsights.FirstTimeConnectionFromCountryObservedInTenant == True and ActivityInsights.CountryUncommonlyConnectedFromAmongPeers == True\r\n | join (\r\nSigninLogs\r\n) on $left.SourceRecordId == $right._ItemId\r\n| extend UserPrincipalName = iff(UserPrincipalName contains \"#EXT#\",replace(\"_\",\"@\",tostring(split(UserPrincipalName, \"#\")[0])),UserPrincipalName),\r\nUserName = iff(UserName contains \"#EXT#\",replace(\"_\",\"@\",tostring(split(UserPrincipalName, \"#\")[0])),UserName)\r\n| project TimeGenerated, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType,[\"Evidence\"]=ActivityInsights, ResourceDisplayName,AppDisplayName ,SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| summarize count() by UserPrincipalName\r\n| sort by count_ desc\r\n| limit 100", + "size": 0, + "showAnalytics": true, + "title": "Anomalous Geolocation Logon", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "IPAddress", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "uninitialized", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "blue" + } + } + ] + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results52", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results52", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "//Critical Roles: can impersonate any user or app, can update passwords for users or service principals (if the role can let a user update passwords for privileged users, if an attacker compromises this user then attacker can update passwords for privileged users hence gaining more privileges so users with this role are equally critical)\r\n//High Roles: Administrators that can manage all aspects or permissions of important products but can't update credentials and impersonate another user/app\r\nlet critical = dynamic(['9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3','c4e39bd9-1100-46d3-8c65-fb160da0071f','158c047a-c907-4556-b7ef-446551a6b5f7','62e90394-69f5-4237-9190-012177145e10','d29b2b05-8046-44ba-8758-1e26182fcf32','729827e3-9c14-49f7-bb1b-9608f156bbb8','966707d0-3269-4727-9be2-8c3a10f19b9d','194ae4cb-b126-40b2-bd5b-6091b380977d','fe930be7-5e62-47db-91af-98c3a49a38b1']);\r\nlet high = dynamic(['cf1c38e5-3621-4004-a7cb-879624dced7c','7495fdc4-34c4-4d15-a289-98788ce399fd','aaf43236-0c0d-4d5f-883a-6955382ac081','3edaf663-341e-4475-9f94-5c398ef6c070','7698a772-787b-4ac8-901f-60d6b08affd2','b1be1c3e-b65d-4f19-8427-f6fa0d97feb9','9f06204d-73c1-4d4c-880a-6edb90606fd8','29232cdf-9323-42fd-ade2-1d097af3e4de','be2f45a1-457d-42af-a067-6ec1fa63bc45','7be44c8a-adaf-4e2a-84d6-ab2649e08a13','e8611ab8-c189-46e8-94e1-60213ab1f814']);\r\nAuditLogs\r\n| where OperationName == \"Update user\"\r\n| mv-expand AdditionalDetails\r\n| mv-expand TargetResources\r\n| where AdditionalDetails.key == \"UserPrincipalName\"\r\n| mv-expand TargetResources\r\n| extend RoleId = tostring(TargetResources.modifiedProperties[0].newValue)\r\n| extend RoleName = tostring(TargetResources.modifiedProperties[1].newValue)\r\n| where RoleId in (critical,high)\r\n| where isnotempty(RoleId) or isnotempty(RoleName)\r\n| extend TargetId = tostring(TargetResources.id)\r\n| extend Target = iff(tostring(TargetResources.userPrincipalName) has \"#EXT#\",replace(\"_\",\"@\",tostring(split(TargetResources.userPrincipalName, \"#\")[0])),TargetResources.userPrincipalName),tostring(TargetResources.userPrincipalName)\r\n| join kind=inner ( BehaviorAnalytics\r\n) on $left._ItemId == $right.SourceRecordId\r\n| where UsersInsights.BlastRadius == \"High\" or ActivityInsights has \"True\"\r\n| extend UserPrincipalName = iff(UserPrincipalName has \"#EXT#\",replace(\"_\",\"@\",tostring(split(UserPrincipalName, \"#\")[0])),UserPrincipalName),\r\nUserName = iff(UserName has \"#EXT#\",replace(\"_\",\"@\",tostring(split(UserPrincipalName, \"#\")[0])),UserName) \r\n| project TimeGenerated, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\"TargetUser\"]=Target,RoleName,ActivityInsights ,SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| summarize count() by UserPrincipalName\r\n| sort by count_ desc\r\n| limit 100", + "size": 0, + "showAnalytics": true, + "title": "Anomalous AAD Account Manipulation", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "IPAddress", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "uninitialized", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "blue" + } + } + ] + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results53", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results53", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "//Critical Roles: can impersonate any user or app, can update passwords for users or service principals (if the role can let a user update passwords for privileged users, if an attacker compromises this user then attacker can update passwords for privileged users hence gaining more privileges so users with this role are equally critical)\r\n//High Roles: Administrators that can manage all aspects or permissions of important products but can't update credentials and impersonate another user/app\r\nlet critical = dynamic(['9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3','c4e39bd9-1100-46d3-8c65-fb160da0071f','158c047a-c907-4556-b7ef-446551a6b5f7','62e90394-69f5-4237-9190-012177145e10','d29b2b05-8046-44ba-8758-1e26182fcf32','729827e3-9c14-49f7-bb1b-9608f156bbb8','966707d0-3269-4727-9be2-8c3a10f19b9d','194ae4cb-b126-40b2-bd5b-6091b380977d','fe930be7-5e62-47db-91af-98c3a49a38b1']);\r\nlet high = dynamic(['cf1c38e5-3621-4004-a7cb-879624dced7c','7495fdc4-34c4-4d15-a289-98788ce399fd','aaf43236-0c0d-4d5f-883a-6955382ac081','3edaf663-341e-4475-9f94-5c398ef6c070','7698a772-787b-4ac8-901f-60d6b08affd2','b1be1c3e-b65d-4f19-8427-f6fa0d97feb9','9f06204d-73c1-4d4c-880a-6edb90606fd8','29232cdf-9323-42fd-ade2-1d097af3e4de','be2f45a1-457d-42af-a067-6ec1fa63bc45','7be44c8a-adaf-4e2a-84d6-ab2649e08a13','e8611ab8-c189-46e8-94e1-60213ab1f814']);\r\nAuditLogs\r\n| where OperationName == \"Add user\"\r\n| mv-expand AdditionalDetails\r\n| mv-expand TargetResources\r\n| where AdditionalDetails.key == \"UserPrincipalName\"\r\n| mv-expand TargetResources\r\n| extend RoleId = tostring(TargetResources.modifiedProperties[0].newValue)\r\n| extend RoleName = tostring(TargetResources.modifiedProperties[1].newValue)\r\n| where RoleId in (critical,high)\r\n| where isnotempty(RoleId) or isnotempty(RoleName)\r\n| extend TargetId = tostring(TargetResources.id)\r\n| extend Target = iff(tostring(TargetResources.userPrincipalName) has \"#EXT#\",replace(\"_\",\"@\",tostring(split(TargetResources.userPrincipalName, \"#\")[0])),TargetResources.userPrincipalName),tostring(TargetResources.userPrincipalName)\r\n| join kind=inner ( BehaviorAnalytics\r\n) on $left._ItemId == $right.SourceRecordId\r\n| where UsersInsights.BlastRadius == \"High\" or ActivityInsights has \"True\"\r\n| extend UserPrincipalName = iff(UserPrincipalName has \"#EXT#\",replace(\"_\",\"@\",tostring(split(UserPrincipalName, \"#\")[0])),UserPrincipalName),\r\nUserName = iff(UserName has \"#EXT#\",replace(\"_\",\"@\",tostring(split(UserPrincipalName, \"#\")[0])),UserName) \r\n| project TimeGenerated, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\"TargetUser\"]=Target,RoleName,ActivityInsights ,SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| summarize count() by UserPrincipalName\r\n| sort by count_ desc\r\n| limit 100", + "size": 0, + "showAnalytics": true, + "title": "Anomalous Account Creation", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "IPAddress", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "uninitialized", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "blue" + } + } + ] + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results54", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results54", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let critical = dynamic(['9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3','c4e39bd9-1100-46d3-8c65-fb160da0071f','158c047a-c907-4556-b7ef-446551a6b5f7','62e90394-69f5-4237-9190-012177145e10','d29b2b05-8046-44ba-8758-1e26182fcf32','729827e3-9c14-49f7-bb1b-9608f156bbb8','966707d0-3269-4727-9be2-8c3a10f19b9d','194ae4cb-b126-40b2-bd5b-6091b380977d','fe930be7-5e62-47db-91af-98c3a49a38b1']);\r\nlet high = dynamic(['cf1c38e5-3621-4004-a7cb-879624dced7c','7495fdc4-34c4-4d15-a289-98788ce399fd','aaf43236-0c0d-4d5f-883a-6955382ac081','3edaf663-341e-4475-9f94-5c398ef6c070','7698a772-787b-4ac8-901f-60d6b08affd2','b1be1c3e-b65d-4f19-8427-f6fa0d97feb9','9f06204d-73c1-4d4c-880a-6edb90606fd8','29232cdf-9323-42fd-ade2-1d097af3e4de','be2f45a1-457d-42af-a067-6ec1fa63bc45','7be44c8a-adaf-4e2a-84d6-ab2649e08a13','e8611ab8-c189-46e8-94e1-60213ab1f814']);\r\nAuditLogs\r\n| where OperationName == \"Add member to role\"\r\n| mv-expand TargetResources\r\n| extend RoleId = tostring(TargetResources.modifiedProperties[0].newValue)\r\n| extend RoleName = tostring(TargetResources.modifiedProperties[1].newValue)\r\n| where RoleId in (critical,high)\r\n| extend TargetId = tostring(TargetResources.id)\r\n| extend Target = tostring(TargetResources.userPrincipalName)\r\n| where isnotempty(RoleId) or isnotempty(RoleName)\r\n| join kind=inner ( BehaviorAnalytics\r\n) on $left._ItemId == $right.SourceRecordId\r\n| where UsersInsights.BlasrRadius == \"High\" or ActivityInsights has \"True\"\r\n| project TimeGenerated, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\"TargetUser\"]=Target,RoleName,ActivityInsights ,SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| summarize count() by UserPrincipalName\r\n| sort by count_ desc\r\n| limit 100", + "size": 0, + "showAnalytics": true, + "title": "Anomalous Role Assignment", + "timeContextFromParameter": "TimeRange", + "showRefreshButton": true, + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "IPAddress", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "uninitialized", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "blue" + } + } + ] + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results55", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results55", + "styleSettings": { + "maxWidth": "50" + } + } + ] + }, + "conditionalVisibility": { + "parameterName": "isUEBAVisible", + "comparison": "isEqualTo", + "value": "true" + }, + "name": "Entity Insights" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "2a891328-fdea-48e1-9363-99fc0ac0468c", + "version": "KqlParameterItem/1.0", + "name": "Results80", + "type": 1, + "query": "OfficeActivity\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where Operation contains \"file\"\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "0", + "name": "Results80", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "3a9f9b6b-8bd2-462a-840f-58d00dc9a937", + "version": "KqlParameterItem/1.0", + "name": "Results81", + "type": 1, + "query": "let startTime = {TimeRange:grain}; // Adjust as needed\r\nOfficeActivity\r\n| where TimeGenerated >= startTime\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where EventSource == \"SharePoint\" and OfficeWorkload has_any(\"SharePoint\", \"OneDrive\") and Operation has_any (\"FileDownloaded\", \"FileSyncDownloadedFull\", \"FileSyncUploadedFull\", \"FileUploaded\")\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "0", + "name": "Results81", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "ebc6e154-835c-4dc9-9142-e84e21a723e3", + "version": "KqlParameterItem/1.0", + "name": "Results83", + "type": 1, + "query": "OfficeActivity\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where ExternalAccess <> \"True\"\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "0", + "name": "Results83", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "0d5b45d1-3217-43e6-affd-56b73e7d3560", + "version": "KqlParameterItem/1.0", + "name": "Results85", + "type": 1, + "query": "let starttime = {TimeRange:grain};\r\nlet endtime = 1d;\r\nlet historicalActivity=\r\n OfficeActivity\r\n | where TimeGenerated between(ago(starttime)..ago(endtime))\r\n | where RecordType == \"ExchangeAdmin\" and UserType in (\"Admin\", \"DcAdmin\")\r\n | summarize historicalCount=count() by UserId;\r\nlet recentActivity = OfficeActivity\r\n | where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n | where TimeGenerated > ago(endtime)\r\n | where UserType in (\"Admin\", \"DcAdmin\")\r\n | summarize recentCount=count() by UserId;\r\nrecentActivity\r\n| join kind = leftanti (\r\n historicalActivity\r\n )\r\n on UserId\r\n| project UserId, recentCount\r\n| order by recentCount asc, UserId\r\n| join kind = rightsemi \r\n (OfficeActivity \r\n | where TimeGenerated >= ago(endtime) \r\n | where RecordType == \"ExchangeAdmin\"\r\n | where UserType in (\"Admin\", \"DcAdmin\")) \r\n on UserId\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "0", + "name": "Results85", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "fd74a8c1-4044-49f4-82de-b2653dc51d7c", + "version": "KqlParameterItem/1.0", + "name": "Results86", + "type": 1, + "query": "let starttime = {TimeRange:grain};\r\nlet endtime = 1d;\r\nlet historicalActivity=\r\n OfficeActivity\r\n | where RecordType == \"SharePointFileOperation\"\r\n | where Operation in (\"FileDownloaded\", \"FileUploaded\")\r\n | where TimeGenerated between(ago(starttime)..ago(endtime))\r\n | summarize historicalCount=count() by ClientIP;\r\nlet recentActivity = OfficeActivity\r\n | where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n | where RecordType == \"SharePointFileOperation\"\r\n | where Operation in (\"FileDownloaded\", \"FileUploaded\")\r\n | where TimeGenerated > ago(endtime);\r\nrecentActivity\r\n| join kind= leftanti (\r\n historicalActivity \r\n )\r\n on ClientIP \r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "0", + "name": "Results86", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "b5149369-531f-4db9-b16d-ae6af2af2ce6", + "version": "KqlParameterItem/1.0", + "name": "Results87", + "type": 1, + "query": "let starttime = {TimeRange:grain};\r\nlet endtime = 1d;\r\nlet historicalActivity=\r\n OfficeActivity\r\n | where RecordType == \"SharePointFileOperation\"\r\n | where Operation in (\"FileDownloaded\", \"FileUploaded\")\r\n | where TimeGenerated between(ago(starttime)..ago(endtime))\r\n | summarize historicalCount=count() by UserAgent, RecordType;\r\nlet recentActivity = OfficeActivity\r\n | where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n | where RecordType == \"SharePointFileOperation\"\r\n | where Operation in (\"FileDownloaded\", \"FileUploaded\")\r\n | where TimeGenerated > ago(endtime);\r\nrecentActivity\r\n| join kind = leftanti (\r\n historicalActivity \r\n )\r\n on UserAgent, RecordType\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "0", + "name": "Results87", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "64a696b7-19fc-4cd6-a0fb-6b8d943868dc", + "version": "KqlParameterItem/1.0", + "name": "Results88", + "type": 1, + "query": "OfficeActivity\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where Operation == \"MailboxLogin\" and Logon_Type != \"Owner\" \r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "0", + "name": "Results88", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "57c00f66-6a47-4179-be44-c07b1f0f7ff1", + "version": "KqlParameterItem/1.0", + "name": "Results89", + "type": 1, + "query": "OfficeActivity\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where Operation == \"MailboxLogin\"\r\n| where ClientInfoString == \"Client=Microsoft.Exchange.Powershell; Microsoft WinRM Client\"\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "0", + "name": "Results89", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "a6eb5e71-9e0f-46f7-891c-11ac8b8f03cd", + "version": "KqlParameterItem/1.0", + "name": "Results90", + "type": 1, + "query": "// Adjust this value to change how many Teams should be deleted before including\r\nlet max_delete = 3;\r\nlet deleting_users = (\r\n OfficeActivity\r\n | where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n | where OfficeWorkload =~ \"MicrosoftTeams\"\r\n | where Operation =~ \"TeamDeleted\"\r\n | summarize count() by UserId\r\n | where count_ > max_delete\r\n | project UserId);\r\nOfficeActivity\r\n| where OfficeWorkload =~ \"MicrosoftTeams\"\r\n| where Operation =~ \"TeamDeleted\"\r\n| where UserId in (deleting_users)\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "0", + "name": "Results90", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "c9283cec-012f-4e89-917b-4ebfea0d4c9c", + "version": "KqlParameterItem/1.0", + "name": "Results91", + "type": 1, + "query": "let threshold = 1m;\r\nOfficeActivity\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where OfficeWorkload =~ \"MicrosoftTeams\"\r\n| where Operation == \"MemberAdded\"\r\n| extend TeamName = iff(isempty(TeamName), Members[0].UPN, TeamName)\r\n| project TimeGenerated, UserId, UploaderID=UserId, TeamName\r\n| join (\r\n OfficeActivity\r\n | where RecordType == \"SharePointFileOperation\"\r\n | where SourceRelativeUrl has \"Microsoft Teams Chat Files\"\r\n | where Operation == \"FileUploaded\"\r\n | project UserId, UploadTime=TimeGenerated, UploaderID=UserId, FileLocation=OfficeObjectId, FileName=SourceFileName\r\n )\r\n on UploaderID\r\n| where UploadTime > TimeGenerated and UploadTime < TimeGenerated + threshold\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "0", + "name": "Results91", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "045e5099-2b58-4af1-8525-5620752bed66", + "version": "KqlParameterItem/1.0", + "name": "Results92", + "type": 1, + "query": "let known_ext = dynamic([\"lnk\", \"log\", \"option\", \"config\", \"manifest\", \"partial\"]);\r\nlet excluded_users = dynamic([\"app@sharepoint\"]);\r\nOfficeActivity\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where RecordType =~ \"SharePointFileOperation\" and isnotempty(SourceFileName)\r\n| where OfficeObjectId has \".exe.\" and SourceFileExtension !in~ (known_ext)\r\n| extend Extension = extract(\"[^.]*.[^.]*$\", 0, OfficeObjectId)\r\n| join kind= leftouter ( \r\n OfficeActivity\r\n | where RecordType =~ \"SharePointFileOperation\" and (Operation =~ \"FileDownloaded\" or Operation =~ \"FileAccessed\") \r\n | where SourceFileExtension !in~ (known_ext)\r\n )\r\n on OfficeObjectId \r\n| where UserId1 !in~ (excluded_users)\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "0", + "name": "Results92", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "fb33950d-7f2b-4304-b688-9cb0e103f6dc", + "version": "KqlParameterItem/1.0", + "name": "Results93", + "type": 1, + "query": "OfficeActivity\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where OfficeWorkload == \"Exchange\"\r\n| where Operation in~ (\"New-TransportRule\", \"Set-TransportRule\")\r\n| extend p = parse_json(Parameters)\r\n| extend RuleName = case(\r\n Operation =~ \"Set-TransportRule\", tostring(OfficeObjectId),\r\n Operation =~ \"New-TransportRule\", tostring(p[1].Value),\r\n \"Unknown\"\r\n ) \r\n| mvexpand p\r\n| where (p.Name =~ \"BlindCopyTo\" or p.Name =~ \"RedirectMessageTo\") and isnotempty(p.Value)\r\n| extend RedirectTo = p.Value\r\n| extend ClientIPOnly = case( \r\n ClientIP has \".\" and ClientIP has \":\", tostring(split(ClientIP, \":\")[0]), \r\n ClientIP has \".\" and ClientIP has \"-\", tostring(split(ClientIP, \"-\")[0]), \r\n ClientIP has \"[\", tostring(trim_start(@'[[]', tostring(split(ClientIP, \"]\")[0]))),\r\n ClientIP\r\n ) \r\n| extend Port = case(\r\n ClientIP has \".\" and ClientIP has \":\", (split(ClientIP, \":\")[1]),\r\n ClientIP has \".\" and ClientIP has \"-\", (split(ClientIP, \"-\")[1]),\r\n ClientIP has \"[\" and ClientIP has \":\", tostring(split(ClientIP, \"]:\")[1]),\r\n ClientIP has \"[\" and ClientIP has \"-\", tostring(split(ClientIP, \"]-\")[1]),\r\n ClientIP\r\n )\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "0", + "name": "Results93", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "dc33037c-0615-4f66-98b8-35e450068f1e", + "version": "KqlParameterItem/1.0", + "name": "Results94", + "type": 1, + "query": "// a threshold can be enabled, see commented line below for PrevSeenCount\r\nlet threshold = 1;\r\n// Reserved FileNames/Extension for Windows\r\nlet Reserved = dynamic(['CON', 'PRN', 'AUX', 'NUL', 'COM1', 'COM2', 'COM3', 'COM4', 'COM5', 'COM6', 'COM7', 'COM8', 'COM9', 'LPT1', 'LPT2', 'LPT3', 'LPT4', 'LPT5', 'LPT6', 'LPT7', 'LPT8', 'LPT9']);\r\nlet starttime = {TimeRange:grain};\r\nlet endtime = 1d;\r\nOfficeActivity\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where TimeGenerated >= ago(endtime)\r\n| where isnotempty(SourceFileExtension)\r\n| where SourceFileName !~ SourceFileExtension\r\n| where SourceFileExtension in~ (Reserved) or SourceFileName in~ (Reserved)\r\n| where UserAgent !has \"Mac OS\" \r\n| project TimeGenerated, OfficeId, OfficeWorkload, RecordType, Operation, UserType, UserKey, UserId, ClientIP, UserAgent, Site_Url, SourceRelativeUrl, SourceFileName, SourceFileExtension \r\n| join kind= leftanti (\r\n OfficeActivity\r\n | where TimeGenerated between (ago(starttime)..ago(endtime))\r\n | where isnotempty(SourceFileExtension)\r\n | where SourceFileName !~ SourceFileExtension\r\n | where SourceFileExtension in~ (Reserved) or SourceFileName in~ (Reserved)\r\n | where UserAgent !has \"Mac OS\" \r\n | summarize SourceRelativeUrl = make_set(SourceRelativeUrl), UserId = make_set(UserId), SourceFileName = make_set(SourceFileName), PrevSeenCount = count() by SourceFileExtension\r\n // To exclude previous matches when only above a specific count, change threshold above and uncomment the line below\r\n //| where PrevSeenCount > threshold\r\n | mvexpand SourceRelativeUrl, UserId, SourceFileName\r\n | extend SourceRelativeUrl = tostring(SourceRelativeUrl), UserId = tostring(UserId), SourceFileName = tostring(SourceFileName)\r\n )\r\n on SourceFileExtension\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "0", + "name": "Results94", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "3d9de6bf-6bf9-42dd-9ed5-9e03ee5e48af", + "version": "KqlParameterItem/1.0", + "name": "Results95", + "type": 1, + "query": "OfficeActivity\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where (Operation =~ \"Set-Mailbox\" and Parameters contains 'ForwardingSmtpAddress') \r\n or (Operation =~ 'New-InboxRule' and Parameters contains 'ForwardTo')\r\n| extend parsed=parse_json(Parameters)\r\n| extend fwdingDestination_initial = (iif(Operation =~ \"Set-Mailbox\", tostring(parsed[1].Value), tostring(parsed[2].Value)))\r\n| where isnotempty(fwdingDestination_initial)\r\n| extend fwdingDestination = iff(fwdingDestination_initial has \"smtp\", (split(fwdingDestination_initial, \":\")[1]), fwdingDestination_initial)\r\n| parse fwdingDestination with * '@' ForwardedtoDomain \r\n| parse UserId with *'@' UserDomain\r\n| extend subDomain = ((split(strcat(tostring(split(UserDomain, '.')[-2]), '.', tostring(split(UserDomain, '.')[-1])), '.')[0]))\r\n| where ForwardedtoDomain !contains subDomain\r\n| extend Result = iff(ForwardedtoDomain != UserDomain, \"Mailbox rule created to forward to External Domain\", \"Forward rule for Internal domain\")\r\n| extend ClientIPAddress = case(ClientIP has \".\", tostring(split(ClientIP, \":\")[0]), ClientIP has \"[\", tostring(trim_start(@'[[]', tostring(split(ClientIP, \"]\")[0]))), ClientIP)\r\n| extend Port = case(\r\n ClientIP has \".\", (split(ClientIP, \":\")[1]),\r\n ClientIP has \"[\", tostring(split(ClientIP, \"]:\")[1]),\r\n ClientIP\r\n )\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "0", + "name": "Results95", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "e3a6793b-d24b-4e69-922a-6bce21138d10", + "version": "KqlParameterItem/1.0", + "name": "Results98", + "type": 1, + "query": "// Adjust this value to change how many teams a user is made owner of before detecting\r\nlet max_owner_count = 3;\r\n// Change this value to adjust how larger timeframe the query is run over.\r\nlet high_owner_count = (OfficeActivity\r\n | where OfficeWorkload =~ \"MicrosoftTeams\"\r\n | where Operation =~ \"MemberRoleChanged\"\r\n | extend Member = tostring(parse_json(Members)[0].UPN) \r\n | extend NewRole = toint(parse_json(Members)[0].Role) \r\n | where NewRole == 2\r\n | summarize dcount(TeamName) by Member\r\n | where dcount_TeamName > max_owner_count\r\n | project Member);\r\nOfficeActivity\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where OfficeWorkload =~ \"MicrosoftTeams\"\r\n| where Operation =~ \"MemberRoleChanged\"\r\n| extend Member = tostring(parse_json(Members)[0].UPN) \r\n| extend NewRole = toint(parse_json(Members)[0].Role) \r\n| where NewRole == 2\r\n| where Member in (high_owner_count)\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "0", + "name": "Results98", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "982af542-16a2-429f-9414-2de706b1daf8", + "version": "KqlParameterItem/1.0", + "name": "Results99", + "type": 1, + "query": "OfficeActivity\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where UserType in~ (\"Admin\",\"DcAdmin\") \r\n// Only admin or global-admin can disable audit logging\r\n| where Operation =~ \"Set-AdminAuditLogConfig\" \r\n| extend AdminAuditLogEnabledValue = tostring(parse_json(tostring(parse_json(tostring(array_slice(parse_json(Parameters),3,3)))[0])).Value)\r\n| where AdminAuditLogEnabledValue =~ \"False\" \r\n| summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated), OperationCount = count() by Operation, UserType, UserId, ClientIP, ResultStatus, Parameters, AdminAuditLogEnabledValue\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "0", + "name": "Results99", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "c385b319-e2bb-48de-ac7b-2456aa884b60", + "version": "KqlParameterItem/1.0", + "name": "Results100", + "type": 1, + "query": "//Add Keywords for Emails as needed\r\nlet Keywords = dynamic([\"helpdesk\", \" alert\", \" suspicious\", \"fake\", \"malicious\", \"phishing\", \"spam\", \"do not click\", \"do not open\", \"hijacked\", \"Fatal\"]);\r\nOfficeActivity\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where Operation =~ \"New-InboxRule\"\r\n| where Parameters has \"Deleted Items\" or Parameters has \"Junk Email\" \r\n| extend Events=todynamic(Parameters)\r\n| parse Events with * \"SubjectContainsWords\" SubjectContainsWords '}'*\r\n| parse Events with * \"BodyContainsWords\" BodyContainsWords '}'*\r\n| parse Events with * \"SubjectOrBodyContainsWords\" SubjectOrBodyContainsWords '}'*\r\n| where SubjectContainsWords has_any (Keywords)\r\n or BodyContainsWords has_any (Keywords)\r\n or SubjectOrBodyContainsWords has_any (Keywords)\r\n| extend ClientIPAddress = case( ClientIP has \".\", tostring(split(ClientIP,\":\")[0]), ClientIP has \"[\", tostring(trim_start(@'[[]',tostring(split(ClientIP,\"]\")[0]))), ClientIP )\r\n| extend Keyword = iff(isnotempty(SubjectContainsWords), SubjectContainsWords, (iff(isnotempty(BodyContainsWords),BodyContainsWords,SubjectOrBodyContainsWords )))\r\n| extend RuleDetail = case(OfficeObjectId contains '/' , tostring(split(OfficeObjectId, '/')[-1]) , tostring(split(OfficeObjectId, '\\\\')[-1]))\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "10", + "name": "Results100" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "776847fb-789e-45e6-a314-7cfed84e4f03", + "version": "KqlParameterItem/1.0", + "name": "Results101", + "type": 1, + "query": "let opList = OfficeActivity \r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| summarize by Operation\r\n//| where Operation startswith \"Remove-\" or Operation startswith \"Disable-\"\r\n| where Operation has_any (\"Remove\", \"Disable\")\r\n| where Operation contains \"AntiPhish\" or Operation contains \"SafeAttachment\" or Operation contains \"SafeLinks\" or Operation contains \"Dlp\" or Operation contains \"Audit\"\r\n| summarize make_set(Operation);\r\nOfficeActivity\r\n// Only admin or global-admin can disable/remove policy\r\n| where RecordType =~ \"ExchangeAdmin\"\r\n| where UserType in~ (\"Admin\",\"DcAdmin\")\r\n// Pass in interesting Operation list\r\n| where Operation in~ (opList)\r\n| extend ClientIPOnly = case( \r\nClientIP has \".\", tostring(split(ClientIP,\":\")[0]), \r\nClientIP has \"[\", tostring(trim_start(@'[[]',tostring(split(ClientIP,\"]\")[0]))),\r\nClientIP\r\n) \r\n| extend Port = case(\r\nClientIP has \".\", (split(ClientIP,\":\")[1]),\r\nClientIP has \"[\", tostring(split(ClientIP,\"]:\")[1]),\r\nClientIP\r\n)\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "25", + "name": "Results101", + "styleSettings": { + "maxWidth": "25" + } + }, + { + "type": 1, + "content": { + "json": "# 📂 [Microsoft 365 Activity](https://docs.microsoft.com/azure/sentinel/connect-microsoft-365-defender)\n---\n\nThis section monitors **user and administrator activities across Microsoft 365 services** such as Exchange, SharePoint, OneDrive, and Teams. It supports GDPR obligations for **integrity and confidentiality of personal data (Art. 5(1)(f))**, **records of processing activities (Art. 30)**, and **security of processing (Art. 32)** by ensuring that access and modifications to personal data are visible, traceable, and appropriately controlled. \n\nKey objectives of this section: \n- Track **file activity actions** to identify how sensitive data is being accessed, shared, or modified \n- Detect **risky behaviors** such as external sharing, non-owner mailbox access, or unusual PowerShell sign-ins \n- Monitor for **policy tampering, malicious inbox rules, and Exchange audit log changes** that could undermine data protection \n- Identify **unusual user behaviors in Teams and SharePoint**, including mass deletions, uploads, or operations from previously unseen devices or IPs \n- Provide auditors with detailed evidence of **user actions, administrative changes, and protections applied to personal data** \n\nBy analyzing these metrics, analysts can validate that **personal data within Microsoft 365 is accessed and processed lawfully**, and that the organization maintains robust monitoring to detect misuse or unauthorized disclosures.\n" + }, + "customWidth": "40", + "name": "text - 2" + }, + { + "type": 1, + "content": { + "json": "" + }, + "customWidth": "10", + "name": "text - 56" + }, + { + "type": 1, + "content": { + "json": "| Microsoft 365 Activity | - | - | \r\n|:--| :--| :--|\r\n| File Activity Actions | File Activity Actions over Time | Most Frequently Accessed Files |\r\n| File Transfer Activity by User Over Time | File activity by external users | Previously Unseen Exchange Admin Operations (Last 1 Day) |\r\n| SharePoint File Operations by Users from Previously Unseen IPs | SharePointFileOperation via Devices with Previously Unseen User Agents |Non-Owner Mailbox Login Activity |\r\n| PowerShell or Non-Browser Mailbox Sign-In Activity | Multiple Teams Deleted by a Single User | User Added to Team and Immediately Uploads File |\r\n|Executable with Double File Extension and Acces Summary |Mail Redirect via Exchange Transport Rules | Email Forwarding|\r\n| User Added as Owner of Multiple Teams | Exchange Audit Log Disabled | Malicious Inbox Rule: Removing Helpdesk/Security Warning Emails|\r\n|Office Policy Tampering |Windows Reserved Filenames Staged on Office File Services|\r\n\r\nPanels in this section are dynamically rendered based on the selected Subscription, Workspace, Time range and User. Only panels with data are shown.\r\n" + }, + "customWidth": "40", + "name": "SI OV" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "OfficeActivity\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where Operation contains \"file\"\r\n| extend Path = OfficeObjectId\r\n| summarize count() by UserId, Operation\r\n| sort by count_ desc\r\n| limit 100", + "size": 0, + "showAnalytics": true, + "title": "File Activity Actions", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "uninitialized", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 4, + "formatOptions": { + "palette": "blue" + } + }, + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "city_", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "state_", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true + }, + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results80", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results80", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "OfficeActivity\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where Operation contains \"file\"\r\n| extend Path = OfficeObjectId\r\n| make-series count() default=0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step 1d by Operation\r\n| render timechart\r\n", + "size": 0, + "showAnalytics": true, + "title": "File Activity Actions over Time", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "city_", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "state_", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "blue" + } + } + ] + }, + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results80", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results80b", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "OfficeActivity\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where Operation contains \"file\"\r\n| summarize count() by UserId, SourceFileName, SourceFileExtension, OfficeObjectId \r\n| sort by count_ desc\r\n| limit 100", + "size": 1, + "showAnalytics": true, + "title": "Most Frequently Accessed Files", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "SourceFileName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "info", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeObjectId", + "formatter": 7, + "formatOptions": { + "linkTarget": "Url" + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "blue" + } + }, + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "city_", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "state_", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true + }, + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results80", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results80d", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let startTime = {TimeRange:grain}; // Adjust as needed\r\nOfficeActivity\r\n| where TimeGenerated >= startTime\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where EventSource == \"SharePoint\" and OfficeWorkload has_any(\"SharePoint\", \"OneDrive\") and Operation has_any (\"FileDownloaded\", \"FileSyncDownloadedFull\", \"FileSyncUploadedFull\", \"FileUploaded\")\r\n| summarize UploadedFiles = count() by bin(TimeGenerated, 1h), UserId\r\n| order by TimeGenerated asc\r\n| render timechart\r\n", + "size": 0, + "title": "File Transfer Activity by User Over Time", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results81", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "query - 47", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "OfficeActivity\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where ExternalAccess == \"True\"\r\n| summarize count() by UserId\r\n| sort by count_ desc\r\n| limit 100", + "size": 0, + "showAnalytics": true, + "title": "File activity by external users", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 4, + "formatOptions": { + "palette": "blue" + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeWorkload", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true + }, + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results83", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results83", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let starttime = {TimeRange:grain};\r\nlet endtime = 1d;\r\nlet historicalActivity=\r\n OfficeActivity\r\n | where TimeGenerated between(ago(starttime)..ago(endtime))\r\n | where RecordType == \"ExchangeAdmin\" \r\n | summarize historicalCount=count() by UserId;\r\nlet recentActivity = OfficeActivity\r\n | where UserId in ({UserPrincipalName})\r\n | where TimeGenerated > ago(endtime)\r\n | summarize recentCount=count() by UserId;\r\nrecentActivity\r\n| join kind = leftanti (\r\n historicalActivity\r\n )\r\n on UserId\r\n| project UserId, recentCount\r\n| order by recentCount asc, UserId\r\n| join kind = rightsemi \r\n (OfficeActivity \r\n | where TimeGenerated >= ago(endtime) \r\n | where RecordType == \"ExchangeAdmin\")\r\n on UserId\r\n| summarize StartTime = max(TimeGenerated), EndTime = min(TimeGenerated), count() by RecordType, Operation, UserType, UserId, OriginatingServer, ResultStatus\r\n| sort by count_ desc\r\n| take 100", + "size": 0, + "showAnalytics": true, + "title": "Previously Unseen Exchange Admin Operations (Last 1 Day)", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "redBright" + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeWorkload", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true + }, + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results85", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results85", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let starttime = {TimeRange:grain};\r\nlet endtime = 1d;\r\nlet historicalActivity=\r\n OfficeActivity\r\n | where RecordType == \"SharePointFileOperation\"\r\n | where Operation in (\"FileDownloaded\", \"FileUploaded\")\r\n | where TimeGenerated between(ago(starttime)..ago(endtime))\r\n | summarize historicalCount=count() by ClientIP;\r\nlet recentActivity = OfficeActivity\r\n | where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n | where RecordType == \"SharePointFileOperation\"\r\n | where Operation in (\"FileDownloaded\", \"FileUploaded\")\r\n | where TimeGenerated > ago(endtime);\r\nrecentActivity\r\n| join kind= leftanti (\r\n historicalActivity \r\n )\r\n on ClientIP \r\n| summarize count() by UserId, ClientIP\r\n| sort by count_ desc\r\n| take 100", + "size": 0, + "showAnalytics": true, + "title": "SharePoint File Operations by Users from Previously Unseen IPs", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "redBright" + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeWorkload", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true + }, + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results86", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results86", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let starttime = {TimeRange:grain};\r\nlet endtime = 1d;\r\nlet historicalActivity=\r\n OfficeActivity\r\n | where RecordType == \"SharePointFileOperation\"\r\n | where Operation in (\"FileDownloaded\", \"FileUploaded\")\r\n | where TimeGenerated between(ago(starttime)..ago(endtime))\r\n | summarize historicalCount=count() by UserAgent, RecordType;\r\nlet recentActivity = OfficeActivity\r\n | where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n | where RecordType == \"SharePointFileOperation\"\r\n | where Operation in (\"FileDownloaded\", \"FileUploaded\")\r\n | where TimeGenerated > ago(endtime);\r\nrecentActivity\r\n| join kind = leftanti (\r\n historicalActivity \r\n )\r\n on UserAgent, RecordType\r\n| summarize count() by UserId, UserAgent, RecordType\r\n| sort by count_ desc\r\n| take 100", + "size": 0, + "showAnalytics": true, + "title": "SharePointFileOperation via Devices with Previously Unseen User Agents", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "redBright" + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeWorkload", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true + }, + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results87", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results87", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "OfficeActivity\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where Operation == \"MailboxLogin\" and Logon_Type != \"Owner\" \r\n| summarize count() by UserId\r\n| sort by count_ desc\r\n| take 100", + "size": 0, + "showAnalytics": true, + "title": "Non-Owner Mailbox Login Activity", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "redBright" + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeWorkload", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + } + ] + }, + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results88", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results88", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "OfficeActivity\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where Operation == \"MailboxLogin\"\r\n| where ClientInfoString == \"Client=Microsoft.Exchange.Powershell; Microsoft WinRM Client\"\r\n| summarize count() by UserId\r\n| sort by count_ desc\r\n| take 100", + "size": 0, + "showAnalytics": true, + "title": "PowerShell or Non-Browser Mailbox Sign-In Activity", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "redBright" + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeWorkload", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + } + ] + }, + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results89", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results89", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "// Adjust this value to change how many Teams should be deleted before including\r\nlet max_delete = 3;\r\nlet deleting_users = (\r\n OfficeActivity\r\n | where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n | where OfficeWorkload =~ \"MicrosoftTeams\"\r\n | where Operation =~ \"TeamDeleted\"\r\n | summarize count() by UserId\r\n | where count_ > max_delete\r\n | project UserId);\r\nOfficeActivity\r\n| where OfficeWorkload =~ \"MicrosoftTeams\"\r\n| where Operation =~ \"TeamDeleted\"\r\n| where UserId in (deleting_users)\r\n| summarize count() by UserId\r\n| sort by count_ desc\r\n| take 100", + "size": 0, + "showAnalytics": true, + "title": "Multiple Teams Deleted by a Single User", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "redBright" + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeWorkload", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + } + ] + }, + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results90", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results90", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let threshold = 1m;\r\nOfficeActivity\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where OfficeWorkload =~ \"MicrosoftTeams\"\r\n| where Operation == \"MemberAdded\"\r\n| extend TeamName = iff(isempty(TeamName), Members[0].UPN, TeamName)\r\n| project TimeGenerated, UserId, UploaderID=UserId, TeamName\r\n| join (\r\n OfficeActivity\r\n | where RecordType == \"SharePointFileOperation\"\r\n | where SourceRelativeUrl has \"Microsoft Teams Chat Files\"\r\n | where Operation == \"FileUploaded\"\r\n | project UserId, UploadTime=TimeGenerated, UploaderID=UserId, FileLocation=OfficeObjectId, FileName=SourceFileName\r\n )\r\n on UploaderID\r\n| where UploadTime > TimeGenerated and UploadTime < TimeGenerated + threshold\r\n| summarize count() by UserId\r\n| sort by count_ desc\r\n| take 100", + "size": 0, + "showAnalytics": true, + "title": "User Added to Team and Immediately Uploads File", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "redBright" + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeWorkload", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + } + ] + }, + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results91", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results91", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let known_ext = dynamic([\"lnk\", \"log\", \"option\", \"config\", \"manifest\", \"partial\"]);\r\nlet excluded_users = dynamic([\"app@sharepoint\"]);\r\nOfficeActivity\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where RecordType =~ \"SharePointFileOperation\" and isnotempty(SourceFileName)\r\n| where OfficeObjectId has \".exe.\" and SourceFileExtension !in~ (known_ext)\r\n| extend Extension = extract(\"[^.]*.[^.]*$\", 0, OfficeObjectId)\r\n| join kind= leftouter ( \r\n OfficeActivity\r\n | where RecordType =~ \"SharePointFileOperation\" and (Operation =~ \"FileDownloaded\" or Operation =~ \"FileAccessed\") \r\n | where SourceFileExtension !in~ (known_ext)\r\n )\r\n on OfficeObjectId \r\n| where UserId1 !in~ (excluded_users)\r\n| extend userBag = pack(UserId1, ClientIP1) \r\n| summarize makeset(UserId1), make_bag(userBag), Start=max(TimeGenerated), End=min(TimeGenerated) by UserId, OfficeObjectId, SourceFileName, Extension \r\n| extend NumberOfUsers = array_length(bag_keys(bag_userBag))\r\n| project UploadTime=Start, Uploader=UserId, FileLocation=OfficeObjectId, FileName=SourceFileName, AccessedBy=bag_userBag, Extension, NumberOfUsers\r\n| extend timestamp = UploadTime, Uploader", + "size": 0, + "showAnalytics": true, + "title": "Executable with Double File Extension and Acces Summary", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "redBright" + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeWorkload", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + } + ] + }, + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results92", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results92", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "OfficeActivity\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where OfficeWorkload == \"Exchange\"\r\n| where Operation in~ (\"New-TransportRule\", \"Set-TransportRule\")\r\n| extend p = parse_json(Parameters)\r\n| extend RuleName = case(\r\n Operation =~ \"Set-TransportRule\", tostring(OfficeObjectId),\r\n Operation =~ \"New-TransportRule\", tostring(p[1].Value),\r\n \"Unknown\"\r\n ) \r\n| mvexpand p\r\n| where (p.Name =~ \"BlindCopyTo\" or p.Name =~ \"RedirectMessageTo\") and isnotempty(p.Value)\r\n| extend RedirectTo = p.Value\r\n| extend ClientIPOnly = case( \r\n ClientIP has \".\" and ClientIP has \":\", tostring(split(ClientIP, \":\")[0]), \r\n ClientIP has \".\" and ClientIP has \"-\", tostring(split(ClientIP, \"-\")[0]), \r\n ClientIP has \"[\", tostring(trim_start(@'[[]', tostring(split(ClientIP, \"]\")[0]))),\r\n ClientIP\r\n ) \r\n| extend Port = case(\r\n ClientIP has \".\" and ClientIP has \":\", (split(ClientIP, \":\")[1]),\r\n ClientIP has \".\" and ClientIP has \"-\", (split(ClientIP, \"-\")[1]),\r\n ClientIP has \"[\" and ClientIP has \":\", tostring(split(ClientIP, \"]:\")[1]),\r\n ClientIP has \"[\" and ClientIP has \"-\", tostring(split(ClientIP, \"]-\")[1]),\r\n ClientIP\r\n )\r\n| summarize count() by UserId\r\n| sort by count_ desc\r\n", + "size": 0, + "showAnalytics": true, + "title": "Mail Redirect via Exchange Transport Rules", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 4, + "formatOptions": { + "palette": "redBright" + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeWorkload", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true + }, + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results93", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results93", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "// a threshold can be enabled, see commented line below for PrevSeenCount\r\nlet threshold = 1;\r\n// Reserved FileNames/Extension for Windows\r\nlet Reserved = dynamic(['CON', 'PRN', 'AUX', 'NUL', 'COM1', 'COM2', 'COM3', 'COM4', 'COM5', 'COM6', 'COM7', 'COM8', 'COM9', 'LPT1', 'LPT2', 'LPT3', 'LPT4', 'LPT5', 'LPT6', 'LPT7', 'LPT8', 'LPT9']);\r\nlet starttime = {TimeRange:grain};\r\nlet endtime = 1d;\r\nOfficeActivity\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where TimeGenerated >= ago(endtime)\r\n| where isnotempty(SourceFileExtension)\r\n| where SourceFileName !~ SourceFileExtension\r\n| where SourceFileExtension in~ (Reserved) or SourceFileName in~ (Reserved)\r\n| where UserAgent !has \"Mac OS\" \r\n| project TimeGenerated, OfficeId, OfficeWorkload, RecordType, Operation, UserType, UserKey, UserId, ClientIP, UserAgent, Site_Url, SourceRelativeUrl, SourceFileName, SourceFileExtension \r\n| join kind= leftanti (\r\n OfficeActivity\r\n | where TimeGenerated between (ago(starttime)..ago(endtime))\r\n | where isnotempty(SourceFileExtension)\r\n | where SourceFileName !~ SourceFileExtension\r\n | where SourceFileExtension in~ (Reserved) or SourceFileName in~ (Reserved)\r\n | where UserAgent !has \"Mac OS\" \r\n | summarize SourceRelativeUrl = make_set(SourceRelativeUrl), UserId = make_set(UserId), SourceFileName = make_set(SourceFileName), PrevSeenCount = count() by SourceFileExtension\r\n // To exclude previous matches when only above a specific count, change threshold above and uncomment the line below\r\n //| where PrevSeenCount > threshold\r\n | mvexpand SourceRelativeUrl, UserId, SourceFileName\r\n | extend SourceRelativeUrl = tostring(SourceRelativeUrl), UserId = tostring(UserId), SourceFileName = tostring(SourceFileName)\r\n )\r\n on SourceFileExtension\r\n| extend SiteUrlUserFolder = tolower(split(Site_Url, '/')[-2])\r\n| extend UserIdUserFolderFormat = tolower(replace('@|\\\\.', '_', UserId))\r\n// identify when UserId is not a match to the specific site url personal folder reference\r\n| extend UserIdDiffThanUserFolder = iff(Site_Url has '/personal/' and SiteUrlUserFolder != UserIdUserFolderFormat, true, false) \r\n| summarize TimeGenerated = make_list(TimeGenerated), StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), Operations = make_list(Operation), UserAgents = make_list(UserAgent), \r\n OfficeIds = make_list(OfficeId), SourceRelativeUrls = make_list(SourceRelativeUrl), FileNames = make_list(SourceFileName)\r\n by OfficeWorkload, RecordType, UserType, UserKey, UserId, ClientIP, Site_Url, SourceFileExtension, SiteUrlUserFolder, UserIdUserFolderFormat, UserIdDiffThanUserFolder", + "size": 0, + "showAnalytics": true, + "title": "Windows Reserved Filenames Staged on Office File Services", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "redBright" + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeWorkload", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + } + ] + }, + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results94", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results94", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "OfficeActivity\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where (Operation contains 'Forward') \r\n or (Parameters contains 'ForwardTo')\r\n| extend parsed=parse_json(Parameters)\r\n| extend fwdingDestination_initial = (iif(Operation =~ \"Set-Mailbox\", tostring(parsed[1].Value), tostring(parsed[2].Value)))\r\n| where isnotempty(fwdingDestination_initial)\r\n| extend fwdingDestination = iff(fwdingDestination_initial has \"smtp\", (split(fwdingDestination_initial, \":\")[1]), fwdingDestination_initial)\r\n| parse fwdingDestination with * '@' ForwardedtoDomain \r\n| parse UserId with *'@' UserDomain\r\n| extend subDomain = ((split(strcat(tostring(split(UserDomain, '.')[-2]), '.', tostring(split(UserDomain, '.')[-1])), '.')[0]))\r\n| where ForwardedtoDomain !contains subDomain\r\n| extend Result = iff(ForwardedtoDomain != UserDomain, \"Mailbox rule created to forward to External Domain\", \"Forward rule for Internal domain\")\r\n| extend ClientIPAddress = case(ClientIP has \".\", tostring(split(ClientIP, \":\")[0]), ClientIP has \"[\", tostring(trim_start(@'[[]', tostring(split(ClientIP, \"]\")[0]))), ClientIP)\r\n| extend Port = case(\r\n ClientIP has \".\", (split(ClientIP, \":\")[1]),\r\n ClientIP has \"[\", tostring(split(ClientIP, \"]:\")[1]),\r\n ClientIP\r\n )\r\n| summarize count() by UserId, fwdingDestination, TimeGenerated\r\n| sort by TimeGenerated desc\r\n| limit 100", + "size": 0, + "showAnalytics": true, + "title": "Email Forwarding", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "fwdingDestination", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "warning", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "orange" + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeWorkload", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true + }, + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results95", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results95", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "// Adjust this value to change how many teams a user is made owner of before detecting\r\nlet max_owner_count = 3;\r\n// Change this value to adjust how larger timeframe the query is run over.\r\nlet high_owner_count = (OfficeActivity\r\n | where OfficeWorkload =~ \"MicrosoftTeams\"\r\n | where Operation =~ \"MemberRoleChanged\"\r\n | extend Member = tostring(parse_json(Members)[0].UPN) \r\n | extend NewRole = toint(parse_json(Members)[0].Role) \r\n | where NewRole == 2\r\n | summarize dcount(TeamName) by Member\r\n | where dcount_TeamName > max_owner_count\r\n | project Member);\r\nOfficeActivity\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where OfficeWorkload =~ \"MicrosoftTeams\"\r\n| where Operation =~ \"MemberRoleChanged\"\r\n| extend Member = tostring(parse_json(Members)[0].UPN) \r\n| extend NewRole = toint(parse_json(Members)[0].Role) \r\n| where NewRole == 2\r\n| where Member in (high_owner_count)\r\n| summarize count() by UserId\r\n| sort by count_ desc", + "size": 0, + "showAnalytics": true, + "title": "User Added as Owner of Multiple Teams", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "redBright" + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeWorkload", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + } + ] + }, + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results98", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results98", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "OfficeActivity\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where UserType in~ (\"Admin\",\"DcAdmin\") \r\n// Only admin or global-admin can disable audit logging\r\n| where Operation =~ \"Set-AdminAuditLogConfig\" \r\n| extend AdminAuditLogEnabledValue = tostring(parse_json(tostring(parse_json(tostring(array_slice(parse_json(Parameters),3,3)))[0])).Value)\r\n| where AdminAuditLogEnabledValue =~ \"False\" \r\n| summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated), OperationCount = count() by Operation, UserType, UserId, ClientIP, ResultStatus, Parameters, AdminAuditLogEnabledValue\r\n| summarize count() by UserId\r\n| sort by count_ desc", + "size": 0, + "showAnalytics": true, + "title": "Exchange Audit Log Disabled", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "redBright" + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeWorkload", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + } + ] + }, + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results99", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results99", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "//Add Keywords for Emails as needed\r\nlet Keywords = dynamic([\"helpdesk\", \" alert\", \" suspicious\", \"fake\", \"malicious\", \"phishing\", \"spam\", \"do not click\", \"do not open\", \"hijacked\", \"Fatal\"]);\r\nOfficeActivity\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| where Operation =~ \"New-InboxRule\"\r\n| where Parameters has \"Deleted Items\" or Parameters has \"Junk Email\" \r\n| extend Events=todynamic(Parameters)\r\n| parse Events with * \"SubjectContainsWords\" SubjectContainsWords '}'*\r\n| parse Events with * \"BodyContainsWords\" BodyContainsWords '}'*\r\n| parse Events with * \"SubjectOrBodyContainsWords\" SubjectOrBodyContainsWords '}'*\r\n| where SubjectContainsWords has_any (Keywords)\r\n or BodyContainsWords has_any (Keywords)\r\n or SubjectOrBodyContainsWords has_any (Keywords)\r\n| extend ClientIPAddress = case( ClientIP has \".\", tostring(split(ClientIP,\":\")[0]), ClientIP has \"[\", tostring(trim_start(@'[[]',tostring(split(ClientIP,\"]\")[0]))), ClientIP )\r\n| extend Keyword = iff(isnotempty(SubjectContainsWords), SubjectContainsWords, (iff(isnotempty(BodyContainsWords),BodyContainsWords,SubjectOrBodyContainsWords )))\r\n| extend RuleDetail = case(OfficeObjectId contains '/' , tostring(split(OfficeObjectId, '/')[-1]) , tostring(split(OfficeObjectId, '\\\\')[-1]))\r\n| summarize count() by UserId\r\n| sort by count_ desc", + "size": 0, + "showAnalytics": true, + "title": "Malicious Inbox Rule: Removing Helpdesk/Security Warning Emails", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "redBright" + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeWorkload", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + } + ] + }, + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results100", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results100", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let opList = OfficeActivity \r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| summarize by Operation\r\n//| where Operation startswith \"Remove-\" or Operation startswith \"Disable-\"\r\n| where Operation has_any (\"Remove\", \"Disable\")\r\n| where Operation contains \"AntiPhish\" or Operation contains \"SafeAttachment\" or Operation contains \"SafeLinks\" or Operation contains \"Dlp\" or Operation contains \"Audit\"\r\n| summarize make_set(Operation);\r\nOfficeActivity\r\n// Only admin or global-admin can disable/remove policy\r\n| where RecordType =~ \"ExchangeAdmin\"\r\n| where UserType in~ (\"Admin\",\"DcAdmin\")\r\n// Pass in interesting Operation list\r\n| where Operation in~ (opList)\r\n| extend ClientIPOnly = case( \r\nClientIP has \".\", tostring(split(ClientIP,\":\")[0]), \r\nClientIP has \"[\", tostring(trim_start(@'[[]',tostring(split(ClientIP,\"]\")[0]))),\r\nClientIP\r\n) \r\n| extend Port = case(\r\nClientIP has \".\", (split(ClientIP,\":\")[1]),\r\nClientIP has \"[\", tostring(split(ClientIP,\"]:\")[1]),\r\nClientIP\r\n)\r\n| summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated), OperationCount = count() by Operation, UserType, UserId, ClientIP = ClientIPOnly, Port, ResultStatus, Parameters\r\n| summarize count() by UserId\r\n| sort by count_ desc", + "size": 0, + "showAnalytics": true, + "title": "Office Policy Tampering", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "redBright" + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeWorkload", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + } + ] + }, + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results101", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results101", + "styleSettings": { + "maxWidth": "50" + } + } + ] + }, + "conditionalVisibility": { + "parameterName": "isM365ActivityVisible", + "comparison": "isEqualTo", + "value": "true" + }, + "name": "Office Activity Group" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "7afa304d-b448-4d6c-8c54-69e51a7249a9", + "version": "KqlParameterItem/1.0", + "name": "Results46", + "type": 1, + "query": "SigninLogs\r\n| where Location <> \"\"\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results46", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "e7de4575-c167-4818-8820-ec17513a02b2", + "version": "KqlParameterItem/1.0", + "name": "Results47", + "type": 1, + "query": "let nonInteractive = AADNonInteractiveUserSignInLogs\r\n| extend LocationDetails = parse_json(LocationDetails)\r\n| extend Status = parse_json(Status);\r\nlet data = \r\nunion SigninLogs,nonInteractive\r\n|extend errorCode = Status.errorCode\r\n|extend SigninStatus = case(errorCode == 0, \"Success\", errorCode == 50058, \"Pending user action\",errorCode == 50140, \"Pending user action\", errorCode == 51006, \"Pending user action\", errorCode == 50059, \"Pending user action\",errorCode == 65001, \"Pending user action\", errorCode == 52004, \"Pending user action\", errorCode == 50055, \"Pending user action\", errorCode == 50144, \"Pending user action\", errorCode == 50072, \"Pending user action\", errorCode == 50074, \"Pending user action\", errorCode == 16000, \"Pending user action\", errorCode == 16001, \"Pending user action\", errorCode == 16003, \"Pending user action\", errorCode == 50127, \"Pending user action\", errorCode == 50125, \"Pending user action\", errorCode == 50129, \"Pending user action\", errorCode == 50143, \"Pending user action\", errorCode == 81010, \"Pending user action\", errorCode == 81014, \"Pending user action\", errorCode == 81012 ,\"Pending user action\", \"Failure\");\r\ndata\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| where IsInteractive == true\r\n| summarize Count = count() by SigninStatus\r\n| join kind = fullouter (datatable(SigninStatus:string)['Success', 'Pending action (Interrupts)', 'Failure']) on SigninStatus\r\n| project SigninStatus = iff(SigninStatus == '', SigninStatus1, SigninStatus), Count = iff(SigninStatus == '', 0, Count)\r\n| join kind = inner (data\r\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by SigninStatus)\r\n on SigninStatus\r\n| project-away SigninStatus1, TimeGenerated\r\n| extend Status = SigninStatus\r\n| union (\r\n data \r\n | summarize Count = count()\r\n | extend jkey = 1\r\n | join kind=inner (data\r\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\r\n | extend jkey = 1) on jkey\r\n | extend SigninStatus = 'All Sign-ins', Status = '*' \r\n)\r\n| where SigninStatus <> \"All Sign-ins\"\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results47", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "e62c1567-e61e-4acd-9731-d6a2c59bf3a0", + "version": "KqlParameterItem/1.0", + "name": "Results48", + "type": 1, + "query": "SigninLogs\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| where ResultType == 0 and AppDisplayName != \"\"\r\n| summarize count() by AppDisplayName\r\n| join (\r\nSigninLogs\r\n| make-series TrendList = count() on TimeGenerated in range({TimeRange:start}, {TimeRange:end}, 4h) by AppDisplayName \r\n) on AppDisplayName\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results48", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "48559d4f-7025-4580-b316-2134c07b7ad7", + "version": "KqlParameterItem/1.0", + "name": "Results49", + "type": 1, + "query": "SigninLogs\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| where IsInteractive == true\r\n| extend city_ = tostring(LocationDetails.city)\r\n| extend state_ = tostring(LocationDetails.state)\r\n| where state_ <> \"\"\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results49", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "88a39c54-0e1f-4f7f-b7f7-a3e798a26b4e", + "version": "KqlParameterItem/1.0", + "name": "Results51", + "type": 1, + "query": "SigninLogs\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results51", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "08ed6d78-dbc0-4d10-84da-e37fae50ba4e", + "version": "KqlParameterItem/1.0", + "name": "Results52", + "type": 1, + "query": "SigninLogs\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| extend browser_ = tostring(DeviceDetail.browser)\r\n| extend operatingSystem_ = tostring(DeviceDetail.operatingSystem)\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results52", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "66899fa7-9a59-4fee-882c-3d182a726a49", + "version": "KqlParameterItem/1.0", + "name": "Results53", + "type": 1, + "query": "SigninLogs\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n// Forces Log Analytics to recognize that the query should be run over full time range\r\n| extend locationString= strcat(tostring(LocationDetails[\"countryOrRegion\"]), \"/\", \r\n tostring(LocationDetails[\"state\"]), \"/\", tostring(LocationDetails[\"city\"]), \";\") \r\n| project TimeGenerated, AppDisplayName, UserPrincipalName, locationString \r\n// Create time series \r\n| make-series dLocationCount = dcount(locationString)\r\n on TimeGenerated\r\n step 1d\r\n by UserPrincipalName, AppDisplayName \r\n// Compute best fit line for each entry \r\n| extend (RSquare, Slope, Variance, RVariance, Interception, LineFit) = series_fit_line(dLocationCount) \r\n// Chart the 3 most interesting lines \r\n// A 0-value slope corresponds to an account being completely stable over time for a given Azure Active Directory application\r\n| where UserPrincipalName in ({UserPrincipalName})\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results53", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "82dfffd6-7e78-4412-a69b-5d3d096a4e94", + "version": "KqlParameterItem/1.0", + "name": "Results54", + "type": 1, + "query": "SigninLogs\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n// 50126 - Invalid username or password, or invalid on-premises username or password.\r\n// 50020? - The user doesn't exist in the tenant.\r\n| where ResultType in (\"50126\", \"50020\")\r\n| extend OS = DeviceDetail.operatingSystem, Browser = DeviceDetail.browser\r\n| extend StatusCode = tostring(Status.errorCode), StatusDetails = tostring(Status.additionalDetails)\r\n| extend State = tostring(LocationDetails.state), City = tostring(LocationDetails.city)\r\n| summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), IPAddresses = makeset(IPAddress), DistinctIPCount = dcount(IPAddress), \r\n makeset(OS), makeset(Browser), makeset(City), AttemptCount = count() \r\n by UserDisplayName, UserPrincipalName, AppDisplayName, ResultType, ResultDescription, StatusCode, StatusDetails, Location, State\r\n| where UserPrincipalName in ({UserPrincipalName})\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results54", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "3b974333-5ea4-4a64-9067-0d206e3d91fd", + "version": "KqlParameterItem/1.0", + "name": "Results55", + "type": 1, + "query": "let failureCountThreshold = 5;\r\nlet successCountThreshold = 1;\r\nlet authenticationWindow = 20m;\r\nlet aadFunc = (tableName: string) {\r\n table(tableName)\r\n | where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n | extend DeviceDetail = todynamic(DeviceDetail), Status = todynamic(DeviceDetail), LocationDetails = todynamic(LocationDetails)\r\n | extend OS = DeviceDetail.operatingSystem, Browser = DeviceDetail.browser\r\n | extend StatusCode = tostring(Status.errorCode), StatusDetails = tostring(Status.additionalDetails)\r\n | extend State = tostring(LocationDetails.state), City = tostring(LocationDetails.city), Region = tostring(LocationDetails.countryOrRegion)\r\n // Split out failure versus non-failure types\r\n | extend FailureOrSuccess = iff(ResultType in (\"0\", \"50125\", \"50140\", \"70043\", \"70044\"), \"Success\", \"Failure\")\r\n | summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), IPAddress = make_set(IPAddress), make_set(OS), make_set(Browser), make_set(City),\r\n make_set(State), make_set(Region), make_set(ResultType), FailureCount = countif(FailureOrSuccess == \"Failure\"), SuccessCount = countif(FailureOrSuccess == \"Success\") \r\n by bin(TimeGenerated, authenticationWindow), UserDisplayName, UserPrincipalName, AppDisplayName, Type\r\n | where FailureCount >= failureCountThreshold and SuccessCount >= successCountThreshold\r\n | mvexpand IPAddress\r\n | extend IPAddress = tostring(IPAddress)\r\n };\r\nlet aadSignin = aadFunc(\"SigninLogs\");\r\nlet aadNonInt = aadFunc(\"AADNonInteractiveUserSignInLogs\");\r\nunion isfuzzy=true aadSignin, aadNonInt\r\n| where UserPrincipalName in ({UserPrincipalName})\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results55", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "6ae59cc4-9e9a-4392-b946-89e77025f3b3", + "version": "KqlParameterItem/1.0", + "name": "Results56", + "type": 1, + "query": "let timeFrame = {TimeRange:grain};\r\nlet logonDiff = 1m;\r\nlet Success = SigninLogs \r\n | where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n | where TimeGenerated >= timeFrame \r\n | where ResultType == \"0\" \r\n | where AppDisplayName !in (\"Office 365 Exchange Online\", \"Skype for Business Online\", \"Office 365 SharePoint Online\")\r\n | project SuccessLogonTime = TimeGenerated, UserPrincipalName, IPAddress, SuccessAppDisplayName = AppDisplayName;\r\nlet Fail = SigninLogs \r\n | where TimeGenerated >= timeFrame \r\n | where ResultType !in (\"0\", \"50140\") \r\n | where ResultDescription !~ \"Other\" \r\n | where AppDisplayName !in (\"Office 365 Exchange Online\", \"Skype for Business Online\", \"Office 365 SharePoint Online\")\r\n | project FailedLogonTime = TimeGenerated, UserPrincipalName, IPAddress, FailedAppDisplayName = AppDisplayName, ResultType, ResultDescription;\r\nlet InitialDataSet = \r\n Success\r\n | join kind= inner (\r\n Fail\r\n )\r\n on UserPrincipalName, IPAddress \r\n | where isnotempty(FailedAppDisplayName)\r\n | where SuccessLogonTime < FailedLogonTime and FailedLogonTime - SuccessLogonTime <= logonDiff and SuccessAppDisplayName != FailedAppDisplayName;\r\nlet InitialHits = \r\n InitialDataSet\r\n | summarize FailedLogonTime = min(FailedLogonTime), SuccessLogonTime = min(SuccessLogonTime) \r\n by UserPrincipalName, SuccessAppDisplayName, FailedAppDisplayName, IPAddress, ResultType, ResultDescription;\r\n// Only take hits where there is 5 or less distinct AppDisplayNames on the success side as this limits highly active applications where failures occur more regularly\r\nlet Distribution =\r\n InitialDataSet\r\n | summarize count(SuccessAppDisplayName) by SuccessAppDisplayName, ResultType\r\n | where count_SuccessAppDisplayName <= 5;\r\nInitialHits\r\n| join (\r\n Distribution \r\n )\r\n on SuccessAppDisplayName, ResultType\r\n| project UserPrincipalName, SuccessLogonTime, IPAddress, SuccessAppDisplayName, FailedLogonTime, FailedAppDisplayName, ResultType, ResultDescription \r\n| where UserPrincipalName in ({UserPrincipalName})\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "0", + "name": "Results56", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "b297d67a-c87f-469d-b50a-df226179f729", + "version": "KqlParameterItem/1.0", + "name": "Results57", + "type": 1, + "query": "let signIns = SigninLogs\r\n | where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n | extend locationString= strcat(tostring(LocationDetails[\"countryOrRegion\"]), \"/\",\r\n tostring(LocationDetails[\"state\"]), \"/\", tostring(LocationDetails[\"city\"]))\r\n | where locationString != \"//\" \r\n // filter out signins associated with top 100 signin locations \r\n | join kind=anti (\r\n SigninLogs\r\n | extend locationString= strcat(tostring(LocationDetails[\"countryOrRegion\"]), \"/\", \r\n tostring(LocationDetails[\"state\"]), \"/\", tostring(LocationDetails[\"city\"]))\r\n | where locationString != \"//\"\r\n | summarize count() by locationString\r\n | order by count_ desc\r\n | take 100)\r\n on locationString; // TODO - make this threshold percentage-based\r\n// We will perform a time window join to identify signins from multiple locations within a 10-minute period\r\nlet lookupWindow = 10m;\r\nlet lookupBin = lookupWindow / 2.0; // lookup bin = equal to 1/2 of the lookup window\r\nsignIns \r\n| project-rename Start=TimeGenerated \r\n| extend TimeKey = bin(Start, lookupBin)\r\n| join kind = inner (\r\n signIns \r\n | project-rename End=TimeGenerated, EndLocationString=locationString \r\n // TimeKey on the right side of the join - emulates this authentication appearing several times\r\n | extend TimeKey = range(bin(End - lookupWindow, lookupBin),\r\n bin(End, lookupBin), lookupBin)\r\n | mvexpand TimeKey to typeof(datetime) // translate TimeKey arrange range to a column\r\n )\r\n on Identity, TimeKey\r\n| where End > Start\r\n| project timeSpan = End - Start, Identity, locationString, EndLocationString, tostring(Start), tostring(End), UserPrincipalName\r\n| where locationString != EndLocationString\r\n| summarize by timeSpan, Identity, locationString, EndLocationString, Start, End, UserPrincipalName\r\n| where UserPrincipalName in ({UserPrincipalName})\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results57", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "909d0019-23cb-43ad-8285-9f1dca1cd1be", + "version": "KqlParameterItem/1.0", + "name": "Results58", + "type": 1, + "query": "let IP_Data = (externaldata(network: string)\r\n [@\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/VPS_Networks.csv\"] with (format=\"csv\"));\r\nSigninLogs\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| where ResultType == 0\r\n| extend additionalDetails = tostring(Status.additionalDetails)\r\n| evaluate ipv4_lookup(IP_Data, IPAddress, network, return_unmatched = false)\r\n| summarize make_set(additionalDetails), min(TimeGenerated), max(TimeGenerated) by IPAddress, UserPrincipalName\r\n// Uncomment the remaining lines to only see logons from VPS providers with token only logons.\r\n//| where array_length(set_additionalDetails) == 2\r\n//| where (set_additionalDetails[1] == \"MFA requirement satisfied by claim in the token\" and set_additionalDetails[0] == \"MFA requirement satisfied by claim provided by external provider\") or (set_additionalDetails[0] == \"MFA requirement satisfied by claim in the token\" and set_additionalDetails[1] == \"MFA requirement satisfied by claim provided by external provider\")\r\n| where UserPrincipalName in ({UserPrincipalName})\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "20", + "name": "Results58", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "parameters": [ + { + "id": "d345cda2-03ae-4e98-a859-60e04b4f3750", + "version": "KqlParameterItem/1.0", + "name": "blankspace", + "type": 1, + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + } + } + ], + "style": "pills", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "50", + "name": "parameters - 27" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "# [Sign-Ins (Entra ID)](https://docs.microsoft.com/azure/active-directory/reports-monitoring/concept-sign-ins)\n---\n\nThis section provides visibility into **user authentication events and access patterns**, supporting GDPR requirements for **integrity and confidentiality of personal data (Art. 5(1)(f))** and **security of processing (Art. 32)**. Monitoring sign-ins helps ensure that only authorized individuals access systems processing personal data, and that suspicious authentication activity is detected quickly. \n\nKey objectives of this section: \n- Track **sign-ins by geolocation and over time** to spot unusual or high-risk access locations \n- Monitor **failed sign-in attempts and brute-force activity** to identify potential account compromise \n- Detect **anomalous patterns** such as cross-application anomalies, sign-in bursts, or VPN-based logins \n- Review **application and client usage trends** to confirm that personal data is accessed only through approved channels \n- Provide auditors with evidence of **access control enforcement and monitoring** \n\nBy analyzing these metrics, analysts can verify that **access to personal data is properly secured**, and that the enterprise maintains the ability to **detect, investigate, and remediate suspicious sign-in activity** in line with GDPR obligations.\n\n\n\n" + }, + "name": "text - 2" + } + ] + }, + "customWidth": "40", + "name": "group - 32" + }, + { + "type": 1, + "content": { + "json": "" + }, + "customWidth": "10", + "name": "text - 29" + }, + { + "type": 1, + "content": { + "json": "| Sign-Ins (Entra ID) | - | - |\r\n|:--| :--| :--| \r\n| Sign-Ins by Geolocation | Authentication Details | Sign-In Locations Over Time |\r\n| Sign-Ins Count By Application Name | Applications Access Count By Users | Client Application Count by Users |\r\n| Anomalous Sign-in & App Access | Entra ID Failed Sign-in Attempts | Entra ID Brute Force Sign-in Attempts |\r\n|Cross-App Sign-in Anomaly (Success then Failure) | Sign-In Burst From Multiple Locations | Sign-in From VPN |\r\n\r\nPanels in this section are dynamically rendered based on the selected Subscription, Workspace, Time range and User. Only panels with data are shown." + }, + "customWidth": "40", + "name": "SI OV" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "SigninLogs\r\n| where Location <> \"\"\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| extend latitude_ = tostring(parse_json(tostring(LocationDetails.geoCoordinates)).latitude)\r\n| extend longitude_ = tostring(parse_json(tostring(LocationDetails.geoCoordinates)).longitude)\r\n| extend city_ = tostring(LocationDetails.city)\r\n| project latitude_,longitude_,city_", + "size": 3, + "showAnalytics": true, + "title": "Sign-Ins by Geolocation", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "visualization": "map", + "mapSettings": { + "locInfo": "LatLong", + "locInfoColumn": "Location", + "latitude": "latitude_", + "longitude": "longitude_", + "sizeSettings": "city_", + "sizeAggregation": "Count", + "labelSettings": "city_", + "legendMetric": "city_", + "numberOfMetrics": 100, + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "state_", + "colorAggregation": "Count", + "type": "heatmap", + "heatmapPalette": "coldHot" + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results46", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results46" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let nonInteractive = AADNonInteractiveUserSignInLogs\r\n| extend LocationDetails = parse_json(LocationDetails)\r\n| extend Status = parse_json(Status);\r\nlet data = \r\nunion SigninLogs,nonInteractive\r\n|extend errorCode = toint(Status.errorCode)\r\n| extend SigninStatus = case(\r\n errorCode == 0, \"Success\",\r\n errorCode in (50055,50058,50072,50074,50125,50127,50129,50140,50143,50144,51006,52004,65001,16000,16001,16003,81010,81012,81014), \"Pending user action\",\r\n \"Failure\"\r\n);\r\ndata\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| where IsInteractive == true\r\n| summarize Count = count() by SigninStatus\r\n| join kind = fullouter (datatable(SigninStatus:string)['Success', 'Pending action (Interrupts)', 'Failure']) on SigninStatus\r\n| project SigninStatus = iff(SigninStatus == '', SigninStatus1, SigninStatus), Count = iff(SigninStatus == '', 0, Count)\r\n| join kind = inner (data\r\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by SigninStatus)\r\n on SigninStatus\r\n| project-away SigninStatus1, TimeGenerated\r\n| extend Status = SigninStatus\r\n| union (\r\n data \r\n | summarize Count = count()\r\n | extend jkey = 1\r\n | join kind=inner (data\r\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\r\n | extend jkey = 1) on jkey\r\n | extend SigninStatus = 'All Sign-ins', Status = '*' \r\n)\r\n| where SigninStatus <> \"All Sign-ins\"\r\n", + "size": 0, + "showAnalytics": true, + "title": "Authentication Details", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "visualization": "tiles", + "gridSettings": { + "formatters": [ + { + "columnMatch": "User", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "info", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "Activities", + "formatter": 8, + "formatOptions": { + "palette": "blue" + } + } + ] + }, + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "LatLong", + "locInfoColumn": "Location", + "latitude": "latitude_", + "longitude": "longitude_", + "sizeSettings": "city_", + "sizeAggregation": "Count", + "labelSettings": "city_", + "legendMetric": "city_", + "numberOfMetrics": 100, + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "state_", + "colorAggregation": "Count", + "type": "heatmap", + "heatmapPalette": "coldHot" + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results47", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results47" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "SigninLogs\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| where IsInteractive == true\r\n| extend city_ = tostring(LocationDetails.city)\r\n| extend state_ = tostring(LocationDetails.state)\r\n| where state_ <> \"\"\r\n| make-series count() default=0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step 1d by state_\r\n| render timechart", + "size": 0, + "showAnalytics": true, + "title": "Sign-In Locations Over Time", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "city_", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "state_", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "blue" + } + } + ] + }, + "tileSettings": { + "titleContent": { + "columnMatch": "SigninStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "blue" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Trend", + "formatter": 9, + "formatOptions": { + "palette": "green" + } + }, + "showBorder": false + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "conditionalVisibility": { + "parameterName": "Results49", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results49" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "SigninLogs\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| where ResultType == 0 and AppDisplayName != \"\"\r\n| summarize count() by AppDisplayName\r\n| join (\r\nSigninLogs\r\n| make-series TrendList = count() on TimeGenerated in range({TimeRange:start}, {TimeRange:end}, 4h) by AppDisplayName \r\n) on AppDisplayName\r\n| top 10 by count_ desc", + "size": 4, + "showAnalytics": true, + "title": "Sign-Ins Count By Application Name", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "visualization": "tiles", + "gridSettings": { + "formatters": [ + { + "columnMatch": "User", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "info", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "Activities", + "formatter": 8, + "formatOptions": { + "palette": "blue" + } + } + ] + }, + "tileSettings": { + "titleContent": { + "columnMatch": "AppDisplayName", + "formatter": 1, + "formatOptions": { + "showIcon": true + } + }, + "leftContent": { + "columnMatch": "count_", + "formatter": 12, + "formatOptions": { + "palette": "auto", + "showIcon": true + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + }, + "secondaryContent": { + "columnMatch": "TrendList", + "formatter": 9, + "formatOptions": { + "showIcon": true + } + }, + "showBorder": false + }, + "graphSettings": { + "type": 0, + "topContent": { + "columnMatch": "AppDisplayName", + "formatter": 1 + }, + "centerContent": { + "columnMatch": "count_", + "formatter": 1, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + }, + "mapSettings": { + "locInfo": "LatLong", + "locInfoColumn": "Location", + "latitude": "latitude_", + "longitude": "longitude_", + "sizeSettings": "city_", + "sizeAggregation": "Count", + "labelSettings": "city_", + "legendMetric": "city_", + "numberOfMetrics": 100, + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "state_", + "colorAggregation": "Count", + "type": "heatmap", + "heatmapPalette": "coldHot" + } + } + }, + "conditionalVisibility": { + "parameterName": "Results48", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results48" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "SigninLogs\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| summarize Count=count() by UserPrincipalName, AppDisplayName\r\n| sort by Count desc\r\n| limit 250", + "size": 0, + "showAnalytics": true, + "title": "Applications Access Count By Users", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "AppDisplayName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "trendup", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "blue" + } + }, + { + "columnMatch": "IPAddress", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "uninitialized", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results51", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results51", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "SigninLogs\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| extend Browser = tostring(DeviceDetail.browser)\r\n| extend OperatingSystem = tostring(DeviceDetail.operatingSystem)\r\n| summarize Count=count() by UserPrincipalName, Browser, OperatingSystem\r\n| sort by Count desc\r\n| limit 250\r\n\r\n", + "size": 0, + "showAnalytics": true, + "title": "Client Application Count by Users", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "blue" + } + }, + { + "columnMatch": "UserAgent", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "1", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "ClientAppUsed", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "trenddown", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "AppDisplayName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "trendup", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "IPAddress", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "uninitialized", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results52", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results52", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "SigninLogs\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n// Forces Log Analytics to recognize that the query should be run over full time range\r\n| extend locationString= strcat(tostring(LocationDetails[\"countryOrRegion\"]), \"/\", \r\n tostring(LocationDetails[\"state\"]), \"/\", tostring(LocationDetails[\"city\"]), \";\") \r\n| project TimeGenerated, AppDisplayName, UserPrincipalName, locationString \r\n// Create time series \r\n| make-series dLocationCount = dcount(locationString)\r\n on TimeGenerated\r\n step 1d\r\n by UserPrincipalName, AppDisplayName \r\n// Compute best fit line for each entry \r\n| extend (RSquare, Slope, Variance, RVariance, Interception, LineFit) = series_fit_line(dLocationCount) \r\n// Filter for truly anomalous patterns:\r\n// - abs(Slope) > 0.5 → exclude stable users; keeps those with growing/shrinking location diversity\r\n// - Variance > 2 → exclude trivial fluctuations; ensures location counts are inconsistent\r\n// - RSquare > 0.5 → exclude poor fits; ensures the slope represents a real trend, not random noise\r\n| where abs(Slope) > 0.5 and Variance > 2 and RSquare > 0.5\r\n| project UserPrincipalName, AppDisplayName, Slope, Variance, RSquare\r\n| order by abs(Slope) desc\r\n| limit 50", + "size": 0, + "showAnalytics": true, + "title": "Anomalous Sign-in Location by User Account and Authenticating Application", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "orange" + } + }, + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeWorkload", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results53", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results53", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "SigninLogs\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n// 50126 - Invalid username or password, or invalid on-premises username or password.\r\n// 50020 - The user doesn't exist in the tenant.\r\n// 50076 → MFA required but not satisfied\r\n// 50053 → Account locked due to repeated sign-in attempts\r\n| where ResultType in (\"50126\", \"50020\", \"50076\", \"50053\")\r\n| summarize Count=count() by UserPrincipalName, AppDisplayName\r\n| sort by Count desc\r\n| limit 250", + "size": 0, + "showAnalytics": true, + "title": "Entra ID Failed Sign-in Attempts", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "orange" + } + }, + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeWorkload", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results54", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results54", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let failureCountThreshold = 5;\r\nlet successCountThreshold = 1;\r\nlet authenticationWindow = 20m;\r\nlet aadFunc = (tableName: string) {\r\n table(tableName)\r\n | where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n | extend DeviceDetail = todynamic(DeviceDetail), Status = todynamic(DeviceDetail), LocationDetails = todynamic(LocationDetails)\r\n | extend OS = DeviceDetail.operatingSystem, Browser = DeviceDetail.browser\r\n | extend StatusCode = tostring(Status.errorCode), StatusDetails = tostring(Status.additionalDetails)\r\n | extend State = tostring(LocationDetails.state), City = tostring(LocationDetails.city), Region = tostring(LocationDetails.countryOrRegion)\r\n // Split out failure versus non-failure types\r\n | extend FailureOrSuccess = iff(ResultType in (\"0\", \"50125\", \"50140\", \"70043\"), \"Success\", \"Failure\")\r\n | summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), IPAddress = make_set(IPAddress), make_set(OS), make_set(Browser), make_set(City),\r\n make_set(State), make_set(Region), make_set(ResultType), FailureCount = countif(FailureOrSuccess == \"Failure\"), SuccessCount = countif(FailureOrSuccess == \"Success\") \r\n by bin(TimeGenerated, authenticationWindow), UserDisplayName, UserPrincipalName, AppDisplayName, Type\r\n | where FailureCount >= failureCountThreshold and SuccessCount >= successCountThreshold\r\n | mvexpand IPAddress\r\n | extend IPAddress = tostring(IPAddress)\r\n };\r\nlet aadSignin = aadFunc(\"SigninLogs\");\r\nlet aadNonInt = aadFunc(\"AADNonInteractiveUserSignInLogs\");\r\nunion isfuzzy=true aadSignin, aadNonInt\r\n| summarize AttemptWindows = count(), TotalFailures = sum(FailureCount), TotalSuccesses = sum(SuccessCount) by UserPrincipalName, AppDisplayName\r\n| order by AttemptWindows desc\r\n| limit 250", + "size": 0, + "showAnalytics": true, + "title": "Entra ID Brute Force Sign-in Attempts", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "orange" + } + }, + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeWorkload", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results55", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results55", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let timeFrame = {TimeRange:grain};\r\nlet logonDiff = 1m;\r\nlet Success = SigninLogs \r\n | where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n | where TimeGenerated >= timeFrame \r\n | where ResultType == \"0\" \r\n | where AppDisplayName !in (\"Office 365 Exchange Online\", \"Skype for Business Online\", \"Office 365 SharePoint Online\")\r\n | project SuccessLogonTime = TimeGenerated, UserPrincipalName, IPAddress, SuccessAppDisplayName = AppDisplayName;\r\nlet Fail = SigninLogs \r\n | where TimeGenerated >= timeFrame \r\n | where ResultType !in (\"0\", \"50140\") \r\n | where ResultDescription !~ \"Other\" \r\n | where AppDisplayName !in (\"Office 365 Exchange Online\", \"Skype for Business Online\", \"Office 365 SharePoint Online\")\r\n | project FailedLogonTime = TimeGenerated, UserPrincipalName, IPAddress, FailedAppDisplayName = AppDisplayName, ResultType, ResultDescription;\r\nlet InitialDataSet = \r\n Success\r\n | join kind= inner (\r\n Fail\r\n )\r\n on UserPrincipalName, IPAddress \r\n | where isnotempty(FailedAppDisplayName)\r\n | where SuccessLogonTime < FailedLogonTime and FailedLogonTime - SuccessLogonTime <= logonDiff and SuccessAppDisplayName != FailedAppDisplayName;\r\nlet InitialHits = \r\n InitialDataSet\r\n | summarize FailedLogonTime = min(FailedLogonTime), SuccessLogonTime = min(SuccessLogonTime) \r\n by UserPrincipalName, SuccessAppDisplayName, FailedAppDisplayName, IPAddress, ResultType, ResultDescription;\r\n// Only take hits where there is 5 or less distinct AppDisplayNames on the success side as this limits highly active applications where failures occur more regularly\r\nlet Distribution =\r\n InitialDataSet\r\n | summarize count(SuccessAppDisplayName) by SuccessAppDisplayName, ResultType\r\n | where count_SuccessAppDisplayName <= 5;\r\nInitialHits\r\n| join (\r\n Distribution \r\n )\r\n on SuccessAppDisplayName, ResultType\r\n| project UserPrincipalName, SuccessLogonTime, IPAddress, SuccessAppDisplayName, FailedLogonTime, FailedAppDisplayName, ResultType, ResultDescription \r\n| where UserPrincipalName in ({UserPrincipalName})\r\n| summarize count() by UserPrincipalName, SuccessAppDisplayName, FailedAppDisplayName\r\n| sort by count_ desc\r\n| limit 250\r\n", + "size": 0, + "showAnalytics": true, + "title": "Cross-App Sign-in Anomaly (Success then Failure)", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "SuccessAppDisplayName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "success", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "FailedAppDisplayName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "failed", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "orange" + } + }, + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeWorkload", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results56", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results56", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let signIns = SigninLogs\r\n | where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n | extend locationString= strcat(tostring(LocationDetails[\"countryOrRegion\"]), \"/\",\r\n tostring(LocationDetails[\"state\"]), \"/\", tostring(LocationDetails[\"city\"]))\r\n | where locationString != \"//\" \r\n // filter out signins associated with top 100 signin locations \r\n | join kind=anti (\r\n SigninLogs\r\n | extend locationString= strcat(tostring(LocationDetails[\"countryOrRegion\"]), \"/\", \r\n tostring(LocationDetails[\"state\"]), \"/\", tostring(LocationDetails[\"city\"]))\r\n | where locationString != \"//\"\r\n | summarize count() by locationString\r\n | order by count_ desc\r\n | take 100)\r\n on locationString; // TODO - make this threshold percentage-based\r\n// We will perform a time window join to identify signins from multiple locations within a 10-minute period\r\nlet lookupWindow = 10m;\r\nlet lookupBin = lookupWindow / 2.0; // lookup bin = equal to 1/2 of the lookup window\r\nsignIns \r\n| project-rename Start=TimeGenerated \r\n| extend TimeKey = bin(Start, lookupBin)\r\n| join kind = inner (\r\n signIns \r\n | project-rename End=TimeGenerated, EndLocationString=locationString \r\n // TimeKey on the right side of the join - emulates this authentication appearing several times\r\n | extend TimeKey = range(bin(End - lookupWindow, lookupBin),\r\n bin(End, lookupBin), lookupBin)\r\n | mvexpand TimeKey to typeof(datetime) // translate TimeKey arrange range to a column\r\n )\r\n on Identity, TimeKey\r\n| where End > Start\r\n| project timeSpan = End - Start, Identity, locationString, EndLocationString, tostring(Start), tostring(End), UserPrincipalName\r\n| where locationString != EndLocationString\r\n| summarize by timeSpan, Identity, locationString, EndLocationString, Start, End, UserPrincipalName\r\n| where UserPrincipalName in ({UserPrincipalName})\r\n| summarize count() by UserPrincipalName, locationString, EndLocationString\r\n| sort by count_ desc\r\n| limit 250\r\n", + "size": 0, + "showAnalytics": true, + "title": "Sign-In Burst From Multiple Locations", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "orange" + } + }, + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeWorkload", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results57", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results57", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let IP_Data = (externaldata(network: string)\r\n [@\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/VPS_Networks.csv\"] with (format=\"csv\"));\r\nSigninLogs\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| where ResultType == 0\r\n| extend additionalDetails = tostring(Status.additionalDetails)\r\n| evaluate ipv4_lookup(IP_Data, IPAddress, network, return_unmatched = false)\r\n| summarize count() by UserPrincipalName, AppDisplayName, network\r\n| sort by count_ desc\r\n| limit 250", + "size": 0, + "showAnalytics": true, + "title": "Sign-Ins From VPNs", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "orange" + } + }, + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeWorkload", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Location", + "latitude": "SourceIPLocation", + "longitude": "SourceIPLocation", + "sizeSettings": "Location", + "sizeAggregation": "Count", + "legendMetric": "Location", + "legendAggregation": "Count", + "itemColorSettings": { + "nodeColorField": "Location", + "colorAggregation": "Count", + "type": "thresholds", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blueDark" + } + ] + } + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results58", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results58", + "styleSettings": { + "maxWidth": "50" + } + } + ] + }, + "conditionalVisibility": { + "parameterName": "isSignInsVisible", + "comparison": "isEqualTo", + "value": "true" + }, + "name": "Sign-Ins" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "title": "Audit Logs Group", + "items": [ + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "658caef7-b6e6-4d04-92be-b7ff5cc8910e", + "version": "KqlParameterItem/1.0", + "name": "Results103", + "type": 1, + "query": "let action = dynamic([\"change \", \"changed \", \"reset \"]);\r\nlet pWord = dynamic([\"password \", \"credentials \"]);\r\n(union isfuzzy=true\r\n (SecurityEvent\r\n | where EventID in (4723, 4724)\r\n | summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated), ResultDescriptions = makeset(Activity), ActionCount = count() by Resource = Computer, OperationName = strcat(\"TargetAccount: \", TargetUserName), UserId = Account, Type\r\n ),\r\n (AuditLogs\r\n | where OperationName has_any (pWord) and OperationName has_any (action)\r\n | extend InitiatedBy = tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName) \r\n | extend TargetUserPrincipalName = tostring(TargetResources[0].userPrincipalName) \r\n | where ResultDescription != \"None\" \r\n | summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated), ResultDescriptions = makeset(ResultDescription), CorrelationIds = makeset(CorrelationId), ActionCount = count() by OperationName = strcat(Category, \" - \", OperationName, \" - \", Result), Resource, UserId = TargetUserPrincipalName, Type\r\n | extend ResultDescriptions = tostring(ResultDescriptions)\r\n ),\r\n (OfficeActivity\r\n | where (ExtendedProperties has_any (pWord) or ModifiedProperties has_any (pWord)) and (ExtendedProperties has_any (action) or ModifiedProperties has_any (action))\r\n | extend ResultDescriptions = case(\r\n OfficeWorkload =~ \"AzureActiveDirectory\", tostring(ExtendedProperties),\r\n OfficeWorkload has_any (\"Exchange\", \"OneDrive\"), OfficeObjectId,\r\n RecordType) \r\n | summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated), ResultDescriptions = makeset(ResultDescriptions), ActionCount = count() by Resource = OfficeWorkload, OperationName = strcat(Operation, \" - \", ResultStatus), IPAddress = ClientIP, UserId, Type\r\n ),\r\n (Syslog\r\n | where SyslogMessage has_any (pWord) and SyslogMessage has_any (action)\r\n | summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated), ResultDescriptions = makeset(SyslogMessage), ActionCount = count() by Resource = HostName, OperationName = Facility, IPAddress = HostIP, ProcessName, Type\r\n ),\r\n (SigninLogs\r\n | where OperationName =~ \"Sign-in activity\" and ResultType has_any (\"50125\", \"50133\")\r\n | summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated), ResultDescriptions = makeset(ResultDescription), CorrelationIds = makeset(CorrelationId), ActionCount = count() by Resource, OperationName = strcat(OperationName, \" - \", ResultType), IPAddress, UserId = UserPrincipalName, Type\r\n )\r\n)\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "0", + "name": "Results103", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "e3a0cfd9-ab9d-479d-b355-f3db4d09b084", + "version": "KqlParameterItem/1.0", + "name": "Results104", + "type": 1, + "query": "// Extend this list with items to search for\r\nlet keywords = dynamic([\"password\", \"pwd\", \"creds\", \"credentials\", \"secret\"]);\r\n// To exclude key phrases or tables to exclude add to these lists\r\nlet table_exclusions = dynamic([\"AuditLogs\", \"SigninLogs\", \"LAQueryLogs\", \"SecurityEvent\"]);\r\nlet keyword_exclusion = dynamic([\"reset user password\", \"change user password\"]);\r\nLAQueryLogs\r\n| where RequestClientApp != 'Sentinel-General'\r\n| extend querytext_lower = tolower(QueryText)\r\n| where querytext_lower has_any(keywords)\r\n| project TimeGenerated, AADEmail, QueryText, RequestClientApp, RequestTarget, ResponseCode, ResponseRowCount, ResponseDurationMs, CorrelationId\r\n| extend timestamp = TimeGenerated, UserPrincipalName = AADEmail\r\n| join kind=leftanti (LAQueryLogs\r\n | where RequestClientApp != 'Sentinel-General'\r\n | extend querytext_lower = tolower(QueryText)\r\n | where QueryText has_any(table_exclusions) or querytext_lower has_any(keyword_exclusion))\r\n on CorrelationId\r\n | where UserPrincipalName in ({UserPrincipalName})\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "0", + "name": "Results104", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "4d0cfde6-5b30-4824-97bb-37487f260b0b", + "version": "KqlParameterItem/1.0", + "name": "Results105", + "type": 1, + "query": "let recentWindow = 1d; // Accounts that logged in recently\r\nlet historyWindow = 30d; // Look back period for prior logins\r\nlet newAccountWindow = 7d; // Exclude accounts created in last 7 days\r\n// Step 1: Recent successful logins\r\nlet recentLogins = SigninLogs\r\n| where TimeGenerated >= ago(recentWindow)\r\n| where ResultType == 0\r\n| summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), loginCountRecent = count() \r\n by UserPrincipalName, Identity;\r\n// Step 2: Exclude accounts that had successful logins in the historical period\r\nlet historicalLogins = SigninLogs\r\n| where TimeGenerated between (ago(historyWindow) .. ago(recentWindow))\r\n| where ResultType == 0\r\n| summarize by UserPrincipalName, Identity;\r\nlet dormantLogins = recentLogins\r\n| join kind=leftanti (historicalLogins) on UserPrincipalName;\r\n// Step 3: Exclude newly created accounts\r\nlet newAccounts = AuditLogs\r\n| where TimeGenerated >= ago(newAccountWindow)\r\n| where OperationName == \"Add user\"\r\n| extend NewUserPrincipalName = tolower(extractjson(\"$.userPrincipalName\", tostring(TargetResources[0]), typeof(string)));\r\ndormantLogins\r\n| join kind=leftanti (newAccounts) on $left.UserPrincipalName == $right.NewUserPrincipalName\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "0", + "name": "Results105", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "4f1e1636-66f4-42ab-ba63-f0046df90e09", + "version": "KqlParameterItem/1.0", + "name": "Results107", + "type": 1, + "query": "let current = 1d;\r\nlet auditLookback = {TimeRange:grain};\r\nlet propertyIgnoreList = dynamic([\"TargetId.UserType\", \"StsRefreshTokensValidFrom\", \"LastDirSyncTime\", \"DeviceOSVersion\", \"CloudDeviceOSVersion\", \"DeviceObjectVersion\"]);\r\nlet AuditTrail = AuditLogs\r\n | where TimeGenerated >= ago(auditLookback) and TimeGenerated < ago(current)\r\n | where isnotempty(tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName))\r\n | extend InitiatedByUser = tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName)\r\n | extend InitiatedByIPAddress = tostring(parse_json(tostring(InitiatedBy.user)).ipAddress)\r\n | extend ModProps = TargetResources.[0].modifiedProperties\r\n | extend TargetUserPrincipalName = tolower(tostring(TargetResources.[0].userPrincipalName))\r\n | extend TargetResourceName = tolower(tostring(TargetResources.[0].displayName))\r\n | mv-expand ModProps\r\n | extend PropertyName = tostring(ModProps.displayName), newValue = tostring(parse_json(tostring(ModProps.newValue))[0])\r\n | where PropertyName !in~ (propertyIgnoreList) and (PropertyName !~ \"Action Client Name\" and newValue !~ \"DirectorySync\") and (PropertyName !~ \"Included Updated Properties\" and newValue !~ \"LastDirSyncTime\")\r\n | summarize count() by OperationName, InitiatedByUser, InitiatedByIPAddress, TargetUserPrincipalName, PropertyName, TargetResourceName;\r\nlet AccountMods = AuditLogs \r\n | where TimeGenerated >= ago(current)\r\n | where isnotempty(tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName))\r\n | extend InitiatedByUser = tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName)\r\n | extend InitiatedByIPAddress = tostring(parse_json(tostring(InitiatedBy.user)).ipAddress)\r\n | extend ModProps = TargetResources.[0].modifiedProperties\r\n | extend TargetUserPrincipalName = tolower(tostring(TargetResources.[0].userPrincipalName))\r\n | extend TargetResourceName = tolower(tostring(TargetResources.[0].displayName))\r\n | mv-expand ModProps\r\n | extend PropertyName = tostring(ModProps.displayName), newValue = tostring(parse_json(tostring(ModProps.newValue))[0])\r\n | where PropertyName !in~ (propertyIgnoreList) and (PropertyName !~ \"Action Client Name\" and newValue !~ \"DirectorySync\") and (PropertyName !~ \"Included Updated Properties\" and newValue !~ \"LastDirSyncTime\")\r\n | extend ModifiedProps = pack(\"PropertyName\", PropertyName, \"newValue\", newValue, \"Id\", Id, \"CorrelationId\", CorrelationId) \r\n | summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated), Activity = make_bag(ModifiedProps) by Type, InitiatedByUser, InitiatedByIPAddress, TargetUserPrincipalName, Category, OperationName, PropertyName, TargetResourceName;\r\nlet RareAudits = AccountMods\r\n | join kind= leftanti (\r\n AuditTrail \r\n )\r\n on OperationName, InitiatedByUser, InitiatedByIPAddress;//, TargetUserPrincipalName, PropertyName; //uncomment if you want to see Rare Property changes to a given TargetUserPrincipalName.\r\nRareAudits \r\n| summarize StartTime = min(StartTimeUtc), EndTime = max(EndTimeUtc), make_set(Activity), make_set(PropertyName) by Type, InitiatedByUser, InitiatedByIPAddress, OperationName, TargetUserPrincipalName, TargetResourceName\r\n| extend timestamp = StartTime, UserPrincipalName = InitiatedByUser, HostName = iff(set_PropertyName has_any ('DeviceOSType', 'CloudDeviceOSType'), TargetResourceName, '')\r\n| where UserPrincipalName in ({UserPrincipalName})\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "0", + "name": "Results107", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "75c81ac6-d658-48ee-85b0-8bce3559128a", + "version": "KqlParameterItem/1.0", + "name": "Results108", + "type": 1, + "query": "let auditLookback = {TimeRange:grain};\r\n// Setting threshold to 3 as a default, change as needed. Any operation that has been initiated by a user or app more than 3 times in the past 30 days will be exluded\r\nlet threshold = 3;\r\n// Helper function to extract relevant fields from AuditLog events\r\nlet auditLogEvents = view (startTimeSpan: timespan) {\r\n AuditLogs\r\n | where TimeGenerated >= ago(auditLookback)\r\n | extend ModProps = TargetResources.[0].modifiedProperties\r\n | extend IpAddress = iff(isnotempty(tostring(parse_json(tostring(InitiatedBy.user)).ipAddress)), \r\n tostring(parse_json(tostring(InitiatedBy.user)).ipAddress), tostring(parse_json(tostring(InitiatedBy.app)).ipAddress))\r\n | extend InitiatedBy = iff(isnotempty(tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName)), \r\n tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName), tostring(parse_json(tostring(InitiatedBy.app)).displayName))\r\n | extend TargetResourceName = tolower(tostring(TargetResources.[0].displayName))\r\n | mvexpand ModProps\r\n | extend PropertyName = tostring(ModProps.displayName), newValue = replace('\\\"', \"\", tostring(ModProps.newValue));\r\n};\r\n// Get just the InitiatedBy and CorrleationId so we can look at associated audit activity\r\n// 2 other operations that can be part of malicious activity in this situation are \r\n// \"Add OAuth2PermissionGrant\" and \"Add service principal\", replace the below if you are interested in those as starting points for OperationName\r\nlet HistoricalConsent = auditLogEvents(auditLookback) \r\n | where OperationName == \"Consent to application\"\r\n | summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated), OperationCount = count() \r\n by Type, InitiatedBy, IpAddress, TargetResourceName, Category, OperationName, PropertyName, newValue, CorrelationId, Id\r\n// Remove comment below to only include operations initiated by a user or app that is above the threshold for the last 30 days\r\n//| where OperationCount > threshold\r\n;\r\nlet Correlate = HistoricalConsent \r\n | summarize by InitiatedBy, CorrelationId;\r\n// 2 other operations that can be part of malicious activity in this situation are \r\n// \"Add OAuth2PermissionGrant\" and \"Add service principal\", replace the below if you changed the starting OperationName above\r\nlet allOtherEvents = auditLogEvents(auditLookback) \r\n | where OperationName != \"Consent to application\";\r\n// Gather associated activity based on audit activity for \"Consent to application\" and InitiatedBy and CorrleationId\r\nlet CorrelatedEvents = Correlate \r\n | join allOtherEvents on InitiatedBy, CorrelationId\r\n | summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated) \r\n by Type, InitiatedBy, IpAddress, TargetResourceName, Category, OperationName, PropertyName, newValue, CorrelationId, Id\r\n;\r\n// Union the results\r\nlet Results = union isfuzzy=true HistoricalConsent, CorrelatedEvents;\r\n// newValues that are simple semi-colon separated, make those dynamic for easy viewing and Aggregate into the PropertyUpdate set based on CorrelationId and Id(DirectoryId)\r\nResults\r\n| extend newValue = split(newValue, \";\")\r\n| extend PropertyUpdate = pack(PropertyName, newValue, \"Id\", Id)\r\n// Extract scope requested\r\n| extend perms = tostring(parse_json(tostring(PropertyUpdate.[\"ConsentAction.Permissions\"]))[0])\r\n| extend scope = extract('Scope:\\\\s*([^,\\\\]]*)', 1, perms)\r\n// Filter out some common openid, and low privilege request scopes - uncomment line below to filter out where no scope is requested\r\n//| where isnotempty(scope)\r\n| where scope !contains 'openid' and scope !in ('user_impersonation', 'User.Read')\r\n| summarize StartTime = min(StartTimeUtc), EndTime = max(EndTimeUtc), PropertyUpdateSet = make_bag(PropertyUpdate), make_set(scope)\r\n by InitiatedBy, IpAddress, TargetResourceName, OperationName, CorrelationId\r\n| extend timestamp = StartTime, UserPrincipalName = InitiatedBy\r\n| where UserPrincipalName in ({UserPrincipalName})\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "0", + "name": "Results108", + "styleSettings": { + "maxWidth": "0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Workspace}" + ], + "parameters": [ + { + "id": "d0f5e554-de83-438a-9c4a-be05649f8d1f", + "version": "KqlParameterItem/1.0", + "name": "Results112", + "type": 1, + "isRequired": true, + "query": "(union isfuzzy=true\r\n(\r\nAuditLogs\r\n| extend UserPrincipalName = tostring(InitiatedBy.user.userPrincipalName)\r\n| where OperationName =~ \"Set federation settings on domain\"\r\n//| where Result =~ \"success\" // commenting out, as it may be interesting to capture failed attempts\r\n| mv-expand TargetResources\r\n| extend modifiedProperties = parse_json(TargetResources).modifiedProperties\r\n| mv-expand modifiedProperties\r\n| extend targetDisplayName = tostring(parse_json(modifiedProperties).displayName)\r\n| mv-expand AdditionalDetails\r\n),\r\n(\r\nAuditLogs\r\n| where OperationName =~ \"Set domain authentication\"\r\n//| where Result =~ \"success\" // commenting out, as it may be interesting to capture failed attempts\r\n| mv-expand TargetResources\r\n| extend modifiedProperties = parse_json(TargetResources).modifiedProperties\r\n| mv-expand modifiedProperties\r\n| extend targetDisplayName = tostring(parse_json(modifiedProperties).displayName), NewDomainValue=tostring(parse_json(modifiedProperties).newValue)\r\n| where NewDomainValue has \"Federated\"\r\n))\r\n| where UserPrincipalName in ({UserPrincipalName})\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"No\", \"Yes\")\r\n| project Results", + "crossComponentResources": [ + "{Workspace}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "doNotRunWhenHidden": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "name": "Results112" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "# 📝 [Audit Logs](https://docs.microsoft.com/azure/azure-monitor/reference/tables/auditlogs)\n---\n\nThis section provides accountability and traceability for **administrative and user activities** across cloud services. It directly supports GDPR requirements for **records of processing activities (Art. 30)**, **security of processing (Art. 32)**, and **accountability (Art. 5(2))** by ensuring that all actions related to personal data can be tracked, reviewed, and evidenced. \n\nKey objectives of this section: \n- Detect **risky administrative actions** such as password resets, consent grants, or policy changes \n- Identify **suspicious logins** from inactive accounts or unusual sources that may indicate misuse of personal data \n- Monitor for **rare or unexpected audit events** that could signal attempts to bypass controls \n- Provide a reliable record of **who accessed what, when, and with what privileges** \n- Supply auditors with verifiable evidence of **control enforcement, activity logging, and retention** \n\nBy reviewing these metrics, analysts can confirm that **all processing activities are logged and monitored**, supporting GDPR requirements for transparency, oversight, and demonstrable compliance.\n" + }, + "name": "text - 2" + } + ] + }, + "customWidth": "40", + "name": "group - 27" + }, + { + "type": 1, + "content": { + "json": "" + }, + "customWidth": "10", + "name": "text - 26" + }, + { + "type": 1, + "content": { + "json": "| Audit Log (Entra ID)) | - | - |\r\n|:--| :--| :--|\r\n| Changing Passwords Across Multiple Cloud Accounts | Credential & Secret Search Activity by Users | Unexpected Logins From Inactive Accounts |\r\n| Rare Audit Activity Initiated |Suspicious Consent to Application Discovery |\r\n\r\nPanels in this section are dynamically rendered based on the selected Subscription, Workspace, Time range and User. Only panels with data are shown." + }, + "customWidth": "40", + "name": "SI OV" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let action = dynamic([\"change \", \"changed \", \"reset \"]);\r\nlet pWord = dynamic([\"password \", \"credentials \"]);\r\n(union isfuzzy=true\r\n (SecurityEvent\r\n | where EventID in (4723, 4724)\r\n | summarize\r\n StartTimeUtc = min(TimeGenerated),\r\n EndTimeUtc = max(TimeGenerated),\r\n ResultDescriptions = makeset(Activity),\r\n ActionCount = count()\r\n by\r\n Resource = Computer,\r\n OperationName = strcat(\"TargetAccount: \", TargetUserName),\r\n UserId = Account,\r\n Type\r\n ),\r\n (AuditLogs\r\n | where OperationName has_any (pWord) and OperationName has_any (action)\r\n | extend InitiatedBy = tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName) \r\n | extend TargetUserPrincipalName = tostring(TargetResources[0].userPrincipalName) \r\n | where ResultDescription != \"None\" \r\n | summarize\r\n StartTimeUtc = min(TimeGenerated),\r\n EndTimeUtc = max(TimeGenerated),\r\n ResultDescriptions = makeset(ResultDescription),\r\n CorrelationIds = makeset(CorrelationId),\r\n ActionCount = count()\r\n by\r\n OperationName = strcat(Category, \" - \", OperationName, \" - \", Result),\r\n Resource,\r\n UserId = TargetUserPrincipalName,\r\n Type\r\n | extend ResultDescriptions = tostring(ResultDescriptions)\r\n ),\r\n (OfficeActivity\r\n | where (ExtendedProperties has_any (pWord) or ModifiedProperties has_any (pWord)) and (ExtendedProperties has_any (action) or ModifiedProperties has_any (action))\r\n | extend ResultDescriptions = case(\r\n OfficeWorkload =~ \"AzureActiveDirectory\",\r\n tostring(ExtendedProperties),\r\n OfficeWorkload has_any (\"Exchange\", \"OneDrive\"),\r\n OfficeObjectId,\r\n RecordType\r\n ) \r\n | summarize\r\n StartTimeUtc = min(TimeGenerated),\r\n EndTimeUtc = max(TimeGenerated),\r\n ResultDescriptions = makeset(ResultDescriptions),\r\n ActionCount = count()\r\n by\r\n Resource = OfficeWorkload,\r\n OperationName = strcat(Operation, \" - \", ResultStatus),\r\n IPAddress = ClientIP,\r\n UserId,\r\n Type\r\n ),\r\n (Syslog\r\n | where SyslogMessage has_any (pWord) and SyslogMessage has_any (action)\r\n | summarize\r\n StartTimeUtc = min(TimeGenerated),\r\n EndTimeUtc = max(TimeGenerated),\r\n ResultDescriptions = makeset(SyslogMessage),\r\n ActionCount = count()\r\n by\r\n Resource = HostName,\r\n OperationName = Facility,\r\n IPAddress = HostIP,\r\n ProcessName,\r\n Type\r\n ),\r\n (SigninLogs\r\n | where OperationName =~ \"Sign-in activity\" and ResultType has_any (\"50125\", \"50133\")\r\n | summarize\r\n StartTimeUtc = min(TimeGenerated),\r\n EndTimeUtc = max(TimeGenerated),\r\n ResultDescriptions = makeset(ResultDescription),\r\n CorrelationIds = makeset(CorrelationId),\r\n ActionCount = count()\r\n by\r\n Resource,\r\n OperationName = strcat(OperationName, \" - \", ResultType),\r\n IPAddress,\r\n UserId = UserPrincipalName,\r\n Type\r\n )\r\n)\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserId in ({UserPrincipalName})\r\n| summarize LogSource=make_set(Type), ActionCount=sum(ActionCount) by UserId\r\n| sort by ActionCount desc\r\n| limit 100", + "size": 0, + "showAnalytics": true, + "title": "Changing Passwords Across Multiple Cloud Accounts", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "orange" + } + }, + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeWorkload", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results103", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results103", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "// Extend this list with items to search for\r\nlet keywords = dynamic([\"password\", \"pwd\", \"creds\", \"credentials\", \"secret\"]);\r\n// To exclude key phrases or tables to exclude add to these lists\r\nlet table_exclusions = dynamic([\"AuditLogs\", \"SigninLogs\", \"LAQueryLogs\", \"SecurityEvent\"]);\r\nlet keyword_exclusion = dynamic([\"reset user password\", \"change user password\"]);\r\nLAQueryLogs\r\n| where RequestClientApp != 'Sentinel-General'\r\n| extend querytext_lower = tolower(QueryText)\r\n| where querytext_lower has_any(keywords)\r\n| project TimeGenerated, AADEmail, QueryText, RequestClientApp, RequestTarget, ResponseCode, ResponseRowCount, ResponseDurationMs, CorrelationId\r\n| extend timestamp = TimeGenerated, Username = AADEmail\r\n| join kind=leftanti (LAQueryLogs\r\n | where RequestClientApp != 'Sentinel-General'\r\n | extend querytext_lower = tolower(QueryText)\r\n | where QueryText has_any(table_exclusions) or querytext_lower has_any(keyword_exclusion))\r\n on CorrelationId\r\n| where isnotempty(Username) and ResponseRowCount > 0\r\n| where \"{UserPrincipalName:label}\" == \"All\" or Username in ({UserPrincipalName})\r\n| summarize count() by Username\r\n| sort by count_ desc\r\n| limit 100", + "size": 0, + "showAnalytics": true, + "title": "Credential & Secret Search Activity by Users", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "Username", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "orange" + } + }, + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeWorkload", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results104", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results104", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let recentWindow = 1d; // Accounts that logged in recently\r\nlet historyWindow = 30d; // Look back period for prior logins\r\nlet newAccountWindow = 7d; // Exclude accounts created in last 7 days\r\n// Step 1: Recent successful logins\r\nlet recentLogins = SigninLogs\r\n| where TimeGenerated >= ago(recentWindow)\r\n| where ResultType == 0\r\n| summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), loginCountRecent = count() \r\n by UserPrincipalName, Identity;\r\n// Step 2: Exclude accounts that had successful logins in the historical period\r\nlet historicalLogins = SigninLogs\r\n| where TimeGenerated between (ago(historyWindow) .. ago(recentWindow))\r\n| where ResultType == 0\r\n| summarize by UserPrincipalName, Identity;\r\nlet dormantLogins = recentLogins\r\n| join kind=leftanti (historicalLogins) on UserPrincipalName;\r\n// Step 3: Exclude newly created accounts\r\nlet newAccounts = AuditLogs\r\n| where TimeGenerated >= ago(newAccountWindow)\r\n| where OperationName == \"Add user\"\r\n| extend NewUserPrincipalName = tolower(extractjson(\"$.userPrincipalName\", tostring(TargetResources[0]), typeof(string)));\r\ndormantLogins\r\n| join kind=leftanti (newAccounts) on $left.UserPrincipalName == $right.NewUserPrincipalName\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| summarize count() by UserPrincipalName\r\n| sort by count_ desc\r\n| limit 100", + "size": 0, + "showAnalytics": true, + "title": "Unexpected Logins From Inactive Accounts", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserPrincipalName", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Person", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "orange" + } + }, + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeWorkload", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results105", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results105", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let current = 1d;\r\nlet auditLookback = {TimeRange:grain};\r\nlet propertyIgnoreList = dynamic([\"TargetId.UserType\", \"StsRefreshTokensValidFrom\", \"LastDirSyncTime\", \"DeviceOSVersion\", \"CloudDeviceOSVersion\", \"DeviceObjectVersion\"]);\r\nlet AuditTrail = AuditLogs\r\n | where TimeGenerated >= ago(auditLookback) and TimeGenerated < ago(current)\r\n | where isnotempty(tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName))\r\n | extend InitiatedByUser = tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName)\r\n | extend InitiatedByIPAddress = tostring(parse_json(tostring(InitiatedBy.user)).ipAddress)\r\n | extend ModProps = TargetResources.[0].modifiedProperties\r\n | extend TargetUserPrincipalName = tolower(tostring(TargetResources.[0].userPrincipalName))\r\n | extend TargetResourceName = tolower(tostring(TargetResources.[0].displayName))\r\n | mv-expand ModProps\r\n | extend PropertyName = tostring(ModProps.displayName), newValue = tostring(parse_json(tostring(ModProps.newValue))[0])\r\n | where PropertyName !in~ (propertyIgnoreList) and (PropertyName !~ \"Action Client Name\" and newValue !~ \"DirectorySync\") and (PropertyName !~ \"Included Updated Properties\" and newValue !~ \"LastDirSyncTime\")\r\n | summarize count() by OperationName, InitiatedByUser, InitiatedByIPAddress, TargetUserPrincipalName, PropertyName, TargetResourceName;\r\nlet AccountMods = AuditLogs \r\n | where TimeGenerated >= ago(current)\r\n | where isnotempty(tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName))\r\n | extend InitiatedByUser = tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName)\r\n | extend InitiatedByIPAddress = tostring(parse_json(tostring(InitiatedBy.user)).ipAddress)\r\n | extend ModProps = TargetResources.[0].modifiedProperties\r\n | extend TargetUserPrincipalName = tolower(tostring(TargetResources.[0].userPrincipalName))\r\n | extend TargetResourceName = tolower(tostring(TargetResources.[0].displayName))\r\n | mv-expand ModProps\r\n | extend PropertyName = tostring(ModProps.displayName), newValue = tostring(parse_json(tostring(ModProps.newValue))[0])\r\n | where PropertyName !in~ (propertyIgnoreList) and (PropertyName !~ \"Action Client Name\" and newValue !~ \"DirectorySync\") and (PropertyName !~ \"Included Updated Properties\" and newValue !~ \"LastDirSyncTime\")\r\n | extend ModifiedProps = pack(\"PropertyName\", PropertyName, \"newValue\", newValue, \"Id\", Id, \"CorrelationId\", CorrelationId) \r\n | summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated), Activity = make_bag(ModifiedProps) by Type, InitiatedByUser, InitiatedByIPAddress, TargetUserPrincipalName, Category, OperationName, PropertyName, TargetResourceName;\r\nlet RareAudits = AccountMods\r\n | join kind= leftanti (\r\n AuditTrail \r\n )\r\n on OperationName, InitiatedByUser, InitiatedByIPAddress;//, TargetUserPrincipalName, PropertyName; //uncomment if you want to see Rare Property changes to a given TargetUserPrincipalName.\r\nRareAudits \r\n| summarize StartTime = min(StartTimeUtc), EndTime = max(EndTimeUtc), make_set(Activity), make_set(PropertyName) by Type, InitiatedByUser, InitiatedByIPAddress, OperationName, TargetUserPrincipalName, TargetResourceName\r\n| extend StartTime, InitiatedByUser, Hostname = iff(set_PropertyName has_any ('DeviceOSType', 'CloudDeviceOSType'), TargetResourceName, ''), InitiatedByIPAddress\r\n| where \"{UserPrincipalName:label}\" == \"All\" or InitiatedByUser in ({UserPrincipalName})\r\n| distinct InitiatedByUser, OperationName, StartTime\r\n| sort by StartTime desc\r\n| limit 100", + "size": 0, + "showAnalytics": true, + "title": "Rare Audit Activity Initiated", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "InitiatedByUser", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "pending", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeWorkload", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "blue" + } + } + ], + "filter": true + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results107", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results107", + "styleSettings": { + "maxWidth": "50" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let auditLookback = {TimeRange:grain};\r\n// Setting threshold to 3 as a default, change as needed. Any operation that has been initiated by a user or app more than 3 times in the past 30 days will be exluded\r\nlet threshold = 3;\r\n// Helper function to extract relevant fields from AuditLog events\r\nlet auditLogEvents = view (startTimeSpan: timespan) {\r\n AuditLogs\r\n | where TimeGenerated >= ago(auditLookback)\r\n | extend ModProps = TargetResources.[0].modifiedProperties\r\n | extend IpAddress = iff(isnotempty(tostring(parse_json(tostring(InitiatedBy.user)).ipAddress)), \r\n tostring(parse_json(tostring(InitiatedBy.user)).ipAddress), tostring(parse_json(tostring(InitiatedBy.app)).ipAddress))\r\n | extend InitiatedBy = iff(isnotempty(tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName)), \r\n tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName), tostring(parse_json(tostring(InitiatedBy.app)).displayName))\r\n | extend TargetResourceName = tolower(tostring(TargetResources.[0].displayName))\r\n | mvexpand ModProps\r\n | extend PropertyName = tostring(ModProps.displayName), newValue = replace('\\\"', \"\", tostring(ModProps.newValue));\r\n};\r\n// Get just the InitiatedBy and CorrleationId so we can look at associated audit activity\r\n// 2 other operations that can be part of malicious activity in this situation are \r\n// \"Add OAuth2PermissionGrant\" and \"Add service principal\", replace the below if you are interested in those as starting points for OperationName\r\nlet HistoricalConsent = auditLogEvents(auditLookback) \r\n | where OperationName == \"Consent to application\"\r\n | summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated), OperationCount = count() \r\n by Type, InitiatedBy, IpAddress, TargetResourceName, Category, OperationName, PropertyName, newValue, CorrelationId, Id\r\n// Remove comment below to only include operations initiated by a user or app that is above the threshold for the last 30 days\r\n//| where OperationCount > threshold\r\n;\r\nlet Correlate = HistoricalConsent \r\n | summarize by InitiatedBy, CorrelationId;\r\n// 2 other operations that can be part of malicious activity in this situation are \r\n// \"Add OAuth2PermissionGrant\" and \"Add service principal\", replace the below if you changed the starting OperationName above\r\nlet allOtherEvents = auditLogEvents(auditLookback) \r\n | where OperationName != \"Consent to application\";\r\n// Gather associated activity based on audit activity for \"Consent to application\" and InitiatedBy and CorrleationId\r\nlet CorrelatedEvents = Correlate \r\n | join allOtherEvents on InitiatedBy, CorrelationId\r\n | summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated) \r\n by Type, InitiatedBy, IpAddress, TargetResourceName, Category, OperationName, PropertyName, newValue, CorrelationId, Id\r\n;\r\n// Union the results\r\nlet Results = union isfuzzy=true HistoricalConsent, CorrelatedEvents;\r\n// newValues that are simple semi-colon separated, make those dynamic for easy viewing and Aggregate into the PropertyUpdate set based on CorrelationId and Id(DirectoryId)\r\nResults\r\n| extend newValue = split(newValue, \";\")\r\n| extend PropertyUpdate = pack(PropertyName, newValue, \"Id\", Id)\r\n// Extract scope requested\r\n| extend perms = tostring(parse_json(tostring(PropertyUpdate.[\"ConsentAction.Permissions\"]))[0])\r\n| extend scope = extract('Scope:\\\\s*([^,\\\\]]*)', 1, perms)\r\n// Filter out some common openid, and low privilege request scopes - uncomment line below to filter out where no scope is requested\r\n//| where isnotempty(scope)\r\n| where scope !contains 'openid' and scope !in ('user_impersonation', 'User.Read')\r\n| summarize StartTime = min(StartTimeUtc), EndTime = max(EndTimeUtc), PropertyUpdateSet = make_bag(PropertyUpdate), make_set(scope)\r\n by InitiatedBy, IpAddress, TargetResourceName, OperationName, CorrelationId\r\n| extend StartTime, InitiatedBy, IpAddress\r\n| where \"{UserPrincipalName:label}\" == \"All\" or InitiatedBy in ({UserPrincipalName})\r\n| summarize count() by InitiatedBy\r\n| sort by count_ desc", + "size": 0, + "showAnalytics": true, + "title": "Suspicious Consent to Application Discovery", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "crossComponentResources": [ + "{Workspace}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "UserId", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "Operation", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "OfficeWorkload", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "resource", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "count_", + "formatter": 8, + "formatOptions": { + "palette": "blue" + } + } + ] + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "Results108", + "comparison": "isEqualTo", + "value": "Yes" + }, + "name": "Results108", + "styleSettings": { + "maxWidth": "50" + } + } + ] + }, + "conditionalVisibility": { + "parameterName": "isAuditLogsVisible", + "comparison": "isEqualTo", + "value": "true" + }, + "name": "Audit Logs Group" + } + ], + "fallbackResourceIds": [ + ], + "fromTemplateId": "sentinel-UserWorkbook", + "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json" +} \ No newline at end of file From 38e50caa9a3bba969b46c59158b56c37911f5972 Mon Sep 17 00:00:00 2001 From: Varun Kohli Date: Wed, 8 Oct 2025 15:17:25 +0530 Subject: [PATCH 2/8] Workbook Metadata --- Workbooks/WorkbooksMetadata.json | 34 ++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/Workbooks/WorkbooksMetadata.json b/Workbooks/WorkbooksMetadata.json index 1689f1f2cae..8a34ee9ee68 100644 --- a/Workbooks/WorkbooksMetadata.json +++ b/Workbooks/WorkbooksMetadata.json @@ -9428,5 +9428,39 @@ "source": { "kind": "Community" } + }, + { + "workbookKey": "GDPRComplianceAndDataSecurity", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook helps you track, visualize and monitor GDPR related requirements across your enterprise. It consolidates data from Defender XDR, Microsoft Purview, Azure SQL Databases, Microsoft 365, UEBA and Entra ID solution.", + "dataTypesDependencies": [ + "SecurityAlert", + "SecurityIncident", + "PurviewDataSensitivityLogs", + "MicrosoftPurviewInformationProtection", + "AzureDiagnostics", + "BehaviorAnalytics", + "OfficeActivity", + "SigninLogs", + "AuditLogs", + "AADUserRiskEvents" + ], + "dataConnectorsDependencies": [ + "MicrosoftThreatProtection", + "MicrosoftAzurePurview", + "MicrosoftPurviewInformationProtection", + "AzureSql", + "Office365", + "AzureActiveDirectory" + ], + "previewImagesFileNames": [ + "GDPRComplianceAndDataSecurityWhite.png", + "GDPRComplianceAndDataSecurityBlack.png" + ], + "version": "1.0.0", + "title": "GDPR Compliance And Data Security", + "templateRelativePath": "GDPRComplianceAndDataSecurity.json", + "subtitle": "", + "provider": "Microsoft" } ] From 38a8bc0857aa576af04ea8dff5e723c51422a0f4 Mon Sep 17 00:00:00 2001 From: Varun Kohli Date: Wed, 8 Oct 2025 15:21:15 +0530 Subject: [PATCH 3/8] removing Identity Protection --- .../Workbooks/GDPRComplianceAndDataSecurity.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Solutions/GDPR Compliance & Data Security/Workbooks/GDPRComplianceAndDataSecurity.json b/Solutions/GDPR Compliance & Data Security/Workbooks/GDPRComplianceAndDataSecurity.json index 10c071e8d59..3f0eb04087b 100644 --- a/Solutions/GDPR Compliance & Data Security/Workbooks/GDPRComplianceAndDataSecurity.json +++ b/Solutions/GDPR Compliance & Data Security/Workbooks/GDPRComplianceAndDataSecurity.json @@ -5509,7 +5509,7 @@ { "type": 1, "content": { - "json": "| User & Entity Behavior Analytics (UEBA) | - | - |\r\n|:--| :--| :--| \r\n| Anomalous Activity by Geolocation | Anomalous Activity by User & GeoLocation | Entity Behavior Analytics Alerts |\r\n| User Anomalies | EntraID Identity Protection: User Sign-in Risk Details |ASim WebSession: Detect potential data exfilteration using timeseries anomaly|\r\n| Anomalous Password Reset | Anomalous Failed Logon |Anomalous Geolocation Logon|\r\n| Anomalous AAD Account Manipulation | Anomalous Account Creation |Anomalous Role Assignment|\r\n\r\nPanels in this section are dynamically rendered based on the selected Subscription, Workspace, Time range and User." + "json": "| User & Entity Behavior Analytics (UEBA) | - | - |\r\n|:--| :--| :--| \r\n| Anomalous Activity by Geolocation | Anomalous Activity by User & GeoLocation | Entity Behavior Analytics Alerts |\r\n| User Anomalies | User Sign-in Risk Details |ASim WebSession: Detect potential data exfilteration using timeseries anomaly|\r\n| Anomalous Password Reset | Anomalous Failed Logon |Anomalous Geolocation Logon|\r\n| Anomalous AAD Account Manipulation | Anomalous Account Creation |Anomalous Role Assignment|\r\n\r\nPanels in this section are dynamically rendered based on the selected Subscription, Workspace, Time range and User." }, "customWidth": "40", "name": "text - 14" @@ -6038,7 +6038,7 @@ "query": "AADUserRiskEvents\r\n| where \"{UserPrincipalName:label}\" == \"All\" or UserPrincipalName in ({UserPrincipalName})\r\n| extend UserProfile = strcat(\"#blade/Microsoft_AAD_IAM/UserDetailsMenuBlade/Profile/userId/\",UserId)\r\n| extend countryOrRegion_ = tostring(Location.countryOrRegion)\r\n| extend city_ = tostring(Location.city)\r\n| extend state_ = tostring(Location.state)\r\n| extend latitude_ = tostring(parse_json(tostring(Location.geoCoordinates)).latitude)\r\n| extend longitude_ = tostring(parse_json(tostring(Location.geoCoordinates)).longitude)\r\n| distinct UserPrincipalName, UserProfile, RiskLevel, RiskEventType, city_, state_, countryOrRegion_, UserId\r\n| limit 100", "size": 0, "showAnalytics": true, - "title": "EntraID Identity Protection: User Sign-in Risk Details", + "title": "User Sign-in Risk Details", "noDataMessage": "There are no results within the selected thresholds (time, workspace, subscription). See How To: Configure and enable Microsoft Entra ID: Identity Protection risk policies (https://docs.microsoft.com/azure/active-directory/identity-protection/howto-identity-protection-configure-risk-policies)", "timeContextFromParameter": "TimeRange", "showExportToExcel": true, From 5a2c969be001a6e53c27a0970ba851ff90aaec6b Mon Sep 17 00:00:00 2001 From: Varun Kohli Date: Thu, 9 Oct 2025 10:24:23 +0530 Subject: [PATCH 4/8] AddingWorkbookPreviews --- .../GDPRComplianceAndDataSecurity.json | 2 +- .../GDPRComplianceAndDataSecurityBlack.png | Bin 0 -> 250029 bytes .../GDPRComplianceAndDataSecurityWhite.png | Bin 0 -> 250167 bytes 3 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 Solutions/GDPR Compliance & Data Security/Workbooks/Images/Preview/GDPRComplianceAndDataSecurityBlack.png create mode 100644 Solutions/GDPR Compliance & Data Security/Workbooks/Images/Preview/GDPRComplianceAndDataSecurityWhite.png diff --git a/Solutions/GDPR Compliance & Data Security/Workbooks/GDPRComplianceAndDataSecurity.json b/Solutions/GDPR Compliance & Data Security/Workbooks/GDPRComplianceAndDataSecurity.json index 3f0eb04087b..ca94ee9e0f8 100644 --- a/Solutions/GDPR Compliance & Data Security/Workbooks/GDPRComplianceAndDataSecurity.json +++ b/Solutions/GDPR Compliance & Data Security/Workbooks/GDPRComplianceAndDataSecurity.json @@ -12790,6 +12790,6 @@ ], "fallbackResourceIds": [ ], - "fromTemplateId": "sentinel-UserWorkbook", + "fromTemplateId": "", "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json" } \ No newline at end of file diff --git a/Solutions/GDPR Compliance & Data Security/Workbooks/Images/Preview/GDPRComplianceAndDataSecurityBlack.png b/Solutions/GDPR Compliance & Data Security/Workbooks/Images/Preview/GDPRComplianceAndDataSecurityBlack.png new file mode 100644 index 0000000000000000000000000000000000000000..39cb67b6a8fbc700050d9610d5d7714d9ef6e3c3 GIT binary patch literal 250029 zcmeFZXH-=AwmnK~tKBNlDmmH;f*>F&AlU>6N)9DZfP$nVNzPzvD=ksUl5?m63M3R6 zTLdJ>A{Qu`f+FYm*494vo_o)SH^v+9eR_XJ(?D5!*WSOd)?9PWwcn_zC{UkdIY~uD zMXh-Mo(2`wuUIOopOt<&4zHwLB}T%JpByz5?oj2mvCYCCKbzlHzD-3{5OQko$uao* z*Jt;29jT~jYLV}s8tk&3Qc)eIE8e@U`Qv9{uD9tix6Z$PYd9(!%3c_z z{PNF~(ROFbvG>#O%dZz+-yB|*QVGKU!b=C2@NZutp9iG=?N9jiIr&}+%l~*ON&a0H za(Dmzm8H&w{pr8|gx@f9Z!rJkh371C|K~J6Mg$YCInICNWb4r%L#9@UuEgM6VuL>v zm1~q`XGSn=#$Kao$j(pth+cnTC4qU(HTxwrvsLb&@x=Uf=DM|ax`U=*ZuAr9^Xk;! zU;lcR-femnltoG`Icw%M;#nQ>rS7e z;Ww+V3t`qd!I(H$Y;=S6=kF)GweGmQq?O5>nEfR2iQLhX-1H1ghvgo9?+%?!!aXl- zryNfp7qMPZR3Z`T(LWBMN@Ce(zRt$i*eGb2b*GV7QL=~MZIDAwZNB=POvk`*2}i^- zUmv;3XuxpC;}!3P3wH_%3Sw@!hnAJfKf1yoy|+}$B5hVgTKf9+vG@MEn14`^wwG6> z%=W~&b;=M*GgC!7RX%8*+#4<*#9~SA$tDjG@MSYEux^melSpJnY(II&-y_x_vEQl z*U4HNo}6$2DXFRS?CjpRYfiveBw=GlMdS?sKw-}dsUCCRra2V2!mAbFdB}~=5NJ(3 zszJXHfeqW{P^q)e=`-|JR#&euE!Hcx?7p;4>5KB5z?cP(-t;$Dj*(J?yY>I;FSYyl z-@57M1s;{E>EN_aF$msZ{AP#c+oeSYK4}NW(1}gx%9my#m}FCq{SRYT)pPAetM!U3 z-fheeq;74w>E`NCh6t(wj6yoof(9)_A2@1=sb5qG3iW^KgZxUWaMd(4OrYVA;uTU=t=b{uknvit_dPI4co^ii zJsA}+wOP+f9;u2g+o~KmtNcr-!A+6ko6}W}vL)&TZSglMbs&`$HY+ zwZ6GKpc=DHD-qtk_Ni`i~WMaw^FEqE>4QBV)FYarti@0V=rmI?Q zlPoWBwIk*k=$Dn1HGTQ=Ha0f)$dNp?00x1URP=9+JYf-GVX5KaTJcivxD;7#TD;Z! zxkSy@Hcuw*F!?wQTUKVGyZq(Lmz$cKwLfwGI@K5#HJ4YRGU~G%Ut&wbMCH4ZwLYw@ zI5?AgE^~9o7qOn0p6(s8B{oIy({ph6+#c1dq^s_RO(%fPzjcmBMXNhQd2(zlB{1;x z9O>Z?e)nren zfxBV7aIMB0%teJ@4N|$Y^M%NIcjca4v+GqVecui(XU#rXH~kNHFB?|X|U3?aA$2cb%Qbl3w!k1>x$CS`=Kgv zQrSgCH?jlAOC-Xb^Z2a>1k)&zE?E$sAtZ-=ANj-GQ3;2wd?_iZ8@9tXEV4e8?sSq- zpCpj2#28~m+2Q-rO6;JrlkUq-CJnuNzEDtKtW2*715ZR$p!Nou(swTy}9Rze2#?6d{#$?TJEC)w7a`IX0*C0Lq@##QzTK)Wp7FY z*=kmKv)H{ouXu?FWJ5a7b&}AO7c&EenR%sSC(Fvq-UlF;L-p(nF|!&%%Z>SyLehPW zeS(IM-o|FWc;Q8_gt#$SEpLL<6TEA#b^YTjl7m$9qfNPC1F4IC#G+s^RF`(TeXo3EiL1h z*{9TDR2;*==rtO z)RF|_D=gM#WIb=(A{uy7idQx_``(As-qA9~8e0@j55jO10vX}rgB9V5Tj zsr+l>B!}il`&;9DNRop5u)Dd4dh{q-X6x%+fxXc?+q=80>##N%uAm}(W!+gWqWSdn4 zlQvLjX4RKxP%p92U(o%_rNLf-9~sHs-d=C3CS@`au!XUS3H_Nf$!`sR*UNvFY}Ojb z9Z+{6pe{xCy7^^MQJt_$sv2-{a6M)%Znd_|JP)IjAhq=?9}d~oT%W4)+IFCjDo{Vt z++evgZlPjRMiDuL!*fj-;&nvKXdtuQ7fdnVl`Ac_KCUC~nLY>G<`vt>_!5S%^=4^0 zRB`xhJ(0V2k5@*<5Uy=!p<M!5`SPx!EO@!vah=8VL%ug^1TZjhMl1`E6CAc4YKqh^0uVmm(4IdErto8NjJ1CYZT@PYikiG?Vwn_Vme*G&HgBI&c4nsJu>veW^lG!zSM64Fy{$?`t zK14tELz_u_g;Vwt`WnDC(}cN}W;4xBAKckpw6%3k!uyTD>O-G*V`F1z5#Q z&qCoU>`7YMz7m@uE=7SOvAFi)zCntKQ1w;{0;k|jB;Q4En!e;~I~x>S`h!TOW_D)g zYz~q~G)^(%rjPZgL8FOIX!Y)bCk%psen|_H=(oR5tnV(?SixPCd+$+1O4tF&FZF3h zM;X!G=i_~=nXCoygf*tOlV3XaKpZVsyBZL?-7c}QX)WE@-K|;W@hTicA!XQ9xL~?V za^3T_-q;IiM|DeopcpoZQbIR#e2I|N#@wfk2UaGPWW4o8Mn=e8=>en)jQG zX7PqUl>`sNvo!-J-@JL#xwpN_AIObL^W0om+1Th!e(6WYP@-q9p)oN%oq2F{XNbtZ zD4D~Xz^}MT@=Ubfizb9@NAog^NpMcKI_^B^cK-VD4-Mg5SqR9%AdZ0;ng>`MZ(PUfaI(AtcV->)>k2*B`eR(OmZk|zts=V zGGnz3VC~gv$xkWObN)P`#Elg&Sb3?ED07jMlT&(g*io!7C`L zqpPbMn)c_PKf_hdEd6~qLtMP~LVh}=ET@$TMVrB*Ml?DZhG1@Rq>oQhQh#@Y(*5_# z6O#)IdEYL|Gc_MJ@#8Ief>I~GeM{co-LyJ9*mrPtR^LCqE@J%o7wP@A>zMA0+)z~> z{!5qSGgab4?Owi~(p3zl;gm`{dV+>mNC@TbUWRO9V`JlRrxf1gj`>!x(VppZt%Y-u@NY(1cHc(8dY{cItoFE97aIUYV99tDLE zj);JOfV^snN2=1=>kAJ&*U8x($#)~7qq8O^x>r_Kx|Ysdyy5Mkt^rx(?TF8=4fTxd zty$(-|2J>c@7#HD@c6P-!s2-kY&!PmeMm5zM8X8c**z`oC6$Lug zQAX{YNbe#d(o6dvL8iPs>7*1vz_%iBDIp;be(#vv)HM`FMG?q7IFp#za0dxFi1`xEe7d1dWUbC+tDq1uR0QA6 z5Z%g3eyJ#~OI%vBXw>`t5-uJd9@4c9hGJ`GUWl1-acqz(=OB+u5AWRy0Pl&#UicjF~ob)Gy)hN3QOe%_jNb4T9Y!()(`+p>JF zSW@Y7cD74{HLO!&j{9}RP&^*L{5bt?Logu2j^tWD*vmgOuD{LRf&O z&FWW;IFeO!ZM*$>Y3f`@m^qUN`&fW=_ottJEW#p^`B8A}wJ(4z_)* z_O_O>nwh~!fPfL>$6MnCQTy8(sY;(aY=5DSfITDj)$dbH_i_$ki+EsqsB@FlnU!m4-$KFbAytHLD2~B!$BnLZKe>*qAZx!Ocis z5lX;~G1d0)WH$Bn5qM{XM0HeDR1mmr=sp>t(Qr@BKD8;!B0(0vtD6}bHaR|?${~F? zPcE`clv!C{*T!J5y?OfPY_uo?=LnU!o5_$G;}ykIgX1M;BT$CF`+TQ_81Hw#T`_(= zz-|0m9KK7olEV|@Q}^brCr!Kq&#{=xoTFhn<=e)$b33{|Aof`qX?7SJ6L8hSx-F#k#Fox68MCJK=&DWDnoUxWnqzZ{4`S%MY4pE8-2`3KoQfM^FA&vt_aW+HS@K5cVD0G z^xh=l1Zu3+=aPCM_2_gpaw*44$t5Qzvq-t+PgSm$xa(-xpE6ji+ztNl;X_13M6T zSgI&2EG$3vsF83%T1u*DDl@T%U}uC-QL=uAS75gm+YI&QP2!uD)>gVE8Z~b``+94A zt`AjXJ#q!Y-1-7Z|M#jpYhPc|VwGb>2hSGBy*y5%0fPgVh^_M6#3Gv*ro%lnH0{kf zP7NTp!Xfthad_N^5mIkYkS=yxHU^}a1)-Wn924#nG@K1}w1{2r!}x$vFPo9d_t&mp zp9J8@KV)=S5i?M(t?tmAT$^6r7BpC;PYB_}!@MemLQIA2*DYe!!bDHUpyj?hXgye@ z*bu@Q1v^B-Y2M;=jYKI9ZD4?)8vbk7x@_6BSD1oALQwMZuf6v7;I?ITuP_wb^{GJC zY-(@sjzE<}aUCnR6$l^@LPJA~9H&)Qb56f{^{T0*;CS@T5l4y$d)$3KpW zI5*Kz-i(+e#P{x3s+iOVs<%`#DQdv~;I!nwe?8ZtP0z-LUU0Wwjclb)craBdlBqOZ z-n2jv&CAP^u-_}K4`#>xe)shZg)pk);!*;MlbE`j_;)K75+=r_C+GId?ug`iH*8T6aB4QrpW&>hV`92p?9Y_PHLIGGvd2$R3nx zv}X(wy(iu&AjCj=Mg|7h0G6B2l6E%cGTm3FF2mlp87l5(cO6b^paa_#86(1x2Adl8$X&3uf*RG6}!9H>7 zRu+RZ>fkqOL$>85NS1l}$ZX4E%ty+p`x3TjR9He*T%)$s&tX`8~dh zq~>?nw;*I5GX5SJH_f8MH0iEiIU_q95uLIZ$2Ms`O`eEZ#K@S*;bzor8l*FBDNYC^IZz?COW!FDxvC zrgdiqjJ&Qq*qK`&saV7Uz8Wkr$-Gb^Kl8Lp5qAF6sY|=b4V%p;~yKPS$ta z&Wj_;tuZ3nw{QRP$>*e|n_H>+M(tRgM1+@8u~nZ=UmnT|HDQ~co}R4|FM&Bnmj;^* z`4x$$@87?#A4q!2Q{^*{73}lUUdcdZmy5IB=hnMbL9T5f||`Ite}y z2!h!X{RYeWKruR~_?>0(l8dVgr00%I^S_ zO9kjZmSRjuKvus7@bn)F9Rj~Wd?J226mW_@uS*X==p6tdpMB@d>g_50?5(Xs@jY{3 zotf6L4tskgt|2E+o(weEXxcy_)yt5pH40!39f02*v}f+#-oDc%Zf!}I`Kwc!nnPy* z^FfGBo0by88UixY<>3mWNU7*um=EGO=I6*XR7SAE~V|m@9i6 zl$krPDvQmI9{P-+(||a&T>5$&CMl`&j=SPykf-=pj_s}rg}gUzhL0a7L0aZkY`S7E zI|pfwUDDNJ!FM_`%fOj?F@Vv#roU9^U^X+6j*&2$mq#)51WHP;bg6ye;dE>BBx=hPKOn?F#-O6g@-eMDz3Si)9u=Q!cQL@^wQikot!YJgl)(kF=!o34 zyCSUDuLymQO%4~0INJ`@_IK9%02_tJ#^QQ&^(|YXg&kb%kwt>QOyHWLc5={V8o$0t zXT)9`pPZO(f*=a%TtZjgHEjCgy0t&7!=C&ncd6NKe1Y2c{dIG4*>r;DvnB1O*2c~@ zBVX;x>|Zy5bGt0Trvyv0{P!DLAYXN)$OQn!o`WQDBj5dE4NXmAxwDlta7cqimSGtW z9epEkRa(g?Bj=I%P>WrqS+|r`k^fC$$2t@tW3?#=UQgF zT}(k-f`N>Lq%|z<|H3vjJTWS>B~W(sw9DF*h3P=~<03_6Nh>kw=`pd&ix)3GpjZVk z3iMt&(WsXvXp3wfAD`+rI@g-Vh4$T-(&H3`Lw7{2AK}x^@k~%CxhfD!paO#E(Gh7> z!YeMWTkYe+0y0I6s3jI68O49tMy$#|u6aYia%h8squd@lE$S0&iCfF#ATNq+ z);K!Dt^r0G1stOezfMkv0;g{pFmD6OnOLc+D!zYgw*EoSV*^dyURaN;=QY!(-Jf zq#q82I8tQMuuFW&ED1S#?rh*k0_K?{h$dfGbkuk!CmDH#@E^AbN%?BW#NGM6T*e6G zp65Xwt2>N2R2iyJ_VrpGJf`?dSlWErP0FED+%QH=qgj%%pBpDGUV*LaKWriqiZ^^E zR0b5&!vZmPAd5gON1M$V?;0D^RoEr|pvvTiFB%PQei1p-J~vp5BlqF)fQof#58k&# zz~Zl(?mr2Egv1yd;f#+5>FM)$L;6?(b&AWP3_kj8nO{Jq)UG4i*gh(cTh`Qh5j&)g^53u_91oxiRlI^Hg3Gb;uFE1~r)mAZ7wstW<+ibfU zA0VcYnyH6iBukR^sxBhefe%Wh;==`h%ugP3&|40y~4Qm?5*BmRIxbxcAyOg{G#aYpC3_ z3ZvT1kpc))mNRdip3(2hqh?U4oJ$X!;2pSNxE?j1gT!C0GTY+>i}A_{*K}7$d`E5f zLeXfn7Qxn_;)!=&m5wvHR~<4RU{GEG0p*&8&tDoF5nfJxNYo}gE-uGLvVel= zeh;Y$YsWZmJpM?f9DP%L&c~2Pkvxj8$zb5bO*ePCX7a^7z+$iM+9)H!nS?8!QvYy) zi63e4766@By9V0PA-uG_(UAiU<$q0wV3z+DUcD0tnX$qr=D@zq5mN zjB0amb?qCesu@x~1#9ma*Y3kml{(wL>{5yZeT4zfcnSYp%W?_>@k3!mqV}4d;YOmb zdHmL0^VEw@#SjM?5}Jr(xJXyQw~hjKiYgeFZvB;CX0nbZ zj(GeX+H(+Gs!+YQ_zrhH!Mxzn4UZNJMAioSQ)8=KR^PkZy}I9WYK+XMDx_NRgkvGt zQ`@5BWA)}wK%mJV901a7lvA`Oo;kX*wK~rZlFSI9BftHBVSJ>X(R#H_( z0h(QIY-!PgYAQz52II7s(tihx~N z-S6$vJTX6?^HRqud-h?%wE>GsM17`GEBv4tIzRR*)A%ruS;C)j%G8{(?)0X$dRG^% zpi)czrEm}IVcm;k9&7IuC}&IWc=%;OgDS2>37M5=t|++6uC9RUy@UN-9BeH4_%?&`nFP;;cXh_6ihVn*l zwVOpTG!c)l53bVfGjNRu(f!6@>b3`Ez0VowY@h-8&L=s!W@|4G*?A(=>GS7QB*#93 z^w1?QOy4_5uPdik!hJS!w8ko&Kf^||&C8qm`*r9jF_%EXv(13=V_mcxhMoXdlp?Aa~Ce2Rc> zJKl$D!J5f77}}7(U2^tGP_S{pC?I4RQDJg}9goGeqPI`Ik zT)l@L7?O6rr0&cYwzs5SPEvm^CFTDDJ6lIG`T5wf><3Y8F6*HF8Xh}wf?rrz{czLw zFw=F^69t?yqNIQ*h64f7Ae64eqZoOgocuy4+&N49bit!e_nd3fXA4)_oV7`IxLA;H z&V|S(XKQ96R*Sm&dh))*+1u?6Z_-i-ixsYmwmF&bmao6xotWJ=|60Y@5CS^rNR=me zGcq`&J-)QIDtr2lT2)>)%v51_u9{+jTFG*E!=@hb@jd@A5vQ!-ut&qq*`GYI#V+Cf z*zZHzrOSte`;&`<2h%(b6~Qg;Y6??QNq>eUb~e(lhF25jJ+opWy_>LGs&-+qb*j#T z)aoRfyOSiYN6U#L8S|Q^HE;hS|1G_e?iqrPU#F*oN~P2$ULk|Nj)WkAY0cDzIlgyINT_)Ccap`2oN1377FTnOa> zqNhtkEr{BggsB$cgYUM+o}9QIt_rs&Fl?sjF~+ao$sKaI&)sH!zyJKKOhQIjvyg2| zetCqF*6QYJ_r&EekiS*r6cpwNqdwhtX{EW4d;mg$UKOSoRPHROT9D)e<%rI`dw=TW z>ZPyGiOrM@*=kZGid(}X(v*T2IXLpD=lb|%WsM*`6q&WM0GDQ2yR(iIoQPSDPeLiX zj-*Y)DT9W@+kJx5>v4j?d$Y>r*P?a<7Zeen*1_iFVUg>iA*g+JJEKvDnxit_52`GA z6;IH7<`>@%hhp8SFW%L1Jwz7x*a4R}h73Y>(n}wY>ecwXM6N17|LQ9mYHf%&#wMGy zWE{Rza~Pkw&)r$w$Kc6{zLFV5Z*DFnw)y-?&&%A-aNw+%6^Z%f(8mX>*lN-Y0w#% zMHEQAxkfd&alU)%F#qx3%F4WM-ZnF5SDmf(qPJ{mW238Lu^JH&m{wcb+IqW8A0U3a zXW#CCHr50LuTbUE3kXn|a5n`2Jqx_)X&G4i@p>pmdPhdtTzxGa_wJ=Y z%nMpHgWFii)|{>+EW+nH?>zKBa^#2>-p~M+#AT`B0|8PfpJSj>7u-rj^xN~0Aj+NR znBKTax-MurID7z;5HAYF2n0l|JA(^kh4m57#aR$I5oLqJcg$W+UY<`vLJ!{F18a@_ zxEHc|$AQ~h7C#Te3MH5t_(v#YYNi`%rx*pbz?*=~rmyt25HipcuqBiq5W`eeM0%H} z6McJ$s1y7`LVbD7O^)iF?kz*j8sEz9X+%IY8nDCNC0OODJ2@3C8%Tp~a%Fj09c`VH zQFGJ4-d?1;>r)rEEHA)dAkOPO@?e^PwMFO&bv$-Db97@K*~BbjwmIS9bT%Z7aH?|G zMLR?ltvya10gx?T(v@Wu$+%5p-$vzqsum+hi(Od{J+=v&Re~3ls9n3Zxvy&x<|pnB z9ySUzNqeH*nKO$I!}P=B(JpQ6m*24qx3B zYgcW_k*?74C*bebA zGEOVCJA&&@!e_4(n2_^EMn>#XZfdZ@M4M`M$o#;)4zklC8z0$`8`B-ctH>~Z9d_Fy z6a<{wS+CYN3>wV#i8_=1+6W_DOV;937l3PM0L9yXw0CW7O-o71AA~1d1Bd5Bu$Acm zgi45$&;}|HK~sBsdkDn~Y!x}GwT8*g`n|SGB_t#a2)Bq22_Z1)=(rB$gPi!pbuF3Y zT1(pxEvgY>L9ZB-ty^g3Aj+*D!2_A_9M8j!dEG+ii7#h>3vCAc4aKn114&%&P>E%; zklY(-4X34Q<3~uu2aebl1{Kr?tx-qBB()o$UrQ zZ1joQnhJ`FiaXB^{C1u!(;^1JM0_ILagp`xwRj2b9;cdC2u+!j&5``quWLfMLtMt; zP@5gOuLw@BaI?0!Y*;J6Ii_qAv6Fe=v-ys>N}naWhhxrhR2%M&kM*R;ozlHh>^%1Q z*Vgyf73^BwaivmdRq6Hcl++a1l3C!9KxBCH?l#P}|D?Zv@HJJ9&^1u}$#2FU=fk3U z@!|!-zCglz2m!BXZsk+&7y=nI+7q;U7E&w$a%yL)#v?BQb4g#e+wT4O9j)w^8mp+a z8tlP6uYCwQ-t-J~ahn^|pouv-g+mRC)Q<6zO{yQV=Y{ziXO0N-^EcoBT&R~T;V~Z# z)N@2+WS+shNj!neduKK?=H`AI?HYLaxqa=svYpKp`qc2M^}(a>izZ0dYh{fB=0^FVtH#N;)oE5a)M$-5k2JK-~a$= zH<{D7XHj^g(HZtyuStk>Mq;fm2*tr*nINWFY671!H?Atv3ybyXX3A3lJ#7m2?+a~j zZSjhTXzO2OBlv)sTNJ2evVVOLxY(QaXrcu5^=ze3p@weXjtM-}IudfIMCKg8($AP#kNTM| z=EQfqEX1K6%8iFXdA>>-$y_{&uax#IBgrmod?C*_TxvI4*^)kes&QHR_51NuTNV8N z%m>YXol;VP_nCnV6Hi+5zP@{CYVtbRNb*NB!AJ4SykEpdd|HGK2>D5B+sAwlYPlfBl+o-v71>v4OLGbtj_#6Cl%l00OrU*+Ck&j+~cpdqwcrlXLS72ZE{P*VL2;x zkX_+^n{PE|wEZ(2X1gR5=X$rI+`Powc5}0?!>Q*qaZYMbsz13~J;3>CWB1hG|D3n! z+nBCGu_RhXxHjg_f3&Z3uJio!z8^pSPhZTxhU5RkW*>2p>I+F78-6u4HMSsfw(8#? z;E^^e_(IpyuuG+JMhX&_#~WJZ7}=z2P-0v4RR7AwOGtAF)K@hZ93Qp`{?mi= z<4y1?S^hs3i?(VC>_V~&OLio|7fW-vqfOy7!keX{?_r>s)$#m|^t>wCY)$aFws(8L+wofXWy3dE&>}o{2jwXB+Iw4RO9a zPTe!;JU4Hpbzb(OuJY@uocXlxjMIacY(rEjBJM{IPB7Q8ZQ04=hf z>HfHZXO=gk`ukoz6Kr-CHg?z?aSS=bSXkEzEY)QGFk7KjcS#U~J3sm^JfaLoj*g_q%}(Vq#**eTmqOpaXoiZjXAc=7PGMA!;);Q|-A(%p+B- zFLAf$+%KT*fV|S{)rmTYa$#W2&~!R83@(*yQ9*{EuX9Em*Tn= zB77`xU9>g=3l3k0z1Ef+Vm9U-<)7s!Y;uIA?NGCPF)oP#qoIf9Plw_ zTDHq%qClF1QbtUf`Nsv7dZFi|ham&4H{tLR{*42AcPcg$JpV^jvf8jt&&-U?IQ{*Q z=QV|V+*tP=0;+jPw)-8o>gD|o7f1V`n+a}r7y{$~+$+gAD}ilR0~eXwN=zFgTs^8^ zr1lw1NUl^7&>WFmROFPptM<=;XxJB+IAm(7G#eLWDRy6)!f4np9uH#Kwwi3>q?FI+ z{PJJZ76l($TxwGtoVP`2TQIT{#4?DDI)#A(`go5rIhmdyU4bk{l?17DP`EC`ug7UQ zEKrNE8+%|^Tr8a&>geNTg;F)!_7}E+t>#O>%V>c~@9OJ;3`A{!FZ2~g$xE(lU(|t? zyu7wE7sSx36dd*L9nwU!Ew*yKNj`{88#||}@Yla0i?`Ngb;{;IRm93}$kgA&dLVVe zc$B+fksvatT)VWSa_`F%LAKJ`!|S(<$LuRSfIk!-=|z8Vdcz{JBGxo)RffXOwFCaw z+nS6bd#n@dOTn8%?7XPZs{Ky}J2hq8Fai5@?b}`mmm-|AH7hDUEEl;==p@7G;7bB< z?BKA~Fz`Ja_PslXYHRly#!K#2G9?7LjP3;Qw(5VnpqCh*W!F~=5+{G)VX8J%V?QcF zPwU5VKgI!RCB6T@Ug_aIOZ?Zr{`e{4e^2CpymBk(!v6vnYN`Kunu>eHcTdn}n}=|4 zpZF(3MO6W=nE^M$)ZbA*|0{KF@n370h+{E2qh_&NJ34A47R;7CB@n~}g!2e6*@E@mX%3h}b=~apBYiiCXM*l#iy;nJp zs#~P~{qC;mKg`og8BAx&`De=7`qCjWXhr?Ah;JHkn;1Fm|5L*JGeQ6VZhHUv0+_w- zT~4p0w{L%QJo6m$$^JN+iOuT!;PkL9RQz=FQ`t`+UwszO+%f35SKMhL&kr;vbS|Bo z)h;v|W3}5;K$@Y*&G^745aq5LCMJV<7&=DCh3&GgkMNfQp?e3&gY;Yo#lD9JQ^r(V z`uY2BHz`AlLd!3!AAh?89XYMh%dg9_^g#OToNA4wr>9Q`mX^5|U$G#Ot6M0KG@ohp z*eb_gBR;8ev`_A(CNAP#;)vnUi2fFIlozi~waP{4^cJ`mM7RG64bs<8*>AT8x9%9$ z7}?(Jg|54zKS5Om-X6NbML^GV6o%JYo{a`QU~cyo;%K9$669(V7fIDSM`VGPG-iBz zN3V^3vG1V|(xyFHW5g59WYc15N*O%Q5mY3Ug^+ivZX zsu&G5wJh-cPd=TF4xsufga=a6<#7g=>Qc7$Zv%I z2HwB*z4Q>exE@$Hpm&YR%H(Q(2lrddHPa7zCDz$nM^6-aH_(7+6p3~HeQj~nXsE;v z>8M+oYzBg%MO%;=CIMVIX`n#e@#j8#P%;`-`O)#7UP7S!vGA%=R5VuBx7z1$ z-&HwYf@mu)W;2)u`ku|GPpG3uk{K;OGTphK^bsiT#6Uv1J#~BO@lEoJ&p5k zo_%zbYR`KZ+;{cO?~&fPvaQgsGp-(Bliq<2GWLU!qfm`yHg8w&&f#m`!JXw9RJ6@< ze>(L$u;l-G(!k6Mo|7HaVw9Lzhm$KVXFmPB#36cmPX4mFdcHmjBdGaX;1dS3<( z1bX?`LH9+Da1TF)`Sj2$={*lhlfZ@@A&qE&qB%G6lcmLiMh#^nOb>&0IVl z)(>*ihQ1VMlYYbsio?_BB+7Ufxi_0t>`*PCP&gd{@0-5WT(f_l;7|ifNz`s6=gqlG zGr5H6$nBRSz%Eg93V)K?dJ(<6bGk}+oZ5MzOYYdQV@NN{e6=@tG;~NF>n%j9o+*J? zVx}smfwyx$;vrPj2&)g$#`}23E2;Fd9&U#qx+VBq_0!1)zeszmseuy?X(xrjgLcwW zeIB==gLn;m)s{mgHuNPizk#dk*s1D{&u`8V(-hAk-noYl1Cb{Th@nu#TvQ*lz>m)i zCSwH&<1H+lc<6jU#;7OzsiFpS6A8~l7uJ+Io5$EPPm#^83qnUurL2m2?>Ld1rwyG_!?>I3 zV6{htDk35cpr#fVGrXln(12RotCWMHE=;bw2zArwVYI-s3e6Q>xAk3^Zaz-ZIowJGJ;5kj=aEg{ zg@WCUY*0Cm?$CCuF&gEpJrELcrv`7IU>>Z|3J7Q?t(mic=R_P5FOM7c%S&M|*1J{n zvEm_Y)Qq@|QyVxFwSmFBW~>F>{VUHlucB%mcU|kEC-~MBNP!y^@yx=QJU#v3;r*{= zi*nD(5?GNwf9T{H*ZmWRi_N2u^cQOmt1qd(w+4SNS)v}aR4fm`N)+1u)!BosR9+c2 zRvfse+}+TXxXn9BVB7EeQ1+B9g{1DBbdRWH$Z!~ z%B4$z9g#d-768o(Yc1DRaYG_~U@y@EqErj|eMVwdBVmVUNaV4@;+%)R0y-8JEZE2E z<^$ewfor&vNfhaKQD?)@{dRuzHT5KU%1lr~2zpV~!3P}?6_qLOIAsCdkT5{Rx4++o zCEI7<@KY8x;oRAC=Ynk5;dIbqU;zgE7NX!UpaDY3t_J-Gu<=+cJ^&P^XHWubDS=f` zvCq&m7xCaGB-jdua)ATM0$Lf%DZN8CJU6VtI+(4j_7;S-ONxk`fv7XbsoAvB8PI|R z6KblZ&ELQb0g;byd(9HO1Xx27xYAPn%JhP=HSxiD7Q>Hl@-hlPC zibbaO3&=Apz%z{)8uaa|a+L(4wflre@J6zTeHuhP4Onu4o`qKUDjhKR3!_dPL<;sf zwoQ)hwHepdhp=WQiP|{99x56TjmyxD+1i5T&ZKdQjl-P7% z?@kbotSj*{^4^Y++1+!5nL$W)tKOWlB)j?}AGfzG4*X(n%>D|Le@ws{Brq~Kd~_Z@ zR8MJ2e>~HXjMc_P`k;%IK-#JVb5Dyl+esRlUh_m>TPH#xfDOP%Dq_Laoms0bMdn2| zL!#rAHSi3YRL}VjP1ZF+C3zI&Mhnf_LO}ok>XhNYF8R}^PfEnX_gA01Kpqpam+?Mo zwtOzH8$PNC&WKyV!VSL&Idx7L4}Jz#F~0FJ^cRcH|W-O3etU7n4Jwqf~bIiLNd{H*gs`kl3=i?%kK2+(!g}$ zgSzQALJU`~=5g~EqUkANrt#<6UZq-@6s`n6pyx?wjT7&FG=lW=!V_ZTU9-*L$r+m6 zX01+ZGwQke6}@@$J=vPbp3@`Pn)Vsge^F0Gx^>y1|F7j?rKkaU z{KCbHNJq%QQ9fUTeUud7$*3A=DsFCXSAFyAuY;wQsa!npq>qLLmek6ddhVut)q>#i zjfb{*JUr;f1|&bkNTyX^e7|uECHF}O-#a_;6m~_nPwjE~5mbaLwMBQf3C}o(3ABrN zP>6l=O+Qh6OrLY8S}cLMIFcI+ak0q0_Bb~;cQycH2v5a0l;M@4$`31J!bD~hE$%Ul zsez;pw_z+;cOV;qWq?1aH2I7|+xq)lt_t%)1ee2HH|h-w%z;noNrHAnbmDGg;JL`S zK75Tl=F>}B^7eG1km~_`-ID!w0&5FIJP}i}79{s9pDGVBsbZ#7z|J>shRJs}J!-y< z9SDobOI~K?(}<(fc`kDFqM_WfdqihMzIeU$u4kP;eZ7yZ{st&unAuQnc%Vok^mM>O zNHSeVw(-IO!PMw0z7dXX=~%t9M7Mtb}pFX;o%-{{W+EPmuk-< zU1xb%P;FZiWsPe6Xi;D!M|#iz&O_F(hU7x-&rU@iC1SH<8Wst5)6bvpIg^KV;fWG1 zHxt2cZ`BY?nHoSSuEP;8%~V^q^u4_!h)>i;pMZ2C0@<4h{n{8*O|!N^Pm23>@Vyv9 zq6ZN);*yHjmpmFOG!_;RWEXP|>n)ph4ha75PZ-f5_{8VHM@d;(yI<9+rEU^)rvHx3 zP?5TpQ#f*40QC_$8nLfIduI>iRObeYE8-KAef4TKGyf{mQm9fTF&X)u(qCWz;2r5z z0O?dG=TTmw&rTy+nXmKD!oq+6cp(|-i441>yoTpFOoyjvAYo^fWj zj7AVu-ump!@_?^KDU^ooW)d=2n#-roO&XZ!yoS1AhkA}%d^S&Vv1_a@fZwZvlC++L zToUp=Xwn+Yw@*b-)=JN1#9#!bTn|cdA0z`>%D`$YvJ$#8Rjsz5Qw&;^V|jSA9TIbz z#J_oIJE4`j!VW!~&T#Ua0@!y2&2OC|DE)9V<$^=F{!T%W|PS&cb=O`_T%hDE{&wF?jH~&Aadw$yv6GPh=Wb>!2?aGNx&ii zH)N&A=ZZw7nyDBoCwMfLfPVS^McrElM7g$Yqp(a`-L45O=v}=Pk2t|m7 zZ2C1iKvtO68#&}?I?4W}wwr%WNrlbFyo8-c9tdXSs`CxxdYxW`L>u!dLHJjY#6b$E zqdVFQq#0djBiG%%T?9zL8o|*Ia4&@CESn%wJ;KEe?lDr&MarisNCs4GrZ#dtg%^Gi zj)9~QFifaG`alPcX}A0KSQ-H2wE0FZV%oHM7qQ3g8PHBzfCfp=6ts#EcmN1{>Dr2W zneXp}MR&l5Yyv_($|R*LMUr&~lZill5P2VjCG9!3Cl5?*C&*NLJ}%~Pk3Cheb=-vC z~%ilmhP5U!HmxJ)*XZ%({DO)2P@1+U5giwr1IIRKt0g0q9rv-|j} zN5=7f?J>7H0=ftOIRd(dj9W8EWG{WCYU%>0onZU>)enic)aN@DfbI!F(_^G^fxIvB zH-bo7pO(%?b08qqI6=p2*1Khum6`grqSn8$+NHlCP6|hwT&Ri#W5XE61d(jk+$tr= zocHz?tr6-A=r0_W?MceII!3Q`V(7=;dmstCv^l2yhn%Ws0;|R9STee7f2Fe6ZTF0n z5^L z2tJxJMLTMPR|i-G*on_mre0HC0qL`Ftq6dy~U;ZePZa7yw; z1EZij485|R!9tUOK1!>(cuRFe{xvB0|bjI@ECTmmv64R86>2;?93YgT{Y~? z+rJ2G_$dIEH&kMk0?kUWPhWuR$-;T#A&9d{Bs)3V7X5Bfanqdz4vF*nSU(Yo&@-Js zNG|ui4fIRT-=Ntx$lx8x0JwDU@q>7%Vem(lKe3VTPfnoVX7yb& zbha)2okQaZwFv1Z3m};Bn03=z?ah$y?)3J7VizR%xM(i4ui_v3PKA@ zIf@2TynMtCF%vWKB&am00Z$%~pr;Lw*P!OGc)cnAm-A|EZlqpx&MnCcnP`QNU*r>V z5H<5V{X9Y9yU0!A%KJbu$rh zK>&IM>Y^;b?QI4GbRInL(sNzrvC^p3bKP3%T0cH21^+cYJF8~QN*Y*X-48uSJ*Y*g z4&ZT(zv60FR1l2;e6Ql1TwK6p6C4OzTk(fwka+@cwX$XXZvvG&f~=Cjq_VR`ho?oR zm6z!tg-W5Lx6pt~Nlza|#MKa`Jz#p2yY?#Wyx$aX{+(LkP%aJW6{3WZ4mc=)2C|ke z=^z1GP0e{#K+0G1m;?rY>@Hr!K^;3>ep$dAl!5@;2Fb46loKORi{N7Fh02v&Hu0aK z4GTm)}Pz+(ip75^X}kujZyq!#K(s($NEIK=4D zk2es~=9u$bE$CJwRp#g_p8sLOtie3nUs091-o+TUF$gL7h0|LBgC!#) z!_L+=c#dDFKj#Uco!1JCp$zqV{dZVYREECORo#T>xqr^Er88NHkYCG6N8mZydm1u; zR}geM!XTUm-AX++&<82+XW4iD(Xa2Bf{0>@LcukVmOmMq7>l1H^+2!bFq1)K^+%Us zlRtShLIGvXIi&z$W8d3%;l4EXmIR(wxR7*XVN+G;4_7!WC>fu<9Eh|`^mew-;(N#UQPov585HAKZ*|b$xeL zM4JQrS_FrF5~A|}{0hL%*hK9eZdXhHLy5+f>g$7xAKU5hbXXsVK{QBsM6+?8I*yx6)JuTTkSj8SUf8H?& z*jp^j0Ix#|7OMv$E?2$L+gbW_IgsRmq`_lwREn@a5wV{fVFkA3wPy^0D@(&Ov(nUHjKy(9yeuK4rG*oS#fD)%Ut{{B$ zabhMBw;0-Q0go+;W!*Wt~R5$f1;FhCg6B`zN=@)Q#M~KTT6fBOx-+{ zb#F?Lka^BeMAEs~sz-u?f?{t~@E8XnHF{~D)A{AWZlg40o9*$!nV>E!O|-Y&55X@Y z3I$}oNH_}@s6POp*aTs{?(XfGLw4zy08tluXW|Az3^Z)IAaVW1{rehh(R_R$)RFk` zO>cp!43v}>A-Z*B;|6^XL|g-2ft+Ng(H2%g(*Sj_ONcY+X-->?aEBg-^wX#JIMkwQ z^oyPlZ>_3Boq2NyN@>>mO;R7i58Xu^H_~B;fgXo@%1oItTXb_zp?UT%-E-mm?SO{D z?(9DwD6y)9MZ7I9FaK_X#brvRp-G{KF#ybKHq=H21C*7-`#*(~f-)u2nH#MMftw1v zD*)Vt5B}8;u_JmE{RTmmS3`I#A@h#KHjbiK;E8MU_P}zFXpWXDKATh3AfZZu#a^ex zqF>I{V>rbJko-3u=k$ZcX9qo(^Vc-Os>~e)_y>j3!{81sK;i=x{S=5HA)9z!?9hD4 zzL*PEv84g08nRR)cue34aZP4oBEGqTteiTKhv4f>F34~pQiu?^BQ4s>#ox+lAqZ3X z<5+bEf8*@RWD?jVgf4kEPdvlb7c!_A@(d+QsddCXsOxz&lo?}M-2pD)#h$;v0+@Ux z^npOgvELB6veum7*a2PoNke`Q=KGv{yufWZa>eH?&3Y}mi+t9O z3lIt>Tq{JEb~{z?4T&QCWDaBPGcXZi#XxGPK0ew<6b>rTl@b803qY7L@X=sL(t~`8&1yR;r84@CP!^|R#c(Gu+2rXeH z6r=1tNX_lo)LO^%N^6%!5Y-;?pgF`kdOJ! zV3GXWpx)a8%uBSOQ;x{~5;yo66)1gdKs8t<1UBN8;-%s8LgW#MwdLM{fxu0+TtI}6 zA!SHIw$|a^`3mUSAQWY*qt6?U2f-{ZLZlK=S}G2#MT-Z=gwZ_q5un=p`80`0IxbUf z5o`%4^rUu(>_4@iYsc+Fcp@aE6C}D-=4{u^@Ul%KYU+2CSr4+>NQ955CBU~)0Xr|? zGO)(u^62?%P@?OF?mNJSq1XqUKk&RaGZbpCI?buZLpRs7uT?YpxXaCbb5kAarwDV3 z7j;lrzGo~OodL@xVE28kAT9_y1D#-;go{>6e;v)p>dG*Z!44T%P9eJO{4eC!{8E)+yM7j zd}hjgMz~VgWy$pORIy0$qA8R`wf@ERgqq)i4^up(37L*7BeyegT5KJb9O!VL$rN+; zaQim_-rkk89`go*Wh~OO1HASkA0U$068BF)lp>4FV zNuZ;oWVoiI2t^TeCSc1SBb^&~>AmT_McgJnN5GX=7m43xKr#>laF@-c&nu&q7H#sP zx4C<2_*=k1=^@4+VdG?)$n*1)Eq`D@NZ9yLdHme3gqamRna4S`dWiHOm|vthI9q*O z<9vl+2U|9`QVH!kwe@F^Q!d0;t}4BGe|~e^X)M?;GxLmUy2s(3#fs;6S3NL=Xg^D& z!n^)_dl~_}ggbCaK_YB5RD!5&geT}HLe3m5so1+RifB=RCMF^(X$H7(-+==0G`Yh; zrOvg~DWuAqXHb97a^Nl~%Ud*uFo45SD>s^(0>{+N2iZtg)*bX}mo9V@q2*Po_UId3 zNU9MwVj=FhCI#S;EO+lJydl<4D?8jT-Y%`4m7=g5JqwN=BE2|YfBzy@eW2?hs1GRH zZ_;(vB1WqfKwX0-2~ejT4j7+?xYk*_3cX~isN}=;EEskM^ly7hWT{{Y2HApSp&m-> zGJoTc`UnA3Pp<-CYk8=-R`J&7)Yz`cdT+#5fkd;s=x*--3ITUOZwL|XUAJWY%!Tv| zMVg{g*4T@X8p&XxZ^+qUm<9l^!$Q+#a+c+AJt9yXQ}w zb-#c7czv2)Du4fZI3$v=PSJi#S%6;y4N>&L&S@YhNBPOD0kdqLGlj==;yNx@T|Ym6 zAMmuf3(yYW!53XHhoq7Ty0+t}5lq=g5EAZWE2p(1s#BmYCBu;G4c(uewaexTwKW1x zcpYQv?Br|1+5p3FT_5WKTY^j@Ku(4_x?CExSroxk(wo5w?3tlIL40@x+APucP+3L( zzLgoAng3;|WFz<7w-a9xA#p7bB@wo`qfrU@DwMl$#TM%P<@duW&I*s;&%j(WbZ~T3 zgFZ6CTAS+05?}wvMuA#oW%t_9hivUDRF(2q{hYe0Vt9HMxYPb7z5-U)St+IuL0&b@(E1R}sv(Z@_38U@laFI~|6(m~ae=51>Y+4<)NFaQd2` z=Q9gcrS~WMR)IH;-kp7lFfT+4%nx&2rus1ay#@KA3+7b zFc-S9CuTt+nnW} z_Ft(z7D4*G5S=2>o1GiP7z*S=AP~^XfBp_~YaYiX4ZxR|+inCPY(!s!2e0`e5E zvv2=D1t0!@hQ|IwjvP9=#_RSLn5RqsKw_cw?=|4gIr~tR%W~&bHiAIj`7eC6j4HYj z5%ksdt@|@21G4ze$y>7z!~3c8IH$O3^{O&lkG#nC@B$$x%BK+wzl2W$TI z#CBVw#`<*vvTMU>0nQf*4whBshGSqb(w|KO&-TLmH+TIHYTAD$L;dUh{$B!{y|6GS zVX+7#8Nh$E|7SeZ$yk}Ef&ad{IwgquJ}7`JLKAtY+O-t^Ynbyd_@R<5uM3-3k|Mq^4 zP&P^eHI8UvnGld@!@z<5MEoz@_kEH%s?b~iM%+inLCms#U63sN&%+9r|B}$lr9F1d zZAtK&eB2s}AuZ0O&iU#yX}5kFrmKANqMBnd#ao;69$7e_*iy`FD#_dmuV;{om#x6e ze7AAtT`;H3Zi%(PsTHp2XBs3(&E6!yr6zyU7N7a|{IrRJ9%uyq`OIUoi(XDk&n+W| z)Gw%a_Kx@B^Ot|0SxPaUs#W_MVE>s?Bi?UKA>&TCW`w=&am&;F+;1fTmiw){>FwTb zWj5@ahr$z$<+uXRzX*OgO^)T&I4gWE+m9c98Cmh(ow2#?XBv_9cJJhg()7E0^*SfM z8vS!6k?75MWj};s z98}j`)$Tw2eyYqC6@EF2oeY+%1zO59hxiLLFDqjTfR&?8XhV2!iQDG|#@^v}!kbaI zzj_bi$;@q*Q_e*1X-6eQYj|`p>f&I9KF^{#L(j;p%$?tV%2I5ZO*^c|qKH!z);`NS z>(bWf$u_4|+$OH%6JgUzCplb`Wo447tyb<_Zs{{oBJYf4>M54cT))ea>r6Xm(LF6S zRKAXci$gl}syE^-{PEdB0sl?Rj-n`Pyn%Zgy z@iaavd6^$2zK(g)Y&Fm9NC!YCJ`zc+Qi$_m+oG|uT?H9isk1H(TbgY1LWFvUkgO!u zK#yE<(eNmzb>@MrjYX$YxfzqnM|-u9FlUFf3ss}CCfn?M>L+X{?vH=cDQ3d(?*&)I zdQ7yEf9N~Iu4f*?rufY**nk_Ej1fUd(5?&fqY!v560m{4Lewo7{cztm#Va^Wywa4-(kAJr+BMTUcH1f%(CXL9^H#(@kDJ|8OL8CIG9nf zNY(<_&Pw?{Z6)29ZE1iqeAxq{1JFho1uYOH6`o3N-y+hF664lZ`UE;ereUsX&hKuO|t@XSz}|&)9c| zx!>$VwqMKKGq3?OxT>`7=jt(j?3hq06IR<9Wz1za?TkLGxsvMk`g@|Z+s8|`G>5Yy zDJQ7NN}t>B^aO*@ox|Aa#qx~P0vlbYW)g&R;Av5QnbS*SGt$Ggax3Rw`y1S@tmWEj zdmURSaJWcrm$A%2P9o#O=@;gdJ^AF2cDwm=No^o|)n?W9F)(5*2J(`St+KJ%KmO^@ zmXZvj$Oa0q`CK~<6zr3sAc825O8nIW>HlY>E4uMsA>+PO>+rDlYMX1vr$z|gL!ssa z{S2dXg$rHPX;9lNLSxmCZWZ6?21%un*5(uoQVEsJr44zrU=6?5_gpUqks|*WEK#DBKGPcD_BK$i~ zNm-c(`V)p4&Mbw8(f6#L)4oXK8fU;rLLUpc;m}=#d_{d{4aOw^LK+g**3g2f^vYl0 zw8ANkQEbI8GC#e#Tt8!eJFe0|#-;>Uh(6Ti$}gYJOU$TkcKWI;E>-(w8US&4N19x4 z&ILuZ%rc9wB(M?T3pry|LbETd?Xgj_c2Rx9I;i*>XR4tRboI)11m*aM*23;l{9m4Y zxQO%;;1_|g#yrq0iuNZ*Vf%wBxe`mvzS1Q)(ej6jx0eHbSJgI=;OQ;=nhq;0^QUmDZnTFf+jd9ipmkXEg?#_nYXs+BUjVw+nu(X?~hHYJOGy*|oibhTKUPm<(j&b4(^ z##Iw(R2oDnn66Gf*w%)LA~ywV@JJS5VQEHgR^8ITu3y$ zG~v^nReS_>Y!J(O-ar+{@TYB=;e*!k%9J&k_%|{aSo!rOu^hz1T?f@a>bU+6-&tuJ zZtmI{%ifm?>E6yQrP8~)eyG!@huRh#>2hF-gWX}wTwE%n6o?e70TrXgk|rCoHVps`Mlk0}g(hukL3+Z7GBH%A z25|hrVe}xtnj)SH

)2`=~GuV5yuwefsmINK32|*8=9IIt(BHr&4KBO-w=?<{O%Z z`BoLHY9RA_s3JR^jEhXvTTWIsJR#TGC%PNxuYf860i3KMS0e2^8-s9{x&nq#s4%6L zr|X0ddO&mA$fFdutDEeGfc@Iqa8MNh74?iWqDWyFq=+F~Yzr+2RdowoXFig3Vwb}^ zZf^0sNBsM(#Lxoy2C0TxZq!xL6m;8nBW0D^xwn^;*(lSR%Q(>BzEj>ck0`IfaWqwz z54n>~%);ha{Bvw6F*RXap)u){Gta8owyRPaRy5pmt4t{+^2eT@=V$QVMJ<|9Y6@0Z zdsseCcKM;xDXOx32?RWpoXSjnPx-V)Tc7%u#7I=rZc|{L!I6X2&D|4T;cj7De$Qe% zc*Sr}^K{plYy3?pVV!FC8QTU`U)RDn7dXnqPw<=I@;c}%`=qVd!UgsYPfln6_hr!I zDQiV~ezDCK)aR+(^@l@pE!m>O`*qXHJJv3!5AoFrn*F8+#6J=sBJBf_!zE?tw`Mv$ zc~Y+Xa;TumYH(?W)9JjHU9_sEsCMmYcs_KStcGiJ0aL@a{g(;o!Ao254ZB%kCrv4= zux5IV1(&9zQACpDfO*oF$;nLFjpU&tC{uYFdsh)U0LTC>`exCu`Y2Sf!^V#;dy!Hi zW^JNc39TaATo)1+7gl79^9(C1f%T%?uZ_N4iT-Ea8nU&(;_3U^s^=H%C<3a z+-T(p$|Yp!uPxa|ceBVW!|g=F&r{w7yd~aDfm+{h4+=cp^3j-y6Gm-!j(5+x@b~}b z0y1~FD~leB$3@SEPtJ`*z7P)m!2RUdmY@kROAjG2nVxv~eehHGXWA;)(iNu2p(E+R z!*GZJRgf4<&m{y2zL3i~SaPT|6L>BYpU1ZD!_$L?cayl}bKKb<7UTGhSw8TS313ZS zX)a#Zy)tY4B+E+M1%YaG4dqshc_ee_W)r*N!S`_aX6s*P9i>?0P-B=;;}7t>7T6{b zmi~Z)dBXowhUisU1)Vh_IzB)Bj2A&6aK~|`(|2feUuORFrR(iIU6VcXwg9n#j!lY= zqvhqA2ht4QD(E33NgLFaS*FbkA8`zi%T2LT4kuPJ%gJ6=n*6{88dR+549S!8qUXH7Y9=_-S%a9DtZKW z>YmNS$=;haQ|mg?8hi6Z>OzMh!)5D{!=WD;5e+YGSfwIL_~w75-3nOMY-kGi)wU{V zW6Igt`2n}@TQ?Im<3?CRmxof6VLI2`Ey?}gu!OkjgoH?Gt~=!p4AO^ ze=-W2diT6XU5-q{NYQ0;k5#V9Rb18Tpa%!bx{YQ-Eg^;XO_t4Sm7-OTr-!9~973o%zi8LnOEV2x>C(Ntn7&#JOGFRA06^HF)tPXCmu50f|WXcyJ8{r_gv z{{4|H>c{MSaEfELNBBXlbkQASxe0t%ruWE*`5=R96nfbupu4B17{VAs0j7|UB|NqK zeHh@dq2y!3TcY+un(;Z0*^n3ldV)ERbN+$Au1N!_gA137r5TrZiFdFN9wEaQ2ilE< z=^VfJ35>0zGvA8(1K*}0Gun>jg)qvHO7%T|a}H=*wKO+}1J?mF!)9Srk^u235K#RW z!rf4AIpYlNvJjZq71(ch9MD!*Sev{{*uEgf$|RWf?JCYr`EpqJMXMqavwim;awCT4 z>^I9Fofuqb5vb@f_-QxW6(^8yTruikn z-&SO$K2^qd{_=v_$-v%)-||KbV#A|p@q=p_oOJ8XRoCaTLi(zn^VJp|F8Z%oogQMi zjF+?C|G{3)&*q5E7;ktT>#ubBaO~k58LJNedeVZT^09Q{L^lK;bYz?T1Pb#Tn|%7L zd1b4c5OXemUf?im@C}!Ui~)o1c<33kPwk0cNJB)Hp}`!(#6ed2))ACKp;$a6Av$fe zDZ0Y!IuZ;o#a2gD>Xs%3?x}NF9D$gX(ffugf?>Z?|lwdXf&ag9fjv$l_sJ} zZw-tiI?vzvoUMw_byhznuhy5)g7b1Q+mn%~mI`G;+8tdGzA8Vn?au|^=V$hkw&7C* z>^uyicJlNL8IW~Ia5+L23&R$~!EoYg^><1^L5;_`U&S=_k=jr*h8Yw{)~@n_jh9S8ZFf>#t15s)Dzv^gcpT*xBIh z#=GPsezE47{-|oao_!?O1<3*7ulH;0q6;o>U-MMon)Ig@`f#^YBM~N9XT6FizQkcvh%q^ zfX95?eAr*IjN#IcDv?#CdtyX0n(=zc;g&%?1Sxi*Q_JsR#s|HGSg_RMAYxibb3qxlc#7j0C{pgV6;0w+bP-Td>T*UNjbvqah#CJrvz2E7) zMS>l#b+8CX;(LqV{xpttV-$dl5>InU$zY0p=Jf5AX3R8pJmj9o$o;9^;Cappp-Jfh09qNrHd`)1H4hQaZlD{N`t7tlAJwy8uo?=YmQ zM8;!%+aeX9J{jQlD;C=;mm+WnBZFVKhOJ=~mc(w^uy0?|^tz+YeI(9mZtJQWc}jzs zW@6$)jLK0$wP#RZa?5t(G2chIQ*o%j?UFbjJvwC~_Ta|N8{9gy(}^Q*#Td+O8WlaL zKT*7tlZ?oljZG+>Yt6c=e|_$3`^1`eprnuCwevU0n|{0`XuA09^)2!^Cc;ack1yv$ zr{0hv-Z=~&i@}Vlj^d<<-&E;aY-%Z}>H-9N1tYyI@6LPBPiIRKFnnw{>Icj z$0#O!`63aRa>4VAc2HBwS&i<%Z&2NK&l7o>zd832k6u`R zLu@WbNiO{(Vl?I`POsuHoS%rq)p6%PuI&? zWEJWNbhi2?za8;i9Cf;DDHqAUA9U*bsc_*2^SN{91a6Aid^~lIw9bC$S&5A}zwU>X znAc$^1n<$z&2XKKJ(V-h?N~FJmwA^tEm))N;>+jh>e-nhx$L3-=^Y}5bBhAH{sNXo z{w#EXIB zq%m`eo1=pquN!o86V~OZWh{ShvHp=oV}8N{8xT&{;#K)Tm7H@OC3BCRb)PyvT^7#k*6<5y$=KVlcwF-k0!hG+A+e=YYi!!>cheuaiLrTh8_A z{CE_ZVmsk{Qr04-BNJQUWZ8C2*CxgB=w0<RGbpPPieH1Vc?Pw!T?4f=+(H1CPtLbbto zt{29}H+gu-j94$fvh1Y)Jy32>u6MlJKiN*=Au_0-@|M9bGBNdq@`GP7 z9dnP@8lP)QzRNtTsI2@(DwI*{%$>8Uo<^=Mc|ZABpOp?95zy<3W@l%cqEL;8azVH+n(o;Kw$=pPI`#0u)S zGkxD*o!ESl@q>X%F-7goq|Af&kK!c#+w1z3^V*GKMEwlP9@f?2MY@;O&NKVdtxB}K zrm;IUY-quS9u#iV;Mb=rURTIE*Fe$3A^f6`C-e0QIW60*&__B#ihPz^p>RFykoY@gNx{KOaB;lZ7>9v>!;-)~VKuo-*%`-wMFd~fg;FLE$z+;~%f z3;@;^xzsx;_wM`Kzu{r0GP;} z(FNuAR>|D^^7Z@?y|$4Y`tLjD>Mash>t)D1PwzS}Tf0uK@7^&|xy+%pL2VORWxbAb z?X)|(pFGt=&^E40@N7}={&ksb#YTA^i~O=aP11!2{8oKs&%SRS_HG$HEPRmp9Zf%y zG_JiUpX}qK)i`Ik7oLfaDKZR+PQ<(5r=twqQu6ZcTi(fKZwuWz0U&YWM&Y|PL( zJ+m-EoL%Xr@ZY8;%FNlZTx_v!Vrk-5e)>8HhbwT%s!Ql<#K?5;~_;{j~M;(N>CbGxa z-k7>vC_5|se2H*e(OYk+i~E8w_1=Z2nQ`0_(emmN_Y`u9;cA}L7baXuo(;e4)qR`J zzir`>eE$b8gWX5v-Q5KGQwv^umO;`x9%w zc;ZnO!$(u3GzrE#m8aBIbe=zmN{(gMW#lT96LH1=4W}WDkY)LHZtmC{JUZ0IVAZAG zO2bI4QK9##_3LXD_cRE!EbUIl)|)K8pXgQcKCQZldy>w}{8oVOgtq)h=l-;fwy~9# zkpnHKAaVU8rsBcXhq12F9mN6khBIZ+Xm)R^E7V!-D#7NZH#@sr9U?9L$hUGxSOpWp z*NZg;NyJ}dbDupZ*!8wi_0F{-iRpQ_<0B(j#U7lGWE!rWXdjj%h>hh{uHJYJsZPqG!HxM)8KQ#n@ZG7>gZM!vgYW_I6Zf_v0XbE+V( z!Uo-W&Q#(s-8>}t^=mQ%6T`E74_eYiwdlJPwq<0p=WH^X+I+z>-;a|!z`pk6T%tSg zsFQtiR5L?VQ9XGji(1C_T(IKu_|_m3|E?PROwlFrmsDdOW=P4U-=b=#DE9Tpb$p*J`xf2#2tsx&3}XD-(z z{TI|XZ&oNCt_7{mbE#jwlJx)x0SAWa=PcYhK5=ptmkN#txHkINwZ~Q7IV6<=l_D`Q zno`>-iKX#cy3Nf^07;$HseK zDlFQy&c&*aTphSbe@iZJ=`Q%0pAnU`;!ZKTsKQ+xGF17Z;=ta8h{vb&)<~?#`Cb&{ zC<}W0=0Mkf(Oiz@yj9X;vN4s{!0kH=~qk`h*foR*9b<%P|ur0}xg*?OJ7FHu{54%Pa5hhENE zuKxy==x!uLP)tGIio=(!m^9|>woPGgc?c~frYWH5vPQopj(%F8UHXPgZy@ZM zymwZe{M*#pbthELl0BKxrTv+9C*s})VZ+Ax*L&b}V6azUmaXOwxH`Jymuzon&b54A z5k0qej`s>#^W>w3i2J z&RH~*X$h{`ICY6p_)TG@TJvh1=LHeXf{S1t7`;1BdNrodEk>Me)UKxDl)BaF@LNHn z-{zLY48_j(eba+l&k*cJn-23_gS?LKP_iT&F`GUn`@!L4+Y^uJ^Qj!ducxa-Ct`g0 za1H02$F%(!J8q=j8Msk8ZvR!6a9dSu+=<4Skv#YTPw+_`+=a81A9>i%0$B8+H|EN# z=R;?!wi+M!H)mICn9RL^RC2-2`IhnRr>f80evgcl4=AXl#>}-l83N+-{o>vrhX?BZ zMjHN&sQbk{PqkVLv2%pc!JL#`UA+9dBOgBG|7d7?*XC#y6}V@hcJ<7eA*C_O(FyAN zzbK%%Hp6wd>^A*PJU&`GIv;VjZ}Yoip20wf$5PFVcQmWSE@P7)kU(H-Xgqra3D6DLmxG#YZ*m*kCHJ~-RkZJ0A8iqDP#oUx zj--7!6jCxLTTC^FZGX=!>A9;QVkO1T?xD)=oz=^Q{m>&U=J@H$(3v8aj(Gu%@Ar5@ z)ev88zR$IhQ1i&~l1|o<3g1XHu085mv^i^MeQ+vPqf<{}MoQo1Z*^_<7If1V-Hkb) zr0J}a1UhDBU!&q`yU_T1aR=I873?JZ@rB1(s-_3~j%dXUoGT0>`CL$Sn3nrBV;TE8 zLVbCJbomL51osG<3T?{&UM}3K6Ym(1J}yhrb%TLR7rCbQt(F%34akeIw(AKl%mIQ22hGhs!zQxX$WzYmm%yAZ;^FFU{ ziNnc&8&WuKDE@km^b~!&r(Mj^rtdR~{2+-iFU?gAL?W2$&sj?O9Cm?z_2|0I+HE$r69*4fJ4CkctWfh` z!r^etE}5q!gJ|kOsq8^$?3A~rCgEawR#w<6lWJE%^spj#;E7Bk1L#zx=jKXwX^W@l z7;ahx8?7n_{lv~89si|Kl zKZG`E?RRaZWH#|IF;T(QnNTi~V~z-}^Y5x@@`+oMop{lrye%#qafM$W*ZXWSg3Z7a znSqki(g}$SwKlhelPJ@djJX%KHJ9t3Ck%Y_1Lq?+p~YCk5uw~qbX@J-wMq1_gyhXC zV!hYUq0{aGd!C%K+O*4gzwkoKH6IRDu}J1HTHP`ze+E5Xo42Yu>OxsFK&c@4dak;m zBB`+r|8{;KlhQF=F)HvCt$JY6*s3{Dg7)+9xeKE_ZVKxjGtQ%Szmwe27K)D`hKPG8ZMpt-rUUevlX+ACW8&kz#D-E676FPWGojOxZ#IeUFPJKo@Mj}>@Dc%LI zRTA-#$lC8mVQzb;Y6}j+i|O)3S)z__H~P?%Utu=@20#cgIZ^K zG2O=yJzq+z`4GC=I=9OARCk8jvXRGx&228wX-8ng{i`Fb4){^3fO)~;a(nd$p3mrE zaXv+E-#?mCKTeY|X}i=cHsJZBmuDcBog&XOCBeieed^}!Q}&;)%>Nk5B#rYbw~{Tc zrAvsVdNQkNT&o}&UasM_{J5u(#k#;Uq_l*`!@tBF3@2Ah-7C8J z2cE#y=@hEf70#IHN`%Ld4LjQyZ&UKYG;6Z=n%y_WUr2Dv#CEA#4i=oCJML)uLecOc zef>M5N#gboZ?Kql59~V#7%F*5N2}nH0{^)phfz+20A{yyDz|R>EWGZK_%}axYRej|2%Zywn?j!8}k+u?)0O>=Y07&rCZ5z zb^gc-QErRqrpn#CdD&AhJWZ~^p91&cTNCm~u)Av^>jGxxPezCQ;XBREe-Z;%V&=a) z!;Zd0N@2s>&!rGBFJPERNvimQ&KJ#~TdebE)sa7f-58saM1B5qasU2Dx-u-lzyI@J ze+!Ti;r{D?|Nhti%_pNP(O!#~oeuw~!aS?RtB051I{1QJ6WEoQNP~Sub6b>|khMf( za^>9Ej&(upHOA!ovLn`$gz}|!r27_56$=>3e}1kso7f?D>7Sousz>zyhi^!JFzm_y{W*!%{qHZWzm;p@!wzW!_D0-WA*O;?K4Mt zu*fz3Z$IMH+{oIKcA@!ZBP)BQ#IAfh(wA3(uQTfKe|(!(*zy14C(id@$KwC;NN)ym zJpRYe|L>lBg)oPBrGB8a@7{?}HWKlz>bS7VKz zi|x4>ALM|QybyKy9N2{94sDue9UeK?_{lMFtF?5G9hMfXte#brOm1@!qZizr-&?>h zkMfvUi4Dy;HG_FO+0H7lZR#z+`h3WhdU(HjRoc?-J$u>L*6pOxi=@TsPu=vV4yV9hga4Hj^T$9CNon}A@7my+kdv=!Shh=yYtOf z?`hV+2-aVCfoFl=e7tLW+kE_pGccRt%@@xDS$KBNo1Hb($%Z0jbrIs>SoU)+c2w}h z7hWpqUflh$#ZR;g5(s1Xu0x%oS6mQ+`VT89CmS*z+N@2D-WYD!{MqgV=`%rreF09B z!0WuYctrf|%*E52ceFMZeRg3SDHj{j!OX=&LwrR*O=eDQRTVX4MNj7-HZXjw7>uHU z)QE+Z^)ZU|3TSu=S8}ki;jHS@?`YwVGWQux`>Ev0#XTSA9sK}J#zdpH4R#o8`pi86 zIdkos_;V#5Zze5-0$AD3gB(^d+5HmZbKuG`?9yUg9N_tYic2MZ% znXr(M*P=&jK~H35#m&uGwwA|(z}YW&M4mXo`Y|*#fXAZ$I#jD08mM3ry!&Gv*AEpH zU#vSO>W^3HtG4};Uapcq&SyB5bF=@MS8)wF@0u@qommB5;{wOq9k8SFU$u*gYFvU) zF5sDx_b)V-Ce&ufc%*!=tFR$^U~wo#@HIT*WbDAlvmLH}IB}nI`E75F9cX(B_;vHr zo6-F4%{Z#Zn)+pG%GJ;d%#m8obG5|rWBlePVcIDH=D#0fpM=NBlGJZ4c!4!%QCPxEZgX z!Xzb;?#j<$XC(Zuy@L05!2VsBlzz%7kotCizV)$(&~6VC(H@y7L`lPNPa3MKO1P*N zaI9)M@=L?`Z@7vIRyH;$>V|Em_9@;a5!ty243XaEio|??c%dD=6lRL-?u6<{4S?!l ztiDbaX?eLlQQ&3t$jIAQ8r;(>d7>mt=Ty|i#Wt!h2R|qdw3(~SPkwd+2xIIVzHnhv z!`6#9aaoGd0ffh_oAtP5E9?e0_hscY36#z}gb^A=Hl%&kRdNxo(DX2^aFEj7sNfzN ze{xc=p`pQ`>zg=!I_6vQJHLswm(#Mg>04Co*7Ub;pBCM3=)g6LUHS42_wFT(J)1cm zhqAyuKE7MG^F=3)-&ljT+(4p@^pBmjGp)`U zm+bX0-$}k4QYRdk(7yTOeo@b$)Yj!rT(3>D)7l;{K*%;1MErLiY(yM4KM{1Vy4)(1 zkUcbGZvzpF%lQ^D!x`_21>t1Z$%x8?PT9*YY3iWtpjeW2jzoAPG3O~#RDr^XKMmj2yBeNQjlW`j z=RI~Nq|Oeq=$;d!WI60&va;tTU?@Wx1H%^I`JaV11(~Q|ulPXdjGZVMuinspS*<6u zGx6B#c(A%>L8XRbB!od`dJpcJ!Cbp;-th7hI|jm|hD<6!VSwaUR;j2qj__#w$_;&kH>#>(=LdW2<{ph@|~SE1`(8> zz>+(^EA`~b1ABXJEp2U_>cX}2Jh; z)-X@|3}ubC$HlF8H8ispBmAA8z;kRLGv4}N5e%=qyhv)b5!Ni$y z&U21q-?#n0Z3ifIh~fcDw0sNX_o^6ZQzWQ={wXzVhiX83Rg%f*ZM~hz^;vF@aOqsm zq&GP{pFY{JCQ%t0S__k~j9S;>2W2P7#mAhbD4*A8ag1vg)UI?v-sX4-N(~G;Uoe{Q zyub5%A9`RMC*;nYA&iWUcI=ax4cXjnP7&)l5ZBzR+@*hHYm2B(W7o|{t_xG5%KlbO z(Q{y9^zEAqy)ALI_wz!mZwqCL*CI=|&6Ww<$T;D>iB*>Cu;NA0W)QBhw%kc6U8C&t z7W@+X(iqvXnRY1dpIwl6DT)hnK_vNLC9O&Y`S<|gCU&!e{HNaIK>{b7rgLoJsh|B! z`n6zZziznAk9s0r>7PFF^oVQbQEt+8&n4Hp)poLslz5I_*`sG)e!2$RU9b1H|zMPB!#i7PRNs0=TS!pD+8r%yex%pT@zq0Ji(>gT^$WxhW8 zCHAt-2QOr7V=G27@zv?L-pIns||{yL~kD`*r^l~nt)fV8IS z?aTQ%ZLtiu5=VwG%^m#`bl*v5hKkW^dktU1H^;7w_&949m~GoGF0+7ypGzz*t8nxU z2IFF1NW1z*`11y9)fyhRKMav4v0(eA9FaTnv%==QE&u`#TZ1UGhI^$;h9N`g7C~-v zitqf`+wx1gdKNoc6+`nfNi*6deZUs1Jh_RBdpn(TBsE_dKCJk_9&~!BtE%E{`**)f zi@nZZy!_!f&H_e*J3D6avXrN%=qajGeDcRC4Ti9X#cJBxbfv8f?*h`(eJC?Pretxk zK{vpDPDM%mw>C-3YAwrbRUt_gr#MJgnV{ao<>>73m#8SxNkJU9Y`+gj`=Vc$g z;x6)3**q@v`DZuxh)2=Mm6QoXTC%)3Y}&sk$hh@%_FL$e-bcInT#*Koce>E{lB2 z=8K+d4Cyz`T?*^eli&B z%;xa%alnukEAM6!VIHne=k&?jALznoE$Df9m(;^S==2{j8mW*pU;0vP8EEw& zaM8N^-si}QipU9-&O!p0;IiD#pgHWSr5WF~v7bnYj@Q0-@~f*`8U-_;2Hn1U_g1ft z&BW1xRU>)L9Itj`6s#Xc6Nd-!*Nokowkn|lR8es_cWx!GqT+$ee(O=?_ZF+pq9ikE z5wlw1g^MI3&(QE+_*|9YDKAs<#jEg8R*Y+p*wWH6Qba(&;($u!$yqMl3>F~#q7O*d=xjmFR2ak`*Qk2O?E zIyci!T2GG2aR2bgNDuCFT<`2PpVx7wgfj3hQ=Ex=8h_X_Eo@l&n1FzhlGJ-5Jh_Mx zt%%x-44(aV`yCW(q)?Y3S}HtsD$FgR!lI5#tVg5hC>g({f68{L^T8Fm+IcSe&0J$Z z@vn;4-VOVvn5~S36SLQM9Ue5^q(yE601PORsh4ur+>ePLTS_(t0j-z2=lmX^hZpQg zlAZ&Gf!to(SWy^R_*e~IdCjR6bj3R`f{Xi_MY|`mgfeS}fm*IIy__>AiY@h#z~_SU z9Y!EwuQak|t1<{kpVlsY{Xs(FG3BX8m{_$`U^|p!`))4MvS43%$kymo;5!)F*=hqR z;1p5X$zmK9e^B)d?lH{a>n8`eW6{3^;k7u@LL(rlWYb&8uHp=0MyvoV87HXX(%~NL zEUV;y9X{>Z0n(Xd6U!^*I zyq2BF+Xj#m5fN`cj3-KoP)xp(7lrea`l0Q({d)Da zHQrP_DKdqr$+J51HUqv77^iA8y%hw{3% zIWHz$pwojZSVk(16{IU&70p1adROxZl8v}kxD_^h`9eWq*aKA&tPmK!KhxsY=`2~y z*3|*^)ZOV17GfwG80X5xobow05`Jl7IzYHp=`hobbnxpgDO_GB2^}K2k~Kfw_vg;B zor>1IQ!<>cvWF@xD*lj@!fT~_HsDR>wCBDS2?RTg?B zaaY*B+d{>%fGO7~npsb{jyA>KM6I~hp~msp zq=`}IBYYfl@ypUsG@?3jCDw9V(B~ZOHf*JZqJNZ(P1*5hSk1l~9c!Q&ZMtj5Sot#^3eie36%8p!%(>2QeS$kdIkDlO-> z0OyZal~&OHart+{!uQLdct6f|%(cAYU2`iG`EX1H(k_~rT@3g5_3Sl!0PaCW0SO9) z>ToaMdUteCxQzEofF|{=Z`G=Lkl-fZb9|zrjD%z!7w0EotwpqWq$}zREeiujm@!a4 zWru$?o*$->=bIwFiVYYqC@vi(tykr{`D{7@G*P&|orn%5Z^68Y*q(z9 zdy$8f!5pXUwo(3A1GJ5}lIP869nc(Fk<#XGfplw{IDz1H+@AFsit|8nVA8+;ph&MC zJ2=jrd}#<}*l%-m;gymeJ^%P03a>vDe}zzy&y}pwJ-!YWA?Ynf&iONk=wC_VWbW9f zRV26$!Mrr&1WA`Pw7IdHGo#%T1bowVa2FBp>Bn>m45&{&?+&?iAta0+@67&&7L1O^ z2B9qm;?7K>BpH4gB3L>7NQ*hnl4E7j+%BO?(&1*s1VAG`*G0TD<|i!^na0sF?mblo zDlXrwsqZ4}-T*v2$7g+MAwrx(9P){s@90O@4!%fLWf(TvB=+IAuM7*;T4m}60w|)Y zll)$7qSEkA@0@1!fwp0gHnQ}6oO`DxK`^|76%|~YG5D~Nf2(o`aK5xL$1SQA^~Iin z=>+kkyDqPXKLWn>rm`5ovsd4uJFd*vJSV?{pxKUD)w-S5x$ z=KZcA;&W@ossm%z{5B6+qVM0oKWX3k5C)@9Hs6{Z;$!qv??b}Wj^AN z?n$U>TtpU)=;&hxImymPd>%VnSMT{J!r&XZe;=Cas+xv%zAH12ozp)I5ciLtHJ874 z?^*lz=8&s(79(;aOsus@U*E$=$R5xNv>Sv%RR49=Ng?E=*qr)ZjkGZDKoRuF$pk#EK&gysz5{0%0SI#fJ zcN%BKxf)_4X$K~|c`p|cswh%xLm0?2JiCvNMjqB@yymXp?|;U?B>H--j!w`6FuJ&# zfj>HBSf6w)(AhqN+g#{D&h~jgY&}?{tgr7x2`Cuk^^OxJ^qL(kh>O~vui+3YUTTZJ zG=n4Ec7YZC-pO>nK*BtIIe+=4^1b7di=&Oq@@KDJ`($?JBOC(ugEXm^o(S|VU2baq zy#p(BX>EwW+4=X=$UE5I-#^QZZ4RJ7Qo)?&McfuNHKiJY6E8%x`$H-hVVzJU^x31{ z_O-T}w^0gPgv=g9`o$V985!YtcF($JUbLuaUl>2v6MpsTcx%Zi*Q?=@Zvt=%^YWti zxZXd|$W9XX7CYyzrKguvbm+D9#SYae3QaK-=4fHHcBepZ(dI*Y3cIA7xd4#B?7i7o zw?ALH6cJR=ci2mUGeAJg6`Zs7z;pfN_+FbbB5T=iGW#(fERzO3pUdP%lxBfa=7U+e znvFr7fe$!7aLUXX@!j5t{tpv6>P$_6QhF1xjUqd+-K_W8&`__HVb(VuN7+xjQ#7WM zmSP$gL`pJXCmGfWB;K2dl&X7FeiS4@lA&OutuA72*h9(U=Pzv-M3g*#+uZeK-?Q0< z%eS>kq@1naa9xhmnv|CFg5L68;BD2;N9WbAw*Dh_l@G))F5B1f8 zHYRgNS51QdSo6Y@pis9FL$p2cW1>&X^(t-OEk>fp`h)Vh!ph3K2JLvb8JLpcUnmcJE1t+SwIc6v`9+zmj_wrh~i(P1uFF|R| z=?*%V(Ni{ev(jiEugaa~?OSOZtO`wwXvigg8QSl_XSCsNhRQy`ykaC|d2NLPZ4fH8 zYE#8f=Tx~+M(WK*UwHMi39l*FUCutI`(zkH^XjJO9Hn4D_xs=><{o_6Dvg{qKd3>4 zFQTgb5YtYVcQ z@maY34~~~~?;EmSz$+*PM%Qo2yXIDmD#zDS-6f@W(Xi~`5sDFu%rj{9{SjBjyh}xX z@&z1@dFK+oN=%e8d*C14%xOF8X;H9G0YoY+bb+w5$ZsV?Ws#mEN0ChbZ={Em>7B!_ziE+?L@!9lZ(nP#6OjtP0e}*iWta~YMF}^cSPUviV+*U zqv%}@)%WE}3bzsdY>5Uyk>e0}^{VoC5j#WkNHIm1oypFsDeUl<{C-YPr{(2=VRx#(dv>GxEjbME27_S7N zE1a2S2)!~k{j??gxu*USVX?w3(z`(g&UT zQ6A+YwpNM&%b9?Vm~S6#~D~iB~`D@65v1J)mjoDP;L)| zW>&JkKQASt`01(|X}$sV4l<|(LVa-3mhab0*H1C4*FgV-bSyB6;lwY%r^;jdqVSih zjh>c{yvWxwuis-rMAgcZH&UP$)uZMmmDa^3J2N?dS#zfBb4nYJrg90UcwY*pgBI2me4~R$Hrszr%p^r?JI&LJCqib!RDe9q@E|iTOEM-o7oR$_J z0~!6pqm`j)ILwcdnwq`5IJf}=9=ym8mkM~Vu-{^kX9JzH1z-c3=-Bs%twgo3w|R&$ z>+g9m>*sCDcXV5Mj}oVJn_td&^`tj_#;5j&XChQ9fL#OrN?>saaX&f}&A3{YGKOzs zU*$eHZm084ZrF1UwEuS>zh35T3J_VZ<*!K$8Y%8Po_7L>5@p@GYZfN%JctRz;OxG9 zw%lax8YZW}y7n@)fM-f9YJtE4P>^jXYT-nTmjZaCq+yOV_ZPFT+pdflFDKWp>}d0B zCM%dg5zzGGN6Gba88@Pyu9ZhxT20qzgq-&tp?`jr5++;_cMS6d)^$g~3x!K8nql@oVl|)ghruS?0p<`wJ7wAOMe=*`+BGpd0+!xpXE$w z)X%;cO465Bgk>g2_7S@WNOm%#(=wWz3nOP1wFeO z()>>!X`a8DyGJ1vM?fqQ0^R-NZEFlgs5aK#$FiR8!~nrF<(Uk_`C#PsRW=>WQj?vb zEPu?y>2yEwfT{IuHsGR$zYy?Phct8*HYTQP&d7|kSTZ3%veyh|d4@_Uek0;H5#hp~ zB=N-49PdKq_TJE#<%EHxO&2R?h6n0J13f15A$!eyd`UN-!Z>Y3eOWewMg)NE{Fb4H z&~_}SQR6#1_W*v|#@m_8eLnWACr<-b zNO{lhw2i3qm?lgn`uNIZLv8uqrO9p$C5fHkQDEaU%@^^!>m?@=YRW@P>+&6pQwW&7uyJng!}vT2j)~N6p(Nrf|lrk`O|GB zrMMaVs93#3(y~-TeE2t+X%T;zjUx7pv{M7$ZdUGwCS4U-sND;E-$$kvYrou>(2%E|8<)_d3yz7OXY%Yj^&$|Bh~d`C^Ny_RCS{ygaS-vt zHeMbeezR6*z;GF=YFbNq zQBkrY;vbW7fZDp;IS*5N739k!a^ywSI{t;!$i#6QaT&wPFiFyjM zTWp{7UZefwJ=!Oy6cPRzJK_`TrcgjMKzZWDT0G6F$|8|koSOGCjL8nn3vU5w8qluy zQm$YkNB{HF-M?Bj;G1S|@TexMhK*F@R4XH&!IBt7%M|b1KM2tqa9Zz+zrAT_k6UlTJxFWVnKWSf zRQReBe{Y;K!l)<4{>`W>!xZhW5iH?(|B_WsVfcg&7B|MSbR{jzDk@gl=BPxSSvdHd zIPJKy6*FSptGTr*jBzS-nedd0qhW#XcAWV+1ykP3L*f7sE{rycTTsOAj_I8*p=h>+ zhtA0nG<@Yy0QKHYrU+X;7L|*o21_0;5_&Kw3gylzuBbQ-ECaF}0JgCID`MAt*Ya)u zL7-$xb3i(4OK-IBty)D6WE?wGY*3tUkg=QA@wMJv;O^b=HXw}c4ck+syf$OJo<>Kz zl)A@N;uKd=yK!Te-nQ}C*#Cm=zu(rnwkVtHG6KZjj$bF~TGGDINOJO!qmjXnxrhAi0 z%;%80jVoid`CNTLO=O@{Jxk|mw*SVHn}|{cTX6IDU&l#8a=BjA2)P|Tv%-B0en+7TmOVI!%V0;fW6i@uJ!rkx}sEy-8S zH~+zBU`)-DZk z$szF3;FE}@cc76XfVO{!$;!ajo!bU((nGXIpC=A|#4?zFUpk#Hn;vhRzk3W1Q%uiZ zW&Q}4w7sqP<8)+O4LC$Z;GH933VZs#*QrRE* zEg-_Ze>p2~HWEG6?bHh|jh?r>P|twxlgSzGN`()u-pJEA49vuIf@Tl**J&^un7nN( zDH(AisjeI0|6-+_wZuTlo$)=(S(+}X{Sz+(zelN>#?=!qk|htQhmKvBp3D+F`e3s= zFF1PB@eCk8qO+ z=XQJD53&%zKCNio5!2q1vj|N6mC-n@8ApYwo|1s~2e3%`=4;@M^shDDF4likg9r53=w6Zm9MpSqQA!^0blkq<~bJ&dHd z8xHmtebQpuw%Q!AZj+5$Jhd+TqhcftzwMbr_oBCMV2@zoa;<22m%moA$GWM()s7&@ zTUS6C@Ao`H#O(P;+eTIrj3ZzuBAdTs6(?_hp?vT`O&9%A!0Z>r}rvl0Ia8V z+wVexLTWeF`=C8Qha_tL1PAps_=JMDZ>5FPGYjgeD?$~S=(>*~1f4pk@PIJ-gN@}=&1QxQBx0*k`S@>D~arhA3k$!-~!2QOe{_BMTC09kWQ zJ-EykA((&OE0_R+c`##X0$wcdXnYP~Ws!f3foOnVj@@j&vJVTOK{$V zjHhS4Z9{C|T&t>*UT127*ozR0R60yu0f8lE!4Ll>v^p3CKm0t(sA~w8dri5pT!vTq zGba&e^yus*80YyM**sxIm#%D$is{WUSf7ViS)`ReIlNlIopG{vD@o;6@NKlp?n;&Q zuwTT{jPYg)r6(b@06p$MS_CUSg;L*|`$X#{2HEP5m^&hl&Ju`Ez<3mb3NR@rz8kgQ zxU0ZzB<20(GY4=q+;Q?`YIlCN@>IY!meutS9(H$}hyG%lHBD?+zvu`qyeb%JJ8JJg z5dhy-E5f5yb5dex`oCp#yjq@OU?9tQ*cfC>fON8OVvz8K+oXp$l|@W%2yh^#+9;B) z*X2#+;dvv%O44tf0bv9HICr#0c&)RIxy=`1O>mmv)Sx`#``6z|+`yLnQ9Y@b?Zykb zSn&{kD6aE@Dh(CVB*K@<3?(B6cse@5(R!upK`+ro zzma21iQqcB$~OE!Nf~%}{vU4*dihbX{~)HDH(H3NtI_6d_UZLAI3{;C4&EPh@YtSHlyGoP=k{9OO~AkrG<`as${_y* zCq3Uv75CmketvAoKN#mr(cM4(g)SC&dK&?w(Ux!j@eKe$D{!Av2J!iB?akj82DvtI zD{v@d?h8&;gt_*(_`5zp{@Z$L=Tko5AJ0Rz1wtysUtduk|B0%D__`mC$pF=;j^>9IF{@r1XnWCD;z-7eKi0V}YGX+XL+u^fT2#9M44h@{M+(`5R zq6pw1HpodC5z55ZX-J2-Sza~ zlmCaHpjgryf|r@~dv>On3F`E4>BPC9+h!T5 z^V#{;F0jNMXhGO? zX(y_h%XkC8@gcPI(*7j5+~1x^Yyo#WRt$9ps%ZP!9u}zA^UH&R8Xg0d45tf)L$R_0 z=@M_a1E7~in}S506Y|@wK^bKLgf4;T+s`}{EkJ&M^;OW5LA)*(xn&kd#ow3SFz#88 zXv__v=tWV8k9)Qp-*UR4x5Hrl7>$6~@E#M<^_cT@|8!!3>jC8{tGFe7Fm$q?m2}D) ze4_DNS?x8BbYX|+_DOa*!#;ZHWHk3#A*Pv21y>D zWYA_^4|QO9lq=jgGMRvey$DXIi5xvCqZ0_{$KZNqfbkJ+LlYw-kMTxL9A9*kiqXMn zWH?#|Py5GE-K7m3%v}mm5gI59c9w{`A@K0r;Y3B~zap@u5;rnJ8aAgiw6!hW(un!V z5!BlO!UTLa==FSRPh~jLV<>d5PQCv;dr@vog6=aLD|+}Qs6ue)$ul^4^i5Wl5pb|I z=AURV%t!wnGmXhCmX{Vd1#>PqMK=u&XP+G`r1x5Vk@Dw#kCK5K5xF1XwsahE>78@` zKf_F?b)CEd+bLek6J{W`5XKAHEBfnr@e4__fAAtyp_TGQVD?{jzP{?MRh=CEymfic z?PYm=f2bg1ePd8cO+OFCFWGa)o+35xtVNe;W?c5e9(0 z_X5mYPVW3}%GIfhWT7z7Er$6hj7(_>bWNd$++-dLCqG=r1>Wr;L>i%ab0^e>Qb4H0 zncSgHj+?JoRba%Sqoa#Da%#}E1riUs#XHpsNVbDL1nD?3?rko&zYzE2O^2Na#LS6_?@aAfm9WKYR(=xA7K ztfU@*uXBHP!%LTkpTgt(5KkhH>ufvxrr0wwax$em5RUXZ&(0pWfBwRS=9#r`@L$E| zIfWi82l5IpD_3%s^_(CKqTXeVbT|*x)aJN%zm4lYy{}uRQhgX5eNVIO$(^2a)#35Ns4KkJuOnAP)GRb(^4?piBS1KJ-@ z?N%*J45JAPA@7^#e8Pe{@{&K$){J}!0v#I5c`}V7#lKcgqzCRZzziRlKQmEE@0zkvHTswEP)>6vG70ORSQ1lyO6vhOmBx27DW7^m2e?k5dQ!~KIen<333 zXlg19Yuz-_KI_{}2Xhoy@tGk^ECK zSM~`&GM{!2`9b(oI!rI%xEM*j1hMTtLLjDTfL1arIV=-3y)>>#0u|UEy_Bdbp$};I zS&|;=hysF4^=w9+hmZClEeaW&A(h(-WW@<5eH8H5DKiPyH2|I)kZWRi#ydq-5{S2@ z=5Gi)FOb>m_K@5moQ#Zfh}Jj*aSV-KzXZJx{e4|`+^~?Pu0WB98lmS8i{oONSLHAATj_#ecnclIn(7{1axRBKllJ_1BKi|Oap)0zY;by-pQT*|Kvd>d!YxQgg^#cA)Fw3URp?QNVlA3 z6kHSMu>Y0shL(Kfw>-n;1n5x+3Bsb#VK(=3CrNHQf!u?TccSHlYiE#;?3Joh=j&nVnn@(aiSR{G( z?p+D#Lzi68h7s>C@`)D+dk0719Lv&Eg5FPX`gg3rqnF~8l=uRFbnXWa_SFOq07tVI zPP*B63e`hzSLX{0!9E-~PKX1Stqu~!w=v6Jgb~^EqJrQ$WyPKh9Y4MNCx`)oiH&y2 zq26$W*o)9{HfBUi3o2tzJz77rN@`!~0XY*(qz)UO9Z~Kh0v!nYU6&hvj@H5Y73XbP zy8)4a&m=VC3XJ1Qo-Z2yV!ySH?~bj#w4DeYk7tft6TwtXE|Z+v_yJuS(BueI4vhd} z4ExG(Kw5q>r(#-VOU1gyT5LZ_b>u)@MD|lSv`OSH(WT6u3C`?*teVFLh zq6kSDMZ69B7%D%3^1tBUCJ7X+zxox+9|c_Rue!XrnjRLsNPAFKVR~1mj2V={%tUhk z%{Q^4W2^6u+)t=S_-*S2Pn7j;KC~aZmDFCb(E}!0P`!RLC=yJSj8=^qv3h#4qU}K& zkGhqbM}pBdC_NrQW~~pF=~bqZHgQJoSO3Csvy zvsLu3MWrTp0@mADz5Q#+$2m8)P!wSXpr=zP&j>aw&u9;SMsgp|2l=GK@+SkX=g#i* zdi|>aFghOop}=o9aA~a-TAB6|=sn|wRTWlFy-78&a7>bm5eI5_*$15~uHXAOT>)zg zVl+3pte)X_9Dpw*&|bqc2Y`R*W6*;2u2ggcF|g1S>6Lx z^w_58%Rck2*~3N`10ii~j|tcGm}Pp1v}p`yeqYQ%{&c_2W1q)E%%DT!hCw|cV243- zab!3_cNm^S`WHZ+nu;NgWKA(}&swsuKfd8O0s>C& zlXYWY!+SiiB}*dO+T67rEC`0{ZAz3HLScb%SsVux3`DOBLU)T$<2TH z(ewx6K}UL$u6*#5qMQUC0hb z?Q}5`?k64KIqJvSebIpRP{rX+(44q#5#HHyqNd5Poq$F=aw4Y^@&tqz_1N1PU8$?4 zL2PgNTO^jS$^u93@OC&~C!4Z2iu)tp9E@GiX5b1Cr75x2QW zWP{OyMF7(p7$uYjH;7(s@EwMeFcd;R5`|YF`kp&5^oG&q=vib30JU<1&|d!i_gS;@ zPE*)n2t+GohLWX+WkdsX#(|VMuK@8X)!v+)S&WJ*XY%St{7gRK7(QX@bH4SQOgrk~ zah$2cIWL6$c76TrNDo&6GDD`F^Y$Af)R$?Wj2{h^2*WHaIA$U;W-UrZN38xkKCp7K z5|L?Dq!tk}Icr2DyuHE3lvfh(LWg)N`zHISkD!@<@<_T!k>x1W5OLx&&Pyu>cq5}9 zJiV6P5aAgnGvq`TevK`=3q>)oX?XQKey!auJ42fB-Sol4t&+{$vin_zjVvm%8}SJP zu9vzVmOGfu*ePd@i8LLJ-e11jAi5p?FpDv2LvFA3S!4OpX!rQ@uN0{x1>(q+f$cP^ z>dkNWP4))UM*Kti;5X+rP62q`@1>VNPo=tdfhE9BL7sRIL9?|@&Z_#yzYnJ;PUO<2 zUda5|QA4j^Ozpn45HqjhpZGVHy$gkSw4D|Gc*$&G)uB|S0pH6XqtT>zmxQ4q@v02g*JpE9s161%YvLdv)2ss9jEkPo6#` zybAyLiwhUeANO?Ccjv^fy!R(VgIHuX(hosFw6(RBzt=u3=JbMJ-6A_UfdjS4wCfGX z5k-8UF!2<+m&k?u7Ks%tCcxHs z{i>M8AK0-tV#@BlVMX)oK{nz07ce?UZOsFe9rRpYdX>#?_G8vK2eJxzq|%X$(;>k* z^xr+9)$921VGv)ht+mx~yv`L0!~%N%(b+7D!-oZoqJ445S?(_}qd8#NXO-D6orS>3 z!=InA)~wG<0s;t-$-vi=hv+#x0uqU8Tg)HD!sJ|k;?y_Go4cj9g0bby)u`moG?QJ@ zL6jmN%x7#T*2brN&Yda`6~x4F-qz5jL#jSt{|WXPm%(HC{mYR1bOn>>_Z}``MKTsQ z=v9xCEUH%@#37r?;e_Q`T$;LT#bkwe-jmXhI#nC^0gw*~r-|k={cpwe03nxTD@q_G zp+hh_{LF^U5fJUDJvL!qX(6y6Ov034dKGB5nyEF`yL0P9W~qLSV)Nv7v7=~Uorwv@ zNr(pf&|e%Wv#V}$%}X7pjj#MKBy?wM55H&~Dr7U&rZIi#-7xn{bm_AMp)?pVX}qcr zawNmqm!jD1Vjj8|G8e~G#)!XX1Ez3dST-W|OnI7QgPvE|OcrI^ z)207-50I#g?sQr86up z{)7UyZCR+pn|O)<#ZuS{hq*CCs1lwRas|&cn5>ygxY%G7dNwpa5EiedTykt~&W5%k zl!mbrkVz?+?JivJhN1h|+qWgdBjV>dXsv8)WaQfR z-Ix(Wo2m^yTBaRl9xdw^(z^PAQGJ-IE2sOlR-eEyq#J~-AE=JCaU)s@TPIJF_dmNA zay=<8^b>2|vikmrwyEgg$+%7dnC>q^pAnm!%$?EqdHnb+$;f))UjV}V`&s@@wEF$B zJ7g`F-%mQf)n#m8xvyIMDnZ=4!Iq{6K|P;*N0b9Fi=R8P<2&4idhs8L#N5=+X&S{& zN%`>e^M7=hYtzA(?E@RlT-Eg2&I;t~yx3EzK~sR-5!d;44Fg_d{UX9c`n9#0ZZ-32 zouzx=}Xfz;CpfCYP0V3LgUWE3kfCdBF+$TUaqdF5WkE#ZExQO9&ggSxW@m;p5 zjZ{kBhP5*%;xz?vh4=f|{Lz6hqIRy$Tuoi7aCLrg(f}+}z$pL1PHawPK5v9>V^>QE zftF#9{*1~2Hqj6+x~k2yn?thg*|>M#-$gLZ=A$XM!psH|)*=UWX<=o>#2ef+l<{7c zdu6FthjOG1J!@!Df5p3QLCWy6tLeU$YHDie+uOOS*?A#OCvCK~eyP8UZj*PCd~7N0 z`uOqVCVY*3gL{c|+!_7(W)&^QKYwzNkgOQkXWudT%!sm*7Wczkb!&T^Pt$=Y>2qL|NEbTzy$lh zpu;|u{|!3aG!QGhuF%Cp>Nc+crj!6*M@E(ao(B`}sE41>?MqSdGmM8Knb>&uKGpmz zXaoP{^oqaHC4P=pdz+C6n!y#bvx+~DN3rDo2_cSQ3}Wq*wsw@2@ab{6Jhu9rtQky> zP2h)tFuW5)hbJ_0LTSyA)B-Sk3~{mh@ukt~Z~0x6ia!^iGGMm<{3)dFpF|-++6GF^ zWvO5HwMaxxoh}gGyThVrV?Y4bpMV)vXbd5LjW~`T+XEe3|1hO-rRS?_9OmxcQbQs9 zeTv<{E>9HRHSr3CBsZ1trthc>PzA3k@Tc8t#r2NV0KMwT7RKcVUw(J`fPzt@`&>2L zS7;j~jX=<4sen6}fX`P`F`EiWy2k96iQ4!oW9_4ig6=Ku`irVY97oltvRq?n=F!X- zMIga8yOCp|ZT3m5otS0)-9lZ(^T!jwIU;lq4ANKRI=&EuKsh_|P+8_^2E1(wfzks6 z{lQ+_kW#G2V^m^%8PPP0j6u3D3o9+YQP$d%LQeh`Pl>dXXeS|2jDd@bEB4qxYrW3? zQxBxuv3k2a=FqBSL2OYs)=y-?D|b=BO_sp34avgFY3H-DcBlP-I7Z`l8jNQ;;~w4m zHQ)~0y|0+DS15;=odo})y=%S;;mdXyczhf8#@pZP0m+tcf=J1#o)EL&JhoCS;x%<2 zRf@yPW5Ae>M&e!%?+XO4=fmp zOrSLe+Js{|SX}^pi(l(eON})wxx1SZ^DKw+x`Qm}*P4{&y++gaIqDzJ(!5hUDqSfWQ zgAM=tNyfbFL7}Fb&EHK4(}~ufhbvv**L%uwh5K5nf(oSDQzdBepZsG?ts4v;4qx5f zr%nD}lEkmIu{@#wP7*V?4Hw+Y5A9+zn=#bv$THe=rOyZGD!vj!wfOvXc|?;eak(omhr^@qCU!nluQiI(hp4Dva!ebTWh z7UE^NX$`GX!Zz#QE?K8e#6||8E|S+%lf)hqC}yh)SVq6nWb40u;8{z~O=P+hcC@AB zn9z_wJY5HvF|_^`J$pEX5MPudUZ-WIp!o0D;TO}6C85cplEY1ytm#!tRD!TYLzbVA z^nx_5^UOK{Ydj1p?ceIIF8VA-832`0JinX~id>qDW5Q|U1cwhCU zU7MY{W`ha^5}kY?e|I4wKAr}{$06N%v_99@YqY{2=(d*GaE@gpcadukI@xK|y?Q1Xg&^+No>a*IUrRVi@xAy#pZHuB zLT9L0$Vy$vYjL&QpcOG7s~kY$kez4CpSmA?=AkFuPpE^O4%>MivS>KifjGKHbB6_q zKz6Dgp5{;NR)ZKCre}b33q74YbJXJur0{$IK}gEJJccJuy__hXa&!*7^k1h=k(ReS zlOh?&_?J9nTRMA+=e?zB^Q{VyYJYG74DIpuDqW5K|OR? z>nW8dHv$FdnOszuO1=JK{Wd&I`eT7vP9JJga8J(fOacn$^p4xA&!3*&!7< zPUt*jLn9?D6FGEABZ?)Qmtb0o87a34xQUB&V-vd4Kff-2j43f zZ3p6n-JzrGAxOL#*aHEOWnuY?75PZ11W?qsV97?9q$Qs!6R=vuBzhVw^rp#!`pJF#d3CP1^Y79am~G>AO% zaU;+ziwx&C@$NMRVO+RAB+i}xT{5!&|CEfJ)*c*63MQ-t$mX^)J+^ zdU_z_F!dCDMJjGztEjRiF60rbeEGR!Ei&&v{|>5{u_H9`I5R=rnLF<*e!KHh29KXL zGr>eH01V&fFMhDf{S#PflckJGb~b1|%$tUx5eouvZc!UOvHx`dmgs@PYycf_QRk7) ztJBC*on6{w0gayreo+Sp>OVOe^!COk&u9$xDkmDV==(6=f6dx{oosw!WoK<`zfQHo=*! zVKp^YNl5CWv`N_3EH~(cQZPK?4N@R52uq59A+eL>nTh>Ha^!YLpx=rMHjGY47Bb2zHe>my1>eRvUwKfH+Q3Qccm@njiJ-ArjX1_~sxw*C!bUkf=)LZzDd29rqF=4(!Q*8b|% zR?-KyZb6?;XzVB8=+v7#Ntsnu&W8jf6uirfy)3j$4o`HUXt&Oh7HZN;nTYgktEZgR zG-uUyz=p0dDhrWa{Yh-^Or6I1Luvn;MC3z4%9_i65|Q;+$%QU$_Wp4;&>kFyb;-%1 zPKi5QMv^&-KIht;LjurU#R&ag%lRewhgA{#TO))jENb-^$|HlOE0P*zZLUJ$Hr(*3 zEEQ@dQenO#0OTD7`wUTiZ0~b9QdDTa2OO5$HuTy_6&h!(1*p_N>K4^b8_AARp5_~A z*rmT8p#`HrU7Jm0T#0B(n9BQy7w=Phg@S@r;e=7fuWf`jHo&u^9?^iPD?HHEB)(^~5*-&&?0FTm>X5D8gN z_zby2re6tPz5L4TxwjcLKj;N@0wme`Gbyf)XGTBIQTOL=$IQNGd zH)ACbZU8$!KOLEXgy1cA4J{5mJwf$@Us^OVtpCAGZi`Lzh53&Ku!tN1IRrwljKeS4 zmIVheJ=qIR{U{yulJ?PcCt(m&UfRN{-k2-rl-btbJ=CB~?gRtZi{=slUtusS! zFlqTc;2x*kx0c%A6&jWgpy43+( zY`^=779$+`(V~J8^=f;3yx!emxqj=TV~zmIk~WorJ!28}eU%}Ny@)DK8nY``uJAxg zv~JxKN}QF$y=CLU0xhhOv_Q-cov^@c7FKkE2WrX+6>aKIFg}=OZjh7<8M+`$e0V&R zNRa$Ys$l+|uK=FkbC_MGch9zqoc?<11f&nQFtG*%p#zX19=1#BjooE>FN3Wlhd5tyJdm{ zE_OV~P(25L4nZ#RMC`yi!I?mWU`#TL{Qcb5GT^7E!Fna?+!r|^yT2h(j6}Q&gdQWA zw5NyvJIoS!*-`J~4VLb+t5E;2E;3CWAw>d{zx`j4Ev!PlF{9>+{Z01nChuWehp^{6 z2}tV-JH_^}|HknCj!;J4Vai@omT2-ebTsXCbHtdPq=0N&$k%$(-fTuh|DD*}?jOgF z4Qwli{^KH`fl2)je0J4BB9)H$`R~VsA5=6>e+V?vyQ9HH{m(xFXcnbG{hMz7t!Do7 zhv(m}{=~-ysE&PgQMn3F zhCKb3*abOwdW3R>7v!sWsoN#$peZz_tit7}uwZZRR)3VmbwRW)>`-m(#i zUngHhUi92;3=(;AIXY_4 z#HK7gl~j)UQx^)NT*w4Ad$N;4!te_~U6IfN*Jq7PZ7Y_`eYtASMoj!|-JaLp#x2++ z;b9t~_OW>8CrLjOtrbF9s@4>p$ljbu`^aL!h*>m7v<#S8!Jtd&MB2FEeRlMhO$V^0 zLEv!5;AQivVMR+g7IFa9$aCk67w}j5bk0a?OA>6>u96|FG$$XOV30E;fkG_|~J#pLi ziM|BLn-LwHUfLgELMgo3HUJ~u(WV5yi--5NY#Jw^pR9+T6?O1O7hjL(3&bz(lIJ54 z9fg_!)$(KxzqT!5fK?mDFi)3jXH2&&fiLLuNS4IQ>7XbET_4s2$Jc68r7_Cq@H8|@ zCWD*}EOrXb=g)!UI0ay|@R?co?fwe(98UdbV9iu%2sse5PIf-xYha`EmuU~eCjlzrx**JgQ>QxaxVB$?d!B);DZ9x-YaD3Be_J&Z;ORtm6V9`h3sC83 zZcm_b@N+tULQr%NGCmw!w`66%LfHKQK2ZaXGLnxS1a`)6X(kmEUT|=boHxMh+?E;w zdYhhJQdBtHxXdC^O_=Qx|1OIzed562vV@1z+0dUnK7|jF9T6h{GR&D;zpuGtxgC$d z!w?eqq=d%jnTxV49Py#@m9p*pRwP(@=F{{9bS%O!dkQvJeLCZrU>o-hx;3Hiw=jwB zX9R_vXc#1jkZ5uK!?t6_)vW+MQD~L~5_b33P}JYK{Zn8lh5cCo#r?AgxKpvt8ASmL zAOcN*FtAVOc7Z3!dGyB)1yY66U`8|VuuHlwMtx9w4f+keTx-43Y*=8@@9#7rE@DWt zGo;xNEGDn76^zo1-!fs`14f>z(NGju{);)J%^DJ&pph?&X9=lcC6_QF+E^G22FaV- zOfmt=YzKOR>p_$Iv!c+qVW)NDWwP5n9w>wnN9xsj#c4TgAK{-&Z*)LX27$%GEQvQ^8BJB8g51boO$8bUZ@;8;tmpExJ$@aehI(ny|n?Ka0^V2LSeorCWvS%6S4G)Ghs*_bN{EI!Jl&O)}EQTO4Z{2vc(J2 z`?w?lg01xi41&_l` zifri6dekcC4*lNlxnj@KBg9lR=PSDk)ogP(0 zB(&m)gchl|(Zt6!46rKK&#jvvJa2Yz(g+7sIX5f|J>`QqNpG71AQiiP2)7inBvhx# zAJz3K$R>~S*j-tma-GLjTIq_Q6241ua$zh>@0XuM9*>8*zUhhC|3WAmqhngFx9MN8 zV_u07pQo9G{TXjeBY@?6X!8p57yiM!A!AuUxTNL|(W&OGPTXNZ*Bw99>*%>%Ot=ON zi_u!@8Xif;X;)loi<1AJq_W!qd?C=WQ~Lj|mNm{0E2TfSTy?t6EOowdqT-22nAKb| z9K65{hB%uxdcWJP zq34C~h$>YXq^>k3(f55n;>Y{uerS!Ziu`yvX$&FG68-4gI6HZRbX}LyHn@Nsr99`y zQmZCJeP}^9>lo|7-aB40C{QvlrKg}PKQ9&y;p2OZJkl^u#rX$(5+s0b&1jM-NM9hF zFzD?*vOxK+8`>fD^ixEre^D=hM-Y|ohtRh4c&i4uO`I@@Ln`!^{B#IE$1bKq(O?dS zOGMPr2>AzEC>YAth_)V-n4r$j();mSaLub8iLjK@l{?0vDo!6p&{BT!el04OeaJZN zPn{`bD-7gFVJU0V!OJh?FPsZUYDjkzxm34DO=N{79E;5Y=xN8HUD z8*7(w*WH(8g~7jRS@$R)` zcS7mAqlDB8^Va7EQimjeY#JS`P$HQdkdbNS>(Z^Tq-9o8H_-$~Jb!+=z(?04vDXYb zux9OQdwHKaLcQtpeApn#aFUdtbpNe_!oI%wINN~0jO?eOWe9>xkb{Rw%GKa^Jcglf z8#_bUc-#=QG$%=1kUnwot&@n@6jFonL$I8%Eq0-B)|Ttc^3cU%km|!2(~Z(>|ArN- z-F-=>5J#8x8&>R`Z~)R@navqP$JjejP@JtFCxgjsw#|Zuu7ST%#XP|{#ADI+Te};+ zp|1ZOPH_YI|JR&i^CNoT!&(ra^-oZ7=cO)4RY>7|(s$~A$KzE-YprCXKyvc9>nIX_ zffpb~@zfBe7(;)o>NyV1;o1#ZDGh^E%u~|yPSS`$feZNyp)+N*eyAP~s7ZtA?MdqU z?|+taybp7o+n9boM>-K1^0B+!JgOC<31WZ+=ZQZp3P$h?@cP%ID>P1~Ya__$KcU5C zjMRKM2(>sNJjGATlnU3k!Uw~^YUp!~-eSu~d&$D~^l;|Np@eRY#f1BzQ6pCIsx_jQ z(Sj7J?evCWQhrE$LsKquEMM?EO zBn3k)bXg1SL%D;cyuAYXCH(aRZs#Db!#$Kh1utCO)QrzZB>SWOuU4-r4!Lt<3wq^a zJ2j6vH;I|i#w3ciqY**~gu~>Ul+$|-~^2qExQ!H z@z!b!udqa?uH?|4r8xRr{Z*vV!=@W!%%ursSva$Osj|q|@0{hcaBl5&$4;z!;2rsT zG-C7?P2ejpz2PN)Is4LeNq;Q4=EdI#;(0FRzYxS-wYT_~MaKZ&`N=pB@dpQoIt*EU z+Ajj}S?h3vn>SB@Dj&xeniXAMX&P8$IF@bRxxK4j>qQMRgg@Dx92`sm2S;(>jKDi_ zW zr|!8aTHlNcSwu>hXM?RdO?J#xh9C=sw@J0N^l)@SaEI@ol4FvkO1~G|U%K-7Sxc@` z&F&si=iCR|@fy8E3L#M2tB7x(L8vHitUqWDjIl!iiv1wl2{E2>Iv?ZG6?g_7!AV)L zkbyR|O=(0JsVs8ER`<0{*4Euh@Oh`zyuy@!Xft_L%=VrLa4w6UE|CCpTS z_bb&TU3Zy24>8{Kzb6cYUxxtNn`z_52Gg>Ltb0Rzk>ljdgkWo6s(AoX;6_>(MD|m` zjs`l*K3RczeX^c&JZ=9R7=qM;juO)`hncVIB_T1t`fIh(4(NX<>5$Umlrc(u2aeA` z2QJ9bz7*pwD^G3vF=(gk5Y}tVK3T%Glz3#vfc4yQ8}LS;Dkghtic#ZRMWDGz1>9~f z=n1J)ocjAX}QaL`WFg%?-?h#%<$S$KgWsz z$7AFbtu{XSl7K>D>t9u@#6`GB6CF^3AtOT+d1jCYTV_P_TqXCTLu)pEJy2Ty0rCBB zs8>rxvu{__F=bDmPc38jmpfzIk)afP@9vaX%4@&7JaIvmp1?3q(o6Kn1s>Elk7WGg z20YD=m^)r+iB`(=p)2P5PuT8f&E1zUI1Z{`|HeDkI^y7S?u5fD69=pZ{4qli!~-vG zbVV2BB>IJ?^ljzt@3;6~o3|6F$~$k=j!o|%VDytXMn;=&t03RDaJARgveltdhrz2W z=5L5^kqXD*tXGA8o^SmH9*ybUIKjCzg7ZgSm8A0QgWs&e?c2s>AO47=KbLSJ#4zvZ zS7)_8T-AioncdTzy4o<`PVxt6S-XS6eiMADB5IYTOv}lKxv^F8K)=kBydBqND%WtL zdSiEhn~O^Y&iF+>-b;+In*s?F>w8y!dTJ_WV;S?i)_bfD%vu!2Yth_RpJfqQp0k6@xci&+8ZPa~&b5)UP@FDP}c%*`qcs#)ry$0Ov_EI*HtJu&G2RttY1<1CsJ0N*5T1c$)gLU5eh0tKt${o>eakIqi9~iMg+QJGP!?O> zyO&BEtS>uEqeQ;Tb|*8+d;i-MP+|%td=A7wtI?m!dKx7y>s<2^>@UDM2WN8F=nuJ} z)rV~b2DM3kqZN}zA9mUC13aF|Jcg`dgy_}`ef3{e2V5&N$v~xMYOxFS4LYP>%ULLn zrxhS>aCFdr#gbu+!|6HaaQBb~973o7OA@uOaMa{6_HkjX91gyHTkr%U85Q%R>5>MU zuR)HOQ=@{%pm)wvq@&f0LWoSi8yu_~?`q#wRX$%B%e3@fHD6a7ZD_zkt(J($TFnT! zKd~p7X+#?9c(jEEG-srfbP!sMCJ)JgVq%VEr0qDOuPuG6X8x*Rod&7!$p*7fb>AdN z+0pC$d~)_oh>i;}z~G&OLuKG(cQG_x3Q-fTAPXd!j#*hE4J%u4_ZT*_4=x^GSjGT)O7Ao$17K6gCD??50x3 z(_akV91R$@%RMF43z)3C>ZQ}`s?rJhex*(k$x6=8@B1}9>v*LLm}tz$#|H^IWUwvJ zf5JfB6_evRG;suV04@zkbp^9~0-!MfDz&{loIF?~U%(4uFxN|X`koMfi!{N_!8V@K<@y(GXsDH5dtVrl4jj^?*A=~B~c>mQ78yggZ3R+ds( zNu7US%k`Tqnw?nMB=Gp$4tebE0N^tpK|&ka4wm{nyBrUMQoi@#v=a&97|)3cF>Z}t z3fDzb%jz5D20ACj3*6V|*51>(1r`<*Yg6Z55$2RTKI^v5m3+Fu<1!koD0`+h5I+l| zXdodXN_fuCOhf#+h-H&mYt-zKPXKL*p+^Bt7wASVcn4rZbPYOI>$_h3k;B;IW^3hd zvH@{x*Gml0qDXqGf6el1?Xx;`J3CPQ{_$hql0n&C@6uNU%X>17-K?_$dp7GV@88S+_<9+sv!L4kFr7Uq zL&$YKsBT$5`Zt&W6ZJiXaxO@!{uE3`W}@tt6GdUw_bKmRusSHp!dNRb@QrntD$ z<8K|nZv80q{vH7_DlpUDG(MC}<~5I=h1OzdAJ;FBC){~x?lwvkOMLecmHbtWGypHZ z8dn9FYPax~#|aSe{pd8IvQu>^z=SzhY2uxLUVNzP1<=0RfNZUSiwYmOp+k6khE3+d zhqYUzF{t(|31p(1v@lF@Qg1Zh7<;JM?P#JQLM zgy;Ul04+Z4bLfY+_y>In5@ugmq}REQ>cM%^--$i*`+p&EHEPZASP=TgT5?h6)U-=P zr7&6e*v8hYl16lT@}NQc8rrt)M?7 z3gK9lnBgyO^FJ_<-t#|67xWum@RZZo7V?N-C-Ev%wf#sx=G^?LBtLwT+ZL|Jp-IHC zLUUdLecv~5MxM3ker(M%dD*YRMd@drNX7-ZA08OFIS-yg2_S>nKmkH~Tj*d*#M`V!(e8=t0Teotj9Wp<*2mNMv?6p4f;h{ar|K-6|BCss`P1d~3>#{iZ3;}57 zubrp;vOFE0hVJlqMj-lTR9u8sC2XP^CKT!{IJ#rQ*NPG)tirbPNlPY1A*E zh1b{q%9sWv-=w=ePpnvg^TS@~l{fR?U`@F;z@a*iq`4~fadC}dSA-9w>=~uW=8*o4 zB?@0_82nHu<1*g5vGsAj!w19h>5gnm9JRQ|88LcNXh4@9omIz`@j6of<-t9Onx>wq zTbz>d{n6F}`d3X0f{~XQYAX@uZw(<*BJIyN;yR2*Y8Hr62I-1k5s{TmrW;fbA~{^< zayZO8;~EmYHynl3+yrUto$=U3#*~r1s|* zifF*r;MJ?PFW@g|EnIh_U*Q-Hz)!PDWj2 z_t5&A`3?P%C$QH6LmYpE>Ph2_(qs5+*8f1m-up2GPj1r*u708GbkGP4McNmw8I-68 z_tp@Z>hLK_m#~lIYiYzR_BeMg`s2(mI?np{vcnk|m=m)f^eLx8U#hM%`%CnVaWgj; zG6J6w1b3&PZ>i;LTDk3ThfRbmnWMv|*52xOmGka1*MC#xOa1lM-I|EhY^zrY;PVU$9FsY$WZKWS}B45&=ig+a?)3w^sWPh{EC z=l8B!doGhlecCXKJa&=gfn}Bd2NKOq!fv}~LsU4<#e=Bb%N;b^Okhh|O3kit# zGwtxMHLsTHh?c*b?xdf-FP2+17U<;LUCEVp=rCF|`$=4SB)kRV4zHR5ZW8{RxYna@ z?|WOA%W}KznXZNe>Y8t!)6!oi;0^rxK#p3p6*1fnrN9`)2$j~eVEnN%xEEf+ zKUuYk+Pw-|$x0HnPV>%%IWbhle3_|1OrK-sE+SzW8L0%YlV!9x=f#W1PAbHU^$&#+ zhWj-bHWq*8rz4b@uo|SXwHQ8RWQ9HT`%#{Padq3E1hB0z= zkL6%Z@t0B^3O0(AMCS-3L1=nqQfLZxVYlTcl!#Qdkw{{XY#F-fAGMp~;p}a9`g}mN zqOQFwXk9ITcXxMxv(J&0us}kebZCv|=C?7=#jE=Apx9yTe>)~7y*dhF(#CBQ>Mi?s z8o$W2IXOw|2AY~r5IT$9P{^l}>Uz++ixBcAXe$kkk0X*<#v*!&L?=#{A;)1+9PQ+F zwLtwwUiLN!1bI|B9(U9VBO*o&HIFLDH4(~X&`+7dyf>h)%_iV3`E|L{4$oOg9+duU z4rN%BUj$o6(-vubncvhyfIyM8SU8UM9s89={`F5Smn^<7^lOGA+O;V9yT4VU5M*?_ z`cn5v8v|i8C9d_CTy#cs?U#;n=QVsaWeHJ|s+o?D{rq=cD54CNl|6UQyYg0o>^PZ) z69-;j?MFZ|oRL7}m2w-&ceFoiw#p$VGvsjw-V^N(qJjIjhsfD~2<`s*UWPjS`G0-( z*9ZTzCu{zTI2%aJQZNL`D>rAEQK!)X2h~?pU`)b8urOcQD_6P5rmKD!^Rqbr-vOk* z1-(d6HhPMA8=$Z;JWdoa`FdM^{W$W^cx9Nx&h-S-7~t_Tsy-ua`tvPkumw&2x_$rT zv2umsAI(}${^c%@yevvC!s}B1E9X8(e|`;gtLY|x|E+(2`Tyc4%lXbd z+~wZLMcwt$=S$DZ#-2eWnixw~8|5gG>>g-NmIGoTBGjz8{qa1wK7-ZDQ5<0V7%!zH zz;RTyj-m{7NeJZ(to7iWfg<|{SQdl3j9Xo}m|}>WR1qK|$6%OY=64>zu|kIENP_C? z#T50H|6TW~EP?UHczC+D>(E4OY#TTN#T5?6AU8;cUiS_9j~m{LRbYRTOvK5(inbJ# zm7PCJKCYc$dP7lqw|1bfDa^HzA}SCO#6ST$Z-+Ar7^O;&f6chxBd&M$Pt7OYGOR@Z zrRKA#` zQV2t|PY1^r@{{207nukRj96yh1`mL(9^E&DBks$nsMc)|Qu1=(?M?jybo$#*!c3$N z+R_nP_#C9%)pT^I9rcne=L!%VtJnTEbWCWJlcW||X71)M#3dQnXEW<{#o5)6e2 zab~H`X}pSzJhxDep)Z~%lY0(6f6(sy9im?xBxZ&BfuBEDSyu4rZl#H|;~M0G*9BLa z$^dcR9Cxw^yfZ$4oc2zl?3tH4*KqKCDy${VecmI;WHK_ec8G|*oI=6S@^B2&Z0DBk zQm?((trYf~@UjK4eN>PA8Avea9kB#E4;&!Z`a)0GS9kkD%%upXvY4)rj(fV0PXbxP z7O=vyi!VLS^FF!oJLg9W2}c|pNWD7;KVW2ekb${0VNV2sP;U#uu>$ztr<0D>l2d0^6g?^Xjx`4uFpgla^Mh;41l(1M7Q|g zl~o>U{Rdg4msY}WheA;V6NxC{m}LBCKE3hQHt+!gDvs~8k(*)O>chd}LJ*!+hF-lt zFae>>kt5ju4#kww^5_4MVyfLL%(bYCzCV`(T`q`E2MXo;1Xaf2#9_=WE^e@i-r5y~ zPC0NFQ9{gGfhq*K2Y+1KULGfM{BMU!t%SR)4)3m^G+{LsB_q<{3sN4Ce-RZK8H@k) zSRBD2Ne>K!BmLuN{mMd)oXa`An>kj3P7J(+F1{8D13PUsFfcFOn3N*&{sGmQM5yUP zu{RL}ZV(i?RPb5My4KyTOxq5=mbNwWe+bt@+a>z12gAZCE#9kG0aeX=n4+v;Z zxVSd5vRdnk9SBN+KQT|kLX8mM!XpqTL-x2EkS%r|VKasmz}#`}d5nl@!JrW8UAY}8 zG#U_+AgQYNBsD7F7-KrUcR0AaIddt?%YM%XZ}xH5jq~9|?XuSizqUE32VM)5Me6ANAC&3?~Y=$7p?-@fDT?)B4$gtQTl z@YvCo*^e{%4I6qat2k7R-l=dPn;_|R6r%kky02Gg@`OF#%U;-JeuxBueK!lSiP8L? z+1~w){IUpa0|Djik)<*BY1{hY4f7u(q6EOwe{J#V6|c{FoDm+5qxO%K+FC#4@J;&ATx6Ou`?Z%k~kwsW4lS75qcMFOx&6V{wUDqum zQaf+XZ2eyGO^%3vbf$1*TDJCFszeDRZ*FXEfa3_(qtvUEL{5)1dhK!N?!B}h&6{tj zOo45GC`|!QHxMCVq;`!{C-5%AEn}-Iac0wEH~K2rtaNEyFSMkDzwNcSp250bp$Cdy zK9ttV!*50AGy?;dePm#u2SA3{GblLqkCqQV+bpwH*Cta72N%@OpFb~U8||Oa&NpnD z?MW}ZKfrnB%t&>^9=ab6PJ@(|^rL6mjJq)G8_Y*bWJzi#ms=r}d zb!~TjKmhC6CqVgrB7w0Z-6ckeFCjVh+4cE*CO-0s9JUG1wP~-7Gr3~>8s2i=_D?7;k08=)gb?Wo8 z?f(A$BV!ZA#u@9x{)Ej#<#p1WY%nN+@%FyygLTim* zKVD8@;VKb^y_)*K#Nb?Byl@KJJ(xO0uS>Z)r4wh|h~uj@^1^nO_2b=r-m=#XqK#KXOFEZa_BGIVo*2?c_#H`PS zM@PGNk|2 z%xdVhEQc_H9V$J>$j6ZBJuXqTe8E;yyqCLx#huG%uJA@Y&9!G3()RDqUz(St zJmB_Z$5(VCzDi?};?ZuYKeTzmBrX5*u}}Po2e)ev+d{?Ow|i(&zWLm0uCUfTm@z0s zewD_&zGp((RQgK%W^U8$=XBM1x}`$7rfs?k(&CRMOZ!hU*u0PSjXjJ#_|C9?T%*fT zqJX~p9!1i|ln!P;Lkh1Uk}f7ZDEZb{4@rU5a0eC~yI7)eGt;udocCFn?Jn5h1?(?GGHZ&47Me1ZHd|MT7pG5* z{ZurO>>KM;h})&rU);}6N_)bOWz~|9(aKYhM{ob^n2uOlx-S8uNQoqI%7=L%ij=iL zg^QS5pZsPHX2ZTh7LBjnj9d--YFTT!a)>z_cj+9q=T0Q9e)ihARbnXi^uSdtM~@S4 zSlK&EFE49+S+7K}zjad~EHAx-Z-g{>0E_HNy zsWaP2I*AbX)gPaBIx1a5ZO*fWJo;I3#7v#ekJMOkNOjV`Hx$wV;FoPMFO z9FXOQYeb_$5AN&7sWN_8IV8i>C-W0YcR9N$#bFWp$?R?@(~RYV)XKafzKk!z6w@yI zYKAiTy_(Rv6n7qDRS`CP87#d*hzy@b|G)juVBVan4^3vu6;&y zBnxg;i1`57=y>M1ckPV@);6A_H8>^ieD7RJ1ip=QjL&Wiz&f_=t>Q=YOrdK3x;kNs|Y=MN4~|3E;kB&WM}?zvDeV*N@fs!!uE@d^ld4EtcDAyoambxiVB#@ ziaQ-GHI)@q!j-~8j+22Z;TqoF4;Rv|E2>*LH(vVWxjXMVsXxBGeeBW|c4=$uQTNr9 z1fo5UbT-X70zWIYzLiq-qO3VtcX$TodoTX}v8=i}ftBgvl|yM;TaF_7Pb<6c-~ISz zlE~Y)%6f44i7mew6XDeXc*x1;m zuK^4u9r40}L6{AKuh3Rz>hjA!<}=Y6o>xI^s80%wsl?%pX~sM+X(MWOyFDykrO!ZB zEBeuOAWf}l6)`?-aD*Y~>w1dOYr;W)+dNUfKi&R}#}kE?%d+-W_m6WXW_6Jm_bzU6 zz!-jYSS})j=l78C>OI`*hve;f=M7%7aPcyo{fZaR>hh%AR*X{R-E00_KACG8@x&ke z8W?XX%$bcYBg@@2^-ea_tBR6CF2~&;n48XSBZTTjUo81l8-`z#D3rILQE=1X$bo*e zULvB)^}TJE&CF9jGyA=(QT5#+f~M`R+Vs>?GGw#}*7sG4RTRnjbZr=QyEOcyyg7VS zl(A1=`)MeJ;5%9w9DCn@>2Ehiivp!CgE;$6(9_P4BQ z-GVn%&N<@`IJjkPKN`=`{BZboh0*V)7zt`iZ~EO4Y#%Wo(Uy3VmPHki;k z_es5uEoA5QR&4=q1$*ABl)8-AEQys$3fX7X1W_kzL$h)5o0{C8(ih`INXGg`&t^NL z88xQW%+}HJw&~t>&pQ0d==Rat*&|myyV%5To@`TqAJncLOxH7~;jg}hOMpzPgEwWV znmp=GUG|o-3%iwUIr@|(o21FW6h$H*i`Qs;*dLn>Vn7))OD=mc4NLr^+#E^@KQql7 z2lKsG@4x@JYd#m}v`D)LoOA93GB(LN9M|-8qXC)0S@q8mo6fI0?SBLp7o+$rDgnU1 zv`555r%q0q9E{Ga4R{=2)YF$+btK`botESlbbGuhKjsT>kXCH#*z@Pl zz3f;v=0}lJV{dQOByR*(%PV<$^2fxokyt2%ij2@uIT&W%_|;+SD9vwjuAEMkk&*GMW*RC^UsWhkZEk6olJdrd71!oYZAP|BR6Q&71Emrlv5gNA~*0t!ZKg3m)M8bn(2Nh6Bmw`e>ee1(Vaa!uKr&M(hMn3{aTB zk2QPq>v8ssy$RmrFs#1wT4p)m;RY3)N$<%z@)j}7S3fi?_om~mk#ZPve1FhxC;N2f z$A#ApRj(ySp3cNVHKn(=*SI%B4KpRB9|%|5y;s_H{%UT6JlSr{96oSm!W zSkNJ0DFkDLE;rU#wwT>d7i*z*EADb5L$Q>Ct?|u*bri$+vyBfP7bGfs_^T2kyWM+F z@SmCu+fodg(Bzme31C)#qqVqX`M$$#i1ka~mD0pJ+r%;JG8{hW%1rEe>O0@_+1Uoj zQtub&_;mBmdD35O46ZAJ6UKdl!DoRJ7G%U6M}~VnVyyPCejOpnVbys=FNyoy`Ayc* z=CQ@l^EBB*M&Y!`)Qh3ue{X! zcuL$HSJ@V0L`gNM`7n>@by_htC48tB9iS4KC;H)8&oOJIXzsCqs=p{@S5?^0eTmCQPxJR z{Yo##3G!T{T65Abv-CK}6}qQaE~K|a+eD%@`ud%<%!~VK^%ps{1wn`n5yq_>H@eLd zip~`{*M$6_&d<*mL=PoFf+aLj=pk843vY!|!gq8>jgtc$ggi=y9VeTDsc+nsL}l}(LMqSGepmnqG-{Md)5~tEMQ>%t zF4eAf4EqWi*d*=f*`DXqyH#$oyFtekbEM?$TRHlGjDU?Vdwsbj&e>x4YOI9@^5*#7 zE8i1mhMF%0GvMH7o*GSAFe<=tsS=-A8$yB_Sy@R9IAT698I=_#NvM-@@S%PXQp9M* z7d`kQEqQy53^vf0epBXB_M3r$^M`r(-;JNN&lvwOxnkx=UaCGQkov`EB%($F(XA z{pF3KxegFOA>;A37G3d~f*&eL53lp>FS=3XQmSCf$faVt6!SfAykJs1)staeto1}% zWt;dICX~v+&;EjsU#oyUg$#(zn5k5bo*sUYb_^|c@JPz@ll#vsq+=?3@ zs9ZH$tU|OWMd)S=o&kKIWI~YrRW*KSSBGMk?4^Nx-3vSH9bw)jFUB3 zY%y0xdJKh8XW|r~fNwKVry|k)BS{zhw4ltZa*BTBeKXAeS^;7?k1m%irN!}Xab|4yy6 zYy9QQJ6!guj)61%fMIe2!yfb7ztA=*aayt?*B{G$+%>%oD2tV&UNJUT6o?G1+0da_E%fgpFbAD_H#ht?B*)x6vWGxwW~ ztBDlJ5Ul$0?q^5}1dyW>?xEABh~B_q5mrTs`N6XXX$n_Gy}LV0sIx+%U(sb83>1&& z5nq4Wrm*o<{i~J8@L+k(^m#Fs!6hfMoPrFYM3E=L@fbx@b3d<*H&zuxLytFpup|Yq zuk%-^7T?9^ocC;UV9<)`<2iM;Cyp_VbDh$cA}0LA$LM32%T%Skvp9V&S5IeeKkv&)B`70-(hOzeM@%(`62N1hG?pSqdU zUbU`yhc+<1;h5{XGI8`4AA}CPt5({T_cykBKmKrF-bg<@;TCqc{tYYtBB8RLA5l$p zjLBCHQS+TEC_aX7i+#w6TIvBFi}>Ahr<7%DrGfX0KJLtCZhC)KOTWT_J~PubW-R{I zOPlUvV;4c>BA%NXc$0E9G8@-uG!xS1%G#OeV=wRpRQF}N<&)!&l!)>R2r#*t<#j$7 z%ebb8u9Yw?( zv_7#OahX0}Ktjuze(L9`L1+24m+QxTqhsp&l$@+k4j)3kbVA;?f#NKs2IFJ02wW*W z2FsyR$k&-z?8mA2KGKw**0Lq%Q_^JEE=hMeb=~w$cOK+`-nk#vweHBn*vlZ}Lq7^Q z$}=@SvD^R2`@+uPS#1k^aVFJ4YxH{!SKyMGbX|(x&&nab-UPWZvz*hop>Pw;&`rK~ z+e-B7V&ZcuZfienO~2xd;yq`)yU?XKLrxdARp}GnDtlPxyo925JFSRLRcIer2cc*D z9WqPC(<}o#JX5J6r?Tv_y~k{SXBHtKq<-zH#-LWKRuy}Ejk?G~oEO{Lo%$mcj+pLB zSFt@Qqel!B+VUE-@H557E=PPf7tf{%e-^X-D_ygCw|7%^d|9w!L{#h?9*bDoT%tM5 zj&7JF_{!U7A?f**T+vE?4Hrg~{`R7ur5HwOQ|CmVyM_)rQEfOgQ7?5hNqq63Hv1X> zfM$w{vlwkEMKjI^IGn-N4;^0clEr5{N7jHYlWOeK6qiq$lXfM4%2dKfJO$hT=l4$? z%jkI;I|F=nRW}WJ-MW2}wFi*!Z* zc8a{XjQPQxit6mH+p$-!W-X&rMg3DHc9#p{T}aeaMa zh#oih)CVBYBY69E(b#A3qfo`_BCgSHtAxDOtmv2GVO?MCX*}^L)aHmuj6g*NEW;>0 zk-C8w+8T^zeLQe{J~!=}|7y{1v-X?wton@Pfts)!FAhK5p=^1A*f(S@^m{m)10RFCb^s)%EYv*3nSUnzD&COkKcaUOy>OzF{a2g$yZ1c=}!~~Wi2P)2LrCsgNGXo#Pes8(C2ruveBa8T7O0!;-!baP19}IJizlRyj1lQ?8{>+|dx?SsS;V-8s#P1wj zN~}&f5>=NMuC8SrWA=X57Qu?} zlOCL}Uk)f1Dta1lpMS)rF3o+`!IjY2pn?o)8ZuV1TEc!|(ah?m3~^$YN$6Fw@78~Y zaTlYSl9q_Ih> z)Nu`=VYP4&@&5K$G32fQkve$WfwIeVLg(<{xUWau}@Av%W4sOlcMNQnE@q;!>(7MNaO}RkC z){5HI)=5m-b{6CHUB)fbhmzQu0S*FdTnD|gN7p7 z%i4*eR&*`0v-i`teG}1ATDL{Qknl~SpY8Y*D(W%Jmn>mL<_iPA zYtB7@yEIz!X-VYw;iLb)>_R zZbo%a96# zDN8hx|NX(oDoD`!TGxM{;AFE%^~xtUp^ZKs$h?z2k$ZxZbbq++VBNNQ*_@{=(r*1S z=}o$^;j(u7eZ10$2w0iL4uU@}V|}Wzs~U3freG0PH8SFwV-Hmu$q9xg5!vQdJB_sN z!pv6LK{$0ww3a~9L<=9{Pqten#e)Zsrb#vwErCQ1%>fgb81(JCT2K(5hmjF2V0&)N zV~%6QbsP-}lk2x`H3oCl2JS9Ysf@SDtsD9$})W+1YKQBhS}%h;yk{#rP9!shrBC~fT5n$ET}bLRKHHFX;=pkB-a8N?tH&djN60|98IuHn>K?#SD#$-iLK)@9zsY;0@!A z)r&Fj91PMbQy1hPC@IL6zg9h9q5K?T4G>!iwGl{@`w9;2MX4N|J{cfWPVYM#Kb@76 z6W}!_>NwfVNkH&wk>g_~MugZ!1pVW{uttRR;zd2@U9UaLuzS0q^O*S~H?D6*gkZV! z^(@alPJ2tAu5-Z)c18i45#Jl+teK&H;RT1Cs!uXlpP&ACz^ zlP(5bbVF0#3bK;ykmHC^wyG8q9bR#zBGZYAjSUj_+?arDy*#AQxJ{c+{X(CT?bm<# zT@XwpW;eMhn96=#P#5A|FWwTeZqi0uR}Lu%1o!svGg%G%o*{Mb&%*tVF8nERP5VR? zph9sSZliNrNbrNmmgeBY=!-R1A+HbjpU!*;RJ`6aQMtWxI7Ivg%RdL|1~yabK4kX^ z%vp(2dlne-OBrjKIQH{~$ITk)7`0s1SvvY>a8#?`Ryknw(=~z8?BSNe1I*gx(KX&* zxdz$ta}nYkZS-tWrSZZ;_xK72G(IUE3orQRBZHL;kL{_-g6yZPd)IYPAySCW z79NJL@hOq&@_KCd3JR75zuv$MJ??*qWV^bD0@dS+?XqmFAI*(UVWgtS=U8~J|M|)@ z_}_aI;dRbQ8tCM3rr0fQmJVW>F-;Cwm6VAGSQX}!E@i&17i+y9e+fUItOyGKl8IU= z?#DKLLN{{04bqzI?NOvGENw>QC0N7vwQDs0W}*7vYJxya1AmTge*D)9XI3fQO8 z+o^X{KC93Dt$6+vpnwK+Z0cV!-*wsKJ+&Ox+06Ane~kIWl)Yn3AIV=A@b3?#pZ*?i zGybjUc_I|Zx>dJ|m$A&uDSFD6ehs^SyY74-yZ-lwTKRt#^s@a&_3!_^PgWxoTC5{@ zG5+P$TC1>6nXX1T64Bpib!qtFkd=*j2CFB`6=E66s3fD$8W-|~d||Q0#fdncNmXk@ z3E8&3@?*IW$oX?}O11UUqRx`7pZdqp+rj-ty7Zwo%;hP(Dsm!rZ^B)>6&sWsd~3qX zSiFm5eOm(mRok7+TiRjcHwOiYy5&vx|&Nk@pX z<6!S4nuKx`2O3p$EIqPfTPJLtgpuzNua9Hp3|l`_Ts(3fo@ypi0{#!FuG_UxXx2kb zJj2LTP>8mI`U;^ypx*A)#PRKT{~iJlqlfmznyxiPJPx9)#VGo^M zzokLTjos`sqbi*u%B|=Vz-J7L9rBhN&fCFicR~%Np~dv$TtK!cbd!RzX1Soc#Krlo z#9r{m`k~KJj^eo+r0Ky)VVt)^<(QD-7rAhI3V1D7vSf}6V2q)Oss? zme6x+3viWy#@i6$VpUAeqh+fhRK+u@xse!i=&0UnPr`Q%b{OloqTUzb=m^a$Ht1wW+f zh|lVaOzLR1`| z;>BsMkBj*w(cXKk7Wcn=J{)$~#ZLRDY;|h*x*Z&s1PYkK9*Ixce=GR-r0Ipd!<4~Q zs%5P=)~M`oRzz2)qK$(!CbYWDrE+=i#_K z!q{t~WFB>a~+@+-siXePA@&h;t z-JceCxoJ}TK)s!WlPy1t#F&@3gCqMe*~{~9MH|QAQT(WVQ(y#xIXxVPeBsw{;%K&b z_wBmXvYXy(hb8f+a0*M8C3SJxh7a%^(6NZNEVVV|(WYAbk^n|0MFtfbC1>r}Rl^wy z8awfPx2g?jn1w$7sBqra2{aj`v1ObI#l2?51)xq$xD%XYBg%{<~tv3?E^HV7;e?KD~VDA;^Ihm5(dmZoW4!0bF+YSHu=%o83#@@6w%j*-PzAEyjx zV!1C%i0mN;cf%e*r}e?08NZvo-|j6#TV}zF@*53R+W|FbiG?F;uzv55;k;#Gi%jeA zH@~1mDP~>Use!`$@W$Z0PqR8uFYHkxzD=aye)XQM96qJAfbpjV(y_NB-AeGCX3HaZ z@J}PXTrxugJpCUg4fQ8t%EdAKpRL>4@LMnpe}d< zTzkFqy`uE)xiDZ)u(kFWrS4*>T*j?+`Q9+;(sOCS7{v9PuO+b63^m3cbGeW=bkwgl|Sj;Szyb=#~Eq5hd;LT7@EghK0dv!-A1DM-XHRN`MYkbRPknP zWV-}>7t9$|+T&SdycHy7^=#2guGfn`Ss9xYR%@zpkJIi;RG*FidbQ<%@zQipzQMu{ z+7zT|m`B|I;}q&AxJq)f?hLQNn?oSp%R?!1RylzTDDc+SPM6^%v3nFyCq<4|j@tKD zVWzhK9b8Q(M;|tS_h1D|K{QLw(2(9+22UEYvXuIxxVk`|He0|A+uhaW`{uJwN30~m zl^xi?4yentQ)=yW_pZuyQGbzGm1AaK_XXNjErAHnfC4Cv$MD_O+BAMGk5P3nT(G5O zWjV657d#G9FmpBEvFk)GL4#&f0*MVF(7dp$R3UdO@+!|3PI$NmSPwtn!a2p9M9B{%)1(#1hdtkg<{aguH`)PODrDpFM&)u1i_4cibSDDP|mm%c`S2{echDcbKz zTq{;pA|*_4sp#pHP*vnx(0Aq{*#PgZm0pyA;zYPigp{!$0znwtto1hfJC6#@>836T zunN$AlDx=Gd9G*-XY??_=tJL{RZV?KO?$NWJm(Qse*V|;#O%i?bt!+{of%o}A7;)C zFrB_eCqnTxb2O;IL%hpQ9y!Y=w|o22s=FEjzKM{5u8H6LT*3OR8*3QcKI; zjtLxXPLro67&Vw4SE^E|ARO69uB{aoabH>5v;7KjLza#fu!5lwA+)E?pZNX&bYdBW;4=RjUhN}?%j6%b_xNcSYnJWiKfeclA6hT@Msc72$j%|ji6HhHwCN!6YIqP^Z%6s`vM$j+{3 z5M3eAcLkIclwoC|x0!aLc{>-a6HSO-K%?XnHW8>%(B}*F`(Y=oVVies)nP-W+MPmK zM=rVnEWupyQasQIS}7mC-!c76wKTW=B)iHILB9ZS{XCne0-v_|=+KGIX0Kd4thNt+ zG!9vj*$|f+d3KL7t8 zG^%syrPjH+%{ru=S@UkEWiQkwX!}0-5Bjx%D3cYz>|#Bk?(e4K3lZ30=y>4xf|?3C zt_if1yo)-m5BSjE>9H3xYFP=asW|Zrsr+j?`ApZhN>@ieGr~UlYVe)vh9YC+NfFlD zmghOwyf_5^3&NDl@Hb)V{ug2D`}9x3)Mo zWHkNCM>og=H@6V$eM$eeQF=azf;rajJ|GZZx+WXqg&Yd=my$fDn=c)1%vRuRIu@+@ zD)EK~&+La|^nLrDs~r0(E_@Ru#r4=BA0RgulJh3~yo+7dDxb>q#T0Xl+6 z;&6SiCY!nF3jfbc>4o1+sZ3)8!3CcZ-K~$8dJZCkpofsYBZ>v2sb%j008F&LmmK6i zNA}Al4R48#?!yYiI=%#C>&na}L&@Z4A*BES{RoMaPpuuuY+SIcnWySAx<|xX#S~QH;*V~&5M=n)W)k&&G^D|~~mutQcJJbb0wK5v<5FMe1($!7y3`snu z%5Eo;7$)iviFRCL&8A#3wN_BgbpLt=bE@AaivoMk;EP-14`+-=M{7||&Wgwp>z(R@ zed6rw?6;${v#Xh^cItgAUz-pc(`dxA=-<^!PS)qTZJ&kG;-NK~nUjRpwAkwGrmV$r zTL~HGIg;;iWJMn7i!?LDn<~m} z)8BnCc7x^xye$U%Xgp|z;V!XA!pZi{YKM4bzVbN7kHb-q)q}@e2aXwtYd&Xqn~l)a zNh0SD99-@Y5#du>f53CYXMbiWkG`U41fSYFVv4wh!w$o4JSh*vtn_XN`eqB$hZ6@# zJ&o*dLx0_ZcA{@)3Q}cR9TADG`&>QHe)g_ z58uzl&R)+zRem?bQs=t?svLeeZ8>&25CU!?}6G-oQ>h0OjQ-p+s1V=`` zgU01bdr2n(F#_2FV@|z3q%>+IFWC)e>Muqe()jez{YT#T?unI^+QAdk;4M4YoR)AN z>@HnhBfWFa-CYGH)Bl1;nMUj@7KLeU-)v2yv{8t*2fI$5mSA;V-`h2f7S zw>uGA%oXv4H)f!&8tp}CdkI8>S?0s@h9Ffa$)IW%FDU?^6bXf}sM0&P<_^6{7C}L2 z+TF~*B*5=b6QwO-8ISREovTHp&UAyz0jhmZ1H6|_tvWKCzpR*ro58mpLzDSr|t^~R| ze2SMt$2mR}8dgmegL=MA@Lbm_jyA;ycerBd(J(xH+N*38+I*Vq&ZFH0=i;F-nc2Q* zklz#{oqB8J!ngtIV-o45mHCdl=`^>PdLNVF7f1}+142D;QBd%Z=DB|iB` zw5l=#-%*7@ziny09nImhpK)^l`2iQl;{X@9KJLy=%vtskusyS&?^Tls(;HHt-;XE1 zjJ8=%({?+){UhQqx_0qvRri=q6tte7p(=U=E=TG45wY%3re3G4&V8BuMcF*G7Xt$O zXL{uwf-1e2>r|Ynr%JrDr;2!mG`&s-`0vJ8OkFm0CciWXIig;j8Rl*)+OaY977Hv@ zu_wALK4d0*RP%`FTiu|iYTu6571gJfl1|PbN&(d`K-oj9X;z4E0ZBMmB8sD)XzJ*h_X{W*W%zn1u z_;|)J6$6V4!&2ZpNoNXm0eKK=M^HpG4GUJG>~=GYq?%_^?Ttj5Ong%iL%<-u_dZQ$T6j! zxM-AY0s4Eiyhaxk^=-bxT^j(xi0D!^IgSq6`CRDXBC!a^E4hx_U6m2y1;^{rZmd=1mk-~^#UA#egyN zlPXlyt+WyBQFXf900!0!#f*E_?>=MQQSE_%3L(o0FNjSxya&N~2M=KB(9Zxka!D!?0S?PF|Ot)Ut?%{_itMrGR8TrvfLalcWaLkirpQ_jWg{V!()?DTGxF%xngcTvB8!eDcocLUZMCg4zY3>gJR z`_AT?EDHMH6&sHj$OHQ|$U+#?UN7~m9Ur)^iO55vzlL>%Q-<YLpzmYd85O`Zf5lyFPvLuk)-t!mG8f{dT~(He2%M&6}{1Jtw)m zDEdw5{y1W)!hX5_py@RJv${N-x0mj`QI6HicDJ*MSB@HuUR4iu5Rs8N^aYNjXmJBU$F>>uGnL=&;rv+9Klj$}EJ?Xs;CVH731S_SwwQ)b{GS)P; zR&|D|;6SkxGZ7vgTcUZ2{Hcx29o>{q%iuW6_PS4#rXYcd0+rTyS|`LLm+-*gHo2BSD%d7cvQ0ul;W6y+tl{-6;!Y)0W$lgRPX$g^p!ZN1p1x{sCpY0;w4LU@t zT#KA2z4)f9E%6lfSg~1Vk($ujsePk}gxVXl$A!S7@4ciPe2w>opS2z&;h> zwP1C~&AohJLh0w28bf?ARRu=Chc={B&X3@W|VNEyem}8iIt(=GtGkMZUP)G&7QGXPOD+Zt8k31zw2li(eZ^R#M)T3O8FFm6LdA_uwimI(Pu=L+Lmcz1JUW5K=%PJSiFd=2-T6Na`BS9 zDaNiva3c6Yi%Yw>>E(&NaGRXr+|+xZI@WI#$ToD_1x_3G%0G4JEkxmY1?C$?g>O3o z&@v-*LD5J(V!PB5@(uvWeib8S9d+-P?-7$S2s)IJReE32M#Sh4PVyW~6@zv2*P zx3jvS`rTX%6MBSH0$yD1y`HcGt&n{7ujkjH%x2czBeQ;(Ymb@6AKS($@ZZ$ zTnpcRHfZ9Jc8P@AXM^5w&(o;$o*73le-DD9S-4A^9I5vFu`m z>WHd$+T1xvk#fv@3&^o1=#1?~zTU$Y0aqISo-X~6E3~a7EvBS;W-rM4M?u5HyesM7 zs8OEmqW_*6HCGu#sL@)Rm!Q|A$BJ00kliSM8c&p_D-!4Y^?#EPU9W!z8+xzZ?5>fr zk*Xi!Y!dxy1)QK(?UAvih@O|q&*7Gz`tcD5$s`zc-G5`V&cf==^-P(0WsBlS?0-dx zrV?|ugZV`Uu7Yb&z#$nV59Wnd?55^0s6dc9rC^jsLA5Xe&$%&}($Wq)(;pNx z?5yk)oJD{R>vKKDTKul{2&qi3OVfJnt+gfZkfgX)KKC0lStPI@vZDK7Nt5$16GL8b zK(qOB-?x{53n&Op94y2+n7)0`^a#>d9&0;OWcJzVo+oB_mrmTqJO#w<#OeUGW9tp> zl5pV~#bOo`kW4_|1tWj3h4tBj4@KfI`RYF1l?q9UV+Ms=3PKUj`s(R@p3R-_X1{C{ z_c|>v9PB4fOSPOXyCeDG7b6@gN1WV5!+a(kM> zMLnm(iy}hPqPR9-nq~qL3F@$##P?(*)UvwC%55`n3udBAESO8t#%vf5bv$rkDA3w1 zI-$=Aitb=78WgnZ)#jc)+B^Gk$tVE4ej^{i3}d*$HZymUbB;T+wx`_e6}E3Z`e$ZE zunB##kPFMFnaily$yY$JIxif9i|2x;3pbxML00fw>PS|_2snq3oAw+3iL$%|$<$LB zops$Hu_!`t!aK+nnA=VoB1TA9)WE5?oi2^z7h#AhAKeS_1FL8ig`lUgbube-KI2r--#PQ_ zw)4lb0Yz?3yJLs<7X{JVTh%E`A5?UKVte^ge~L`eG*p5AtjK+}6IW8S5F5W2CnB1d z(}MT`A}LSG{dIantpYf*HPb(Uh9DVqXS*WqDS_FK4`1JN!~~LPC1VS`LcY->HA}+n z)OyCRAD({@W$Rm^Vt*wp%Fq?QGMb#Ss4l0e8M8}X76cjEBQ za5|d@kY{s8OCRGvsa4N6aT(DtbS}ma`(|&Qz%aSbJ*Ua|YqD4#`1mH{i(>?Ct>`>} z{1O>?`B~KFFLS$x-dL--jAR-k!z?kHyVcfW zAAR&*RB4OAN3^(y^u4u}fD_&;w+#)(-K~T*a$v zp7kLjO=YvP?~8vk1NYaS0gA%b7lxvi~{It%HTGAzV-{h~5qe-?ocV5ge>H|+^| zEUk`x+g5WN_L;qQfHQtw{NY^5%mylt8xV+J`wratme1k3c>ShOaoz&Y8vv&)N9{tH z$)U2uHD6c{7$RJa=YaX&vQX6@ajJVvG3 zc@$bGZw7fMehlB-+9Fp|t|Usl3qc~#*(=)d2%ZU&33pi-Dy!1>HvR~3?U(tc<*M-m zht%;m9*^OZ@D<{V3a<6J6r@f>kmu7w*;&`zAiuiyU`ZAB+zc)}$qB?K4!ofoJwoY4 zFLNaJ&YkCa2U?=VgB{Y&I$y7yAIf;APw!rnYYWSfe;<*32{X>2k`7UScVEADWU%9- zxuCi~^i{z9@w;}9;qn%zv#hHDD^M2-*fxN(8}Q4vuYnsnSI?+aAz?y5X(MKfkxZ64 zoGA|p^)MjaM!^4v%|}Zjf92^|L-E9>;cT(9gD!qm_Q(X>7(bDK-WNO)=7sEvFkoT_%Si5d0`&iLW z9D=#n)9`(i5*tT^4_cVbRc-=__JjF=1KM~m6O96YqJJ}5Y{gm77n~}Fj2#bKA}v<* z3P6tyD zRV!vz{Hy^Dc2si2X$FMlYn|Iko;Xt3heDlCAUyQ}BH_lJ^P)GgGhV4EKxM+0{j z{TGA^S*bcvsoTHFZKA}EvvE)bJE3nX?Om7Y<@QFe>fO0uSXWn6Kd2l%97 zVUsdE)&KI4u>Aw)L;5g3AOD9W>3_kf)_7lNysx=?du(^-)n32`Rv)Od(W~C*VjV-7 zfypJClD=Qer{Ov_$Dvm?mYl)eBWiCUFRMT7*T(^2!f-eK5oqgu^d~JU;IQunesV3^ zUxVD?Q}tRB-`_NIiMGHvIEwpO@2Y}D=GVg=7*&q`f8e>3s;QC}_c`SLdOO5aIsOBY zYvAC5|JOV6_s{7nf91$dIvVd>1x6P4_`Yp58sx56s@5zakH`N6WW#@x$bUT>@^f#& zuRMc4{|tUT8u~|A>A(K&|A{X?HBo)Qq~L8P-Nie-J7}#s$_jPJY3^Y{5X%cOmq49k z1N#tgH~!w&)uRE6Ntf>+#sS&XbhFqH768q0n$oe!ZaVZE0)Q}kHD!9G|D>>geOep@ ztfoY{VO$}>3qw2ZXeiY{(VJ{UUw~WdVO~lb=B$h}>8-!BcDs)pO+7BO?p1md>MMj~ zZQ-OqNLB>@0b{wJeRk(Y^xoU>7_>8Xv*4*$$x*x0+wIsx7MBjA@4CDDK#ZRF={+P} z*z~_2?T2HVXPq8fdo_IDcTjsuf|txW8(uU?4JuG(Bc#7IkIHzx()i zKoGugun~v6QhX@WZt-c-V!zqE>X>YV?=kB-xGe&9bwMu|`8{AP;eGP$tgY=#yJ{y9 z1t6Dt1*GkH;%P>dQ>ho^43opV3GW%^yriH-;c{q43Nd?WG4<^)L0A;N4yJ zYgie5Ug6y4!}0E zhpjrFp!cB`AxqIus}h>E3%d$`Tip~(go98+J(o0=F7|p^&anu3D;b~JfLB(kmhQs( z+3Ni&^`RpbIlxeU?*A$5Jc|IN^z@lCx8ShhB8c-Ah=mE}gI!|q_{f64^LLsCd;vsU zkizfGmsNjRs?#A=BX$n*1R+P~*4sae{a{2?<2QX!s087St0l}GL^xMAcAbjbcWAlZ zLfg%Pey+c$;YA3Qmp8A2t?kvtR)fk>Xn?*hbI!A8@Ig+X5aMZ04>lEKQyiJz*y(I- zn-YgE>nq`^l8#HvqGj9d;iE_CiHy&;X``aOX^<< zg>t$&5bC$dr5?~#R{sGA_fuTwjS8t6Hv&Jy#OFS5W6Qr-%G>c`x=&s7F{ZG1Jp|`5 zq8*XZl|LrbDTvx;%q2RVH~0Kx1=@()*iO2;AKcrMYu*Zv%FSXuM7&%XF#Z9@eq137sdzA2vMi_p1) ztE@`{8;!q@s~J6F-Bq3Mo&CqOz!W))%FJ_o=kAjvTC? z0_+w64e6dDIT?^!gha@^LXNcP@eiQ#L*z*qG!ok^R_+EU`q)$;p99ztgCJJ6d7>OL zGN>Sh2nk_z!!LttZdK_(D_`eS8MXJ^vzGA6L7P7Lf}u@T-AoJ{RDb( z-F^bSb{>=3bz2v~y2$6TZd=*T%<09Ul7RS~ppA0B5bnA6>kFa?M=W0N?d&x)Jlu`3 zdXFS$PQH8STjWr;M^liZ1;`?V*k14mh~9Cp^J%L!MV4P0@mfA^Nin;BEz3X5UDl71LqbaD0V+8g z_s(}0oCd8LWObzQoMUZ-wL=a9rFI3Dl;rBwfa`=TF4XqJli`qiy!r-Ua2C$F=ZUO* zHVD^Q{{XzEQyqsXM|-dCHQ-SaPH)Dg-r5dmd*wP!pFet^NQ5_L^6S9Bm(NBh^)qn4 z2$=nN@uvB>0K9Hs2?N0Niku<#nz*mR5>1JU0>2sID#@J$U30+gNbX`=99?{d*qb5K zVB@|Tt&xM{uPt^Ox6T2Y3C-?kH+0c?Qxz0 zA1#Mlfc}Fu+ZWykq)Y(%+9Zt0HeOTmWkHmCxG6JgZjv$S6H~=yK2z7o3A>WXF*8M@ zyOIMG)*iV{4yU>FQX^QpUN^9i`u(JdJHpe-4b%3vZ5XgM)`_I7Z4Z9t-%Ym)TeS5ID$K4Hn|uUn2DyjyId58 zDWD=k7|1tBwn2Ety4iw9FFJ2Hdw@R253NN*Yd%u!i~Cklv1)E zfS+maQ*`iBZ-s@b)9RyKi*7YSa0YZ@L1_JsMl6i$^iZbGO1HCqp5F|iiuJx}1o6{6 z2EtM4?^qR51n6C>7@>-sD;M!tJP9}R$zi9e(d>JDZCFs5-c324np`L7s4DD}WpJi$ zen9dSl5?H?w1N8f724#Yvla_Dm4d!CK?~u#ud@x>7hgVR*bo%UBOl%L<%Em_e=1o$B z3iLkk;l!`KlqBpQ8ygF=Kz?I^X=A?vL?1#GI#tZqbkw=@O}Bxz)utEH3IB;uX%oa6 zj%dHNc25nek;Y6C$z^Ne(0LQ_KRENhq zBu->fyf}8xOujpb`eY3oLul@|o%b6lm(mtL?bprJ3IdV3N)osTFrZVa`9EPmUUNTd z`0qk9=w~anN)@pHK=2T8OgT2l1kM&P?`JNB;0?8>6XrOqqCd%hS(ra_2n#at@uY5b zl-ZA`Hb>}Bho20(+q2j(DK@arf!w9(Hti|LX?sYFhBiWzPRzrq;dyVC%WCDJbTTdzF6B#pqGsOY>|741TnSm)5 zziteNvv=uVDEZyOx$tR94!xZS+4|tKxJ>U>5fvXP-o3I3tlpiPs*?Z#KLRWOwz04#Wtg<*w78U{m&31C&5rka0F zjVwz$q^jDxhjMG^2@$5)K{5gCZoy0?l0wOe2ze}g`g1Xq0Q}A^9%zN5L**rC}_HK%JnysVIexmHRcgw85bu{oVsZC3>62`4Vm@DY_XuVVD0}-rEF|ALE8UpHw3A z_~K>gbIgTyfzH+ov2KZa#Uv>e0efy~bA@dq=WwsFowooAhp#%)iulxfoPuUPJRH>n zM_we!E#VC76$k=J zkej{O+vCK9`Uy zaOROOkEXVMWcaH)jgyv`)1F_bwf(41piewHK0bJ6COa*FqNQ$q-4)zHz3zn*HetLl z`;9N-1dba|(o9{C~C79vdw|t0&I_u`dUhU!hTD10I1lCQK(W4?lMOE zl!PpCmCRLALj^mf@%&2+vIjOqjiJc!NH~ZyQ)Bhz{5F%z+LT%4pMU|HaYG;`8Yu#64RbGiLMWU z{?enJdo>VU9Jd zGGYkx4GVDdLLxM=ChxK-v^Zy=zE?sSYblIYT+C~@8k+<(vGCgdjX@>=pO6rd_;snf z;-yP}b+s%^XAGDO2Gb=hcZw{lOx8(X+Sy8>ln?+-K1`p;7PjDerx{Ya1efOHj zZx5p$kvIPtE885YTK9G6si(Clk-qUo9Oz-atE@XPiYI1RU z`}-cF_iMrCVyk*reD5s8UqKA|f}_?;6A5XpBFMDXRS4tQ{*wYWy+qx;@o~}9NIPZQ z5Q2^xHy)li-Fxd1p{xOC0fi&6^^VC-0rk+jW}A(OJ|VypXe+J=of;zstP_rabRr$c z0MS^vP=7{E<@JghEr`ovr18%yu(T0gpvoR?Lk*CB%hTQK#p0NEWp(L4iE)^Dym9CI zUQD3+hlEj^?47Ru=QXm-o?Xc@EM5Nr4}SRv9_;<;Y{F)rgLlNH+qi86a&Gt8U1QE9 zk^4;tzvVafK_ZTpX0L#OVDv7Ky|IGYkibC_7Mdico@)&5$BEtKvs_%ah!eBk5!zZSA ziwyXHlvHPzizj@_J_Y4Jy${6RHAsVu=)5iVlrXViPQCc?>t8tHm$9~*6-o7pfg0^? zU{o%`Ofe4nb^vk$kPK-E95$L%1x=0o{2d_;*zg6&o>nnIz&tB{<@>otbjWJe7!EpSAUIHTP2#mC&5e?OqYs-)tl3V51;&J&1NJYr_3uL-SPR@0uZmSfMX?qbd ztM!azp%aLK7Og7@y$tZ(N`Y4t(lPQg}g=|A7>4Z%6tb2Y&dc67e+jv!Kd&BPz!D-r=|zq<=UL zB9euFSAJ<5(riJBLOUdcMn@x?RI6vvxMt-vtAOcL)K%8Q$$?>5;kz?};fdc9b9@mU zDqrjz6Iod`Ft|widi}bC#P|bm=^js_q>i8AvJ^cKE=#4sN3gKyjzpw_b0DZ=ve)8( z(vQxM=vF?8(zl*!jaB#>L16HNh#jB)D^RN*98r*gQspB4G_?R}(xE~+zWX_orFneW zKhtI1ey7XwJPEh#1i%JUj8A7l(viVnwB>2?IF5NpzfNsf3)4ZubkwP6C}J- zK{jhk{;@w0VLf_D4TKOrm%Pj07K!BX!6h=&BXoXd8~v{)zSXl)rM8(X)`YF`lYa%w zI*0xb0ke0e{}C{2abCd3!tnJY!ZYzw_MCRiwsmD!2~^t-Y%&%5j0W&YoNLwxI%NYd z@n0(>rx8MHSwpJf3?t>H6G|2^>unATXy>}9t3$tN%8Kyh+5vja@xi2K;gS>f4P!JzfEI~#y^3%{qP26{)f@=XUQUu{{f6cmyMxQqi1yMl{ z-ItYI2Gev9E*){1L+o+0JIBqqM=}J(xR1U@fC2bJ=E2A}LD!t2zcJ!Yx))7frQqfn zl#_iZ3sCQSxX%@zgc4w+{aOuvWyF|&iUS6j1o;QvhsCM*^j{G@PgwLTSK1BR~BNK!? z)T~E}xO#?$+zxKz!{y|_BSW@O6Q_<9ZCu;Ss)YT&&D@T<*+UP4?Zy1|IZmg~4LH7! z=&18Jj86>10Y#Uzw2`Jy_r}Bx!!t_xi5ywa*JxjT=Vgmjb)~Z-5`-BD7gELjkR%HN>yJM;j(Ak%f^ zLeHGhC-Xy8jTdrriE110f9Ut;gEQ%O5cro5=#N0rjKrVL|%Zf{^m2q!_66l4TL&&LBixF zHUtS2nh1@)ArjI-O$$#Z1$3aw7RQ4A8Vuwj-k2F3-z-UosDFmH@=$fpO=4EOwXz-{ z6@0HN$L}jDKx8LPHpe>+AC1We?%2YZ~jx<3sy4V*A;fw-Tk{vk(58>4uOZy_tTPZMq- zZiuwiv}Wc{X9`oTf-SMxN$sCtvY!spEh#jHmi?6qOERLy@knE8ds!KC%aqlhCHMr` z31xJgtCi2jA&3>&dx61XL($)DFK!5C-roU5&nqbWApoi;gJ(fw`VsPKr&>PQ{Wap5 z3+X>lvbq@N`=7~Vveq3lFfxInb6c-g5<)b#x+!${AG1|?Rd-4KVeWXSpA!s%D&_@w;)crL zR=z<|$M$^|R-0tqiMS5Yhk2L1?6iaH_vW~7n%hP&Q5(p4m3WZ*Tp0_`0pz5AO8jW} zPhMH*n7wirw{}1W_^;nRB%OBYkq@1CzWJu!k$yLv{O|^^4i4lt-fp-7+$4ZZ!f=Ke zbw#X~IvO)V_(Py6c^>lyH7UKUkFBk;*Jzo&wkA(@Fk+TlgD*Ub7#N=^mTW!Y}ISo+aZa^>o6qVo)>)b zPL#Sv^H%_7*!Ld!!nqxsvsilcH?a$Q<8>`|M44h|2Hr#A4Z(?AKD58#MgcR&tLurI z<*P0(g3@5j%ouc$i91!b^hi{(t}Ucl8@8Nqd$Oy@b__j|`rmYN(0zbsTuOW)@?Ax< zZ>uRHnC2jVWHU_nOy+UL8#g|62-?52XT5CLZd^#NlL+yF#mpUn4U>|JiV;?C^^`M` z@ti-ux`n|oO+w7d{g0)}#M#PWM=1##TA3fpID17da7%X=q0Cn5_UNO&6{!E*D^!n$ zXWr1rTI)Rl=dP2d7Z;LGC?}pd1L?ii&qfiOH#Cbs(SM#`XN#_)$?W@)(KNC^JsULE6%PJ2$!LKfq%_z85fwt;_(;gq&x*+JC(4;1edHp^(K3D#a z=v)0b;*Sv@3x>|35KYcX*{&QfI_E}}csmm*sO&s*3}V*e5aMxxJojilqSABjM9595KZ^?zbD@g5XBJugq9WYulG8c%BF?W^HoLy=R;hbdY9WpAG>A`DM$!GDU9w| zt`6G{UX2*)Q%LK4)CZZC#*si=?FDAG*yMs4bb;pQeOCThQI=p6nf4SXavJsB0la6t zok6POR9;QSG*6KRKg9N>1*G7W)zo>D26&rg{*I4=IVg^3K1z#Xpj^q5W_5889{FOcn#_3dpfd1FScs27=g2^c*hMEk_bCr}U7f5cH(Hk&%XDdlq6( zA0qW+@h&u>%%BSKZW`a;9;k3>xzd=g$od(%T^*%gyIrrwa!;t z-(LF^YX#fpIix$EuORsR-; zd3U-_(x?XbBcFi0)z7&AkUxO0v&gEq9tO$U^ zeS2n~3Q1@U6;%bFlN4lb_64h20qK#7+4S}I>g1#Et*eew8uD`b96zQyz&NZQ*ipB0 z#?k0}!_2wosb`TYZbs{?cr634^vH;Tlligr+F)A%Hf3~Tufn)C1ec0Q8p#MW>K2jI zuCU12m6G6cf92_Z1u|-ogl54*I1==C-HDqidZ5sTgayO1IIk5tUi5(oj|ka-7dK}O z@(y@rCfavc)8PJvEen+?Y18+y!xI_U)o`^%p1h(}NTuGQOO7-18(X$uwgfe~Q^Qd% ze8_3p%clEBCnF|P4RSY5%6#elodSf{K%QDt@@rj)SG@E3DgdRyLL~*Wn8~%>K&4(!gA8|DF z(3+^^}PB;&KKQyzy&0j^LRsp-55lBQPoBTWM z+<4+o*cozkL4^1UeJq`%WOB<72cUFroXg0~y|EuSR#zuo!F=&+eBGs^h$RPRHXg6* z7HR8)oe}22Vj^vZO0683)01TlHUF84oBt~n*8tRH2zmcj* zo#Z`y_I0O~FS4l&^iuOSFk2*0=%gP;YbjTLu{DOnph`=e`c!M4ga=WEe8h)OFOz+e zaVuyStd`Hg0|0qiQaRf25f%zLBR@Rt08*@m&v(LR*x`g<$}8upw~F+px~dB`Za(2sW~x zgwER%li*^Q-ZRRc%>m70Xc2vOAuNAz6*ea+WlCuoF=@z;_=2kQ?Q!6pnijeyHg&@G z1Dq*9#IIgldY*{8Q|Yt6c+uOkQTQ`3HC0m^Q^ zJ|GhF!QCTY+9UgXzn>tTdVYo#?E+z|x+TVctTcL0uKp;PeuKjzVumdPUYoq$+r1A%WI!D~UdY`myQ+UC6Gzhyt`OHM zLnfi>reo**hF(Iv8khjyg4{NB2{ciT@tp*{mmEVs=`*3TI zywNxyFRxn_MOc`PZJ+5g&kHfHwrQYo$cpj%6$VtTEO(OsrM`Aa!vnSdDT|gpV7wr7 zZ$zTRBZ4^{cqPb*i&Iw&973?DcMsPB>+Wux-eaTyD5a3+Y&t_)!Q=(jpqDN4kL41| zLV~ZJflS(L55BLoASH~3?^*y(Yu27ECv$x0C%>syq=M3bfL8FIfdT9eoKTwU_kl%3 zGUMUc-0F;xLtZ%YIK1HCc&ZJ)^{+>7PcRt{#Lzya$D@1k*B?87{R3hR{zu>}%_D#9$Kz7Bdhso8h>lI|@?asXrig$fSMp<$uVeEoP2?trl0vR2Nh1K$9LJ zlUm92yj@O8NJ)8V2|(tc7e1~PVD$t#S2AkupuT@DXjw$7XaRHJ@Ra$+_-Qc44gNRr ztACQ+qdd@AYhW6;rwg9+G}$9(9-)XqQp}a0oUZT=grw>8t-3l5p;PG$@E%a$YoW8* zjRPQ)HBhXU5#Azb^2h=agt+cDFgY$uJl4jv>Nz3W$`tO^)DS}Re>;?x2$YC_hSDO; zug1ol!+36ZJK0GQN0}7q0?7q7XdA(+`TvM}@31J=FKZM<(W8Q*A_4*)5fn)ZB1lFN zM3Mx_K?zL`0!?m$s3;T%Yd>k zScW3jo}(+w{-DL8v8RYXmVyjeYF~kN0`|tBw_*GY!*)3t9~s{M<*}&AsTz_;NQM92 z**WY4V&2;S;sPSgL}u4FDLtwqj!53EAmmCi37|+$KmpBuIR0EH;qy8=xc-QDt|;X1 z>f_P^-k|jLZ>qG?|C_3`YoULnssA@sY5$N1Qu;og9S`_?MTwG}9Ky^Ty(W#=n5Cy* zMCYfhQ%gD`EC9v@9f~K?Iywy6+Sp37>`m_@y@-ZMfDSKFjmc@LK8w|q{>Z6Hw zdD#3L3rw%OB)_+w-qESDK7z%j1%rPH6M(h}8z7w;yeOxIo`3p_n5&f-t?cNg;C+w~ z6GzX*e9@kS0=I$oc+RFyp38bNQfrt)2#3j7ua!nXzoq?si8lqhfZB$*ETh^Y13`!-G5sCi zMWmhV4|})&6){}b|A`oGddGhvh8yQ20;dkSI>_Ue{$z6_l_Fa24KNNOA1k2+eDu{W zl{APKAO?boU}9A|VzFfmkO?9*GfG6m)6pF!`KD)Vj4G(nS1y7ZD6@z67>s*vafvV; z1uAV{l4EqWWGAM2kN($6UPSaC3>(12{1(_yy=TZadEt+!MI&bCreg-r!JxP030*`0i=+|HHL7u;ll4Z35Z7J5p|YBH=6eLks-B9+PL^iURoeBJ3}F& zxTvVt79hztA3-pzew z17e6$<-bs8Dd-;VvqqgxPQ!t5mJF;y6(+b)Q(VZJZz@TtTv4w5+-1H$;tO8%$o09*UH#^q(qSoo;r&?JXMEkREmAK zrn3U&TVR^IA|wce%{IIMn%cUh?T{2s*a;d-^MEI?8@Bj;$}d4)k4JB$^ok@keB{B% zi#tM&*5w|ktho4gK6=y7clunD<@nB_@@$aOfy($XT86B_5GV7Fia0WzAp_U8bH9m1fMIWOl&|uCE1ZBF_TAeg5{(PIU!Atlz!^964Spu)|$+r$(D&p_|7=KkEH;CT#sGHwLNUM|fR7jZxEFkjuZTO|z@kYZi`zG=UaQ#W(Ug1> z=5}DCOVa_O@?gW3zK&vp>Iogy>|um~TT^=sK`w`4lo1aY1#+qh(Vf{VhwpB!aDu7S z*{Ang1EKk@i*<31SJG^_12EAcHnwMNzrj*GM^pgrG?Z$vT=J@>m!%GOV=hyDp6YG(-h@9nsk+e&9y^1%R zBlo;t5=v!!e3HEA+{c4tQl!>u!Qwej*Z40a-8x~)APjn(dHu>)B5U5@lRwPa7j zDL&&VH{;$2glGKQ(c0+~#_0>>Lk`rlLVJDX9lz@CYe_}oTp-)^Db&qDzu^O=syyL5 zi}4fVwAT)6-JKv&mBmZiXwG{f0=z>0_yFP{)tc*?Gq;+0Znt!AjVA=I0JKt2baGv; z=DsnP1sY_C;22;Ih=&_AOLpM3p(V%=wWD6sXi*utyiwk-Z(FS8+QvJ-57(OH%Ee^iPr{Q>=0KPNNF3ks;qL_6hB{vZ#~LidLAJdgA6MAo9JRm_>nU4dB>j7S z*A`=>41S;Oo&`=1cr*j0&Iz0|^W_c|)*#jZ8^nC<9yQ%y3nU*qVz|7#4AKs#K}bUK zfD`LT{Qc9jsgy%6oEwl<9Ow+;Zr@>LG6WjkyCZGG+7&b)(AxlklL-cdJrN$Qw4^bR z$&kVbq3F2C#>i?XSVh;_&40MF)%6kri9mIwKb1GL(h#Z~88||*ljj2Usz_htIj9Fj zv=$Aje1t#w`wz4USu$K5S#iz51TGs^YuAWdd~-{z_@T3C z8<$=iS&`ddJfz$mXvmN}sXT175idHhmJoA{nK=lQ&PXM}cH2K5f_H+1^9j@Qzlu#5 z9Q%6Sj=``vbmeWG3DT_Og$N*+I)mQmmwAu zzsbwJz~&6|=yn_L*Yv0dh|vdhA%M@wfhymTFXVocEdpEL3ZPA_3nZx(e|HFsMbEH_@ua<$pDjAZqwPJFW1c zA(-#}l-Q;Al}P$mfnDRsZq$@dsVGCBO~@9|T@W_();_#Bx=6nvYD1%C{g}@Q6y|R1 z(FJ$pY;Ca2=%~{|5eGC%W{(c-a13!rl5UtY=)8(Lfhfy#f0YLM*+iUn_diLre>J2? zheLw-1%%=s_Bn8Asu(w>k3ZxxyNP%NGW^umJ+Od??`~}^nrvoDkofO51W5dmnWC*T z;)r+kb&|e%5EXtR!lGH0jraF${ox>r2*rVRe3O`IZ(4o%J9|duyt;Rh3b)p(p)(5` zmgcDes!z+92dszv%hWS{N2;xyMkn4WJ8|Vmkdzi`xlFSr%3V}YDb(8-CQ{sC7WKUD zOUX5!kh0QAg&V#On+K`UVTm&kS}NeY61B`u%2IMza)DJ-mJ1a8fIp>(6+ltYFm zkDvChD#B$bgo>=r^VzFk0&7jan)9hR4?uiJ?Y*RyLav!N<$11Jernu8S;hjD2QdQe zGLh+N>EuC_o+V9mRiSb!GuGn@L%m`WsvS8oQLVqovrED@r#b&q^6ZO0$g_lI!4lAf zfuSz_W#|SdcK>KADS!<|je-1DSb)euDR%bJ_(YChx+$g`T&vS({6EU%q5Y12|vbx0SUw7z@ZQQ57axO#m@J}{hcf88~TeY>-HV`hmVL| zYYjJVm~JO#V2-hNk!#-2>CvK#%>7HgvqJPPB^j>MNsRw>WaL4Y+E>iLVjXz*(06+U zEqF$ZeA_uKZE~WH=Nn}VNOK}rZ}i%~(P|O80-_mWd+rl2zu+ZI%V?7hSd@JA`tC}K za09K8ky1Cly^HNo`;-E<)W>u*-&{+`fgRjyfCU=8mId#~m9`Mj=v_v;xK|+8i?lz+ zoIwwD0|K+XIVGM9UB1pA!=s|UI2dJH2hH`QK4|WYfb@$A6n0}ug738XGG)%Y4GDqS za2?!1WIhI7Qg|zyLhS5`$EXxN#JJFEyym7&PgmE3gTv|cpkv+b9RFTc*HUQ#$ty-J zvPJ$ul%4y7D7%;9z(L>}^|oCm>jI`M)fqofF(1_nk~^S(6Ug)Lz}|XZ+;B;#>ukUu zbHzTEXYY?ui=Y zcOt;dgiM*lXR8|L_A)sMh9igd&pmzE>0##f{t(dmzpkX z>N4OB@~Hn(P?!AszZcY%zcrng&2g$AF_O~W0GO{)BSqx>(t8QwW)xX{`26tQ&g9MV z%O_^(b5^ieq>TXZC*J!C?Z?f}t1TEd;AXVjTapVtN07oE5F9c{`rrR9se7dj9)luhx0K!N`7~c0Uvvi7Xo%z)=`!@Gb6g1v}WHiCtlCdY2fV?;f{MwX+IcJ|mkq(L7JW`1qXmiG!hlJ4?#Ewby?%@u0C!I2qk}Zt_Qph zGL^i$HrNM<{(I{FRM(9(et1Y4I7WZh*7g23ZC&es(bg?U9H`Pdl6T?aKqdf%$iR2WJ@t<7U163*$_5&UTPxDjuH;zNh8nu}#w;S&Gxwekv4F-$EMjPJ>O0a64o)!W zE4Z4B9+EilV|*#O+unTjnH=BdQd_bB>mj*-<&^oB5YB=-p zHqr~&qkS~Cs@MKi!9PstJqt~=0k)h}Wd;ayAYq4NLiFjLkoc}D7C~!D?zI()iH|x? zZEN>%C^4z~HBR&o$q?FWPwn&PO<2m`)a2ylrCiD=yNpksP?h%AQ18Eq8}^tMF1=Ho z&zBU(yYk&}{A4D|U?AC(_fQC%;wR92^sxCB0OhXxF!b#Wz~igdVkRc8-@wmqzOm7SA7x2)~t)_Z09N?a!tHEwTH;hwrOQXk0xK!Cuf7moWVY*>zJM zgPQ)2b$Fpa>oFt?N`KShwSIbuKcmKT>Z=uZJw0H;A+Qg229fE!o z`gbn+?FEUCFI^No*6jybc#51BVPDqFUcD;m7y_Eb;#6<$!CRG@*LUl{%iib5mdI~) zv9-CG&V3&joLHcLder`J61-3UF2Q^HUnF<~z$l>0I^v%yykBH~^*I)7Z*M3Y?Cdr>`2l8r+2?n2n}4KYU?NTi$urQRky3u395L)y(HJl4 zepj1FwH|>9@D<)=S}LxcHwq1}@fEGi+3$khiF4H27(E+qzN-&+L~1m=<9;590U)YB z`F!yWz{Z-ldYAlDuqM;qO=YynoiXS=%K7iF2A36+9eMi!Vg;TWVm3I5ChCGMvV*8dWUUUz)O`e*A zU_|NY=0UgNdHV!#ICwZ57lg=l$7W`K6lT-}fV`lF>=;60W$*n5jg=1NclhbQ&{#MA zTQt`6vafL~w!mvM5kF3v_s`<rcoDtg^mvHgv_qK=8GpjffxFXgjttQog`mfHsUVQ1}pjLJ`O0eHMvL4 zGG;#cLtJ*>p78`-a&G`5t^_wT3f@Wxr_RnX=8G#WfqIJJm+WR1mL<973{Y)}lnNnO zwPZ1_Ay7~NJ!>o082?6LR{N1`Q*_i#fJ^=^ziT3ixDo?Zu!qq3{oJESE8nNBCb(to zFN?bA74|Q$;qlT7W}pmsE#$0J){Sm%bup|ufGg_zh`P}j9zT_GXH>?2#YRQSe7G?V z)JhkdHx#H4&SMl7dJ-qYG;&P>+nU=YQK+Xj(#L{n8L-7Ly*64BF1rBNU9vx&{Kv|O&+T0B4!LgPZUL*HmZbfJ|D%!|3tsnmdqXy;n`PJafl za6w~cN}=Z`ef7uVQhg>R%hLVYp_Zv+j3AL@qpe8>dQ5YB_uMM-a?T&(mXdlD296`? zcwn4=oE|3~2hoxTYoT3AClGpwW7b3F@t0uBcV4Vql_I!#BCA<0xBwSvv$Q_UGmfBi zzeC;geBSJt#H`^0wVg!fQ=*z;qVZKpd!b8tiEf{F0_f(F8$UIN*58<|Snd2lHoUNl%^om-TZPu)!#=YzI5MSoCI(lUs*Z`;m(2UBZ&*rU zZ0~p@ZBg>xe@W*~;SZgo?iFG+u6+*nL=%8RlrCQ_y9>exVD#4F_JaLDF(OJ(jCl*; z<0$_*P3akh_Q(g0jC`$j1Hh=QaC#oMe3ibY;+h1{qeq_zO5b~QzQY6Iu~E;ka{3Q8 zdiTuuEP$$P055;(P2ECc6c@-5tM5Ymv56U>uZ#3nMFyvhRY8}Px@PMuWz-WXt2D-K zew;hJp?Sw7d_U_sn{SkecwfH;qGU6<;snQfLdgqd z0~K+sdKAGV>k&!UDFV1`&>48IY)W^08+$V4h`%FlK+x?!RTKnrHuWI2 znk=_-1=V)?x?C5O>=04TiZ&GVDGIc`|Dyr8OM#tT|D0sQALb`W&?Ty#2IVDHZ0zioN_QsVI&iPnBcUTg(h9m~ zSbxcEe>OGgQOTZ9_xJZ++w&;0^_UI6fJ6cL_D)m$1JuHx^MeEARq;WMo+3?c^Zb_m z`h4zuc)o;tnLxjyWaO24vj0i$WVGPJr0SztaXA&yI19YvpovzlPz-@Ls8&c&b-wBJVYE%qj~w(5zKWlweREIsn!Qwlymi+7=E_(w}r1%?!%|Qfg{!>=}*W zh_JBc#f{-%O>0#h9ZTk{dk1EMjPll>6^%4od8JLIq!88hdYs@{bO?WE}?6gg)Jw*b1S~&U?v9Kg@hc zi`gAbDsMR>C@(NV=$yVZ@ko8UI&bCyGuf=X*zi_)`9&1@0bM8QjT#{p(+rJ>Z&yu5 zHysDw7rJPgFb)zun(o^VEt%s)iSc}gtYjY-ed+lce~v<8ri+h519L(A4UfL3_o{$m z+!XzpKrf=oeyRnr$;CIT`!S>s_g|Xk7}UPG`JIRM4ruXaQYl~`AnYpKDuF1Wq?4%2Z9 z@%DV-6@tk-?Gn##@+<91t+Ejus&~*9B^H-Tqipw(kx5(# z@Z7@`5zTwpoYqAc?2wjIfZK}oT?U$;i6%_7sQDIr}JHfxx zZF3v15e|RMDIHA>4L#|e*(_DLnHqzh?UL+tABk(O7fZNwN$fH$x!_@KeC^#%pUL^Q z5dEm)J!h4VhbvRY9j2>=Bb%OL2U!qXV>NQ`Ph!=BQI6qmth~wErk`1_D@3V!rur^! zw=vBsCEQJXkyoQ*knJ%WkS0S;hP(t5SXbh8Z}4TpH$YwzriLbDr`INggm02bTKw8( z%Ix#UZ)A=IDU$9Hog#S!8Cn(w7|nZ1`VVTIxae-aqW`(?d##4vgc7WMvHq{UCC)82Um;xh^~WDS6K_(dQ~YDg>|Nv&|Nas>`PWzY zwb`5MR^qQy{&Tm)n|f<6cXm|!nN`z9llZd?oZ+s%-~VlR^-lXOL2_H3coXiuu=CJD zVRb^x3&U%6?@i*?$FRNTrRkZOExJd3eUQh(m>ZtULAkB%*Y`rUPQ==Y9mqsCxczZb z&#Nxb9#3!RiTU-G*?{A~0X6-sh2Q^cgQHm@y+Hl1-@E8oS5h_q_RsThzi1tP-MwGC zz|Z5)1CU!Jh(DCD)up@dtpC?VJ!|g0-iH;>C5+9>3t3kG+SOZXEQAG~mA}9K*RJ3H z!flY)`@^;Z*0)pJl3^yIE3(mR0QW9^?oWd-Gm*e`3g4z~z6w1P?qU9~;JYbDMum zV>jJtq~~>h;bx-L1^a$Ws8Pdt6FnGx?|k{B60y$Y#c7hjlYOm#*cNsB+gaw0_>Qr0 zQcnciTQB{CZ4Q?KSRCw+ujtVrOH|lc6Pr$obnG-6-x8`^`)&W7I}2HQat-E-D^Wr; zf)+M=C-&a>^I7wz!opNbzNj-v_v}kT&DHM`sU1mh*1WkfdC|1BY4E<;AG@R%<-d6s zp2ghQvxj$~H!81AR;-p{td#BikIyYFUp=(6w75^soj9c1C~o{c{FM{2B1P#U@-2E< zuea->$1YvuynCx&eX6rbKtuL*ctm(6OoE;?G+ev_!6Gf}m$XkVV_YX!K|Y_&owU9% z{IOrM4v~75WioNE#&UY~q$;#9B+xox(CA`#cSXxZ_&^Zz>&4ufwEEc6a);(*MVrdv$=UG>k@QHIch;~uG=4Q;6nDmUZGJkcR zF)O1hm({3usoBCom5i1Qs7*g#-m8(=vkzZ)=FMNncj6LvSg|8nshQ|Qz1WKIjkcD1 z_6c=FTr#a*YbVX9hiBaDUhUl{=jV*&eAl@XGKMsmuL%@rm+)CrQ zm*+ECWZ5iONl9hv)-p05;HWm*siE%OHR3mO>H76%U9SD)aZjn}lC+#VRh*nk3JMF0 zVI_0mll|N-Fq*BjOUzKu(M^GMB>D=Afm}GZGVG+D?IO#E`Zl~r8!o$=u1Yq*xs@Xz z70LCZdv7P%+ikkditU&PJhEn0ExXbSIi_bRPP@0Sn2w6dyq{Ua~rnSuJ!cQ zYj~X^=eQ7g<@Y^kO3Ig)Vl~Wc1;C>xN4vbGSmAuDoE&;8UD=6l(RMIttH#UVcGm!` zoC_FZQ&Y?J>=GgOxxTD4y?C@$J!^e#33S+mbj}nGH(Rl&7V(;P3XP6+T(h*Y>Sgfq z_;@i#p@^3YjYj8oI*gP(yfm)KUH?Pt+?DTbrxRIk<~`pc#0Bg@DU;ca%{ls5+`9E5 zN&3x&JMeT4q&qq)nihJId5gsB@M2cO@d%TC2Px8J+d9G@QkvGV5L z0kX5|q6PNo%oOGJEspkk&yx5Id@IkVWnkYww8-{QJ>(g&R%w#Ip69N6V4UNj_3%!ke2#ydj43^W4iQy_F6s%(pJIQx*T{n-y{5XK!3kFzkooN?RX8bL7;}35EdN#W_lV`Tv8H!tK3C_HeT$_ zS>vcEuD+<}SKT|@&~lUuFZw^q_dE4Fc60<3cbHsX6<2TA)lA$|sPWhsRoqf>-npb; zCR+p7#SkjAMlsd4s|hpEjntNP!~RAOv${k2M@#h^9>(C?SK6-?4OMIuZ}?S>w^_Jd zVh?Xgis_^#Oww&8) zs3^t|AMeG!bY6X0T`oTJ(iIkq-^s~Vnw}XwL`kmDXTws$WqgUx!A;!3`|IcDyFL0d z##9|^HS3<(d{;`TwS;93Y|Y6dvG0bO#W5K~1+BL>>~!=H3n53BH7AK2u$1p0MmCx) zu#C9vCwGW#w5AGtycKZLs<5ukh!IwkEXKC=t3l&(rB^r3Dis+;G)^d%kv{2^T%Ry5 z(JLZJTQICvqhfTj>x5qrT!kW7ucz`kuCvdqt1}m_&!BCtOc2voF%}uE8_l@4Rm2QOVozs@%n;aB z#II~vhqDIZl{tOuQ3fTEq|ZYMo8|7+Fk^%s@s z+~Uq>n9oqK|Io8fdegBZe7sOE78|J9nXidEy>Q0ydn;ZPHTq5PLfmlFc)eal+C^6P zBs@mH4daT5pEk82(BxG#er5~)WPClg9^^2++q!`E-y7i|k7!fZJ;ptwdv84H$#T8QO6 zBrQOe7QQsc9T5>8ublJ}a>Gs1&bz_hugV4n%D+ zWU>z(T941xs#X0Mh@F>@^SN0W2EzsG^cop8{OUCsnHTc9e0FVv13gP*t0@8Ty%Jbm=W_kY?`No|9Z7pC-<()g43og=_vN0qg?adpdF12-h)IOH6cuto808b^grzF>oC1{@17IcjW1O<;1aE#)8rbPH^v6i-MlL5 zefUOFf;aiGggCFw!rZNnGhF(mN-wYrs&#oSYyGP)2+Iu)yBiSGOUN8_CLfC~z&A~& z^;OyWL2{5*-D--mK=b zspkcMlTDxNZbf6CSA**MS@-GC1op17aeZ6GnSL(To7FPo$+$F|yAUkQ!WRnj9QDvh zY+L5pF|73(AKH%-o>SI%)pARg{SL!5tv;pEM4Snh~ z48&T~;ytT}*y8tOG_(llky72qAKbz54HRd~sOMHVD&?mI5RQKzDS4}O(T=fm%+$7z zwR~eX>Fr7PnDYq+w{ZYZ{hQTDbBIF z>Nmz}y{*__OnvcMb-_nR_715srf6eOXQ5N8ZuL%Gn@+!H=A#)I%bq=bJ6{ZRr=%zQ zlnk%?8J07-5~fIaCXIf*&L{imgtoj_3!gbL2FtKjXdcMuxo|Rl@vY2)*nJENITJ#8 zG^UeS^UTCft8URdIl=mKb2!Bo(U!z03j^xKYxlve;#|h*P5Om1FM5McPF^?jFSb#S z(b*E~zMHnj;K?Zq;UI3}>4iS`d2;H!PSoyF#k4DdKd;8{c|TkJGbe>-8_rK7>}E_k z$6qr3-jk5=_N{TBhko+HaH))ZK(K(A(oMf3-TgVtCDj6_MU3~K&_X5%lOA3^ORcE- zHnLn;#4oY457Nw=w6s@CD<~)oRXr@!>i`2I-QnK8{)~(a_VdR&3{8G747^!qWe^n= zbqVu^OHx|IDD+UxI7e4IT~Wkbry9_85Lm-z#^trOrV%-_^)Tvy0|aPy;J4Ha)wBUZ zH7wi<*Zdo@$KRV1QMNuVk@i@ zY>;YCKb4->w>-44?uhMQOq|9D&zp>TkkAF?vW=FPdLg?IC9&vf2?q74nZaYNH>K@k z;wMl_+IjufcQGve;f!$Z!ubr>aVm{27ga(fE<8NrJH}5oaJR62C62M9USlj}vUpf; zSBbRZYq~&kTqR&{z1H@nd!STub@qKlLfJYNW~nWb4^f+c-ld)9t|{uAHAHE8J-mIz zGMUx$#;x72ymvxlWq)6AbzEdip#t}5DhcC#nf2ypf*_2I2N4B^YGv&Z>Z0#jZD??(~@WTKUgpbCHFOV*5` zzz@vCESTuIzr`heQ*%GmEtgxaA+up)PkFyLhm;?^vG8s;5N#*TL{5!r*t?(nLLk=0 zcH^om49GCxk&oscDp8nNvPm&kvT8l{Y6wf!5Yl+Ir8zt~cXAV^8CDrlxbCw^I9e*M zulgp$hYjtpZ$#GKBvIv^DBigWwTMSf$qFNOUbAz~xK(+<9TPvw)M#;OtG!-d{MvPRd_GJFA8)BI#cl$L>aE;?Vbv$vdD)fm zh2;J@7}O|1x5+uNepC438Pn-*Pt{XVS!mv_Z*K42#^lvjq^#eA`MVs4q9Bkz%l^2x zFFQjbCxb6eoGiA-TwPsVy8W|>Vy%{%Bk`Q_UCl(8O@{~TKHO@Y>1+xjhTh1=t(S@h zUp4DG%YKJ+F2{K%@$&Eop?EL$9}&+QSsQy}zXY~l!q258sG~2t?I?K>Ltt`Lg}D^2 z(wQFB!?mOZ2S8-IkM3;xO<#%u{u~1*4;T8@LJYb97bYOqi5B^yvPgAC@Ulgv6wY*d z=i|ZwvZ_z3`_3T9fn$-T&HKiWoQt29rQ^)f3lDVHZck_t=r4CT&|l~22oO}%*LoFw z^xh!(GBQmjWhly&h@^cJ^9}p9T3N8G>2q2?YADu_F*dkS;xSFx{ryih>l`}nm$<-n zhavw8Qj89!fz!OsA#wXV4&9y=UH5sFF~*4!tzL7K??fpOaE_O{j1N4&c)I9y=#T~^ zDHHUL%k=Lau4KxszR7%LwJ+Q*!7og?lkV~{rNM6EO_44BVYab787CSUAm#05%9g8e zdv3Vn;nJcV8ergz4~IN5YPe=0=jW~VnW@1&@o zkgQtd({wxA;qxJVw7uf8sfoWM?saTx03MWY=IJ>K6F%8fJ;D1a1{3X#red7#-hEqO zSRUx2=lhXBn`VdMxo_<9Tuq(Rx3xpk=>lION9_4V$M6ozY}L08ZO3z&pIG{7euC!5 zgYV@MYt;K%b4$tlV-wJ2J721%Z{aM1A6xz$ke{}MKfZAF)Hd9-nZIq>pH12P89^X& zm&?18^8&Z_%-!SAm(_@W2scekO^2yR`_I-8Zq?XNU21nVQykz~fvjXRtTRam1dKzfv*AfDT%SM13Nd3>{AC{s@Fn!2|$i$wDYj) z-VXL}OzzuP`mosHMa+iYhF7Ypsw#RHvoYK_MME%vdKHJvOBD$4O%5baV#Ew?Pu#Px z$fP)OI&ps9>Lr7KqSx+*R~`+AzKW4i@}U`;ilpt2n`=Ev#i;h7#|nFJ*{bl~l(%ow z*Pf^l+MDdS_{b*>t!Zz~nWAE(i1|mz6qiNz9GGb9W6tf#4cf_8K5;Xx7fIv?owHMK zRE7uSr@eV`_0<_}mcS3jlJ=;}asUHO8dzcTqYuSdn5zY4kGzw#Wz5JR>LJ(qfx-hb zDjQ8YYx+m3C$7!ADEKnz(q8L2e+F`UocJWWJ5drQRZY#FIw6DpB6HdT7mBypoHrq{ zQne>uW=&b|TaG^DPL>C^@V0jsmVJyEe?*a^3Kp2qYhSMciXoWlU3@!N&T$B&^()|sllt($s#|I|&>yGyW2@2B4w zrn|->3zZegqq&7?A*02{u^c@pPQwM6iCA+0mVrx?WIOoBb@;LuldP8E$R+Mt91AUY;*xAkTAI4nQHS zm`yE-ic!e%vay>i$FbI#)wwaRDr|8LfJ8Vv{$}d2;?x1ha09iX+YZd}Sz#O+<}2TN z3R%zlUmwj#v6X%bJDuR|Fx~Gg`+2}}IJLC+QI#j*g~8A;mu{Ja`}%x0AedG>ha0ox z<@D_`u`a$RSi-e{xXS&8eW{bjea$5XcYxt~SuA2K#s z4sgb8^b>h{Q{4SICa-z_K$|6k0&E;dN*00Ka!|E(-o(pgfuB*#L$kabJJ1??$6s#k zJ$YI})4=u)8z5Z6b%v*AR1cz}kdY3Pg|7Hn6s)+JnX~Lk3j3ez2M~5VepOhT)W$4> z6cM47ICSR9(I4bTMJ9;Lw8&TT5;tPjkbU@kY`owWqzB4lKSXFwo&p4~vV?tHGna-Z z=Ptza4S~$~OB~uQ1DcxRRmZRFH-q6ZN}GK_rYc;k(einUp5dJ7bBhyXw7Ht`-sE;D zK(ov@m6%i#Jjt)FW!gq%A>r#O$398Ap7idAgrkPKv^TsW2k(k+YCsBVjMcg}v1$mt> z#G+=r(DCmO8d79@j62$2+!!6r7v9M~GGSkqI04gapQVJ(lChwAtzg0CoRdjQ;U|a* zuOEmzeouf0b=Kg|^+w;&JVffyhH$dzjH!Dq!-`v z@PR_ppl`R69?ZoAQ(q~Y>mRmJg&Qc!l}>Z47>)PKU07+D$tZg(Xh=~6E$2-$tK|(i z3QGF7VAG=Ksob4ZR+wMUaCVBO$n<4tbmNq9i9=OeCs!~$0a>A;q3^W5cZBw-s}I+& z02H1bU@=bT_T)QrJOcr3+VL!sFH>t*{7!2ynG}}Y-OizKg zVo(6$ts&LEow$O)m5st*d$bL*UOb{xq2UxJRcub9e$U>`OEnM}r#Xq;8rovn5!*A- z|Hj7xwdMwpGp;ACRMg8E$~kuoE)rr{Ml%xMNr1>kCRk)He>F@=t>~!`fWc(&PCtpH z`GO5f^|^V3^WF{}i?<2xlR>s-U5S#vt15*9x(x>MYdKX_@65GgVqzAU6Hm?b?2W=~ z{Y;H%=BHoA0CM+@*p0iV?#>0^xoK*l)UzqSBy4`A14oLdk^!u;cK!JyM`iZ5qk#W*L2cRA)m za65By{P)-WOWsoi1qhzXuj+6LRdro% z-uaaAB_phwem+&lW21$%jam25&><|Ju&zkCPqE@GUYx{Y^kHLPUTBF$@B>rjZw z6&17-HGAr>7rJZtN-xi2PquoiA!u8}C64!3;BnA1uzY_RWB5Q`l}g$kmP91^>}$64 zUdRg4SHl*`n<#EZRkz`GWlF?s517}hjsrTqE|Ic_EKx%0kL> zTx%|DZsXwieTy#bs}7|&qp-!k+%HnXeumWuG6QezwR|tQ6^-jl%W--EvYF15fhMnn zj>R4?2Vh2zykJgXTk`@vZoczl)}j{X!siKl0NV*nn4l~#ZF

^29tOwVXw1KR14U zs-#MM{OFZ8m+P6EoJoXa%}&WQslIj*@srsGd3(~x1*(aDSpLqeyeAA+LH%sckIy+v zyLWc-ZQ981vy|_;Zlnw(n_NadX*|~UE|gD@TFumWmB{(JM+EORsM^fue}b~v$`;9K zx)@S2H{x8+;6nCWhK>U{IobC+_OTqIxC0gpm9NDk^3Zy*`3W=HLjfc39QE_N1ey}TEg;XNd=`v=+R+igT;vIlrRp1?n(y3!%G(K zi8JYVfzsl(&HL>TIrLTa0!nNAoeim^&|!CP9}wUy8Bd$oXrSd_{#>syZmqP)Df?1* z{Gm0iEP~U-Usq|Y9bj5vWa7yq9x2;6YOy`cykJcXaBtF&09X=0MS*X1{&s&QoI6?&%eaKsA;tf~P7Dx_bj2N9I%Vl6B#H#{}=9L&2(4yV%BH`sGu$e`mr zPa5>}Lr5A3zD{lN+By083*t?ta$v}wmD_P)Pf}kVT*8k}DSKMNvaW7?DbMvT2Aa%8 zVPPEv+WJ~w|A4$-CqF>2{e4!YZEjqGKEd3WI$cn}r8Cum=e4C?5w!0~d z+?s~DP!^Op6a80a6UQipI$-b;BLVd%C(0jQn-Sv~$VlbeHKL3fzP5C4^)vbU{hOsl zp6d#mzdH!b&6>u{vvb6KF!?lhobB-IDHnw&fbo`5Xl9$B*m3|8vP5870h3_S+jd37 z&Rp|eNcEn7gWW1pO)7X#6-8)Z?5Dl5Rk>sq3f$Kj%<~FUpS|GU>i83bN$dc$_ju15 zN`GN+F}&Vl8?Wu4ssl(UzgqYpVF5lF;Ot}hHPaJ;eL-#JS0}lKEhRXt2aGF^HdGk! zOuIWI9l5O)#f_X*YMT`vD2UsQ=vPat!>3R1Q=74W6{yDdlpAc8b zIGK}I7_>$&*nxieECM@&qLOmcYy4m$X!XOmI7^Q=cQ+U(ew{J$!TvN&thjqZojrm( zWgRtm7u21l_wl(Cm22FtK9(i#nry92&AOO-R#s;e=6;ti-mz+(h5ZBi{Ad0F%i5LG zZ^eG-KWDr=Jz@iNh4q;)eH)+iVr)0^?0j26>;Huy|M$9$J8G+6H+r2vC$Dei@McSV zMd(Du<1Z@GK8b=Kspt8i^`Mlz^GP;P?6_v-1&EpOp`I@bY?KwNva~pHrRQDT9TmL8Ip&F!&dibHDo;HOu@r%Kowx z2N8$0*(}izHy2i~cly9PP_ffpf{d~|ELnQ6`FE%9LncAxT3YQjVG*<{PaSmEzP`ZZ zl74uIk$QZ0jhSWMUVA4WFQNr$C7`uxa1eSS<7bBsAJS{&fB03(omv04+p+&-D1z7u zpXpczq(LifOtgU9IG}Rv47vC?@C;7Fp*45uU$b|LoLViE`sz_)8l+yk<2I64?YRSQX%pCo(lhfmeq;tkMNLxsZd*WJB4Nx6P zk(NIHg?6-O}Q!dw=%3Ml(+e{jK$(pz=06 zMt#%&Gq>WGmOW&uW%wsyEglfhtEuQFL8^<)F!<@c-b;rP4krZePQEnJ-U;#gd{j(=KbAinbrGRGKxR3R z;oEzD&M-lVhK4!v#h%#x0DJe@-U%i-LsamymRK}K_UfW3|J@wOIbj5`HY*B4zLql` zj_PEVnPO-y{+dEl;na58eHeyAgDAli5-VgWxfl3I)h+(HCT>RF$TC$4ooc`Z;NR;f zu)rt_JI%in7GBNyTziq$6bKkSPT!%yX_J&C{_T1}!bj$QF7$vSnp(V%X?3uO!zHV!8gV z5Wfz8*l=4ZT(iUzhXfSvl$mP^sUTkrSU;~jZF%G%i`OS_m}@;6kG4KMF>+s#`N@C> zBX+{YMPX~d?!j}TzKV|l{B68y^8;Nu6|R%S_JyqL%AdT%*}N*>swFVuz1k zBV0JnF{0)Ghnw-et?IRR37C;&uLjI1ghD!0@}v|=gM&Zd$Uvx=uT?5J(+BJRxzh;2 zkc{lCKhX4qv*`ZdMv*xx#)^JwSam-##A-ahXi$oA*e?EO)W z{eNRGHo{l=`|CeqQ~rz+2;{)6xL zM4*S<4G_X+X67Y_E5FWZsn{K#Q`&ax3g2S$pJ(Ci@L}^zdOzKt6ib9fc{`C_$@bS3 zPvpDvttaMhwA3z0o<>goVp&R^`R6+!=lKuVsDGaMpL_ieNv;3qAM@Kp zEkXJv=7H7-&u&pON}2JT^^dD2omzS46UKG>9&GnSTtdi`K*2%CldsBkLLnbIp8;tt z1?&Ws@9E*M{lGjXN97?r0|y#!#YYnSzrM!AnNO51wgxhlZz&T}V>g*Cn?|^BVWN_- z?<*jjXOQDo(MK*lIU%Pvj27z3X=z2xJk(h%UT4TSa#s1jN5IrX(mTm{pbY@uHla_Fgw#eA?%_|S z=b^b4fnf_p6GER1PephFM+H(r%qZSDEQ{3e7xctbi}S>+Y!103bxO^k86EDdY=*t& zlQr;M$}T^o?705_u=n0!QD)n|E~ucQm<3S~1BeKMh)5DJBO;*W41&axoI!#Sl?;-T zft*Sxauh{CqNFOx2oj3|2~|kGV=DIQUSXfL&sqDq_dfUXN4HHQ6jk+obIvi|-#akh zQDYg(gLZJ_rNcYG%MRVGbf7@q>OeK{=A5)mU0!TvLl`Lo`hX<$)3U(8yaF0lDllu} zp2+yTRmKmIjK|t$?b^zpoBqUNdj4lwOpnz6Q5MsK@b9shyvn+rdD9p3p2c?`Em)?A zzKDo0<*}#PI`r+4_U;*@Z^UO+v7aS7b2;JQ^>~JEaBfj-eTSvtKLIlp@0;R7Idq;3 zZx>gf8Wx%PB%qKc_YUq;RPP>he;QT+uGTcgji4F-V*Ht@aIq+x2R)Tu+fgo+MD_h` z#bwQipq&xOm$r^@re{usLQ8y~gH)LY0|wXvyYD5t2)XpJY1`E74-2(7zg$mr&oDO$ zAM0@lE7))Kwj)by+UOf*td$eNm?-Q~piW1d1*Po040}>w2T{<$?tZnDr{s(lY&ed? zsXC)gHVq+~-y5H@!Re@b7RNjr@R6#O; z;?-mNey=NV@n{K~zQCucVK(M1k1>`hDkub@iaVze&*;p&x5L%54ilP1#n63194_>c zUW_)rc(6!bTt@%hEo*on{P}YRhykTqYQIWJNvUh&%W)BcA~a%qQ!_FeG~-bxnq3NB zF)@N)N$$x*Gr=m_A#A_NkXM(URO~tA`2{FV=tZfyE>hYAOQ(F2u-@KV5zU#C)5cx% zk;_BG_2Px<)BGAK{JTvkQDi9F;>)7bJj2sSX~|{LOql3ebfWcM%{&jc)lHx3OoQ#D zChnp;c{<8~wT2%&H0*i&&PI$Mo(<`oT>qgaSWlaBG|pH|M~zeCL;TZ|fRfv@00RFL4J#VbmswD{T{nVWG{rb%2yZjX?}gO8YpVg!YDq3-JAu0oLIl5;WcMp*n}YbY#A+_epR#;!%7I!$a6B)JzheyN-ZQ!sI`(+-409TvFj4>Dn;bt&;@+)w zRtNKhg?3Hw%fGFs-RNfr_oWQ`Q=Kj6+<3d2yB?lv^3^){Q1mNhw?+GqM^L+c6WmbE z>gFQM%rj{xx$(oJnjzo98a}rtMs;eq)^)@Z3I@~ABW!)Ms+2*V9+5NbhLik*Vd*&g zY}MglJ02I3&cRrXY+@LWr4SHjII`Hn0fu5LZzy43T9sB*;N#?zS!1IedxX5(rq@ty zI{)Cu)2eqV243yF>C54TD8dqloy{CW& z!0GLmxAv+swN{*sA{#P@KNZ!mlrRZoA^@IzJdnw_%+Kd|K^A?Nr}t zqVooOHn;QOcuo;2wVGjSb2>^6Zk?odgr%RUMvMjx*HVzj| z3jqSyxodVx$-}=|Rp%2@Vu~+rTq(OEve15vjOsRKxurN_UReSVfvG@UA!-S}=19Uj z>r`>zbDRpreHKYuUrYJ+*>Q0VWx9518O$DB^w4UAZcZFvi(~v0Y8Tfr!9?R;;>`H8 zAHh5ns?V10!|`{Lpn9hW=wnCGy#(3ZGsj&o-iN!hQJzt~SFb{^l;4wkbL%$o-o9^| zfaTu@MgE3u`!|KYCTs4ou+M63RYa%nf_+pwuKcfvPVDL{*lv3?9Pgrc#L%T5jf~Ar z%tb%6w1bjGS#l0UI3?8AQkz?LMex+Y6{on|N{=2gOZ!qbRJ$hWUI?#z z)ES?fgzxCeAvU)EZP{^7s3;suT}VElSTgQRGlpq{KG%u{1JNsZd-4gPzMvN!f_Gm& ze_%K2fXOtyUY45DcfKB~wk*5y`%sq1+?+x<{EH!&i6H%#N`3?>SB9K{&|TE zAd>gz$|lC-l)KaIz4J;Dl4b>U-{K!)Mds=BP*I3@O(tAh9}svBtFL@M;sLqjxNzIS z{NT9OvLY#$*pjxDsJ-W~d+Le}NQoyL-LlWJ+$6ECd{i<&qrJ=)Vsku%7@(rlQ#N5` z0JzXK|5v!}LK0ragq==zUVGX3!=iH^5nvPR@kVFAuMo6iQ`_g#CcRW?L-#Ii6M}a= zaK&%2tN7jkM^fkb90T!7nsbzKlEMPLL`a-JrkE^TCGVE4?;TIC-&Rl1VU#lU;pd8( zk2az&6(t(r7lB!ghXz(D4|*9GbzJj^i|ozwjOkj%Z2ju{Qq4BAzSEG6|R zLzh>$jc8W%-pqf%V4*$s>7YbzR_n+8m!JJy;NuIftme3Qx-H~APr@1$<)+3L0Q8k}-ZdSN z!@R_zT(^w^lbyGDi9G`!#eFFFQB!1FY+poNO-9@E z64sfbNnjGUr7b?gxI@DsvzHaB(SWaOQrk)Ptojfyq@X6Pz)1xym#7%!xqrcT0^)*K zQyn$ZmkM?+O-}lf0^wUedKRh*&L-GzK5g7Pz(IUI6+|k-J@IKydX{J0S(Lb{KnJ&% zme<`Lek$m}$`!EQOEj}=ce}XSTuygpBF~~u5N<0y?xfW1o*M$fn5?+9yt%J&XzaJ0 z#mQU;ZfXznhHDf2s#W5>cX^2&N0k8A=}>s8ZCzg?Qs@wbp?YIZ@*$D6|O!1-H~1$~(`HiNZ{}X~U z0SnDSNY!g=G7)Z|G-IFS7O+Hq6Y*`w$u`~ygl`7{JCyXdqDj4?-`$x<$-FbV3&p%s zqdDYa(yRt5+pCP&>5?-t@bImihst7`#?{Q8-Q>m@)i=Z8D%sI0GbJ_k(m}mgF$|u` z;HFo6H)Kd^fV;_*WaU@+nD(m(Iyf`02sKb>ek~Yx=K2qO3>SqBhWfgb9lM1R8ujkw zY*2q~s2CLY?p3$%d;cz%Ll#pt4#Ac zdujd&%=ys&7tHy^(=@8=;d?8?Z{vdOXA=7Fy!=Ggl@io(x05EN0`+MFYND}?JJdWk zq`;=hWT;Lw7)sFa2s55K+L+4DYz$-9q@2R2*E&AH*3IJJjFOU;wpCQXIF5{0v>a;L z*03Pr*F-d-BJN8wJHf?867GsNC|R23qHKTDhQTAkF14=i1_EgHI@Rnax{{&uYIWs@ z3ksJu(;AApv_bG*9U_4jeL1>}cBgCA**l0!_2;ZwE>e5=GBg4J03V;5^a`k1x8sTt z3kjhkxbC6&s)VH;IF}eO(_i;=;9D?F^8C$UmP4Om$>4|>v%OPma~&>t*s5_Y`t5!C zH8{DR6aO>!p}M|bS@-GQbHmJE{8R*EbpZA@fqg%7%L}tC+&i`VyAYZgVc75~Eip94 zHyI#T?Pyt=2u%RfDC1%jYQjq|f`?C#iWb14kMA6P`)Ki8nzwU*ZLsP|xMwc+TK+S4O~d#%u;ZgT40U_-0Z4ebdd7*lpvdw^IQsX3Q&bM&|H1vuS-x3|G5@xO4vSc z4L!gGM8wh~UM{#G2?9cz?pAb!xph~cgkCfFcshTa`Hn+YjUQWAY4mcB-nQJTBO%jA zS-|eO&sTsx!_L*>%T&Zq0FnE|OxIQwUJhKZ=kAFmuU4L~Xhro^(Xfw$0OFH7qo~Qt>Z#7K*V2*ZIXw8H`3vAs46MDm+;bE6<^s*}) zFe4LDViFmu=-wMJKD@T^qnBte#*gjTvwg^-7#+i<#8xyV!R4 zzG)DL93HeK$no&6aifkfBSs`rg6)cZg;dM7tXOxDgiRLqN$xRK0Y4y zy3-w)zC!u@7*3;~pG5nWSe~~bPBfJtn|bD3SH%&R(>);`%gZ+Mp^kxj*B^%2RH8FQ&WWKx|5cml!pAWKx!g0!~cjEZy#`I)u z{o67diTBi6y0xnN5s$VB&P=kOMn3?PqXGekaq42&GashDsFUbObU7`Q{vCGH@*Ph* zfdm)`TZcdL?CcJvpJ5fKDQb19U5K#0fpw_}I9#VE!!lC$Ja|*|AoFv3mZ?J8SeXFY z(4YruTcaFggnV#fc4KR^} zPHFGITwq-NXqT_QK)K>VeLBpFGYf);5mmfU6z1Zm-op^NL)hK4Po9EuJDG!z>%k75F>7qvN7d!MSwSD=rFYAWyKu$$7PXp^!)RA;s zrk!7QQ~9iMq+egozyF^A;M>{ z4_r)GvZk9mIHeC6ikE*6+bLR zybxmFz5h5tUFX2eizl!TZ-TdOV1F1L50qQCuU7kW4!+KOaK4Um*Y8@(n+`0t`sn1CEg-!$+Hrq0zcKqsrqLO69l~k>`daQvf(`3nTjf1PS<^6n0s=7rAyj3SiS+mv1ezzR?tAwd^-OnGR1?;g7K* z7WQ0&dRYirZu_QkDyg?-fmsGF73hSty420tp8gz{5PhIdroUNn+5DPo;5|2kdyDQ; z<@zJ8q-9@+io~2!Wkwo)n-i+`3wAU0^%qrFbz}g-Ar_@VC|+{ebzNUJZhz7-{f^pZ z#_M9kl6h&63DcCl$Yho8MZDLN@&1#9|)`` zLdGcpl*D^^dA3FJRfS(vsq|~SCJ~ZrzI^JNWQ>}!3wQ@A&d?aUe4Jk2e2xKYpP6tb zM;oY?QD?t%HPjy1OQ;VZ#1B33*)J?dTSaG1FTZpQE}R=bC%6y#0}brj3hWUrP9kI| zN;N;pGr*B{MeT1CF43&aTUGf&Z2;v}=mB2Q(0wR*mDx*$flV5g+`?}ulPS_ru4o*( zq=f$CL~^69OGH*sc`^x*NnL_UV6(-KOiVPDmYnUofnSuyaX5W`t`4l2`bFmnB7 zOn_{AP1vl(Vd@>3(+hX&&u&i4oUZq$*lt^=7H%Cygd$G0JJJ0MSq987$(JlPZ9bT# z+EPjeMMSq>nwx!E?#YKS?CR}?u4yJF(d{K^7v4BhFwYInpMVMmmwxcxzA*93&ly+& zUHJE@entCCA!UVEZ(IZm#=Z%>qdOjK+wx9R%Sg+JE|u{-qh#~g}><_k2)nKg5!1k2aamol~eiWhz=w*+*f zTp=seqFi*P$oEkZZPn>(ESqGXbpchCLER4F*0kO9c0c*6w9?%smIbKc;#XSLCUFwo zid0xjU&6M2%cwqZF72ej91E-)>lT|s8hjzFqx9Q3#ModQox zAVhV7B)|DIwzSB_HfX8<9K*yvt+icUqdjZodxVQ~%UV!Y_SDxwXkjP=U+wn2Q3ARl zkxs)mTo(v(q-jaN(vILS?`tRBSF7-DnB|0}+Snw!elhe)e1lw0l70nY< zA@F-jyr`Nw!q)>qmvqhf=RLeG(i(&k7BbnbT|>QKdT&Y5;oM1&+>Oq@g>E()wNcyg zQILJFmp1Dq;uWj@L|u|+p{_UDpE{YFXdV&=p~n1NuQ(`~*flaILpa5cScLadai#5A z+$gX@@}rz}trWY1m4=HNN`D8Yb*~6PfK#z-KmaOdQKQefT46M$SJF+bW&rKE1V&dgL+qRTKzzqW_R`(C}WSN zsZPmPw@~4;GpRm@S1iExjeAAa5Klp1c8R5sg9BVC68lc$#eG#7z{HF}5-tH=9N zGq)dy27d$&l#`Gb^!R?D#TkiMbd?wn%;{m0ZPET&$@ z41QYcO*KP8Uhj)5kng`xu@Lc4R9WJ5Vv~2?T`YBa_U#~&_&!L`hfUT$JAKH2#tX`x zmNMb(c&wkZVb=3dwM6tl>A#C%Z|^ z(;}-S8Isy&fxzgJTq(*bvHXkg(68u7l9Yc$ycUOfOK=4gUAGQ5;oPw8s!z_6WmVF? z&bKAoEZjQ8btV9KiUzSd3lG;!H737aL&fy>;bUbG;Y0%f&g-{ zJsF(r>7fGRg{Ffi#HL4%Qob02(y^le6Dqc{pXcxu$RS|VYrJ?V1(boA`B}N`D?zTz z0Uhs7BLED7Yn!D}Q~&*giv%l~D50hv&$fn!OuasbB)W?Gm)|R z3zzA4hQ%6H8J9`S=Bv|=KaV}y_9e?jl}nxKLur0C>W((iGpcC=0z@m+_MRIDE>?3= zVtU0wbMVZ)ERi@LZiGOT<$-16eePx|3r5#BWveg9Rp5s+t{)?GYgAM(G-saqpY()D8LkK75)NmpW{x za_ZCs@+2CqEHc63{wO=>V?kFc%eN-&uipS%-|Z*y3Xb!I9Vrm*K(CBhXD%1;0TT10 zWvF!*Q)O(1S-wW;$RoJb8E8-9YW(80xB<`f@Ex-A$qs1@3&5i3fl^jd)ponj-+A2l z*f1>TUUBA)TK8$Wh1;JnHT%!jXwqxG{R3=@B`tSp?!nz(&m;QAMTaFB*P06J76LZz z_Nkpq%lesfKYj@CA-Ib)GSTF+U4&(HGt;4smK1PBD)oMn8}SNd?L$(;0$R@jXq(@nJ0(x)b zYQ$>dddsg;-^2>G)g~D>?AC@86;$BIBCSL|E}?Ak&cqeP@2-HV+J0EgzaSnv>D}Us z2Rp=1xl$(u6Mru!jPrIh^zf76z+LcVP{YZIa#ne)6Si5R3#)5F$%50F@Cr7+yzua1 z^L#{c$Ekz(JueFi-ULTQ-Qmsan1%D8KQmeOx=2ZV_;WmuMxI+z6c|DmuP$&?^$`ul zo$iSLrx?x(s93+obWAr){K`1hF!|koVlyKnh+4AIBG+UBc_{OWx2EnF?0ct%6ralp zd)nO{q-2Ajktj64nN0mo+LIN^CkN>N$b1Hy4={7eOsYsskG@ZWDagv?Rbx`)+gX64RU zfSi}8lW3TlU>!Nn0Lz>0#jgocn+55mC4tmB2AftulSl@DZ=qz2>wGyb!;CuWK;7t@ z9g*09{mk33CS@MR3o@MYz{)O8q67`dMntm6^Ri6-qwLLMBbUR@Iaz;U@(~HrFfU+F z$dspgMgSR|^EPH9x%zW=%r*M%8r8p}>+1@6n=Bz3C@gcwsG{`+Jd#YWGhnW?xUsyM z>RGhmOa4)A^7U_kYWhI08AX&<7QqMMnmK*=!C^2tR)N#+CIA!pA<*dbFd2hyu>|(jJI7whKN7ALsS#C^tlnUPBOB37Wzb3?YzjLozj$RB)N}GD!YZmm!vNf^|$;641R8;vM z_gu7-3pN?`kv`(;uE1YDU*wuQX9K!U+HLu1Ej^17A|wVlMTUF*dQcwNZVihP1D@yM z0B!z$6j8eyhR^3TsPg{$;fLT=xwx*)(RuC3jK1}E&dqJ~iUSGzetogXo69|Wh<_Dw z67|g2evP$%oj($A3(=)UT3>BgBfO|C-}+6%OZ}BnMIb6zU;pyAZIAzFp1=S8w>d<; zl-HA#$;<7vI2e1jojc_cqC7$92&#q1R1t4@pQA_;;zF_Gn~{AJc%C3OWDV{UCPJB( za8IKPs2CH#DzC@h)XiA;S!%~$)UN(i-7Sk@UV6=9Z(Jvdv z9}o5A2lOkwTf{rk>H*^IBkG@w8-ZS1uj&GR18qIN?V z%byMY^v#=nvl6!3l%|b-_c`e^~K(3jgn7rSHD{16Jy*-l!@r&2|-oNd;C4$Oq^c?j;9@hbMy& z54<#CAdGb7h1F=2nj!5g(e=eR&_L$3-f)TjxFGR5Cp!36+x#I98?}Zdzu+ke21i4= z+<#$<)T?PW!B;JvG+sWo>7U3Vx7v$Gu3~8$Hf~5^0?_&?vqa;by(g#d=}}SX-4-t} zd`<>C6ny0SBf~2+0ioXzk@_M~>=sn9JvY3iKA#4ih%snLKtMhsb;lK>Qd-#TD1gxw z0a|;Oct#;AOVXLk-&U&9-;w(@sO@kq&xW-FX4}b=3Q+&$S2?;(StC~xR!Lwwu5c+A z$3Y70w2E|j=84$GL^zZ{BTG=F2<^DzLlaV8_pgVFWDDB!KnwJil$8dn4#ZI?XrDpG#u%9lPD2jn1`K;DBl-M|bqiqUmH%J@?WX{VMH!e9Zk$Eg+Y9$HtD&X>PLJjY0Su`x z7kSPR-~tmx57VsAyeA$z)lfau5RC~{f&DOw-a@VB^s?FgbI^nWZWxuvi=yk!p8i$# zQGrSVTK-b?P3J6;|9)POR|UFD7$lGmJv$a+)_}V8Hgmu+K>g&~@f?yEN~b%F@kFMIM{4qwD&9JwB501}Acvig;a? zpx$`MzP>7AHue3z`pDKsx00ED-nx2t-}d#9;~b&W`){~RH(O#B;pb;?RMd0S)-Mak z9)jS*{^_{F-zaQMiX2owFAbSno#aoPB#T8nS;`J05k) z6&pl`@2t!9%I&>ore8|9YvUDc@Lta~rolkUcXVsCYfV8(TUFY!Q?y2d2z_|b70_A? zs`L7-+`)_WESzvGy=*G!Wv8t+oJCj}oGO5NsBq`2U-eE&NWEi&PSOWT{%aaGu&rXe zmI0@uzQ`}(fSnV?mNytQEIYU993&aL@k}RO@*Thlc77r*qntdO0IBPcFl|Zt|LrKO zr`Z|`8~^txtZu?TM`8Uk3AqL(ogg}KQG*^CR7O%k;-W8|3~(EvSC%Cp8%2Q}Yhl-S6d23E*A-;-wKGs>%Lq@ zxRmPLZo&#&zWQYnP;`TvK*72(-{RE+gjG4f9*_yaj$|dG@fCQg!(~D8*2f-a4>y%W zLd5v0izrn9JNHeQK!EJW?=M&;-x4iald|!x3T>%sXZV$gX!O#}al{1y^0Rg452^;? zpPu1+_A7&pg%hGS*^b@fNMcG;cA`b2kr!WepmDiZ99xR*^5Ss83!{^Afmu+n~bA+VFyD zk4`fFi3l|6vI&XXif(Cv-?BC>Yn`XPbb0y23V%#iY#bISR6FT<#W}a5}YQkFd;Qnr~Dx%0u3Y_gwDHS~c=q5HpjnM9O!6&5zMy~H4QfA<#NkyG? zYH}T?gu+X!vXYhW35lAMlWKhd^5pS6zpqHP_9dAB^sqy=AC48$FwZ zdAEY#OZvz(q&fu;?Op%?;q{-lP)p-g7LQBOHGBXTz}xGU_M}OdX?Q6qENCgw@Y8AD zBX=LZzeN`I(!pR;LeCJCmiit#)=t1~mwIlcJb3f_cKb~54VyI&R7ZV=RXDX5IdG(0 zX^TS0)ip}cM&9}G$ouHd5Olj6XkQ#pFJzlLsP*E7o<-2N8BE_YwrC+p$srX2@fPrq z3^WCG;C|egp@I1z?h=cc~|y~az(7$u3F(ewdCql z-bvUFWKB5puvLF<-xw8pC7by4-03DY_`}^3s7L_)8GF{Z;y8rfE@;*xpCQ{vf0`@h zlT;Xg(U=PsSl39PZ&)Ig{Gfqzz3gjM;2vwAJn>=G8b5pQ%$1H;k{1EA^VI< z>YR06ym&oJ9O@(tf_i=gIu7=(WdO##&hZMpthoh|vAvovc7(6o0MkV(Tyh^`C7fOuW2`bbJ;4_MaWNVB@C=mVnDgJ!BhmPu_?9TF*7qvcjR^Tj*Q0e?!*)5T(lYFkho8Pz zsJJsH4W=gCTD%o!BMMXla5=V?AA;5U%thSPcS)rp8D8Kk*HWCWJKlRF@l}CGQ zj^h!WZVvJbv}DW)W5vx}88S5`>o9Ni>Js$GB_JVo2sUz4aU_co7vFD96B!Ml`BafC(t`7^KCPC2;RG8Mzk?iTRYZg=AM^> zKfmog${(K5f1gs_%p#gILDE=M&9Z%lI-zY1hRwS$$C99{0WqsMRP?WpX$$fHcp3sO zuGwah&lwq03kyZQ9j1UhBl;F?j%tT1><3`Sf6!%?&nEb!x|kIu8=_?K@mB;{i7BH# zTCYpZ#d}T;ofj~o#X)B%1%!sM)PKJ6DH#T+9H1P2<%m?VW2rD#&zf*w_r3QnQ^Y8=AP+?pLWsQ&e6Yf ziz;X=K}{K0lPlTZA(k%tVB$<%-wv zue0WeaVE?${~MtibA9N)NvQ5L+i?u8YWb1fGkA~uz5DcN8ihAf2HNUT_VNOnE>LyG zAab1BQu*a&RPId(w>eE5jZf4!6~LsZBr4oLrb1y!6?5@(eHYB~jtl3pMyTG1)ZaYk zq{>8&Dz}|_!ICaffz!d6_18yP_B+0j%{kL?{{UEz5ow(Iai{mbTB_GhJR-u0w$Ir# z?Y&_DhaK$s3Mtooib`cf1xGGliU!ds51VK(Bet=LQ@zsr53lH6gy5v-Qc4& zLhU?>ys}>xwBLn2=ayHi(yM;3%iO>7ghZg_qCLgMD}3)UhRhegcm>Ne6U%g>3#1G> z1cc0EBEOCe-k~g7zW?L8`!EHFcs58U{kgSZQpVtZ473=>@>%`0p<#ezzrb`YYUez_ zNeJVNkhcjA;9@g!Kv+!>Q3yHE@Fh<4`^phni?4&o3;36 zaP+rybfmy&jb$(*{zC1Rhd#)FTGUsBoXA|J<1$-z9q!c#^oP4+4s%cXx7ovi1MupA z#$AZ*M=!Cca_dm8TTsPs-Y#mZ;m%&@Ww)NU;ov%cuE)C&(t1hKb1(8A)KEVfdwX60 z+nNM(UP!#^#4TB+rP`}x;;Qws&`3{7(N*t#uYTgSg)SkW%TO%NS0(7UM;msF)oKsj zJADYQvO*4r?a%xLAI5?%Cox?^B0E<3DZ^y}yBbAgG0uOz$hc&Dp^N%@Lu)a>A{|8z zSgj$zUQH^!?=4C`*t=7LIFZY-C90)CjZ-Uqu5>YDQKApxErqM4izJTI#W8!1gVhzD zqGU+HW<6}lUbt84|1K3`XY~6{oo{b%N9xvYi?6ERm z_PlHmQH#}qj`0`>{HFMQazgxuWqT4Dju-fZzjXN79c9D3uYJ zjyoJn2F?USe zW@Xw}+Uu)0gVILzzK8Nq++9?9tQIbf%9ldzu5rYd-bcTGkv^256s=!`8`u2?Gj?sOMkLFqW z>x$>>yatzuN%kgwxV8|;P2RGx!4;@N9x8u@2lTmc6%YZ)$qfyEc8YuGOqk)ZOjHp9 zJ#2<+m)j!9Lq}d-f8JeXLL&q*?CwRsxk5b5tbvIcuGM>9Q8!?=oYT*Asy!)Gqr)$d(NSW%m+Nw85&I4?lV(^#mu z2;0EehT~4gc|ZBQjU3;q?}Z~i?-eOD#(aa0hgl7oc_?tSB?o$E_ z7VdGE#^4OW1=>Jqx`US{F_R9(N5#|0Ifd1HgEmlYhkbZtzEFiu5h`nIq$$n1 z`~C(E$!Anxr#X3V*tTLBl4ejN`|3ZRoeHN_V_TxhV_?J|(VuhayT4JB+zm$HM%D`f zdtj&{Tw$WdNU*m3oaMsn!ujRgO(tAn^-CAfgsGF7Ul^E;8d%KnygN3Hgs-|)Zac&U z(^C-oTBUkZ^-x*wWJkg|AsNhXTPYeRb$hj28}Ik>@(t>aFJFx3n20ko>V|F!nc21Q zPU##x9;Q71{p$x9b^vlI;A7v-AO7$2v7tLTG#S{4mF{T9h~#Pj@(CP#Itq-j9Vuql z^g)}kj~Qa}Z36YKlRU5z{&RilN4~w9@RGn(mBR`(SM+J_hmqP31|&$*J1i+nc!eZ$ zXtp|p`vlTPNPoW-Nde{yQ7)7T89@kzCfSNG)3*@%z z<-Ylkv9Wg)Ham!`5)NWa8&t(rxJH`l9_->do)3E{^8U{Z=a{7O;UrjE($CpTL_{9I zPdy!6QV6p*!K!9F*2x2k1rBGAz11Sh4Z&%PhTvqd?L-M^=FNQEFv{|X zp>`3Jh!MywwL`@!Ha(& zat7+UAjUmGf8gv5h-L7#frNF}v#E)qNz=g^m03XMItnL9N!YpCo@V4R?55A8am-nk z7)>HN_=C1^H5g7bDNe~JdCF@Jp$pR1@}W!0fWE-q1--#b=(;3%htbKFF{i?n*Cu8Y z=j)!?Ju|0tu6T?eW|<^SS-5BCjq*<%cF_VZ7HSCH{=KPRnNyQ*F2krC?@#|=D(ntE zTm(Vq{)I9|%U9AM1_ldZw9?f|&5^IA-_TL6qoX59CkCp~6u(T%s21Ch(wk$#bA|lX zT*?h5>_!d6Et;fHOxZ?aVtrAK#V_B!i|NP);!a*cE-}LGZ&p)vYUkdX+AX4_1Qk)? z*i+TxopNiFKQNJ~JP*-L@+CrQ8U>9BZMDmH@<-Bf~L^;G`mlK5OR*-@!|&ZdMq%tG?hn+lOi6uU1=2kN1XUWl1Ys$ZDOu8 zi}OP*9Vt|E$S~p2uRpTGHzyXAd*n@Z8pkcC-X@G$;U#_TNyrH=waT!IY9|-A5q~$x zaz9t^Rueg++;vIJ1V%@&@>B2?RQAsaVy0Rws&7;YIxnwK`3^>(kX6 zrv3?0yK(2hUx?ZezDxh-VpI0W>xYEcts(zjxULdW#t^$|kM)G$;(}}(_i?bswE}IN zv0`EZ$H>x!?=(Mi&aBc0#Ouv@v92!UMb$7Sl|B0N0ls|rvv>W1%KIj=cjmP(zb~}E zI-rC#cKx)6gyK`Aoy45)L_?oRVIx*>{(R2SuQUd51p*8iYxWpVHtDwq{bQh9BF3W% zK5nhBgtRIE=1@?7(c#^{Lg!B02r;1g%6{f%eHKCo zVLJ*TG|y$e0AtwhD#2bBHi$WixU^I+=Hfj*dw-mT*mt9e(9z5Xl(f*9(ffaLmu?%! z+&#DaNCy0KPv{RMAQ?JrYP6^^zzyAmk&KY1lKJT6HL!4h+D;vg6k;?Zaqh-0&Z)TM z)Kr{=(Qqx3?k1||18@u^%}rIF4qnpDGF1+sgxHObY|GBMr*2DEunTEQ=;^@?xwe%t_^`65=WkXNFg^p<0 z4%>IZo8PG$!W4ISd!i9pFs7qj4#%3lf58;jxAGJj zl?6}=f!{?SYa#8cBf`IAJQFqImP=k`6=%qaDlQZN)c3Cz;=5Y$9k%D`gAMFm7h%L5 zlp!ytVZ$H48u#gxMlgwI*~%FyPyLr|^V!NpMmO7hbKXCED=w8#?}TeW|(n z|B1e|I>CAkn~k>lPWXeF&3Xw%X72vhe3XJ;b7FK%=GDAi_pF3MYMa!z;@-C-%#L7V zf66p%&{Op4$1hJvc8)VGl=(nlkzr&J-<^ee%Q|Q1UP&cJMCxS#OfPqL;Gw&|#!ct0KYem=cN(ND|wKeY9g z@rAyv5$##*t0GCsx6mD-*+J$R+m zoxjJ94?Jz94S_C4DjfLYd9&G>nEp;;`swoDNlZn;zTAOn5_$~>jh@GM5A2l|t2e7_ z++}&4&TwIN0XmXK{jV)%=VG%~!T@?oS6eQ0@!F@R6VV`CRa;Z@4N}djH zlH;Q#j`rrjLV6yh2+`&F<<=a^_`2B&hoaaINY%ed2H1qp=NUjHiYVzlBlMaisClPA zMMJf2fIbhViu6o7>f{#+69?K#>BMjKX&%f-v#gadEK*MsZ))yJD-jUbDRIDP70mk+ z1s2%lu-f7tqhRcDQvaR|W~$*l%i+@hS&=C9--$$}tEq%Na4|9{YA7cg|&R=zAXwI2TLct@{3`2`i;j0wkD?lEIBZ zEHA3wE8?b(!x96tW6AYG(WNUJSC>Bcn;aN0Xt0ZcxCFfA_;R27sW8L{Z?CtKSvE;1 z%|Q{4THdn$2*EB;i2Zhu+U7L(uQ^CfwALJ?b!VT2wsG(rIQ33j8ICie4kT3OC}?IF z{`N>#tVz46<731^YdDYUPVp^NPbnx(&`FsvUH%|8^OG$U@{HeFA`9)ROCW1fD0DKo zAkqnARQ3hFqJLNLH4rnQ1Os@Z%B;q25OjHwRH{^PHITT1y93QvSxNXyMVdxuq@j>P|Z zz&x6o3^_k>wx{0!K!eH0PRjg)w!rfuxMF^ZlJ%2W(2YXFawI=DVM&nC%SO#wq|QD~MpRD+FJfEI{2op2VROl- zG27-C%C85r=>BV>^&ha$;|VM0{7xZgwcsz>Q2(%n-NuZ6dxU@1nM$JZ+}rfsipw=0 z*-r})b|gJ{3*WdOeV&c-_tV#zL9Ggp_-`No)^PcM^l<(|KmcTE)J!u2^g~CogRlix ze@>jIWs`c`=xWTfZpW3Wxs0=n)bD79|6B9t`@WN$;)jkzQU4_J{I3n$yi_+zWBm2# z5kI;CSxe!gFUtQPEvFEBzrp|OYe54Q@K>9&U&pIudG3{Ph^9DmXgC@{Ea}5cTPS%lKZf z9VF1NkFWH!4IQD%?-PpcS?YVZeYVGCvH&kC6L#tXLDR-(Id6W}(5PAMPi|M{-|k$? zhJv983=B6n;0a-a?Qntl)3qNZWMky~C#E+jK{h%iE{=_m1^)o_t1V~kH#@Hv^+`td&py8Q zU2qgcALrNQ%*8POCRK$JyDdM^FRaX!VGo$+murIc7Ja;2pFRAyFZ%Vlf5R2)Pqm_9 z(fWlk(61DFB71QCG|EwKALiM#ATr^EWoy@lcQlWF z^U@%F4eIYH^|hA*W(mapcqGWXInjZ!7lB|vqL zs>dv=W$t`})Rqh|SoP5HglLdp3Vj+T0MwfVdjXb1dr$V&!Snc}uKVJrfD1cm1p zc@>EUv>(GSSi)2Cn&O3vht1O7y&90S?A2tKQrA{bfqveil45ps*X8NsiAlz{D&`PB zm>?55PVUUJ*sigWhImU^`IyrS5?LF!Bold-)8d}?7cyAu;ct(fc=Ky=%dNS+J~(=q z-mY|Wq|^v3-B}R^!ANBe;p;{khiy76Dv1FlI+Zs3}qJe#}uRf0J3^_a9Q~v79 zXf)K|O})@~xWKBcG>GpVHyu@j=OBx3K?5{l zPKoVF2^HI!dAsZKm}SO5)agc2xL?E0zF&@g)<6^)dI6PJcB4SF6xr;3Ju*({TPuJQ zA&kW~s`yfh(N0bQ;G;U3cwLDeB08g8@vy zHs`?kfYzuio@NWu?Mw|DvlIcb%f{+{?wvyR%p&=7j9 zTw`4P{0jHapXZQ`I^|_ORr5al=e&2OM-#E7t=m@WV{qEt^86$_27c8qbaeK#w4$Nt zu*$Tme}CA)LkZ7bfD0BgDuJc@B~pgMITLvN9SRJ(IPoEi3tS%mL>IaOdk@N@^|^H^ z)R+G}lE4LG7wE(Cpc-z$&Zddr>tg-uGeWUybKf+7-vWPqj*5zH|9@zC{o@V2_MQJX zSLy%%+x&X|US9gg9nAkXo}1Pyy(5zn20Xu3?(kO@Ug+Lxt4ToZT?25W#Qe`x2q=jheAInz5L4w!^9xc-1<1zGYUZwJ$ zB=OlC{`LCo!eabl_N&cm#LI;>=k~pbQ{aeKNQ_fRY&|)sXCPan(wBNvhv<{&RVFMI zsJNPEH*{j{!r1(+)W|V_==Mrhs$0JK#r*a>uJ40ivE-QBM{M~R+2q0Z1i^B&W@*xR zLLYbeyQhRA@bNZEPu-RmOjefWBZRD87o2zv#m|MW+uf7kYiyJf14qPLVy4l}6IM6S zizz~Ivp~fB8PB99Ka5?ekCo6_ULfS1mz{7@SlEF_b03VM{sRP@L z&GF;hHw_Hp&zg0_0R<-?W%jwjP(1)aNVpC>jft?o^5TtMG|O7kggk7%P+|U57=wqr@doeChiKEW7{6>U`7coA>W8imiOnN7R2^8_y~|3JfZEhnbv%dWyIP$)~Q zE~Yc8B{w>)tp&!D6nHZoUR|0jOu`7__C-~Rw1^crPH@=aSIcU4p0O+K-g3QlRi~|C z(T6bt9pv5TYjqH?Lnaa+g522^ryv|V*^Qp_ck>CPnA>jECGX$PZDn2gB<$LFitVNu zL_ilBSC{0pT*+-?O>aDX4~nHg?ADIdq2yMklUyQSmltIR>-K_Q;4ZWIzV*wovCFJB zc9#J>SQx~*#V?k+$1WJoDnW>4|A7Nw0!x$TDYzW&+PJbi%5(ccWoc=z(uEZ5jdQI2 zY|9@cmL9sTE{5hf%^0fm5nf&LZ0pz$5+_gFzIPWSIlsC(eS7NaZD(iK%#?e$L8iB4 zu}HnhJ{^zMu`se3Go~k#7sgVttsVPsk{EM_#&G?gIAU9ion~y?4ML>?;pf{e{jiEp zNT}&8D=TpF^cuc5*Ksz&(rl$-x7D2j=l>$_yQ7-SzILtS=vc;rj7m`fQ4kPm(nJRV={58+ ziu5KW^kQcO0qGs2LjsAE(2Giw8d`{S=@6RKNGQ4cb)4V5-}n7}*Sc$6)*1(eB=39P zbIyMDv!7?5&fWc6LKf{zkgxp7Ci|wthdPuMA~nmjnn2sy6tdrT&oJ@K;ia5%`t{`G z^fb5Inq{IGS^;0PTi)>ITpFBqZQUBfuV3w5M!8UZbEIo@*SX1$veLpwesTCTQY#M= zd^qu|k;mlKbqcA4umE5!B3wWTb_q?SGl0=8sHF=%_;kR?cXN_PF@xbub0Dztyh@uP!aG-9HkWf(R%A*YG^6*Urq7QweSCr%?X zPcuuIlpqQR6O_K#`msD7%tg88s1S;+p`#XE_-5L|wa>kG2D(G@^2E?%=_>LYBb@v5 zC{uHGXP>WXSyXT`5_i~l>9lpxZh8$Sk$QoT9j0*kRGeWVxM-l`k9G))q@ejcValAD zcW@Kwx3&k&hO6tHO?R-FYYr6_?p*FB9pzH)l!@2HUaxvb^70f`j2@nKZvS+eD_~=ka-27Ta;>ECQZ(KMyIp@CQo6@?Ihc)4>(lf0EYc;Sh^b&n( z0;@cG+SRMJ*0hN%l5nhRQO3i-jfDXVya6pRgO*HR;lnLFecU|ktqI@KQxj1r1qFpJ zWs#wt*{n^t#ygx5J<^=|`zYizEbr2gH0S=k>kC(W1bE~*4feqpqz`hWm(=d^v7H46KV+&QeJi14v_m7) zr6Q}ItOz22XhrDMu=s}giF&Dx9Go{ng)64POS+1c(>S%*kL7~EJsTVRmm+8cj{1(rd z6n})sumTDMf?lr)ou;!RC;yuL=i!|FMONX+Nu`hvAej!Z60oHp9b*9Cqo5(J2^ul50GQo;U;@Ilf6^n#S6n#2Js>ez5A(Bf7xRKdCTw9)ioYE zRG2m%-;sOmRsIb68thEPj#xGZGb2$O%Jaj%TXt;;9$DDyS>ST9nxH3FiHG1vhv~O= zRUWC{h=N#5yCjgNDi?g@utH`^0L1x7ZL1d=yfsRPA%4Z-J3lgy&yvGLX0 z6z=-Ex~sgrDsZY)haz9qBhAc8PmQ?6q4K$ShnoC8*52u78NRV0OFfL4T*AWI$gjP< zB+Vhe0DUoN>vIH$k=v3h-)gm&oT`)bHxxmKDoC$cWnf@1J1XF@R7Iu0K7+Eg&8^*9 z30J+X?(JO(aRKkTFmR#!5S*f&2ZwS93(G>UNbP&~UW|>83)%I%#7`>P9NONwaP?vR zk^08QId~y|^N2X;;J%NCoJw|V3gh6|2(5qp;D31;>RfsZtKSo0a9V%t}af^#AWebZ6s7cXAi5A%HWitF}m;~M&g z7eRD{!)p8aco6OP3m34gjC|Tu`yspL2yF|6t@gve{@RfnTUg{gtzsH$H*gsZw-y&D z#tuVb)0>AfHcmP(X!(xUNNj*9O+NgJ)z$`cLm5hch)?y-ohRnRB)gvanHkHrL~$Jz z6_u$}RDZB;F&(CG^zEH_O&K}43kzQbRKq6@1E{!kWOXHApZvjtPFxWy&Q1)y*-^vu zz4tdoW$tojjlI+CeEY7fS8mLB2dIXlErD2+tP<{CYJW(eUq@fz^u*j8meIspT``(hC`>Q6 zErwtE#O-hIBqSvnE}Tx=562k~3@Dm529uoq{Mro%zkYT)ot&7hW8$Nnr%%xK^{swr zYKq?e!tYU9!7aq0m(R}+PTMec4tDmdVq*Go$C-tz!hN7b-UIO6{mzCB%| zU?@mk7|dw26!q$qzqva_V9(8A&m3d&a=Ziih1n z$g<;(s>E_SqB@jg_0dA4;OB*HvtcvkhL4+_J%`b$sc!SquWPKI{Ty1$b@i&6u`v#e zrP(mK62+{He0h5beyF9g?=P zxPM;_t|L>)qq>g9+mo%H)|26E!7S=@&&nzXV^mR$;2>Bv@(j70z1Lgx_QmGs=Zkr) zq*How@&I@M5p}Nrz2kF0xmPSKEQB0}Kj{|xR9u)C8@mishhS|axcJzAV*yoSZv=7N zhPrq)EtfsRES-Df!(Mn+_rnSb3eLa-|MEqbBU!mOT|RtmdzFZVj|BTLs&#h<0<2o0 zdE44b3qIn$ccE^HePUO4H=wnwj>YNy1w-X-nhW{_m$AAgjr|E`g#95>%P|{`b@#*K z1nq5mYJ(HSn!39+7Z(?g*!LQ89e;E1z%N{ql1A#8#JsTw3cb14j1u@CG zEB&={Sq+AHmW;0{cUeqjlMB8IBS5er_f}Dd490Fj4d`p7tfYNsN1vCivGT5K){2u; zWO8EOvu$trm(7JVzs@xYc@1ON;uSbBBsvtA5Z>5|#k;T^)5pH@QeK@nl`v$}Tsz`> z5mQjLJY_%|`Sj9rofLM02XD^XY#p7{0bH|}9oF@rDbjw)364zV)l!6`@C@87HO#EIxwhNzjI zQ{30tnI=c@BynL0qBw_|YMKGD202A)E0FrMqN3u}F;?S;eqv5LVpd)3%AWRN6f)i< zqV?=)Hcn1XL^ad7y%hp{xbv~+JUhw2loBagF+T?Z=`da1Ye zs*bTlcI6*39_yKxr<2o~y;S9h<14*C5|^tFrOe&^A%G~>9sbR3%wLATc6;7-(#(RJ zuaNTam03NBi~EYsW%Y%MrQIxxBoBQ=Q(0J8h^tr>+i|8zt*=*l$bOh?uUPE)@N_?V zs`Z@Y=0te8)wjQnofo_hdmb{YXlsk6C5j$$Q5VEqvh7(s3MC{Y&Jesx;CRU#IM5)+ zE%`PDlA)wTL3w;NEiNoPoI`%DH%~`bHzu?C25H+h!*lF4=Nd`J48fYzWmhtU z;ZTh3Ut1H{rSGajERZGYK6voJb7EA^1@gp$zx={wdp}0K7nT91YC;DX_i^w^R?tBJ zm~3sJNJx1$Izm=mS}ZIq0fB+tfL6|&J(~&X>I@X1gnJ(>jLNZeo(N>*mXb2j)9dr3 zKc@;ktoyYsUW90dSd{wJytQ|>s5;5FtJb$(9dmMZ)g~rMGW4@)0W^KDUu>Hb6fbOj zhraj7Z@(e;P~^5`Ou`u%0Kh8H8+rK{jYer}Mr#J)S3@uf(nb#XrluxXf@DF@ zHB0EYII|(X_!dsN_Z@kE7mjxARepZxLNY1rqUF-zu@T=bWnkCe`uqFiDt0|h%Q>v9 zN2+~X!xNaS4gpAr2n|i4LEImz2=VszcCnl5g+Qy}>kAUpGVQQ4U8ygCY2+YKNe33q{!c1(?%+-_}d?&@tbXbrR+uJk}eNTKh~S4rt3Gw*w- z9I~fkwUvG7J5*!{J*l&4qRvyuIo>dB$nQsMnJ@wy)z0A6xDE@S$EaKjo)gmaOwf1x zdH;8>Cf82&G7k^94nbAzg?>Urgo`Y7*b9$@=5I2iQHj{05d(7o4I=xGqu66@WHFx(< zPEAn)`D!}gNn?Q=h+CU4>_1Itv~CHAU{JkT@iykJ9vP3-#v=_+DZP1Ed&zQn?Gx5h zlatW7Y+XT7u~08L4R*M6zsjBBazMM)xyQe zX@G2}NTcKUUrzM;v;JrmN2nS7h0WI@FBRZUgzFAvY%EouU}H1&Cbs^>48!{0D0PN1 zUmw_IdN3$%utXapciR#sQL%O)P#4HxN!y;(SF ze>S(;C(skc&Bvmp{pM4s=V=0G^XMw^WN@X0ukYQm>HI8zi?X?VooR%-{%ZZ`w7~VN zw37E~&BQj;-Hpwd2fpp_hx+#WtL8DuMp}z&%{3RzEjfX)cVvO7Bvj_+Z62ecV!cif!u&t7+sKZ$dQuJI%);CGmEP0}G7r>t$ zf(@gPL$4CN(|M28wgy*T{i6F2uOb2i1HEmM{0ap5_*5aW5h@n4rrL94v14U}&abR( zboCX=LnuOpUr`qH8+W`IG^5x3_k>p7@l;Ti1<3Wm;+w5gNK0e4W zDOt%;v5eQcS0-D~^8ly4yyjkAuz$ryqmD;lRu0q*vczD?Q_b+!4+ZOy1vVp3r zs|SRH=xAw0AhAqdBe9%u*fdP$?%k)o;DbM)Vrpti*ezLy`v`Z)(=T7x7~s-UyYWSa(1ESS0v(9jGb|$@lAicgg z)L5Af=`O)>TozuI4b3Ny96w$x@1zgV)8k~*N7t`CIo-e`-AsyFfK8FIwPmw33}Waj z@~}VKKF6QsOcL^@)2v#Dc(Nd#c7XuMs;oOE-j73dfMK_Loi^#i^R}N>ayV zES0vqwGa}^+m(68czYMTQlNoszjeJBu2!zfBL?Kx0Nfl z?R%K(w~j%H`Ou1n#*uT>R*xJx5)mJdPZ-=z^;=zmpq0Iyz%*%LHs>dP!e*twsJW$G z`#X*;uE-^8rJ!)#v?n?4+xT$=;_N(rqk`Y=t)wXE=)T2&KN!-I=PE5!LA4=0=G%N1 zrg==~;K=6d!MTInz8}ZAu74I`%yHqX`u@zmVqF`~ZQ1mHa~+bPObD%(AD-;WE{*m! z>lc?}=YN38)2B{HBqi~}fDHMN{{YE>5v*4IojFQiaHElB>pMXyUgO-IEz=1K1v3|T z+T0%S5@4qH1L6iUFZhl`hZh!BZ!P-umpY~){Z`iu7Zw-oHH$0f$h=17*(!-*7`<*C zhsxzwj^0ULi=t%}6)m+xM%4swyWVR#3J?7=jB3P0MXd}bgsZ5@RNH2qh%`W!u)Qfl zHfPlm#S`Zsq%{dltjpSrI=mVS_z~s1Bj&K{JszWL48(DXp1+Z%exyhu);M}Z&62vsPhgav|!I#3z zp9T#TTi<8P2`RSTkm5E7%zgMuF?F{`K(_UTs^0=lzQ@QA4uIK zAZTD@0;kSPdKM+v^nkWLTqQ{&2cjT{vDD65_^DHh_7Q9?lM~Yz*mD2{bXj$GxJB9l zYlfK1)<5i=K=>*o*ZS=@O|@ECCnqNj;9mfBq|~{-;yXevwlfG?2h7JMu(}=oY;*G< z*Y#WUy0NXL8oZezw0jWILCC8ChpIdX-Zt}J@?~RxBLGXc5YorT$jFGE?`U$56NK1q zL)NYoVON9$f$d92f7$&0{SVcU#lf=GXUQtZ4j=BEPWHn&Qr~F8fTC$V@;e(_4h@=5 z%q`m4`?eFqqA<^%t)5G1uUBC77IoTmC)AhC*ys8*joPWOr!EYms}~y>PvlsS z-cQV@CJNY0DakAh^Qfw-9y|V9cje}4k!5Gh+U9yr2Q{M z#D}MSUKn6tWVGPDBI>lG&txI5qS9Mnrl`o2%pt|wnets))*}$}H*=KhPF#FEw#tjz zA5rytuyIW@SFlAe6|ljz<$LNH@mbM2ktQ`PqAt2XJ%G+${3$xH+Gh(`pVU!VaWut} z{Q*K*`mR$D)RD{IV8?FykgQMj8CID`VD?C&Re~K&(AIDFp|e$n)~zFq+fe#6Qc*%4nX$~(s8AK5=Y-|MN=iy74Ai6vh%nO2%N)hdV}++d z8T@CrzCtuiD2ppfYJlz5KOSP8fojeQl}bLXDv{E`BBMHF^agFy%f-ef9TYFv3(N-w z_$(yYgg((w=hngX#HO<&Oah=mh&x^Iw>-nLE(mBPL%#7)eohgv2oszwn|A5``jNI4 zt_mVDGhQzFm5q&p%?c>3!Dg!S;K9?CRpO!8_9StGu`f#AuBlVrYoTo`jGvmCLG!Q zb03~QUs+qzYE(&llYUJuETP%@5Wo%w$kA6;oEVsxa)H-TK_+jRY4q-w3OO7OXFY(+ z+rIFfTU1o9!c8t##{>hsncbJ~6#!l)XGc@S&_ut*W{fHlqINe*YG(69Ml@`d-gx`? z2rVW#mapQ(+hn-s5#k^4B7&)r(MA$vsQ*XhafDxHR%dQ^6A=-KPqF&b>qRq}Tw-aN zzP)NvFiARBs2neXB&O%Z&2xRXm*qgB1(W_b>>BLO>i%oMsse!@3Q=QYX~aQ7o=5&A zL?XNH`kPDPU%&oURu-xBN1n<8;DPETCr6F2bC zRc_`(m$GfaFhPXT&73cbVeJc)AV3r&}`pCB!7O3hYRN_eML$~O&~xF)bl&_^huGs`W_ry4CN zziBR9A)#F7-{;QhFi>f_daYaOMRPjx7#*VPfdjCi92B&?C@&Ttp*2ayYnsGhAbE-> zi!W81@|w@|=EXxO&j1vbk(I^G!_(%j$6{{RlN~DihUr@5=@U+Zvg)CpntIKi#DIiG zv%DY0RJAh#63kw=joq(g-ZGC#G!-$9iB8PR4R4Grw@6dj1&84Eg!Smgqu4)R-y`6s z+q%P5C9bh1uc{JXZ5%~GT8r=s^9k3P141-`oY=Q-pKa3o>hf|YsCrY8dO@b1^P@86 z0k;`I8o+{O@S862QV**zMyGPFFs(yzXRe!gTd4e-j^mOPs4&9=_WQ(_*a7;^LKghq z{l8>8j8x0^U2v#WU#iyh+*6x$h}B&Us57;P4^xp;dG`4UDK$^ea{f1Fda!gRC}R(k zY)ywC*Muwu7+k@}AMSW~dUD;o*)@9ci3cl`_+*zImoa*UkXDwfS65dD1oYbp6dB5F z_U3Xx?3`qrxF#utD!}M$xGWC#eOUsiciv_EVp(}Pkkj1({Z$4);_`Bla|(frF})7z zh(m30qKZZpXO9KC^BWo(_RKj{ojG;tGQ*)wPwFDj)11trD_OVc+pE7}I4=m>cZ}A` zA$NCIbix7G)==bmq6|kbBG;It6U+?2yVy1lc_|t=%GS-n`jUrpUP2yGD8nB=m#vU$Abs z9AH_}mPF{Jck%W&GXW1}n>MOAIXbEX{3E5AxR)ijlLqMD{Z*20 zBQg8nFHuZMU2$yFTaY)Mal4^nY-~&!DM_{_V=@3NuZ@q@Po=twiVp-IGGcD0K6$cd z$f<>=VWecxGjMx*8)0jFI=7f`0=)=Nb%@3N&h6W``-?onlYD7bdD|J;#xyeCf!7%4 zwOA%c|K2Dyv9yG*tGm~>GjZBERKaoVQ7Y_T=r$qpOs|21Q054{yYPsAbU8CXf;)Xq z8miZ>*~hoD3~FyLX`5vvXza3zN7OiD+vbRFEWOD~66r69nUu8xQH2p3I&BL7*5`_` zqsbtT4yzx@TJk;tf8p}dyW;^{WA zshZJ8X211tZfsfh#E12{-I+gNZMTrgIweD{@oo9ufUDweI6hl0Aq2i=jzg8eUeRCT zkPI-HM6l6`FKvOeFZJEKiy-SiS5=A1`jKxyG(v%13hBs-2U6@j9;(?I762{_&6Uv$ zT^X(J9mhmmt_sLHURrMmUBzE#@E{hnj|b%b*fDUfqB&W)V=rasNg?O#^MlS+Z@u45 zKrsmzdRm#jip;y0s=wdQPZfr+=~n-_Iz=QGf4(m& zE^Y(C5GmtF@tNQtCeDJ_Ub{_Ss0|y*?jL1PXdcv?XM}|dPNTiS+{t9E-8={r+3wDAzBGjI_ZiqS|t zMMnD8ZuQ*?ux^2_0t?3)96WGf=J|=+YEX&R#vA8RNBm64#a5=qcCoZ$Gx*KbY3|FH z|7?loBab9+Ra910p=oPY3$F{L9*ri;?P|e}2miLdy{ZYlKolf*db+0`hN0fIL%4@c z1L;$XA<3wIjLNL^DRo^qkEB69TL9+bv7hZiwH2e=0pvSWFK4EvroJJ=8UcPi17I+T zipBd86H@;E`_~~q`i|_Uh}e>n=-c1F?gxCLG2&OF2CG^d$Y@`~l{BP)?zijBapejG zRUNQL2Ou{BFGb{ol7D)A&Ul6Oh-8QYjB!OdZf0wV5t|2+(`7hmtg$`B1sFP3Lym_Ogp%J!C*=(xMc(t*( zQ@efk)p?-=(gv+KZgtcj>AnNQ2T)NPA=2c#a7Gnt-Ks6HGXd?Sw^T!~M#f{ZCEA82 zl?AIzwdvY5+W3hrX&bEx@96Y}0k+8GGk52pl8*0^Lt|dTWX&9(XD3l+`NWji44rE+^Oot$yh1(+eFanFBQITH3C=y1ddW zeL^xF=Csx3%4ERbf2)0Ydjnb3R~meE(tDphe;!0E0wqP&E^Y3}ufHPEER*i+8H?V2 zxc&R?^W#jnE<#==2|CFJw-F%790U^H@T!X=wyH*VLCb6Oq!XX%4pc_^)|1M8`dF2% z(ac$Di+pj@t!RDMt_RHDw~tR|CaD=W=po;laWY5_KF6RU`9;0X9}wM!x~u`8LO`! zo+>Dau_0`T+ma9RSmQ*UwR2ABN4o9MVC<2#2n^RBj#0?4!({T@&Tk}r7}?!l#&}A+ zsFVq3!suOb2h#h(*A=-271|*ZD}Tes6q(Iw`|PZfHH6B2nQuPIjuUanL~`Ge{2>Vg ztae@(Fc%2XgagjRpky(l;rXdxW92`KVoXkgQ1PuNqWhliIG)bQ%`i@Iql3-di&#r?YiUV}5fIX*uPAqQWhg>)yW;2Phh)Pz952nMb}7TPY-z>`SkW%X(_B_2-oDZhHp%otTB!{b@!Ot^m+bkRCK>8iSr9j^FeZ zNR+P2$4U8B5BqNM)YsQHkw_?n5(WSVSvSG5^K!R-i|a*UZ4k&=cc#7sh{*%cf8k5M zG*Q*VI6r^GzfHIFaY_`g9wO613P*eQ?rm-%3NQ-j?nB$#+lzUwWoyTmuZeIwu=4V; zsN4-h2rqa<20TV$08*eP)YRD6=#Ege)05n5(%(-sfByW|&&O{QsK}-eMVBe1Fb{?> z=AKMn2eSvYquWz zRW9yaD7H%R?y3W4lA~8>4gp#d6hgbpAtmcWZZfZ}8TC~Ws?2jLHVa{BAVzS*r~eT5oepi9iVX+=6Cm;zeOpKTQ{x;1K({1&Nj~yNPZzDH? zOas1}ZH+Y9pso|6QZa!#aZq-s+U=i{H9BhDb6?2EXB~>JT>Si9Hg-}^xZ$?F=|V;Tr8Oz2}> zBblwkvX?W?@2<%%=no$)CY6l0`+!z#`!nAa+ChCf667Z~-Lq7CQXDJ56cB;O7spIhEZ$%5I-f*7de0N<9M^#q>&M+AL8b4))9XwE9==-Kn>RV( z;!E4*zGbev!KPDcJ>=WCaO8+J6cNtk8Pp6*T=>B7Vih5LvkeczgH@F}D|I+F+2kFx z^`B(aRpq0Vs73E?-gT=nU$O6MONp*95m+7jU@`>&8x=21hUT7{@xrz@iQrB}-lX`* zkrlhKXC59=F{7Kty>Dho7tM81GwR2LA+)|c@~h>$4Y{rUDhp8V>K z;7p9{F`_=kW9V_y=Jx8-bN<3DdA`nN?pu8kk|mSe@ilxeW!bWFR4UY`np_iym~m2! zs{E?IV0s!^{a}IVU%Pli4OXE((5mHbgSVXde_YNJ>p3Ub_!&--{$c}M$D?1Q=Hygx zmPbEbWZ1pd@W2O#XFu+J&tuUT5kCaCAd((#zfBpw>a{Rf@2&Me-e-?mTj+l|bp`HJ zV|pw6r_1%9-`Vr-$lL$%OYA?b#6N#!59Z8kLT#m^jZGGjU=(NkGgePpz5qN}uMLr+K!@ciy=W$W(SLqo__~!}H2xmJ zpT0ydvZ2~T)vC|)+&@42TF_f%AVP2;tFZd4y!PnjkW)JT&rftNJ1e!D&k(OD$N&EO zKM(c;gGKjL8>zVQ=EI)`z0y;$rcT2D?Gf(L5UsUmN7V=>$H`^)h zbptDN&8HLo`LsJ`7yt8uPI!UGfg<((l(y!U`!|U<*_U?oSdQU@RI78{Jv?S-vyyuL zK3UsV_|Hq9)SUUxg$DC-skil!G+&nKO*IK0`E7MltF}#|OpC{W&|`zIPAwVn>~=r- z=4U5?fZu;EuMd+msi#Oz;UP^Gj?goae1mw?UC0(c-<=Oz0eY@q*>tg7akXYsR@1~? z9r@41dp)wCu%J!mpP_w%J@sEMfoHB~?_@eVW@Ej!weaY!Bx`SFqnnYtfW1>Y$qM9`W2&E*bI+{N?Bj9^gK1(C#1O{GIj3m-6v7pI+LM zGyZOp{QhCTtYPaZ5pmEW4sA}w7`15gtbeXO(bUqdIKFreo0O7*@CrZ?z5Y2t4L|0Z znlQq7o1-HNcWZ~cMwgN`hA!BnYTq+X8sl>)E~Q3yrA>5vr$m{J*K)OD9E^K#Qgn&b z4i?FtG%q(cH8bIdb&n5<*kRm;6Z4XFayyb6gDFv+X%VrZX6*3<%i%wlcBZBD37&*q z30EzVW9J{Wx`6^JE0~#-E`OSbHhKt5H*^<}7Jvv^W1Q7n4e7{oh_xMZZY(5dIOnG6 zH}7=kwDXF5cN}PxIXuCJ%KLI-<`VFzY=?iYa*~dWsfk}?fc?M25SH#oj7dS#9|1PS zk~b`7>{#Ueg%T3impPLyNfZ(k-pFq+JrCMk-==_&Rs<0p6^?9$XybQL=g!5}P5d)2 zaF2WQ@xQUqx(h!Nj#SUFG3yE5JtyZz`FtYW&$$J^tNhC^5U&$s=50Qy8qWrA_`{l1kP(H~O?mU?XpZ|I&)DR4dw{>O$Q}3l zjq!X7)6Qx(0N@E@umIT2GmfzGDbCBr>|d`c*g zRoPA{cI9+uy`g*kNKp*DHntyVHnjd{6UV#cJaj@^lhnawCFuC+02_-1-&Ah_O0jB# z!tJ@0Cn5y@2#|50mDtqO**8(xF!G-Z=VegQTD5(g_pH$u$2Lmj8vmlQI)5~zQQAs|dtaaCRI>R8_Uz$h zjTXD&1~|29vv+{wp;J^+2OzV(L1lBiZS<)N%08nqZ3#k(v$M0ALjS~;uh!Zr_k@VQ zkTHFdCKO_Qc%-j8*26XOR;arMU_1c*T3xXMNVc?U&eK{C3G0pL@xmmik_Cu0-;uXcj}?W^2{%L_Z|akL~7t@pB~G<5lkog2nR-} z$_p3F>!p`-s5j066)<35h4S@Xe^XOcS=m$NrNaTTklAhv7uwo6a2fC|e|vsbfsH-qqbWu#rpOK~mlOY_dmz`v3RXLqjfPIM#@1uy!=RD2tqv%+=$I z4h_vIDiRd>^_$345EFkvT}Sf9zk7VCr`A<kL>AzyGhHdFebTOekp~Qrec5*&b)r^3>fN%TgDA!nJJcx=VYt+=?{s^xcyC zi^vd}?Ygy4f;jp5D?JK9Fk+Kr_qZs5z*j?4ICO%g2b@-|g}h}DR=9y-fdYXD5%U(L z$w+Yk_+3HkwX3W1)=gdSK}R=T;PAB-4TmS&cx0;5v!Fb_z92FZXOVKmNFL3o!${$U z$Mb|TgA59O4Uu@- z@E$*8ghL~3s!Gof{`7D`F#w5NaTYqioxY-?rlj;n+3*pF%xUwh#2%eYZFlh^1& zmARoFZ;2~LEWv@HjMJ!d6^mIc#GWU_M#r}-FwOpSo*|w{pfq9l$h$jR>$_WYe#WX? zE%Gg;40g;q+-7%{D*2em;Jen=>)?VzTuvZkU3pBs!HB;(;zN}J+Ws!|jOqdcmR+7G zvGb#Oq%XJRQq$7V6CDqlRG6_xgA?L4 zGnKSKO^1f-h-H*xC^ekJu|wHN8EsA005K^ro*4DC-ST4mWjlNDJWaK2>4)5=Wj}lN z3~{j`W*+dG7#bOBRjAmlUiOQ%qQ_)1gV>4HfnFr!3`_SW$*~o|FJ}wdTD5CDh>`PD%~%A=har~ zWN5#jg%%x|9||uf+Z+8@5Q~-uFEEZ}iEO}4dBS2P;T@#pUj_udRtKMf3j3Aj?v@tA z?Er9$b>D*5#36XLmGk@TF&h&H~-NLK_y6s9^k+0f9at&le$ zB)a6h(2+2ZY8^MsmAD8mbSGAniz)NarySo*VVwRV^I$&=DDY{M>_I z$iC-3+pCZps=F;9grD=T4-9f<2Vp-*AFO$`tuU))9)xmuMj;^~p6is1gaktwS$oi% zMvJ*E+VX0fadk}r{jLWx1u_Tc+4Km3j4HY4eZgB{`z?av>_s?j)vR(lz+# z%!mm{QAtq0Z~<@XZ05)3P+-bL0s-%>6uXv2ngtcUE&OAv0<|-9}gbjke8H}W-yUxO+}aGn=W;N`jFwmg|wz{ zBJ~lX?YD+jlKll}ED{QA2a2q^g&vF@@L8T@wC;HK6bvDP&J9X3P;6Svaz0o7Lh8s93Yl>OyWPi@cD<0!b0n3(uOUw7q7rsdxiJO;KKc&1yw zL%9{cqpC)fh1JQoVEZ+)XV=STywYF<^3+ zSoZfNpn<8VT;glFDH)jjdnt@?i{uD4 zzJ>53;_5uF-k~*vI`sA7!$5j^%KvD>r(F5Yt7H*rq;gX8Z}@oeLi0#*)ycZO@ThRH z0_M#SU=S*8o8B(+&^h>T5G+`Phan>7a^H0%UifU1bQ;!2VcsG&y&(z8RO(7b-BvE4 zsyfecrwsUps-4~e;nlr+?yRHB8ZLqPu7{w=2u32yopQ7oni7E&hY^*MlUaRJOPr4O z(W-)R;^a{D^@S2snTMOfgEe8K>EfgHu3tawmAQ8>+h}V8QImjx+}>6WOys_XmAXR} z=xFx%t&iQi{L0XoMaz5neJ&ChHuJdZyjA;Y)lb*G;2b6C5Q**g#-6hoH%I89VE6*9 zRS?l~XN!?Uoa|K*^{kFW4_O#Bf@x?{17D(G!}_S4(@47lg(_nTJnMspXUAjsy(*uD z;Y6SJx371rHmBl+yO~kO@m8bvc^f0U&KlZJ-#0hU1g+r2;wa)>n(F(d<=ea7>d{$aVYMggQw7P^wSc<>C>j($r0;SSx)Vmawz{FA&`e|RfZH?;1N&;92jT7 zv4H}|mU1jV^hl@lFiuSCs3I)}K{1&!*#R;oWL=3nB*= zM3j^vY&83|Tepy-bE<$9Dw@(6SiglaomPSE9II#DE*EA7ay<_(RJL+6;iRImx47G(^%XA`-Rxy*K)_Vstn>{O%-4 zznRARK=j7E-mwd}4Z&$%P*ytewajW`pd5V!MApciUD`gxEahtmyE|g2fO+#h03#Ru zX;R;fN8}d7c>=T+faRuuNc5n8j`|dM_}6iUkg zb{Hfz#r-l=v91PYs3M<6SHze!9TpB(mcG0Hm;3ePJDORyp_xKI^ia?q4g3UqBeoyb znW*aVx^Tb}7)U`H5!^SR@ge0nbEYZjIj$5;MKVg`=f6AaQ8`*@3%a4Y)ofHe2p@#p77Y=j z?B?bsqN2<*sWCoyaB~F|6YF+(vJlxYZN!(Zj6@*NauMvvDgb4R^i-=n(Lyts@kKmN z@!%drZ2lFE!Rp{Bv};EF0&27Is$B`Edmy+#dJp0Z9I8+iu1ngsN=mP($%0m4Ngh+@ zM9JAH02XJd$1a?K0j-guy7{y2elVGHvdLl+9civuEPQY1un-u`>sW=--ui3GvH}%b z#suCpO>NmI6X7{WEj_zT!itk9F1`4xlek>9Nzwg74^2^c zd!x4R)SC50@ufeQt@L!AglHSHh~Nk@3c}JuOqxmF6nXG=HDp$@fr^OqepJX41WcqV zFEn;TM+Z7&{r;%%RGh$+NeOsv^ZI`6OXs~PrjE50XL&ZYP2Z4>Ujl;C)FSyEM%Qq8W~?^cagi*eF17E-AI{A-VmT4N*`dqIM9O zT6YAAM7ei;JelF+hqOWgnpX#&L0CFG4MbK4&73Ute~^Y+t$&BIk-!9m97(#G$%9zM zPn|x6ERDT8fu3J2yQlO?R4Viz2?n|Y^O~sA^KG6Py-w`hWlF*1{p#sh~>U$KO4EofvOfBSmF4yyPg z+tdrlscGY^Ob&wrEg*mpA|E&}3H28h6`VQIR|kH8k2dy}NBVInv$7KGNzGR^^$=y7 z`|^qN^snw!8?-sG@CbHDx${68Obxz}1>l1MW z#Ev(z8=0)+j}2j)Ht-<(oPGK7p#Ha^eM8W(#<6M=nzWp~WL9#*oT1D?Td$01sm)gv zAf^V$k$dvIMC3IriE5-AqXGL*@oCN00(p^3j@Ao`1D&oik|K@PHW?6~;D)&t7Ht2b_RT=lzzxC+l_ z^b^ovRuKe$JS2YyZO05T)Kt9eM4 z53Ut!=p!4(uFA(3@8o}+RoHhP(M7|Y0o$r|zhLR7#yzMs(A~)eGigIsx(vOvBFbWn z?7-0g?h*>*(2m>2J_|yKmI>NiJl(rdVa+o)c)bNK20b3MAH6Xs+U7aUT;I^35rWf@ z^jv$JoSfXAAez=@P<%h^GVJsq>WmX|Fqc5THy_eRV%x&N2txEz<~&vr?g1_+Qgo@m zmkdxx5fR7%J#_}WK4s3+&3I!;=o`~g5{0)4RESOt&j6yqqtxria<{OxeREkm_eQ3i zeTWu>6K@-mMn&;-a_eI)y%7_L`+L+F%3Wtu!PD_$=s+XGZnYJ>fG|Z6F%aVhk3liu zw);pl?s6tVXWez=xw$|Ra&sDmV!8-IspaKm5F3K;|2cA;0gw~-0a(3-1Uborb`Ft` zLWiv`FbYmUM_rJr1CTX0MjZyeJ7Cb*rSLL5aZc4_INU89jCwZ^rab!$q8-OVyOP92 zyTPo1_g3K`@6Hn=*l-tFsH@)k2iM2)yU0bLO$u^Hf*DZ5J6OVY8#FrwlUaBCuZ%uk_k5-foM4q z`^fwemlU5W;#XnOTifc{-UZ02xkK|sytt6RGmleUvs9QTp)t%z96@Pmk6}zfdr5#H z6}B{loCqVWM}fv^a7coS;PW0?jbQ0T636sE(er9O17?lK6C;w79YjXk)XfO7(1c*} z9Z%^R;&kiLRGqE%S`t`f9`PK=lTFRw&|$lIQzJiLM&2N-$b!fMK)bod*T*z24Z6)B zYR>Vcf@&(4Q&PVsLXt#fo1e^o_;Rsy^*EB)0^HVvRi&-WYJ%AHKv}ZX>e)Dx*R(?W zDzy}^qlrQE^U`$cTZ9J!XS3iVI8pH1$3u)HNgJp@L4&4i5I)e9L3yNe56~RK_Ji5( zhmv-S%&o3MUVz`ba|p2&Gm=mfpx4UOG4@69J&Dz8V`jjihO{y%6&u)x!fLBOj|@w= z9(^7c>3a0>C_wS`+Oc}XTM11%08OY*eS6VseJ1%cG$YEbTlQKfkmonJEZc_5^z=j2 z!Ha`HdR`F`H=ges25J16EJlg6wOMY6jzYFy)WG+r0W{_n)!56>Mkd*FVNnC`g--qFzn zQ2;8}(8gvBYyUE8H9NZ%2rNNj3!=DWx1veWa|Y~dlp%`gZ?n)og*JgWf|)Q323!vn84cw);m#^(%m~UC1{L@JMcrG6Rke2S!WiIIN-=0K=oF9^ zQBhKmM!LIOS`0!;kdPLT?(UL~MRz0J(hc93?!ABKJ@5JNyUzE=x2|god$HDBYtH#R zBkpmJd*sgxM=BDnsNjseU)JuO7e|CEKz!>FWB|~Ea+aj#b{tvyCWL0iX+vxKQJOMI zk~CgF$gs#Eja=fFtT~o4wze@rR4KmXfD1{EfRcI*$1Dx<9gb{lV$PwAYzE+(55(~A zEp|7N^?rZGX$TQFG}$RspS|?P!~di81}$Gkggw%*DCJ?97MWxo46VT?`#eU5#HF9G z3FD#Aq#~;j2vMv&^pzGso`?|J9f4sXmu}Z$8AX{o%|1w=J?HW9V+w?SU|IVS5gyGM z4^du>u&?XmPK%(NRvb7>De{T#(b;6Cvi+%3~kHMwc6Gvz=s?& z3vdCHeRoY~@95xQ@to|4AJN%D)X>fVFecv48gR6sl?^N7)u=&ZH=aN;5gzBEBF>tR zA1?#pG~GCi35jk2;RV!`9dt)_S4I^;045|mI~(bBov#2oC!$s|)97ad*HAoKDNn~6 zOa>}aE^Py!v8VRZ6$DS@gFJ6}eAJaQ8Sz(;wMTFon|)mz%QEE!2e`Pi)QcowP5xwZ z5TYS&cZX!K#84aBm6S5E2hzm;Ne3&PcBLU-KzdmKC5bdHg1$r~F71lpL+ZOw9#|PQ zuj+4(G#}XRa$tyv(y#qJAojNVOtDIM zLG5cad8E*pU1#wj=uND=$D3eiHU1MkSr!(d_s@|yK>EaPJkJ0IfuI+OzJXX16>SWt ziK-_~Lpp>FYa>O4hZ07^_g{eXIoe)~4f;|4@p5X3{UaZb!AAv$zKOK|+g1T)PY+_Y z?ACY~)vHtxT!yXl@dIE61K}4@5u{hhl!Z_6z#&ee6bm%~36dkETdI?v83Y^RnaoKy zPx?}?;o=UKZ&V}zSfUEk!pTH$c9ar^n`_9N&eGwvRD_e2muM`#0rb_WT*QOwGx{dFawL*v-~qe zQiae^V^&cW!}%J>yO4o=U&$_)fMy7C1mYSgG&NR}4TALjfeYxx9vO6yAU_d7FVI^{ zf(rbADtUkwAJg&a@{vLc$z;WCCfR;8N`svcCA2K8P&n5)4!E z94R!;h9cbQ;XLsTTcI#PClFVyJddWOiulY|6sHeF2~If_^`0BAni3M z_R;gR{b*>)?T4@ukzqVqOo(5J0bq7{y}YRzz*$<_maV-lI@^hEZ6VUnmwr$r)6nxO z1A>Lr84z$5|JDQHHem%=f=F}HIaC4QjC%oVnq4v^zH9qv0*HNCD*co=+^|rfi9iKh z(-Ab4o45v?PM)8}`jZ^W0P+VDTNJ_($c7tFKmmQGlijEf_?1E5ed!3A4 ze?hc#_cUx6Y8xCTLp0#C`3|N&G`gw+G7Xsns=+cmm1!;b!9wJNL6gryoJaxNiF7su{Q$fd++;c!AEn=G7a0%i++hqN6?Jla zr(7sRanPkK-|ApwmkNR0mT9HowqQg3YFI!(F+yGkBM6;K`A5Inn0H#~vxS3@LXr#D zfOvF5|2!N&tK@Ey_ZXq-gN_%%Oo{4zC$x^D!}OoTC3i9tQ6aRTCXA- zv{Ma=Y~$q#h`c96$gTaTewF$h_)IA1v_fZ5BuCh|c-Gt%X;4*qu2dwO9?A&K=rAq? zwpo02uYW1L+D1;H^2-?lCGEpqAAO9oqDel$*iC%V;nw5z^Lh{16K07?DYS z9o_TJ{n8xtOM)U9P^~68^6t^E5XcJQj=9A`CBq~p0}@|8i*uJWP((bhIIl7)DM^w1 z1f{<0iQ~>=q@!n*Nr4o}!I7Rbz*prU5=LOX(<@k@@L@B%c;oNQKLS!_{nc)6{m}Lf za$W85Cd(BtmfpaQi- z^cM(rJ#a|V;siW_7_QH#R`G^Szk|VA4FXNIx6|mR!+CNO6KX^@z2XqYek~3t_9q33 zpprZ|OHfVZ+Z)n8vPES>gM=i|$@f z%40}duQjAlbgp^7d^)Rv1eJ`WVQ`0xRt6Y(KuO@xlynQavsM7nhQ@{>N1KiHu7Dt@ zp9~_rktw6DB2!*~@e%DSN=Kz)EJJBP1`CZxB}7E@5u_Bk3Q(TxcfXVyvD?8ra=Wm+ z&jIieD;k^}XuUhlyZ;=5!{x4N40Lvrlmg$+xaA07hl=GyTJ;cVQKOo77e)#!6F>{H z%t2Es@GUtI0xIP8xn|#;ozAVS81K7kz*XWfV<_7n0=LZFZ$ZZ{;hM{0BlqxZ6}qV! z{UV3P!c4{ryyso`vfGb?3<;NX&+Kd-g>E#TrX$tsjm}e5$RZy;u}}7ohO{!Pf&b)t z1IX#YB8I_nl7m^QgLL{tkGDrdB?tD^o@+f%j7ruEqr;g2de_s0jf%KB z598sUcv3GPgtVAu9$R%ZA8C%raYX3PFwaj<$Gv_Mp8l@pDdgfU&?17Ao;b`WbeOKm z()X#VWThYlpfkHK6CI~zjsD@t)r4pO-qxS2u8s)A7!B-nBd*TvbVYq$3oY$0zBIWT=H|?x zp7RV`5@L&>I70bP`^n#jLpynCG?11GbkEk_UIEPW;x82JQ+W5KGVwk!UsC{h0C9bO zx|pK{&`oL)PIr`(Hv#}CZGN}B>bbo zA^cy@$kP5Ftqh-Eu>bq|KR=&_+?Rq(`9B_#iT`~VE)xg|kW?FJ2c|J{bpL%&oMA+O zdTk^TRKdYjsUlmx)Jyfh?{;elur-kiKc05m~89>(~uMvix^rXvL{k6Q#CwnhHEE*8VqcIl~& z+W5`cgO|56+9XgMb+=9yiAs+!BJ?kWWa&j}8lCmYJ7CzdcK+0@VN3ZM!B>_vHq&GY z)Zl(aP;rA}iu}WGYgNL1*8?`~=bz8WPJ2<ogL9V+jwpfpR^ACPs1^71Y4We^|eInvyZ}d2&=zh=d zXL;#744xe{et*&2wevAFz696d@fO!ttu=Hp&ZA=0=bc3m5dlPc511Sry=_WG6$F*+ zE4!~EImW5X$Zy}4`{ly8FUY8iOqhYnPhv+g{&_6CMN3Po)g?PGxHxmKNPDDUiDMNtzDr&}9et;$4%gc)X3sxA@idP! zJ08xaHFE=v$qn$a0f_xYU9ia>4^?>iiHgY{rxO*!1qeIXyrj~Bhlke(^ndV)KpGQ) z%Ijxe-$(epkV&^OUXm?THY-I6+4C(C(7uIaRZ#Pg1qpAgs0Yj(m?3D@_xrb$m28RDxl1(iAD&x8#=CpHq!RM!P1$UnLG~8ra}*6B!WwmRoexsJ zUbF5Ac42LN4BX-1X+(Ax)MlO>bRGx&0GLdvXq6h;$2v;%c|i0YqzsHeo(hWc#!4SD zr4ocv)%f^pf}n84axwnPvglPKXVw+v&wcCscuup zLCn5V$4xF8#9=b_9et7!$r}RO5gZD5kHc@8fGcaW*mVzxlC|FkYWSamv1^>XJ=a`> zNa4x6=F@FIx7^f1F7-3N_r8V$kjkV1IE}Ea^iWZhx7|XK@~er(Hz~7|gU!Zcqki;KAA_bR+%w<+;n*mL(d5k{U_I^2~p##ui{ATBX-fIkYLQr30 zpwdu@TCFpZe==#|mDm-n(7b_dhL!w|IaX$78Qj?Un8)-oiBxIbuquGNM-9Z$!2>4{ z>Oy!Un=|m`5ELJ(OJq)~Ea(___@W_==Mw2DGJT0p`&14S_6Dz6wLtaBmJd{tP39Gu z-gB4_>%1BTO?h}?R=v7PPGo5@R><`1Ps@f%RD`L=FxG}*peFGpbJy$_ouWaq>8H`H zBA@BISNv@Qlw+Pn_pNrbZ(%L#v}X_NeT(2P?AMEMpb-(neHpsO9#;H&g*|Sp6EVH0 z*b$@P)WKsz>l>*D)=I6H`O5@t%bpnYVt$#+?^`4o2`_Ka<>}9 zqR|S8l}^oJjO|>rtr}MC^Kbi!m8Tkd!(lPlyd!((oK8+T|p`DA1*GmSD ziwtM^jM-kMzJ9J2O5&_Np$IO!quX71A(OC7{)}-B#YtKdiFoXS=g&3bE6`{q$J$TU>|!IbgXc&6PW?!rKD_bf^8=?k&`ktUzV&k zv$Ek81?6t5Eav5h*2>=|2TussNcF8r?YWGlhL8g1*TG*8czw70tbSwezQ-qfT*~I#%ul ztUC#c;Micf5X3olm&0z7fBZRc?X>7?vP4L@m!4kLu=)hc*B`msjVU0u98$*Le$44C zRRT^$RJ<>rLa`@ur2ifOESOcw-+`YMI^6dC6L)D+h1z9OO||6G1rf{@tN9m1!y?~P zeN8W={Y>djm|dSY+tGr$NCJ|^z2CTlI2YlQJ%En^D7Trc+$ZGI2<^8V>bfVeJG>A( zye8MXMO?cTS-W)%)%~V#9N+`MY%IfCMABkNxi2Xd(5TePSEkB`ii*po8_aN^9!=Qm zVl9cxV4#I;^be}Rw4u+an^JdRdyA@^G~3)8yqn{W06W$!O%5(~HC+k`Q?ili%P=e6Oq0rgRw`h}Q{Eq}@O53(M^Q6Iw|7Q-t`*>r; z#=_3N^ypxeLjNs>Z4Z0G!s2Y}ps#J|!J{uuHM@g9BC&lPNs5SVe)DDaZM@LG`(%7 z)?5+*0}nYEsBxl`94aPG~C{^!z?C! zwVscMtGwL5y<7mDI~BI^kBk{!Q;&DMEgJUr)2k)3AI z8B`)wrh?0T5pHyF*=cPzq`|qQwR{kRQ|ZyGKE!oy&{M2dyJ@mK8pte|VwdbRJG*R} z@9Jb*A9!k9IR+OfB-Zh{IJr_P59vlX{I8#(>uGZ6k*hzGecWz+yUIRp$9h(KJ&koP zp0g6J)UP0Yzx_^8FX<^SdlNiVdlSWG@^)@g-ozk;9nZ9@x|a&iIYLq5ys6(u7g~oi zlT=(T-G1oo(M|P++3DUcv+YJtywy^2@IkLm!<|9;+p+negw0jD#jeWc=x;ejjO8#o z&qie$@jyiMU|NLo?2)3wQnJnBjJqHoosUE8n#!TUR#G*mi%6+{F67~7ShG}YT6z8i(;_jiz6ynFsBUmSY_4&0Z;iJ-Uvv)kb-Z$b znU$?=zK9VURKxOndV32UX7scRf?@j(2XhBnJO_84NcB|F%udJT z%=70C!f)PrX>O#DsmP{p*fx-e-by5S9* zUk3e8>^thaPYSpbgmf-DAdkqTaEFLfMct6U3DfY|XW@s@&5Y zPX9b1-f5MrfKO=z+mLn79qgCjegASdvC=*hjqPxmJqC^esV`sC@<*#V@XAQW1-Eli zPY4snew0{wTA>~jrRFO?VL$8OAxeEeW>fmj@k!d>L4H9hd9r+^t~C}bj(JdeKy}o( z(Va|cUR9>5K{)rH^HdGPudK82<1;?efc*(pR%ny{@>NrYoHam@&Y{W8bg!HO&RfSi z!>F)Y<}j5S&S%?OWnP!D>2PPnjd-O~TtpJKs@%6oGX{N4RiW9bGsbptPXFw=1N>Q? z;BR`-v-WXq;rrj@$x=l z28I~^+820FIP!8UU7c5zs#h~*Z} zx~gop^NHVO)!|`g|GeVYI!2xuieYWyB3)o7n5429RD7J89~JWv3ULr3dlvI)e=b({ z8#z9ePuMuURf{f(dppR;u3aqb%9Pne$Oj`%_FE_&mqEVM*D|1H;&k{kovCsrujppB zdi9G=JwRNgf$UGeb10~YoxBHX&IWmgDKgf1Pvs&Zi4+VVOH?hlC*Cj=d6Q3exSC5% zrtkrS^6Q#x)S|`{!4jS~9vDof!4=S$1Y{%0SeLVKscHs+GbP+YWhsBE)%wOpqt$QQ zm7Izm`Gph%1c6E8#g>G`F>q@jwQ965wr$`W;d72k{mN7<~2WRmbI)DLEX#(+hG}4n-nF&L9mAC znk9-4E9fN7nnk@>@!W#!UFfMf$sf3P@Rk&_-i!}+c+@l0!86`CiWQ0faP~x?@b<8v zLb@hyB!6M*iw(=f%>p8vZr0#9cCny1%F>RA-QOOzWqzDV3;Kzv52;a$;vI!*Y|-Oq zg;p6swi!KJYh7A z{Wf|pM4EqF8gEv%!W^aIoE_*BPz{k!>wKk)(hg^9ux$mJY&3+T!32T@dAL1p0GPr+#9Q&i@;%@v4I@Odx3nM`A%kdNxweEFQBuo5)IN9T}jNp(1Xv0Dq7Y zd_ygRywUA2By9J{I9pw|QyO0zhPELquE0R51a-O&38y3c`8EN80R?T!K~)L&g`cdK zP2~F7Wz9o>@m2ohd#P0Z&eH<{`cP-L)K);*L+WsnO>kyo418`q6ux3;&&f8U5527Nx%NY@&$@q;L! zDh(Qf_21l}IBYci^OImWl$cWyny>D=w60=va?lk;O6P)31VB0k8B-V^VE|q>(awDh z5;e%zN}3Vvj(2p@l8=KYA;3tR-+gdfTJXNo@NcK>j{^qc64ZM=`yKndtM>7R5WEnwK)w=O@-$X8;z9cv8?qu=jgv zb)BQKDTE3TGaJ+*cVkyVXdG5%zmZ$ARnRXJN0U4X^%kSIb@`DCMBA7dj$f^}jcGv% zRF~9G7PgfG`w|lXL>%6Jy8ZoQ!IvA{h6dlpe#kFZk=&38d;j2gKiej5_s9K=n;O~x zF?G`?P)@fw(uk~R^3m4~qpZcE#0GXLr#-1{bKbrk|03c>aMd_O^_)Q7R^O!sSyrK8FBMQmmx0xmA6^X-ugIb#;OUw8k_-tKCteB=b#!E^@`4L9 z_g+DdWwrT`#?BpWJ?h(fU5P^=Nk0C-T3Ci-003@+%H(~)_Q;`u{Hfw#nJj?(SCV?O=6QPXC zMqp;`m}eP8ss|JY^>kGi|H#9DuzCRv^Nq~M6Sb8gUvDYgcTX#T6;*lkR>k_m<1EAU zoda9Ji(i}AIa55!i*sK+lSs4bg*(xzxD7!L{F(-_jRWmf4gqJSHy(Wj>nzO`Sr8nh zN%ihwWEzj_Q4Y@4JoIv)ZJJwMSJg7$gT%(+a*-UEZfzyS7R5vtJ>xmk1j-BRtMjF| ziL5&FGUs8jhJ>o<6Snp`HuJNIb?Qu@9BDb%bfjEpT**1B=j~Rcb^GOFLpcfSK8I34 zvNpc|8)rT9XVjxP{o4(FD$XZjB>MQ1PZN@}dbsl3&P73EuU$0#crG{i^}%Mi^w$hg zUMj08mo}w=2ufPU&EytJkID?+BLyX5-Oi<50GnpqgQ7KgNTo)efc(z6Gq2a|cXYVpm=zvRM8C>~?rY+4m?`e-zt5w5%U&JJ8Fthx~j$8cWC za1K+)RKBQ?MzuU;MUvrx&v{s>dh7RqM|o;AIQj;JSV2^L_qPBpuZj?&Tn&o}&-)5+ zkg_aJ>qDAYMJE;`g=qOsPjdFDC8$Qk>kBBjW%wz!M}_IDd}n_M_2pqBB9Zt^ zGu7d4xK1A@>?`D#LaJku;cB-;%uH&%z2&NWW$}LU1Fi6@V)L3*YimMIP4&{8txl7$ ztF1CeU)g4Qe7D`jmOZ_|ES$96y83)2wo==K&|~N*D&)t}CABZcn_cy~YxLW$bUu|X z@zNvrs1?j3?RwQB%~3%HCaU|oN9!~zZ&TmLqL=hAo;#GHXkmZc0^g zNC|n~LB5p4yE}k@yJz0q2WDhJ6Ph@A$6=RVS>Z;tIt?%%w4=dZ+rqjrP~UknLuC)E z8uU>ISe>|zC(rK~!7^@~40y7YqSNox1~}9$!cx_nR3jVrh5}8YMK=qzwYLualrISC z{tQTgh?w1G@w)aX()kIJdkOly+o#xV3&j#Uc@lS07zS1futv+K%Fz=CQX!(JT(1L| zU$iasROjoEUTJd2DWM4s871@Ghh0>bjXg<^0i_a*F6ujmiMp(v+dZ-rn#uYGDcvz6 zypzyg8wWl-GVrv0fmTx08CWrq_rm$c_?SxaGxLz5F7#y$$h>}%2vn^<)sKo&9abv{ zHGob%LXoAM6kd%FLJX!R#oSBcK_CXoYdT&g2O^9?KOh4}euqKct{cX35h?OYGkS+T zvMWRT#X{^&ZQ-M;xy zr|db^X&iWJfH>?)PtBaAI&}=GZ`mv;G*&>k+0zn|O(@VC4oRxCri7ArjD3{Yl4aZd z6@wpJJ+Fr;1l}ZtJ5{toL<%65R3?r+@#x&3evrR2%TKDSOb`f!gj`Pqe=iGly}pxF z@m8*i7Co*qC@X~kP!ri1d*i$u_0SWrES@7(DQU6oWDZ)L9&%(;^Hkb-NF^~O4|Ym# z`Ja!h3W-p9%+W*AKCnqs%1N^<*AY>GOtsX1nB$Uu3i-BfpolJcv7*+egsQgapZSKs#Dkq$%iAC^Q_>?B9_tjzb3Yk zbK1GDP*CNIcN||(rW8}LBO~hP{c!I!;J~6MhE}DO9*{OKE}oQ|>_zH+lUUJ3?J^p) zbMjQ~P13dVolh0=!MV(>Pgak7>bvQ5Rc^j)5>A`0U4nW0tuC3LY->zIBP#-Dl{ROa zwhr-9xw=ph?j~pK7Y@2Us@f1rTst3r<2Jq?FqE+mpW@50_ZJ@;xvA^>a}}&uiAbwoF^b>{T00 z@uzMJ3ZfI6lhUKk!>PyjzMg#n-%qe+>CluO54$`FNef};N13VN_hC4fJQS^v4wA$3=hN}R;`xTBTlEMjJ58W(1Sa=B?7(bu*l5nF0wD+v+rAzgK)`N-eF5e_%Y;IZxDyAI zqL6m=^^zGoZB^W{^LL@A1?>e?Q$1|BEzVHYLg4kr{T`2BaqOr`8Bo<=V)>Pzs~T$O zvigmMLl+rG&ZabbusI`^p$%b}(QsZO%Kn3H#4g91B*pB`5%cQPB$&}W{3@RdS`th7 z(z)3ysB*ftnz}UW3Qd;qM)7d+PSA1&xe%r%=nND>UjYaC5bOAT4vvBKt%3HoHw^Io zAY=J4sO~f_Jmw9O3*WzcGzLJ6R1PxUNK#VZf%h6HMN;C?AvTeBy=44=7p7($NNFhs z>;^pi&L9*J?dCXS0;NX|5d#=qfV36!*z%kQs{n}oItl1k6Arc20PgnS>OyoN!cV8TLsBGZdBYr>3yJ`o{H4 zyJ;+ebJDSH`rZR(!1#Rdq)Ya%K^wmHL33>5IgHhkNuXwTLSm_@4+~BeW<4c=;;ZSP zaf23|mGOdoD*MGB;>5djMO!}?)#WuhM#AQxno!HPGU1h5DrOLHyrx?hUo^7gUiIu* z)|1;_VXvK5D}L98zDtx+1(!@M9zVNPR$l)>KQyU{6&wxr<3Gx{3#=!l0dFG^8aP+w z)BJhZ&5rUmlH>VTIO*LoBLL!%92LK~F9|Li;P{z5acP880X3t1LjMjZt3#-gWj$Jz zL+iv2h;xfk^p8D-s|2j#G0zr+I8q=CShgX~2A@wAenkNb{Ct0fD+PS1q*d$Z}cLMvww6=|2g{qXY``~ODv`TH;1W_qqL|OU*4O< zr9Zhw!qHrjMmLR=fXP%JK=eMZD3=6#9$9Zt#FbO4t?UDbY8~kF{NDv(L1^`#e4_M` z#3AOr_a*L})zosedwnKsuYfob2(>MT0rieR)6%ZajpnlKTcIvGsciT&(qr{C4e9H< zd;nU|CA!KNLjI5n#og?0N9y6R)bK3wdEDjwk2;UUx;QSNwcZ4U762Z5V3ryxpYBKA zz=w3ta&^^h3eS?k>YTYWUL@z3ggC^NSK^Akz0^Q%^!$B%zyINU$#o!fB zP#bbwfvIH&^zTd1S{DY5f9eLlk|UK{;245L1qet~aIk;35QH%%YW=pOQZ7Tr8znNI_gC zDB5;Zd7$D9NGY@hLI$bZGcz+{6yAtU1Y-SMm4ZXYz9zU$s#gVkX7GBB4NY_9jBx(y z!+gaz*~JxWb~e#>;CWrMgw<7kr`YkIj>>IxoaSdItP3-(nyEMEiv)rY{&q?VP5Cw* z9UyrI%4jMvD$bYWXlR+|N+?nx#TS|%*JQGj`X8cOmIf5Nf)`&lz?s7xlL8`^NvnL~ zNc4t`3LsrmH)9J)3u?O(X_FZcI^>xmn#G?mdA>i z+w&#;mnSd={|27`Y?Tg@{T7*(FzGL|TAj_N2BBRLMdG?@8URcLy3F?YTMnWt4Xg-! zq%%PZ^_jwOSN4a+xQ$Pi*+e{_kQwwP2$18-La{ai-~JmV%Tg+JY!Hkg0ZH?ynr4kF?_jyp6cSMwrx4dQEIl4Ee73ZnMIrjL?^ zYIN=dv`&ei9qW|0K$k`U()ZoJ6&pqmWF(NE(aaa0*F~+6TkjKy^rUB38f93+Tp=Kg zX6E`2Z=mEM4Hl)S`jM1m2;><*E2vM&0s0fksvG_{jY~g68)|b%(M^=X@3czu!zNj6 z?Rn=!wUCh1{PC}IV&N;#lZoBOh?IrjJ#;FeeIe`>*`{SJxlTdz>_h&IgEC#cW^QlA zpAjyhi&1<`-^jmMYv@gtL=Brz`fCQKsE|CExmHGfnT1AS{OT7kZjP&*;yqt%sDB?n zIDIV3r#h~ReHG(v^}upsYL;u-5zJ#YOXJ@?q|mgqJAOjEG|nqpL_IOu_};Iq3dY>I zkDG;^{@4p_eHA$}RRsf9Q0ab&uisvVp~yiSEsK>t92c5*A$;(7@3*%7Ltao1gN%ev zN%fU|DU3rnie`SXU-l{YQm)}*-O!`i>AmyMLSEIeUZg1;FR550K?&%e2Tw@D`cs|i zS_=iY_$TPbJrr-5qBk)?*PJyyj17H|Puw6iTQ)ZSdf67q7+;Ua#D|_P*~7S_TY-kl zCtb|8+>S%Pq?8YSn2k9Rs~pS+SU<{s#QcEm63lCOA=Qm@>-L&tEQYhYiCsAct6LeGp3TYWDU3am~YIC^A5vXlHce? z!)tbPA+=CfY2Isv;}qENXUNn4BHesvUXJ5=DKYU_mp|17=HgPJot%VKqoK|6#d?;N z@svLPLLKu~1;1~pHgymA`vYtHjfEX2MuJun$>5Lx>qwf0FOVa2gah!aY@3ZM;N3tsNiNXzKlt2C=!87aH zij4zZf*@<*L0luZw2evOkC}V|v2Vpw_HpKZIpwT<94%_TLy)rZ+?4apWJg6|g z`YdUSlF9572Ghfn>RH$9{PxH(PE*M6304L2=7-Wxb#@$Ax?0fC_ES&G=G?tDlR8$W z{rN2=QZ`iAjM=u+41`A2mvgV5-r`+zYdy=ujwRhY_O?p8yHpy`&8A6ll*A;Ir`I7n z8F0Ycw@}H`1UIpLBY(u}h$o@+Duzqi9ygYMK+$=hWlEJ=G&zIa6_W=G(?8F4J!-=_ zBQ3Mu>a)P;i`x%*BmUyxwLP+FzRQmGCTGf0rQ+=cbYjdeJoj$Hrnr4Oc4Z)y-;K=Rf2*0ZT6+HjwhEg1Z$+-YQ!LNF znt2Wsof;n=yssf5BD#)GoUV8?<+MnCzgQmhoSUVirbpD?5af}h7+KnJKof;o8NclP zFB`w7nfsDYylPrppl$f*)_6mNvXW#$!e8Fr-mb$qekqBcdE<7=mm6yuOkt4wpVlI?Q#48%&5fouBah-0BKX7W( z9e3f>d&?Yi!FkdTE>25Ewtg|H!G-p9LSzHo=(~;bC`uljWX{Amqtm~lMt2_{CGsUJ zUqQQ{kqi4LZm+0FKW=lSa&e9z@wh{ul!uVdWbv{U|V$~;1OT&Fi zq&jY4HIIEha$#;e_4D!<>iig(hiy~qQ}WBxCbx6}n>b*%Ewz&5ZVuN2?4U~p4r0jf(f#QSn0(AsZ(Kwy~Zor{_21zkKfIVzI^v4-fEdv^uQ{ zn^xH=Giy)PR&ru^j(YI0`4Of6C%f_qAN}imHfig&EH|xhaGLsMT~01eCHoM%)^7GoK@qebQO{$f2 zCi=u&&!0tW&vyBMJ>sih2RchAs{Q5i$#qTgcV=ix*zfyzWGWtz-4UZOs?KbHP5d51 z{>N+KCSVEb5A{t=3BOT$XtxrkzG_6_a$#Q@FL>s(>Hqdk zro4_WBNpLb+AnmPc&&C)u-fS-6n!5E1uTnFb-Xq4SWS@h9a;U$Xi7~>>;7XhX0*kN zZ~OLRBf~~xE?5ZNAc{0|bxq`zscpRIY_}-cjQ1U;!j-X>55Lx}Gb^5y{-O^7jicZm zmg4<`z@5Fl21lka%xc%eK`S@wZL8d!@Wi1!TOYGY-+9^lY%c^0&z!a5p>?&oyfHE7|fUHB?UbzN-u*C_E~ADOjg^dX)j=!tMkHe#e?4*Qt^K? z2F5(QxhKy?N2i|8Z0>hCNk*va5#>inxMUn_9{+4wt0n#QJPE$Z+sNfP^zO#5<#T(g z8(BM;_pb)u5JFkut-n-3E7_Q)EU_w5+5g}=KA|25>*3H|q1=mj?$tAh&hpf!SBN(f z*>b4FpYID3Gjv{hA>-EQUQgI&+zAU#5PxDWgsg4qmJ^S?qKET(7ZxiZSd!tip9(JlVV_ z7uRSUdj&sk*!Gn@ncMjxN8OCpY?WtNjcVcR!LWt%J>qf8sx5JDIA7Nps@CxLU`#IR zDO{r*vu<8>)_D|4{CZumH#K1H8yivYuQ%Vqh5EP&A~vm-G@QQNMN>H_Kod`X66)rY zt5Ch6tLn6@|EYWEW-Pu@P8a*@2OS&7oT}=dOQn7B<02cbEyNFE=Nl8Uu${G6=;vF% z`8xSVY^EiIzQ6ki)zPuO!Pr1jGLhG~^fM83F3)-7D|4=y6)W#QxudV&R&x`! zqyOE!(Ny<`Bd#$|TzJ6w&K`@!e({Gca9ITf?eP)YgWl@%t3LVp?3qOy$AJk#xt4W; z@TcPtOVy}oKgh0HT-kf)Gn-LuFZJ|1m<|}9FkOK5(uQE#uer0aVFVZ#b#?SKme|B{ z^*hxRMMKy5;&sfv<9#o6D7D}sL5?n>@UzH3NUAHSIPTU4L*vcY1z}6*?>=0?`31^T zt{1Z9Uj~!jsSRf%i*yIu(8|Kly23-^j}!fRapE3pTL0VZU&LQ=*$DgLT5E-z zxZVc4#$iv&MD9o$c#2V{Wxr@f;+=zAQ+TI%9fRb-4ZAB41k9qSYE`zEtM}hR<>1z& zW`iyMn(dcS_x}uKADZ5ME+jc>Y;5)%EUDw(YYgWL6qQ$!K4IZpzo=U;l^=Dt-KXUK z^*S1vNO@$RY1-e-Q@@WFJDz;CfF?|F>P61e$-X%c-64&fSi$&5y1Oq@6*5=UikT98 z7hg*;Nj%2W!(hhLDPU&APw%R`6F^oOZ`*cb_N|w%QynpdT!eH3WX#QTM_qV ze#nD?&`PeD!e2EC<&kKQ5^!&flh4T=gR~8+1alxX+@an82j`Jm!9_nl^ADJ)EbXoQ z`)`!N3|RErVs*UCzS2HqARckKGm*{p!pFf%GgYeM-pEFD>~&VQvx{rV8g@96O&`Bw zuX}79fJM{2UZld@%+37Kk$+lpUyQ!X5~pEx<)WYZS`^8u$~*5;ny!-o}aO}>c03C6ojXv zr>6m$G#A>wc?3m<`Iw&PV#A|Mi&B_^pw=pTG$Gk=Zwn!a?BY&VF#HX9rTPpyBv*9cY%mJOye8N? zo%FXhw|@zz#GGV!gq4CFS}UdF;7q}%+F{?{-{0J-l;VUf#igXIJiYn$_fW|Cx5-;a zn?wC%zu!K-$Cmc2^bi&C=qhTGw61^Tn#%s8xG*-#sokKC*{rkr-$ZR|^-tM>2ln@a zba)Eni+0xM6UQ?7p@yjrh>p6TUyo<-5pT|HDX@ zyVmIp{4}DK5%*eajmSsv?Do?Jk{lIdB#t50l~%ny=uBAQh$||f)Bf;H{7jdMvU^f1 zZnu*pQG67w>xJk1Nf!J25!o3QsPtY9Vs6})Lu#xKFMi%@y=6omck#nKB(F~!Qd8BMh=#D*Rr&Ytd6l@V z(Zy?5;)ceo6llx1kKuzo-lS+Jv(Bvibj$w2HK4$&iFmoga> zW`_DkY~nxmGcP|&LcMh`BR-zA49gFkL0N{!i)jO6;}1`pr$TRgeD) zXws%jh$sn97<}j1Wn4p3lFlD^ezpuL|IVUeKYG8=i>5=}R=*tH6SH5rJH)GDE=pq$ z@kGU3<^ml3(6MA;B;DVScn!x!Y=MuA6U+}pW?II%Drr$U&f(W-9!Pv=pq^H%|HP~v zDIcKLy{OrH{%$yg=~od)$*ZtO6~7HHK;DA!QEC9CW&b@)J6K(@O7evVc_F{KV9r*G z`$RQ?zTmJ|!No#SqjPiJ@=WZ>IH%X?OWJ7SjjStE-oH8eivvt2H@$obwce_IY-MGf7{?yy6=48Q|pIl)!O&+l&-pWTw&QSP|3LX zicH~#fsNS)ovQb=|FvrzV&kv#HxBi@tE8LE6tt00dfwK(G22c8$BxN>5cSf1{z^8p zjL~H7Yhr)#1YOc+k=Vjw*c@UI8pC?(LRSJj3atuDNXarc_ZeF@Dw-2lK3y&pT^w9( zoPfs^q`EdMi4brDYWIxodw(oHZuz+X&ebI=#Xn(hwuu`|EY{T5X1ivG*+^sXT1P>8 zGAwkYb6PrJGyqt0mjM_%-&(CEz?ivAOb>SLt=z>o0$lg&^F4$wQ$1nHw{R@e2K=RSx-n+te^v)|B)c;{^i) z@&yG2Q{Hh8a!lTeHaGp84TP=55+a3NmC?MOC|SwC;LLa6ZgD%BLGor{99LA zytISoUOaTVp`fDTN5&(!&Wu+7>NF&)U00#RE1j}6!f^jegzFlap}=avxkE31C^4yW z;p>ZrX(wIT{0ULCi@dJkC+GLLJ#9LL-e^yMJFcEP8}aBA-04bnt-bJ`<}mD`{s$5v ztteI7LjA6r&kHlx18Bt3Q7OIlC#-NnKS#1eFH0J^J$#pBislvmExqjxlpM(>h;LpPLli{${(VQ)BOMoVt>>P!3q@&nRpIuCthFOZ?*pBb>{FPoGB%=q)@* z$TcB;LJSc~3wOW4D<4-(_JGR~AF9utBPVnJzzb9!R9)0&BShS1(~xJ1NO7h%qOt(ER+|eKs}$ z1tVD+XB~f|zk9s zT0#j06%dsUC8Rq3x{5rHW|w{bbk0aNm_cM4AM(v@^<=xOW6sdU zI4$kBn|C6NdFk||W^0#n>8r{o>E4oMdZ*l>Jx8zL@%{t(=$09?M~53aBeT^PG9~h6 zsG;ig{<3}8LVu5jYAvhIb|FB!-8fpRbKYQYUhqUR9c;JrSm^S;_ zj;qb0?o0x6qDfuz%Iq8|QoV=1NOmv@j1@24C}CAeJqjDdI!fi{6ASjwywL*z){aU{ zKV)Aq*uK?McZF1&>BDAhJpGDQrM6zYcHP%=Nl6!@us`98HKH$j?##43v?^+Uo&!I_ zYmObZO@9ZOLhLp+EJ?=o*y;mh0c<|XLZ@|3iv-oyA1bNb&)qWu`jq&(QuzjZZLsQP zj)6kxz=untTBZg|L97xWXfo^Z+3bfm36Z`l#TZ8-I1X#4ZTeZS+<*1yocgo~ z&5qBAsYM*-x+Ozl++a%47P=hwM4OhAg1c%Lc&z#?ztY$h`N1x{3gOB zYCRk|ikf0IpJ?4_m@O0=U9BQ3?2vEo%`q6V(3YZwyWf_KCTdS=Iand){q^QL(3Wg< zZqnnz4|^qVhUlO!!+u^uT2m?%(($V;yi3O481du#t}B&;diZ^zBG1%~>9DoeW)7w! zFBW-=Te;18P1ypB*Dj?yN73CUYc&#F& zH#J(2RV&i(aH&=Oh=GgSsTVP4{LX7~G{0!hg-T_1K*b;GklZhyo1;E(<;hQP@H{MM zpz(<-;1{Bm4rKTMg@}TNMgVw2pFdpWn9el{pcA+iYOM}7gh?M-GOWM=jzILH>HR!< zs5MJVtFLg4Nk*LVM{WMzBSAU=jXvgSPWicWszdp86sbXOgrTg=Q)xZDL=xedj=D@t zU<5s@G9wWj%Oefe$AKYM30vEXUSu?n%Lat8TM-bQKHxR^ASWwLP>G)5VO1*Tfo)~y zx)xm1+qa%)&h_7WMFUpX2&A?>Y3kODSHzgv+7^(YJ*t&IH8xg(6J&NS+h?9M9xufR zP#ReNR;<3ugV)E)!5YI-A6-UXGHk*BWl8grBTeY;+Z29(upk@e_O(V$K;YhGaHBx6 z3NdAK)<3&8i%rOv&~4_sc(J$KSgAJ%j@C%KL35~2tDxt`d#(gmKlGr+*@i|X^YF(Y z*I4Q|9Ko*N{OTJ9A{-5nMEyt}o~!*+PS za?fRZRCG51t(=V6!KLf@z?i4sQXP$rvMxe_Y5e_HTTp7c=GOGNEqH(vOuXyaM-c6K zCExbjBCU(KWZ_62vQ~?Z^tMyL?m6?A#b>ga0@R>^6|K?IqOj#{Qbnb34_wQ}A(Dj; z+(p|0HtBTBe7F^i2h1g<3p(z=&Nloi4<}QjCGtQ!ECb(Vk294js_3B$i&J;U#>ehk zu61k_4Q*#dl7*n@3#keT-{2iM2gPH2mEe}+1mA(752ootKc5fgec$4QPbK0axober%}M24E9|*o zC(@(G{q7)z!i1kyQf$lQX$!LjBe7)_qQu$Nrs>&6%BZvV##Og1RydZd+j*VrJ|1dB zjDgN?@By%Z-urF+V#~{$l@<3w6q;D|e<{cvy@~PF&ZmcWvQ{v zX}m@^+gC1IN$~U1+caX~6N|X$NS2nC*7@Q0ixEX5sni-ERJ)T;W`6p`)1Ke2vD&Ys zgys0X5i)OfNoVJ}L3&$fO77EYc1R0)y*43H?lHCCOg;VzO8eF;G>Av~1RL zOR4naFF#BCO{%f$)v<|=B(6U8jYD*H#}$<XZy~rTk#mLwhDvP1ubXu$Awt=Ez`mq z;wv{|cWz^dI|~IX-g8R1>AZ1H(Rn)0et-KI{RDIfbV7EGizOCNj8E3mw?%2+n-$xR zVLE$HH2NP96lfGzMl&{;ly^poxMAezP;vTNHDJ?G(wHsK__93kx+(cho@B9crts{+L>9)80mHUw~sqEH}Q+RPYU0bg)B&CQ$@ zD#BY-HLLS7ud&gdP?)ZsJSGnZkwsDPg1v+boXXhlc~GD#&oPSvUlfjqI!sDi+GvC;Sc{f%x#S zToVk$nkgGEC**ffR|^X6n99_h!4$ybqmuSqC#@OW{q@>Au*5*>y0Rp|1}oF5{LRrs zq^oC_&HC7nfi4}i^D0>D)X%;VRz^DJ4~-!kE%YQ3$~wUtvm!vd;Q6uP;8IadXBg1DhU z+O~XAnY6AsQnX;X;^3BQg=Px$($%x*D;J?3N>XG*%&%!h4Jq&_;S3yK5cQydjT0f= z*w+W@WWS@4Ip_A(frRaE)66%{>bf|^iH;`f2l0KzHQ z6smB1_%nRgFB+b7el=Wtbcz4r@Noc>xpRN2oA?$emIzWo=6!{r z0XajC%0?+W2L;+GwUC{^IwfP+!3#bu{;&{*`5*DD&Gw!5!0axT4%N)r=~O?i!_ktD z!kQ^*(x^jVIGlO^z1goZDqtR@Am1pQvEaACxo5uQ zLGVVS@*wHB!I|}kBjXvnj7qf0&>Dr{=FEwSKmvuOXWxd-+ z;3RGY($nj~kZy+F${B|hS;w12WGJ{F+Tb>tGc|3wJlf;f*1#zfHZ>?{!vziVS1?G2 zAK9O5p40FIB%`xTkn};(gSdKVrX)e{4x!>EB~eH?-2&Ivu^O!XAEy zpj3Hp&XvkzNW1x_jk`ps=wz-5S_&65kN0 z4T}_L6>VF6p!J#M>s`o8EnV=gsFm4!uG4Qh|EjWYA+IUU$t88`K_|I>U;+hq7IC+| zYIUH8oshdGM`1#g+6U@ZcE9$Jh3;r_s0dD6TIYOp%3lJ!x2wFbk_&Wh&)MgdQMFV7 zlENqTE{;Lbw$ZTeYB4VqU)=s{zf)uCkVIsH{_bN93!fL&Wg@FwzaXJpTD@PaQC1)u8|bo8CVtLW}^r$q-!P#f;!`eq3+OD?QC07g zG9+D?GS$AvuEFPo&_e;Ia~9$mYp_G`Hrziwk+7B#^U2xRRQPmJ>Vb=zY<7gN`&?^5 zK^qf!6gfSjzHtmi-K^8U6aXwnoSJU_b{jq_-gSw(*(~yW5VzCBQK!D}_jYMc6VgDd zsW0pWW!GOm7I2t*;#v5&j|Qwg3yw5k=x*WD7}dG0DL;vj)_&%Dla6@KuAHg`A(OB( zu>Ue6sxrZQPTG8vu=(ON9XTgWsH0Cb_8p&?M_9Ji0ZuIM@D>T84-Q!x?#|0XGcOL@ z##CrSRUvoGbZGkY+U@~BJ(gAx*#e%rf$o8Vfl`fS%_$3=%ajCl;+Po=dqYkj}y&Q?@$K|)ro+XD(aTJ`~+^Egv3EP>@lIdZ) z(w%)Hc)_06%Rn9%Y1L%U_^S}q;qXuSCl5am=Do6}a7N1XoxMLoZfH6099?tHms^jJ zZ^V0rh%X?l<9PH5p6d;mX9eSW5o$IjS+`Iqm+NQsq4F!my2y%0BP9e)pJHef>FvLO zK>P(l*)&{mtIkZ8NPyV{nRH(8yJtObO5%TTw2p zjp7|?b<4VpO&v?{8LhT5?Ugq1gYoKpIy62#J~EH3MOh5h$XbkHf!b6D93`g>Iq^jW-5>s(_M@c@`I?<>vjjaMOn`*tK|)``AHRcP1lIuhL2Y zQ!;Uv2+4t`K&Yj@igTS0=az?=c}fGPnnyvI(toJ#k5rV<+e~dPZ4bF52sHzr#@AST z1kv>JFQQ#Yq>Cq>^&!hPeT+PyHlLqTf1JXW%uByaU9gwo1QCi#giQ>Aordnub}cxn z^h9r}+~Zk$KOyec0cpTsALz=9z*H}FU=~bi)<5QdK2j%s{6oe z#SlNw=!e*PoUICV3WyuzoE%*wg{;qNk@P$B({inBTria(iCf`PwmBz`<&xd2_7eAq z1Fn_5?nQr){)g+0k_+yJMccS(;SS*0Pn~+F?^g>h(AUoqRKX!3PkuBB+mBNu zQk%7LuAZZ?Nn)E=U)I{)_x0;;-=@AWFD|Tzm+aay#?YWXJaK6!^l_L3D)iV@P^;Al zqN(v?Z194yH%Xtgtt~?)Z*XYnsUfY+CpIBrVTcY52Y}VY?C!{c5S?LI;5-yWcj+k{ z_7sms_hL_J-$8&ai!YN3Dr71lJ+}OG^nx+1VskxHH$Pwv*9>`SDatppF-8@_)R)X>Ubr=3u3=>UgF!!O!cj*e0 zZ!G3{Dcz~1!u#{l{n%Q#3z@f0G6SlgyWRWjwN*I&&FyDHe6|i%hYY7(j`_BS@E=ap zEXZ`ka$Uu%h&?K6^O_ZVieW#uM;Ja=e^{vBoymKCVK`)}?t$JPQ<6!Oh?D2!N10yF zr8yr4Fw19>pP#Bcb0$(O+`c~|(gNFYf*VKmpI}Ubri^EbC1_tAn%_ms%}E1*1r8V0 zh0>_dHp|Z36-NKbI7M6M831qDxz&$Fc>?IzrRZRXeIyiQe4j% zc}jJ2p1c_^am1M$(cp3+WtJUAT|@gz(}9Z|Kt6Rz(j#LeE-GlG@1|1bgb|aDlb1a| zM}2r`+2jY59G4%pQ#C{Xb%P(hU~QIviu|oxj~g3FO!~{tYFj9t0mY?vjS&N!N-Qw} z_fmUA7;HW{+SLJ7F9QMELJ8SZZms6s{n2eBa)Rux!~R@K{i)n?-&k$~F5#D<^L2%L zy23>`wEJ?h|B@nY`{8m{L0Osyx5 zR)QP-B#GoTzOM)SUPu_es~ufng8Li?_r^YOK)%g;%?r3$- z!*;ghh>#VHUz{`?nOPiXL#TB1;dr0}i1A#cd3-4;G)J!H5dDLPd&B!spGSlG}bY)}P-!H}8pK5vLOkCjZgOQz`PuUBbppn<7hNj|Q7-HN-KL zvC#Fn-E!ff21-UVP{Bp-+vSpR!zV?lgIT{oQvD=%q<%tD{U%rReH*2_s}GNurkOKh zDn==2xZf|95ru`9&OtT4@lyK9!ax~p32N4dEnaNRfRX*E;Rp-`M2zq@9>@=hO9>yu zQ$X`5qf|q<@z;WvZB9}bbXvI?RUX@ak-$@aSs~jl-uu!yZlD=D&LudUXr&{mT2S^O z(YYMEEZ%qtI91e(x;uE6qA{g1N@VRO+96w=E`XFFQvM1<2xWJW2{ho!FOuWdTI3SK zbdDg<4%4RA`A$oc_l-0AR-@L+NNwnD>x-nved?y#A?I%0#&W7J^SlF^9v+(Uu-MJM zuXM4?>7-s1zJv~zNYx$*T?Lw@kvPpi+cR+PyGT&BS>YN&?oC9ft~O)D+krH zS2>&0fFK|0?|VfUTa^+x0uNA0y)8H^k64H{QXyOIf|R%;bLsQViu_I&vam-3W-pK3 zP9g36=BT35svQaYIzL@t>_U%!NQgHnw|-l>WC*J1bqr3?mekY+ded4Qm+nIeH5n)2 zPWju$6*?vZ-1Cx)&@AY5cKMj~!)YXs?FSub{|4H4I1yF!_0#SeNo5>Q&)wKAXU%nI z8CJzT(-{zvA~foB3G5!M#aKe)t-e0UFP-IZOrbPkCn*v@3Iwp|JSDFA%3n6YLX?D z1rSYEt~kf_r?YJI*h^uliw_;py4(QYT2XNGte*s6?CO6G@{S6$o zVB-BR;Hby?R$Mi+*tLHGM={F0>(hdXL^Nk?BEwU-&^^y3#i3 z#D7URgL5|Jf6PWDov=cRXc7%hMOROtr5%L*Yon=!`b8ALLyBAIO|~87eg?8XkE=b& z&Z%uWr1suniKNDzPjfEb+#^f)y5WenPE80*K#2a$o0rT30zKA>3Af(zGP}IZCyzOe zORYv*;Q@~wgq7n$wfPXu=dCcl73tD@5C@M(3J z7?q>UoTE2GiM7f=Zc$K(5e5l0v<5}MNP1S~^SK~;A%Yls!7pJMH)c3o9n`|kntZT6 zj}jv&1%N*`{WWfbu_OSDl4h%jDcC`rI<&`MPcug+suOl^D$Um%9 zc$tT{F~7PntKz0fI?Lazt8tM6M$jU_XOAIaeo?KI+VI^r)7f6v+ND7h zB%p|>pLguCz!~*pT-wLqg&tp+r+=;(cz!5khQ0WJJJ)9$@@M$hh$hTN5%>d?CB*53 zzlE&p^IfjepnzFLW!e?xwCy6!gl)^wKD*oR&U{n*@zH zbI(orT-Os*+he45!Y=>`SuvQNd9DE6l8}=tF>n5^(U!l+{!Z)8orObGqgTtXGMK?J zq30K|%@Z~YSY8t}orivrv4pcJ;8!ch7N2Rw23a(P?azisk`h;*v$_^%qwZ05+Zg}( z!gbzad9{rbj|8MX?NI97E7+l)-!-bc3cdzffLUFt&UE&qGHCLMP!I^er9 zX2RfE6+7}Jpo)Z|`0Ti7$qlVi@BfA1NO!L0gwm_X>%!yXf`I+2#1j(}1}TQU%$ z$VSDlHjrM2`qdG}FgG~IvA(b%2xbzhs94vb+5HNW47u0GQah4!0JCbq64JI7NcpkN z6ck=`Q!Hwkc1c~Rgf3S_g;?Qse$55$kZ@k}yV$kLf_Zfh)B!)3~^}+N995wARM~`}QLfle`1`56G zv^sqU3@dj4uW~aITUb9tmpg`p`pmPr=LXqJ{uwLqa%Y;s(8GGfn8~$~_kX}EN!XmG z7~_+bU8f}w!KT3@leO99*xp*?o^6BsttdmsdyZl3f@5AM^9~>Gj=&KMCx|)%|nQ-hUsDeF=o-WAB%+;a~SI9X3EeFi~-=GRK?S(&H zMiIQzjNm$`qj^CoRnT~ zlV(iyyH3lqh=aW-@W-3+8>yAHg~Shj|FzQ8XWk{5lX9 zingn-O2~SIm4^FYdcTr(@s-oMrliFEPZrtF4|4wOC7n(99H(d;t+QsPVRFbP>U9t@ z01mTbao_fwQ!}j^etE-e2;nJ$WKkf*y@;*c7U$*%UMF54RtaQop5TKnabtE_!FM?YABQ zluZ#k1qHSoDzgM&$uY#lUCHm-73L0N(?Kp*Cq$4v)G+MtV1lKlV-Njt*HS1X12c$F zJYMe9$c5~9uQyx$4*Copt-dYll_^Z9HcLjLimu}@n6?{!g=W&f&ki%LKW(*$WCe}H zD<1$%987uyo>iPk*BF=v@$sK800ZBdj6%T`!6wDV2sNal5)MhfN~xVjYmaXg$=7Y@ z$@k6UI&CT3YS+xXZi<;KFxrBnL$AhIB;dW;bOJm`>)BNx`p=y|f5q(l5mUyyckeRu z$%(omtWM#*d=Ay=Ev2EzSW~{&JKbvqp=hi&<}Or{!_X~x&3R2TuJThCh}$!Ax^$J` zMts#>Q7;BVls{=QFzD@f^B#B%LrKGrtX%X{ zKL<2MNN=9N+63+z4_6;Qo!g=u0~jcC(H_RkvxKNz$&@Dk>rixEXLzN ze;|j>VotBZM*#!wxF}7~rTfM~os(BZYZc}gE}w#Sp_yYbF((JXZa%F-vZaBT?$jn9ScrO=$?YY!gn*P%pxKTH8Ofoq4K^x9lHL6kqhX)k7UOd54coJL@fv4Aat%^bLu3Uq z`v5ClJLjY}kbYQWvtM_z6h)O;GKn=>WUyvh5r*F%PqfoiqIj8^^B_P11n4KBn=;4^ zalWM*%VG+l6Qq#IktSy=76u^(W(L94-#$!l)aUTlltYV<09O!m=~df?9F?SMPh~s zZsbLn0Qh_eoy2V+u*E^o0?vTQEeB!l3>%gl*q?{e!o!%%nh`OC29pCqr#n-F5KId& zT;#!&5FrJ(a`-k?I6?)+?AFLBC@CeYnI*X*KMPckOUg$#jF?ntl;Ruo~c$hoMO*<`^@y$y3&&UBplIH7P>AI*>Wh z#xW;=6+|7p7a*C1Ltao+aEUlTYeABu?u)7ps0atuF|fWV-AsaW|LTVysWueXxFl~5s_6Cl=7 zLnRUCJY-~7CRRrjAym2*sO5zWobAM}C2#HqNc8q|ulV*nd9)xue~7#=$^t{#w-0w! zBV~?Yh87lm3^D8kwsTKMQ#F#<9;DDK_OE{UKY(_k{~fe5SA9_R@2Q=O*Z)1WGvGsA z*ALykb?j)$nqS+iLzkUJ(iYCk@1?#ki8qxqJ>NPJNzta+xubKXIj(w~f|DWM`=%tQ zP&k+i9ee$@1gVLnkwBX%cD+^3OMkJ{svxTl%TVq?z3Y~eYxzKWo|IL zbrmv5;BJ2Uv<2+;?<14!+>c7IW}PKwc`+>;(b9r04^BuwY==1Ks!lZeTZ# z4OY5o7cUlDr(>w$;Rj<@DxkZ7!*`sW_io-PAX78u%`>1s>p02V1ldF>=LylU`V{*< zLw?b9M#7Cit?qZMPAhHFpn11mdQj*(-4YYFM?SR45JUwNVCXTMbwe{laag)1PMzA+ z6XJ;vJvZ<3JlZJIJ@=bo5BIr(hC_v&!T)t)r*s(4kMB>4wff`2`eXtF+f^@au+#I1_%Ln4a)0p6KpIKdLgtJBmp zfY|lbkUW$!w4OUKz)6QYi+|jt z%3dhuJN^gEQRrlGtUD#3BPSZMKK<`bBOs8`&?XHC{q+}~i6h})Ke(O0noE@V?{kUn zUmq|v|EIx3BJgd)2a39Dt*s){k*->;qy6X3KhqMMBxcH@@UU>1OFtx4i6I7pg#`7pz1(tf!R7w zrJF*J+pj}m#NaO8eZi77AG4|{?1A{FSx`{VtJA-^Vx80xx}axR)dJ4CY;5 zm&%#T)O1zJ%#A4R{x&&sk~Rms$N1o8KvwS_E*3 zTM!uo{~3&eN944+EdZu2?iPdF$hOxqx>9Otv=HMbKU)6O{JIGI>2l~Uo*OvoOG9@c z0>r?&X9PTDiazrTtaje>TMq%*$Sf${sqjeq$=_@{{>tAVa0UE#&I|eFbpuw7Z?1%qe$osV6f3_2zd9(R2!bmVi!h|&RUqEGgRga-o`O3aE){l3Q1SH>^A>the8 z$l1ufnW{5c4{3((TInT)`+8Ide6q<=PKig$!4z@04{ zXNO($$~O85kbl7>oZvGj@emTBqX@Vx$QegLa|~$R~ku|Nj}6^T9vVy3Q6; z3hJgnkynku_3HN%Iw_-!WZW_4aZe(yG&Qs6drrINjqaJ9*yoP0c zqFoi`0r<4I1UTRm{NxT|xaJ@h;o0lgthgQ$Uc7!|HG(`jY*>wNb4^mIi`rygOCK!Bxp8= zWScim5&_;sf;(n*`j>VcTb=JtL@#cdl~J-EOoPcjQJO{kXE07knf)g0T&t&20xX;X zQ`UW){#*rywgsgDEJ#NpD*@#t&sbZ%UML+!Z!4c|i53mNI985DA>z4Zd}n&MZI&8= zFM$5{eFI-4cE4x2r@xphCbiXWm2&{uo7>K-7SW0STgry^Vnax4_rMbvQlNPau|U+Y zpm2gtQFF?NinFb%cXBxvl|!aj&2kIauaIe$Ae}Xtz24(&Bnq(PvyIsbx4yZ2|Gox475(-Hpwe06!XHx?Jw!8PC8<&O`@RmrSm@_0_(;_5!rjS`KAaYSV)k zopumnx4Ky$k5+M7Aa%!y$9kLXR6_{?Ev{-@Keym|zO_NDjziw%Ro84z$1J4v(F)Ck z2Dcmku0Op{t&OjI97J0punLIRjm`L4+1|W|RiTyJTo3wsp5mKr?#T@!c@UgY;)WMc9gO@q~1xE5)T4 zcsKGF!CyeqVF3s8M{id3DNM~XKW^Ul5)}|6d!do~A>72p*m<@3im>2tCT>~E3Kaut zd0JMFgpW%bS0ABYFM!7o{IWoP{aCz3enDY%$LDIsN@1TL5ipFEXS|a?cyt%G(saGI z|DuV@a5)PnVHi;F9w)wb@P7`1*FIfg5A5`mS%}AiP{^h^i)>}J3*V~G!bltpwCtw1 zTWQDsu1iyRB9Go5nL(+d{>JzX5V(;uu33Un4!Lk-tnK|3-D!%%{j@=qNMry$3D5rb zi2n?g+}H$!UO_OP^4yh>i)CR2yj=~D;o%Lf*>u{Hw>J#cAEeEqI0Ux^#1ND$btvx0!4(Aw+JRS+xZZRAo9%E&Jwb;}5m-FA5e zSHy__S8YM`rDEGiIhZ5ydW!=P&-E{2E>$g5reD zz$DHAxR6(0dr3;(<{?3h5FtfDPtV4UzN4hXA|OBm2^274Ct;?UIkl?-`NVXmYrIHb z=v-&xkhSMC-QOziL69nE|8&mNv$yyj3o^LFy}!F_O13NF&h7jwVR4*re$6aI2VFK+ zJ1?wB9!)K{ufZ$%i4*H}hW$Z3I%zAXo%kXVhkDX1r`~u!Kpz%ESLEJ-?_QQOoW@~n z50K2aaxAED`c@U0mx6;Y+0_$s>DYk&2BXi3Y8(e06dQVz@A(FDmuYtN{nBGd;H>)7 zdJ(CWY1xH;SJxC(TXT)TEXAu=J`9ZSqMk{|G|VMjGTCIDM1#+gLCW57l9aK{lf;0K;z~qcMCC~t)kcSBSZ*V zby@SsqKV8Eows_|=z~7KV)B}hEQUFkh4P2B*|*bxq|9`TfM+D$z?a>p$HQSbfqTG9 z#eI$Q$i36t>Fq-xTfKs8ln|!!b;))(571^z#Q|v=}jk@EiRL-;oyw)A=%oY}Jfh zRs#T8Nx%T~CU=cf;{b7xm(qkJ0w-g4+X2F?G_KXZe=qS+ShH^z9zXAzYxR%JQu-^j zMt{tFQ^CPj5L1)LP}Iyk7#7iYJ@V^~t(3I1%XjV^{SgF?&xaKS$#R5m9-&&@^qX7U zFwPLmfn-)4ib0_F0@a<`6q@^Fn~o~sQv#O{Vlq-T)CpSP=t(J!fXO81rBA27gD;R; z!e6#v&cui?G2hvk*`X|6y%Z?LGUk`j#{2JwZG0Qsu5cjPb*W)zY5#7rORKjQ0XOb>{a%w~S$$ z7;^LoNLCJ>+&eUG@@({~e_nd#8p)%}DTQ4-6ncgQedU{=^_+Piql~%Zi;|g(nrqD` zML{U6Els+Fn@-~!;gU+`GpzczqP6x{TZETmc0t09^JZiC%B>aL@P4Bb(l)O`tg^U%JQBKgZrarzS!EYq(E5AT@UZ4U+f7KIM5 z$Z1(g$n-&G7eJ2;0$CEqj(?ZACpFK@JZX-&s2Ccr4x}NndzXcZFwtj~+p$<95kg$t z+%}0)k`Q`3^5td>tc{It9IiMUg<(LDAbhxqD`-DRG<>Cr zsjBO@1`K*B@_e)!4vMRn4Z1RLv~fc_SbLRGAiKks&Sh|O_QgXjAZlHlIbljxLtg9J zwf*%C4Z&~~2!qq0Wu}|$Q4RJwV};K5`m_p0xTotqy`IA>;H;oPC&qZWf-%Y((+-op zvW?GvOBcat8L{Ah%;1W4gb1!5(LmI)e@?nI2h@01ib3m{X_ESA{;=n0WW=%A!GiO% zb$xjcx{^qIX`LhpZ0EQVNU$(1G0nA%B<*mkB~4b8`q7HKe}qg|MHKA}nO}y93LI`B zLQKV`U`|HhFIj-`rLO?sgT@B|VYz&+6KEx}OT$KsB_A1b{q|smev9Y3n|5=H+@?S% zw871tNbPZ1sXc_cXF4fnmJXjoCNwTd)J6bBZYEqpi%2m)cOVcC;gwdoD?Y~ho~ZHxHuWv+TVIP#Fg)}TejDVIJaZi8MEJ-H+E{K zd^+tG%qAT>FZ*Tp6iEK?M8(Hyt+HEk26p;=87Xvz0OX-Lrlgl-qfV(Zf5N80m^kJMG@vjOW`^c5gTW0b;*|?A zFdbEBEEUUn^2w$XiS2gHz0T0hZ0W8+hUJ#VhP_`)k8>gRl?t7Lky3il>fBz-HfVh@-bNZWxUAOf?wuNVqMtv9TL zigT~^t(|`ORLloIs)lvsAHg~%ItHD=NsEAgUY$Km_`wGU^Q5=tux{pGANn_uJ^`aY zig7|vfa(ju7CYj&Hm{({j4nzEw=T^!TPL?rr*dtKxJ2k^x6qy?{?nbep_)wVsX*7e z02NqWvRL5e{$S*wsfNh5mzI1m!okvSt+3%2+TbC6!7vds+8SbX4)X2vY|PJ%3A@&G z-WeYjgW>ZU$FJ9WW3GU#kE1o*)l`hB?VQ{7FYVf`?D1WSgr36u?BdyHzc4LbiMY>y z&DdF+VS^o_+A~NicxV}B@ZwuuB_qJszQOCZ=@kN78R(Dsf10urnlo-!@&e&Z%C{Ia z_kkUXT;j`dZ5Bk&fl5nn(SzfljP7*1NaxZEK0lqOF4uqXEiV&K3H2jwHIykDf>%jV zo4s=>Pzh*Uhj;4OXU8&LjQs<`R9l`u(re-!FDsR=b=_G@XW>q>Jt^9aFf2A(7ZSo4 ze&o$4NdFoL#C&+(t2Ds(H#}gT;Fmy<|HlGr(*7pEsdUBo;P1o_K0^GcU> z`+lFTBy3G41VPXV>9GyB`3Sl{(45KWze`(T-W;DTnr80k6uTI@d*UZ6^ZW1rzsjKb zMaKN|AMnp0wEt#c&3_$D8DyIe-6i4?H5TmhtcQXpeTIXh z4u&RHQ?qSu3)w78(sama=*qP8MmlOJL6(g8>=&obidAkTz@%w!LDu%ATJ0a!DD$)p zJOU8HHax};HN>3WYsqhJ?x%o+tRJxp$gvom$qQGJ#283g0|0;ZEUF5w7b3Y#J!yo2(v1ACfk#g_TP6=5jla@@91LoOj9`48L`Fuad4`duJHr~UN6$G7n!5Cb+9>EVGc-QykEY2`LU^^MGH9>z?6EYMS-(!0mWm@#5;(uIb=a{xGjna37<#7pcf7b>J_1F z$76r2O9)MblK!_Opf6krj7vfoXL1hrQX|GPQg-YT%#tu~k=BAQ-Og62h==xp8Gye+ zr*LUcqk94n2nw7MWTY7c@EdTn$DPB1)xq5!hh*n zC_sy8!rJTO5B=0RMIxY5)KZA-F&id?{d$Flnurr&Si-Q7x zb6|S&9S%duKS8z8-rI{zbbfgRhVEsUhr|k2Bgw{)3E04kKod|5PgC)% zK@Lm_a-povWyd)zi>~>}=HmVsHJM)PqFtaP=C%=Y+(E z!~Tk@IL--9H*`54d7&)Z2Y-fayH9$Tf8;aL30oWl$#HRGl-Oo#rCLkWt;ZkA>uG5UP3vRg#NF;GdR*!_ZJiKyQ{@FIHK|Bvv9yXs$qN1`8o zw$wlkA~~!ZnsyvoaY?PXhkp_EZGq>g8KI}*&QvQtp7BTFY#>! z;ptTso&p)fWGI>1c;6fvWOgdOZbIGNYL1TVLb|el1_{|b^tJm{z8}e_IwRT51XFAv zAAle23*$G`#l=LjAx4Ez+kb!Zg;JZz8X>K=VLBWKjb$Jng++e6Ef}W$5^YQp&2Vj~Y ze(YH$W9RPep~_$)HAgRzuMzSK^z|RswK4mPOoQ1j$Pan;n`KuhXr-@}49nM({2)L0 z{)YV6_KEweaV;w0|0((LXL&8^h(iZ(Asj+*H|D@KQ!P5Bnc=hO9kNcsxL2lfuRY>K z90Lp{{N%Hgw$yjZY^a@*QtKpMcPOj}kqYn;M#jA7_hS$|iijsBqc;`)3GIP`gLC=+ zl=qnavJ7b5h*in3Q&p-%SAcUHfrcj+bS}l}>>AH*1BNwBEJEy!ju|-MGXtQeL6QWp|%0%|KFK<(TLYp{BZxb$E- zTEZzs5K8xsTzW_f33P$vU1-FSurp*<#hBcUHNAUQkN^hSY^w#)#PN;+t|3R?e|Nw7 zS+DZJ5l8??K`4s?5+YMc(e`yR{KBn5clL)AN_c0#qaV4MHX8rMyq0C+wAQD{`E&D9 zos=TJ$acEb-GXG1i{p|(LpH-+;Ww8ePBBtQ50wlO@(Tl9Ud|6dPH;X9RSS|k!g(A1 z%0W2HNvrB8isz0?3N0VRs#JqEZl=QV-~fou1Z-JU|2K}K3a^5$A4yVx%%I-M7-6WE z#_LB(h8*xwFwxX7cl%p&5M)pl5AHGEd&$Ui?6iI}6E~vnAq))|b?d}joq;%WIYbwO zs*WFy;-~DNd&Chf4*UkX2MJ(6fSE(DVf~V*7RuVIcjcTG;Q(qnFio~TV~1mt;_T&wbCo&Y%viZvMWRVa~& z!DGsZ+IGd8B)D3N`QUXtul>jx&2=%{V~l9LZ-i1pV(VFh(b^n$U^Em^4~SKWHAx2T z8!HGCFks$Qit&ri>8lWe}Y7V#DEMgHd^8_`Q<#j6MR7tm}OB48nK_z4yEh*&c9K zLj!UA_nWeGP-AMnrZ6H$N6okL}_Lmg<*@v*0YMzJ=*xPL|FGMd2;7d6%1-^e2)Xul)~>nVQN? zFwD>>B@23!?ETX6#!Fba>6*&;MVJgnMmRZ2Z`c=@E9rxMbDd(;rlN8&BJ^OQFYUm2 z7fAdm=zuw9bAsDbLwip?^z}vD#jNjuD2e!%@V|EIi`ko-Yf}^wNVYBl^${LUgC6E% zQ<%Q^+Qdl8w6^YKtX5?O0$wABwbY2k!g6E%9?jiHdsm(gt0D1eK4{E zKTTvIl+l3vh~}Od3sY*QzUONVEtSL=QsG%ewEF`C`c0c zv|#g(a8_+F(H2VG*mB0Kiu2Gt``Ch+R$U_ zouN?YL!t+zMniCO9cLCKgY>VNO{pfXlfRuirN1v9@>d`O&`tWVKlPc0*w9DpM&UaY zHSMn1Bi|-~G5}byEkVhqcWdVNIa;l%Svys!I)w&!5$n!r1|(AKWf3QH^EHaHw6WHZ zo+Eup`H-QD98yp@OrO_jd4HVl01sKgVCAUntOVt4or(;Ir3h?@t(gOI|U(+*b)QZz#2Z+*P}(6XWaXhg3deP*kYX) zG`cQbbx?fL7XAOR_ts%qw(GhtjY$QZy$W9I<%n*{ zTUWF@+u%|u^43g7cDJ^;)gMFuH@&7v(G?6S6ym^%1y(2|y^2+wNpZ+v#DL3FadB}E zHuC01P*ZUqn5%ck=EYFvR|SwC)b?k4+EgKR3kVMOM3UaE2}ZD^NNifafYBHGc~MEV zgl=F@hst8b-GvY|StP(52)Ps4&IKecF4Od%ntfW`ziM9&N#1!>`EQS67|`5tX$scq z!b<~Hp^gaQ3M<=_qEFmzyTbKCu7@uO8bpI8w!Mrl`B33_toQj7FCGD=p@**7DHU2| z#(G5qs`^k9pVkxyL5%|i*5;yq%$10emyXT)e)?@G-IRg}lz|b$fbAT}H-KNDwHzr- zQ($PaPu)QXsm$y_*`u|(Z*cI8fEG#)zD5>Eqfi(jlaz;!Qwq*9f)ZD$6~eP1+JZKT zR@L=)NO@f6`mg&c&hmlwJmP^KUBVJ7H4Z99isdX1lbwpbYkbIfWmJK$2_e}zPCas% zd(zMNcwKS)B{IGNRjW$0I6B25ltYX1{UVUrKu$(j_DLAs?!{oRT3I1fZV<_)6Y@rw zhz%JB8M3FpNgB@S6~aUD2}?opUc^!wgH@0vQ>Wk~Zrov62%o=vO)(q^stc)WXJXnc z>G{aam#VkK&F}y|SN}_@GB}FtSlPlmVXI*#1bz-#IK#;%qSJ?*L^K?@$4{s?amp zx$X6eB%*)4Cqv^RW(o}JW~fy%q>RhH08L5Ymaqt3aizg;cJCGlnSt&siOM{p)Y`NL zS^o>j_d!|MQ$6Wxuq^&5@(bYMMIejct%o%9{|}f@q32SPy!hJPk4$~I>@1&kR$huZ zN9VE=PYn`3ssmzAlt_6k50IlnMW5wiEyz`#(+Yhoi7=s$2aacGw6yO=xpxBu(OT;U z<~28&Sl5C?rg_dBQH}F*M{Hjaot4)&{zhko#|`#G2sA2Q8>@omSi(!0eM~*&60d>& z5l)S-i(sUIWKpq!bOiN(8Bsy;4ir>2X4)c%(*+G zKwZiP_oF0#i@}y5ca@GC8^an%v1IP3Ozx z%Cg=E%iOT7Db4s6ocD=15sB{wUxVSnBnIn&6|*P9$D-ce*lL;IjT>Fj8`nEQMPafV zv3msg(nIfh+JV6{4agpj=ln}}gqQ1ZMhxlgNw-&pfu1n5-qCXh4PF>>^*%7r*RSG| zj#yl9TvT zR7Lfl14=4y791vTSrtAQ->3vax(Kv=9)fD7UTQfU2Fy>Ih+#aynZ2Nw#w#o`)2I!I z#LK9H!Czn)gY^}3^|V|h!3GQTQMUHQEeNNg{j=&nacsCW z?dAiU0cgsu`%5f^Wp+R~`21?Gl};PB#a?`Fs5V5W5PUykC=EaqP+v{_-gAwYzf-A@RHkLf)h!kGogMcxVGq!b8PXGB_a%?|7WYdpcja68`~Rw+)TJ-~ZGKXf z{~dl(WS4KJ8%mquynVZz_0apqphSdQ{q0AO;)jdq-IK8N-D~2Qt1q?YgV;h>P*sa+ zD0WEG=~Y3ZS|)+9HkU0t5NLoPyy@-xN2UEMKM(QgbY`{GXcUN~{Cp>e=zopnzV$bI zHasjQEX=%h3>*=!3ioC1+ul42dS*}^>T%ltH$9~)g#WpxR3X*TveG}ZlDh8lAFQO> z|CyDPjtp2y1^g>3DM%{+iIbE}$lKCi2DMvXhmj8X;{g!+HAr1eR&cq{+~=B{LFt&Dj;fY z;0h7SV{`#%?0B}c?#4F^x_k|PD~uBA#(L-*9As=n7k}z8^oPode%(M+=OGCM@ywZqJe1lWFT{83z7C?1c8*#Wg&<_O2Yq&KuYu0f6yzUC(U0+#XQhk zHB|rm3@t&Lh`04=SUk$MiYIYr=TNe!vg0NUD4A3H|7&%G1vC>q7^&s0dcdvPBh?{F=_IWBC9QfLX zuUH51T{{U*3J~g8HpPg$VHt`1Y2YHPebVq6Akz#qTYbhjA_4+0|Di1ud(GQ78lc*@ z?izSqR2R60Q=!n0sUn-~ruaATlx)dBb*?Y&R;4$H96H&>sfdRtkYW<>-iwHDRk(-m zLC=|dJfu1^!O8|D!E5vzkL`Rc6#@9PdfBr$Y1|L!*Xc@Wz(FC+2S}2e2_Rt)$c?VI zHR99g0~qAu?!{;ii66P9_6H&ZsE{rTG#%C^C= zP4_Q$m3SzB-qWY(54dP?s7Nv2`MD#swmZp(Z3)yT7baz=_~*?E$&ZeFMStG>|D|7^w%JE(uwH6N z@3YK$vca}X`NtBJuyy-eGq8@KW{wR7e06Ru4eGCbygsA-8u4uNX0TnrXsxSJ&&q*- z#?U3udPEFWVA$BrNSXE#?G~f36QhPk%ilw2@dEN-Fb?vBV&J>B_Q9dwzk?lms|f22 z(QusYR|&+91va1S7iawesRJE|7j^UUF(q@&vrR1(E?maLtP*tI9G1+8K1*5rDR?bw zm!?0JY(E2Iq``AzD-CB3VU#R_7~@S_rvBo+hHDM{78%Ft^#xxUUz~`UT%4owWjB8c zc^DRIXTGf?yZ`ev7B$va(Uq3I$V60omdRU`}h%C-JWv#09@04@T2bor*c_{qG! z;w$^8yBg!cN5zr&H4qt@;CT-GT9_jKZO;UIhk`zUA-nDxjgfzfwoFJJ$N%Pc$vUG_ zqmQNJ)n-^`)qs*ebfmytByrp7Wlk^6O)%bDLupEaYsvIC4NXLCZVaC<@+H$bTRup~vjltHvb20O@)Ld~C zEjp@Tg3$fbU~_N9cv|t4m~xB<>QG#l|NNEN!x^QQ5J?g2ci(LY6zDs%Y=>M*BbD%H-h>5B@wb`R}ilD5Rgw~q??WRL8LGLf z^#SqJ8s{s5&mSsvanM{|`ykuEabpyL{^40bn+_AatvZv@wF2G@nMi4x(88p^2e}#W zL-~7Ym76$JM~0)S$je8r#2wp(NxelI|>)90T;#^-Y zG&dgrIJ0&s-a++nSQSRuN3Hn9g^{0Y_8tBGsaF$8VXqrGomkRb1)J#Zm&UZPI32L$ z03B);zTv;O#L93iWt#Z@A1tw0I^%0gd;I})K@?A5GW800+OZU1!AAVvq2=R|Z@z;@ z*1_#Am>ZE%p_167+Md552jNSYuxWp?I)-rW^y%4%^4I6Bi-_f&t@&Mthe{4{-}D`R ztUW4L=uWs!VV*}}WU@|g0{bQG_n)1nM5Zd6Ch|-+ZVdiY#T2|>P7Ulez!#P{%cB&X z_9f|`&QWaF8i|$LGLa2?7+)MLxKU7b-HFVww0c|8>0|$dI|Q2=r9Yk-h8Q$~c}bv+ z6GwgR`s-F!E|EtmW4DGj%r?j>Ru~_MocK{jGLZvYq1m8Vi%!2Y>`vlf=RO9760??X z$H-sn%o%k$DfcK$katAeIG?yG+i9F;T&*qq%FBevv;8hgf~LuxpRI1abIfGbp2sNk zLDGLkG=)Ej8pqOU<7UKQ(zWQgUl*~ac(d7mL=v|d4V>CFun_>$K4Ry5J_~6C$l7*y+1Zh9z-lL zLz)ts9PcYCVs5&(eTtiZat&mR(9sB;yQ4YqE2?q;7ObtSH|)kb5FY=CfRkBe6NfS? zL&f%MsR4aIIxCJ@HKT=6;?f5!K$XI3CItjkdUl-_b1h(G4K!1xgTDwifeV`dq z_@7yW+4?s8SFORiL1zf8ek9;vM@rLRE7rkoUCcskvo&Ibh+-u3CXUXovw$_MF(ShP zr3pmD2sohjAfcIv5^6N$^&+lH;Q9?tKi$|flWbmx9!X@HzMMbwxw;1d@A!uvNhKpU z)R$_?dMCD>*pUXymWT8I3UEUXDAK=SkhFq#{+|Fhp4BIjt8=K%Hk*b=o^h}s0phr# zpHAGgE^S#0%_co5rpQ18AP0P&h&aoSq>mi072Bf9|{YSqGfrG6Y)}qm_y7H{}9Cfe(xT=h3fusQ(#~5@(Q`$-WKq4tiYJ44GeTN1OgZYzQ|FX}P z16JKG@X4I~`9)TTlNJ`y+~{=P{}!v_lb9B(|B5_5HZd zEJ-+KiLy6e)RBC^TfYmP27K5t;I#c>(>am^zTAT*g%9OVbF0AYiDD~me{TD!iauJ` zN2eS~UV~$rmKj-~_Q!uyd4hA5C&%Ib@+A>@BApa^YL zkhGI;B#A``Z_ZK>#;Y+Y9KIXy1cv?XCD#LW4KRa_of)^t*EM$m$(8XvWcF~1OZq?! zyMm(SgM?llsMC$DjqFGB`6*u}q7rsiR5`crG7~li1nN1=E@UokJi-DXM;z|3UzyGh zi~Gah%WrC!({f@J3HHhO*B|yuzu}lVo3o7bg>n@Y&uPreM(gLn^;9JhcWWmGm|7;9LgVCO zzdJ2w=snQ;E7$E1N}nHWSeDW;^`**Bwn^xz;;wAw*6WHw0rZ0k@>c`shb%1E*<<8m zTCkQ^cXS_f;exa22d$I0!1KTm<^U^ev0YKL8m?4i($*s3%5(cXlx$IN_ZRfFen<)^ z68G5#P%CfN*E`H%q<Z(WG>?I>|xwqSa_Nz#%Y z(bu*fxWwywu9iEf z)?>B|KJ~qZg~zB=`IY>Qnics4;SU1-m8hpaqvjkI!wGmJmqcQznws`Eqvo#-ZM>==s#?H@sCFX~QO*3yg)H8%~$*d=YgDqS2Wr6?s#UHQf5f{eZfJ@Hvf2PrS7$-bh6bzsm)IU zJ7a>E9g!#AkAA&WxxvdIIi{C4++UpHWLiWMmjMI12`X{*!_7O>=@Mt#L5n5JqU-kg zix(L-5&?ZBtUODvu)efARBGMiK`i>D-@>_avy1&rz(~wT^XYerOXJE~IL)j1_G^@a z!O^t$>v`^N7g@2m*zpO{`kRRSdh(>HiZo&5UBTI$fe&t1`pu&`bx(Z#`t|2tqQA71 zfx#t+ExOY+J$UzbF2FAvsT$9rmPjuKRI<^rg*1T!)6VQ{07YlsCq6wr#@dVVro+Oa z*UT}_>^yaQc(y%TCx(HM@y4ErlRAISFTLtV#k+6QtrmzGEir@8T0Xb9)r?j}xHu~+ zpD8qRc-a27FmATL7_Uw6n`#mnnjf{WJ7}J6VV4Dmgv_*xD$pxGz8AUuQ;Ax{Tr9Zy zG@}Czp;UyXT*{2TiHRg|!k5cNJ)E0*<$*=0r4Q2{Ci2aI}4u)l|&@e4hQ`(J+V~ov+fX3>UPARX#??R zQj;Gr%E%PAG(K&=E{*Ppe!d*%Jw@;;CkYdSUwAgoLuYU1-_kL8?1#jUjMnBmL% ziJW+m$DU4c*}Tb!j1BIWW9SIau}7q1STm)5OUHPJBo5Uwn5!bvF-`_Ws(!QuSgT&I zI{udTaRlCHx>uqX#Xx_7w$;vbsvhBexO;j=@9RY2w`Q$UJ)dd#E}3vdItInynK*nF zq+`bTpPRhlm?S<;YU3g_K^R|LaN?E^5mvKFvaS_%KFco7Ilad7L%sYH<>SiV>%FdB zys?-XTo4)8c2>vJ1TU)L7JiKZ}^ zK{C~#L?R{2Xo4+WJ)Z=earHXf*?Yw!jw8e3yW4f!LH?&ea}cp+CZOWQV$q?zEo(wp zu%n9yjdrVQZAs_cY2L+Wf}va!FROwI3WQyRY~}~Yd0SN(UrHmK&(EKaSvLDH9=Ei7 z)pa0sd)of^*=06iFIJa6_sGHa1rNz)+FUcca?MjF?15tyaQDlXFJCeLf%V>By5ZI7 zCWQw@8hVif%OR{xa4%TJ390;MHcHd#674FnFk8Ol?MZ>@Pc4k$-(V@#w{ZygxEo`8 zR)ccaZ88et3GTn~xe%Tm({x)fMbieQWI$R8#aI7Dp<;1&OyiLmsP2;xJ`h@J1hLM1uFX+tr!yC}%5SsJS*hh-q9sJT&c!Qi74uE@u%8jIDPs=t9svgId`tMA?v<`Pk6dnlh_lj? zxj9S$9j83?#O&ohw{Ksj2J~tz0~l zPwHNcTSUNoR*-R;?u`$Y--6L-u9?MdTb1^z%De7ZZ}k?MioA7V6i7=wFj8U}%m5>$ z$Vlq@_r>Wy{z}s0zRLYWPK&yFp=r;wu^~p7{f3S>LwLCO0nj6{=7OcLD^)ede|~@O z)%5-`L{P{iz{|_KN7w4*f*#r01zPE0QRlwoIs%3`Zl#!Ag-RXtBkP4JGl8+xc1aF-p7=-YHA(yExeQL;14?68f#>;haYkWj`|dmYe7?~tmPE9b*<)H`M&31nUuP3n=_OYZrV|v+_lQ#dO;`5 zx_xZ1`(9zI@$iz@YnrFeG@my$L!UN{3|~4?^J_ zNHL;_e)NAc%cs6#r+%Y-EOEEVn$dIMGSh?ATTu*dSmBDs=h};gjHh|HI~~hNCC4&b zk6Sxi-~a7F0!_c|6zettqK-MC0eS}*Ir5snate~(o@y@ zC7NaJj=d}c%V@YPAp_c-Es;^^{u3|1F5T-2!IyUQqv1VsKW(ibXTjU3T}1l!9W4f| z?4g{Tw#SRJDGCf-V1T5iXh}+0?)yxy(c{^}2ZoIegMp*^t5-qB;kefQpD0?pGefNR zx3&sK4f*CBeyTj!CVWd_W(pg5ecjz!*~WJ zuvng9VUW#w&7)UYds-`_9zX0n3Jh`HIe%of?CYqgJ)L+Vf7eY-Ypj#g85_h zlf9`rBsYiph<59_AdnW;(G1w9Et^f5-#TVQO)a;ZJez6Ui(iW$cIryIc;Jq7WU*{3 z14o-li5l1B@woo`D26Xz4RamVC{{4yqdq(|R%XOt$`>KO{_QGSt#EWg(*s5fYMq9O zF9@d7yHqUNWFP(zFr5YeN)I@l&);#l$40uc53#K-U^+kqMZ`s5s!nro)Qs_C!9~Sc zL*a-b*~r{y+c&kM$t4U!+iW#wwbod3EQGc}WHBLx$5gbo9dsQP9Yr`K)6|>}LY(1E z1rNE}jjo56B~i8*aG1npFt}w@4?7jqf$9rQ>CNB^p5T83F{#B~jct@c#>ck}fHHa) zC(w}IgI>+{YkN&zk(O5!oVR%OvfrtCoNm!$$LCJ&ckd{A0k(XXJ9#>19l7H*SF|7P zv@~b7rv5ZL{>q2wQ8T!kC_RQlvi>!#?~flIOnmC@fNAgi)N*zw+S_xR&ySawgy{3} zr7vA+JyoM-jm<`|c$ey_L>~J!e{K=g)ARgoW;8!!A+(8c9b`hm`S4bux>19lEr<~< z`DpEuEE=;LnVhNEnU?O`gB7_n)sf)b*PpkyUTAAQ&KpuzgoXB4`#xlaU%vQZvm_V8 z$qMych#f!2@^xIy)`D%^S%*V!RUZ^z6cmVWOH03jOA0z1n*+nnh@lbKj}r}Z+`M(` z4Z4LI-U+L5F>wyd<~-x@FkH9pTeok&UAcUb7nfN%BXD3yRUYkS4e{!x;soPu*9-jA zFlX~aU2SvaMF~lfie)aiGkQc%xRL8V*{REPHh8eTlD%rB@>c1ovf8WF-t4wFZ{NoM z=60@GO`f!weMS~@#_72Z?jG^-l0k=5Z}yl5HNXBmmyVMzMYv#yHE+4M?zGH<`HkTC z?@lBTe4S-n;D*vrU66;7c@s+fih;Ba>*c~i=V;2Z^i!AYl8Jejbk+HaWHU%_!$a8j zlKhmpZF`j3;pb>8_5h?7i8BvmVSF{7Bd25RtA&b9W>^fg@F*P5RAz{*f(FPwvnw$? z^ld~D{fO3qzo*vaS5adtmnVKkWwD=*4(;Uh`@D0=(5!TX<4^#na49cEL3 z>d6UC-bS4<@W@47&%_I8qOOSvhvaRdWl*d8^m91`1;0j;Jc}ixNug!FKAYV_tx%AK z;g0s^>WQ0A+XY#ecN3h3ZD&63U657tkVb{z&Sh?omxf9iQnZ*2R6yQqYFm*qU^~!$ z$$~I^D1&${A9?p(`^1&k>Ei0Z|LC)&3iuycYYtyQ{EzbGBt;%QGa5``d3Hv@k2nY6 zc5J9?<}z*kRw+Z1N+l1tod=7;(|a=u!0pUDh{b=I|73l-p3&q-QwraTxVGo9!Bag4 z{zniqA!xx*VM^Zv>7|5~;Ys_)+!wM*m(9$Z6ifJ$TiqZQf`pL}tJn{#6o<-~3~jpA zDP3&=PPrwx>qz8Au!)dym~=uhnZP-@*31e6_UT~dGlF=KokK?Z-NsW%H@0Hb5}aj<;P5I;9z0C&(hEuRhsp5iW7z-4-Abc z1uhV1nkL}awui?=`Ho$bJ?o+&49OWV#-2fG_oq3v3Fw5W*+RgN3r|{8-CZVvcPi(M zFD1{{E0}6xj`Z8>a|{FB!VnarX`yv~xyQT&p>*}QMVz)8dTW%3|JDJv)2A~vm)1|pmpJ#iX9}?6(FwL94A6w|cdss=tr)P@gC^9?b z*LpR1e%)a(%Fjjl;uq61WOVqHDORNx7M52;PFr~Z(xCFy! zp-o3iYe!P!aeoy$(PRbcs5pzEV)r@H_L|_45Mrr7E2B0zVe9anJ{^EMRPzp2=#-fn zBU@BSepUomNub=32ca5{$fol%Qk9}SqWqnob3Y>E>AorE>Qx)&f4Te4*ci$R=4;bI zgf#DQ(8}j*0)w2A*bw_8U+`7Arf1segyZKVhzrT_XlYx)WcOUk5u>J(=YHEm%2HFx zYI;gDH(`z>;L6-R^{vf&6s{*x&j{`P9SMi$9XYh8BL8tnu=?b5h0Q?HRfNif4cMCvDI}x}Z?8F1iKz&Z^MbF3#a2 zAzz?E$ibJFvim1|bM!O&^Tv`VN7?p2pRWI?amAmvrf3|c4F0_NzwwvBf(a#H;=O+- zhJzHfKHu?|_)+I^tImarq_$A+zn=&z-BUl zz44vi+C0L?Cg~H0CC#9N<|inTu1(oIgvi(XTX$^Y63(E51u?2ObMbT9)U;s|0rjHm zeCa=8!s6KypFGvFesf7^%w)luMgvkCbJAt`tyVd6=NkRa{Yv)Ed-LQ+61I6!013&j zRG!TCpFpf{MCyxrJzK8BiH@&nbE^C;U4!e^3p3bu^2A-9*65wJyTt)A<=dSaPmEL$$o%ieI}l zWwMHi?q>wA%p-*620RfwU%Qa)MT~MX{b3PruM{I`x)8swU++F;Ws;9MA+44#-gyr} zP_Sb^{8B@^4nYr_Ny}a3Qih{wpAFgEow}+QD11x~>RjIK-DggjMO3y_qzd}*#x}8s z0{CdQC=pQ`vr%CvGgyl%{or`kr=W2?1oF-0w~sUef)uU?#~N3r91MZ9I(CBCgbka_Z8_`L?XNCkh?IM;d#<<}h<_dXXTQxT~I-^Qy)RpWEQD;o5F=3xZO_a-Gon%!j!T(d%=JBHTW04SFD5ycvS_g_9h^);AIoY}pEhldc0b5YI z;c0AcuJZJy0-eU!pFYjOzXIIkAh~!`DNG0PMvew_uEyEfd4GE??TugD99aObB_y$? zh@Ux>wV41}n@YQJ-kg?Xy%sU^CDFcmc*rY|DpXd5^!M}stO#W8q2hRiWivOJsCF^* zBR2N4&A6A3sbXk_UcC^}ngm^&wznk3$SZAbGnvbMqgfuW>+ooJxo2XgJ|iXN7$~jy zz2lcmT{ZWAxCKQUl-srnIPp-S^76O?so6R{GCU8*MU!_~NqWkDSe&QeR)Xpg4APdE z-;$NBhm0JodtPkVE_6Tj9-ol`l_Ri}^78j@*xeYWTP7wWdkGDCZXTWw zGE?NbpCPdvwM}?oUn4U+##a)-8NV$;AM?$k`8!jOwC3H{koLCg8k|vyK)tp@N5Xw= z=X2Xn_Bs}D2#tTKHO%_nj4Z$*?!I=ORoE4M1@B=ti6ri+WOsUYr43|bzLg0~xKQ%<)!rwB7@2rT22^{`ci z3u-!DKF>8r8ukWMeBiCcWtj;;?3X5oS#g#DtT6{82VLE6iXrOWYd$wr`kvf`O#vdg zk#7l7*^uU;X~Wt`NlB^dyqJt}D5V22?B}ajjlW}oln#8UZ=0TH>wFzqyZWPXlmW?4 zlVhS2X1?LN?4yBIu1wLwcu3v@1voOk&%G|MTMmxgSI!DlMIxL5_Om*Tcr!VS}` zVia{eh26k-=_lusU8lnu#t7csTqvNv>baQUIOkDRG=6C?WLvOAB|V1#FfkU6rE8Vv z2;icvO%!5}Gwt^&u|_-liSlL2o_}6JJ`Y~L)|?cS;@G~GTQ_2@W-*Sy?ohS+{jPd{ zCACa+Q_3?ZPS}aXEIp)p^wf^XigyUfI$ZqN$bWwR)f|@%vHb9q*!OO2i&XInCO#u$i<{- zNUhoMrprzZDEgOn%=mJ4d>G)F7QwGq5MsMBDgNqLZ`#=7Rr{HM<7jA*nU{>Kvijyj zEfY!owv}$eWHZW`8)v#G&65A*nxn_(m1`&AX`W&6cUSuv!PRZn>VPMdZVo@17R$99 zjK8k;>1(WQrY^J)dTg{g^kqbqUU^jO<=WRF5ztY*G9iPF*%G$G4J*hUmN|#b-~*^R zA_2Kt^7gW>2HM+(G0~vX+rpL5DM9o$w3#|W%rM?T|KvDK{^OOUrlg=bRzDe)M^O+G z|Fr)3?QU^86ojBja*~cLS%oxZC+Y5n%g6Zm_yESMHTn6mXCL#)Gr*pluye=v@w^wisqcXQ+<4JQH35bZv|UWj3R3V)uxHFr3Bjy@o5j}SS=P2Lf@|H zs^b|bH!z#hFLf808?;Fmjqjd&!17oBd~eq>HwPaM`8PAiSbce|V%BDyhCfRf2s78? zJ7KKNzq4JdKYfHDAFA1Yt??Y`Q^1vktb8c1wA;?otH>^Hzu|2+n>q!x?wY!fDw}(? zrO5w71;^ZA-y$&6=_FE0=*K+Ul-gA)_bF^wStHADzIAA~UgXP(A&v~)5Xbyo@6)0G{x=vcIxhY#E&X6RPpD@+PcidB*(i@s#NH<5; zV$oGOF*tS2cN?j^q5_if0zd4p<85t2-Gsq;`Lf1{7_ZOif;h#Ie!=4zGNhv)%^CW` zPBb)IZ`w@wFlnLA!VC9cyzrepR+JgJE|ZrPR2Esj^ay)>v2}j+ogoH~QvO$Hxq@v- zQLi6m3W>=8#CZ5nEisgvyGkvPJHSI3(c54Ndwh7LI1&Xcy;G*ZN$!MhAFru>J<*HA zg|kCBOiwN!sOZ=sDmss34$YGmUkH_Ko!@4w=NQ~WC<5Mda=}{Z$cJah{@FNHtVJ2j z9iOagnU9aC_DPv)@I+b;qoLKzgcdw~)V3K18Yv7eR_Lyw`|Ib~OzdvcKG|$#MoSUO zRW?Z;v~}jTW2@QS+dq~@ozNl3VM!QPOiR%+4#-3m-vTQF_D~~WPY*Hq<9N~ru~H34 zti7NRx={k}=A?*SPzF|VVFo3pR&Rnp#`GZR0vRyMP@?*5w6R5CP-Hjt9&~idaR)a` zxPR;DT+pmw|3gRT$&M+4Y4{ny20BmfX(@E9uGxwKr=f?hbvE*B zPJs8WE4#-7F)@r21^GC!+A;{$TOC`O1kLAAcY5+qYlMKFJ#4%U!w73^h_6Nq<7}z{aPB8sD~e);3os zJ3u(c=hdqN;hZKA&LQHL6aU=Ue7&tPI%oE2EJ?M0VqpP$w`J+j<{Wcn&@MFit3SoC z*Cw?@SUGW(B$0%53=Y1QG-deRs81;5cr3|-reCDWwx96|n)12HCwlxVUNlyC05D?} z)4(vh+wpazV^>4x{HOWripD`7o_=N3^q)7CJ)~Y3;6!k}@JyDf*@pK>o<2!?A0P}0 z{RbHAR2^ugb(-?E9 z>-&@hA+n$MZSxK;YOh&=n|{oWIt;gaD6lmU@}=ad6|&`^R(6+c(PTuBcFA_K%iEbA z<>0uw8PVr&mn0+HPE;(V^X03Vq`^+t<6k}phDlvtpJ9fqmz{4I)6=D>*mqQ`;$!lA zxy}QJMv?jsCH>RmlN2IK8B`_%kA(FnGRaHL3h;EFvQ(riPE(hdXDc~ZXWoNmYcLKG z{p>EfmcfmMe7q7}Ayne?NU7>pW1r8Za}NI)h;dn5gl%+-uJYYnnpjKEccM1&a@6~I z!9B4@7E2c2`|3N5Lzq$1l@`apJNU# zR+#PYg~*6@UYfAf<=<@%xej~bWe+IGr#sD6KqI%v!tA4<=cp!;JBI`9%db#}Hi_)A zNYV2%x+dl%du8SOU>E3MR_pmx{{txIvO+3XB)&5J<}J0>1+vO*MiP=8kB}r`zSCOH zYl&?4r%6Hbb3Td#gw9W<`^Hhf}!-I^#$6Zj@ZCM~!=sA1)7tUq$@OKfI;PDBx zO;QGn$>{p0SVmLvzI;ovXuG8RJM3t1`D1~$#0uUsR(AHDD3AErtYe%1n29ko6aywE zx~zjHcScMkx~vZqa*T6asiIr5)qrBG4M*2PriVoKfm~gS_1^2h%xO6B14|>03~5;r zl}52}R;SGI^z_65F9ItItpe?>CgxXsX&;K?t95A#XWoON{24cL$*}%BesC8fw!x)G zT{vg3gf0_Sa5v0A602a9qO>t9k`jO0;Jm7$jZC0@SIPKV<5^<;9FjGP(woYyZ2x=M z3rY4rz+Mo?r2iuJqI)?Z@Q`{DSJYH|?0R6CG*}z5i(%M&cjCY@Nf0cPfJJgp5Ro=vyF7Y;U^PX`F%Sk!L8JsFVXW-E=DzMjYky7nfHz%Jd)8BTy z`WHL;zXD(;{xbju-{b@%Z0TxyIY8GXz zCvN2tL1Cop-Z&9aIZo0!P8%l3$5Jv`#Gygm0r@i2)11-8M3T%<13$nm3FrvWTo!|J z8RC|tF0$-7+#5Z7MKvV5>E^=AiMS;|8xQ1ezCQ2a344DacjKMPY841_HwbR!$Xh(D zc3C1R|ocDi@EuB2#nVHvH)X9XUgWQyv3UWU%K>#Xb!0#2QVGwYM{X(=h!LF1@| zJZM;HdM^g5RnEJQV3MZPLgk*d5#R8CorqzS_=AXfBdVg9bf@Fv@EMGt;@1#L$jHb< zV5xh%a_HyqdRJv58Ma0FY3AUB_;?J(n8?c^AMz4OO?emPt_Tq2K|$sPvg19(NzWdu z|74htgRlC&RZb1VYNX0-`rF(iD9kPQjOz?n>~g--z8ADV$diy|R>~%>V_{)Y1qMlR zUat+?@a;~r<4Y54g+_1=T1oP3np`bjc=M!V=uyxxBeyzhgOk4?9yH~blW5;0^4f?+ z?+lt`3!H>@T~BmlBP}#q?N-F#a4VM*PCj%-N||`*?ajMWkyL)9-sXidO(AlMxBv_E zZ6FKyvE#|DVaIU~(%S=ln?eppih(?PiMrSWeH*Egfuaxf#wG7ZgXFpsfPQkl>K zKsi&xvC16BI4^v`>1W^lw8s@N=PE;=7+zqw7h52{wl7;SptQnz#2Lw+`g_TAck!G6 z?VD^5f;Jzsu;PL54r}fYKPUnDg>2%MPBdl_yKCJ=(7qz>@h^K=M39TIcGMjSiqXQ3 z!5NMTh_($4xFh|FJvnWEDm@ASkAf1aA5yw zk(3n-7D@9V!ThbGcl{$MZrr#5rIyXYx_v!@?go7Oz>12&WG=Vk|sG5@xe zUu=m>NF$g6u1FO*_)sb-Ss=Q$lV=p;V>h^>k$$} z4-Nhw7b;%E|9rL<`v98(k(&F?z=FvUS0sgtdP z{GY%v&WS6aVPk^&dpKsCh;eka=ju~W6GHtD4Ym0GGbdS`a6jWeS)7v|tlTTzsqCLr=hXc!pP2sjz%#X40YC=93Au~gN!yU#7#cE81Y3~y)~;WYvMQj z;5CJiDp@l$5zaR~)B`zqQy0`Z4;uXK#CZ|NhO>ZW<1`wxG6jr_-SF;$k|{c7x)Q@gt);A_y$~(*Pz1E1 z;ZnLeIKsf0ViZE5J81)L`H(OqlTh#FR@ms%7+j2NDw;9gMae++&#SFBp*^6ib+Mo; z_(*ix>223aBLO%z()bm*+BA}u?E@7^)eW6xTdkebPLe|YK&+6LrLWKCF>9Kc*^JG>%-?ktnoP5eyRiA$Tp|t_q&V>_pH92l|e#V|DeQ-ru zy9n2^3D5TcW2uXN0d0&>O^2&G9$s=Hqt5Sy4cgbT1seNvWJ$MOD1D#&Xtqv48CI60 zcK$4W-Jg3SrxKcfBVYH%MNw(r8QFfl*=DpWG9HFmh(ZCa&bd7qB{wz*s4(o#&GPz#PiIDz_38ix|Mxt~^&<9SEKExDBz;AS2SwIRX z+;19(rbsN$=&bkGY{3-C8j-C5vcYF$rVQ0zeN3e`&K!svqY zi5-JJQ2`exl!x=ktecqeqF)r&`vN^Wkk4(BvTkZ8w3#t$40R^wnWdPGGm!2^%sa`_ zYy_U{@qhvNPhqBFkSc;Y*yPKKYm$vi666hC>GCn8uUj$K%8Qv*vmfz6wE03;Is~wl z&m>{=x$V6i28;Go1YGJZZLRfxjwRrMl6?&jF4kcsoluo{?MbVB4a6pu?oSRc5%q?0B~`&oM_W=wz(Sn*>L@VeTf#;leXv} zwzT%QyN)hL>K~M509m@BDN>308j&!c6 z%!QQf1D2zrVhLRM&=oEv7`J>{KyH_wPegnc7fp6z*Fxk(!D*}(LtN68SO}58T03aq zM5kU+*lda=DdY8f5M8+q%muH=L~iJP*-nB>>Q{LYA>ei3QYOykKTV>J>$cIE53;FWycl>B#G_o04_9io>Ar9xV|)gq{Q8n#%E0a}O<}DIf(JM`Y)tl? z{R4QI#^Rs0)uKr}5Tj{zVmK6|IjB~E7|m5oxTajB+*pmPVLLw%qoIMbrB-f>wZh4k z7!jihG%`C2oW^Lm{ixsYOALdB^@Xd@f^uaa`Bsaql&5SyKBhcAECwy#*p0@C#kp28)0tn#xhg6)eZe)! z4U@LrX`}A7;h&lqok{897h+$sR}EI2aLpM`*j$2+9)HR+TowwN#X5D2J1Hln7D$mC|SS1 z(BMu+gj6}gQg|JHx!gSRzKK8&{Kr54?^8DaKaTR(3jQC5qpWC-!hp)}wm0x(oyh}H z0DS}NlBdx&cD?79{*%i%>;kXgK+OU`+hJZ7tK_OdL%5e$Nx`c56ca0JUAH?1I4|Yh z6Ohoj_k74r4K3WT0vjz4h}Iw7EY|q~pZ?NXr#G}kdL`;bZHU*BL&C8C_{OVJ^Fj{d z7iUns8knqk@52 zLE;7B#S=)U22Sg)d;Nj@-BCAy$p#qu+;2sh{8%)QHxmZI*n|uW^1NL8weZ+XQa6ep zTS!k~7SnN;>9QfKa#DfuDwzEMbo1UH6^9kNUDh`73;+%#u?3A-Etu7$&xQYq>3nIRLZ`R{lFHNi0mR;d* zMHFT1mfs_aGM6vE?KuccO zL^JhOD-?w89TfW)p=xf`v~b#O{wfj&Y6LZ&oVcSe*~7sK%_5^Oj~yYtN6>==Ef1uc z4MSujP_;oD3GVSg8d}TwL`Vw{iA12?*2k_GqGE_TtnTkAV0Id|&DL!ZB2mdZQ zm&p}|_+9BXzJ*2ee<`VwzV^RKswA8?+;Lyag;p=jdRmRW1@H!PVX(G4v9R#{kf zS%{%lB3?>pXdo?HO3IUTbpEJ?N|B!oY;1&3NY*zrybGQ`Uzm&n`IO5?FRU+756Ms{ z?9#nyGw^QCgX{54*?V%Q`m)%juPixNHz56N)*cX9@ptAm)90Gw*E5y)k;mheRgYAP zfh0TT!aeyFg|^j3z^-k^(I|}nS=*W4@Jv*RA-^2q@)eJE9l;Yb{W<|0Qr~-;gR9* z0K|UQ{d5?Cn*UrR1_G%1n_OGR+7u*$Xh5t$Eeiu@E`*v*baY(|CUq%T3gH1Y+J~T< zhHx%0{xF{Ne6!Y7)KL#~bVf#B(td)7RM)JV&Sf9>ur>>?G!HV>9ljQ zT%s4GB?>Mpl5l#JB5ib7SzVjy0hYHbz<;3vMF``CK&2Qe@)LAD=}=NjL`70^tsb}X zpJfd3ZcBjqD>SWuaN|uDr7~d(1Tv{(l^d<-oaktI6l7dQ_WlCrw_s?FLqqF10>F2p zyTTX_RAs;RcXzXNI_J{?s$X(v;}A!7g+c))0+K;X9s0URajd9_2d{;IRwKgrZ$@vg z%|+$W&jb`P7qs=>m<+o{4RsZSU|MyaG(eapc#_{E3kY{ObR(_YL)k$pqhq~xrp_WE zUCOYYQWSijY!}clyB-w@&j#<41J?smTC6&@tI~`9s<|2^IHgEUV)JDNZ#gmfle_ zkrznLoAKehPyqfyP^8n0k~18xnPYdHkj^qcRcpuCs+%xZGlEnu3>xAO8?|{j;`$$S;#+k^qe31zOq=uCmn&T0 zw=R|3eOY}iwE-K)>1GGDgLULSfN}m9E~|qR@h!ci3>k43OMv{ zain`(nD$HSpgwM6e1f}sBM0I3YQ2cja}&I^b0JlVIDr#>I6a9yv(lq8Ta*nlPE5?G zJB6}q<4sVT<4g$ow@?(te*;B{WxQ(I0Ec!BXJi}*GKC5g7S$|qaXxAN1{7CwQumEc zUhY^khjVY=zTL^8p;VAQU3lY`Tz<=SUAz1lim3mmx$_RE^5OruhLIHt$*8ChvR7n} zgbEF^Dl2=Bl0%YFW>!(wiJ~~kp2wCE(lK&6W+=1BJjV06Q$0P`^L&5T^<3BUy{?}> zIb8R-o%_B&pZDkWet!&Ycs~|?W_33Pks8>Oy3G+kUC#w_`8?@3=NI|wuD=bp*sFC=sRWn|qA;vWzebO>=- zKN!ZG{g zAj4TVV`#XBATOfbl#lSz+b2Mr7CxQ3d&V>ns3hmWjU8Z#al0+DFn~H_>I>Ix-C5XG zr~3uTm~o>tO60CCu;zrE1!%2?AXf@FetP6C0c^#qx;j>}Llg*vC>I;i>~Doo`R6O= z^}chg7<84zk)cXhmntH*EcgF;m3X^;?HJM9SK zK9JMqEA5C(BJnB$>nKJ8)XkOEe@x<>A(vq>G^k?g4!?r_M|g zyyAFvcsTCaC+EP~a(~RrwB9o%5HmAp6i8g(q`$aJ34H^JnQ=wjdqDf#cI`JrDF*gQ zr<`O0`<~Dn74Go69%XR52N8~E*BJm{$SPl{dm43>aQFY%>SUD@-7_=K z+UYdksX>q!^xh3hm37BR=T`p4EmMl1LLV440`{W=j023__aUbk(1yHAEbNn4{Mnfw zN^#dPPWa$ky+@Iu!`zePv=6Qo4jE8y+b_q@0( zd?&1G0^ExMVV#l9PRH57n$rLY4n>vS%oInr*9J5@9&MV^g#$RDr$T~jXqemTr34b;u};TWfGM*YG^U~ z1Fkd!kT=9Ycu3QaiIMS3^OU80JWUya!zGC<8nn@*sFM~SJ}4aVKcEQ#i7&@J%D&+* zq4IGvxz~Bd27DvWq7HrD*97#jif}H+Y_CR`h~NbPg~S_I=z&O|2iu1>hNOSzO#cgj> zbe7G>SX;lWA06(YyQ--GoR$m03C}dIDC1k-dpFOR$IR@T#S`7}jFQ4YSi81aFnEW7kfHb2@I)qPNLdHX{+?fjd9Vzl& zRfw?lnayT9k2F^oxP&KGNVtn@XlT6pa1GJ|#gI^nrlzJhKD^AdLA8Rxr(-6lxocx7 zP@Qq}MDUV^1nk_j3xiMhJw)S=XVpu+@AUwV_s33FPSkZ26Z|lzQ>s$Km42(Br=>b#UKH+Nt zL&amC#tw>#Dl@N?7#?F%?Qh2Ptj93%NRVcQZ!x`@=0Zf#pi7r^j}oUw-W^@qT< zirOY?nK@tAD!unQhYe|Bi@TM4%r?*JJ`q=T;Zid41i{O<$CBU*y1AsWVnY8i8+85R zFLJw(63)^tA5Qj20TpUnz|Un%A&ou0315CJTarxUu-(Z!%`#O?k=nNFLW=#ai2@~J zCA*y*ffk*6JQHcU}&g2@cE z85VUpzo|~w<+~I9t#fJ#z}Kg!pM5do_$U}sqY{}pr)aU*Fqm?#5O7>_K|!78d=}Md zVs`vtxZq(!Fd?vT83Z2JueuE2p_)NtX)~cAEg+Sr`X~n{S2&NhzPF7e47VuuU1tae z$JO`tkNhpW@9APJgI!+rsi!bF8Efbn7x0_Gs-*$Ltej)MUZ2H)_=a;E&)vJwHC1B{G}*RNkc$Bdp!JWbey31|n#lpmb(myW;4au8rmjEQ+_ z@E%K@k)SaZf!*9ON+MH22mJq_*MKVoL=Ln^}ptkmX2%E#;0UtG++Xr^W>DLS)|Y!37FfRxIx|;?pEZi7lwD!sO3w3sSfSI zZK2aOh@nSXZ8>(7Dt)UF#C|JhuWm+@_4x|71Y(B9o0uvtOGm86Ar!?tX zvVWHX^Bb?I3KVEPKar!R^j7f@Zh=Q%Mp!vHGCh9BTkF_& z?uR?X_xTOv(y^2TD2(4JUIa*oT#Mrp{dX^DEsR5k3MnaRpPs}^dK>jczati&NDl4i zbBq_iQGWdX<43l7m(V|VC}qgqgHH?WPy#KI#1wWYEf*K3e0Y_VAWn7h#f3Oh?SE3% z?vqHW89ez?SUR!XdAMEjVYcw|v@ulrif7b~cI16lH(+tMFV5Vf+Z8d*t|b-l1~q?RF> zv+CUxTNlIM!kC02Y-sl4b=MiWu?IpX@jb)y}-+-Vjh8rK&+@q|=APp^?^yW}mn^@1qrje^+ zOLZULg@1lUfo%`Ve_7ZgiD)PiPJQ3X6t zm*-vxS`g7{VRg^cBUUYJ->>2a`nzHWjOKc2os z6wO7JZKgOO5T$$FYn{OCtD3CS&IL3GnV{|Z&n44~9nFjl1lvxueUC5kZf0k)+Q=g*SN4g@K1|LranMc|?V_d}K~9JC zmKz-#S)L*HZ#+e5a5&(R9u7w4?nDRH6RK^B;Ot4Olz;;VQFfU5Ggtny$To=^$B~Ul zZIi4&HXZ2uXnXYK_TJR6YRvoUbKy>U!CB)Zk%K0 z#!eM8^a>alLUEn;Ef#Sr6zn$Gc4Bz-$3~Fo-@fVfW@ub7_%K!g>d13R;y3DjDPEkWi~(@K}* zv?^f^1SBv$p{>?BJOsk<{nK1^&epqA`-{TH(pOEaAykokAhse5IZ8OyQsWhOXXOVn zh-@h{zEb1otO`Me2f&Z2CGPm0meB`CL{u$Pw|u4hEsOsmT*dt_!&QWM56RJkk2DH) zA_0czC#dfL=riIh9&{-=_bQuYye+wLZOTp|x@!vJgRl~9NhkSswBKARoGe6JvQbHp z)x_}XA*uHM_N2g`>=W@4a&dKWCyJxiyh><<+tM&u;Pm0}s>+l1X}G(OJ!`t?{E z%rUN7J_l&G*G_m&-}V5f0xikoHsUC1uN@ynLKp4PhITvoE-gD;K?p-i7O!4L)wD;8 zGInD9;v5(P3|NiX!3 zpDisL^zB8eW3OovZ_A;Ru;{9|LWlrUW@b}VSqg_zX!zM0(?Dfe@VMi{6V2kV%xEg? zt4W1Z7k@B8#__FRK8c}RJ=n3>@hOB1^1LMXGTAbT|q6*FGmcl z3%K4}VU|o{Rp$ znEd=h1*X4W`{(cd{^k<(A5O^MZ(OJBkM#k+ze``h_qV&V~rFk^L?|8k?y-}tuv7bk3W Z^JILS@)3m(x+L(Wp?XFoN9l_HKLA8{C%*sy literal 0 HcmV?d00001 diff --git a/Solutions/GDPR Compliance & Data Security/Workbooks/Images/Preview/GDPRComplianceAndDataSecurityWhite.png b/Solutions/GDPR Compliance & Data Security/Workbooks/Images/Preview/GDPRComplianceAndDataSecurityWhite.png new file mode 100644 index 0000000000000000000000000000000000000000..700478a4796680c928b2504169a1b554618290a3 GIT binary patch literal 250167 zcmd?RcT`hZ7e0)y<1nb`C@2B~qf(?xZvqMmgx(S$v{8C!(jk;sK{|xqMS4P!5_(`1 z>AeJ`1f-Wxq=a66C-ath=l%Qp)^DxvW32$W+}wN4+57DMJkQ>jU~Nrh+KWsVsi>%E zAu3OFsiH8zvQ1#e|>4cq!+&V*IUYOQB%>kssDE9{tK0e^M5-+FUj8e z_X}OTjh_A6DO4A(w7dN6$jg5O%}M_4$fH+^uDAbo#74-&$m zQY(}{9IzP_c9{89yf#}k`HXQOZKiBpjnJ9O&4IQQe1e*q-LMxX&1xjzrhk9WUZ6ay zi^Tap9lcp5B;M^cyk2*wk++{|q^_)#r`PV`X@2Sb!7B~sQ--nF8Fgz%NqUS%kfJ-! z16A~#PV-|TQ@m~oXO2FVc+qVaUQV;|h^e8^ZdG$$VsINlWi_-(2R+o3ff|>;mL1`t zmj8*Lm;SGXeu0`#nUkDS>t{M`HmZSs8c|E*wN22f4j4r#TKGa?8M!%O-LL8fypMHo z1+&>0tI(A?(~+U9=yFUvH^Lzvb7|yx#pa9rbO${cLviy`#^7{K`Y|27tMTJIRXDPD zV#BzHhUz^jr>0EpZc_$!y?P^OT6dj1BuCN8_D8RgpI1Je@rSQLA!yN!JvGD(Or7o! z3KqfOb<=Z#MP;P=rnM}gxX^4Pu8MAsDN-Keg6Ab=cI>ubL{Av#i=;@eUH#8g1m<9= zN_?AxsDzK?Pc}5Tz590{V?I3UGMa$}7R2kxvemUA^qiTz{F~OxSeDQ5T5^a}^Vd#n zauyRzFt--U!VXdHRbKIal&xtJraQ0enLIJ|lpnz$(LnpxQc;a^nzOg2T?rWoHQz6& z#uo+nmPcIV@SNHv7TX^lme?QqzpisZQ=>=uiY7fYrgbwowme|!^h)@f}R-{Hbw%*2$jwf7e9k$aM5bbrvBB8$mLXbgi&)*<_r=Oz8M%CZOX?n|U^~BKH1p|$9lkQHI_Y_$2EEDDslNtq zB{iut0fEpx`N$+IY5O3Pqm@62TI3vEJ}#@1Wll{=>;uY{XZiUPH9 zxKf?e_QKJ|pLo6>I%4g%VzxgE@tCNr5VK%pkFvCrYgwx z$?hmhT)_=>b)fDIrr=q4*9I30UKKG}F1FJ>HBvEen_ntzP$YlrBiGG+3~*TZh|2(2 zpo$Ikx4UV5(*nm2z{u899Lc@9bmdjmSr`AwuJe02zuelN zEABf&y$*F_15xWX(D>}4x|m#9GpJgX8DUDU(BQ9q^=P-Vyxk@5A9MlQ&e}ws?ewC| zFO}kyP>@0EHrOC?ZAFe0dnGlzFZP^33uNQXBY)Za=$}h2R~**08>5)Vi1OjBY#Q4H z%P%@70lz)jkT=!vFxA~fzNL;FEMy z;qHcgOI3UMmGrute%>BR@J{~L7?M-(Q#5nvo}bciw3sY6j;=!bA1}IBr=RSHjn#XY zq~&G|EzO@^yx5MC#U{;kBP+}x7A_ZYJkm?6^R^Z)0>bGjuB}^Z24dBYMpz3CYcfJt zmB=J*Ke_Q(b(Q`m+7nMu(O{C$jd_f9M>P;lCOrQEvwJc7wpYT(M)%o_2Xt0x*zvE8 z_MLUUeXg30;U0O0ApkK4??T^7_=?43G1c8nVCQGi(YuklhSo?b{Uh$p^?(Adpv=brF#;<Sr+i#ZU#L)DVI8Pjqf_<56V$ft{j<+g zUuER_%cWoXq8HJ#AeRhe;+^oTq{Jr41lMGYTj&qc#`UHPHB#zTlPb!^Oj zR{1;*u4N!5uBvrI7JnFZrOVcyo5nXW8N2#b0FiI z6QZ#BeDCs|&D_qF!HU@A5mlA2?yz`VC{}Aw7hbfrdQ`-x8 znfzpFWSl;L5IgN>H60+^TA%p!OF|kL06d^Rb}9()KrX7UH!Jflfmc3WnWj^U8_N@0 zp|_{hBkg%-z%UN->hN$d9HZB2no>ET=sMj4K@51KJsCUQ63-af3gYb>R6^8LlQ+r> zg2*0(5(|%Yoc{I4=X;h@C+4S<>mO(@_NaIujBfnnKel;P*{0X-0tt4}m8uM!3mdzXAi<;-X`4|>s&G&oUq~TJQ z)1~#DEp&EwnBt*hh3HxLQOd2v7zYOj%b3K>icM{mke`|=%$TndO=qT0UM#rA<^(nS z_74?RYhIXa7LN(vJq#qly;IG)p7fe23Ch7A8#uKfrjmZKfEG)B_fk8Ne^|udssP11 z=zz4Vuks{S+9$3r_7ykXtlZgb$U;eDc0jl4GLAK_!qbF>YzObC)e-pSd7Rs&8!|b3 z@kUucmdI-t>HM~MA`GhC=Ga-PjDG%nmJGn^>7@=e#Te^V&r~D2M*MG87oQRq?r>R< z&#yK2+|aFG4>W+b*2xe5;F=7q5sM?tWKZ zsSMC(l5P7d?NV`}!-*s5e@)?`k%JOspGc>ex#j#7BXUWl@ud%+|*erlC*G%7$Y%faym8Z z7w8YuJ?D+%`Pfq2T(Q?BdwC==+`%E+SctPGu4?3mGTrsyNfvz#J+=~zLg3eG06}+} z*$hO9b(ogDqK|SKY6V-Sg>R1TNb+eCI_Nb@yU_ZwoBMtoqA=1aZU2wn6VYQgd18c! z{mw-c?b(Eu+wcWOuFmo=S?ZKz158Hvc&C^rb}XnN5*D8(b2%E>n4Ibs|>G=~dE zi?0yqNnI}lMAEUkG47{hNjoP*pT>$_Uz){QgAp~jJkRKXz_Rbjc-ifEJK-_8>p>|R z<#NmATm)nC%al(K?b6-O!|XPZUf~D76=j-_ugv$akL}of@%_2@b~dN~;&O$bXruFt zG!4ZTzILZ}%R67p5ChfGn;QSwcvRoh=Yr>|DR6QCEfefg*^a)7zCL>eK+pD2sn}a1 zUg;(=v~1E_UH7}?9UT(cpS>qcDb-Ce7JHCIT9gh9tpjD;;*?pICu-*8KOETxOt}nD zLr6lI)Jb#lUDU<5EoJGAXC62VL#XAFr@Y=E*>OgFrg;nzYSD91L`)n%24tT`tby4Q z;Xz&CHGciJ76ht`cCn;6-;=}F!X=kbY*_+;Vatq3|2JIXO}PzBQL8gzVC7OlfR=T+ z=+WXM|Gi$1ZYF&VeDYj?mWvX!gT6nBxBp_OFeBFex6*`a)tuFx=ZhB)XP!zx2JCrz zxB=Wek^4+6E1C1Cn(bo39j7WdH!r8?;GlQ%f+}diYWYj#x0XO!`=`Vf!pJV7VtEX^ z1I)>8Hv6P>W->y6qm6)F$hR3!82nap3_#WxjqAIMquI6cmaESGWqry-X|Bs|leunQ zX=c@uof)|9u(#WxL#Cl1J-vEUKBT0o{wpcx04Jv^WNDiWvA8Lhd{(gYtZYy1tbPQx z!TK=!sVoOsJ#nh4mk5!O!M`Y-Pd#)xQg>hjn{*%N#$-`&rb6V~h~G)aS7f@C9S&~q zCGzT3%mTrF$zF;TY+uroxiHbcnDG=E&Wt}cnA2+W1eiOsUOxM1&6 z%!d#Yd&bUer%N!BU1#KiBYFMx`oJM=Fys=76!WfZ-Q~{>pf^_0EWMdE{yLle0%T1Y zp`JE`{8_;js>;wG*Jo(q5^s7nQm@%z>D9W~L`Z}|>Bq{J8FgOR5Nuj!6WD$5qo+%^ zPi1Z8?Ye@hhN~*kzf!mrgXGp|Y}gZGY+;6Y`q0?SpxgLsa`l}zg6 zEt>xr>ybbwVXhi=a#uL+)?V|As#UeHnDw0>@jLLe9YqfXK|6?S-}fsdv+1zw!zp53 zKDT62+{oH2X@fOXkaLUfJ;D`ZX(Lz??O^t<++I?6ciP&Iu6f%N5<~Pf$vWHPD!gWV z1g_BQ71TQ=eA8yM2HTH;ZVFt7l|@_hD;zF1z5qxk#82=kGj`B@8XgAQsLdswy~9@f z7qhPD+Af+Yuswuoq+AJFS`!)6l5BWSnBM#a`H~2e8N6~EvsW_V_jt9MQeKsOBa%dq-g1oF<<-qvyo9gqD-&;nUvxqTb zs*=T=v|@HX_(~z8l%br}Wf9z@YdjTtcU5ha*R*Fr0c(le;^@>#r>P8}%H#r7e0JVC61zM`D_;Mp#Pq z;p^RlKvGO*vDZk-;`bUi#yx@mQatx` ziaA>S&w9n0zqXM4UW8panu72NbL`%#>f|!XxZ)9G09D2=yDD_B+FVCBvg$hqMncov zuhXIf(|n~ywJQo}CTbt&k#@9OF=$L}hZu8EL#JlDZv?O9Js+ss5QAWC&SCO_CGM>q zS|ej@N~%cto{iK^?(8_3*Wu8lN>}AiA!DQY#!VBX&kikG3a5J0#`s!Hz%_^+iwwfGS-%S7C0BE4%QkPkDtr%e0Wif@oz z6GAAwUid5Gg<)ap?e&0LqepAj*^pj-xh$YCkasNv#-xghhr@hSj3>8-Hs~hiiI}iS zQ{VnAA4Du~GT0dG+&@|zm9r|-^yX0|Yq^8llci!-%&x*CqeUik<%j<9j-AbJgbq zs&OlVh*ip}uHhSmbx6XpLy{PHK{WFt!D1RQ^EM{r>8Zn2QB`P%G<=r1)1D_%fVJ{0A5Jg75>(G3wx@(_@0!I-)Ny_T1+ zgM9;L#SZbT6ki!Bj6JQ3l|V)uIgN;QA1{Aw*(uCskd7be)0`Ir)D=jbc*w|V z`A@3GQ^kABbs`50cGLHSC*(XeRb6^|k{iXO-b^lxb?vJVha-Ww;Wb0_biQH6$Eae2VH5Hj z&cOqje#p-Jx*L&Sx?Ar4`(rOhpon|3fh}W^6Z&EBw@S zO3sTb?gQY0@F5YGG>(SD)aB?7-}%DC>Y*U&)E(jl|0>?u$>^;R*j1?ln^|3^-2?TvX|hym?fmzo&3SnQJtJjI_KH&(AEmAREJL#VI56 zdzO6;*@dJEyTc-{qbIJ9%rYluJ(Z=U;~>8su8K|;)l~i69_w|Llk=rf!yDR_O;To^ z>S4$5wi#z-k3;tM3ff_&3E{7kxv-G~Jz1x>S^gLvMSkG@*~lDB+ZrTe7%=EzAq z(p*n1xpN$eU(AX!cA-FZf``jcz7@^v5C5Il*h9bXS(WP?JJuN;@w?|noUt3!a)WcqNct1`K`B7bO7)?wA=6)ZBsJG>#E&I(>uGJplCtvQf}Ze z{-Vk9Q0@M(<*?w9^HNPvrx8c?e1(>{`EUZti~uB1roI_XXYcltioIF{>{DZ7`{%vy z^MWV({Wb3=1G<_G<1lh;`}yYO1IRm7F;UL7K}1s#{H)841j0TDp#ppI%yk}>yL zS_f$~sIz@ifP8#3*P0B-uIS$A3QYFbzk)1Pl&LF+lv9V-xiJ?W^-6JF!&pd9^F^!< ztuiReq%zelbZ7r+`B+Xfq7EqnQTtWHlzNt{7?Y5iu-m@JI_P0h{-MD83!O?`6~2bL1*0r5SugGLU&g z?$7Pyfqzp1;uuyBkLE$xWaTG%0|htw%ex)@@iM02g8GX$I`Ek(e+4qC3&zFlt@t0y zMwIb{n}!yY8khRT`@Ot8KRYK0sb#&Ex5$v8^F4gL1;f|L+wP*eI%+pKt$lLn{NC>$ zS@bL^5Bv)8rgwa*CG!ntbyr5KV?*eBj)Hkw1)i)_p%j4x_5Q9im*173yYGhTAlzhx ziK-dlc6iJjMxsHk#3?vf;lOBiQ<;45qDp;l{h)oJQyM9!3-opoFw2cXnkaUS?H(=a z(g}?SHCNe(nkc}Cx|J0@mL~Wix}_iA&FSXmuhdHB8x_s07*<&}NDlwCNvXD~Odt`8 z=MsWqW>0I&o;=p!3TwV;%G-En@or6m{y(U^1fBm@MUFCvx*bH_u~ptnQtG;3QTkLc zp$eM!gxW&rzb;Dk(l0lvlziWA1IT-syi8Q>dsuJo-)Q%GKYPN58Qjr~JsU zME$LBeg9XLh^F(+g>NTkyR6$CG*^WLMyK3a{|o$4QPE#!Z=HViRQ_+p>qnoTy545x zgW$h5r`&K}mKB)ZC=*`~3C$$^t)l(mH_F{_y6K`^#A#$(lN{McF(&m1JwLJN)Jsj) z%Km*K!E=%iwY#j#XJ)(OQK21>D^)xs^&gKd^#1!as)JkYF5Vv!yTyfDxh`j|zzb`V zEGk9u^-g6%2$@`Xm1N6~zJ0%RQjPp{iK7}Y=c%_3KUm04* zANjxS5_2KB8Yvyk&CP~<5LXu$oxxm<@aDe;^slS`HnOuis^{tH39|yC1crH43`IGPks33yp{VZ5x5BxyB_VBru8E{$^uiBWBz8$jr>Fh12Li z3-F)&$!@jXV-mJ}&+0RG&4OV1zf<~uto0%yeAGdl`BM2f8|pYynazL5@bW*$Fz4$d zwi{=V@Mmtn_%TCpe}&}672eE<94;z8gcVuw^?0_Pze`>iStNfRB+Nqz{f7SL4zdAy zv#>M+7hmIU|KdQolPN2xd*xu^V}d*Ad&r7U(<23?idN|P%w`*j+mSCo2Ed=fpj2D; zW7;kGIz)|)$JJXKmj2dg@}2dk)+fLZ=MnDNrTLE}S${2{D7pk*T!kCl)CcDBK>Xax z+tC)X|L%La0JTon?Y8?m_s^MVM_F-lCfxgZuFnvB-MId zq@F3uTQSh^-Q9PhwMy%)mp3H-y+7I(pMz@nk$Ymm#SnD6C3=)z(5(z5sN7;#rj=Ov zQ|m3Re`N-3Dq=9BQU|>ai=b%AjE5A@?yL8V3!QV-5IU~5!6wu3N=JZRE=5O2GYQZ6 z;2io*xHMBAz@`|i%Z<)X_A*|-c~jJpm6e6_-fTtm*VnB05C{_HsG|4pe_@e9>T|}l zW7bZd3n#g+F6lgd^5hoQRo~Oepk|Y0k;7+RraNr)cv6H{QqquetuPj^bZHOWH|c%~ z0%noevNTj)w^_4>B$q@(Se+mVO%I-(a&)QE5-DOnp1B&5qVtt3b{UN<9>4J!7bER z{rjmO|LMMkl(cld{fHAfJbcp6A~oIni?KNh-?1;g*Q_Ofn$MN~W7s~+9ICG$TY8wz z!BO>VVyD#JkxVyV`DkI5a-{8CTLPibjt;CIHr>FKyfUiTc)S%_>J#w`4Nd=#XNqDk z9-&T7M$F^4L~MF&zp4o??{Cf`#tM@jl8`G?=g)G#Id9}u#Pf5ppHRgdQ!XVd<{dSB zvTK}sKELLG5v<0`3D=ng#}mN^3Y(>+A(7!~o6bh#-ae8yb^RO)pF6kOz0!KGenDh} zdbv$&udU8&V|b~*gy;T!l{9Ht9tH-6HDcZ3s~TlZEnRitgA+H|lG>GHTP^@5pfmmq`0`4M>qRDL9|*TLBMpN!cI@jy30OEQ=sFD z&$LW zye~n>@|9qb^ZWMg;k)`Df0{Y9^3HGSz{JADhHceTuRPb?RsKQ-r}9CXC!_VoIC=9-M>%3!Zt42Xj4+;Vbex%=L6?w+uNt@)g zJKJqEoUD8+&6+k{?`{rdAg@VGEe*_f!sc0IJclOzkHmaBjLUF19Ht4sxw+X-S&F_s zZ3}{b-1t-h@I`92`jQ*G@mR}t^x^k6S3Q<~Tsx`pNI4zFE0Y4wOxIaiTiRXUg4@fT ztco~JmFlgpd&S=o5O`*IPeMXs^xHQTyVa`EJ4F_z@Xq*{Q|Be^6X)%lf4<0j0*;eg zLDC*beS;D+LUu46{jFQJsb5vi_9>w9k!GDIuM)8JicUdd?hvm%nLb}i0A{UM--Vvv z02_<={+TU-`sr!Cazq?^O%0(UR`xwGaDhoqNW)P;_-U0-sJQci;?eFIc5mwJQFF+R zLCW-?*oKZz)HM?kz{HT?n5QB1(FS+Oh0)-6ee)<2LF*WBFXOv;f#wYKoEbKc?9>zgxlHTnJfQ;2SgxFfX85~Aj_ zInylW{X=h*X{dviGX~O`z&{vH8WDT({SnxXS^@$B@kn1^U)jyM7>rSQJi(o+Y^v0v zb?2zogU2*COzvbyguFsD23x*zXr$0ctyk_Sl_1)d0>Xu;{jP(U^Q6h?>FMG8Vn#Tn zCjXM!%uqi}y~+aGKM7;aS+%NV!EU|d*qiaB(R#T9vK;#lTX$ffmajn_*1q#@Nj6|t|HUsz%NpglD4f8EJ-VIS1C*Ja^mJq zA7kL_80{e#YfrF{Vx5eTq8mo2snCl(o{h2w-EbPnGtzL;AQ*TU0d|E|@%E@$Xw61rcZp;UT0zumVEF+V&Lp3x?NaQ0x0!VVz%2Z

?sP^~CK)v<**Bb-f%zeQzN&=;2babMy?eLZ&XumcZLQ(4|6^LT zaj;^ye}CUwBmE%+oCn`N*#qM1xpT;Di&pv!m*GM$y~3bYw0vES(srOS!%ml%QO1Nw5YJ)}1*$?w0VXj0A2)9taiW zdHAqvi^%SH_WASYl`&lCLQm2?NV1GggcXr-Z=BtZrSqXlId7L{e} z+M*UcP7cZX@`~0^o;+E?kCyXy5*tzSX%CYQeJv}_*!{iQ_lzJEi-8%4*$>yn3pbYA zP+W9jez;3!=;OCGEc5KeR_h@3y{x?GpEL>N_7>3s?e(S0?^Xo-Ih!9J!gaftOZDDD-ETjJ<#uDY24!6b@I!))$9EamjV`Uox*|90>-uvwjDhg6 zGSeI??XeO|C|jLsG$71=WsnKzn&kY!zdP;8;lo^ZBbY7swgH(nXuV2qb;GIUkC!X}*^${>ib!p0*8 zDhd!I0V>K@*oKW1Zwufz9%OkJvmYEC8Sk>q9ty3~wa+T;-NpN?Po6{q|4X==`%E}V z6krO<_Fxt-Ot@Y}KG#S>j&Tbm()Jff2Fs zLt!_eH`r35ZYSuc(@WHw3pIt!AogT96F{~FpcSiKWeezIb`Bd1XO>R1D)^%v9gs($_1-R&XzhPQjwvrMFD+oV>x}0|ZUu8y zIFew{eC@~QspWEire(U%E_&xtS-=Uh$hb-qG#5u#RaG%bI2D5N*mfn3xX&JXh}n(l zr^$H5r=^+ZE_eZIM9cJ0#aP@q9*f2Pe8o@w29JK9!Hk=)VQsg@vUK0F7Bsj%w2$t{#G;nw2b zoi3&p$7>J|hLK!ln+ax*`1<}@t;5Ody8!pEilx z*xO@w*T%4p9G&D(6x=F=qw6s zC;Z@n+`V^ioZ94oA?0H+Ky=i|xg24^8N=OV0Rh0K%)PL)%QMBq!J#l$DLXtI!-QZiRZ7vPyg--Jq*u_Z8!_8nu& z&3iy0_n{s7b%_}ck&<+hhag}uI!y#b2JO|WBd7jH?2v|rhWK8WtvSdAYHBQGFqa1| z`fO?K2uFD|B&zYmUqDIl)V*m1*Cd!ZBB|Hq*qow{?hJ#M)d%kmpE!)CPfRhmH*$W#lFtMT1Oe_qai4)F@7}(}0MZK- z+N@$TJced=YN)=3=IX^sd-bL7pWiUac!rsnni8sAEQptB2>>T&IPpo{>+kP}?;S}4 z+?4NMx67mR@h!X(QSj;014pghM=nZJ&ybrY94)uf0}i=aWRd#BS`WR(fD@~D(Pzgg zhnqocx~p`I&EdlLvV4#}gcugi&AN36n`&!EMckIV3s5!Awtt{Zp3k^apO#59 z3T!RJNO6&K!vUO*GmIK<@wHp3fq1KLW#LK*p4yQ zU8w~|Hb%-0k9cOyRRF_{?BBt^z;@TXHFJNbbP0)M=`r z2ol3-Puw7hSuCjg*SIH51{|fm-LoGtLpc#KQf`X~aM{DT!QLTY?}Id1?BH42@E@-t z?e;?j+dqH4({%7ID2RmLvnE;F=C_0~VmC&PKY)F=l3Q*>NzZW->ciOBR_*8!6u%_z$s@hJZHmn=bCeRu*imUBElPsj!Y?bnC~>O zU9UeVD=!}$!NQh7SVBw{T>QlMyE(-ffD=f&99Oe1&oon+HU?;D zq=;$=@wxPWd@45gjzQG+haQ^UKtci_yQdZ{5pk9=^W>ClAU`0!eafT=a_BwJQ=FcT zj?T)C3fJiPxUoi-`g#_5WyGL4B+h;7E6uyWzz%>wMv6^&j4KPlAS!&d6drBEUwjfU zy{HQkFSOFZXtt1Vb#+x=G|sABrSy4o#fyIB!+`Fq$m)6xn7 zyV75tCwJ;yO7SYflz++T`JeCe@TlgU$?$XKT?f&(nBun-8yqM+Q z1lU~EX5EC}xYC4eDKv@1&Ke^fXY15YFR4Wc)nzRKXxw@Jgd1^ z58>sAW8y8)Olh4@@SOu|Wjpf~f*8t=j{Pia|F~MY2k}r)gz{8`@qMedz2PEbX|MIv zfYW({w1@K+jI{T#Uz(c8^9gG7%*WE0Ox|{Qb#JFru(5;RMV524{s48joR^_r zZq0vk+$oqW;#CZ~F)WHq4&qd$K@6S>7)%ne8T#<7$v1@JDTtnlnq&#*23X;-Dn-D8 zs*|050%rdjOouT&xQJYnIX}M6RfaV*?ab5w!8ln0m98o&Wi&h+mLx*n zYz>7Dj2cn)4#4$=yTLm%N=ea4KFQtIV4ElbmmjP1DzO^77j%`hHLr%~FU#qO<<1hb zZx}fR1nF}S8)9=tOVne`-T$=tI?icOsqXARnXCL;mOKTZeqT@QE@-_xYhhs(5=?0B z`@B`|1_L{KiHJ9ET_XAT0ji zhJcA-r0i~WYO3ne6zU9WYnyMyboHth&Mu};Et#EAVqmVR$w7aEB@Llqh5Y&Qtq%h^ zYHGpfntM!Z^G#~DE?&Gi03hwoNKaZwcsSwMXIp<{P?18hNz0ke4Ujfnyem0mnuYFl zCMc%HrlqA(q$VjTDWjFK3cD<1uvYBp-jrQUZA}3f)7JL39vFdud2O~^Kme1tLt;l9 zuZ>U0?zesm9+T=9@fpVrDdd!|!^1HD!<{(F)g}(})H!1Sd9Se9W38#K&i6I-Y*@~KXDF{6A*v*mKEl|U?0 zO%Nyouy~1}lQpy)9l<2CAOs zSA8%~YY;FIdIknA5Z?CuCTK2R?)o7apJV~Cwz8_znEC$w!>jW@!{duw=Q}XV3%QAj zx1JK4=$eH3`@!19Wr4!QVzEwEV7i~HHU^SpR0?L4q|PaOT3yAXUwEHm{j57hqG}~c zi1$b<^d`S0C_RtbXx)|<0LroK_G&pGu>A+yiyow5{=Nb2NZ*+r4C&S?Zn&A1K`7RuDo~pHyOPR9w~3=Xakm&$1n_p-((BRN3$j}$?-#-3I{mZsHf1_(0r9l` z@f)E)kIRTus1{&8QDp4Z>F?5x<{+F-2NjKR67A);yF@T1HDx&ySTk9i-Jp_0vH1wt z6VL{~0}zyO2qN5rgoHr$w)o+y?G3Zp(*`k(l;VuAKf-f;B9nQf1Pf>}1^TfUz}Chn zaq3`yziqGaEc;xqR!leBf`t_S#PxaQY6S5YZ} zV8H)w@|k4!%AF|ypY98!Wp+Q_cWF*i2lqxy*4NzRGfbQTRJAky&LXj#z;-#6MI`Oi}^!%sum+zOeSK)O3BF6=^keAJh*zzlrLp=XwL9OC|8c%^VeL zmwrrDlj0TT=@^*(z%C^T=jzHPbn08js@+z-7mUZ_S3|xTokoO)#Px=20 zBHDn~@yj}MnV&W=A)32)w3ZdtIUWjIgy0}2LC&jbuw(o+Fu={67Fs<{{$kR-Z1yx+ALr;6b z+m#WlGhx>$+soV`b{Jn79v;q$y#H)z?8o~TKo8nUf3DCH{V*&TeS;T9VO#{>qD;5A zZ!(j^@@KK^{+kDj@n1{g`IAWi1cDVB$USpJ3vaUIGW2S|6L1K^z|jUO>aLl%)fPRL zy=ygU)CX1shk_6qSF(YUo+a5c>f&@}TU@=os>ayN*dzp+kN6BfJ!swoL6wTCT7IUx zEQFyYY5nWv@XgOdr#-=m&y-wnM=UX&adXw|;Y?!apuD`hckj|)2V7SW;aswNRlZQb zv<{93=qcSvOJ`Zb;J%CGtG=jJ)Qlz?A-@wfK_t#EF6Nn|4mi~Ct?%BwvjZjJveMH2 z)=>HWkCAc%m(KQ3@xSR@S5{WmNR-q;Z5%4QE%ZQZT<3QH#M|kXFjqq-i`nOz2b^dy zi#rXxe0833K^i(PkhtDv9<4*+vU@DDu1`QUAO@6J;M+}+Kyt_h^rJ+0`La(EV}ZYc zfq*&8RwZ9m%I5aVI^(LlcMDG&kYtP#APJS)cRD@UAvbuT>ZL^<%VSU{F?+a1h6$)M zfBE7BkE5{8SFc{VzIdVCex1Y8!XiuDaqK=Qf`P&vVO_Rve%(wtjt8oXjW2Rv9^jzp z_BK7K(Kf_dS5MDMWMfzDIN3N?ozcT@?ixknDYa0>ZI`5lgoX|_UG-AI8GN1_7*}?5 zbR=X$^lk{6nSf`+`#vjDLyH}ZC_v(A=*^2j4cVk?r9+MajUFRWGUou!u5q&glomm* z!rq{#w{$>*K7?$m&V=O_G6_jq^Qv$k6~+rAVwuF890)z2y_;CK*T;r(B6v-qNIAQ*H;Gge7YBZX&jVWuj_)O^uGQ(?jNmYeOIq6vxOn+8 zMU=Y_YB}Vk{=t=pzZ>Uk2acP1JCmV+VQ7OiLn|+z61{V$D0C69cF@no*}ODCTvak9Te;EOlq7# zbx8`OmfWScsM+W1$EL;kMPpFjEE*Of*{no~#}2hPU6QI@{u&=2o}XhsUCMM=lX2H# z#wvaXG=X`5e|FQUG}KZ0wVL|cUYpMutCY;F4`}RYJlVwxm{fl_q-AO&HZ|$mfd5(X zz|J!`ME&4*s{!pSrOyT>@DoSz6temAUi%vz22t4#!8AF|O-*`0HmE}8h`ATDr^))l zfIwANRh1AL8j67xA$%wzX=P>QSe;Fz)i1=I2A~?(s7?gItL$R#nhh8GAL+B{_grD@ z9t2nz?@QKPy5qFx)ER}jDu4WmAPhSG3VIYhbnCS!X*pBji`SoxZq<#dW8;R+m+TX2 zKr;rv*)0aTm|sN-&ERx0$T`)n2YFWJPuR~>Du2s^c}3`!o^+{u=H})=v1$jZ9>xHh z3ox49S%d#rjayz$+Ni_uB;FSQXJ>9T0g*va5Z3_ZgCW3(c4i~xE%)6qLe(+XC@}1# zON2*1KWd>jBTq}ts1WdXHGfOXY*@+Z@Bl8rRY*waA`Pw1^cPQ_g{Au(KgW2UZAU^= zwikOl9mG5P`*mcIJ4646ySI$0vi-hBc`PhMR6tr$K%}IlRYK|R5)qI_dXpjwDka_B zEhV`@NdXDz?natT$GdLh7yt9+j5FR79y1{8($ez9?YBhNuQo}=C7AZ^>&oujD^Q?>!XML(MzvIgqj!aPAGpMoFwUGYP1_MgcCmr_-{1 z{=x+W+KP&f?*626OH>R`0lJSK7|`M4)e;Bn?X-sG)4qIco+l*c1AUsZ~7U$@Z zLy~!*7DaZx5&a0SG?a;Q`@Ha!Y~{NsvJ3NXds^7`{I~41$Oac@GpQz0X zpk|s_`ksWh7m(uChm4hDxUX>-L4sg4*Z}omX#i84%nQsM*CYS-LA8L-O9PEiuw*J_ z=YNPN6R?$lJ0Nylik;bwsr=caex3a-Qy3Ms>-q`gAmoZ;4)eSUmqXL&g&s@*;3-lt zm0Py6-(3&3o-BoyO9|<*ocs1*qQ(7kLMT63?CA$_o|Fh8)o_Cv5g&Tyac$Q_VOZ}* zqx?E^8j$;t^$!REQbcthS!~QmnhuqGUH>(i8auN5%=8?e$vRg?sP&RZm`=kR*JD&- zsIA{(a#0PBp;GLS57A5#skrY3=1>}t1jWdn?5-kl0~?2=#51_$Nl33?v&do89v81M zJhVAv)kX)mKi7{e@upx*Zo`{U5Zm;sGg=&W|UxTs47R!raOz2}6@^AU%l&5V#)Xsj-=- z_>z$;r9S4)5Z=&ND|zbH-F{vay8oNo+&0(9$y0h8&^g5^5ZPQ-WI|J=QQ z`*a(lRz+Humrl!l2@YPW(7cdPOS&ruQBfQCe_oZoxiAAFMwKW|S8RxboV4*=A~TGI4d) zqDbPWV#e=5iK6Q<2Ev;-(*Jpss?cdyR=}mz*)^;8bCoYPAFZ6ls2Auz3Yq=Z1 zTg=aHy5Z+#-+v~G4G}JIrsaP5@*tYuc_83G8Hxa;t7wmZ6VFaUMSUlw4kjC&2HzFP z?Cf^;_Ke0}{bMwem0o5$pT&`_p6*&zxy}`AIS3eLkijz<+kq}SHp7Wihoct+3w0YV zW!kzP?Ru8kEoK1A^2Gv=`Qmiw<2(26$!OW2q18_vukldhpX|%iEqu0XiBvr}ouW6s zdwcup0->XIRfUpP9Kw-Falg)dsCI^NXluv{as&vZ0#nk>nVoaA9wLp5Fo_lGOW9s3 zaB4+X3|z)6=$=#u^e{V9^YiJD_U2crj^wfjil!G9?gGa6$v+_>!FsO!CekMTXY`84wDu?+^MC~O{q6?+R}^wHhqU!+i(6b+s@J;=A&^zUDC zxj9Z%IQls;tyRQ*dBC^(rkJXAAOXdS5E+AM; z0HRmdCmlf;9SM2jQuNf|3YZjW@*f{u?#@zeHgdhby|=i~QCe^$wq-$&bPi)j+*h3j z?=tRSMo8At#ECvM)p9|zMPWKpjd@cgF=z+%vP|5wXWM~BsF-PMipFdWMpQj@gSo37 z)YG#uu39VTV>cvSxo)rYN(&q&!6*yOyN)mZsrF7mr_J(^>ZtQE8etJG_U0~zYPACJTEfo7klXDHc){oaKJ2Qr^Yx8WJm%qbiDfijTz-qSe#J^M9H-16{RD7f4Bwks+REYo>; zd99a+xDGcv{kRurQ;FG)AYLhUrb@!70>8-h*ac}BAYDs+i1~;tmBzr-G`OAIOOuI$ z*ti)o@m-#cfITGY-SGwD>Rf89i^5z>Br&&jm{RuMz?H%Z3Xw_{F-Y>AAuW+MFg->t z1f6nDkf&#A&~+!xPZs_$&Rbml0|Xr&IEw%^Q7dMvNkZ5}+EQdbj(=CF>qD@%;at1U z2OqCa;CdtgM4bumxVOB&f;1Z9gGn*T2rsC}h+Q!|;$!wA&_g4NjF2i~dD#YrYP-*^ zo-}rL%IBgvM0|bg3X#*=*a(#5$kK*F5(zsu*9wKsL7h3&S1YE!Eh`!_PSqSlYb<(H z0N5jxX~^3ri{V4dqdJh94DjjROr$w-W03k3=AGxyp8a?mxs5ndpIxc8JKlwMr%G!h z1S(L+tgo(im2i#}8cizpink_<8A8{lR-o_mNKgw5xA5#~R4ZrpePRXrlH zaXB!|)^By%uH+}uihm}|ps@*40P`FeG#SEiKo3whay)i2n2l7hApck)OF`6({pwaf z)VeDCg7}1l!Hk+}P@Wof=Lef~60sm=rca)6M8a>(F&{W1^;lFxp$Q@A2O`w1@0}ML32M=C7dh}?sUC@SYI=i?~XOg-I2-khQ z>U_ZJb8sHI4^;0ugr9(qJ)i@0yjf z+O697%rO@Fwsmio>)uZ`K&MRuFj*4b2UULxbp0H9}}$~^X`7lGsk550D!QyEN} z&1zy@_QH{czR*RBYzM$!fZlc*ZufTP1I9esmw?^}ogx9Mi9Er*DU&+f&Q$do zPR+(e!BU=M$m`(i{Hr%%w&(E`-C{;#y|`JJ2kVZ8id*H|UUnb@ZN!*tBz z{=CmCr!g>5s3JY@PkSVFC)I|5W>?Ec2`m;A2MGs)3-)+8D+;I|EM9tZ-Ale3^p}zw zIscNyee{i#r9QO0cU*hX>g4~B4S`dxj^ckQ`~H98ru+Y@=;i;6*Kl80i+(}gy>iV9 zmwJFxc+Gw-ArJ9+hOckM88E;R4>h~1o)eXKw-+z)x3u)Z!=PXwMci(1-fy{!vhPw% ztoQLz{QWl%DsAS*9!7K9JaUh9s8sq?|1Tc7gh zW%>UwbN&AI+BFmh*D|=jC5FUy##{LlcV{Pju9!~GecX+B{bI(=AO7;U6#es;LnohE z{{HsPlXVlzA@B^Hl1chVjhjZ9Yvh|>OqawW^|l-FO>+EP7GheS5uIA?9r$Mnmx%vc zB{v0bll(A6Sh!lVU!(7a6n56v#Mj^T znjXx}unUxfcRJi(sdAX|f2>e$Ybvg~G*Hx?tRb;s&M>YCARfxeLfmr-u$AR?1|>wsZzGif5I^F92NAzE*`Ut%Fr&7%7$ho5|;UWn6M{@;x|Uh81S})u+vDfFB@u>WPyl8T106n$clbsD&VeP|f~1c}AtF%w|!) zJ4L6)!{|rC+o1cg$U!fptNlL98$44Y60NYf5jthuLw9;T%wn%HRQ}dK`YRCG+9CD55({S#TV90VW18K(|8d- za#NzCE`VNFTYq2Y2Mg;$mP6oig)Xd>?nGy1!2V@WkfoUfQTuqtzj%39$YeVF0 z;75sy2us+C?A!8A$VNJa7Q z3i)`OqyXgR1p39eqp{hX_0ntvf0o^@)_++CEGz2kYNHbV)`Y*W02WsM)&FBP_P^=5 z1(vtDa$rz&iH!HfUw4A_BBUvVALiYczVSDnzP>}p%=PyyjK6+`CN}T{lNQ_GB)6*s z4TjBphooL}Flb%5|DO7tcllQWoBjXC(PCN3`CiQY6WITpwo3^BCM&~qD34p+bg)bjWC0xpu`WimtdT7PmCnCZQiw>W)KWNO zY1xx5lqu6ZcEsVR)BvBH+$`(NE9^%dbv2N_F4PLwb|h) z$;k)s0%Cz9Np`a?8NM>RP7oW)o7!<&E)?9{$1gnm>Cz8}3@o-H>-o_73<+`L(eDiP zy48@{d?Z<(S8%j8E^Z%qIOAZws-R+FkrVXb&CSs)zjOb7p9{VPM=~ff7lEtT z+DV89T+Y2!_idQBV8e$rgQ^cNQR2o;pB&b`WSs#=1{wCWFDa+3>EK-7k3^;B-3hN6m_eDEPH;5qLD34ek2X3>TF`X{fYDP6?1B1eJ8&>o>53)Nh1~by^dy z^O;MecSI4~3L)b8lJP7+(cfFp#veH&{04G7z>vE1t#~}PCdw;78gl~V{Bw~a5c}CI z#&qv$W)$X})`s<%3+)AF-XM0qA+{&uQQZf*XL8?mH;yvYd&SKwxwPD|1)$2ioBSg5 zDoiHmeh-Rafs?^-pN*r`95ig3fQdTnrGF*bx`anan2Kn^<=wH3XMM>K4Jp*tAkyO$ z7Jf`Op|m{gonpK6QE}H)z!)T2@H@~JWjkON#RDLE7}Gj}jHzB!4w<>(kZ&d-`iQ)R z7}NfI;TlgIWaNYSb}M=c{sgdSTK*CGz{a2jSZs1U)c1LKNFr4gauMk&pNMT}abaJw@NaLEK*hWdCl`-}W2 zz=#6y<|t$U53&R*SfLQ|v=N3<<8u}cZ1N|&m@xUvQ}a{zVTxP_Vs%Lp&J1|Nf!*Fw zwK9`%gw>8{C{{pn2~spxsgOxVjr&ZZcatT8v>eqBa}$uI~5 zwtpay#QRN@Kx~SEM(D-2k6@xk6UAdEC2+9np0`uU1Dd1})V?YH=Ymc`@yf0lP^JT2 zn+-G&hlRGLzBE2b)DVk9b2a?k6W!t3nPjyx14m=gRXcT}E*k243q*rS??uSo+QA$myG7n z1pbCH6tlNQ-OmW<(Hi$wqF)9mXjVE2BcqO`KCn)6yaHkcZ5J)NhG%t~7|zib2tE9- zCIEfx5_7>p4-?j&CVQ*7ECzmF?@dMrB-wg>u4)*bg9c9qVS46*_`VFLmVn?t8mQ!( z_L%|rUC+RP28KqEzD64*J*Y;?x ztos?9Lez%7W`+HaJ~qYeMdHhVj8+~vjXF=Q>cHaBsPU{ygU>bG|7^+?@gjhXx!y6j z-+l?&PXxf{+nowTu!+BgX;n^RB2vkGwON*eJSzLggBTQdfyWG zw!WAbuQ1<1%(;xyY>o%MTB(R60vYA-Sc!x<7&YfOJAwG+8aY9Vuor&^cqW*Xa_;}! zXj24!l&;m7TadON*Xf5bQocOE@B%Gd8fs%Ef@PWkzwOa_IE-Y`yc1N-GK$d@OG)rs zm6&TjFz5%CHXIuXiu%&~Ahsw?2OC(3fd&&FHAII)S|LjYu&qzyg)F}gEEWfs7KE8$ zvp66Of@d|HSQ{9$BMf!D7|4u25Z2STZ{HMV1G~^>|1N5Zc^?|X9~w@Ai`TF?qLc=I z5x&E&r)0bqU-Icio45N@V~y%QO#gL8$yi9+Y0 zYKq{-kRer*4+(o0k9ie9C1$D%omQ9y#Y0T5wxwNe;xb=ZCXnFw;D6Qux zXtFz}1aHMa;`g)u8HaY)J; z*j~tnQJDcPD(=RzG1jXC5VaQo^Y#-mTIWaa-;T<4)i$v4@z)|{Kyy=Rh59%i+8{Rp z7SY1)YzzW@1l1QkS>I6>0b&Zws58EOQwQEs^J?W?wDFhQv#rquL%P;KS3iN7PiF=Y zXr?rGF_nX$Y?@5*0fM2@ETbmqSWbd>M=@ylvIdd~FG%JxqU|MY>#qmDFHuwL^;Lb} zOTZwf0E6`&ACjB%)R#w=%s&TYxkL^_S-!V5&(KzT(;Pqt!zjg&>#p098 zZl^$?1t`G08^%-Kib^aW+UR_AB7B%__UPck5g>Ma^Gp6?+-wAQyoDzZkL_nriJTp~+REznOLXnq4m z0FDI)hSfWq(_?dKh?EG^+mLRd!vnN#h?=quKvDeWe~aC2gcraK2^gxj!wQp&ZiBjF zdOm#p+zI&9U^=BaAI|#5kr6FOE%5r>Z=<8yxxOxn4Zh?>Mpa-I!EL=7r{#KRg9wQh zfdH+Ytzp=G25UWofI%&3Fi^ImQyKLYb|f;KG&3_Z>dz0(vlVN zd>42dWZc#YKEyeYmE5GF?#I7+g(V)j$*=BUBRbmz6pu9E7l9Q)Jg^z!P>_8WbCnwr zn!QAH1~fV8z}}DGa4t)chzVFIdNNk$b^d%=5^%152_%iYvSMOcjhCai5Ki-Au3un* z6)l5inL;GzF_U=jC89>@eO3Kar%xO9wd)Lg(n0UxUXR1&-;s$SCx>Duo!|bL4~C}m zjSt<~tmp2D%B}D_7ycsGx63w-5wo%aT^13%!@UaCa+0;0aS9ukcaoBlieN!~0J%Zh z=?er#2XD^75|e|J*;Q;VfV>?9tIb9lFAVrI7%o?!GBnFSQ%grAEg7DoV=a)>pAG}; zV1S9r5MacJdq+$N-?B+jMgjw?4(dfOcrO0P@ z0?>}zKwYL==q@idIiKvBd5wrDeWlka7oj$+HK2jgV4R+*SRMk0Z9{oM@cOkv=vQU# znT&pxLJ*4}bc?)EUyppn_{0!R{|4NB|06^$tUmquMvmBTlm#m{%^UGr;fy`ISO zE;HF~DJcB^7f&-j9HxBhdX!I{5Mcv8NM6 zUd!S%w}E+U^rQL>%4T6R?P!0cP|F4N2JA31{yB+l^yP~i?FtrxUK4yfqu{h zn=oCxHwRJUoe{t&l-Y;?sQ}48R69d)NqtLd|O6R> z)c%v$pgI(yz9c!Pk)e>{`dw5GSYpn*({eZz{2H2Nw!pIURUR(Wg0YaIib@#c>C?Yd zzrcAz*!ONHDLNB`Dbh{)^C1Q!%xENtfX-GS#YEM{VN(`(s$cq`o)^tja!zJR7GIpK zi%nBr0Z?f7rh{es4YK{t9ishe8*$i4eX&po)o&jhLn(|CoE=JvDMTnK3t?-8z z9Z8Ll^n0K{FVd+w<3q%w1caMcbD!9B-A9&){~d22#w4^q zW(Go4O?CCu;(ja`7755YglsJ>m^>`4`X9Bkp)T{xmL=MQq3%^P6 z*e$mM7}y;z_!!CdF)=ZSnyKgbsGREDU9`#z2OFX~UBDQEvzhBRCyeGbd0?=^(z&Jv z=2+H4TNSkUAkl$rLpuSgph!C{;NKf1fKpeP>s z6M|17XMfHhWS*x+FL5Q3z5#|8A_WH- zx2N7d5X?WEIKimWa_hZ%OT?ZnSW5x@+GQW3Y_rm%2u#q-NX`}SxPb5-Cndh2cy~B! zBh-UE7+iG$dIF|-DlO4G(ol-_ym@~W1A+S|$(NJ#(liZR_|o5Ys_^l2vYOhVTiOJW zaW4Ioz=|`uWp@HW&D@AHY8lurSD3 zA(m}rF(HA^!7vUK(p=3Or?8%9S&Ua(T3g5{JXZ*bb$ajT*9(f>WZ>Q^_$?13a#aMg zq)fark_mn!Ap7?ZVNy>)c*vk1f;s_QA|=ag?C99o6dL>}LSZ&LKxJFE1dRq0|FH&q zW*HGdif)4+;45OoWp>3;1^_J3x0MkIC|rWSfHWF_C} z?Rf-cqGVAC!B&MH9=K9zfU>Dlu>$Qd6SfOf^_|@pUn|dR>go%(L=+*w!os3?CBl6R zVbILj)^8Kr-gyd&lVQ8eBD)nWA6Kgi*aA#o5i|7(fi}VMtNEx8c-;V2h$7l-v(9bf z$Sf^%*>r;`L^!bA>FT?!7~aoB;Zov`P#l3Horo-EKn+0CXcEy-kc4g8A&01u<~tNU zFOdiN`T03HIa%+t>tL1!mA4FU4~fb_9xHvy9^e?> zHal@nEadi+8<+2Ve8-j+hf{b%xbWSbfDan9d3NDx@v7`p2#FLptPUUS^vXcYNm7d#X*}JQ&>c*Wr z-)2V@D}{taCT95@;PLB?jGAR}85!q8cQ5)t6-WF;Soky$U#*6$H(JClyLzgdJ=D-3 zg`4{Z`o5ErQ(WnIBQcq%a=T4s8JWw}k}=-W#bz~EUH7g^#q#?INbM)GI6QX7^o!Un zBvrgIV+p@Zgy+`OBz7=2e!8#h1tGaFd>~fN>`%@JGa>sDqT&&?4JVnAN`Hf$F5dSg z=kW}53i%dk>FI05y$EzRZzbNlu@>n|&vjP)i(5Zwzw|Yb z*JK3K$!cmY*=U)*ztpM3ZO*Kqs5qV+N-*AEb%?)oYv2|YhRJ@TrCZC>;1*?qu{c;3 zwsTRR@x(o*pm(`gfQ`yHCF8=chAfqgYNgR4{ZC@Dn z>VT~7`o>)19Y)42?%dBg8l|r@=#)Qx{P;>TvUqG`iH9w=e5F!-UL#;sj^$bNOv}#r z{z{(izU}RU1Y8HqPq*bkyEC>sU{tnNvpw2ekRHx#={N5O4G*9lPbGWQhU`WU`$}F0_HuTDd!jtO zv~&YZt1U(kx9K|TR!qNEzcn*;XbeauXU$}PqkS+z7`A|rNp<$oi1y;>{8h-S8(&v;of{te2L7TaHmpD@KXLG;|T(YU}15=IQzD%0W+m zu`{*pOV!b#xkg5oP|pCpg0eDaB>&(Sk`p!svtP$pos3+-pvJqRf|n}pGvm_k*w>TS z1zbpv3N{4nt-oJSN@Z%GNRZ`LQqQ*S?p!%(g@KhfuT8 zhz&nWRaqIaRO(ecJb(MW@Y0J?L{^MVghJgPZVnW*;(815r6yo@P0R5jHKJ zto$eEeOrlWZbj4uKspH`iiK@|_Qk7}>42%o)6KctSYHH=j$V&>0H?Kdid4>@L9CF^0vTSQ(6462nLRyhM7z)+^QpDg63`==B|NAXWTXDhY5$Ado`iXt%t#yU%cQ-9q`=fnPz@K^FC%x zRv^|rdUtwy8Ujsyo6F1*R!UCJ+fiaXJk5QCZ~-~6(6I9iF8_TwD{U9!m62a@#(96X z$fe#EVic&Sa5y4yz*^g4KN6l&(J0I!bZS8wwk$LUo|bLTr&jJl9;al>t11`Rr^f|N zp3tL5uV-9-y5ZfreC5h(nD&0rFF-jHESSdl&oX1`dac;aw}X#1+X#O4yB{26wk7=& zCmAU-)SiJ4Y2yvxQEY0lOVW+sSe@3T<+(W#$A&LeAxsS+43W&%b288tB}*;sf-g=j z?x?Gu!11oAH!I?&npNvca!0JDKSt~kS}&8jZ*J;c|F|Q5 zuq*9aT`?O|7t|QII=AAII;cwTabNv-+;eBO#>Rd+IN6?t=5hEj1eA$+t^#Am%aNRu z*+r`NZ5FOUa{{x+3w|3$`%f=nxvY7ex_JHmWfD%8*A4Z&AGSvv3F(xwz7)9blR$iv z;2b&I%sG04j_v|@u-K2kogLA`Ux9CyXV6A25yOTD zoiF22krS7GTg3bJ_Iut$8)0V1p0%=_jkcQr|3CYKwT73w>w2&?=v+x>r>DpB8jM1N zzi8VH+YrXsPe_C9Q}wMx^7?n!9+T#-hjeoC0nAQ2=6Uew^G*0ss`?cTKi~a^=!4G>bW1H zu=uZ}NJpk~qPt*i#R>#WUaMayDWDeE#3%PDP`zglJwt^Rl%#_Grc zsLMaS{2p)L#_yD`tO5b+X?Iibjus881`>NF-_uwC7j!Zav&d}mfD$m2H>fr~FM;EE zX?u&>llSdcUyUzXy->LhSJBeX&;<`>OPdP0nqK$p#s;MbotcPOzp$- zV7^`tdYC-WsgerVUMwE&!3NW>nmt^BTKLdkAMUt<_6lc>t&SJm3!j65LH)BSyHZ|v#>P7`X6r9_&8m3>kL_m|-DmU(N3mLMXCRd~0^p(;HM0*2M*S|Jo3 zCt!ws`6$->f>EF)R5bu?;|EZ5hh8?2HL;Akx}G6q(s%%n_)IxwTx~ZS$=RmBD!IeJ z@bx4v?<=IgTyB<^lf#2RFl0LTw0Mw@|M3RKdnw+N{LvzZY0!Q?LnJ3%TNCLe?6EQ? zbCMnc5cSo4a6P^NlwuE-HVToWoY$U?4UWU*URQPe7VdGTldZ|<@sM5?0I+k+g$Y1_!bZA>po>=jyj!0w)bpotS3{|&Z7;! ze$M^v$)o+{8l*Jbh;byiN^?YhVW#bIZ%*Emxk19!$=!;x&ouL&pX<@r8?PfgcEdkD zDlQau78R|kfp`vu{WYkmbZZ_{jPK6QjxYT*IpUa$_|etM)$%a#lCOKFJRPhZX1ykg z%N=FxpfH%djJTZ@!dGt?V2=qQecu7 z#yV>V4;H$rs%ren{v~lhKtMYkqm*ijX1PUBNC+hr6%j3MV;UryYGI~vU!LVv?p#I} zz89CZoH4N_^C^*^O!|$(_#6p7oAi74^_gKoR<9%y53PJXXjYB`KH0UecQ@8x%kb`u zJwYj+XSVKy?7IrC?`6qvR@&oFx?nQ3$AO^US9xfa3#Gailr%9YeMWuWwKtZME?fOo zU-b)a-p!}}Mt$Q3mVBxdOe-{3j~rKSa&q=gMh3tfrQW!?V=c7m2uHsFo}65SWQRWV zzA==0ac~wjy|bW-PfAL8*BuODz6sklr1(|*v)4e|AeT1CCG9Vk{TdT_j0DEO(zJlKH46FY4 z2QOaSVPR#}DN^Ab33b$kO31zh`!*$I!c2Pl@i5xBSBex`0lQHfLd2skoJMQQxIdo? zS=fb!R~Ob)Uueb#R<{{=L;W7>qShHo$M5M!y0xp(qCRR0qWy~kxoAv}`r2wuq6J9M z!0zw{ryYsQ(MGIp-D2(}XVor_jI{IT-V@qwtD@TS0-R@|_^Jgu#Vr~dY^cDA0CxOz zpnY83%#=#o76uFg<6i;FQ(zTK#80Xk1}&?hT?%jBdQ8|=IVwPqy5;9B;&hO`GvRd* zVec#Gxe6b>>QKMMB#m7q4U;vMl}VZrFT>l(!lWb#jz-6SqJp=yL+c45EX zC~y)B*`H=^m6*3x?34*9$?5$2Mj6vcJ!-VDW5w@)DD(^FyEo0t0}Xg_*Ot7@$lh4TT8=U zk6pK4xSy_fgHQVPm2jr6s{H*E+%_Dct}y%7bb;@rj{&(55^CuoG0%FWFLI`%GjtMM zNv8WT3!W=g4O6s%FV&&IUL1|7YjfFRMd86=rbH|haE0dC<0C>G^6S`GoWoA6{5wy{X84Xzoc#TYUoU(2E&}Tea%%tMOSYh9?Ec?3 z{`bE|w%7k0>9526`=6Fe?*H|kzu!8oU&n&G=zD&B`S<<) z{cqRLd-r|+9O-}j6G8UB;h?3w7GQy(o;eSe+0b3t+YCY0)$gyvDKjI35Sm>*Fj2Y= z4|wC>+(J&}ZZB}GLlX%>1&{f+-xO22+2r~U&S0X`wvU!qlT2yGNW?1vllqleO(e)1EMS1MqmVb{34?dFX_sjo&i+va``13pdkS7kpZZPuip?qL3A`!*w)ykb zo#C=V%Pnag*scKc8KrPVOF2PP z5@GoFh6pJL5HEz2{>LKJuw5DPfn3-K8agDegMMVX@!v1U#@Utd{g3s=2;-6<8pE9k z>EEyEx;( zoAs?I=pQV4;Y&kRV>jr9ZAg6au$t&{pLVS4e(Tc@G{BSPTf=;B>2)&yk29LOLPA0( z-LcAE#Wg1A>MS6Po>FW2c+XDY48K8LZ$mS);VyHMKH&)*nV8swTg_K*>7_3nk*L~P z-CTH57+#jv<|}N(D~U#@>J#>e??d(|(~3$zkd1l%4xNA+snIhjh~JF5%A@tJp~+Aa z?^@p@tvBy-ZdS&W?nbQOxKCQEWGfBvY;t~5%WgW}-!8ujL(%mFNjW1i7HHw78zlp3 z#=q3QuX?Pn?*Vr_tv_#YsbqU3ey+O!8-Wpz4wn^j*z=+G(<{~DbJSq%y@4#r1mj_l zuiUemk?@NJtyQCTd~8_qH@Bo@PaAguxq=Iamtu_W!j(#LR`BkYu6?$@@p7(vTm(Xz z(J7)qlZ#^+$tg~kJ_mF87jE7g+4=7ArgWdrg*f3Lgc2JrjLl$=G|{&-vst3Sp~dH8 zR!YTVD(GpU6mnFlXtQ5D$m@77$mkvT3pm)Uq%YUz$ILWOU->#aF`4c3ahaXhRFE;Z z!lx`>E&KZ6w>y1HwkU$JhK=VaJ~(-;Dw@5u+5^WGvW2{h7Qup>vQ3LU`#BXy@2|Sz zdQKXt2hMIU^w(rd%Wh8Y4TLZ)aCbS{#zw$ncRjRJyQU69wATdf(1ti(TDzi!Mw3)H%W^XZ&1=-{+ex6tu?_D@#%2){zYHhU`SZT4+QxG%k^JR zZZdxF?GRS1q+Obx^hm$?e(d6Iy~wxb=8gM)@7@`;=@*QzxE^C)BISK^5*v3M(7sz+W8o})f1rpfE{$jxDSl3OsSG*fF% zNN&0K#_WmtbnMsm5uJOUXN*$RKak#6Q**-upFN2xrM{*pq(J^|YP3aHq9~pf)q}s$ zAk^%2W&T;@n&b*^iawpyv*sf!d-}X+UN5H?3$tUG@-|8i%Cl9+MMS5)91@?(nrFFC z65#2$sT>Mrv6wdT>F;K`taa5tdaY*kS^iTRCwbW<^~Ffnc7|_Fgwlie#B!sz=SjWE zm}=?t29KOb;R*#!yOytBuHs^^V zn3n-Skz9GhWh`a1EQxGAc_Zm-^b0=lZYQyh3fJE>a0jihPno7Q-^jOR9Fa*dK@QN+ zr~Z9h(hooH>RouqSO2Tnw!mKf?605pmj&(Z?}J^{#{gc!m5P0GR_M*Llo%p(ov18BL`PJkUfP!Y#qVI$GN% z46<1sD7tW!nl~qFGTLsmW|2;*fF z-(SIgKeuNqd8#2f<+d(7JS)QMaGCG)JMVW7P^i)hdo(E9YFah5X*mNXQmUU=M4lDm z0UzWU{dqVYLBo0JK_Ybpm3PVF1kHi(-=(?L*42%-@~kKv2|TNHKZ|q0y~P&erVIdw zn3#B;iE7!pCly|IEYoMxTBh>P^-0*+6Oa12P#j3M(9|{2lOkovesH{ebDjPtuM=J# z-b1s8Rxp}U{Xly5-1!IITu)+z`PrteEKt+)o(Vra3hZ)4x z1=owCtJX!&4S1fJaHX!h6YekuPf1_STJE#!ke$7OvU+jDQs4IRe*1%pb-uA#~*E6ZjQ7Y`&#?gaS z&|p@-z3_?NnJXljDb(Pk3%~T|!KM3_Q)l-OeoHnDwumUkn`25HZ}JZBjPpZSg;!=EK<2!W0bp zu!hU{_-_GYJEh@VL*=ry2u`UQs55htB$;-Stca>auK{V%9KeRAO z)GthH-(mlwJbaLlW(|9Ng<r`#u@sgjXX`+&=@l3LmqDM9^R`%^oE5t{ZT;OaBsss2GhQ?@6s z5E6P;9Zcs&82T(7AFla*YiY4@EPws(oeS}Vo6xgo32oR!LQ_=`HC1@cIkeRL-9we8 zz7@QOs^^L4h@h)K9+k5=?UswW?>}v7_u$Z-)<+Aja~$6gYt^cbVy6lA+Ks6HYnW}yqOzw+u8p2fO@?&SFrWa=_yUcYZI%&kodz|Xd3tbdl*)R9) zI_0*x*rUced=(W9Z^r^P4zZE0!=8*0Lqfa_={+Jjs@{3?ah z;Yod5zbvb#q*xGrbvI@h$P2#g?(?D!_iz!!5(#3p@2?`eZ*#>pR6jf?FYgX5gCa{P z*fHJ&cr2WPoZPqa+&QzaatZVc516!J4-z?Fy~5^<2D}9(2^)_}@hrIxZ=PtLm^98m zTiuOI22*d{$9@?hr=Y#h*sW4C60=16IfR6VkN3XNrfgr~6kG{5K44BEbdp3tFjwA6(n-yM z;u9LZ;T={|R9P!_Us z%IF}uot?Q46Rvij0+jR%^>-10n01*Qc=PT;NiGSkf8!EJ<7Mkv z2>;Qhw2CZ_SD9v>ViBiudG$O2rhaTEQx(-w-1U4=#_o!Q zhKt128%fI=q9miDyE)`PbP_{%8xopcU)8eiXwdjG;b0cYtV}ODV_#V5 z^F%a3QvR=n(Jvu0p+}7#=iTeLc`CZq4{p&A_r4uj>8nmXDen?A!;Ig1k%1kl|Ha%} zhh@2T>)xm+1}RDk2q=PpNK1<#D&5^F-5{-^gp>%VbSWK@4~+=YozmUi4d1wRzU!Uu zUTb}8t$loZAD@4ylSw?@&wXFl80YyL=jCJOat>Za4KxEfB~`nL>UiHM8+k3a7(d5Y zKbmiMUO$%exp+l>Mv7uUbMyE^-Y0l=FgZ%RUPbb=o%Q1keg4|k`AKBxDpF=StwwdC z*Q#d}y=FXY`o>&v2kwnCu$e+#4-41Tc{yF_u?79Re6w~}?#s|~xm;?~zpmSppG9kB zkDWPUu}f0(F+#%!r{YAARbF$RD_QN~yUNAFYg}vfAF3lH`Rs>@hqE+?_qr}|O!Z1j zlyd2$fA8qL+`{HZPb-O8mtNOpsRn&j*HT+)UWr~yAZwAbwY`>ERvd@D%T)uy?Kw*) z#@`)A2Btz0UBR6JmrM87do;`K-Osl31*LkrN&dQPm6ITfkDIp~$x_CXUTPCHexOkm z7AS_WYy8+5vpmYzP`+a-PE6tiUY;C*atHo64N@y9*( zi$J4+h=dZ8+{n~ZEQJf~T+f$aK`VMO{+i~yc%kjA2X0UNIT&*c-L`|INCx~HH~fLG zK#lPT>Z{3Nc)(;7W~swU&9WOl?+&xG?a?0d@YsF(IBh2)lU~f$r=y3k82C~ zKFafe!(aQgQEYG5`ikaJB_F>)Q;?gdSlB05!$4Lj-U=mYZZ{g*p&l>L5|8v_36;>2su1nkPaX%rsY_U%5>%)9gfoROnEUfnCLH zF{BLc25oh?h=}m>TH8-`?@yms*C`j9+-_{#l45~^t-j?D^Y~y_sWxnvEv8H}w2T}C z^oIs^p#g!B@&(M^#r=d-fM6?zP!_>8b2ir)*v>y$w3 zBZETH{P{^nNwITi1_B2(x3q_favE(E)34_l^1p2kOSk&Yo?-FKICT)KLLH<=i2!cg zB2zO4#Y|_ROK7NmGsMG%1@V1Y0Ri$am>qP~mJ)o`C!mScJivXu&h~}~GibXuIZowv zpPWrwLa#Hw?sGBy675U+c40G*lh4mlac8B%JsQ6@ zP&un-q{w=SyU?FvUUkXuwTn2K9#?Bm-t3W-OC)>LK7aI{mG%4e3~RMJa+y5c@bp6Q zFTHSG_5xKf*AsNKN6C{kw`d>c2~fR%7|L3acq!;awv-~%5>xuMB0AT(4z+!wwY6wY z`oYT_@3Cla(V`)H%{Cs~8kf#h^A!qO^LCG3g2yh;>xl_>kF=k?-%gxGWx~o)|Gh6I z>nMB%_?Gap?+Q}s{u15JpG>BAE2M@YtVqdTYFO6@0s=&yw)g1W<>o%!SnJuj*Oyp1 z9p-7#3{{3~PmDpuKzeqol-5Y2fM0Tq%MI4GtGX7*26IbttmZRqw3Xm)esFX zWoO|%MfIvTeSvokLh=Y3H_y<%N_td$_i&6_3|p_`*Yjb2p_rB54KeQ3Yh&y$zVYvG z@~U8Z-qq~pc(m1)c8Hq?)@@cakAhf_a%91U>Xp(qz1Zi_y%8jT-52+n2&iV){dDlw z7VR?t{GF94eRawd!UO`vOiCJU&?I#8t`hq4flw5`71rq12m=O!va(m**{#svW8)mc zE6~V(gO+#Lxj;4Z>9d&hOGS`70%DYM`GLgLj9U_2`p_x^QEDYv!FM+uSLx8uBs_T7 zV}N{8x6%B8YNfF59Gm^H`Jt`Z+DgNtd-n}=h(w%m(JT^t`X!mozCPbbU9lV7h7@%k ze3m#y-Bj<(;*a(WBa9IK9@Al36f;?P*?>rKJ$!9IX8Ja6P7AE;+j~?&2i(iP+>47) z#!vS@cT3z+)!|tchAnDl;KO~#%0WMLVR@H|wnqZYA1Q(Rh0ON{|j8Q#Khqw!Rvdp{x`T}ZG~uSzYsQMwy1i3 z89kO%3HsB(>A~YVGb5e_WMPuXu{RCcR%e49oz^E~P6Z3fe<29U{=4QWFPGjV45JQ~Pkna6@^6Q}y%R-B2a@eT@!9_32!&`;nwj`&KEdVCA+Vi!?tF59GD1pJXz)XgdLrSbWKb@u&y492 zr@@D19%8x3A6bkTJr#3N2?>)xZxamTh0ec@`9*uSPJ!yz0%HS1Lu~+RziE$CpPckMw012Lv@|A`6R+jAdC+5mc&QBm>L3H(Up)Uj*y zE9gv0M#fe+7q)CtAr!4TaD{zVpZ|b2OZhUH*9z<6Aha3wo|_B02kjT9k1`#}V+Ckb z8?Hshu|}0}PDEt3VlLBDm*CWzub&?)TbYSDf_KMEiHvaCr)dNS zDq-r;^Rp&Nb-7}2F9I;oDEx3US&icyTC*YRqv|2KXQW&~SCL8{Ph;^fmDa#Vz*5j= zgynS3pbC$S45VlW@(Q1kjw+uZ4ocW(#;j2(uvlq(0m=>&c1T>+_{7VQwH{RTL;CfMmZ;CLx*} z|FwObAaqM^164+)YyfJe>)JNX)6b=qtyLlw+yZ<^6{Ac2nytzAA$5w^y%>JBN86bs zx<0D*hIt3=^6o+vt<=u5W3^M6LW47ny>pf~b5SMPs}A%S%!X!pI=_xQ8`r*rInbxi zyj@ejubLfwsLOG`d49bsj6bi5c$!hU%ZG0FbMUW3_7PbuGR7;gdtRYP=bBAh@?xlx0j2hDOp*>nhKA}b>&+>a~L-3LA%^zruSDr zjhebnwU_=S|5~wAtnmy;G$5lEZ704P7wcJUYig1^TQ$R^oT5^}UoX^f8Ae7Q>kA7< zAL_(kruDqb>~oPp?v5Za+jCrGc~4%Ii1XXE=dvJ&L#rwt|P6^2l3ST)tc`F`@PtqfWA zBHfNwG2A>coD&Bz92FsbW_>KyWGZ{g`C1-o5rgOn;4;)zdibWS_@7dFoQ<()KBDyE zSMYFHIcQwIkV$E$5b$_a!qD&n>~=3%jut^fo$ITtEK~MOTOC&*{gJyhZBf@LcUK3@ zl3?!p$`bB31%De)SWF<{hlhtNm)OyPk`){q%f$4^-tLFut4`ZbLoB^u7W@n(oCsTz zb>=m|S_?h@M4$X1sr}XQ+v&McKH*D4`?c5Os6C#L_vV%*Tu%Nfi3hcnvu?BCHc6Bb zHWnMN`c$Y(^RLhW{P$M(lOibgPSg|*z>qOZk<6MjE)b~Rzw`}4Oc?o?Z{3++2$#ksC z6|GN3dh@m;Sqx}drOZ{69Ld+AyLuI9EmetOy)xffab0_@2ol+MIC1;cq8k>{hu@7g z!rD)7ZVgLGWiBoWmzImkY(-6J?xxda4p6k}!n`kJVS&g4-D|g#1{JG$*3Vto9qh8l z1Ny^=IZW%qRZ(X=h}>ezpbKgTu}8uqqTlR-YQEK?=XTg0l8i{OsUi;ECC$DHp- z)H^eXceT6I{IjWtFJWl+G`!2}3wLh6G^H3hd2~u*^hV_}6=5HXR&!RR5}_q+2l@n} zIig&s6BY%9ctg^UhxMs_e0>Gwy|FbDC(GwaNd1nET(hf;LGH2;avd<^xLvBQ0a6$t zq%e%Jf6XW|hF&CaJd&H;>9nRLqO!X>ePy%~$6VEviD82j9}r-J*{!a_K5syV;sC5{ zuRPUgB*mc0y9&(TLhPxlLP$I-6B7=2?Q$pI34}x{D|Fv};21V3nApBfe_!Xvq}Pen z?cdg7NmD~Z6-@60z?mxN&{|^!f)J(|tdfm{KK61Q+Ua=N9w;#Gl66gI>0tEqYik}0 z58}lkS_5JZ4zW+gLX9($JBC@ze$CR|qVDHA`bLh@e9O0-0;tJf^P&bXYPI{my#h6? z%kB#p2fl_+x#1Ct@mbbie&7j8S|v-@99}qi_w=hY%_jQnu^y@X&7*invuW;iec0+O zwo_MLXinnqp4R~vpcEm?^^uP=XhOb zTT1FQLZ4)4Wov>VP0Heo$Qs2TS)c-pi;~+O$WP(an#Gfv)utw!q)K@{!jsGv{XN@N z_BBX=jqA{tBrLyJYzGVVbq1Ny5qAED!tTfbquoHj9Y~)1t%SoSC0a;~7nMwIsF1}u zX9kMKfE*9!MCu_mXp%z3_pZSGORi!=gtBMZzuugD2aI*lwI||vEYdbhV7tAqqg`a9 z8PaynswYU9Ad6#lUbFfWbJprDM!pO#6el`$Tgb8l4~O}XPtIhmX$8HPmO{{7m>Tou zJAYo(iwlT?Q@2C&X&z{P=^AX=tBc<8w}Wm+*HqQh=D7ajd~+1L8mk6kYRIUo`!6k_ z(E4^dJ2h*;^ONg6o&VUf2Zgt0NKAd(@M9`myifyZF( ze0cI?L}X-o{+VrVowyS)3V}nq{?($!`rShN88|`cWoyM8nOGVH9H%-rRLpvH(q*!* z{BZB+R_(3`#9u&(cRO2D30yJoz}kmw{frkrIl<~(b1I(3b#gAI;HJ)sJ5;)_lb<|C z;ln+%MaQgMKAeRqg^gByP-IlT^#$~hrQ_aLP`tQnRBz9P%?980whl7!=t4y)&M<>=h(EMNj}g|P=!mEm=e`4DxBv|aym!9~h@D-+-lK9sJ3iwSBO7}j z7qSgVqNM~jBTsZdGm%mg5KGQ+uOQW@xh?mc)wR7vvSAu+k?Y5)r6!gZ>CJVq>k zg9mHpuMqa!eHrmv**Jo6+#rbVm5jke+gmAJU6?lSnMu$>^**N{@qzpDF4+{-7(KW> zS7%oG&@p*W(yfq{0GI^kvHplp3a3W0{+(4I!KT`wL;Lf(v=pW2bxtAgMg5W73iTC9 z*C+T?gClYC-FRJ7{yN|;27>@Rlfjj0CqC3uUSLSe1Ix<@C|Ton;c_A2@r7HBAwYn< zRy$9-IO5nD-;7_qMU2Ibh~vMdix19E`nqG8oVU3g&ExybpA?p#5pwaqI~|=jbE~t~ zapQojSm;?kwUdvmM_*>2Z=r!lc;|%x3#Fi=VRVXUZK}j4AVP;4)a1X9LmT$jIQh`T zX1&i0Qoir|xb)#mAT?%0^j<%dQ%%)`Y_k_V=E*pVH|17&XXrvE z$M&Qp%8?sQ=Ga1Z#&3+;`UIaMM-wlOdPnBZ;?j9|yciv{wV=Q5brq3VlUf?gwV~`R zVlOeQNZ#~8*?t>wi0@+NpC)Ie!NgSJ4*h9EpKPxX=&d=ZRu(TzSDB2xj9>Up6^myn zePujxc%gt94TRpud9f2^lsIAZXFFK&<(6*HL=>)B$UnWW7&#XLw z1{M5ZrG*i2hw!Shn&0Zq>Er}>O)NU){?rwGy4Wk~5jgc2~^X{=>iMx zcKbz1x7r@hG%Apv!*uJRKwBCvRZ5M7cB#k!J#_am|3`TbIB2&W!eS}~oU4}?eBt@u znVn?o<6@TJzvH(VO=RN=HqDDTOEr{f_+Evwq$ZB~F1d3b&WnD2y9z>BYouhI@AkRu zpXx@G@D9cXbunbeB##j0RN8PQ4e9j`rGq!0v44_SX_l0YiheF-HcC8{yXqY!5Mj#9|0KIHgA#0P&kYs5IIC59CPM5I^MVG&BJRHg;0%ub!c zx8J7&u5H1IwqWn*A1GpDbD7}Y=b+nSTF6*xh9bRTi>v5a<6v?4MtvcYPXDE zrY~I~xQD2uq4slOGL}3WZ0qIxZU@@%Jw&y&V9;;ag1g7y<)X4L%Yu0;Ggx_gJ)a&lZ4E+3%oxi=HXt>qnYuF!TBx;AxF;n9BZ`%AYmdNI;_-XQ}lThpf| zo&8n9XYqF^uCil6F~9NQdx3k*?Sv9jKo|SO|ImHGOdB45sj~gePw7(s3YGjzN6z_NjYwe#T>AA#CxBWv1Nsf zhEGON!z<#2SL6pPxLsaV4`J|`R=M23qzPn%A()zC<1<%)4+-LQ;Z*YbRq_s`!;)AjUPOo@Q(Ja5}C!)j1r zzDW7%pk4UW+4l*5ECP=!)Yy$1gY|x(&$WPU@j#;+NSXQPmw<0;6l?%gu%F&)9&Y>o z7Y<7ZYA|Aif|L{1238s|(G%f-z~9s@N!6qn1P2LERYm4qXb8d7n|VNW%4~ZBPiC_G z>%gxFlj7f74)Pnx;$OHTNtIAjV10HqTE|4Ev*>)$<%;09!o1~I`siWiJw*-COt3b|G$(h3R+jg{btriCXP%`}HM zR-QY1He%^t>EwUDXUNx-WU=@De!H3;|3NN=g}as8rbrkcWC6jnp^tnH@+%=$J(k}s z)Pr*hKD+k6VsLwvEmJuP|IS3iPwkV9dH9c?@y|c)GLg3jewlEPt2zkB2n+MO-cO9= z_4S!6>H3epOXpf9z)r41GlBLJ9@;~~8*jeWQ+l*m{?!@io8>j+`OJ}g{~P}+yB1$r z5u2b1ix~24&c)_UEKW`%SS?U5uP)HGNp%EI`v&KBJDdh&losRK-x?6t=r*dOVvk80 z8IjAoviQ~QBorZJ0Ky4X(hLUWbAY^Vz}4;Xl)_f|6Iv;j8qE&g z)p3@>ere}cUjPGtV+WVbD48A!qu+n9l8kirP{RjDd|+tXpk=?^pFJJiN#qml=t)9Ih@KYdDO=z;*!sp;tkKiuEXXRse!1B7|yIfa+` zUoo#WsefZ$!9%}I+obef&BTEc2pog=bL{nhkj+O>herh6@VSFA0&wrX8DYRrU>-oU zg_dJl1??sD8A5GPTJJd%Fdl6Gon#Ga_&dqEU@0Cm3a?k+(C~RL{1ZAVN2B>s(|#q` z+cCq*Nw-W3W?_S(a9!jXJQuEL^5zXym`Jv4PY>&+X*_~oWJoY!>p$NY@ z4`!^yFEJ=}3k4{=tJdQ;5`^udO`$BFc$DVYvBM$t-V+xweYP(M2D!4PIRpNC7Zdtq;SFKET5}s=PkD1qqQ3LRzWIxPK zAS~r8Pj7_3ga6dT?;}r0%1USsZ1Ff`@8#}IJ zn6XyON7r=&p=j3cfgN2$IUESZxtlh^ouWMhj-Tw-d(qNr37QwHDCbKHbF$>dHDVj z24xM+%?~9d19JlbVtfZ-fhF7Ytud@m`fK5`--ime#kBxzYXdjkQHV&(N-g~(eBIr? z)fdc(IAaNqcE`-^;|9RPp6a)74eP4UVPIl{oQNRW%}-yM>ip-sh63?>G-O|}oe;Z} zj>dM3mr>kGSX9d^hxEzJ7utK4!BJ5O>OKOa73c7RgEtb$=ZD2xqqxL0GbH~qIKXlQ z<3knh37E|F0naDpmU_x^{=R>vFGm4MjzEv*K&*9xK`DWLkyCv~d+M)(- zI1hJf033uJcGO_w*^q^Lu=Q&-G($M^WmeI1;8w3kRr zxi(e>?}NxbIbM(C<9_3<=x-OPwRrr4v&lq)4h^;I==F$iB7;44SU_Z1=jWe2E-e+< z9dO#C0^xq>^^A{?f9^FdaJpU+*}g|0>c-hII8|nEW9>XU@0et(`1ag z5iARx!^7*{+VM6qvT~*M+P+lXYZ+l-74^T;r&;_}A39|j)IMT|q|*HA!Uv`RjKw&Q z(^5=6zmWn{LIm0X-qe5$8K#88A|O-bt2jOb!Iej* z%t^OEH3#Blw*Xd-`MNdhR^jHo;u@Z9L&EhD?nfei*CLimtx9*$)CB-SO%hK$_&uPm zs0ew(iEu;=zW{t1*ibcKPE9Kq&td(H&S{z9kZ8Re8KIG)KNk2)TTA6Ql9GBS!D zmNyXxn4QxZ=lC(rr!B^>zYfj0F7TRGeE}Mq~_979DUKx~GG8Wz4F(T<4ZhLzI*AM82ydFgP=E zGJy#@9u)9pnog(NznGr$d~{vrvEvTqHLn}BZ;Dp88QverLX`wp()ShL*nE74H|5rB_ma($Ey)uk+bXZIc=q@GUcU(rD+RXqZ)=>-HV`c)nQU z-Eu>n#_HjM?KkHL=ThfsZ%Mw!y7SxyPo>FRiet7aDi@zh;7U|lWU_bN!NjZsU=8I= z?|8loYk8SpII<)f7}k;=mo&TM4^7ERI3j_GUip!pKT?yC%7;c_m zz7loON=#gQiV1A~4OsDutq$|}aWXQ7YD=BAs#_Dr;V z^qQtR^0)0Ftx3x%dM{ak;bR1$(d6W0m@!SrCD>IS0OfD;EKclGR>WyK%m(zSvEWj& zvR0exGr-OQp$yD!wfHb5(9VE^20eOJnu29_34e-ldRp4+uKAk&JfrpF-Ormyn|+p`FLcfsMN(2CIMd0MBRPe<2^#)6%^v44MZ2_ zBEA>$DbwV6hHlQnPQd%hH{#JA~d^tTk$hgTeWkyu*f6>;6Oe@&{C^r=v7 zXysuAo_h(}w8gx|vGvK1^Gief6i&IMPIIE=@oLlK^gq`=QWa!6(~3Ji?H(9<3P(&H z9tEmfaK(v-N@$9RLmV3Gci(vN)7@oM*zq1DfQB7kUsQ?u=%vBqII&Z4>GOm2-Cy~} zA%g)iBL~}CD{iF7)Cj>n^|2i{c3AttCbzk=BP#K%_lCgwDeTN&vAYeFq`Ig(HPVBM zBZlrx9fzO*b6r4Lqf;;U%~|T#zaQ0xtqo9te$!+8V2_XYR1hF=Yf%Y5LocuYB>|%e zIa&&YsVHnF5&W)p*`t6Ls1IRtZLyT(<=Y|@Vwa>Kc?Gmh&g9z{$mr1D2-r}arkeKW zx^8G}(dhV}DCD^FSPT2vqUnt%dFV!asJYFingy)v7ktd5m}hPZzZrfBrsCaAl)Idl z-*tsXww$bcSxeI3AtV_^Npn9&SlW4(J3H>_$ED3ry>ach1(2PwA_QCF$w?M9Au_fB z6HPylm^+?Ar4?*$`5gp6Wv)zman3#WP1>4U&sc zM#2&(d=N@>t%y4u9@X*-R}g&PDED%XiK-HO&|A?GReJtO%2z`|WQ6HEjne*4hpC6> zJ^IY)Y{o#3XODJXC}AzpC@)!0#y10FDZ;@PTwp+PB8&-?q@#!em4cE-3*YCoB=yHS z8rj!HkQrI!Oe|FVQWrE|*tyksZ=qv!L-pN_r-vy->9IZvjlCmcz06w6J!-Re(1tfZ zJ3nv6FT4y)UMKpf#bFZWYU@JQ4WlA=B`bsYtAlh_$NV5$zkD0?_>g@n>3@L0e#P?9 zqj{ZNQ!@3h{Oh2#FOU*29k%Eg+apd`Wp`X^>N&6P;j~APkAo#&5esc4ylG#ty8EoV z^`=~$?eCmg#M|EJ-hRHNN;Z`CRZZFxu01F=Y+VR?0rE9E#`)(J6d*eWr1Etn+ujGK z`QfW;TQ>&+X|?_u=rO^n{WEgcp2@gZJ?JF(e$d&C4l2)|R|wm`iYZBGg=h+VtsZ~q z?#}Pdx~2I&$f#q(*4UfgGXjpxny9&?US=hTuT3*pyeZ)G$De6*E~%|G`FIH%TLfYa z)z+eK=4SdHqrIGjY{g@LAutyiGjJ2SE`^+m^sx0(nvQ6f}QS2C1!0oG!2L ztGF+bs;8ArvD!v)vEhOvGrl)3`p}-D8>~f^7GROa6dA!ZM2EZ4rIN8OV?4N#iw!!H z-;iPUMMKiW%b#Oyf{3dR-WY#8_Yxjf_E(F?rQUH{L$?j;ZPz&?N7#o_V5SdYZ(BxF zq0Nyi)B_gI-oD_&KF4oj_O!&d*Fsm5r%csgYkC`mo_hBHKJ?jkB@bbB8k41v_`oge>eF%~J_JC1hmqzv} ztXKYml`c|eU{;J>P*QiV@ynN6!{dww5JvFx2`Rr~FGgQLpbXX5bs?O9trwf0!o%Z< zZ8niXG|>(9+hZ*jsL6P55m3(`(d8wFwv1f6PM|wlQU1Vc4Hw~|I7eP2vPfa(AcJ*K zXd;7?+C6EU?I=sFhucXPcgI(3ARot(CHMZgwLyfYVgU%# z<4Em$a0s5^XI|rkT%;N=vesj-jsWUcyVid`0*!5Z=jZ#>Tq%@UZ+AfO&f==2a6UbD zwx~Sk!uKf{CQ&X}z>1w^r!pbx-DaXL8fJXn2ff%?q;ELh+i&x@_h&?SeY<^B3wg7+ z3u8+Ju1Xu+dC!xAQRjVk5CEzHMysE4GqE;wgCTQq0xJvhImKSO5=++hs!oru-&2&Q ztIn$k^SA&P-;`V8WMhqSu4~^UIkf|ua?Z}ZKAd>$axZLosl7tDux7v%XnZ%lx;;KA z-Wynafp)nJi&z-i!#TU5H|Xb|?-^P`JlXy>oCXvKgw6HnO zW2snpeJJgAE!Oi{f}1G>(B2@s<^h6%y?HfGJ{b3ad|?$GT56SQYW8T8l%FM!U8GT3 zGL9!^gtEhXgO>>4p@zFxheu1!=wET%e-7-(_v&C{)xcEC#Y-j5;*X!q!qz)5GVQ#D zDl25UgB*>Hz7q~N<(D+RCf5Qbt?1Z_GPnX@mKiT>G#qC4`aM9+8AL<>bsvUGBb>Lq zD=R4zXQ|5z8E_a=`;va<+_xbQZmYWgi}~KbNLdH!dG8%9`mKSOB2A+Cc7j>a4o!W8 z4d)>=J5Iu!ypX?1{DmQ~2}A1?ZIKQGjHZtKR|njIEQt^;&$I8C?g&fS+_Ea;;wT?F z=mMeIFM*Du%z0wkl0OL^*Lg04Y|p<_Odinq%TVYf{z}B6tvL}FQ_3pELP(3Dkc>FJm&=!j&Z27Wr%XIHrxuQjEU9GVIb>XdXygL<06?SeFI61!UO*;X zz$cB+3ZK@8NkoWI$)9;^Tg39!*S!!Xh~q6EodsKDF()XW1K{190LKwG9DvW`Q)j_@ zGKtwu$2aG_e}q!b)lXFu82w{?z0tzD@e&lUBCKE@=>8$M<8f*qh))RYlI`K5m={xW zUsjS`s!lfg{uG>q6=5THoSK&QT<{3lGo1vn_u1n5(U+su4)Ixh^hcr}$^+OHL(Tq}D@<@tD|VNTA8Lv@rW&MEvStbkBSioaM+NixH_t}bE6x8X)mBI5f!9T730 zD(Y+*m~H}AKQ!`bIVU5SMbO!LLN57TLPyA+;j)eC_0Ox|Fva@a#09T$@Gkyt;@o_F zeciE=?^v`0XFsNN4x^}?5+*H?hPCB=0+3%I3D2dTLO4xV`A@etcLevDlyfN$q1H{M~fH62>;!nliOc zDdC4bU$6sDJfiSipL5x94%J9jupHN+N#)6ji17Dl&6_vzh?7r*$k3eU^;d2sc-c;M zU02=}cFb@|;299Ep;~WXILc61Ca;HzO=dIn^JgE3ZLNoV1PG>i2s4ko#r-TB?V}VM z2SDGp^Rr1e2(SHNgX4IFW61&S-^%5)Hy#z8XG6jK1&p!l;b&vV8p#-NU9F;UCZ6y1 zcep5+yeWi!%UAmv-Z!OB*v>hDh=m?a2V4Se|BCS1!-J2qLDg*y)7^S9SQK}>Iux#4 zGD*F3;p#S>*U!z~XJ3*aK4@93*gyl9mkcMEOS-)BBx6v?WzDG6=J&#ItzW3e71&PdBk(*?M%k>BZ*vltVX3{siNY`Di zp2;&wO{2X1SVX)43V-F?_!`FVy|l&AMEh7yCf+6^0~>&+hG~;qF0$B=ckp1im@t{d z48*83>Q9<$z&KA2*`c%W_kxSx399UDig}4|P`n%D4!?im5oq$7b#d{*0`mc%lzsBa zuroLIYk@u!+sKEYOTYRVM!5lEPA!cWHA0IfM409#kA^eZpuLsR{k01;!FpAnz}T?L zFyBhLfNL}%)sL+~HMeKrLpF(g3<*h`Ck+i@AcADeKv)1o1?0dCMpLQ`=bns&{pR11 z!7-!9{;zvXevS!Nis%c!X(Mbs{me>0TmT>KPTQ6(cC&F-qAyY z>0dX)K+n)r^F>YrA{$d$0DEBI>hi}&-tmXc2T9nfyY^U|qWZTKJU}x}R>uJ&STVPh z<^|E&Vf;wbi|b4Z;qiP1Dq)Y`oWHB$(i6L{moWXr&g zZZMA7hBEE>LYqDd3`0M9#_qN>CzGLulC;Hy?|Rw5U;y<91o&#T!|O-;0g%V+Q=NXb zClMmfwWsQXMejo{$_1eRWCzk;h%QPBpDgY~rV{NB==i%X-$&CP#vhhBkjN?{f@f4? z7TA3xa*I|dr4Ul19EYqi;3HFyQ^|iivgtroJ3B!c2-@Sy}7wde3(6M~jG@FJaG0i!($eZAZZ6Q9woo}9H7BF%)_%T}CMa>bXy@b)jNk+7S z)EjjJ8?&m6XGx*uOVT&>58@bKSz+&IUR)fQ#j!u`ds0ry$HaCmuiwA@{%-uGY5mJU z4#E4?aVzfr0fXuv;@IL690qxc3lnCxVwb62S3(gP9Jw2ASTSTo*Y}U}}KE^;=feC>zYs%#E%}KHUEJeTmC< z>gN%1|2G3Z0WUmt=p`IzEkk@+@z~fWvT*<*JppU^rpy4zv%gS|v7^Lu3ob8uyzWC? zjMDoC;Sv0ncaIIe9FrUeSiMk4@Y3Umd_}-GME+~vN2=)!&!}VH>Mi;6l#lVZT>+p*Z!{r^IH+Sb`QC^?`?J#)#O5|(BSj?ij@}ZLLR_|u1$|$ zDS7oP2IRh9xu-XJkLU;hzj|+)nhJ*&X3s1>aMqo2iCK_5F5R}fp)ZovBW-YdXh(wB z`3VL!G-18UkTDE1 zyWqB_wCtxkFhA2{L(#I_Ale{(^T+@j3wls?vsu#>KCs|m5H`=k@?UA@*gkzKmZWE+ z*6&akwh|hpq8_{gA7k@#f>O{(OMt)>im2HzZxHvhbXbcS2mPoF4&FjbYxJpLn`Zff zea4HYmV9vLYg8rl{_9L|ebUudO*SMVj~t$8z)`bcQ#?RoHd3{?gkqU!de+hocUR%! z4fst%h>V@39qBvRl)=xK78!U-)_14)cmXDeWpJ{c*Ar$1oPFzu1y1+VX!h9tVxC*C zP)(O}FCuQ{&b4bqB#M8?#1!UvEFn6aurx%5ymXb;5sN2<{K5(V$7E+rK#)h|^hOP# z6Q{BgQgYoEP1aHpi3Ts^Rr!s8^KO=PG?05Ru(C1#b>;sfj zzP}`U16gVLX1D0~9tG8J#ofb^-&O@pJlj1XdKRZ#kG{|M4$|MGOWD_j{0wt?!dE%9 zbo*ANLP{tn=%5lVZN=vqF0E&cUz^QhlphFwZUi8W>A;(8`=)8U>WgW4pM3-GdKA*L zc3%1jDpf=C?bmm;RJAffmF#3I@+*Fs*50LtqTv0n#DXMo=V)hY3rjzkS1;Q;p)-hh zeu^{%uQiV7EVI6fcU|b7($jqd1C}oy1o@7$O}8rjZ$r(7eO6tYBV1qS(cPy*t|HPC zf*azS*Qt3sz>FBMor%V=F-UU?eC%Fda~=7_a4g`;Jk2_Lj8AbQlel)6j5rfD%hYrSN58{U*GbiM_=GjHqM&`nN4 zp}Hf9m=kkx`+51c>1U|YfFIU|Nh}?faIo=_HUfoyO(X{KbdOdCE$K&d{)|Tw*DB}> zz?oRFxi{3^zCr}S_hywm_O2cg{}<9B{#Ec`GcFromag&}9K#@)KQuWD>}z7~EB8Ja z`k?Xr5rQ{9t1#ZXhwXN_)8ij;>wiWt56i?aJSvx@o@TRQK*VVF?Q|spc>yYF>JA89 z2Rykp+hunh617(YTBCWW;hYi8uq-G)kU_rUS%R+aGcCwmum?@g)-Vo`vQRbT=nGwn zA&(zMDA~^B8trX|QkEk&G|a`xnC;FG_}Xu~YTj4%H3*%jo%9=Yh7t!xw-}SdoM4_{V;tJ4A?BqJpr%vb3>;VJ**z$Y%t^ffN*mgd@n(hcNq>9fn+1r461w-KWAtGtKLzt&W3$r7epK&=uO) z+J=!{wa#OM6Yr*zgtN``>H^?Yx-3IA=V?#L1x@SCF`Rvx_HogIK~BmuU_4&L!Fe+J z1|3EDq{rYYr~c{Q;g!ZCNcjgkqzbA=W@ecX9r2-z9tN3O2CP?~^IgHe>(W?oR@ zbhSGD9hL#YQ2!@q0I=IO|WljBtz(?RFuRzke3 zBy7cQwV)yQ?SZ%h&WV7hi$|*-$6_&$g*CzTF_n#3EMMn6#eTi_l=a5DSN1 zLO6zOXzlXd#;lRUQ1=kO1dYY^__q5kzk?3-#lgtx;Ag|Fo}rLG+b8^833@m1L$fcT zy*N@DuOG0!aLIO8?|U9Qlle*87ox8aC>Jg_f01Y{<2 zmAOAzk-ob8lsut()PB)E!MtB9DPJ&gu!q`%v+Btm!g;9)`0Yr#Tj$!HNYdvJaBaGI^Qp zM#wL0fCR#{hyG1?Dj&^sy#Xe#pjA2=ENaGks*FB2#~?vxI*KkSwe3ob&&$>~&P0aA zlzZGvY+gwD`WGj^wa_m_>@Lr1Td2%%(Rf%DHCk7nHzyIvN!ONl=MP}P)|Mv#`yeM; zqhVf^Nr6d>x1SV*2aYYIH#MsIMMd3!?{N;$Wh(>An6oJ#R2d}2Y}LG-i8?wzTy1fH z`+mI&V=?r2O%dY=9t5VNX4!2dL%1rmn zw(SMQL)vz$vcxlWmFEHGnRr!UKJ1lAFiP0eu=r|mq`Ip-FL_yL)&&;vy<1@u8pVoU{NPdI1@`|y!b3?nsuR zK(OxOOZc25F|MDGIa|F z_)`v)C}yX_7=$BR&>Z2M%NXplM9k@VauYpl#v42f<^D8pyWx_8{6pPs5XR+JHLPL(!ohEh9=?6@ZKvjpQ?ArxX^oD4owAcnc~e2C z4h%^llUE=JIXQSfZMjziEn7R{YLAk>Qn7URgM_0hn3(~U;04X%ElrZXOR!IEC>_f} z&*q`(bQVc$gK_=oeqnhrIl_LH-}Ct`E`ztfTB zVtVHML%$XtTIvtCyiK9*FkJWn>)r7c>>sk-ygZ7L>Hh|9YX+HY9#(u@7=-`-CqWtb za37y*zk`LY2wSB`eES3yl$i%VJT^k0{?2jNjTJfT7yKjetuc=cw#GkGmu$xvmqd0` zQz0q0x_lS=?Xbls2xB{*0&J5;^5}OAjVnylPyL3qRcM%)q#z9W_b+wWGmzO*(xc!A zjXB3Pc{v?Ao14ptx=45}Ofd;%V{~Q*>@2U|BNSwFU=NwEJSlgQ2!^H)v`43<)5hlJ`&;5F znnBsX9k7~fxmm#|Bv{`U?0PeIAv)IPG?lmVQ!A@Itbh==yj9Go)ouR^Xl)C(#8kS5 z2=lqH#}XqRPNV4C&Te69BTD5qX};6tVfeDdTfKCvewtjd z6la9t5FTv{xjZdsBXwaC?X!RvnVLT4pueT_EHgVe!)iOR)q1|mQz}zJasn9HfXqT7 z5V+1CAW88LR>SP_;ua7?B2@_^NC?8RLSGy(ib!~@Lm6&11FPF}mlo%RG=BHd0GZZ- z53Hx%+b6p4WDbwjnZCLxN&@qvh$<9=RdgV|TGGA7 zQ{mijrpkXK6L|N3o(a4wFR25ktV9WTXvSnveiGD74%RdNGf4+&F&F^kr8j!IlW1F$ki;pBfmyVjN2x8wQ3>WWt zHN9XAts%ABrtvUChpq;N>-IT!NO6WlS8tGwC}E%qW9T+}6sUW=8FUHs6oj{-Sfzeh8UZ%SL2mGKin2$Hz0ptb_iY9TuU@yDhBt-eEQyJh1v9a z!^}U@g~JR!Rh!8MOrRhX09=I}XnlA|t+tszhJMuT&$atH+VOva^xon;a8ANT`*&>j zK`b1Z_`kt+Hy{yM>~2#)HC-%P(EJF?2I$GObxJ|7D8}%)+&60N5+$B;;1udC5NkkW@s_hxRI4Y)|=-9UpsutE3CywqEP z;#*l6AwiJNOT223wgVy3x^w0_NU90K7=Gi|p;hiCm0Mvp?M;3X`h;wX{J%mP^?sMk$)65*9EG1M>WN_%!j_*gxjfAJ+H5}ez-dmHOYdPVhxwDBn?_6Y&9Qcy%BM7j~AQ@RmBKpN==k?wAI$JDj0BKV&W9j(N{{U1OZ%9KQh}3fs=jJf(3@zFo}WY|NTnGVY-pe{AGLH-A-Z z6>C`9-||$-wSA=5gZrC+oZ;j5tdw?VGb!Nh%EC!WuRbxfvxPt2GrVf!`k{5z(s}Bz z+9^x)(Q$5rrHbWI7nem%hwh@w-9Io4W{ZbB)J{(hiIR9CAz?S- zsD-#MPbnxUg4lD^j@;?L^8|CPPBbw@dX{~eo6~Ay03>35+OgPmz;00S3^O&k%*dFJ7 z@nGBy3<`GMb09<`A#RxdFD$#oDNTek0>o8tGyVkckyBM29!J>Ir%(9{XTR6ywk%zX zT08}DzFVAlTC>{o?OoUADUmnXIVzYdwXIM+!DaWZ^pWU((4u(nEH|iqxTz&f6 zb|JI_FExiXcivZT%2aIb@|nN!O=oO~(LuNxFQPd{yOLhd;>ebrPAb;QiU^%nI&Dy~ zTa5Z1tybbtQYsbtfy_gz@(T&5pR|I}=K0-HDE%Y(3j|g{h}w3lRrC#<*9ch`I2Df} z0*jVgr|)}Ma(-S9gRuWj8$;RifnZFe8sj@Mf;8?S-F3|+9LQV< zWL-@qaT92{9=Dg&hERPGm~!AL!GyqT-~5OAFmFQh`;a)Iag)fqR?LbT`6Lxyfws z@rEe)0#zmHOBk096gdX8y^*jJP&tFY?$r(klEzN0RWRi0Ta{ntt8}psnG*H! zr7ZO^8E(I%h7Q&Mqtv&FL@cCvxhkd3Ef^7(7_FVw~hI+Fj2K1PPC z+|!rGQJ~%G(=^v)^+rL^$2|PPY55hlwj&(+hy*>uS-(?x?nT`OoBcihpBz=|pN(p{ zt#*dr22Z>X-U`-Ki|07Jfq3ZDw392a(}P~;ZC(6i%lxeAt5Sa?#DB<{_<_;DBK}{@ zV|KJ5&B+Rk-V$ARiRU~}VQaW0KI)x5xp+H)kM}BcvQ)=U|KjfFv79Gksy@6?RV*D9 zY~yl-{g$<*sZBoaXmdQ5g1NPrY^NGcy_VtN6t0|C3kKJ&HVIvc4*Fvu-C?iFpCC#9qH0a0t1|cgnt1!SK>Xu#=z=kQRnD&EJ20>E8E{~78NH+H87J+f}>1| z?5?t=W*`6%+amefO(&A?P+=xkByfNM18zj+GOL$z;|Q6KoAohMe&>`G(v6AGg|=LH zUjetO5RKkuevW4|3YJimD%`El z_v=IuuzTgtW56@HxN&&*)L>hL3`O7{R>^WLu=63*LBvx@8{?KIBvd?iL~lnHG7$*M zG+5(nSW^#q)@qRaF8X0!K>;gFw3SBakZih{OJlxY*%}ssXg5zt7SLI`w$7=SoyNhr z{mWt`mB>MXe2)yp?=t3R%Lz?VPNyeCKiU4wHraPOx&q(0NMXKDNT-w|q!M-HO~?nl z{O{jsk&m~+A7-MwgmXMP&VdRBtv-nm?+th$7Ta0*<`&f~(lm(ZyGB3xO@Aa8bA%B% z(KbtcAV|66c_xYo3x9<6z)dr%OhW=j^)JxA*p;Qk)V>W(ERcYD{n5#|-Kz1{@(@t8 z;27@=v6qw`DV#AQZXt|+^Hj@QWrZWXMKC;^G{4;EgZO_pRyUdtR@L&lVIJDm3>%xU zL^7aqN1^`GdH4UqR?Qa2Wuu4|tRcD_H18yLfrR%^e8r=vhUE)G*TXnt%-ln_{f?M0 zbEE^=8f~~7{bJ_p^XS^p7?r{=r0t!?emC&VArF!f!_))G#!J1=$CCKcNAl8nJWDV$ zEX+I%d?5pV3~wMmE-&ML_oIw>hhw{xPKRGBrRI>kAl)a+kauvyj;Z{BotW~GQcyTm`s$_%16{ftcK578f^XT9HL#^@s)K7E{UgL3!R!Lm%(y-l*XcI18|Y zP(kq(4CmUkc1~_A8I;)NY|l72^BAF9M#ih=n<3&Ov^RqNk=jUO?QlMzJ*@88$>zJf zh#J^o&fMmRWsDrq^`EIC!rZyxI^!{Nn7$hIB##F{zuO+X;j|})v$odVGC~B zbBP`3cC)X!6w)*7vRNrg(TDZ z`hI`_?8FGzj+qadTM*BE#Y+qTYa)Ki-V}E_YTpJhk;7T=mqfZbqdVN+-D?fLc)H%V zq5DAXoE}!w3tr-1Xrdk`x^M_wXGwNF(CUbl$7}lHspJF0!?aIy`64(NKH-Z}0A$sk`G`KeDmesB{$SOqZ57@jgvg zkz~9>JRV{qHdLc=k5U=*n}@`j#U&<%I6K0tBjRFWkAWwUsW3?;P96|vC_+0Nc%rTUr^&qvmZ zRL23VMO`=!#_C3}NZ*3yTA2xUBF8@lXe!$^#;TG#6LWXAYIy*PykM)Wke(|T{`dk2 z?RXQPXVHD2@=lGb;@%;ksyem%^<|l6)_0~vU(;B;9kST8j=;Hqi$2mM6W^CG`B*m` zvumTg!9*mh>HMv0q7KxkM$ce@k5Ifdp*o#oQohUd<7O|d>$eetWD25`OT8ht<^%-= z#~3$Z7X<>Z?XYrnQAvFI8}c|7_h?>{k2*ThHbCzzG9DY2anaB+=-A`~H1a|UTln`Q z3|j1>b_4G|6NT}w$b3JGwV27>)OX`9zP^k1KrBBDnrDT2dml641TsT#-&wp`|lkjc+i;FzLFxjkyT<-;c zC>+M&_%A=oU~BM#dvj5ZtpT@qvCUxTW5%(MTb$^2M_s^owGx6DIyGI5bHVx`;@pD3 z9tp`S=HvnK^w(4{;4Ub}Ygqc1NK5mE6_(U~Y)tC7t4C{7c4DEwkvXNXLNFRMP~2$7 ze(S-q35Lj{xMQ^3F9mSbY6D*~%vdBrxRs~}p&(GFq(qx%L%|f*&(x=*s0!;!PmO79 zw)lJ6IHDw=b=r!=PaaDvQ?s_zaB=4mxtJo-b8YcL*&G~)Rog#WQF5=mzE^M%K(rNE z5c}kD0lR4ct0W}P+5YEKugKuPmFX31^E>VQW^7FUCPv}H##@hln6Y7U?q)TaxDF`P zE!;pS7F*EO*D^i1TAvyCPp-}BA1UHKUegWLBjQW%@BqB6-U@Sp)_)vE2P;7@2#SJF z8#Reo=)?PvbY+#AjtqjxZdFwDxLm+%N%Lvdm+5~sZjKfB9El%er!odX=%A#bA`HVE zs!qQ3IiIq=!2qO`>h}+3(9gYrF+n8$trcZ+eFDeZzbQLBAD4_wc!@7V4JGpqq4Hk70)HC5~ERO}>OKtv7;AFoeQ zQ!{>5O~EV8w%U!4it4P`VvHEznw(aXFAQ7&c>%LhfTWocC52qe*lVwH&ZW#Tmg_qq z{Tu)WawQ9Flb@xKR?!tQtmk-rWtoXy6joZXxlWE;6tV-J&HV70>k6C<==_B3;fZ$| zNuTA_IYa5LzFt@grjJNw@S!R=plLx_Xqjihie$4Z0%^v?yD_hrP&{QmuOfZKG#oYV z*vp$UqI9rSFgC2`iyJireXWUhs(#bfUll(dRjw;7lt;gigu;e=h;_Ssf52aGim-MHp!25R(cimcHRY^FI3w!&UK zMtplFpUvH8O^aJTrPC=*PmZ>Q8PoDAcJ11FfBDCP?4iEj&39yIzO&R1!6Sq9W47~& zOwXPAJUv~AS5l@`S6kxKPiwoEMFd`hg$HB;;}7l+?|d=;tG6QhBZuh`y~|&qL9K zl9(u5(c^_emBSkCLomm%fT2C8zOdy_qgS%tIq)&=WVfqM_phd}{tqrj7@0j*>w59A z*SQCC@+^`kdtwks?nE?T)Sm8AQFSgl>>8be^RReD#RP1kX^CH!B;RpBhzJw=603xD*kb@L z@LCn!bp`kWLiY17A|sv2dFzwJhEgEdodQkp0^11ao32Y ztpASx;B3fJxD@t=C*=`AxIXo!yP3j;_I)c@6K$itydQD~)fo5)=yL53ep0 zYudx5UCQpHb_X8_39`dwqf#-%&@~C8Bb&g_e7D|8HAfKv)qvfK6uM~u3Iv$W283oa z!L~_1462CdgooNeV4sOFv}?CB=TaT1)OwtR&Y(>GnN4-hpd&gbDwiE5heijdLmB@c zjOMi^sE{6SCFGeLzKvj1!9o#x5eJ5Qq@qrm`QVSeSy*+rRg5D0Zpa{0R^Or`0n*WW z>9&OA(?%F*{HA{D1^fZx!Y|;pYoT5fP;b(PRw1!72N-qyVM7v2iwDY39($-+83UJ4 z&W?6RT0BNp9NMDU@SoNm#mUWq*$~QAN?PtI#{!^dKqqdM#~YJ7^z>L`m5zHy_{5o> zI1KL`^|uspu$fZdn)P~J6d{NbR+3usyKq=y-)crz!xSDefTpA!sX43nul!WBKm621 z|MX4Xof_YhuvXxf+(&$%qguWn2fpo5oapnkyMRhj(HG3@DN#hDmX*d$Np+^N1;8~7 z$x)e$;t})+oM5Cq67PA{Hqz3{p+&_h=^k=%0NeY}ATv7~tI(kRS$KCP*N27b;6zb> zoU<;$TVr0RT5cN@&^~0b1ne+G$udyk`_s{yZ*b=CF@Vofwb-ANaIXiVY=GCobkXGU zq3}0pIS5vjcdM zVBOyOGj=N6QVFlm8$Oawr@b-9jc!p2R1`5WvGoRgX>I7sy?DvmGb;{}m#dZra@dec z91w-XCZjLzi-80PUUIgVq(Nu*NCD}C5U{bFN@mg9&!Vm++fe~2{hsA_#BvVWy~C2z zi-*KZg=)*1HJbq}4*sfSX6lbF~ znUpGUI}3qesabo=Pz`tG$?CIB$FU7=BASwACi&sS?v=&h+L*~(fnhLi01#` zO6I!nJMP>jPtycG>u491f{*8u563>W5!5C9Jif#Kyc&8oNWbwf_GR6v@ep*W^{fV+ zHx3ym2ON=sBCc|5q{>z*GSIeXN50{3rGJFcuAmVas|%B~!p!KNbJ@Qs{0E`gj0p_M zns3PBK_no$*RM7PGXaxm6EulRmzjFn29C^|?Xw-nyRtZT%0=6ij(VrFVqHceJOwvd zNT6~E4sYD$mdBi~PMByBNY?to$vZpU ztBq!Do%yg=3%=z@7I$Kp06ftC!LV>h=Gn7Pq^3Kf=V$sF!9o#sa@zL=6|iXC%Mro4 zmry)Ud+=MfVY0&5vV)L}{_DOg7^T+rJ7H;AY8mX@>3UpyRvokXbws!YkE)I~I+nso^mGd7Jm_ zm^X!VGvJdt#*?O}mPZg>+pUZg8scDFAx-C{SFQEnBX^oa{f%L)=y;}ZkWeRd5n#tX zg?T=`&sr4znAyJS=En#$RQv`=G>4kf3PP)r{pHjQ9PppjzL}u>-@uO37ybz~+%(y= z6gH0;1IUgs?JQ*Qd*t3|;S;UXJesixsDYuDd7-{dw}zq8`|C@E`>pk4D18&Q?=?fg z?xcj+8#n*URw;y?@tM4Vtt3@0_Yf;^>zb2d!bo~n?{YMOb$}lBt)$e~wG+d}VsqMj zSn(#~5GpLj8W)tC%nRYVe1907M4)wiK_t+vS@$X~l?f+MDv)-SzZt|^v64c5{{tiU z-;u_bdRzY$X)KF||A^oe3;%aQBPj|mT$hvaZ<{7waDq^(H;H-U`;Uvj!~yZm|J%|2 zKbWQe{YA^-?|Mw(`5zt&)(R~71-4|F;KD+I7%~T2VmGrfLf|@w2mxUPFY{{#f;9vn z#%L&iQ61sS=D;x`i-NO65XP_YzVppRMJU|=dYF9u8zL;bH<_P$7ie!ObFqUPk9i?B z^Gp14W0Oiq2n7)7e;-c*EE|@NXcwu$9E&_XUA~+v$ySML^kVb)nhH5Di(L5d zYHhGR2SHMxP)x?V!?ub?0WcMNuXp*Yi*W*+7CU!ti>!x2$~V2#`d(H4CA$%lQru$_ z`|Va1}N@w0+^lDz(dw%ZvIj3$#v5d#B zK0VIXrW78fc00KK^ueV{b;?&}A@r0J0tIu-whji4?3Y-+E*&^6Pov&1Gz6|I&;6mT z@jc4L^Ukj7Sd%8nxo+4FeJ(5qDbxEWS{hF@+#0s+85Y;lx3!mHCXc&&)Jy+ikNDE2 zTFFNKxoylqwqYp=-82gh({|ck4oz7l)aZrv-U!)|nBus>ezR)X>hnrD1QS{w^pkVy zN7*_hIK?$oUo@(Q>ALp5qrjMjJGJuU{APE7l-ehW;%x(8(P}!UH?(KlpdGrdaeZ@Z z>wR3i!`zcHK^^&S<1--qm?!Z`Z)S zTP{e8kNuIFMZQZ`lgTsbxcr=ZF@(8A-<0X_B&mEF*;quZ2H!s)J>9?8G|e@ z!NMZmW6xi3b=|ZR9Z|QrGA*B^6Lh(U!SR`kRY58$&iIg8>2cOqg(cxqi!trm@|`j& z7l)>ba5S!v-6UOOD7xTx zEj0H@olgSJV>3HK_G7pA>g;nCm52TBBX>SGudh~|AU_tIs6xjN4?jRxLDwz8$?`uu z@b$nO+;c0)9vRoVL&;S~Q+jr~sk=Y2!9B)K;=zAWeEgVR`+Zc@rCUk%=AZAo5{{o9 z5%{2biKFF~_@kxZFmR&A|XCWNGBy z;NJIj_cV1mIjUNDepLsog@uJh1C$q%=p-ytHAlFR)j&O3PoJ?d#_|MJv^7x2ew7&h zH~gh6dC&!Eel8sA&z}oMgEKOmW~0)uz2iqMI2>w@7*nNUt^_rC-xB5T?|bT=r+Qi^ zn1b?R;<#z6pbf?{0wkAYJ9>)axXBYsf=xQ($M&}ZYnx9< z`sB}NpuQhj5m?6qbjSm04gHih?VTbU#tdEc8aE=%JOcN_?K<<)u^Zcc&^zW-t@(h1 zBTIOJP(P-9WO`FA6{E%!Ew;}b-FgCdUx)i$=YY3^;Zq#wr?q$84GuUIKx~vg_14K+H z$}f^Xch8%OQmr+MW}RVaXll|u+7-x%!I$-wB0oi$h&@g63%-HEww;uou>NeW;kDea;mmXkaX>M-*;`+Ms z7i&bTJ~5}!>yed42%&;DtT$)|x7f_HZv}`0XqL?&iClLuE50Jkjy;yQ9 zsf*g(l=njoo95|R2_@|lq9ZiYp-RD0GUSTa(BFRN6pTk*nvd~DAg3wPkSwxz_S*PC zle2`fst=q}<)RJ$7J#nWUg6+lAqT0~Tak;5IfReMG`PPxvrF{3&4dqL0 zmR;fyR*z@3Pl{%_X&K~^C@ND(T?O~|*k>Yr45!pde=P$ta~^%mj4w$6hBEFomtZB= z>5rDT8qi>Gi%$cxA$K`KK*4f2+vRn>uGq2eO_LLHInY{M6$lEbKcyaOggHEr9{>QtdiJ#4SFXvD`pIOS^Fxo>^sJPaHEiC2N4mm zl@VZk^U*!q5VwhPVeIWJ8saZHc{C!TDssY$E1Gfv`CPm%{KP6P6@5MR(Q@3&%YDv^ z+>{xQuTpn7Qf*^{C`d=EB(rAYvI*mUZ7qCNTuE>2TwU-UG}^k!UTBDY3-(=P*Hhkq zs9uRStvz+5hd0UYvOS;p(i$b-{V0LiXfGQ|MqQNbMLcQes{60+${TU3>ow-%_&BI3CTWm1E{_ws&SO5zg%m*R~-Kl z_mTGZ@84~}=PRggmOZhziH3pId!j|hLswXzcD22;6O$It@8Wi);c@k1rfKG_PHJ=- z)~1s^;|t;BOxTBqc|BL0s>c)StasCyN4p1T(B8IcV3+lF`Qx2X{bC&uW`g)a)W)lQ z-Q#_%cKwH^r3)?B>&)aIbe^|eEz$kzYc%GtuFudn9@FC^lr;MozeNN41&#LFh@cD6 zxOeuT$2#xoys4nbW*^EylgPxqz3Ga1VR7+yRX(EI%YkXD0~1@w?Y>5^$7hZ^kvvhZ z;Mhs%=z6WA-$i!9ip^C^&k3h??$g&>1joa++g+N2CvVSAVjy}d$!fHha$lEEb5JO3 ziOL}`HvML^Lb^hgHPW3dYA;_&+%B0HH|?>X|ItJKn_t1{TmT32D94+lpI`$F*_ur% zNIEw`#zQmjEw86{{sw~!F$~u9XiB3Fd^$!WARxW>C9VHyZ|n5Nd|=ZuWp|E*vuQ8m zu){zJ1Js!|kZyL)4%3jPrqt)!|4z z9*KJhW0&^conrVf=p)`1VC)yna^B;Mj8I~{kAVbeL#j+yJcpwf1e;6VGoWHbp~8vW zC0T|$0NKQx);q?PxvBBEdXA`a_aq0S_^_5{ue@4Goz$A~dx0%GM;&5OUsYv8RJJ)H z;Ndek&s^>?zRzE=r<7p%xUR<5X@CQJv})tCa(S{UL2SqeqmZ>u*mohwlOQ0p&6v7; zIjHyN*s{*P_^ixe@>kePC!@UXH^=o*q|{(xu@O{xpwg)J&Bd%sJVNj9B=eQintg@s zI)>^!SWx;E$v+>d<8~t9Co4oaV2&M>O=F^emrH)ssD*&)nCWanb9Ih>)njzOTu*KrooTf;Mc6x6FNRhS(pspz+s= zwa)jLgoV^B|9~s?zaj#cIIU_pPXN0P%s*@G-6r%=V z&A(EmHs}ruc2$J0&#Tn?5d1k(Y16n07~(J;`a6xDEIqLPbjEPNhTgbFrv?eb^-f`Imjn3VeP4% zHIdgqQmn$9xevps<>f?@ zl9KzqN7AvM_f1SpE_3JHL&3^_(|VH$@<9j$SE8 z&YPSol9#vBH72e>P@P^r`ORNRdT}w8pAJuU1ikk1*bAvR-nV6g%7bR?oN-d4)=d}3 zin3Iq-s#^|^zewc2(&j>okr3G8;hM}{U&D5({t^bFIxOAwUAt!X6_Nm_tsH^L z;$l;KoV$=AR&cH2klz!wmkiL#SJD?o=Re(NMzX)do!TZp0?h`9v7bDVXgG4+Q;GIt z2ScKO`_H#mVl)-h()RXN1r-#ouaZXjAt6P$`B1^on!DmK`U|rW{Z=LI-R!6e6s}^) z>{GedzVod=YCSz0Jf}&TzdOqkm{pmNu-nU1Eus+Aa=w$N@O%;a87Dmp(LtKOGW`@} z(-A7N$c)h%qqwkt4s((uz3Ymv-fhwECroi4<_Vr@haZTxd*OE%^3?EsieT)T)RROL z!KtpuuK7q5K^#33Y8)fpp#v*$1?raPNw;~0@c`+KLh3I!@4w(S$8)PAcHAy5c78Yp z_wx5>jGb4`zp*iL_mMS!(c0VjAu>#I-yZ$gha@dGV9WLt9(i4$ zb=Q3QGK-)P{3`6wtvB&l9%g7b9GdBNd0d+>Tw!f?(F?j<@0an`7pvAqO8CZmc-eiY zxh1;kI||+w%d$F7Vm%28b%&<;Z8z)87`fhT&~{gpxGkP$tx)AMAS>8OBfOgr90I1c zyXi6lf{J;fBJL^@T(pO=vI#flzP8v4Rb$jY?G2VRMwk$s zv;$(l*8u)r57XBr?tPoEsAGPw6VaOUVP4>9*&>#ulduv#Gf?rn0_u|^e5zW?B z%qzaT08zlg4u(ZG3#5q+8Jrq)Q1eZ*`x*D7Iy5V%-7MID>rNP;!KhK9 z&Ox3bnY8JBp(aQnOYUc-(MYMA>=nppSV^IO@Sd+4~m_KEI?fRL5k`mj-TfAgeosaRo&Wu_${;8=nqkB-camsM*8gR!xYqGJ5WtSgW zl{R5n-MxGJ&Y)GsN20*X(ogEXlIf4G$okYdudrCUWn+;OT(bU8 zCv>_M8)*7dx#EViRqun-1ncl(%YrXECDkH5j3~`gnmhO6IBW#+y?m=~sgpf`+*g|p>*`8RQ%UWobjgky6)VQxUw$5eyA8qnzcppi(NPTpy@7V z#|wVGJPcO#Z7OzdEP2r;xR<@L=t;yB1yDh?pk_XHM|on$WfvUHhNgOgH-ESz0XteBaT^d9)%Pz z%qpzKWXfXa7mKajQREjiIFX@~(IR(r4aM5Td=?(I@l&|3c#8rx5UtQ~Zg<5Z*T1%<4^VdaE~%+y2s z+}j%NkSAy4KcDM*(=_atdV1d2*w`4XIgwt>yb=-``U;l({o+D^LjK-6;GVpD@08BQ zMzdGH7{AW8>o!^x%e1xLCr{}JtcE9WHPi5ITA6O*QcteV##lBc2}`%KL-qc#hzJI| znG@gS@&g0?lC=2V4dkwaH2)U`{|hCYu=DOSXSxE!BqZKaS(n?lvXZ}gM`LQ{#dJu8V6yYTep}3nFzRi#Re3Cw+c_S2}tOnlNvFjfi72beVV|FfaS|C?L$$ zKm25t8N}Yt+m6h5#Q{6gzaor&HoUFyJxgf~&x$E}$Bw=V62`_HnP)fpXRbJ@D3{$z z-KNBXpNkX<@@bNyva-PwMe%Sy+&AD2gas;f!8JK487-C0px4@0HSmeq4&UHK^U91;C}PUM=HkMBjT)B+Ga>eE(5xQu97O*rrIdOUinl`6AD zhe7FRfKv}w+PRE(K}9@+ca;rr?~mZbHzf{QjX6+tU5w6nHy04pSCthOnZ&Lvk||>! z)+v*ZT>EAB(OY(ZZt9z2vEg#bj5ylWDtHra?Upg?7)QmDJ56kTub@vg$X3q_ICN%q z!0d^Q=N}<_P#LT6(u*x8(zcW=`OWTEgNeC<@ra>(kY*Vp-R7n+2VscM>d>vOLLZ`| zb{*({ReQ46zned@;_Fuv{Zf{YSvzs{jB2658|PGpv2bMNq4+zCY&;Bk|4gEuR0(IS zJ~p-rce9DpJ6Pnr${Zz^C1n)sC9(bd&N9_33x{wCNR~MGvLb7qsd-pif5sYKoM(AX zC_zn^eo1b)9;OYxCeS=@Wj`zz+-}(t+Vsl-gkVGuOZ5t{i4x;kiX=8ODjmVQK10EK z&CHEbCaP|c2sEr+{GLoH;?P$^^`aQ=lH{?-_970JoS~K1D+;~=S3>qSQFpDX@~boL zNhXRl^wKqplT|UIx$f}|<||R)Zw$_>Sr?=};-{$F%hqG-8X>>#198FNv!5b*PL8z_ z@gJ{xdK)iIXYTwAbIe4YU;)*o&;Fy_S_q{6imOHpJh&UWFT!{-?f2eu@N*g-a@Z(=gMoGsB7&xU`n)IXihL}vZ?XCD&{2*dejUqqEl+|c1J&S!kW z$j3(p>h|{sg$9poG$ci(^IRDG#l%D8hfK5<^KSY2)+`F$kS)|2!;>|NrMU4k#d(@# zW#W`X{>GV<1{8#ZgyPai`(8w2N_r5PvVKU;Upvr?(rEEjnWZSC=X{<&6>=FT@LBII z^CzE3j}ICM5|e90^QhlJ{3$komhZ@1+~;C&l=;~PH(cr+qUBk2 z>$Z5A(U>`?F;Jk$W1Nmw=?^$*VxnZNdPB--F7Cb}`#YU%BcU)Y!^vt}B$TLriotI^ zcIn#oEaaC#6eoEWF7gb)ags74eNXcF@1CzDN55wXIkJtaX(4|OYeitBhPMu-ss9j= zlw2{k7cMFD<{1oWKE@Wh(rb_zxLEo;-vh*<0wze&N#t%krW-IV^dOfgVB$%*$Sz;* z)-#Bn;$0(46{`E@!O4od*ldH=Aah6%;^kn*v$^(PY*=l@Qp;ack2!jH7xI2w z=z@mqXdyfc)#7N+(-*)MON|064m@2sF3A#T8g@$k6kghwzxLB{X6#t8d#PA;;Cx?{${F)3c zGQ;nmz_#2qM$y2!GC>DX^R$3rG0i?+k5%5VY(N@C@7f)%I-gOl6J+PZxQ*5&nL{oC ze?)rP>mAzQ>oA6+EtepwNY*qKJ>Aa0OE-`+DjTq4dqK5^0OGXues3pc7{A7OaAKkor|X#bOB+N*%&ctJ!95P^k4I11xrZ>YFq8l6INCrM zzbET-AezmGLwx7alM}XwqJ=*g!TjKT<~)skaN!d?i5L17%R!UC6&Db0CgE;Ln&ddc z*|Nn9-p<)rG(p6h%fa0bLKmN9sFuHGyK7T~LD+kgO4e)O?L0$vlJ~0^Gz)EzPt*4# z4-CT(?#SGTwJsH%+SwZ`>$MVIwSAZn?{wnMAr)sH+H+rIKNWivmdTW+%27!M#q z%-6E{2U=Is0|^*okf#6Qs@X}&7v z{*JV`fK2G9K^X!WpS%9&sXZ-%5eD@r?o zGHc*ga*g`0bm8xxxt%517JHJ$yfj4Ha_bZe8hsO!s4YEGG2go$#F=cry&N)EpT73C zCfOWcp_)loIsK(#-7vpQ?dwOiEbPtSNc#b>M%E%Y;S8mL z3ujMrYJ<-%<}0dEW%UboKOs$L(QTZD2>@1=V}l2)m66=$6|2?H4;9Rl{GqalglC039_Aav!^IU3zal$C>;b+LFFDkik5?V@npbpWn0EH3crE}rE@XNHs@tpwevvhb zJo=d}%T+h7U;oaJYZ9fnm|>x72X#duQBmFI_mq^i{;ZdYpYG~!^=rC*V+{^al|c&} zfcgi8|ME)2kYbgVSz0)nmUg7VFmb9(sP3P@^!{E~=1nrT^*F z=h9X_k{jdU)-mQVc0_T~kyBvH5>kYbCGjU7#Y9R?5Ezl(BtX@I z+Z}uiLIlj~`;NLY`D>(d1Qd0VhH9P<4-*OxTOYlGiqZky0ZS+M`U++BF$OvA%`Iv7 z_w<~gLN)BvJdN0RNH2fiNB_1crJ;)!{jihBsmYm|pvyvPL18ol<$Dl3K+3l7xltS@ z>kg0oNT`#%U>PcBzqnZ>6Z#Upp%V3Z@+GH6`0LPy{$0$*bUp&h%!_4fW#b$=ZepR? zYf!*>f4|!D%U=4>4Iu%!3t^8Lc!qA)3rz*94qeDu9q>II@4ZPxMde0>Gwm{QyA-dL zs@|2*VEJ;GY8nX4I#X!YAb@bkYJ(VZSdNBNF|tb|zsimTe(YBo5j}ONl5z~V7}o79 z4>ntkrZ!eCgWIAD!}@)JCcM0hH_A27Q@mYDaC&PK;*QGwlQ3YoPa?nbefQkNJjkOo zbdJxabI=9t+@)5~Ab*?MZRp=I7zlnipq+g3^`>bXlxrhd*hLJ~@J5U;#0DIWw~+M} zoWhn2bprEf2TtXYTTg1)7IjgqGN$}iIltKplF<{qGVGF&I=%>}booVd`YdbnpCVO>WML{J&7o^W<=Bss^r-wvt^NQEjTyJ6ry**{l)`7*l>;uHn1 z3L@P>0it!SUU;_z(iabXBg4(ijNJYeP}gpxW50ql=oTZpq6deToSau*maTo$&JXdd zU;IKmG475OAjEnePg7KIXYI%Zc|tOSRO6xIt{X`Wa_Yx|0=an874h>kb(2*F`ivr{ z6+1rDEs8Bga?u6A*EsV)Il*-XEJQp zXK5p4whzNvGM1BNzG@4~+C8a~!UhK6Q-T<7!Doer?G4}F5ul=U@|B)n>dy;VlU*tW zMWQX9uPI+@m>b3o>w@4E$!2@Q<7A22XXK*65w4KRA{yO;HOVIu57e1TUar+ihk;!J zP5|nNE98HKoJQ|gA9bfo!NTQ%6SByfwUX42DppCjk^uT-u4mS6tO7hE@tI1{v1go* zyy!NO2kK;MyjFb()5+UMws!TZR*n?*U>n3vE9bIek9Y`0weH-tn%tCJxxB+hy8Ukz zHa*&L-t+1iS2Wp&80Cozd{ zC3Va|I4bQa5CoDU2TD8JjTW2~-}%Nqm5J~62a{z>*S$*--IY6D#flU!3aGGnvUBcu z149*J)!eL{9rWwjxAwX1$ortT%oAAQ1haoV$-NnI?q$Qd{hD=xI}b3qp3--ms_qs?!J-{N_k9R82+N8j56 z65!QyH%=md1b)x-ts37YGmT(YO8D$ZB@N4I0e>VNdL=JNcz z;}9smOH!rb;o&#zbwo$1T{&P-TN)z`fO>U!YciEJgtU?d2tH-KLr&2=M*rw&He*4y zXb`!^Ze<>PJV1b)s^4B@R>yEH!@WorCYJGel zmD}Sry)XRR6O8=WUN~+?Slw_bbLY=P!oQ2z6xj}7VGV2f`%}ZSFX=d>%Kf(!J=TZ* z_bL3RuUhv1`3?X7crO3%KXgw{N=k~b#$dO@+IWEVbYsT5zuCyXHFoXo?QpV@)dYsW zE&hFKle$hm|2)qgMxj7(fzAElRT>&BIReKrh{P3F(;HzM1yi29k{14u+C5|gf_l_T z=e@?~bxR4)zkeEeA54l4!cph7*gDLfLn^Mi)Ec(iI{`}T@9byxci(G*;-UdLy7}*$ z6>g2ckEifE%wU#;(qcxIg^`v>B}BNv75f*#PT4RaJ)jFINb|THs=D_f{9xl`rfD*B zCo_vXF07(xXFn&@y&Bj2_MwC;l!?ncRfu3MvA=GwqfuRJXqhqp{`5etVXuR`5O?>K`%--^ zz>V;!{#Z#HjQ`0>YW2)TPew8SX6Z7+b;6_AkVi>ckKn$ksXZoyc&WR(_aQIaI-_L} zol)&PJ&dgmA$KOUC{@!yM*%>6J?zdiSuj**>^$?`w6ZeJ$s-8e4LXkBs(Y?gPfISL zXz@Y5jOtwwFrF1IU^^>4xuJgIpRx1?hs5vrm{)@c9uex3mn-tLi_9b07m=5Gb zF@FEWq!jX67c;MtQSBYYAcdT?VVoi+Yt3hMEzk4~^@+(#RRf1keYt-aE1^MTg4

    <7tnl;@PZdFuJAd=W*dL;cHHe}ILox^bLq}e;~2EG z;LAmVM~l^m^uH?{dcN*7oXJa(;ZQXNzr;EyS$zuEgp_JAEWuv|W!0H$rl4K&3UZz%FkWs+mrXIdAtLFK|)O6qweS`Y;?MbM7{c-?v78MPRNU7va2r>pM?6c^n z)1-M{qGQe;p=UCv7d=^>hF1wujA*H5R!xm&_?^I&?|0@Fh8cP2@Ik9Ai0fsSTNx@O z@f_bEDEBOmhcZ?-4Ej+4D=4@}b8lQwzKbvR{wGwB?AG2`R_Q`D7SZdF+Ab7x5lKS_ zm#nz+SENuCtCe1J-cuGg^4m!yY7w5Q9DZL1MA{7v^`rk6bLSn8<^TSD5*kL5kc_Cv z9wD2oii~Ws$|xfl7qUlIRz7yJ%bwYn-6At_*{dYF5X!!c`#95Q{=VPexbORMKW=}d zWu4b~zTfZTcs*aQgD8topLjxcxPCoiouiS1=n*ZUy6(9M4NtYYlwf0)1j5MAGc$=r zEX-JC--eDWs;cX_SF7;zJ${@J3@~3%XaANtJw=5f%wB@ADWNc2J{|JPUALE8FxP)> zK^(8O=H7q=`;0V1Q^yowCz=y<->5Gt%9+K&@dpIfSvzta1Pb0fbrXtiZ!x1F`>MIJ zwwqRW-hTPb5pDi*&3~o`Z*@jW6(7v)WlA{?X#_Ep41P7I}#g{k_K4Xx$O2k& ztDo)7Ccjs^P?=T?+3rnqs~I&ldR*69?y!HWli+SNx6&Sj^^Tt|8(o-Yv3NpHv?5Wo zq8%v^zZI1Q;(y2}sFK<`0Bk(TFRu47Yy;5RK{%UTb94N%y1Z3&Z?-f1ZBGjS1LHfh zVE=CY`6;tY=Q1kiz&Z6(h%!u*>20M(|w@@1gHh2>_|%6U-e<>I__+^NvL1nfwNR zKu=4d51mCWZ+s3Aka+Sta&m^@u{;8rBUO8cL7t)!w2DDL3cjpqXc%5zez7A-m>lYi z9GEL>ytk!Opj&!*EC#s`J;EARs1t8G9JRi`(d!oWpdZgB9QwAdheK+04%ws63nCl?cXJ6Y z1Er|qVx!>C2>WZ#!qIDiPvJ@eJxP++Eo}Po1Am9UtZ;5Ak*F>_5==&TnQ^KE$ddWEn#hhtK*b*05`(9vVxGNU?7KGJC zau&5lZXP2D+{YX{HKVNh&s9W*?9h5vmZMJLo>E2}*~3?;kjh1Yb79HT=s-m#lcdh4 zGMjR5nx|DJ1AMk(Ace^QO_d<@MLUs7d7))^JqM*zrC!XJA-=GBK}|}1y)cf@e=f=` zJU}KX$5T%Y_k1wbZ9IIuxSq&5{_eW9rZ-J_rkjz8T99UEjn2rs*&Sk)a-tsSV<=U5 zyd9*0ongtk%FUQ}Y~#eDTssbhyuFf z!NG@WB!Qk~(a^BpTDj0!ThxCphVen8PW4gvE7a`<@TJf8lXB}!;$B=Uv}BVzrt9GF z;-s z{!V+UDk^WGjUM2^eWB#b7mJHRLZ7xbe_V3;cJuuJwXugUsGoq|!vm?fEphJK*H7a* zo()&I9XDU(kj?f|E*Vb1k6sFj3BuU{LDI_Ax7YbOZ}rxfCmOD^NmZ>K$prHs5q<2Q z7#_Sk@OF$L0D$BK7du7|_bWWx3$DrEp0N92S|%vM8_mexJf!GBuyfc?dBJH>B+il{ zd6Y3YdNl;lF`oX|OsK|gRv2-PYx)9~CkqA*Dvro&rKu4KtP@Y?n*t{9#Z!L6f#q;$w~ z3_Eo+o(~+Y>b9`?t(~3nFnJyg^P!;>@19rk=F^%2N|2_9=KwB6^)0%Fz7L~IiiPF;^7mKMIk>)3fgBq14~Yr327632BK27+ly)CKmMgmYM4NUT-`u?TIQ z2P44MqKTcWT-<^e+s!iy@EhjUBCe5tnT~CjiGu5U$zblyM^ys>&qLZo4^4PC_+Vp# zGfWTZXU0qFLC~rbhrTwPhJxYzg5Z4ffP|wQiC;QvEEPMvnXJwE0RXG1kx|X*_gf2$ zQnEHq2{)zeJQ&At`Q5_lCKDocNfI4Zk|&|7)$Rr);gzf9@78CO7ejxxvBPTm?h^(m zS}osO<3%`iK#1V*x}@Ap`?>3DrMJzw^qd%J}|6 zZD=&q?X2^Z^y+w*G774l>3cyBwf+li^*uG!5ohgn>pr1$62I_TiE9IP&>RDEM4G{u zCBio$UtPl!JSziW+ZbD}18alOH?bfkQk}>*(?_j(*I3nEdZ3dxp#D{+D>c95T(US#@M5ne7BGjWwxZXFbrsshchD!^7Cm)aggM7Ro9KID2+x<9pE=t|li2til z2S9bkCYhDwce>?E<_^VJ^IoQ*>4uvOsHkX9>8An|;^*3K;8LoMb!p!RE;9UVl6EOM zWRSvnvlKi>V-6I`@j`Np%Gp~3jAMZSI(^@fkI?th`B$|;K ziO^oefGC9{6ol#l_K0T&m3tfKK(Uero@5LcO=;sQ>`tSw650f}9GjLOgWLqg>Kr9i zVEn}4o!Vpo0fDjHTn$h=h~_?IWxU7+n|rmUP7po;5!RxO|Jv@yWmh$5yScxeIGQFn zate*ICROM~bZqY0#I=d{W@;M#Z;{~A+#(ffldR#!Jy`^=gY5Z6PDRq3N5R3;9v*eZ zOUX)x0RwNDfeHXf#8eaC*0#0Z6&%f%ov| zpHN!SA&aDp!wIP%@>43v%~cZkAkvZV++A5_b;tCpDi64KEd4rf10`_4OLfd8_`-F=bYp!(Z=VP#JX~*NoX)5s><0 zq}1pL`R|QN03aZ((iMvDofwsxI-`^2w)=W-4}=^uLpiaKyA&1ens7^?Z)>g-8%w-) zs|fGgNm>XBE;8;orPyZ=QP>Y%COoMj`ht;}rC6ngijk4044KqU5oJ`uv$Ky-n&5QS zTkxOEAH?FJpv)WHgYwDCm%}2_8yjn*ddp|G+)nMybkZZ#%KQ9w;G3Y{(o^Y1*L*&$ zK)&#t?&2o$98l~Okv-9;Kjzmw8T2F(zriG2Y-@N}oG=}Z=+T0tFAP6gC&`q49Q58k zj-@M3`{JiVg!j^9@;oTz-&`5$%7oK$EkVzV^iuRbUEk0zOZ}NxI{q%?t8e!h8pq=v z0WjJ7b`(p^ltTqxDvqr4ZEIIlN=)Ir&@0K-6|^RScp91s?9noU<>@v(jO9Bz<%Vpy zfDc0HWPayZ2cei1yGd;@qO5H2SEdrE2Ozh71IS;$D`HX@3sk2>ACG_%_SjD`z~ zR$_tr#()Pvj7zkyCpZekpMUMnGuaUwoV4Uc_)(8*wRxh-UQiN&nbRwQrL2#S&qJCisSYdoq)?LMo_)B>+7n}~LHtyEP&?3~})W;#pAWF~mu($h>R z|5EB1Ln=FwV9eqZ`TKoJ`Pyyf29-8%eRptz1{K3lG*Eu4?RNT740mWj$Gf`&ssjvip${xxfW&xU zcUZf0Jp=^>36r&{8f=~n=g28(PAPFR@On@4C9B} zGSPxM&g9s9UKdQ>9C?QwwW`Bm$(MQ z3Zcupr_*X&#eg&!Cev?d4)kphs@M+I(IUkl0NEr0Bs*WEQWU}b;&CWR%G(!xH3@nw z+mpVFw}DCxoDM}>Wv3@gSZ8rp7lP>nDN8dxH6mY<6M6#c?LpG3Rl^Dv`*yuNvP8(o ztUL+AkDU6lu{{`fp@Li7T{N5RniwMgZq^=;!l}~V) zmuCAI{#9lg`GfNnmOe%?pou4*R;K+?AZt-e*-QWuXI5`_?&`%)@0A%@vwAR(NEVBZ z5*=T-koD&1#VgOuHRJI;-L}jPk9BkfwVuwA7*}f}>u0E*(I1#uEd5m2PEQt;--7AD@fVfMN&&#ul- zODu2afKA~I9CFamlj=Lt7vD0*aL)h1fmrit(OXWWLUTO&7M|TjW-kr{+KF$w(9}Rd zai8lzi9BzzK92x6IIA;@NqhHxJmbDpmf4j_k-sQlEw(VzKQDeLeKdbTI0*WiM@~18 zL;<(XhjJnTJ+w)E$W2uU_mnV`NKN-#mZvI67{WwjTX3tq{q5Bn0%7#nA?m45_&I1oTHpFNW!>Wkg438x7@ z0=1U_!e;wQ#V@o|_W5&kPW=(HvT!G=eli&2HqV=2gohsv&G%fOaJ0LUOn$H6}Ss+F0M@!3Au?M@_@ z+897ZXCh_#uG-8v*OvYmb3xgf#S|XHBe)%WPYwD`($I@)&29hHe9ij{0_wZ|69JV7 z@g@5k0_xy1&iVe^ANc1jw<{=Vd9#qVrR%tj_ri9FJeJkWWr6TQP-Z+muBM!69gtw9 zgFCLFFy4BZ_8=u~2uSW^sc1TN$L7$_2a`@;bkcO)_WP|tIlW)_rLg&ru6a{e*vFVq z%M?m74!#HJwl9|LyY~ldSr5pjC!$@)H*`B|^+PULRSeaLUe?(pA*_v{G4vPHNW-^{ z=P|gQCT&K6$L1Hm&e(Y3`|`mf(hKY}rG=MkbV8fnj-~ds*@V9f5rRV1+PNbFy&iCR zWS73@n|ATh0hpPts9C<(_Yk|0MKeNq8?{tV&Bf)VVU+hTsm?*Wr#B9IYYp_J_q!7y(kD6H*OTr;gnP&piAebEzTkNfz1@FoP}v zh1~5zLd<(h_;qeMXJ9Ulf!S;p!Vg3-lsy%uJCvK}o?Noes7qwv z5_7)J;1NdCX~{T$X11BwJ6Nfq<1Ai@_g;_#w+qDyND)$`o?ri5S7XJ8ZsLnQ)T*Bt z-TP6)_L1ngz^)OBYEr3Z-bvKlZQ|prz)xLKxn37yfNH+Z=zIVp6(e*+PF$QQ$*6+s z0DaOiDyr$K@HKMMD6HED7V^0WM<9OC>ol>la>9W?nVZ77K|tX+awzRV<^N82-u^4$ z*^gJoc@Ykxe-fS~qyHd0Whh|ZPyj=U*u_iT3{(~m(5)gaBZyNmjkf9VTj(ISSc-dT zFc2YzAP_gUhs(GQT$iwR-p)v+tygR>m^WFq>-HMqKXjg7d_l@62>gTK0{pzm<|0Vr z#eG@JFaZMGA-QH)Ys#$zjS`pjZUX_fg=CZ1}CoF$HEcELf<{5*HrADE}9$>{tKrXmU0 z9uIP+=#=5x<~QqR5>=_}=mD`0T@YHLTS@ksZfdTd4+!nvItGmbnW)T)dV-2Z?UEmN z-nQX7hE;Gif@0+C9P3thUL60n`RwF{5Q^a0Awwf-$=s!K-1xeAnS)_<94M`Tc`gd4 z>9x%@Kt$H(I2j&m(9XUZFWOT&enJm_Ayr8wKO%AZ=aW8j+rcwgI2TDxZ?Iajj zFTHjmhE}`32mnE}fXylV4X-OqFARup0|f-Ck`22(3m7^&mWH)I5nmhL z0$;uBbh1^G3*rGs8Ro#@{?6UIzH_(c%7Q>niWSpuCwu)3=Z>0=urg#Cr(=A2)J^p~ zvvmVn^=UHGAVFGGLIMq7-ZVhK-r16_262FUaPiJi>ErB<6Fuv<7~BL~=k-s;#+}bT zfN8jVwUn*^mK+6ok$P;!*41@n_iRQ{`-1Zn?6ng+{=vgVum|~ODn?@C zbhNb6pFbyr4m5fi5wM~6`v3cWlk4W`O zR#PA=5kiw&@MaY5^!sd9BkzfD4NJP|l`v-O_egApC;sHLOCCxi7^*UUmNgAP!Jr2y zd!&JvnP1}0zlSyHT^%;~7w`O&)|{j+IeQkDrE#+^_wpJ`Pd79z-miw3nCGuj^d7P* zO9=7JQ(Mb_!G9;S~iFzy)|u#d|xJ3b8pteWJsfDN|3pI3Et(t?jkQ z)OY3?d#Z3sCviUfya75XhK%oTbcawi6G@pm&{Ou_&GRqDR$^!10RQIGb*c?02ZhBK zGbA%SGMxn}=YQ2$&_sk9hqX9Y!BfB704xMUf`e^M)nmeAE6~{KB|Xr%ts=N37x3=MdA%2@J$MRK(4nZ-|-8cSG zdHrCRHL^VmClBOj_}E0vf9HdjBMs29ujdwP&EIEIP^h_zUP=2Be_;^yQJ?Z1Te-jm zIKw05(9_r}9cCB7qBZ9JW+fkTD59qvp<8fCQ=eU+19ZggZaTZxbr5YK0;d1^6#I+R z+_HOc>;Q9Y^1buy7{r?(95J(B0{son+%SLMyEV3G)DzCvP;PY&uN6-W#G|W`;x?iq znxHHp;|`Uo&tT6+w10Kls(1rkQtaEPvNC=cegZ18>!fq-a_vMtb5)Q`ecx2j;%S?a z%IguNpx(XX)2y=F(qAahv{+l*JGMNr5%@7C&z4KzSaxqnq~z9>T`4Ika*&(|QoOB_ zptHI%H$a{lt+7-eLm^`fzd>d>w@-LylZMD4)=7aX-7L~O5m3|biR4#!hl7^V_eQbA zN>MPyORX^#Iz0|ED=mTb_e6Fs;wjU7OkMr(3)*J!FBo~1BN2aV^`(n#kI z>X%fvXdBhb&_}VaxBEbf4K}xW zTN3t}?K3od5p~Kp#E$f90JLf>h)PA7P6Qu1^&Up7b7XEkm6Ekq!}=cike!20|) ztB5`EJU!0#Vz9RBGwn5*e4JoLgRo#LlkP*FOvRgvNuPyo>A@ZFD$Fqb#@t2dpmTaK zkwM2Lh!W|(NVzb*o3ALGvKZtPiY&AE=?Ee1yeXSbdX6N8)S)j~)i%$sHL z1vCv8(A>1~i{~U`3tfO56}Ijm^$ED6^!q1lq-#ep$3B$5Vm8qO0SUTROpcC(u!fjE z;(33+ZPoxJWo4o%=e`G;dY-B3Beb6PFh6*|=n*r!tx3aGi(AC_9Xh~pf{wd5@mAs* z+C<@?QAC3BZ8K?rYoG0pK=S^n0RdX#zR$NNkl)-%-+-N)>BD4ePg4=fwo z;4>x7QpW)m5nRu_o^m5!kbR>`oU$D+kV(?3Q__B;3lC-zg&>ZTlzmR@yoRu(v@xu@$;X9a`29DhdAztM3~t=`@G)^VN6X3SVjv0a z@$Ve$ZF{>mXNQD6E7uyB;&KOYU=h>iD_j97W!XQfekZH&+NnUCe6TGx%$7K5UuPxpWz=>+A|JuE-S?0{4ILG@1&rwq!&BY1 z9#?dQ&z6$e%0EtJY21A=H&A zmdyONl~qJ$XEXHS)BQ_kJAIX&)3Nc>ILvqb7}10I-X%i(@b~&}Cj`0{pH^&ijg+MC zW#pG#f+!nx;)Mso?7g#tedZZ9ndZYnoozSgb>i+=E;FF^RhyU(UBBp3D3`ee991jpDscs9 zcC(BEiPW2FIu-MqpD(v}j7D=omjR=dY}L(5t^dtfyWe5$ax@6!=xSAVtik!ht-Xy+ zTmK>lQlaRIP354`px}mUuM<*+HcZ?_PDjKkGVDfubQv|gYBX+*-(nb&_7?}${e}VBlUtXUk=A9RaD+SIRSXaz7UvL=N;9#g2R%t)Se&tp@=u0TEbuOzTo`N5dt0cw&b!XO|wM z@DhsisK+^xc`Dbgy@YhT%inGfm*+wq{^GPCqq3&v35(9B0gU2Ho+Rr#exHHHNyibs z`(WPA$1kY0ZXFjXB{}-VOHt043%q?@0=TL{G1fEOOjT6A75W3hdGeH-Be$JJ*LK@aj!xc7=X z%kxxBRbg;8%KGlzyXw@=<&Y|Vd$igfdkfitkhcsTLr2Flbn6QS2{)&q#RkB8Vcnag zo@?`0sbAAVJS~koQBoZyd$O!P68{A=KVJ-kouT2HPLe#P$p zd}*TAM}mMEo`V3a{kMI-7{K2gO7Zfohv;C@!Jo|TPZW6gS=s;pxb8sHPcr%Ek0T=p zL3^Q`bI`Dg-}#mgl@5ZgAa6Nk4bcd<{p)S)z33d!(+Eqy@@>q(Q2F=kvGSab@76=O z1=Jd%=gKE9c~SfkqH3sa`IGs!s^9;V@T=$?aeng2)0WTqfB$&7 zf4=Y0p+^{Nr1HOwNhyOD>Bz0-G0#4Db%dXGZN*ysgAHE%oFMW$qy5MC0J#0Xp`8EU zlezz=Y&Q1guCDz7^2WXF$HpV25`fXl zMP;7E`vpDYY9L>8;XAB>fq4Kz@sPQo3ss} z?^Z=`JQplRV7I#r0c zkth{4w^;8|cb9%LUlDqACTf*E?wIeEUE7DnQ}TDN8zTDy6hL3wK)AU=hthfPNtkK- zs$AWr`KuGQAMi))nyDr=*Xjo5Hf8xVQGOMK0?~)Y4SOk!#fH@VDoB^`a{^ZV9D+QAtLe^PDneM_a5PH@vEcHO;y@4(yD5-;!;6hS#-49% zvA_Iz>V*+yfq4LKh*A~OvxEP$Jk@I%=nGM2{)<3WB&cQy;{y4&;3CO%l7Hke4b?-h zB^{>9`)d(qMhxyiq~8m0Oq?w*peCp?=NfHPqftoOGpIGgLQyEJRgP1NyMwnJzO#`7sKe<;3g3wK_B|Q9 zAN(hwr(RpHDRoOs8Yb4)k5Y5}hPwpOtOy`mIFMId96ud$+x`2y2k6T7pWUo*8`g?& zP4FeTalTBEs72BqqFSEavzxwonbK?>)HE0!pF2c=diIVl#MOMV^|5jEE!WO-2rEk- zaa8cgo?E)Y*CctYaW?>`-;g^_?Y1S6_;Csp%m?Q84=%9Ywv=$77JnEpb!$3*He3hO ziL7t4|6A;9l|`&Q#;w#lnIm{yvHdi5ukR!q2tiT0dPX*@p?C3)_V&FC?rk`5@=h^{a$^P zHY+v)+(ZhZJX74TI%v`B$wEl+9P$0TLsOauXe;ueDQ_Wp^|R|8xJSO#F2i{ZDAY-C zoH~GaoPVci?B6r6KK~U1i#TI{V$gaQ1O`iUyf)jjoqQjXOK!+Exk!E-Q7v)&B_<sA& zY?lexOOq4W4U!UdYB@pW`20;Y6yVTJ^E4{+`kfx?4Tu#+pgJ%;`#_@uR<&ti(i(~i zNi6v}xu&`yH@23-BAs@f5&7~}=tTZ-Z+uc;A>i$#;8gzy?Mi#vWG&RE=(RCV=~ z?XNGUv3ZYS?$tYE>)rK*lC+TJ`o6BGdI7rcGGz4F`}7Efd=0Dbk+_Faj$;&VvTaj8qH z>o!oRnyGd#!Mgc5e)AR%LAT;}uuQ&asRa{h0Kpn%h-u7rDawaZ!icVbJVl|KromRL8u3cXV+K72mKzSV4uD?0QK;EGxDF^TOo5 z#Es%o-aC{PJV&h>PvA7VYkP1N111an3tr(^a(`#d?xQ5w$9W>_R${dEdrcwzOi$GP z-SHdTuR?~iPy)2r7%nUa$1j?S z6`}Tglk-h``0TO#frASVdW!58XL<{6F5rg2C9t35dSCxwbvT2>@CTQ72;J;YOs)Wp zKhWvbS2t&_DB!)HApkiw0b7lU0F!n=3gDcK6&21DtW zzLY2gTLt&dTM*BY>}u#Xz66mMJU2`>!i0P5IwbR7K{=T(X3NZ;@EB)dc1GQ4WIPr7;4KDX1aFHh#c+c~2T1 zjXq(a_MJ!8L0b<<*JzLSMVc%N&O^UO*y!k=lKPa zYZ~+XZ>*{1WSR`x7D{js9qmNPIR8nTvImmWow~tG>#-<&q^OtZNdLe9Vr5b7N*c*Z z?0QW;!>XFX>5qT=)-B!#-_5|zuH5eeN68_DW}4W$)4G0qM@lsAcArCWM~QrER23^( zalQL~z&qI)Y$`;g5oOR(fbPFYY_%)dsUDuo+>VAT%#dFS2`@ys>1GdL{*ng##ZHK0-R5VK6}_h|x>19X&NF{B61XsE z6Y~GCg%!aS>*c9{fx!XOILH7(2>V&TjlQsa$bfwb+&h-8$YL>+WbxxVi{IapfF}s$ zPM|9d1smk7hV>!cA4WiYqP}E)P9RYf^%YVk!r(75+!NHR)Z06{+G2Q?na*OLaj`#rT_!j++ z{mPa;Ijt+x9Rb_sffOn9+?<0kLX1KR_RfKW6(HrCyy=r0Vu1hNK|^t)XRD^Q^g<`n2{44h!RUS2OR2x3uCsP6<6+D4KbGNLMLhf=@v;)CRG8}opvl7a) zpIH2o?t~?-<&)sLg@pIRlt1{t{pn0<$mf=urXPPPa{B z;rLD@Of{sxVp?O}*p}MfHWwDVIbryLzTKT_bUO4GZmV=eDl%JLLS%(8V+~<}l4^AOU z_!KgJ;%UGfd_D*Ve^Y)}gCODpSU8pplfNpDbb)-)0;#j{E!p%g+syTg9?t`LxSn|WcISYQq0q6w8f!Dxkg?x*A?)}P~ z1`U@bTb~x@F1x3}cr)SMx+xx{E+r<9J%H!+gRy(Aa;Val?i;N)4;0k`9(eY(V=x+F z-QDB{!8<<+U*AtUC*PL)~9)AtlGh40)Q^xIn-{ zQRI&-kUTti#ps3V^D0&H9S2}7Awy&(WIjW?kwI-g&r;{LTID1ms>DP+ha~t05QnUx z&&?7^0DrR78akLV)@nE2=sn%qAb1w$DUHk|kdr&vxI!MFZv^%TBwmSNJuRbz! zBzsmMqjNjcJZ9l8WK%gTO~3_(Zi+HJJ%X3>m&lok9B*b+p#552Kz69vWJ&g*Qn1Mh zc$rAkj>fVf^@~UX{};WW4rf+BCa@rFXZ29_xt+4Vlhr`kJ8LB$=rTY^5VF?6RnSAa zLPL7|E-l6!zL1w5^}(_qXZVS&B86jK_^$>5<4}1$$KM39N@1vnEZMOXXF(HKMNs&U zErw21^mS*%39(#ZvLHwXKLX-RUM1~3GvM;4xT{>YahEn(vCzan)i=01`cML`-DcTZz-UE?ZAW6m2`v-ERcOTQ?omY99)4uU#-xAw+K|cUGRKO@8 z-Iiu2?N}2Cmg4`=7*sttm^SrjZ*8%gSyGY#s*tOO7*iw+&}Q>UqjUdpjc|a^0s&ZN zW}T5Y%%G&0C6bP~(3P-!2|jv8Sn|R_jxq@#ka@pG1(m|b^p>_qT#E0LjOQ^{(9od# zhO;DBuIrPSoofi(yDf4_B`Mby;_{G$eSjSy$&^Gfpyh+3g(4kfshZw5a)<0ajxx_j z12E#}o%F9i7q~q z6{Jb5DfcCXWTHG0DbN73usAh(3+YuO1wbzSn~P}e;9Tbl9=>y9;hZrtC5McKp8pCB z?Yp@Ic@pP|N$IH=8q=QfXymMhFI^w119A@;Jb}#Qy7BlX6W~CdHv6uB)JVuA^_?v4 z6k$p2A4S@?wv=rx$|BxtNy;`Cu_z2ocAdB*Ju=Dhd@;qivgUWLkvf#6pd5W&H2_=+7w> z6OgwC<5V0xC>qu?o=wCnYZ0Wgv$kFUXbb1WHXvi>5g9`48cHn=rK1` zC8vzCaUNGA1UnGfazW~Jm8YUw_HR`CQSF1ykyl^2)FA|^PkwLQBO9;bhrEAH2c^yA zA93S^5*tzgIDkay=AGqwU-PW%KLbV&B*PWm9JK&G4tx-aw3;{@CkVaep(|D|sdFVB@Vu*U@XQA&zX&X9wL@@i-&>B$ZjB&36G(qft)3ylVS0OVULo-OvoWF} z$?#1eX>pbHBN2*AS;>)-#}-zSI2;}NF!+q;4=!jXL15WxyPD-Q@EpJ~QukXeI*Z7z zvHp7eTWvAJIT%#YHVt?BuPj`zMj9Z!U&72!K6u=(kElzWUp=$h_bxiHk@u<+?j$z` z^OXVJ_hR_k!3jd(Nejz;A6oR?=Ch)<<()xttl*>64f0coWVnKY51sLVPS?VZp=B1` z?^pQU)~`0zY1w7Y3=FTE^C2Qr#dWCA1gW2F^9w+{nJI+G^4G>tlojAx45i3@NmpeT zzjQ-A67FjL`!kfrJ`r0CDE;=WK#QkZMDnn!(0;WeUwl6)?yi|I{gruU)V2iVpbvZ zHh#lJ3Vy3HX9ic<)I>lvj-`Fmu~ptSD|*YBG%&!|zO387dM)^_YT;7^DlL=#Y+t3A z{#iG9qM<^r5vbM5>$LcU96POTmTLK#SPMB)hKqBI!`4P=4HmDjB{`ifn+dD*kQ{Nd zn`eW|2(jwxN^jHu1V`zN%ONYb>Yi7#y~ULGOJ4$FH7%`k**8~R#n~=gSf+D?-?&0E z9bcfH^z_A6o--kT%LLW5IAKB^456U0rDi`9L8~I($K8I{)pqf;|H*=odD>NoCt}<>eat<|xrb{W?V97LIJBEGv+H3jmv$E=1rOiGdx} zW-y=emAB1GA-GSOyv6Y*$Pb6TNIC@?GdQ;{3dL4a(2mn*60P45J{+>)`&*?X^q`C$ zWS?51e?`Z5(~z3|_qi3Wf>YQw`a*N!TkAXZXa~g#?qiGLI3x%^?v?Ipa|8pETr{KJWq@%*Q_6gBDlpwtX5T;0;`h%|5)_cB@ z8yrWNkF;TtW!<@p{OIzBy5)p5yS?xWq2Ad=5bDI7ag64=Y_3XdUaWzxKeOVT^n-f4 zVVQ+Ko8r1m#zXIaPtX|`o=$}tjkj&>Y*?+tk>bWhsL41SQUOLrphkPFP3F@_TrY)f zC;tMM_CC}5D_lxiHW_f)%KVx&t~c+rt`SOP`m_Nk0@7 zL-VGilj;Qme9nt|H1n8Ty|Q*ayV_MFU|umJH5?|G%~3YDY0t4_ed@K~qa@HupVu)r zKgJ1~Uwop{L9K?8`fL3$LJg6!C!CAI4cN>0Q=rL^)hBQyo6ddZ0Ebt<#5Y4-Xogrx0ialL>iqoo3 zDy-;%f@i0VkCbkbQ;c*st?iCS<;?gX#p{Hxz-+eN1vr!yPT1OAFQ@lSAbk5cY1p~p zhbR6mOWNtdjIgBV_F2;ZX5Q!N+qj=ZDQzg99EAyZPJXV_+3ZwT<&mIIU$+dEPt{LV zvW*Q8ww3!aFC@}3^fvT&Y;hgEjHgDdW? zcL&0NAOrI75CRg(Z_9Vqocc<-ASQ0cnq}UB%?tti+*B@2E{T{Yd z8x+*`F9FgO9A8i(RP|m?0|R_hm}uma3Jg4bxx%;WU3E%tKl&Gma_gIIQj=;2uT;bSp7Hh7 zBVMRYkzzUR0prCVABwvSDK8Gb-$%qfXy_nUaAGBQsX`BgvjI+@S6PWhs~~sUJM!#M zpP-(@l6aHa7wXzlGc$7(Ap4!|%y!8!!p2SSgj9pzXLjK_I>_u`^Hy z@hKjCc?u}cjHCRn+qHafXOba=Y)4t)g!;}*!LEbPlue-y*+C@M1llv_vI#H_31+*w z!td73!lQ*mAB?3%=w?}vv|ow13=L&uxZCN3jsC|*=nGib90`8|_;v^~umxldXfdoH zf`NzoO#ALem|_uS@1kBO{|R`-PKqDPrn_?Os*P=PQb0iO(+>a|Y}uhH^vZPOV>h7Fs6Q2;U56?Nx&n!sH!nlgwUpBFtod&;KVn1&>* zyJm#jzps3xFiA`eSp}+Kk0@vy@^P-oKQmeW3W*y>=mr?D^lm+rUvBAp@wdp{g{p>9 zkSy-4i1z+Vo3aU< zMyv5bRMn|2V9#D7*_2Bn<2r*F}c?cue{zI%D7lp7E zUr?P8DqlD5*RWLLO0Ymf5CXTt^XKo9JR#`+Te^x(re_n_US7izhiuJAu;`)$*!_^? z(UOm^%xkQ6%26lC?_-5Pq18={W?8@e8W5G{ZDUi65)a+(smq3ou(sL`YvM`EG$ZpH zCMyQ|KV?gKUf$(5+b0nH#_k18MXN5sSQkQ%#>?*+vWLl*Dmv3Y+^7j>voo{G6X))c z91gm-I!K60RVYVkGaitqJAd{(w(VH1_nS?M5lBZ>@0Tfzc5CQ})4NOELj+@*4%dW3 zns^*n(lXSv=GETJXg)$T*(3KDleHFJicN!xnF92c;TNCcXM0@^@iXkypdZZ!R!)AC z1XL@7PQ~#DCQK$B3$$5n0}dVcCoXv1f9&#^wkHr0)F_<=u+fpVWNRJX>xyg+eSuF+ zeS*z={0`Ep^X&V=O+!A-9rxKQsLyO~`& zy*E99Yy=z!;svCcx4zd{)$&7Vzoe1Rz^L&OP+8xFv$H2!h?FG>Z zW_R^5(olBuLeP3#)HX!Qz9~p7a~e4<>7l#JF0DMr&frzic#ro;SHdNGW~k&YRP_+~ z$o#M-TCk_xx%IjuM?Lei2xX)Ap*LU%q^q_4{dKbcRXugUoe?v^pkbZdX&dC=JW(!La})4z_J zDw`^7RA5C8c|{Aqf%!(h>(5qB;5N$+02PWs_P z!*lNQ87hcI0w^0XQ%0FVU#6 zZYZ-a)kV+X<9?53HDkK|XEbXgo+NxAawmnf9{(9w1juMcyTy}pzvH5r>M-UFdKfds z#QS;!{L04kKLAIC=d~b3QMZc^W}H^hLGQB#ip{8)m}et#e|*B>^U&xoND^B@x1C}| zq6g__hhT6Dq|g3(L!A+x2Y7b>d4?q6=@&5m#(`ZO!Aza5?}w%?EN%HYL7s2ZU9FJe zhrM}#_Kcq(OD_Bef>~?&bCkPiuWY_*PH0Z}y?fhX&Gu%Gz&oG*mss7uA(mn_bk6!( zKd;o^enER7iL(FU?f(u9>GUrk;S9RBQ~8fD@_l5*JXdt6e_ovmy}uK~fB()!h<@Uo z$p7pi-3LQ!T^1D<$Lld~ke<`eH)Avfi$YE)=h11g8kM6FQ`Gjq|4Sbgs-N2a9~aT9 zWcY5gy*B$FC~@D=PnPwcR4+=0`VVOM*9!^nJTb@(3U7wO+6yB2+{_tFCr8H=4dvvV zUVSYv&ULPY67cuS{4?V=@ei>0&rAJ(Cx!R_EuV@mkuVY}Fu zU4pwBhGrqP={wD)hU)ON|B4=iC+yfq)3H8Cb;SGgwxEbQ=}qxpFsUr<{gZ-=M8u_1YO5TQFr-rp_!Z+eO1=+wr>{UP;+Im^;!5G!1K(ra=LMZq`TVT8tK+4`d~f zFbZilfJ%nBj_2N3YGPBlq_q9yWK$WXT!3GVsT_nwH?0fN%{X`xAoiF`UNU{%LG_OBg zI6cU0J!t7CfR4BeJ3E`W13rj9T88p6POH{S5a9`<22V?ErqIK24Vk!2=OuXvdb@)_ z-8c+^iwkQYd#k^N`Bm-Qng;yyuSWD2YBQ>^A;|)M>DOu@-nfzckTf5V{E`%U_BLKBU7Sv+3cFarmlGO{+?ZkV6!~i_xgu zT-Ps&*`)q;KyErW;JBg7PX-Dqi=t#d=Bj70{%*7Eb37kpz~_q&pfF9|hP9Z}{vO6N zu|9qH@L^Z)Mai16BEtYU_4n9PB9qn-_gFhJ;=`obZ_{gHg6Dr6FPrK1h|dPkp>~H@ z^74%vzh#}RH}PcCP5iZMg4OLlpumWW67h)=k>41Byh7UR;n!jO&Bj~d28tCVb~Nkl z`TZEf7Pb+aafbK_e!(R}y2*lj9KpE2K^3zI%s5Z^AE}~x8S;8|-hFP7zu-zH|CmBE zG3~j`aaj!09h5}Ol=eXWG)%u7-a>kH^~R*)iye*mAw@36iIbNEhdo?<4&jOsywrV> zzE~`ajt}qhc3abIwLBedAq(>sJ9ZX0hgS4k?|v4SW?9`!+}aI~#$C0>!jPSy;WCgn zkX9)T^Mp`TYmAK#q4Ve^<0vPm4eJYxR`cCmyN{wG?1?RIhDBhhY6=B1)xZ-6TNpWl z5L?LfVB%FV{hXcc{q_+FxMdojz9nnOogdfdJqTvZa(CVdC}<0R1f{8J(inMV>l@Pl z1`Q<`-V_c@_Vf#wd%}gY0OAA*Li7Nm-mjO|Q77BK*K z2xbjpZ4TUy>zxo0tXnTiEo5Mgmq`m30hA;rt_1_gDn>?IZm)!}n)zrzI}##kOL9$E zCXXuTLnCEzK#Cvx5to<0fp#0bME-|m0D*GxSx@X3<#{DRTBn51^Ub_ zYYW~7Jep16J8csqaG&%gHhb_(J%Bj6zJURPh8+fWt~U^U+wOd0l88mjOrbd>2Zu8QR;*I(H!L&5q(I$3H1WV;|j4!eWvbqo0(brQq|*2Fu?A zHBCOkR5oaB%2d(g!8?4AaW4aB*ilH3Y=YI7ktEf+;YjF4u^{U>6 z^wR=WkS0kUJO9CQUnf$V=+W7$Y2_-2S{;P}*f17*@P>m*5syRPE#O!5c7aD~9le<@ z76Flsmu`HNfv<>cyMVf|z?Mzz%I()R;;wowL)$oHvKm%#PMA?ceHfwWVP@kr!RrdM z6KUpULrC)Ib;bjiOCk0^ya@cCOOOOIAkVAoPZ zd*`_a0u~#8mW|$2B>8fP`})b#ne+J2KyAG6>3d8rB_<62f%^)9gx?dckMMYZjp$?( zXac%;n}6=k$ORA|A?4d2t^>5dNWdEMzu0@rxGLAK-5Vv95>e?86j21ELjh6300D#U zZV*9`4nYtRQ91-cx?>WPR1lC5lu1oWq@=s+9T&LPz3%6J-siVJ?EPtPJ}l8S1Fm_U z<2=VP{^JS7eS?7TUbdTSy+KbzHsW*@ zO>E^+-CO8K0sA*%HU-VwIRjpg7x1ZPv5!o*YRxEq3OcWt-W@t`b2ucC8miUo+}yIA z6Y;DNSFZ}$4 z5@U+zHuS<=f@f0iy~kJ{BcZ;cxbBfXlhyL3UOM~GNH-&#Xr&wm(oJ2usl4^3lb4W; z_T#pPogJ_BTqnoqliOZeu=NB51#QfCknODPUp=*g8pm8PwX`IO7WoF@7OV>mnI9kG zoIKzXr#X)PEe$ai>fMn%;nC zx8u#Yfp>1L%bU~4)JtS--m0Qy-UlE1F?UU>N-!k(j;|=;P`&qF=)j4xbl%KogAo}; zFgUhEnAB}?Bef2x2OG)8`u_H z&~BU7X(@bIWuiRjqc02Z&JOzrRo$jCMVtx2j6J+rN)6Xl?FqPgwls4@(BQ%$>8E8j z)eDKveMO(K$vlcHlT!cN2;E{(7jbvss8|t&!=8OqP*Ktya>GM+#H-JNgQhJh9cZ} zeMQx)rDYTE)DcDcTHAtK&d=t1=hq%gZM%Xveyo}4E{PdVcUrvaCW%@ZBhBgS|K=AK+ z<6xU$DZ!MPQm$gLQh7r=zL;O#&>al(vJf721HTC0x$8jw2xZ*-%cf?rQ zkwR>+8=_ zG8mIX0u4e6mHTxxf!w*>bo@`~aiD{)nVB1c<=TcnI*B9*!}d@$$(ocy4AcVmSd}znwld;mM@?$ihdD&oFo`s^}x`N zavDW04~0Tx!g*R&+8gp~@RtJ3*&v;`EmU?jS-ZF;eg+-MYi_7w^LE-MY#Evuv0UYN zaBm*Lh+UJ`D2)OpmG=Kh5mS?Poe2q{P%ZjxcIx!$&9Gc3O(Oa1?$pIKP~-ena zt-oDqCGo+P7IRq`&NCx@Fq7^mDR98L|MaDeD*oe3OFXyzw=b>eW#hY^lEyd=SeCya zVo&s6#Nx$bOaQzLwWRhQ;#q z%@ZwyL1!?26~r^^^UKwA2&qaUHLhl1uYV_o>rdio5Sk*9>Al*m8zt%8d)V{oV6}G_JAageent`Jmj=cDs&SZD)*udAR`$%C>%~$f}&%EwfAS*&=m;U;_22 z3Mi=)6oWTQD#Hh;=zAz;gkGGz-`fq56#esvfXfFoqbCXf=_!F;LMAl_dLW-^?=_gL zWqp{tsqv!G)~%)%b@m@CI)7*q;)+GwY@(4-`GYZXjsacXS# zMxHqoCLHolMrS%9?!T!dPHMn_#dpot(7 ztZ7N`3bF2qS>Q_^2&SM5h4HOlfZJ{W9OlX;PEx>`rx*!Z&z(O%3>F&S^*S=mr;9`# zNtMS(e}b1F(#2ag17(rjqeEFm%>aSJWcu?Z0f9kZpfk7wztLJ z*g&1wFX_P&*PD6>F^`Z?Vz@}P_(8EbkZ9fuO5k>$`(OZ`i11F#B{YRC5;AJGFiH8D zz?wd8%{$Es+ex5f>~DS}}kZ+=Jfv ztQx#`XtZ=>NnkC>tG7o>qu$HVM^EAd;iwLyh<1;jfaMsXp_P9Ol(}TDWL=4wnfy+DMQp|<(qbVVIOAYhmUc_mCwKH!3 zL<64n)t2A*o9U}yhKD4Ih#RNcPSLAxNy>RG%zpslANL+z{2%$@x03E&O$BxgJZOTL zRVvQHDif8IXT%Sc3w$lPKagZ;m~AU=XP;)V)i{AWo8IIg7OC4keSKHcFp&~>8H?kP zWRVObm?U(IvfjP|(769f|^wP4o3Wu)^;Ohsy=U@i4)I!-#Xi5-+cyhZTH?r$nP`gEL?JJRT}xiktT5PErOnbCMG-F8sI7&Xoldvy%#Gy zEF_)zCN3-h7<8m5H}Z8p!3aS7A$wvlVu^s^$xexf#~Hw45f|C146=8jq0fz)RW?wC z;lRZrHyTK6?3ea9fKkDmm!$ag1ZUJ~1VjQ>)?F8OgNTenD_T9k?LXU)ERDz5)B{Z0 zEO_V6of|ST1cH`M1Nu2{F* z`SLZ{w+`b5VyXTMc3{@I;lmhKI`lkRr00;l+!)C9Pa9DM^78hpA3f1u!3Q2xwVi!X zL~ek4%--x!d|0y-4rq!2t~eWuNx@Ttj^L2J`vXq{spXz$qKB4im}$bvSEGhZu1rj1 zk%QK2qWeO@l1+N~mCa*E)zwFF5i6Vr3cGjK^Mo&P%6AJsNV(>xSNpT zGZhXV>1@G5HQC>n;y*xtUXq2a$??$HFMt?Rn={)b6wm*5&m`a(pM8wbK_X%cAPYOF z$+g0;XS&s8-I+5fB4TdEJf=@YGLPb0sPjN)85rmLwnnEXJwkerHVv}7HD{m5CYX@& zt;N)~!?>q6bJ??cC4Cg9-2`xxuIScWAJ_-x3l@eKaO58}jUg`%KT~~?yYr$<=PNVh zGlQghK)l#ypAvEMq-%T5wvh?ot@Ia<&g_z2OaH*2)tHwL{zj0!|A8PEeU-yD8y61y zQfcGyf7O!`tcFkfT^|frVP$2-jX5sZWRw9)5kiK*c0EC5X^Q+{FvRTRJsl3H7$`T( zDJVqj8Ul+rN-Y3`9=d=#K^lJl4cYAJF}?UC*6FE>p37+@Ppfo=9$s$CT=Ri?M=L6t z43*ima4%!1!U)cE1{;WhWjH9SZ`x!R#5mMQSBn41YYuR~GfAr((*1XnPhIymBAH4B zwCe*$LRNQ@Jiu?}7?)r$lH5KUTVlKYV2PNO;mQ?#naX4FqR)OTsGKk}8~U7#7S$>P zCSys39GVR?`@~OS&9148kEUgknoXn*0d0-6;GhYm3emlmf-TUc0DIJid`UD!oDf!7 z#AGDqUPG#QdpddIhoX3OWes@P-Hy!SFs$sWv<7_)7i^91CJbTlEi#@eExS{}AtC&x z)Tvit5>jB?C4SW%?=ItQnR)SJktI`BD?927++m1&bJ|E)Ij!Q84_~5^4PG`)wYt#1CJPFqj!UsLOkZeyt+T?Hv~C&|#*no) z+iRo2E9Ku}xgFg7Rr2m*aTws@7ayqDscA~u14E{q9ca2+3amj-ItH8AXpNc1lm&q1 zI=nCR!OFSTP1Q)bL3c`?cOl^4aOIAe{}xy7P>)$P3;XU+H$zK8tY*+6PW}tam!P0f z^Xu8^BNpbx5sJ7WxTvU%q^)e~EGB`{h?zjh>it4}+nZLgS@DGLW}3g5oUt5Vk`KT_Q<1 z<=0;w#h3OzxmsF;`LAxcF~bity}o6BFHH^;KV=^E`Hv$mGDmTDYqj?G=qXojBdPXo z_y+OMgze2-$?u1s6bmvVV~;u9Y+pOz&@xj3r_rnwR!n^d`PBNmSlyd*v3osv-JE=R zN89DI8UJ`?`h?c`KOG>~y&o^D%+N3pJ<`f~jiWoeUnvOqIQ1$j;QAJl%Bz6bYlF`E zjs{iYCY?jdagx`IDSaVwusML8f41CN(?Eutm7x_7Md$_wA9Or8zcoz?-h`4R;xKsq z-PTj+4VyCdtFzCBy4B=(P|1BE3SaK=q;7(*5NYV)@re+PfD;oSeLHO~>g?QUp$AV{ ziZ%1V|FCz-&!7F2^4^K_iEEGDRsAEzgBprFwr%9pcCH@o7QQv6w09gb9%ci?C~`$> zKIW-n4C#27<4X10?tk*jYUA0R=-O<<+a!tN7#--F;(PR(;xYR&EJq-GJ{pjWO(^6{+JiQ1UHs zXm83DL#fe7$#BhXfv5~B``Kv?uw@1sS`Jr4s-_;yX$zPF+yy}|%u&GO(8vxZ%4#?E zIjKeug9nHVK)l@O=`$ zshle-<5mV!qu&}hEJd4RQl-nmR6SD5C)+THLQ)!;QbNVN4z1zfI?9IFUQ)Wr_OWFg za?4z!*E4mkn9_zmCk#cV9~S+GVN%N3RDDY588K7teCqQ_JWDgTb*t=jHCloUF%I1> zKv1EOM-7it%i&gp-S7JPd+QlT3%&dF+49f`Maia9KF=EUaTIl&ih+VBgC;g6vy%{X$|>DorT z(BPZ-$D(nKO`2ITn^J}n4@~Y~;^uCE$PO@TAAK7Q(w|9b_5S4)p_9t=!V44x zq>NcHuM5jq()++7bz!e+*K^#hy~U)O&4UwC2tN`*xEl}`Wt-Bhq9GJZipuUh%EE`G zw>l%8$JKd6Js-;@CDm#)My|wSE;=DA&F;E3l*e36l1&ZaciM{bcsVrr++Ij2)|5`in{Wv?uKtslzWvrx7X@wcs?j!^g-?E1rNp6oX* z|AOa}FpD zV;8p^I?f1$DY^ZKpqG@JxK}WvaBq85lt(_kGr=eF8$-UWYa&F@rL?2@$l(`ZS*fJ9d9Uc&6TZvU;pl`AwX z`bTNVDa!}Wl~6RJr5t$yn!boY)9>pN7XyBubVHzNI^Uot+rQp*hyyh3n^ereia^t@ zP8BkaLH?oNCsK?Fc+jt-jO<$O1a_jDr$ECs-6$Dzrf@x%Wgddc5fDUB%JAs)x{vhdiTSD^{!-Bq)5_iB+n&nV-1QvGs4)Q ztwHF1E!Z>e)ovPakdJ;Utl7sZS1mAQfMfe%u3%31i^ENZ%T!*b`sLUyzXY>Koo+Zp zE|r4Q6UsffYD*`7CE5=O{i4;ipS`;CEZe%zevDCXVt5$}yiXq*n0#Zd-Nr%9{t%dm zqM`8ID|gJGpd7f}oicg%b&bPda5gbPW3fA|Mbb9bT;m)?ZC-8sJp$`@%r2mr?)eLzQ`mSsZ9;f!}{XCZ$SY=+-z&(xAx-pbd zQIWvQ>o;`K1j zOPxdhNk6K3BRIZ!3tlnOxP;Y?kT;fgfbRr_76(I)W|FBQJp;Gx*9sC}6x_ESFrWC8o2~Qhhb35(!|+`0@P^PremVr$6;#G5RFHeo$#Ocx z8@CK{udQ~f=uBGUNjK?!&zbI~(tV`O$R-!b+^pFAP=dSANEs`QnKlU)zf=OhR!_m0 zz|JqKV4Asj|68Z0Xw@`fFOlh+3D#pdUhLdP;}BA0G{)VYG=XEdyD~9#DUlBQ`McPm zOQoM*d#~n=Nlf~KLU%x*v3DxXr@2QY1Vdv8%B63F3RoGgCtOddB;!859&e?5MgDHj z^n%Q_T`~$3>FYa8@1HFbSMX;FwG9!W5Cl4w^Ym|nVC%JYMVA_PM)fq8py?oL!Wf>B z5R0Ylf{w|$g4Fj?d)R%lt)OyFwdyJyB0MJwrD?l|TYxKl8&;91!f)3!_;8I~8f<^N zw&ZhKb*zwyJr*h!pa_fLIUgFe?NUl^75iM3+G`8=SPy zOdM&yZOBs0oS*5g=$5Mu`5K2^i{$giWm-1BS z+o%!jTkKZz#%z354fp)r&?5x+F8xjp@r0XCoJ#^F9sU5Oi5AHy_jd-uT!#}jS}XHSv7 zL?~obj;u0OW?&kPwpwI57t2xM>`O}TYyl@u?27sP0fp*x{_CwNP+c~52SBGeK6#GF z2d+dmblDy;K|{zzz%`{`BjdfY*KcZCSY)pL1<10PXAh0SOaA>De}9Ae?>$+cf~6bs zsr~yGX6~ORr3hSg@P%dg2PgXXD=U?E3^#>ws9=0Kt=8uTsQHXvp(DX7(QmPFO5cG( zpq7J}uk+B~SH7#gJ%Otr>p|*0tF@9`@HDOp%#GyPK6 z(8xX{rQu(dEOyztm9(z^^&@kYo^ zbNKMTKZt{G%pL!Eqx}8qv;Qq~Pvj zx=o;})vi&Cy30veVpEq`&}9F4FQt)Q)!0X&8&4`|E&J4B6TQW(OTTUB??>@lM)pyC zS7P{2C^_C=XidJT8Qu(ed(4A-JF^ctjkCo9AVk*)q_qi!jC}&5T>jOK?9c&if5DS( zDI)5;(*&sZ#e+jniXRq%QEu0oXa)6ZXkqK>{;g>TvDk(wl-90?MVa;%8(3w}g_e^Y zd#vO?*-yRpHr%qdD)m7~*qKbk5LWmf_x*Q=W~Is6k5sSe2s}nD(@j^8tcF7zJ3HU@ z$Z2(AH*bFOAxYJk#uS?r=J@foQkrueQdXO^GizHslfEOi54Ye_>A{bW9AsTkooF2n za~-Mwq7vfg-$N7(dynMsxz z!-+Im*nevhER)tV#@b>xa~C#q2y8Q^3CU^wSEq>&uwz4#YQCAO&ww4*FIty<4NL6(aZi7hF+Bw*Un~kh< znbs#5Yqejfl+2=5U^95daFWo)GSs>(>BkFR6$ZxAq!{bX)z7o5NjG1RaY4XHf z)vxWZQWcNF)i5O8mUEKn=HV>q4o+m9;4zYNbU5w%y({-qpM>}e_ha90-7P+X183^G zOo{my2XXkD=~WzNIPq`4zZce5e40~@+e(M37mM>7YcO-dczBb||9WZwxy18ab8}4R zb=_APpr&mG}h@$b)<* z+?YE=QXYR%ts(w7eq+94)t!z28CwPg&8~1Z|Q7}<|xeMmjLuKWuK?TlQY;U*4iMqTRJy*UEI)@T8&7Z&H*c(dPc${YXiv zu1*iFz#U(5{qK=@o7nBGyI`6CU-k@-U3S@@be=W1PUQe_Y_%ucB9ecIV7K2V2adsv z;i*fh^6%-WY zmDy6BAUa@ny?p}>X^79j7&BmY8LzP)FuPjlr_#`fqgU9w&|^@I=`@=vnoQeTx(jpf zaS6uyECnxX?+BAIh@NY>#>dC!P#u(-lET8lK|FtY_HA>&b;+d7tTL=tq%hFid)Mgt z!06WpZ$KBH?HeLE>g5Xe!qT_)`d}vR=E7cRsU4w!KC=&C3qmxru4s1AxW!4T_#IXz zLucm~k5>B-F8K}-QBkGs)I$SXi;rL?gs|;?CWgPmHLT*{@VQth%k+iLW{)C2zoJT; zgOrqXVS88DagKg(G1%j|TbzUkqkA+BpZ`d>Wp@_C4QobiI>HeKYK0RnYs%-5XPsx`= z`>_)(<*9^KR}(nk5ST=Kt#5BpWW_(|b5GyMLd1+0wGcnqh+qArH})pQsv5tzQrCsE zT*vqGKhUFABZk+u@(rKhhs#%-P6jK@eLl0&%G5nT0C@R`Oe)*~)8^=&cW}zL zGk@IIk>{P8mqQ}Xnzb?WTr{9)5V67u2+B-R+&xPHPBNj&po+-C$w z_w(~(X!f1;_1OkUD{X%NOzr7W-8}cgzdc^eV%&j=naYfWx zWal+{AyG3xIicTaO{F~hR8P{KVz961__yGf7JiF^J95Wm2R-c`nifNyh`u`ezzo|amo9A;|s}gCdrs14eTy8 zu!$zUx0?!2@A#TdgL{1KH=#40fX3%(rr1t~7$sxR3&$0v*L-VmLQPX)cU7&Jrn26Dsi-?uaaU@fMEwj&j_j1c83L=sH6zK{2z`&K3F{U2 zSpn5@xpJMPt=a^J&Nh4khg;pQYX`Q#KLhHSqlb6Pr@~_>cI7K`UQBzK)0yY;$%`>{ z2w0_d5$olAH-5E+p01Gi{iO5$wmCYb%}nAZ%KeJ)d)scEFl+=ykg}Wc`x)c0%w4bs zw3s%xzijToH`SfUC{F=#RIB`@98>I>Bi5iaaTv270p)(b-dOJ6$llUd465{IypiOZrKR?SgrGmdtdsogpz1sc(x8HiC zt@V|9+b#c^f}$e+vKHgQvpi>yTxf3M*Es67wbHq(!vVYW*yP=8_3EmG+atpP$BuWxCPHzmclXJB-Ll0tFLHJ1 zki-C)OXu6?g0-EJ6T@k|KKY?if0TD!#T{81MTRgdUYvff;tX-ag{Jw}@OM~pk5rIZ z@mXaTBKfedAKx6Y?>kb{uFZp!+v(#n_zab;`W;fg@UD;;g9MkteV?N!83$ zaD`J}{pMO9*=q{sP|0c3T>v3&vBym%m;$GsH0a%YNrTMrr+HTms=D=#d57*@H_`E8 zRgm(OG#mx4=ijwYP1ybj#|0nkle(Imo?Wwzc{`Tlxn?RsHmYz%2c0eGKt!RYJ`HB3 zr$}h8Q4^B6e#|lNhMN99gUk9H>795vDabEYf@!2qMPbV8SyprMm-b7@sJ+i7x%;zj zKmA>d3`)%Yt7l)1R^dsR$|jkyH*f1*fgksy;Nh#g!rJy$pI9JhhHakX4x_16t8AMgd9qHIKb zf%UW{%UYU?(_UEj_1J%}hurTdo$TWL2!X3ALGJk$$Y2ahKD?_HY9&8CU_hXQP{5q?TAz=(Kgon z6rC3$VL5?>4@%$DJ;Ej2cW|R9wFf46NbRow+!)&GlgQ^&^vGutux0sCzz`;WtzxT` zYs9yBHfyds&FVNy;|U)4EVZgHI(C0(d6cR#PK5U*VA3flGOq8&C&rRFr$J3&oS3!v zFTUu^hF@fOD6{Q%Y2~I3x2C5L&*XOI&2b_=?W|Ja8MeEf3@m&^h&%AppASfmTM!DZ zyH0(HAtr2Wqw!ik?sbvti~Aki30eJ;m^W9?pHDoZndGiNMqgkj#yi#A%r^LvhC2-Z z5ZNsxa%Awb10G+^01o;2GeO+;9WiWm(t1CL8yw;@vFml~zJO3u;Z@;A^W~8R?&cO( zNp>k|nqZz>?cb!HDpXV}lc7`Ec2+MS<&*hh0Ah4Xw=}z(18hmZDd>Dba!9n@SDW!* zljqtVxZ1fSrrh^ME^S%erLxnQiMRROsT}UWy^C9Koi8i5-BqebDQaj05(^0Y?nvdH zgTx@#>JqGU^hH;3CZK2*eDc?EOk0Zm$QWpSzVm~7erB_E%B~PU4F;2t57z&hY3YEz zr<2id5Zx~6_l7z^v)$I(bZQ?P^yNU)faE7f@5W-b*SKDCW`yMQf0WM}f1j`S;zZ4; zHB(7XWo2he!*OQ3EvE0I+P6BN<#%lIZ$Ej$;Wd)q?4;cjmBuY=uKsgL&JbA7g(_C+_R_v^>UXZ(!tv4m)j$ zt@Ba_*v2`#C?I$Hre$yR%j*?RzqjjF+xsT(ANa#60unb^drLNgi*B8<7yA^-rbqd+ zehG{u^FE75z};ltj_OBsL$5xV`eahsh-T-=blW)m7|1QJUaAG*89w33sgywu3Z)L; z>fa; zebHtor#qK!DzUEAcAm#lU6F-iLZA8!?tzAMb5L^e!09H9DU?M$`e^v z$LlJw#|`Oi2~+eLcowD#uxJ9!G>bPKg;mOSXIKfIcH*z^PBoP1o91Tvc#{S8p45Fq zb3Lw@$V)c}!hQ5Lqqu`yEzX*@0yfD+og4hf$r`p|+qm^ho&1ZItBaXW65d>&XH-P{~i#Z$Gwr9JfxmN++94-aNQ*qx*G;{|bG9GZG5a z%<>`1-djUxUU6cMZi-b}l0Y>BsUZ!)MP;pLQ;xn+y&a-bE~xakNEXd=hjNMabu4>e zq;lzA>e>)QcF;h>dmW!EP8g)MefICPC~8W}1!JiQFN;aG-fpy%koL6x(IFHZY`Rf_ zSOq;rkHV)s2CEgyh2-g3D`T+N8paEVp5d5C-m2{X0R>sGZV7?Z#Md`wY(@j5WS{zo zI{q{m!Pd=5E{&&YMj2+=yF^RID4fun@qPTWJhkI|CHk_hI)LV?VG&eH#v);D6Sb5I z2SD8+!z+Z_o3~;QjPj%+^k7)i4}gJ+Zp80fS<6_jaD8 zNLoTUAOX^--2LU-4yRF)5nNg~+}yhRhi`aGhjEeW%@v$tp?^_GJqaPC%#F#U=A6sva zKz28uVN~wey9aQlPCJ&<_fyy(gN8!|1`S9tG1bmVC=`Y2Y;MQ>0mML_dsNa(wnj*Ki*XU#>Viqqds6NjK1at*j8uM5jlQkvmf4ApNKZl18S0-vL z)!&Kx(FsF!J`rAE<~b|r_^y=S<#u~(X|b4{ox5-4m;D#RG&Jzu`DS$KbroxzVbY2k zsREl8`IorK9ZBvs09V;)#GR`_b!x*nSt~_8=H<*xvRzEw^XCb4KWyEe`(tyF$dNd{ zJr!?ayY!CyiXp}cCR4$enk$R=N%Lns-{aa@1@DmgE6{vrINxCYncy4|0{W8(;~;sP zi0Uky#GaS3%P~*{^Qy$r*PKy%UFZ3%)Qc(eFk0YU|I6$*FqGY(e<_K#)Bw_zsM&iY z*a@mKl2kt*NwFYd{s)Z#X7(u1YcQm$VD`&xH(9_;ZKT-Fn{hXuG0rFD+(}@M4p`lg zP=*`{DTLK!0allC;26Z1uQN2M{SJ|W1?7jVt}~apS!(m~FPDjL)q8T4Dt3Ef(SH8Z zS1UYJqMkLepO7_L5i$2|COP?1I9{qIOZl}i_D%@JgUsSRUgh~Tvg3KEJF^#*znv{~ zPdlB#9bCq#Ot9&DskzCa4os!Gbc$NG-fKmTb3RlvJ5x{@Nt)#tFqhV>n#yoa=w!~m zB;WNM?O@c6_rYhyiTQ?ezGo=9iNS5^rjXjiEFwUc5)y7s#i!h6A+Y_X>5dNBBfrk& z``eYSoKR;YZ8~uJ9iSd}kuGNer(baDg_Vpz72=JgIFxL1?MALhIsNf3srFOZH$d>a z+^X#@G`M3RWe~4^z{L;Ag7CzJ)7pqEBOtl;w%1BJA91n?2%P4yQy~BpH`06s(W^=} z_TNOTS8!#<5xvJ{ZXh*jal%uJ8X~9ld6=!E=u(r}$ zR*M`*dDS?vparwyL#*C_0M#lqba}rT3z;omTffDtv`6`Lo80$@Hc8Yekk zY%A^ZgcqUv^U=`I1f%wknfRWFlJRWWtg!crew}}UeE}$6a`8>7prgU+c+r`ubH(*2 zb0~8BfI66A<&DlSvrlm$6dZW}28*rT1~vtp{<}qhsYnK z<`asudSQ?*{rVDI0@lCSJs#H$Tava$B6VYa-|VobG~w@a$`|8BtwfQeZfquW6`K^zHK7Hp~0)3v1C(oz2xh`BCs)uA<9`|Sq z2-Gzd-gY9sv5_*}$9Xz)*3PHAstA#OdzOXmP5KN7UK{-nxCuF>Wk_Xxx!Kt#V@{d5 zePJH`7AxsAZL=?hzFnMg>v=PYzVUX$1oByy#1V;l8&CauW84WRI;j?ucw6M{V=!h+O>gf!95ynKabC;%-}0d-L|9kAKx26Y(SR!8_+I z>YEbHW3@DTG3{xY{WcKiRx9&EIYQCr|k>T@fqi|L2&((zD(MZfH^!<-iNt^N}RZ@kQi5>6(n8@fOs8RHf8_7&*q|t zg~$~w97ghQ{>m$>^Wpl=aMKtcbz_GVD5AdUhCnZ~LdcCO_C9qwgcLxs3*|Q6y9Mxn zG8j}+M+I3K3EJ;{C&S70ui zpcb^G2J}KvQMpoa8gG>vL)Qa`ct3@BL&JVwNIcLn7f@L#CqFrw3s#5gC%63t+jgwB zK}f;NRgsYPRwttv5YE~I!M1hz3%CNW+0vp{Z`D_H+I(0pVcDiQuz*sRDJv(-S*G$S z=rm0Jq7V7dfh%x}gfWe6oo;RFX>t1WG-(L%b_)|7*Z;Tz!x=VKiJ&#x`0kY-eT)N% zpPsGtq$QY*wY1QHEpV))CtJCsFccpkF~*mFMtu(|wzvEPkDIrp5DBbi^)3dw8?P{O z78cZYR*P&~-SHy|iJGlhq!lr}C?0I*7&rWk;$rt^y{9}B9&(#o48t8pU^Rk(e48v* zFu7{2hkfU~3-fr8{FOsvVA(@s;55V-nA~G)TEf1=>Mzpv^Qz?8{#EveU<|z4bXm>V zP2I?zfv23H_C^=ca#H>27 zniqGcm@r^7`u%ERT%4#l)?{~U<;vVZvFV+)U*UN#B-ZtA-FY><`{>-O zspW;K5$bG_!JR}ty8*zKKxwdP-_3}EC%U^%R5!M?BY4$HNSF6ggu=Z~vtm|gxu3F^ zT*Iro1K5kkwZy9Q;1@njed)L>aGQ?F~%C7if z<7EF0qrGEcM@(9*@}0)q$U%4s-=676;?sUMFYZZL!x$T#peZYw z&TP|?TC)HzU>62$aLO3u_h;q268GyZ*aIUxZIQ~W9EIlyPaC&ikm41rjFKu>70JyeI^3C}-MCB6 zY3LGULy7KP2Mi#+2dNMP)J^c9*B>l_t`50TJxG=Bu2gAJO_Uc^($stfy_CGQv5;8p zSM8x)gMk-<${{*RL28Z9LFVJ3?(zwWLH5lkMyH>$aMb!7&Y63}Yj;;gJdNMg-{wEeVC=ch5Zu9Bt#-8l|Tw(;2f8PrDDt*I#5RH zddY5St94(#=+$^0p{Uk32%7)!$jr-f5X)?wFK3u^M(PT>F}4gUAv?CJB?&FXzjpPn zqUiCC*1qDsz*@Jbw@?L3Z%|G2)?i@TK2>wk>UU$NM}ND2Cd~pblUq>@Lhyfsq!xr6 zAgOcMJ$zeI_+>}ObKVF!vfS;4(=kR~QswTHPJgL$p>wI>ZwbA2viJ6SycRPmyWJZ{Xk6%5YOeArKpJ6jZ*gaKiVf8P!SOD zQxMSPQ10{fzm>OSKtLf7x17XsN_^W!^^MMR5PUN-59%*BYPTJwgL~LtX}CW;F!9}C zp#o0yJ1MnbEky)ez0 z@&r?C@Nu%*JtfVbd8EgfoTmT+z-ik4D0X-NsRa9GD!L6jy0Q{+cD!FuI+l|bN-KK?A zWXTND8X3DEFGlxq$++DX%gyGUZdR6d*4E~Tii%PVDZl?s@O%o>X|*nTGD5WdY{p%F z#3PmvQ7j*rkB{eE*Bdt0`WzBh{THbj@Z6gzm7?aeD_6d zmW#4bKsZh;WH8;8O?}Ojd5${#HJB&ruFZ&C_gAYWAg5(d-ND0AaX?v1m>Z)Mt(Y(C zgap<-$3r+%A3{P^m20#w&?>YYQ=@q`hiiJDcPi^T?=5gQ) z1c%-xTu%^pnny|vRGk}V+?3VKm{>C5;GHV7P9i1Medh%fN;H+IiVtSWw?y(x>EEp* zefyMb6ZFcKcp)l)HM<7v{l~B|1gRaz8dBqbU69zl=<0Q<3QNa<$1?gQLfA9G3ToPa z^n(IT2Q|c7H|0CXIBQu^)cj6)6(Uze&!FzfG$h!G#;KP6j8NVEJWmoIN~972p{bSMT^=phFF3riJ`qd}?Aw z#+`d3y*~u0tZ(e^?UH(oSl@-FFJ9ic`&5)l9C<_Zz7UfdNn&JZ>H_@LZ^pFI%UTih z#UQMo#+ggtG)jYjdWl^wcTgx)m@^9eaEm{J0OSs(uZ8CAlSa0ZpBROpKqa{sJ1BX? z6~Rc5FZ)M;3O3kk{>}F#5(UT+BH3-!32JKD!v{%WivP*FB*08oa!|x;tp{e zmr=@V$iBL#q#)vhos3b=YY0-aP)ID^D?n!qz($FvE6}SpbqS{iwgfmdB)CHFMP>{R z!PqGnxZxTP=|W4?{-y4rCvB=7qRfiHvB|xjlD#tXkDB8}mUV`gwPtOmwm$g~z!bov zS~Q^k($vnAl;_$OSw-^f+yjJkU<;mtcBAf;hDjf*J$P1S!&3}7awsNKonKFsd^tKy z>5^tKZFjU3>^WoYy3Yb1#S=$Ys|~tb&$|7kf*<;w@&UgI8h#!S&<7#!W#spoA`qN* z%No=L-uy(pEu_ABjtqp40Xw)vMmeI_Y-NQ8mZp87C=0%ly47WirTU_db#STkUF}|? zFNU05i&}V@7^KPWs-|P1U!Y{c;anAbo)3l*^9L1V}&2Xc`l0MSI;}j*5w8)R*awg9yIHB z>@^3pG}BoP-G^gXjLgu3K1}qkk3SKC!tZpVi#v~Pa?7I^z~W#Y3ES=* zg;F~qek&A(fH(PY*Zu-@{by#f!{jN_ob2jX$Vbs)6{KbaMR_DUF9;~n|7Kcl-IrC= zlVCI(wsB8OSX{~Y=Mm3%_uO(4mXBRy|COGk9?E!HmS-$qMe>k$WYNhMG+q!B@&8D! zNHH9GQjX&MOPck(uB#4+!I{gN=bBXy+gEG>o-LEJ6{i3F1I6JCtWHd;UjyTIa?U+S z#brAqbP_8n=&!I385bf|yT`xV&(b7B0Mkpnau;YTW#u!29N6;_Wdqh7HIf`~+(jHu zpq+lPeapUlT}*{sXHGsTw5$3dJYotWaW?tefHuyq1{k7k2$q z&L~%umXt>I-lyJ#^~_!kjpYw~iEBBngbk?f>wHO=^4Uew z?*1d#KPz(|eP)xGsSZwXOQ`kL2uv$-i`=UHExQk=WrXKm3e*Jfh*JiV+bqv;x--9RSIdzylj4$^GDn=hV4;C<* zy!6cX{|!N8{vQxTuVmW>GM^*o3wNc|i$xogi?vF3{mkiL8OIRo*C?Kd2Yy3?@6pF% z1+x+=H@TU%-~B(j%mC6CzT{0v-MRO%OYFxMi*40&b6Lq)m0y~ISc(6Sx$}U>y5Ijl zStTwk zTkmHVKJVBjd}XvFZQ;0|B|KX8`i5E9j@w0(GNWu7wtHT#MsvSvc>pIuwt{c8O6R-^LC%lgjq{WCY-wr750V zi64Mg1YPPA{6LJypbnORN;)(q#vhutJ1#%YK{4HF-c_U}bf-*%)AX)_!UXju;pq!3zJ}XW*CzVRJqNR%O@S5Gts|hcPQOw9d}X2~M~aq0@cA z%+zIeY;~qf1+buSF0lxPPs732dV2w!2*?H5m0=wUZc6rDGxg=X*X>kPRHGZ))(b;d zcE)MH^%!QvSBcz+Y^IKn5+2 znTJS#!m6}-Z#d4$Iw4DhmBe7}n7$9#8`-ntH36vlqo4`ae!7k?QETI?0vrpd>>FcQWB z+wg>w-P`j2QG0kq@1JWADfDeXzJo;%ywEb=3%E?k_$mw=+Xq^^W4P<>O;Ak~?XAns z;dN`x-N4WF%{PNOhA>+&i@Lk3@MX^~Re|(bPi;MmfS$Ej8wZ*u4ZBhU`tM>=4W_ko zLu7EbwQE@U_5uBK{ysB25CJj=x>V`GII&^zs}gEjf2|rX%=R*f^}e&(<>?;1fG7`n z)sA=!?1`zss)t^}-W>1ZI;(z!!eDSh=2k~Ib+Ek9I~#&SV5k9! zWnExolgAP20vF+J)hCC*P!IPdP@ywBk00;HslCq&2BXq8rFrMC+aH=9^Bx&NAE9YK z2}_lx*~(3~i%@tKtl`^KejP}7l|A<9o!stGvNnD(v^6drC9KxU+A1$XrLZ@R> zY=XQ*^j=)go{nuR7s^z^Mf_;rdF3Z%=f#}jbZX~z@|TAlS-N|BzluuZgPJe^{6f^6 zls;`!*I}UL%D#RYEvUa2tbBTC&n4mnUF=kAy76@BJ!7c2l_5X|Sr?*l^}rnW4A2JJ z%N#6KWky_gZ3h8CM#sp=cyUvPsK2+?n(k@O+^9PS%((brl19-%aqh?>A8u9`Hg0ck zFN^|kR}M&_w>$_rc-f6R&r%ALL461MqceOCUKxuZbIJ|+z;Q|OB&+F*ri_-KqQh(U z=0w_xLXsvil98-qy1U{#ZHzds+xs-Q+iK3siW(V}6ub{!fRwdpBmZMsZJkRy2nubY zx0!^Hix>2oAaNydyO-X~8v|lPsC!UNC#%h#^PsOhkQn5!FnVEe6^&wmNrF7}6-WGW zjVZRoAx#{kJ;S`^m*&VC9c~=43ya;145iJx#g)tB$TD}u95#}UbAm1sJ)q*7*q(nU z?+9!BUaX}wN|lBovH-ZsOlGsNFWUPpkggJmbcC*m%wN&fR+-!5-dsFF@2}C7Mb-Tk zti_=(D@Z~A#ZanK_65JKvFfD*!3`J@v22~if)Pk}r|cH7yuQLBRRD~&oAyWewU2rS zZk-998%!8H$gZLC+U^iiKnxVGzU@!C_&q*bhH=r-I*U1iTE$MfJ^72y?DGi6rIRwH8rym4{qsrXiuuEq$8(gO2;3L z23tH%eg$*nomJ~jcG~aeAWfvQqUdS6dR7GijgavCLGvf8eo04D{35j6Q>$_A8`H=FJw~2YZk(>pyO+3OAk2%O=t?a|kcgZE8{ z@mAg?4L5wgP0CNE=k9aZ-+Yn9LR+>7J}1)vFb$-RT)yOT7gnaQo=>{k=9+xcCx# z>@*i~raQ5BPcFm|p#&LDpne#yl`W|OJ0&$EL(F0U7ib8*=f>qQihdIimR5jOMWfK5 z+4QpG=wriliP+DGuPt3hhy)EB2#q0d0u)E=%mOrE zWjF6wQeGN-|G5D%4IyhP)2T@&n|EMDn^^Kw&4mlx7a1(3t5iPj&zmy3ZJx3H`qp!+ zjnq)+k+s`BS0Mkc8p@Yk&CD=HUt`-EgP=TxZ$M&L{wyST2Nx|097hfImFQqODxR+N zZQIov&#&tf->=Jw9!HB05m0lG{mgcT3M7@0&H0MSWfiU}~QFy%hd z*M*oEFr?|VWp@ceY8f3~zVKEmH!Qz%-ZQFB@P7FnvQ?UkMvI;;MqC-JUu@MhgR(|Y zubrdncEf2w@YLd%CZ)o+CUS({r1ZN=0X~xZcCo?KCePI6(H*QE+=M?`Z>8YkrDh z!}+GIkv^@4(JI9wlCK<3!M#u1Kpbn~G*4$|7v*ts7Q{?eX!cNA^PHca!XRQE9qu}2 z@=~ngkzm|{V@oGhdR&Tp*%Q=#)L!fQbus<3&!C_<_{id6656^U%EETOl*Fl4;-mXE z+?KVq9zls2vV-q6~6(E<#6J6f+Xt@2dcJss+W}W%EMX)$>Qb0F}-QtIQ7qhFH zL|l?`adn$q?T@oZ3=3?yyDs<#MybJG{GHPcJGsZ1N+!tJ8@+ZtQ_kff?A%L7ne%cp zG;RcDRU7V#H)kyNhfDD$H05%}XVQG`Q}AqTDdti1GRc0Ymhg$AI)gU4!1JUsDjEAU z#XHdJu=QgYJbkgA$9oXtocf;3U-j?;oN@6cUfUtfc*J*45=?uZxuNDTBH$C;xYv>8 zOWPD25^@7pQJ@|TuT)}S=ZfH!j5_*3A;sttsB3O$lpcMXXL9Ddsr|?0ROQ{Vj=M63G*8cXL(hUJAHR$g z(Z*rDIs&pY508pVOqafYyx@b#fRShP?vJ6ByU#1hJ~A>ox{bIFci|a=B`Y^CvJjC4 z@>f(^3cOX6Md4@Ede{bm2eRpOl^t=)AX z!8ZERb5klVt<|je#6Z&((gl89TYL-Y1nm4_&;m0<#_KUX+Pk(ns+p@F!7D&N`C*6DDlP{@L74c z*k_&?VJcBnpx+wo1n>#i=!+UR0JfaxDp7a_F>}w@)JYG+!Y<2#>(OPv_XJ|#2tI4h zM?|X6`lrDBbZfMZr0z(|yS%8F1$Xw93M zi;D!trr#-BX7`Zq;862$rIk-_4Mjd-{U$m2E8=T@_Uy#wBSDxopW?T@Srl}rflWd+ zvq3;)788>O|2?MK)_amt*)cDk(QkV=iq;!NU%pp;yX@}FeU=^sN1J=_mY3b_D?rF! zOY=`iSE;uI4)st49?)_@<&14$*aUSEbldv&j0}dV7%jO1el6GIlsBzjCz4TOltO(g zi-FFMa_%-}F`cEdlAt7g$4{sKx=5f@+;e5_oqR+}zzc92!aEnO6;0+h31INiYx0A6 zjH1#4ruI9Dag-G|nlt9C)+|4{#v-A{c{G>rd4h-&gbx!_@(Wp9*VyPM`9~;n(k9op z5ZER*86mh{SUX-4ff(IL*Ja*4LkZse6bm(%^7y@z4D(59?JnGDkA-Eg(C!*-X&Oy| zm_4tExeCMBRy@&y6Y1L*&{P{paO4SQa+V?-Kph?Jp}9vyeWy9*)56<&%!CJ-iIAh` z;uU3*d`p%NHqaLuDM$!c-xkWXAuuVpGaQ&&?P<7s-MRI6Pha3&M7de1n5tHG}_1SGQO76*wo7hEiymBxA9oqt)0K!_jF zCjr3z;K3AMD$`4EiPd7<2KH=) zYx$-O57A}sKB3}LRs~p105J<|Av?=ZL$e_1-JINV%}oRz3ceRB_nHrNe+R0L(>y1_Pi}=py?gg=S#tPhF?FpKf)<=* zdga*uY3%e{R~R-ofN9P%c`g6YTc6R?%q9Jhnwp&4R%0NA9;6%3EK1H@Y_$M~f2eIU zOKI%&q}&*j>JQ($(s{$fV-=J1BLrS}TL?Vkuv}B0 z-pOp=IErkV^;>@OH$i{2&QFEYWQx&6V3K0!yhO7r{8;%@1TL~SD{yDr?`{$DkT1NT z18<|hs~Wsx#^G*^;qaSkP&x)0G%j5s5XgP7`(hb|#ddL|tF6EoSu9{~9 z1rHdUB`mzD0tFbd!NR?C0O5Q<9=fXrZ8x~f0rxJ z@l_yZPR}aPP*Op`I57p$3}Pe4c;YpG$p%xNf?$g>=_|+ho7{N8!oD$aU}4BTrN9fW z_P5$?L|sYkQLs~NBg90h*vy&aq{{EJLvZ*SPagW7m3gOv=oh4tkPAdL9GO z(EwMtcdv*5b_hpeTd@y;A=F{rBGzHBS-vh5Jep`gCj5c)4gyQ{ldOt=7gg!zu!1)C`HT>okywlSEzh!uvy^&fgDM^ zL;w%<=Csg}IQJ+KeD~a|od_raIf#3;Vz38Kul*l(~86Iv0K7&ATqJ zVu|_mL!S6v6dzfa>#k5#`NRgw1lhFuSAE~p>|o%R9VNeP99;Vqc*v`OsmvUJE_4wKJ4HW5{&1^%L5Vhl_!ls@eu09R(i&r$uE5w<3x>Sjc9STu5= zIb_A}3(;=hQ{K8Q*^Q6pAM9w?U}<|VeT@sQcb9Jiv&j+RyvD~87Pw-ZTzRL;-n{`e zSJOLDb4~(|Z_`$n+uxX~)X=3t9oG1+78d&Sd=6M3CY<$%wqF=vB$4p7mYjD)JYjew zeiY|k5M{%=QCM3eC&!8l$p84(XRzw7k#!pTV3bTsvJz?P~)vtK|!&0};7dRIt*a1)}wbzDj$vtl8@05xLB z;VzY_dwUMqJowa%=?Sj^U0}nMemNl0F`}Qy0MzeahbL>X<^Kx4tb|agOy}X2UexN{7 zWk_(<9%Q2ps}wzLRYoHc+wzf=6|!L=?DL5R$^^urO><6XI%~5>a)`k{1A1{Jh-Co> zpPsYmfMGcSRsgTIJ?d|j-+3))*u^xZZEMv29hKt6r^bJyQoK(=mskj`U=5e0t9zv3 z+5uz9wt=dmb?-EN=_}uN1(aN;OU_raT!pgV8FgzSdv}pn;C!L03p&wJ?6ZlM zuLfr$MH*2fwos-U15j|_i`GSHy5#Nd#(0Vnm&34A3 z$m}7DQB3Pi)wH<&cWG(nL3fnzjDm(Daxj(ANqlS6>o|F%i|=YtjW<3QJ{}3Q$5xa6 z7F#_xeP@&$7F}gofl5Tdp^J%Rl1MI=gU_nX+U*8z|q35n*-L^N@=c@>l z*>ts$$nXxkxlunVaFKa(?)%Ox!;q?=5Nc{q&JN;^wK0&WOh*zO=rm`j%xd9D8EZ53 z^%6#Dy4Di(H}QYib~XL0*=rG3ugRCu`#(1TquU^0^H%S z8K5mD%c0f3f|qyzNQHP*i|zgLCRU+tTu#)HEcSwTd`EPRG+4XOcYYhxne!)&HQ6c(?IqJ){?6EwPpjbZa|yi z31h$6!gGnUp8P!Isw>hOo(wwNZ>Tzg=(;W2S&&fsG~p!yqdJ9 zvqKeS0lJKiX3pEi3<)FVu4+mqs)k*g@EQ>p;3Oo2x>4_ia=35mTC$aqx%r!WELSp3 z)R8wO6pE4iivZ#R4ks6yC-MN{<6ZN+R6bDg>d~AjRTj zKUi15SEu6t18(9Awn^B z9xxlbaZhVJ5Y-fuwtcWm4irvB_@Dm)lTvNbrx>WBvxi7ac#Pd@l^?Bv;Q6PI|4sa3 zN(~@4vr><%4=fCqaTvBx*m1xWfj=JFQ-`8A@m3)-d>e4^WX5D9B#3D0tAf&EV9rtt zZk7^77Q@|je|d68iW9E;ybWLunBcqeSI%Jvex?A(MC$&CBh4f`)sS-MP%i|}Jc~(Y z${qDT5H-t=2j?kJ{(34BdwbP{Y6}Vr)!6>}SAfAyDt&zL;QsK(v{M71TahQ!BIC;g z2~9CE9p+QR*Wt5mjq#s;5TeID{PMs2CI|oL-(;8m8G#88^nde(`#Zo@^UraYWJVJ< zMuImBGIOO^P%!`{{<=4$XXU($dTWYk%#nf^k=ZPzsRcSU`9b%BRt2{-7pCA3@-vDf zWbb~ea$qstqXgi)-*t_*b~;8r^L4O-p9?90L72Eyq*#Dxc;NC!>x&m0sTGc(WU@0x zEvYk>RS=n<-I98cKT$>h8$0v$>|nwB_xTeAPkpCj?F;uz?LyDJDm8r&w3~c#&Ke=7 z?6$o|xI(_csCWxeG0Z;*q3^@(^n8WY5c?*>eM#}!YDIG|n2VGPsf_i+Z6Kgcj?DjE$RGxG1k zV7s)MLI7t`nI03${ zBjGyEXG@D~S%=zkEofsBEpF@kx}3k3G#eEGdq~&~M{y>WmHK}$n(Z5%r;WQ_`NRko zp^t@KZU{_@fg0xE9tw^lYm`*Q*1Dl-faBtbL6wCZj4a zQ1ttql1Xij)QCLP;(E~c7we66#gjiV9phC+L~*A$S@P0O|KTH}Od`|J5B`ddk zA>l7r%mNXAaAYW|)Qm4_LzE$cGD1Y7z~&4AAB(q$?H{nHBTjw75cxUneKeRv>+{YL z3!%;E6CGFBbKC7-)zNcg)GB1|7{21|;ZcAd=t!u?R5s@8UKw%(7~h zJ^`@l=Xv`fn`RarEdW*l_p|}FT%b1#^e6-sqh~~#s!jo=N{>0#5?c6Y8L9NF)|Pb5 z2x!EY9bO{$Wlzp_|J*NN^hQX@V46J*h0P7m}3AXgsj28ExQ|7hZEZ+b?^b-8i94N+=EE)){8t40( z)JuLiQ(coxU^{M7NxH2ldMNVdcE{pp330I>0KOI?!EJTK$M~TuGtBUoIRm1xotAB5x(tD&GK1G z19r+ygbsnq1MRrmt@6_dlkr|J?IX2<=|e%xodtGvp9%?gWgR0)DhL{t&PPH0LcOf7TK_bhFV8j#6oUB z!ocLS@i;L2`}+BX&W^*|8k80(GBYXuC;z!bQxwzw%^S_u<@l%Xlvf0{$Dhv$`C0?9t!v#e)5;tJE*A^P}G(M{y!ZC6{w-GZ`-)-}s$Tdgq zgIXe*@xf#_=>+-AzM+ltZqzU2t8%a4x)EGK_ljuHkP8VEc;cX)jB=1AMCMzMfVk>l zPWC?vHqUXrDFsCq{r1$nz*=Aa4t-?C6mTFwkf zoD@V9jWD;MhnW}YoHarO&K1zweJBJPyMXw`d$2Nq>ojHSJVp+P?;C}&@>Yxbl5XbZ zC_%I9)sv2t)ua-VLNhnSLK&~_pf9|-OrCCEmSa+M{P=Rf_bL}44>E*w%vwvxb733C>wqPhqF8!#krkSdCR`bXw%ro46_6nF^(X*Lr*5y z3nIzx7`*f=AraS~&!-g$P#v@8LkKZ8yWpk+^buX8U+xxW?)58|Tn^Zd;&A3eC^utt@%5&7mjH5j0kaPYu35JxE1A0}z+`+q&0$@^_(0e{B-^ zDdg-ya5C|0gF-IuupTRM{qp&A>4pkCc`%t=viKBVwS@_$-pu2lD4*#*Uu*-lDMC*p zKMR>LoG>7RFQG$N8L*mz9rkyzG2@B0nV`-py61o>;J%FQUV2Ubu6xjf?L=<&%d03s zS-G4i$U>uht;kLHe*B)UkV)0`*9KQFxi~tmSr5m*`bmnUr^KXwpq`O65>_@V_w8*L z%L7c0ucBDGf96E;yAU-)T{*k;M@}TdZr2}ndeX>GmR0FZwS%ecNJAoGb+mf}z?-a_ z_H8Nm%1f*s@4O(soK4ioetun%>aq~>QVlUOmfF;Cpb&BtQy)Xp`vacll0tM=Tbhg7 zexK*u8m8uW-IUpz9jgYTH~5)0Zj%kr{?UKhOL3j@Lw7T; z=yuXdEeixj=cL^g0DYF1wk2)59<$r?G9_nVv1Z9{+Evmww^TAWXJG~8qio#!;;C2f zI7?sxNDNmuY;zIL85&hyCiH^!+T20N-5@vCcpqOHn}^3J156a;CMLG%hHqiuFWSjc z6z{P3CHDo~gk}n1$S0;LzPksQE)mE9 zOc)KWs?(@=8JcN#zP`noBdxE}+^TtIwyebJxmi*~qPYVX5@!RG%P4GJZ!VxJ0Wjp_ zl3r*~o5|>TRfn0*bD-1o-M=zfWw~E@T}R7Q*3~~?jl9M%I1ltTKyAJfUR+E_1wuI1 z2X2!<2Mz{J3NjgkArO+`w6iBAS*UX$t@GC|{22522c#b%P`@IYBZ>;97(HCrwjBoS zK@(R85s3rx9fwEK6eVmUx8*Ch5oeR$hNgf78uFjK9|5@nPUVWZCea8IujR0R`EU8N zK1cn7Ul5wK0R}^NBc!r_Na8=ui~ zI_-#mLPZuqj2aDchwzDsMnA+p(i4ahfjbU>Mfzp*?Y!XEvWChP+z;TX)51pkpgo!l z7NOxK#0Dm;*oJUdwgh&qZFiMZ;vXM3PiDa!SZQ$B3m8&?mjc`p&T^0ALGmSoh~*1! zz%&>jsIluJOAjHmU5}GR`}H57kBHn0mKo6U7(DfgDulH5?&z(Y-HY8N^Xpqnh$KaP zoWy_aKp9)ytmOKg(CNS$ z&{%FXA`06M@_b4s6MTjF%s&J|m0MGdfy1rNGjJGF(8rwwW_=Fj$w~1rRhdcH8rG78 zFfcOSaySJd%22Kx#2g3UXg%m?h_M>I7+eR*w+{jhChcZz=gS|7v+`Q(cwQ3>eW4F= zTAM%lj!4Kra(8{H?BQ<94>lIq0+)rH*IyVK_~&&l{LXODaG;yC^aKkOAi%g4r7rAIL9>b|WY?lKtQDB0yMjEF`!TR>5ZyDoU_X_mU z5uW||ZpZ1r(_9Ap%nmCNx--hb@vO{W;jWaM%!hDSoQL@vB8K_VH~tED6=?ao*F@O& zPzaQq$?36Mbm+u9nw#lz)XyLy;jc1E1@a%+GR|+mtR6E|?W_$;2*rGqmgWLBei#NA z^Us^4uIa`Itfdi{yA(7St#*4}#(pP#n5Qx6B;OmrwkPu?uwuE1sj+EC5I~!cl^#Ak zGblsBIbn|^HrUB>QZRxK&jh33We|!R2FKv`#Gwi4zfY2-*=^q^$f1|-mbVL8U#6kg zpnO0+Y%^7VbO`+w$Y@9pjr~_v=8E(|9JrHgVoP5&T%-I0Ous)ie& ze@q6&_(42&NMuC+0BTw(>V8dfG~)t&wu&|)6>5OdrXDfB#58{oKthl~{k3H36=8q!7-+7pT^_q}w|vw3 zAu~wSJnH?@e*A1=16S;7pBx|48h^h4J?$1KpX2pS26xlQkt!N)vhV_orhZo~Z8I~5 zzu^I)U@$m^^zD@nnW^6pW@_GQvQHH57vHPw;+sA(E$w5RiN_%phf_Umy(er@mmZg_ z|K$%p1gV$tQ7d2~j1=jw1H(2Pucc;Y;`{gV;o5-A6xrm!ve8znUSj2=&$xY=JCllj z)0lv>{dn8ey~J4iwf>Q77?>7#te(d#tbQ<~wUOpHBMG0AEJ@OZ2=EAMd>ty{!dY!*FZ-a#uW3*vu?|Bn0xPM8A=`qpr zZwfJU#r%wEX(7^r1JNIkl5v5l5wTFo%wJ6IC=it@NO$o|!?e^7#q+4c4HQju}OGBy~CXcw0u~1We&<< zdW&+|EtS7J7URHkqKnfc&#mA|p$!3$u_!b>)fH3G%^m2}lX!`)K#Oy>R{Wz>VxOm6 z!{<{d2VdTrQNGru9}bxVZy43mS?2Ap>W+J)oS*AT$zIq8pE)F+S3xewO;)h{Re@^- z-S_WnEpM2ZyiI-58;Q!4fUo|7fvq#KX}3=791N;&KUG+ z&R57sr?Xz9&X%VujL}rWoKx@UgmB$C#{}Q)PUy&L3|)IpxK)0Wx#c%)DGB{OxKzxx zHrR-H;?}rw@dLnK$>zEgwc`dFFAk&c+Fd`UX@Tlh4CC-V_vTAC0xzZC%EEt4In2V(GiP^9&o&v zw+||C2q371x4rjvPE$tkSSsZ_ruFc#ldInVohs|L>to@h$P)TeT5hoCX0hPKCuOI- zF5TZqxfeatk|CQOn8jcSej5r3zN@sg1vjLeO(q}kP`C3Q7d!nxof%GC%z1T#Ld${? zKBcph)HF#wyk-PzS3ljBOHi$#*O}b$yj8{>9&S3u$MTbxKb~Oncn}P336Sei${}ZG z&pf8Ds@jP6;3s`iiudcv4><(|k3UN;<4)Z;33@?`g#o35AamaB=%$NRtfWc8BG9Ut zL^4eyVdlYMTO|dUO!KTpT!Y41$Xf!5d>kFsVhMWbUzpf?hOF4Di>)5pt28Wm@F z<-v>1?P(zLEx*TiUrd=QRN=88*39Bj&55&ZCPxNOZ)ACV0Dfr^{fMe||GNZ#K*x_tRDHH`JdT*gzkJ#GhQY8fB;w zE!7(P)jOJgyR8x@2TK(ehFNiCF3iqZ0%~475?a@b7ft)WkJW@ixDl+PT4-nRWA+gm*FT z%#Cr|&V~j)Odk=QvgDb^VTM6{BK6A-?l9DyG_^x0Bep^J0hDnVfik+IWkN8{L8=*s z;$B*`8)lN3?1!j9-KD1O(;BH|%p3i{$u3`hk8`1|yP0uR_edA^0?f2}$+= zkYtQ{NdplVv+NqC!Di6d?0&(u`+kb7nb0m!c`%1jtg2QWQcLE@zYb6a%U66@JEv5P z)N|ZkJ#aBfpM8SFnMRL+miH^PHtc%!3~;spedQ<8qjaI-Yl7K4h1TIBq3H=iOx)kz znq3xv<4!U!a{BZFnQFB+AuVeW#^Xa?W9TiGK*VbRe5`~0!jbLfX6Mro4yO{a51x2U zPW(eyqxEf$+3=$|fbB-kx@6V%S_%s&@@%dtb>BJ_*)@Y_5&+)rF02#Zm|G*de4VbH z-r3t=Yns=QV_VxK-o!%$#tn~6j^gV;R=$+vmet#jW)sEneK3Bd*e&naH0)fe--wcE2z6DP%=rb%9jcbtZVlU(l_g)2%e*4PPZ%{*o z1v)s@P9XZL?r3l=bhp|fHsLD;Z)?Wbr8d&3UWK}c5QaB3J~XfAgqY&MF^3~DjDiqw zm+{bHJU>TQtqs~uAgL2a??cu&V#oo4` z2wnPce5GD@AbTI@dF0N$!^4djRO3wWox``B=fAe;+;IP$#kZqa%6Bc&H?IAG1W4pA|-p8S6kD{iCxH49yn zBfqbwvKjg>FC#o4m#0xTg8v$``M$+JvnoWF$M*-_CKFiypLT%h*8pW}lrHE+)Z@$lr2XYfSYyP@!72D$^)vO{J0 ziMmRjPx5fuM& zDZ2h66=vgEMxfQ-%{#BS-jK8P{_h!F96Vy)m*@R6X3bH{2S)h`(9=*;(|9QHGY5wj%?nNks>z zhyVf0{5Be94~@Ha`ERM@BJ*dBBB={7@CKR#L0OS+tO%C&JAKMrt}@`VqkU3{VKM%i@QCSg;-A;B>y(juIl!H&s^_*ZljTtdE(fu z%LF&Od12X4X_c`jeM5}z6_Oi1zw33vn}4zFppiNv6A}K=9K60P6ZvnCmM^X+6aikd zNN(PS=jt0%;4R3**)%Xv&pk^2GAllLu;&shs|3(HOYh!Sy7y{G;`K?H(n+!(VKqPT zkDB!*@Z!x4m+@Ux%56%;XE+1BMBM(KyJs$$~m>1fiplc7P%Ej`kKkc0Hp0(`@(|25uy*CKY)dSwZqva0I+UmAhS$%lly71p|tBUdr})djC6v+f3*1I2O0z!hg1sz;?Iz zC{Pg$VtS90vp#vLd=d>PHy`4PEE{}@8Dd<!3?4x5Te z{v@*p`|FGQ!AKH-Cx)>X`gGxMK+IB?oreutA7sdnOIr<(o|l>7f4CeL&l>{XUHf%~ z=!MJRszu^9&!*&SY_(a!E2f7elqI;Swzt?D=M9STdW>Q9haY#9%~;M zxLu)Uqt;W1=++P*`ThvxI|0Al5DgmANW24hiUEOZv7#7mgJiF-kNrV6i6)bNyZh{KlGTEH zKOYb@$7``e_>`w$Lfbv?Z%IUlbCCS^zx|NkuKNwM_m@Ze-%%jafI{9zT=R3M{o;ty(AtH( z|N2D^KPUcIV(nZ*uj?=qE46f$s%!&b}=i#s^7TTZyDM=|R<|9aMzz+m0 zxLc1Ny(I%BjBa+#aWupcKH{GQpSp|0GoXt?ve5w!1i?<4I0uU6KRl7$-Y+xv)im|} zQnG$j>zK;}^j2eP_g7@)bSeSlmy4nOMkBo$AX`hleSW|IloQC0M=@U5vwuqliXSmp z&yP}dPsKJaYuDe_jB(mgZn9t#qxKW*I>i!g=lL6;vvX};O-oB{S?wmgFPaarGElW~ z%$++-N}^|CQ63KSwXg!Q^{-bfaW(?9qJY@s!`o}@S0J|jen%a0=Ko>d`kmkN)|9@AH@@WY4v^C8+rae4gmoi%SzJ}gaI#5|%jWE$@T>2|q57jy_lPzo0`+(E#us;;TjSP(d?MY7VP$&xm29r>*_4-uyOlJJEFPB|pp95_Sh?p673-(F(ATYNL(o%R?##FmeNY27Az^w2@Kx-d)) z%Vs37OY>#2Olw~i4WOvVh zoSBa7FaEX6bf}(xCj99EPyuBkId4%9ocyV>MO{Y;Z;O&}C$%5UX$IWf-0|<`l$aqasu6~V-S>sW7j0_L8I_$0^_glLKogLpmWXG0 zHoIWzW=ctJT((>^z7F9qrQ-z3JfY!AhW(fMu@3&T55xf=NQwEbW z=7N_$T@;@WqS80)CX+BWALJrt)(uPkOn$S^G(XrkHS>UL*jT!iZ5mqnU4)tHIh~fX zmfNl2K%~s&4t(XC4eghzsVx0}9(!J$`Egx8Oh6lsE-*jXHFu|x^aP?~Ij>>}c*L-b z!IgswZoSA=MdFoWw=JrTb~|4Y&NSvPwp1{0)rC0`GU>g>6N#61AvJ$ZK16=5#!LV& zSe+)2V>__cc~RY(6o%W#QH&Z8VNnrqWq3v9((8plN6n5KZu{k%@nAd|upe8eerw*n z@z$Kx*Np0)3tOGb|3zWze>wMjWWsx65!VQNpl<*Au>wnxRhPWQ@>7#k*_!u%Y0q+? zD*!PKVjFWxvtyLYWutPLihjvpQqe7#crUVsrl{XZej}oo?EL{{0hdXP?DNgKh6X(# zA$N^`2k6Y*M3HyclYQNOx(Yf0FiF{51QO38zkWZ-44TWtrRk|`h^2DOM_*UMye^2 z@BL>aV1U;+$)t+{jK|>S_?AiKQG-nH5D5}N21?7)d7{SBv|ZLu6z$^VuQjQUe%@Yq zoMjUiIjg{;ASzV`B!E4%YRvH_V57=3IaS zgf)EOB+V7t?pF}xTelz^w9iYI*vLKqwxbCN((uG+>HJh^2TNDo@p_@V@6T{2nFsut zH~Jh~%y!uLU*wIFEa^Jsf{I`wUk7dkbuRna)b`)-M3D?_zKRQQo9V#kpCIQk9Bda9 z5rQ$K=HsWlE5bifqoclmM2!M>+C!sqTagX8U9f}55OklDgSo)BlVQz)=zuL94eSf4 ziQ_ZeBC=uDmwYT@2(#<)@8DHuwVFKif+G1+IWUI?tGgIH21HN`A?(KorN`U=(|A7d z6LM}n#G14r+Anh3Is(cDo89tv0=A0)l_dt~#n<5%BJOL)?iM7ek-y+NTX%jW4t@

    QN5yosNUOx4_`uv8+WnTFZh~3(R@NzUF+aU6|yzu23nxt^v{M-0MIk$H| zk@Q>TuPMyBfG}8j9;h#qFb`Nl35G0epX>fXo~0R>Ut7?AX+tHnph5|Bqp(Kz1Xb$S zSI+g`QWNiQ7pAxjRF-0+yAsuQ1H#n< z18Pun=S%7|Kq5Q#R;D=OZ9XSgLDqG-M@|Qws>V<+D z^~b(C4qo+Bd7;`+m#emeNdGRMWF=dB!vwI&!*}>9%d@ThIXJ$%{B8QUcI)8ZDov2w^= z*Yl~J8CZU|omCi6Tv+^x&#CqH!_$xBLUn!3%dw%6 z&#umi;*nUb0A+qpc#5kE#hSp9O9J+TItqPf;=bE<+L}_tX~%t2HNei$dgr~ev6=D3{|-T!pbMk(~@vmK11&x=!1WY zN*3$J3>~g6AeMO05MYd|m6TSW1u9|NXWCIWEjJnn=jax=67Q1T(S@mdNjB*MdTmfE z;xjdt?b)4TZtWFF8(VU;m9?gr@56<929ABj&bNx$K>e9542C${Ml%Qc z%M6u`2K>W`YO)Ljt@(DkRGOI(ert!JoG7popi#}(kztbkpGH1hjHg73;L%od0b*CD0kC;-Nu-WvFr(bUtsU3Di2>iRCxQno zU*{MsDjYd(vQEwPOYlv}QI}KvUTE{BC7-eIJpsN})SEZ!&Rm95TB-INT_^fPxg^XV z{vHE<_y4f>)=^QeZ`&|#Ya75;1VqXploX^9P!SOjkZ#yW$AEMR*la;SN$IW`V5DOR z73q?i0fvx{p-+b8XRW>0a+tfW`;6l}&bWxkHsF5OB?0;V zyAAk(cJLP-ok1Q`V7Q?Q@AueLEvSnL&KOWyfnrG^->0{kAZec4wtP+C%9VvjMzsf> zoJe^LO!wE;DftA=W4TR6480xt5GXT>9vnfG57|i`+Pd7#lAkcqJU?3*2RRCJ3%^=9 z%g(~?rT^aV+p9;U8c$AdGOTnxMJAJV{kJb0OK6_oEIC*{iA?@<*VnRMGGV5bF7Md; z7&Wv_f%F^i{P|+DQg<4C#{1`&S=W0mAk}vmNfy8s=ExQ= z&=NAXq;_p}9)tZkA)DbGvw7-wpoV~JPUbw)`y2xW*ht!OQiEaax3bNpfmdKhen{0L z#qjb>7c!K67XBF?Y7z7A@K7(at5*+Um@pUN%vGa&&*hiL&j|Y*fl;3ahYQ0Vo)`Lv z4Xcu`KixaSzF{nMD#asRE=T=-*Y*0Bi?pBBA}o*GzjOQ;EjjDz^{bbT-_`V%&rniG zf6c*rCFS)o^?v)!{Z|W>k^^jvzh5~u+Ud4xAE+3;;I{Vt)Z##q!Qp~Tvbf9i{P5NYAy-veD-x|$VmiSQ zo%sB^L22%T;7bW+b(lfNaPqp{V0u9alXU!?)%?8Q$6@M*W{r`)9#u-$euoL^=Gl|i zpTFdlRNXyN?&L(@G2fIZqgiW2ZFY`=g2LfNGMDtASWQ0auiCb-Nx}IYd4`Qm^Xhjr z?t*s>sEoAt(Q+3w`{d=ShiKgeuhiYg#pO&T$R%*h4F67A`Oq+OBDea!UV!hjWW5`1 z3B@vXlTq*A>pi{qs`j=e<6xJ>`+V+P*~P)yT-j429fduz_dgaVh8^6#fSnL%E{%)A zvj~4vVM|w1tc)zgRpaA6v^E}_omr&s^_(=0hT93(>b%UbW6>zr$G1H7xHI-57cM2} zqz9j)C_xx+%CP8j*mBBi>SD|M?ePVs_&7n*BD+Lh*@M0NlUEbpXpRu-@Zr{e9|nA? z&NVFmvBz@4QCKIWHm<}ZU*2J{wa}s!{d(D7>ZX2Qu3qcd^2*9nx%>CCb+CJ=p7#lk zx(opqg*QLp%N%9o9>|I3PDGnTWve7epbg6Mhr_4ZPF6SRda$|KV%7IpiVDxwC%nd0{rCZSZDLG9 z=Xuc%iQM_R64LzK7Y@Ced-KQU=KC;w?2UTfp)>OS|K5lJeN`Vt;l$bP%Gq6Rzd7^0?zy*KAg z*~v!|{T+1 zz@?V@`oVioEua9_V0k7&Wm3lLgR@-!_!=SaQvt2p2iF z6w{OCw$LvSU_oYG`Lwu9ve+Msq^ZMb=jiw0EpwBSifkG>dn5ND;b&?P(p?ETqBI5{^@J%9N%l5?M8=+oqP?p^osbuO(Mw5@0rQTHqb#dE`_JQ50O1v)+CHdoch zr%m4)iQ^)_jr{37J*x`)nk*zXgEOh+cxuzqPpn=VkC1ulYh&f zwTApU9dF9?KVFs7EO=7yy2TTG%E6%YR|aG_#ath$mD=kyxAPh~4}Gi)xV32N03spb zGW{Oa)c5-JG1N$vUV?;&Q+D)+56M?#Pgo817~~C>&@#|YJssthkkGFWqAlX}AFg!M z+w`-H7*6N0diN6Vlhv?g(OI5U)Vf_Ubxday7wOySzKMmYpcv?t94vH;o5$yoy4@?+ z^sZWIWEzn-N(qNfSwmD%s4Ue1M7%}6^MHnIjdG+5!1JTUzd7 z#KeG1*6wQe<*o2YE0jf#UvO{y-IDHo3YCyR(y{FwvmrXBxdiuHH=Jq}i;q z6hU?C8kE@!XgfXRaf#gjkRW@4T98iCBI&xdui`hqXS-lWiJuD=i6wo_G>1|QJ^o+J z^l|Q}N>iykg%>@UD(z1nYFO$BP6{g%wfuSthTNYsQea%` z>|YO!EE-A7mB4eSU`4;rI;*2m3Bs*j^CU_E31^W3kzRdm8~1zW4uyWCvi4xf3wM<)>uKM4=&SMST|s0H^j*>r;EK`xoth{0B#&eyNjB zuI$0!))ULc`YVzo;X)3SC0_P>v|TE*_jDnLRt?yB;-)^0<;dRDqs+Qvl~+Mb2Dj;5 z`ZKLLrHnUh_0_HTV>UWcHA-#pn=;8L24ZmQg8lN~XC*4sm&DauPIB5(udcsZ@5le; zd1LWnnN_ac?GePDJ0F}v1g58RxKau~B}v3GG|yjjCO@0Z<;7Cs(%Vmtqh>U%P=l4D zg%Y9Wu2k+BginPwb;_Z8s}ZvIy5Emp)5?Dxu(&E1Zz?j*CAf4it%}= zIJ@fZ=lyGw2?xl2p%6_sme-fto+B~*K0{-CZ9{rkScC* zca(BtO3fqsR-*^}Dp>Lp&o~N`_NDgJqQ2GDk?UuYNUM!WAD|2ewy!FFHc;rwETqfY zk|=0VxLETO{Bf}hfzN>2<tqqZ8HZ*6vG z7_IG=eg*UpF>KAU^FXl9r>vvAaI^^bNT;+%w{gJgUHlk{gppjXx<$mEXOBO8D{@+q z)K2uX_9O|J@qfalC`6x-Y6M)Bg! zaqV%UlFZ{mxA6Dxl3EXLyc0;1pPS1%VY{j0V&D8)3w_}6Ef?@psr_&!f>G`RO*Lrl?Ccb&Li_T+@KOkh;zcDD?YBzjoTG>c23KlWyHcw? z|LSXk@K5q#&TXz#PL<)PO@rqslFnw|C7gA})mvkv^EO-1m|3#m&XT zzc8ha#z7O$HZ&=T%CC!}AC+cJ5^EST@g8(a9us$CHh#IVzXEIU61|;$uUV4G`}Sv* zTbmc%!8t4Y=Ego~+aqlD`e7u4a!kpG`K^YFyjO1B)q3W-8P;stpGumt_d%|4HF2rb zVtGgOt2W-P+mCWt?dw>Bj%A=HUH4}eS|)G3Y!mX}L2F>qzPR(jyGI10lu71!!`jy< zANjUD9Sv4Y)ZFcc5xU&PCQpqUxK=9X?z-wx`Wu#Kaq`0!P3I1g?00@473n-o$Jw|jl2pB3E4ILOZ-V<4yN%0JD zx$iE%H}qcWm6&9xMQ`|o)LnL_%~k-2eOYoh3@U{6dc6;dYI0jC(c@{2#GQeWw4(jk zkGUaNtQu>J);|{c3N8{J?h7rb1c+GKA2s4!)Tu@jT5f?kaHn!FH5Q)}o{sTp9SrMT zAPtN@b;oaJ?q9MY9=!MV5vNOtnEPDUIb@(cTJ_jq!tb_4+-N0i%~@FFCTX{o|GT2n zy=Pz@N{{L4L??CmLxH)&U0J-p%yB@QC$ z!7MaPT$XIKcK~QtI=of1tXt=Oc$0_ckz5e15~1P^o7Dcst{+92MJ34SF5ev-jWaB9e$$gU9q-0s>Kn`;rKpH&+*&MKr@eH^mSmW!94At`XN4aj zW-2GdIxuW*iKSh=#*C+7pv_3~H@5d-jafX3Q3%hX2n;-{rkkuDG2#P|48Z?Y{Q(Jrw8c09lBp1@?|dzOr*?CZ!iAcvF+AlnX9 zl1kYufPetI{vSF*`>z;Ev(CV%tmvhH#Qox{a)H)OAHL4{{WYL^>i{L}vl&e# z6TdJjuT5&d{%T~P=CfeU==)4Pi{fE0BM*p{wNf3M*zUym&q;}0g@UmT=0jL*yog$^ zwScg7|K*;}hMN8D?QJomvLf=uEb+L`%4Ze@CJPqDOccir9yHdJ#BC3lw5tJzq6J)@ zm2_$Lj~^5t3g+xOE^!XLJ}glmRrw`Dx%1~cu2H>F-LpfbZ-)&!#7uVe`s|t;D!ZgU^I*o#l+*_$gg(r%6!}-pcqWalEyN4**dnR9(m_|EKX5M~2 zL=O=xjh{qDXcGGCYMipy6jS_1fio)EmU>vm1D0=#2ud~H+cc>bP1b+=F3Rg2S$Y7X z4kwK#tz%d0&Okjs)enC9NJi8i@52Di8K+^;B_IP-V~)-#I>}0nH3K5<4r9V zaZj{4lAzFn46un*<}rbt-{^mOege$qT0!2qRSBQwh^4p1ZsoVFs->n%`}X)UNbjib z9IOmayP%Cmf+j@c*1E;}W8nD*eSaxdCZ2w=Fz7s6SodMYYZ&CpZMuztcr#HPbx^jh z3BxCECtT!IP*YR09Vm=+5`1p>xU@U~qJBrxK#v~vIK>CXwJCZNJdr4k2P`{>!|&ra{gp(AuSCgmW$F6L62l6eo7a z3OU3(Fn4%Y-YVoENd0=8M7q@7$B**VN~`hR%Xv~CSc=jIWAHZgqG_)CFf1ax!&qSw zjY47Hsk19Opu%gv>VJD4$1NtN%dMU3>dp7N3gi6Xz#oGY`Kr$2v_`jm)N6gk)#@ap zJUoM!jAgT^j2JDC!FqcU!PIULuOGU;=Y9=1sycY|kr@`iy*|89HVTm=5((*PK9%*I?b{C%oA~6AnCb}ANe_b-Qb&SZSWc)--ARn78mFhr7+h? zWYwlEGkzd@c!YvtQaFYZbNY+;Tdm{IhZw(IDVvI1Y-u*tT8{<2vEEtIC5}R%LTCqY%I{Wxz z58*pQ`v1PezQy1EIn0@xL*5xqUh(sV-nj;aa+UgU)sIX8XFoEXG-qvgqWIwRqI@Vy zrwq2KLOxA-pP1^<{~r6#R}`n2{@=F&NB+;x^WOp{#s23P6n9=sSQhB=G`tf>k>~s7 z`wP;X1Su%Wf=^n?UE~~-pjDO5zy=&=PSyYK zPmdhyU{^u=S1ZcP4foHPo+AcI-ZSbxo z`w0nInlAr+W0%XGIBzhW{O6qMHZZ}2ODEqxo<{*~SWzhZ2eJeC+Q9YdJzo)?=1sfR=DG&C z;R|+kd^u2~5?Es{NH;8GMi>8h;-e3_H%q>FVwSeVhuaW-pb+*=g=4m+c@NmyuVMzJ zNZa{>{9HBLD%=$qC~VX7`m(QZc2w2v zq4!!8cdq`|eLa^-{L5oWdm$Q(4MNZ&mn4Q7cOmEhbeuCi?z2=`YIMN+@)ME=OWfV~E1xavQjl{S*)N13IhuDKZaJka z>HUS*?nfz_806E!fx(rPyN%7LMvPv=s+$|2a5F86vj2YBlLkOZURe8jB}?=WIs4*d zPSsU#?3sL0X^zI(dBGDTuFqj*1*e}Iu1v*RpLfdFFqS?kZz6bO@|Emq$(TQtT3Wc8 zQEe}2Y`3(<6jFB{Z?K0~s){E!T!X%e_wPI#zT@}__pJu_oDl|s#V;F)FyG6Cr2{C? z{PTJ3Vu{1Bgc)sfvoiv(=AJ=>c}Z+V!N4n;FX7hEi40UD#C~j?t?nXNryb~c$a($x zFhs!23l4>_uiKOXu!ikGs#g@LC2(Kbejv310$S!4z;#ofsjP@kI=2skm)l$XD)dlg ztJM-j6$_V`O}K^L3?(a~m9>SvNrSWaPOhMLZMnb|KP}-R?Qr{AmQ9SU;RT8z?f(ez z2ULf{MFU4^Mn{p+N24g|tPZlTR_W`2x(#sY5=@cl#>z?(k2?9m|4dF#XBO6DtFb_# zZ}cVW$M!}u8a$;$aoBZqm?3mvv9n|DZpjTZo_lm_yW-o?%=B8gs%Qw99)<;a({@j> z6@|!gGGG*KP^O)=bK$o+$a!ca)FkV^B3Ugg&UpL$-rm;Rh_)f%$R(uV-Pm1S;owhO zj`;_c6)gB;7>K9S%C|ku3L>I@M*#FMA!1JRwG9UA}z zm!xdd{eIb`91Qs1DU#mNOp^~TW;bAGV?$6bg1k@_%9lj(cG&89p}89z91mKfc{L7? zgx zKRbm(cjDBC%QG!N2Yd_*yBgk{?mX3!1OMsOz*e%H;mvF?N#8Kys8w~aUj>H*n1%5@ z&_(-GjSZFB4aY3(t`__0~N-*5hZ zdgA{tqe?;X_~(cJ@+bdZ>iX0FD9Qi5o&SSZ=U)`}j|?;=oo}OKR({mC%2pJJ!{xj! z!*Ti0hQ$?(^R8&mDkyYsf8c7k`mel*z7w|Gc2q|PRw@avKW#ervW+x=Y49*6;lNHZP=Aimi*#IiAfepG5Ap`dKnra`noiz(HwM_6SP*`_m zicIypOJ%!Z=i2%6=Y^jB3trmc;LC~HcK2oGXF!mdm zfuxECT&CeYiv>?5AHk(+^if0S709CT8VC`-yinx=TiY@%-DI~+4L3}fA^Brxe`J_v zWPa)~zTtjYyXm1As8;DIyr&hX*5H{|q^s>-8bi{#Xpyy# zJn)yrS&~0LvHomN;~5Q&HbsGq3)`Pe^En!gYM$x!WGQQ8g>0dX9~&J%v5j%VM8%4@ zp~J%0b?8!s8NNziG%L_8Hfwa3THQ9Y#TUPWs8fqSJDx0>&3rSCgEJ?;ur5& zI|M?46Wl+-t2A64I@a9W?7i4`&U^CXAHI8wx6PdL#hoWVzdg&4i_g;^4B5&zlCW!! z?Q1}b8o7sTE%cVO1p7Kjg`9r!ZDwJ>gzM&)(XqaAHCeLP%H8$^NqN|pu0b!pCAbr@ zvOB8V85n&h3FDm13t3pfCA#C=7u3-=Sy;OL^X`Bv7&NJ$!ARj9EBe za$29~dRD%PTf%Asv3+NK#?2p_c>3%L;YSK~a_4o&OC}t0;^!}?_1jjQD|JoZ3e>%# zKV#o^lMpu15ig$B$ikS+U;FFcOlOkLo71$K70wpW=zfFeHjk>|c3it9ufZmc#dq=? zYN-6HZu||9IBabq=7p+s&LXj_wY61A3$6JPi^am&yktlKP4I{sHHWcl6`Ct(VYH1# zMn=NYVXyW%Aj;>PIaxd&imY=RXakj^5qwG5wUODQpO@V%F)@+Lq~@h!G#_tmpBe}FR zGaoS|Nc-wHhO&xk*UlBXR7qmuBHwTBu=@W>fn9L5*K2kfQl#U#)zkk%Yv!Z^0?5Aq z?mX1>C6D-Q8M)1SVzqfp5-qT&7<`dfq`Z3HZ!N4%2YbnwgLt@1Uhmyb?k=sRHhJ`; zU>nm=pZvVV?(a8I?pN*Ru(7K}U~sG&UKlQtmk(u$WLq4p&^R1<`APjjBP*PZ;Ox%>ap}asE_7S zt15Sjit8Aaxr1zDla=Jl!OF_2(4C`^wE;&#se^MiBNJ0@9dWthdD-jR8B=v$h|RHL@Ev~+22mvOKXg?stxRdBti5lrr% z?$}X;?VP%l_^Wf3;|_lyx8bmVV!!z5M=tGL>-ee6){fPsTnBBz!I|3qO3gS?RJWGK z*I!|6HVG1L-SBh!MT?$knO>;O0Lh!nD;w#p@%0HV5^I`ufpz<`xHuGvDNIkFtvM~X z;VmVT5vy*lAYkNkT8Lea&IQdAwz#aR5y;1ub&>wnZ(P{=$wC^{@m(^$qKl+sWL355 z{zO?3HxVLvK@*z@X0h0UL}ykK$CoyNm@bMBwFycOwL!_i~jE^Jkeb9|RoO#8UHs&f*$sXcgB6W-^T@{?1oFJNw zj}@`GDk>_f5Ed5~H&|?w)}S1F(dx(tRpiNrcGh7<%HivYKYmt|@^QU+L|-cMi}%~R zyS5vj1m@ii_o3mdr)+(C${R}wH`jDHejZD{pfl2HbcDS+!d5WH-n6;)Q-C@))?A@F zYT-|jm%_)#miJvZ#L(Vj@p}jvVvB4~OL?#1%iO{4Z$5w+^%N^jer zcM?iS$LE_q)?Km}^a`xp`gwms7hh#_OU@&9yT;7z+BX{Bap7_X8jmI5g-H zLriipC|)q;QLLm#h`x|xKD-k0m!s7szI*Ng5_%=!@7dVcX8n_Vr$5UqgdVrs6ZEUW zxi4vkHw16oS>AJ79hbYY*xdE?Rie(GJIZaN=^U=)7eOW9EDM{$V5LP6NOLZqkp%JW z%5AUl*C0V?OXaxoDt=l2?Ypq7$O^M_auPEe>+9#bW_Z|;o%R(rB);_V!tm#=!N8x_Jw6v{$#125c2h3DatmR3ngNr@>P z&K=Zn5Ah)FwEFq`?M%_Di-daYRnqet_x`-wnMLF;w4>SIBWr>6sgo|_GlP<(uyh-Z zEJWh2JviGb*@#P@XbdF|$`)lRZ!AUJn0tHJp51P~kzghgSMqE?kUT#yQR{V&1>ek5 zLljg8-$M5K99mUfjof`g&^xE?_nV8u7-?#0YspeU+dVyjIG89>HfoP5P>#cq_g@}& z-V|}1_WEAAZ->vtdyKXtGD_@twYPO>R)%1>r;);*8NHendTgLvm0CAa-tnTFo{{yF zTX}hZxS`6m!qIfqQUPLB-efctQ~&bQYMbSa91RKI-D0Q0$!}F&S}F~bhWk=UPK%t9&~^=lQPiqTuR ziHkR?9rRBmmN^pQ9IKpoIX*ii$W{qR7P{=mf>b8?ALs%3URq+Xw;vXbHSsvyFM~q5 zjHo<)v_elNT4P3KaiH2j{;WWG+xXr5@7D$GL}Qr!MXwgQReCd7mHf?=-I-SJVTllK zI6JBm#K6UCX&p>I()P(z+o>duIlQ%GvYchu=lac?kL5#{w3qjMY{rR>#Pik*d4?70 zowwJEpL8T>ERRrUTXiNP#Xlz~y^a0%$DCu`5*OZA(v&29&^P$BCf8 zYS8ZNM0Opemd=J!LB%k{I)C`^$FSavN?mL`tVjIr7VBk&-9L9-rMB-l<{1@n48QRP z5i|B)J?=~Hvlq7hap%gFD==OrWV-WEJMBTR>%)rzpnEq>tDxi)DJIMTJb?htYN=He zV)0?po%e1|Rz6Y=2yFf%!BBpeKDF7a-+4WRhB zOD4I3X)JLZHHMG7lFP7T?S3X~hJsd@;5dEil-fi?aEZ%|3MKPyAm7E`KAoZG?IqH1 zWGjSc0t>3HsTt7_!jJ~2O~K|!$va2YACn5YzsIt@*#FQ^ zYQ3#zcP@){3Nl-8rY3X2Igq6@llx?XiQ=P2n&#%|fJm$cdfWo(={SmuG<-6UbOxOLD_Lp$Fya|NdBtJEIs zVs^=k(R>3PX!5WJ1}GN9s?TW<5*?z`>&~4E{7WqTK`>+M=;){^3#P5(s6nZ{8YU`_ zO~Ge#si36JcW;x6gF_!i-2SLNJmAhaJ^@w8nA5ae*_Q44RHVm)f80bUCB$$g`Rzh7 z)V(Y9&6yrwz5yFmJ?3TljwC|z-B-odUH6WkIKc&_5O>M*7N0Im&#x}c&E>F2`LqlV z8<7ZDm+gB4RrRjks^ z_Yb#*iq^^}sN81%-~rJ<(D>F!LTW^Wo$Nykyrtl7$Ie_MD|sGs&2{YCaq_}|hLq2y zruviA@$rdZEhFt5b@oU;BYnUt5>{K%e2tBE-(IhZpLb0XU1kivv=f_}n%bLcp;Thu zr4CQ_4xi`p=t*1Ndecmjf4*bQf&SuPsaCyWr0dET0I#<=hG%|<@Z!*3Ix6?j!1L=^ z$(VJadVZ|Aii$RRfTub20`AZx&TnzcQPH`ut+~0o4}&)B?J3`8^0+Rjw)#$w^QNJS zAotbo9XAJ+J@*k&Z;v%L-ff4Pf`>Dm2|XliXcwcIJZb#RnTGL4GwrRw(DN0IuG0m{ z-ICtEv;63p!JDDszN}8!`R)u%M?#RAy87;A%Ll7$Rst2IcMRsP`-9*a+kfVC=((ui#y*hl0MJ{;4$Bm6)mK> z4x5{Je z&zhr_)^JI3)2%OCPa~|i%)~#KQRXg+SaK_$PxdH_&m$8*aRXsHyypG;uVL5PzW_AO ze5g8qY4=sB<7ocYh`&jZrEjX!1Sdcg{}gbeFgD?r#^LJ#;yecj2ioEB2ftsdoXWAc zQdMLtvjl=G#ku_Eg`?!)F$7KSek&(HNxcdWZDdE zpF(O2ddr>6n5CTWpQL7X&GzA&j`!PN^iWO^QI>gqkPRcUo6QAnzP?;WKrLY2InXD( z5`S$j@`jKlmfAa#!?(-+IxT#=*ve*!eZFXgfJ_D zUf#R+(tTkl#d)f=)m-q#ZJtMAuFyf5Amgv194DkK+7_6Vm32az907KfUjeOFl-UsC zYa|;$89teLLxY2)ZlC*>iaC?@o`_|e0aSC@pWlVS6Nc`~7KK1G^ZVuRvS!Y0%XvOuX$(=97x-F?^Q ztS*WAy{y@_4S|uLrUq}T7nqjGB+I*)Fr*Y_)3& z>QDkF?C|Rtd2ao2qWDNCt7PUWnh|`wxC^ie+?i_@@lSL>@BN&n0k@vIPDv^^gz`iLB6WGYGXq6jIhnx1>ddV-}-Vi z8t48ou)1s+`aFl#>byvue&U3RQB`WS)kH+BefL~H_aF@|r%R!N)f1Xx$@wt#aAiTx zxQ!nPe$Fnp_@t~dGW9p+tNh9SCQR)@cllOr(Z-*AA6=Vf*0HtSwfi1dKS0iQ%M!cc z^wV|Z_JZa2Nx?m-q)(r+Uj)AG_%GK1$XKIIzTkTJ{u84Hx?d?)~LRh%lfoo83d5B4Y~%#@lE7zVEM9p2!t)U#HBWebDGYtHZ(%S_Y$9 zV;GCo7{c7s85BJWc^UgOl(~+3z6nqeDX>p5T03uW*K73&=v{m1q2l(gZ8LxEEZ{J& zwO#ULb2y*?9Vie-yC+D5nG-u?4u8q6+BBo|>R$;4sg-v-04cPvwmNfK2d|g@@FP#? zL~m~|PxM4?JCZ*BveSE?MuKBQfXIqdvUMG=H`8wY#KfM;nU089TRdv14Y+X<$iEAz&R zB9toxf#e~V&KA&25fQwNs8@d5*7E8Ef^+73bJDC5eYN2+Mfj%QR#a5v$hAi8+KgRQ zj^7S}1X31wdh0LG50D=Nq97BJ{NX${+n-HK7XhHAh@h(6SN)rpQb$1Pd|4LEh>h*@}|9;O(@laneJWV;wE?0s0hb%B=lhKI+NtCXw}wZFf=ui4hD!ADRnh_*~ujdXlyHc=yoIP;ZWl6=3u}sFrdC$AcOySK|m*V11O7 zU-{w)5;YHhp=eL?=RHcc-_Q$~G6LvK4d}H0WeF?^B(Jtw;kgil4%JdceJZ)g8f=Z? z5KEYq-78|9Oa?p?k<@SpJ#Cd)5>{n;{fGJhr#bb<(cD;V{s0 zGzFIww!@NZtdn&6c9(F$MGyHBPX^NS^Z6g*>{X99HZ;s9tvn_B{X7C*M;-hl@bj*d zvuaROoNa{Lob!HItb@@;`AQy2f*$1Bz357lC;N9wVF2AKs+SIGXgB)2JI}5O%`V7> z=E%ZAs1()h?Omk?_Dy|nbCDJp2PvC6ZQUe1Xy_ZX7SoXTF(yD3_q1I#hjVwHC8nV9x>5XWRcdWpR1vcBr8wy`h0$j(Wx< z>mNTiTp+>t#UCgE3&9w-KJ%JQ$3VTD9J&~+aisVSJ(;BgoooKYw1`Rb{i>PQ4}Mh| z0I=D$7*(L$pK{D#W5n~yxvY7 z0?eTb_zg}p=5b0KlW(}t&w@r_=Z%XA&vQmvJ&zW zBoj98MKgogfN|d425i*Uqk5xU*2j0FD?nYJe{8d`(of21+=N-e^D)rVWt75~fIixT za*sE_*b8i?_K*m1=Oo)^cl+!`Fpjk~mB0=%&09rd2-vXVDJ(DIZx#v~k#LN-k?c)& z-5T~FecM^z^&#ZP`Rz+UZlbjF`)(m?a9vC=qv$OB$#wvpfe4%e+9)ez9vFd>R7{`i zH3|byTF|AHkGQ*BGt{$!eLkWZ3%FaG=THc=eEy3|xNrOqexaCLfjT>>Mm@8))9L2C zg+UB_!yf9`{wHr)M1?Is=^65hK5?#yWwO#rdqCO#X(vT`Z*+#sxT@UmaNh&s?;G{@ zQ3Lkc(90!k*3jmPg+iOwo?E{3e)(-yD#}{U&V`DRe7ug1juTg%VQa)_mW3Yq+WneG zKv@!CMT8wkL=_bjK8g!#K?32D^ppFQi}3nZ*Ex9>)j@Uwu{x0B5pfu__OUJ1MBZLTP=R+;?pGy+!Oy1E zJaj?44}otEAo-mZWoMUjRK1AJO7d1@6v>UQ^?z>cxhmI}Z$#A93Y&};x&IvIQbgZg zTKT-65cVXD4FcMtIq5itTb5kqbz~{BZ70~D`k?5ipQh)g*r`M9h^7U)g#*AUyp*CbVP^zJo zE%qvr1NKplfbT;F5Y$$djy->#2Bn(K2nV2HocLgoPbh@WW=g#+JOwS0>vw<=>w~xl zQEb3>jUg;rZ51xI#LPToxzglAu5$^h1HTgvn5bvpesXCk-v_3kpP}E+ojFMfJHmz4 zBudJ|cB%umNHhyJ2QL}Ufq~*@{X+8s@6Fkik*zKD{u2|_Eph()5u)87>xhKjrB za@%IE8_JP5GS?~Rt9me}H5e_t`-C;133(WHS5xlo|A?c(ARjtfsj1oh|jzN;~9 zIf?>V#(Sddz5htuUD3Ci6IcS|%ehPy1^9N$VVmCGI+9I1p{0a6mA7|CtrIULhhwR2ac z9>GM*uuOypA?jrgTQ-LW`yP@1npkpHyI2trIApfC{|q27C{}j}vm`uI z+U6oLi}Z$1Qaj%;2bQgyVA2^Gs(Mapvwxxz>*HZ2-28^5V;7&{zBuT;HN4gBD~%2H z9UdFw!2DwpN&thQO|Uhx!=y1J=Qr-z;F$#Jg{7+X!OzL7(G!lq{3N(7X+C`TR~-hB zDwW#;3~jOlCmxpGdAKEGFs{=|*IweW%)-vWVY?GJ6?SGdx$VgX0@1m`zn;^19U*^Zz*>-+1K2&xf|3URI#NQ1Lb&2q!HP$3oc9X`Nq{;8SI`z zZZk%6rA02$d|Wzw6JOqageR(W!>M8jxqVwQzmj2wzAa2C_TDEKC_a36Q@gVizR7vE zb9%4_6-Nc&S_-$74V67;^{L%LIYuG-?BwLj2#yM%X2ox!h!>zi^u*gN=_0e`L@E7B z*PNI0eHwt%=N8}5^x?LSawU9y{7Hw;#C=;5+5)4Wm`xdHf5;1dsJ?T0s>fF(0q3gL zu3y45UCROxr1>pd>}-*h8-S7udMD1LFS3-ow|5mVyv)TX1$VM*K%tV>8rG_ z>&C2F@FgilHMNfo=mG88yGM^7JH`bT1GYNpMFL*1EvKJeK@|FF6(iZ-{+=ZkIDAU6?h;+L|sUMsBa27^wkY7V^fVILa_ zwidTyfv=Bn=x}pYu1sMBJP*zkZEUUz%me>(4VJwNk-_OPu zZ2CD=`{~vCB|si87nG3^Q^~`}r()8c$O{=g-`gY_-|a4W@AqJ#52ZIUZl zti$$Sl@+KPv^WT&$KObxyY;AMUdZ@USUiu6sz*tlwqn}Lqe2<-b%vn~)1~o2y5^=G zIwo^4fRW1V3yb(O0Q2Y8z?()#XQ8$7xMXBxP@|=gN_Hsjg9epB*heh{G6Zp!osl~b zR-pmXA%r%<;1)eo7fxfz6Lf|W6Npov1$i;fPY<3$6t4WyHegMO#F zHVjGZF0`m69=O-9PBcbFM6iKd=);cQaje>jf{4qU@v6|Rs9wzs%K~c1kY+;}@odw_ zYr9@u_dpRy5HER%ulzX_fF%D(cn{L{>V$sPwiUCKHxgu)r)2%&14kzypf+M`T*{+n zhjX@E9Zy2-Nr6L`d3%stUM_b0`0-`}L5GsjnDN__uO4Sykrsz%umQ7vjeQKn38=Y#5}&xS(clz{GFv<|x8nKzNg5TVjh& z6uEC%?Mf3=@=7A z)haC&>*ID%qd5_gV3;DC#O02Ic&ET}xH6S9SnkYGjs$-zclzdHT_?mV?SLx~Y1 zVWHw==w~c8QU>Im|F=4nzaw;8`?xP_BXuKbmdeq@_tlet+xM1h0S6P#Cohxof%j6d zA%+=27fJUI9b-Hg@!m=|yEm_IKgkWd))K{wLF^M&=1|kq^Al{9&9$1dy(fh-%@|W+H z#XoNE)F?{AW_%J0$Gm1Brn>VqoJ-JY7JR@ zf?22xAG}!_&I4g>)y9je&Kx*_qdpBJ9S~F?kMSA(y1WNFR?r1%;=%8#-Q3(-*~5cS<+aW<&S$!}IR~kP#{-2HQ>=eno+=;_$RxrXBze4N#{x>6`)u=cD_S=7 z*IL#4@)(i4rrn{;q4_21z(9#OoA=}1gTdU5CYFUo9c>{K3p{@_#10-cBX1VQ-w+P= z`7QhL0+!ph)ce9$c`f@%_=dAC8u{#va`&0Kk5(@ehVu+^lx9>aw-Wz^%jy8Rr~@j7 zfz}(uyCiy!D?k>Cl2t?#sdjd9tj>{#wCU#*tog-aCyN?rt(j|nq1p_F3klPa+NZWz zHSf84dUAIVKT;(I0KRmL)DY^UbnPv*4h)KLa#Mjb`ii+^Lc%)JXZe(NbVovOK8o?p z+qY=I$lhX;=Rk9yTIl58WDdx4AI6Fr$tfdem{Cb6Zsyyb4HUN1#uyOzF5U8uXs9M< zo}gw)2QSQ>?eGCu3`kpNNL7#kXv1a@b31oC?IxQDzytaL+Ts)Q1V6sNNpwUbtVOZ4 zP44t%j4#v+)6;Sr8@kl&D%Jl9hGFHU##!>|bQ?6oWN-4)@B2H%w-sVkAhj%eO}-`*0m$&Q5a;B*P?cgw7wky=PMb*ybvU z&9c-|>0iFw3D`M7^-R4kfHD&D8u09?>Nd?Pz_dly9vVqJ{rMaQ-1QY&aQ{;nRqaiQ z8Yxz&sbSZ`sW8{+GwHpG!gv0OED3pDOKN?=g%DCkok{xmA%NUK!V))kj1CUGf4$=r zq!huUwUl7Ad{-&7g{^#f!Sgqpd!6@GuHUO&BwGzo%=(NsQo3>E#fx1~{Ybz?4{Y9{ zI?@3FjeSe%Eo~n@z4T+my-GD&d-r^X4$|!Nh}sT9X7xx9-2j>V%i_M9JSi zd>t&Z3WYA@kEUOwA&Jj6Je(PfaHXyMN|TEdX&roLQw+IL4}17)whggWzrv({JKw?DdG(A4~ZYQap-uN@~NkDP?yIVR_Es;hJw>ANe zG=wr{A+lT!^+r&lBIGnq1f>MhB`>(IN3X;-a#5-TMUH~M-YEiGN2wkxu6S9**@GI*8tHxZ6EuD*>xw$fkC@BSW8cP zE+KccZsKeY|HFI}hsi*+#ceYA!yp&*an;D3CXud`XqB9O=TtFf*)SQ8?9`Izv&ldd zM9MBIT&9r-*Y?xh-wd=@+0qso&PLRe?V#IT3lbNI3$AZy$Rt&B-72d6)jhUb0xCUN zd&s&o>J|;6AoT3})9Te-(xvT58VS#pWG8osISA07Wc%ai6@UPr>-GNDArL9wJ!!PH zY^RMjfkv_zw%)}uOB}-}$CXk!Mbn#j-c`N5TFzJBFyH**s1|n~;h@TS-y5n(P`b6o zEG#V0sw+Z=@mw88$cIN9;ZeLMnJfMW%{N&z0VO{&yO3WRx4`1x!sc$KpzLOo&@v98 z2l4OvavP|aE&o|&fUQ3p{ibn_h@vMi;?I=MdGT6)GJx`{e4o%nTL4XLbHL(4I!b#{ z!fm4=&T;+~!!1Cd*8rkPtxkr=t}Xc>QMSANXg-jFuzQNitAMIM&sbipkT3x!w6RYu zlPwoShm?ZS@f+tdOO|2)*f^^)RxV}Go2WzZ;s!1<&j|OxvdB)gRV&|650RS^+rA6T z%z5FQs)}Ki9?SX5{@Y*a7P55?N*q>R{ivL`1YZrT5|yIvrtgwWHYp@2QwI*5m`+LjXJwI()QT5v!js;(z`L zjAE>)W4?NZA_GRO$(B_=0R15yDywoJ5O;U6YO@#N2GWgFHLa@Y>TmwS+?+V=?=#4c2h?Uq*DIy*kNrBcJ?Aj3@p9GKfzu0^0s4Baz zeG~&sFi?;-K}iAWGEll>(@0BqmkmlO-6-8#xa;OnNaxL*SgKd`3Rrv)K*Ko@fP!iCQ#XciIz1Y<)+t!VlL zhW7XOyHl<8VCj|ezqS$meq*jLBMcD!e8ZpQUKF%kHsx^wu05kp0lcot@SIzER)-)a z`?>Gizj?FR*~6r+Sn1|0<%|N^xf#{l5aKTmJknWgQ zY0(%zB4ERS?mQ_mk^a^#CByXsPX#8Dh@Xf1=I)b^L&OI^gQ}+k^~xkoKFze^!T1y+ z!!tq%4n0}RJDw|GPeE+`LE=WBS-qH zJgZ=s?f15<2`RUNp;Vpv!k;n!j!JFPYaRvsRrkAkZ|f@$-U6zbJnVTW1@sApr%yjk z{fNn+i*@P7JN5g0uz(75jy;-W_`J;^|v*Q zx%vbSg2fi`*E! zeC^C?*1x=_}^S7~k_T8%L8f{V?%{VO| zGHP$}z^DPwPSjvBYmLS{57CE2IEUG^GuaQJApxYpPIBz_{XZ8#Y3P3X-r_r%JRYS` zMIU*EPM4s(P5Q7v7p8uD9|RBgPYBa=f&buaA)1JUNM_PFR!5JjEQk1K&iF^e^Sy?V z$htcCk}1;DYV&Z>@+KQPy+P@vu{!F-UT_$<4^^ShO^|NRA}EC(2Od6N10P(vm92*O zJ=4`}AGVYO(k5fgvheHiL6?Y)Y*Kd>)rGvOEZ-D8lrfoY@u_c=#+u2?k3Y&Lv^_Zy z+SVqEWF~O(kJ7_$mkDWDAIb>ww5cH6S71!HHd(UPsK1!to_G&LOyk*(Bm~Q@_a#G+ zNV0zoJ@DqMfedHT-<5`h{-E{}D5N!uvjf=~f z3B5u4yLJJs!fig*5)Co`U5f*L{Nr6p3H5%UcK!XjUx@{QMSqo$#{Q0wA>+TR)0(6u znNe?*1l;E?J@_k)zQpZE&ef79kar>IkNWrigW#BOjqLx_r+tX}UqxfiygV(sA3Y9t z;}4eC6HImu!%L<5(K(=;Kb#c?)#{%Y&-3uV!r#;H`J*TuIqKp`rzty!8!m3>V%F5K zPd-(;=lHvDFeTwUc@ma6l;F3fC=Zme>um5Xu(8|y@z;7n4-Qv$TbIgQ~YT0=PF{OjMFAXG%GqJ8q zav&@)>qOe+5C?d>{wlvMQ2*^dxW!y@AE{OxHj|n6)6ngDDFsQT?YLo8#X4Rwi65dq zyxHHyF|e|NIZHJ(IVs;d!NH}b$&;Ip?%$-Por`fCYTw&l$F}e-bN}!JqFu$#Tt?xx zmeVLc0C~Mks<3^9X6?b-8g11749N3n2L@f6P3xS@F~j%24HOU= z=*o0B;7;_PYy5x;8YdFDWn6FhamVT@VOB43M)vXohR;XZv=`HGng4)>%163q_gH$` zhbU|5>7C8R4A^liwx^;BN5TPc@$(p{WE(-omqL7Mk0hOxTnKuap?4&Znt}@?dg&1#i6D57(aWMH{Z6KiHZD$ zPCs2%cI8cwV!GlTDoUUDQ_ij&PwTiid;l3M@Bk1hkvPTJwX0X}LqGltQ-XGt zN1-!<=0aO(W@EOq&^YkY`ST-p6>EVkaT%--PSCiuab}rfvWe`;In7dGAViJljl0uB zBxJh(u2Y^-<=P3D;J}4Q0yB~RWP~vXXnq^~aFed)OHZ1D2w)tufs4Ej3(tJ!-~F@B zIwsO4ieDLB#IF4scR_n{Y@_yA!j;mxs7%!IQX_j9)0>i(t-|T}Ksgo<_3Ss24|$tA z4hMVAn&nP%%N4lTn)8HZj>`_=!ydQahH1HoLF3r*c32|ZOYZ?f&wq=>zy57?b_1$QQSu$uxS*apjuzrk^L;w4EAgf6Mr=d^)%yK|=vb$7Ps6hSEUPxF*}5 zl1KiWz{ZElt+6x6bVHtuPUGL}Ik3*qvjMY2j2DeZI5Vx$;;MNM(4Kf~leGY89au?$ zO8xDvzw5JQ^4*^S+and>xR&^y9CKTjvGNW~7bKU2))mqmfxa5TmdJ?=-prpp*x&8W zQs)|wJ(In%xfu#7H1lW5f4=%Ey11LQ1a1+LZvYk@48PHn_Y2@>EX-A&vtE&xb$@4j zcz9o$h#Re0eh4P#oKse&IMl6=r(6ZP-7IiF3af~Ti3`A`NeQi`nIs+}4chqs8GWZK%z2rSh0b|6EV8l7+n_QsmLA z<|ZN{bAiUbRwKVg5UlkpgNx8hyP9;~N0NU%Fq%MSoiTJ$vBBk*Z;E||H`SK-tpEx6$boK1w8HESaB$p&LJREuq7#@1Gptd$6>vPb%|KwJ0_m7?46yBP8)Frv ze}?MAO)gN1vr7LkUasO(Mf+2lM}zGt@|tjU=GYARmmf>9Ty}lsnsDoXw_CxRxcT25 zE5JO4=syJI|7Vsg|2snP32_^Zq^1xgJ*fX@`c-biPw9#!xz;wZ_x~ANd^rbQoBu0m z$=~Vv=f3f-a!odUN&ox9-+xWe{y%n`|FewrpQi@Pm{a<1U_0##{b_Q#L7RVe9N7;g z7ZK?NH;VJGp#Qt&n#lqK+T!mVwo1_Ob7#%`yC?s>*Z*l^_@6o0|3^Int{wwm5p*4h z)+y)Y_s(Z!-_g(hI`!aLaE^VzTjOm}xIe}HwPnD^f}Ld024Nim5fJecQ3+=H>p%jalqwjE)sOKvy0B@2NVifbjeI~w z+C5uUwa6h046qVg1^2sDUPq-~Ezta>_2(Ma;`gp#;CYkXAbMB6;IhP#Ffz&?B9J{4 zR2e(o>=Y-!(wOFYu)P`?rkD7%Ox2vNmF{1XYb&c0h+qpORn^s0`L@$Udfib?AVL`$ z5(J!-i-gCjAU4GHnj`STnn6mgVpn4`_u8pU448yKM7Rl5ab=h7$uN$mU!Q|}78M}f zi@jewRfTX--SxTroP)mnM=&Wv`iW3CUe7RG(v!EsVy?dQSnt;I}3Va zP>>+bAO9xp-od&n(#b^MRrc~(GaW#}nZ*gf_T;CfsSsHn$mT2=TZlpC-ktl{)~i?) z)Z-=xd)u&guqi{0QIxhv=@pG#Z9r6r`xP#8kjTNn>Okk>A9?)a68h#{RMB(nld4s% z*!|{yqC8hL8NP%EpUmXDaV82}VxFtpVCL>Z)1&Dhd$d(lHz3K06!NSrb(qZr5gu|G z0MyNa$@rCwDTZxUqM($Zad_g`re+r7mT2?@D%lr8?4^qr<0Cmt=vi5D4$lBa!*+gq zjA(EXL{kg_aIy2dsZ;LjQpwodwchan)A>Sk09ivjh^7Jr_hgUl;F{YRMT=>H|L?xD z@$n{LjELq546%1cy=XSJfK=`zF95Vf*mC@WZ2iDU3HAhiz9;bAc1AILx9H3n>56U4 z2u_?pKH6nrwZSiMoc24~92E#VdpvA!&Q4CxfY5?q{W(oiK{2)#(CST=cGm_4US~Za zg(A=t5s8pQShl#Nc*i6|m|xyRBp^`pFHX3aj@J{`$MdrY6=}j#8gcjnBov^Hrdf@C z+gZeDYkGVWq=RnjtRF@jBf(Oc3VcI7YhFko6<`kSY&eU8x&xUF9OJLfX?UD$RxJn7 z?xnNaJVazPG|)BNdjv3QPmW$gzCEaVL!#(eYU4EhCd+IN=aj7g%`XGu>wrR*T7eyI zvnh!#KdP!6Jjn#V*~WS?{vX= zAet|e{``osamzvX$>`v?vAa+kGBcXRAt0*=jk_Yk?*|6|GtdD3(=!NPgxFeoPsW? zZysV|yR+IrgFH9bkYhndYTod@c$K)TP?JxufHEj7;OBsnhj|$=3lL#7fLxtz7*=yr3W*eK>c2fU9+XMX)G!VYXi>oXll#SchgL$*2l#> zYXht{W5b?^R}+HS3NdLU7STy}!O;8`rFb45)X#0pd%Ulin4REm<>QC;w~l796>BGr zGcaAqS>1}sxlB?Kt?UGG0Kz6HT>I<)_&J z7lL?#=1&Xvf#d|y0tSSz8P*AJ3oVGkn05s;NmBZv(-FNe$3;BvqSFVA?{@!|PItm?|b6Y0QQjZKCW=Ax-QXUknM*Sq28a$jBvbWd* z3$ImsZSeMG{(457ukUkjbf+O_{u|%7l7KuJJL!igGAF; z$qagPp)Bf#yMj5fT#k#sj5G8WO&lOL7aF(J%e2nzHuJXTrzzYL1Ecb$HK$h7e{BKK zSOqChnNrmQcj&^-_jB~1C8);m5tnEXb*f8#2JLQvS>Lj1=p7$!AYjgSRcflo@LN9w zj*VO=t)F=g4+^CCh>lQPv^XAEBcS0lUi!sTIA2rmM{WWQTi!4Sg&PS@aTTC*=*t#* z#g~ss_M@O`I)Zn9C`5bw11!bnP?jL5M1bv-NkB+3(^_@V0o-k>IRg^9)=b8{D=yLv zae1XI5$%=@3$<&SC7!p+aOPA~+3+xtc5q-&5Ym8>f?laPAENqpOp(mlCn~6-DfifS zK}5YrJKvTM!qzaJo?GW6(|=G|{g&`BE2H(*xw)B-H-J9jnmjKAmL#!mW7Y$%`G@;H z<#bgsDH;MpY-LM%mgB&xYhH0-NLYV$7MIA*XE~Uu;ZNhSr3I7Aq~7mO2? zm4in55SqGOp#JQNceWkCi5U*NLZ8oGNh<(ZkHrY*90C|3$4B;Y7<(~CT>%jB#=1|b zQgMILPIv;EKg&u)OHi@b;loRDc~aI9uw9UdcCC!wn3z|W2Q^R+l<+sj5Yg`wKR0A9 zayYMDBBT*~2z@x|B0({id`oSFpBtDMTj63{?;CM?X@pxp2^uWWN=XBl%Zs((@DxZw zJ5&Cpyo`m1Y1-3&wN zhtRg*nAWRkQ=sMpRnIKiOwTo!e&P(y&Q z4jY5$%OnE=w8+(IQKII150mAt zDQF%E-pX2Ur!~e)R0E~sc$3(Tu6HM!tAia&ql%fHCg=(MfkPICeBQN3T5U*;-2qt+ zX!Yt6dD@+= zAYwoFD-GI)NC__A&(Y?^ZUpU0%Py$(kzWOmxXzMr+lbJ{H%{`<0IHV>{{-T|jK2ih zd(YaQ!ahP?*uewwr#A5>{LnPeECJCL7~ij`iJXPm4S#gG50(K}XVPVP@D8x+RqJ6k%>d7rHVxsng}3(8?r?+M+>1B2M*`S z=<>Lo4GmQ5+H83bqWjz%e|Yd2(uFQJ?K8kd+zFyH?)r{FI1H?M4JKPF7w9#59|8Xn z$y$L%P0pt8oh%iX4Q-9tdGxdi(DZm1r-2FXzA@^BTny4+22`%QwrE({t=zPN+DHUQ zg@Vz}=5Q4Qa$ZDKT|n!*=ds5v(3=tfbb7kM9UM3qKws=3kd-3&o!@J@Y#YGw7-HZQ zV6**#cp`hxA=YNnsd=unwaKNTJI!|54x=6sL*uIuc zHCVd|9J)tPw_vI zf}4efMJi$~8#zV>5qyE;$J~LIz~w^AxU3e$F-LddF|-7e%_-*rqZ9)&BSIakS#uF; zQy;GnKph@Awoy-EDH_N`%ndv?nB#WZxZN(0Sz~GL-iQ8|waZEukPx9q5PB0@!7+$5 zz@#VLATxOfOOXo8yT9By54LrE@RtIKJ!sK@Z1K~tTPa=`4%i)jkklM32iC#hI{Kx* z&@=_ajH#{x)bGIoB{qK%iD(WBy2} z1nGbxqRdVP^jW1MV5Dz^=d59w(zHVl0+&R5HTXIG;9iniG)q%~V{OBrD9Tr8iHZ|+ z?^>+fz1iPx-pI=@18`PXzOe!#S^~(n)asyIIlDNtm{IJbQOgWeMc~m~fTX~PqV}B7 zo~S`naAW=gAgMbCyZ8uvT)aAtkiNmwS`?q4r+dwyd2(uMY9o4na&q!Z%x}Io6g@CK zc=SFVo9BJ?^5w=hsdl{a2J}l}5U}Ax2+$j$fqWUEZSCzJL$pubma^K&x_}-+V*Y$-jn@rDcsN-1d^E4) zY$1WD7eo@iTdhJJ3?)%T$B{sK2##!+tCj z={>>8#MB|V08A@ECe>VFCbj%FuHhdF!ykmLft} zv>%L)>J(Bt+)M**(9YBPv)IJ}neloVSuk7xN$;IHVUdBkiAz9@so=Cpgcd;xWLffX zD@ZX1q_Ip05Au5TzV<3rU>;ZQJe+EmCcopj!dOf}ra0GD8PkK-wk*>&``JAM zIxE5L4R-8Ip8{NDcbiU)-NbhtuOXb~t+YJkSoF(GVRI!2%`!Ksr|to4?Nh>(xO!uxgEfcyQ;Lc@g1L`+l>dA z>a`u*;y=SwETjpyu&^*0ibt4Ja7=gbVk;gOl!t#Rc2&d@!p+^?uR9t@az%)7AJ_?* z@9ve_EhU1OA4n*?du>HweK`?8S(GuYKhX))7020-&ozor{=kBt`y+o1^Su9@KKa%* zc*`q-Vhzg9pvBqu$gJ0?c@nwajhgFE%BzeNP=ELCosF$+b3PnUkbv-kAs#4k-TfNM z4g4o+P2Y-eodJjX=4J)peW?nr8fY3>tq2e`i~x0zUi;~2zbWh_m% z@VMF7&>(WTDGVtSFS3*IF1v)RuICM^BeKzQ_i}_Q4i4jC(V0R(3e(ZiLBh*GzRqoA zVs0NEq`=^5ikBT8{gwK|zi2@N7s99{4wzcdLUs{+J?v(-8+%V#Qfzn-;cSJ73?`yjzf+$^g==C^7Uzyg?lWpYHy8P*%U^e)JCeDi_Z5E zM&fI1$EDC9B1#KTzi7n!IQymZ9*(dwQTBb=_o&lWQ<}x z#DUG9y1O)=?KteJO+4(}pz<@#$M}&^Ftd^xiO;PD!DAXiFp&gso~@<;NgzPSlK|>* zn}C-+#H|x|6gu2JU=JS2#|gW(`2X~Esed03fC0O*&tOmtW+pu(8YxtRvC7#hpU=Qn z(^>Cl0;*}mmMcNT5tO;l4i7x@xw6!sf~Fkwd+`qhFAuN9A61;)X^Ds^ATcXu-j;?|R;H z1;x+K?=rsweUa(3G^DeAqlwDpPNxP(XVaj$(FFY~AS=t++2uoXgBBDmUSWt8{2H4c zTf_ux8Yifo?n`*6ro$P6ilBc)si@S~2$#ltfD!!3lU>PvQ5yr6RcT-ibNa5Y@#1ON zIR|Z*E8hE6q}B&U!c{3~!nW=p8>cskI; z%)xRR@HnMOdL@8zgY@Dac;s4-KLICs+d?{FSh18YD+3UDp&BA9<5|lFMmK`9LTQfl z2WzHL&}sF;8H9A_L_|i;$!Z(Z^(oAZ%>J{DVZDue>c7S3kuz+|1t$9V{O^5px zRM~xV-Dotj)&M64%?PkS5hGA7ck{$haBxD-hfI?2MCAPJjAbBMk$QLRo=KM|q&RKJ zCJ$g#Uu>x~9PI@hX~oaFk1KZiMeUb59z!5%xl00FEDLStJ47WQkVd46FgG2x1bXsN zEQsM2c!J5>+1Vu{37HMs+t`rIB?-gLGB$8s&{2)Bo;(P_R`xZ%|zFB zbwqU2y$ZeG*e?}W&I0ITr<<^K^XZsYA-1ELCl5=c~$ zDP*&z1a84deF8-7HjsK!RwCI!A|h()&Y**X1ux?k`ph%N=e!LdR1ZFjeewtSES9jg zCg0dQoCR7x!msDh-Le8$Q2P`rJ5{}C7ZLp;%K@|wh|Sw)u;OcPy3DY#4X3aDVOESL6AWB)N`$%RDtQCROyDVrz9r-ZmbT;#oA~*AYFBf8C9u*XN7`k zjGO^s-dFlKhR;zBczb@`W>DWvf*u1Qfr3l|Ni=xldL-mzWd%TU_zcnowv^=3Uxd?u z!5~*_j^@#JzvYN~h}<=cMCh}|z`97*@nic}$W5Y^0`oygK}fw(PQtt=_UeQH8W87H z^8p7iG7C(k+&#M%1e}+7D3Q9swdgY}NL5CX0n$SR^FwP332aXU)%UF>0w|FVL%d_q zcoF$556x1=Go%NJpC4(rzc|*?K;}5vdk+{fA%go8#0XcIUM({m*&IR`l%K)o0R5y= zrU8IlQ2k3o0|A+F{Jy zmQ@Gopcl9f8H^HI?nY;>Nq5HlkUtd+9H+p3*L^09tsvxrK=Xoudr4w!DcOX$ac|-c zDI%a^+MgsXFdcXzBZU1ee*u%a#|SvMxqK+XVbY@*KrH}0JLv&lq1_DyM80!Nd@J2@ z7#v}26;5euBZf^-J49}69)EMN^6Kqb>UiSA15=FxiKY-HI@r0Pegiy6sFL2>IO!L9a0{wvsB6g z2z68J$dMNa`wsa-<7!~Pgn(G@CH^o}I^umzc3JXC?*Yxo9<6yhyLf7Ra(X%i{5Jo1 z9?7ebtm*{_B!`Dz`MEW6>=vETUP9_4t1tZg{K2|xY4Be;y)QtegjCW9E!&5LxeFnr zynBM&9gbQ+pDiM{n{XP;%aNnmT+JbWC8Xd)1Pfh|QElw><{;(A$hAkldE$Yw&^m)m zzJrgL&IC}Qx%IY3u*{0gRO5KCWD}1iLK)>Cvik-B0FiV{A{3dGK;$bDaL&`MJ56}y z?)@_)j8?qbT8L^Hmm=Ny=$uey)!~6Ux?(duSu&PU!XzD_RJ}~*5+}3%GH6f;?(2s_ zwvDWA7kiM=fY=MP31J+oG4CLIWNBNRQT{$}j)P9`Z4M44I0??P)S@b@Ml_DsUL3Tv zvJq?^011KNRKh)%joU~^p{Z;c{BjHP(6Ah_Bq=(Q-uPF7nyQwrW-U<_hjKrsU4- zlzpu1UUT`|RIl3K$v~F(l7I^@za~@JsP4CK-!4&;Bm*hSWOIQ9+r+>EO4;qXzPzv@ zr*$U4DD+iemCVXhegYK`0&9u~-~J3mI0HW;V~uIy4<~5w!2w?g`OXrW62_g$h&kd5 z`+453W@)6kJ7MVzQysdwAfW7;-M~TZzm{6=fncV#lcg*S zsxdUtjV;a$P=RIQxTI(mLd6`EF|IB7VM@#*4+KdkuzKJyNe({oBKEhgJwP@VM9)zK z6uQF$MMSFvu{a2Db6Tm$%#>IcwZnyBa1?e`5@JzHL~0xvs4kK^`sKji2OOkS5K(Za zj9_~l=#C*cW`I<(zB@Un4;P!U8nMviV||6o$6Y9ls}Vdfz&uoBTwlWrX$V69s6A6P zE>&uvuwHi}7s^WPY^Ml7*~(CuGHaG50tdffGVcMk$iQQd$H;@fuN92a)Bbbd)Ee(! z3X3xkzuFTWX-)dpCK0%HuB-8|(P*2h;rn8BcP}b-iHFD^u+n^!Zu;&_C5aczb~W#! z5I+>)!O3s0O(I^y`@lztmi)-l=I~Lw9RdE4*Dtf$Yey#Rqf^#G^NbQUFriF{aS*fw zbs6iKzOo*5-JlFRS6g3i0+Md*G>zvoSoJPO9XIXg9pZBSo&{y`qMUrUDdYF7#k>E& z3M3?1>SfAE(n3rpJ%a?f{T)KzZoFSNftNPJ!%TBGLQ?I^(-)fyeHj=niZtK}gP!2u zURT33z-R1mci0H*|J!$$Wp1$&eNPbeZ$1G|Zuz=(;^u>eQURNb3{WEI{XMkd&#zAe zLY86D++(g*z+$^@Q_q6I}m|8hAJAC!A4b3+tL^v+h5bbN^HF-~TJAoaRvxljvIFSed_99kC?78bVCge2B&Z?)me zz~UCHB=8pMl6qJ_!VLu9|9F*JXfTr=>`e>Jhwg8;dcJL*>|i=``PI1h|MHqC-R_J# zI9@c6r9S0QwwfZeFIL2;c-H^Me|+Ng>+$nrAbtA=J91YY-g9=NmJ#?-p7exYwKZJa zf4uB8DS7QgH4}-SRS5n2hpm0i8ox+F8Y|rHQC2$lR>8u0jL%s_$8j#@_O&^}NfJ6k ze$zKe)k)d$6wi~Y-<;^7I_0$Q6!Xs8JC((@L_;NiM&vd#vpnieVoKAs>%#y6CNOuL z${(U3Xuv*?B|qt!PI*0^!mnoZt2^%J!NJJr7u_b^S*@x; zOc)>12D#ri89#LGXq|kn$z;Z_F-5NR#*UG1++V1WyMNQgk ztPZC38n(yNR8N*(G|R~5ayhUpQ2WS>jeXv*MklN3HwOo6erBlgR?998C^V-dD6XXU z#7KTu4O;BhqA%F@&CYQ-=--sXq_JS5(>yN>x07iav3ihYol$CuTzI}8<89#v?eKai zo7^i6TVu19F6Il;P&#H2bd8N&N1xLW=E_Y@ruC)dxp<7=?APZ{V$Ytb zT_rfeDO_QWTPkXkUEcptUR-<<;Qrd(6GUU3H$+y)>0-a8D=}0Yq-w@Qypsu_3_-&l zJl8`Ey|xP%0T~yIzvfFC=!z67qi)enm`n7evBd;`)=Cv0~C6>$PX zlL^Nh=CCsi%8Vjz8kB+pHkW9WFnD+e>q4VzXgvW z=J~DJj|shHMUt_4SF5`Uva$%FL*}hfRr2XPLnzC7x|j0f$M`+^MxzCo!>c&epqQjH z{66n}0~;=5xMcBUKba;IDi0KxhL!d=1CM>Bq3G~tt5ik(oW1-&gFc(ie9v&R{a67n zJF$X-0;~O;BKAYqxyi{ac1luj@16JXi0Q2E-#RU&r*{M4(rZ+@kpVzc587K0L>tb$ z9ELthz{{6M?{RWAnO7d}FDIm>iJ?g3EOXVedSNKSBO}w*m#nzIK$WO(g#PGR+Y)zp z8+Pz7t~mAQ(*e1(QBp-TzaR7kEVZp2_knX$2wq{D-U+=ms*l|Eg^!A2E|hip5f?fn z`uoVEM%!|fec$=4oQ_POh=Zk@>V5ZS-PDh8yDJXKlDFg3$qy9s~DTUPR?9e0n#>U2?5)wfM zH*ej#CLjPdW{V-s3l4mhX2u^6iIncz`}z6R0U|ZA17)hNi3vS4r0;|omuN7X4Q#S` z?9~zj|LrLMbYN_(Kh>>)Ne7{=(Q}j5dU|@SmP7pa`pg7_N{*Kr;>oJ*oW>j3KX#&` z(vfwoGfpt=%uTnI>gA)c^QT_TAIAg4{Rup!^z`%zHl}t*Ha2QZ0RvWs-N=Iis7bx~ z)~`z6d%Jv$bXTO{XE~ar?KFyEds-SFe-sQH*^WeTnx=C0mK7I^hFw#<$wWM0f_b-= zpQAB%Aj=k!P9}j4p}5ZNe~eykCRsA#rKS74`r0rV8QB$HyW21*NAR+;vYfyyFb90W zfN0rlj)#Qpz}*X2+OXy~dwbeC+wbG93NlL*KrOv^1VkLc4Rg?+-#ZbuDYiO z{~vgL?gfhmT?D!`1#ad7el3r)669!U3#4kh3UyBpzGR~y^6Ys#+p1!R?Fx+<({mXt z^q08J)9Z`h>2=*k7L)L-V8|q*fBn3@EE)^JTz@y!+_;N~zCE;uomsQ0U3#9ufBzew zlnuR(wSToVOQ!h%S*zOWoOYx=rbnA*6;nCqaVK&{47&8 z4OgT_`?8q!z&|4t-P5QYr_@Z?b=brt{i8+TWwI^lhm!q#lt2MSld7T1_R_qq`25F` z{dcZ^oVI4+^BDWftshqftL}ASnhhYFcXM!D;V`*JNpu1Vx_9=@^Q&pJrV9mD zkB&FI;r*n1d%Xx(YnMhT`_9{C$n&7V);qwbbAL^O+kP$)L!%*k;ACcM`Un;o9Nd{vq-1+W%2njSbo<} z5Y~noB;>d$Q_>D!c=xLHmR@siyEo;%^PvQ!w0?JIlQEjR{bZU~&*63T4YcXSdog zzi|FlfbWjz-NlT-oqz^NKLG*?CIL$K1Uz-()kHXS9ka4f~3c! zqA76tSk*_X0drAF$>6+ius)v@N$Km~gnihJK=U0-Z^5)Rc(W@~@xCrgN!;4=;8g4{ zCBMVujt`p`TXSTSMbWWi1a_J%eh{e>a&j)1oA0!SuDE&am4#`YzVr19*A@K7>GmWT z8N$HhdG&+&fMl&eTDL;+^q9=~G>7yl$b;JS^E8$CMZP?Es7tSF{=D@ien8`nT9$IA z+BW+o%f9psigBJ)7Vt=}lkwb1+;h~`y-q6`J%c@nh>c}_HTFi`vf^??giIr=+RrPc z`i=6MS2xdjY(3H>8;-S)bJLc6l~gx<#N0utY|vl*#JMLnHa3{u@yX`3{Z+L}8K=WH z{UZ2$pGZhaXQwO=H@?duyN~Oz>-S}k1FQQ<2Uq#{D1eHM)COr^j-zD+X6pwY&!14R1gYeeyHD|8;^N;7 zPpDa)IHsvO{aK%a*T52YTI+j^&^HF|%L#z%_*h%r>@%3-A!^3eKLc|8lR`YAcU3)6?vA zrs>3|7b+Zd)P?J$veS3egKxc5!W)?$uA&NBE?!Iea@({!+R53!u|^7+dnJCMoTib3 zv-L%*)+>c%l0mA?-k<>xID&iK}CX(`066q ze%i2t6*uC$%g8Ej@#$O@d=c^i|Yqvk%cw)>RGeR*=P~$M<2OB12 z*$?3ozj*d3`G;Ge$`-o%h<D@-hGYb-k^*+tYCOr)%Lv$)ed|?ID9jgQo(Gr$#>@1IY@f;z z(hDn$XwXuur(M4+4|8vo-8k5yl?pO!Rzx18tSv<>Qvv%YJGv*F7q-}6;Jt= zLmyP%eHQkVtl(6zwWvf{3=c15#&oSKmZ5s7@p!twKxh5AP-KZd7OoJH^z2iQD0c`p zYgpJ_#znMeLf%EOwvMKM+B9i1I-3%=)+Aa8b9$TVMLRC<^O_RM+$J=LPTI-9s#!D4 zD@)yzremAuo1g4U{O2dhf6DES|MYNAmO%Y{B*)edfNB&=aNFC8$+-2oRjT0>vZ2)3MrjTkCO$zNx9%Ua5F1t%rN9PS|dg zH6)pOP+s1?efukz{!QG=5Uxmq!9?oG_0~iBM4?N^Kxy!;v>e-8VoTSc^k-pOMDjX( z`9Ygx*#45v`+@#$gtO5-`QX{xeha&`?<{>O7A_yx3syDj`tpEn<=a6Lg*EG_lbIT$ zbZ@`GNZ9v#bVr}~vUU6{XICT8?2ECet^4&-SnBC1{s)5AtVLg!7W!LIs%n)@Y!@%H z%936&JnZoM{@_@}QMDiKqs69)VgwWdPPp^=g^o?1Djqecv2Oc|!h~;hAqnoYQ@Cho zA;i>tCduF7XK-L=T#l1L<9c0ugo(T)ahd_{IOqH4f=r8DAMp)1OZeHYpM`18W;%4o zm5)S{CjHF$4#TS(7*xS@i0<9TlOyQYjh|?B;4Vr(G2oRxz3DWk-xa3N@c45<1u;x| zL3G}Qf`F4R`Z3<^Joq=l_e%$4Uf(yr`0TyR;=P#uN+Kc5@duQ+;0h{NqBsl{-*_D{ zTaEUb6*024`;y8y8Az1Dinxeth9uL5#+=XRQ{788^)>~+9TNp@^LYP9EA2u*;hx>L zbI+=D=X%b*T`Z>{V~K5}a%~-5x1sRF_;|atLMmC2{A}?KBxFF-!bLt*1Q>#eIO@vJ z>%?a>y5Dc)TV4}nW`2s-U$wu>E-EVe6$-nwjH7EPOn&}7vgf!(RUG!aBxnC|yj!>U zzC5kgLxnt;H@QSgs8%OGwLd<1Ua=|ieMvMWbgabqTJZ^E^Tigw7c=GWVP zV$7a9lnvg!p$D7HMT;_~3EyzF!BZDI4AU?5o#&dEZuYRabX>R#1)n(@#h!eF&(%-z z2M07>1{c!bxn|_%UWC$p1Wme{XKo>yQq(KaEex(^8>D<94~T7C_3s8UAf%8B3} zJ!iR?=pH4Qr@zBBG3nB% zO{%Ii@h57C%WY^Lr`&oRh`KAQeOYo>OJZ=5?sFT#U{7Y;%{-a+SJ{zic}KzZ8*=5i zz{0AD7Md5YV$*ySa!m|AXvpA%SedfaNIzay$ZyA0ZYn`>bn&ie3o2@}usGa`C+5p$ z2%qQc(mNNnM@?Pi?0Ivas$?ls3VHmRzVxZ`_^z)9KvH+1>47#L03?%yY3D+u8D}tR zPqk=BpAF_aD)!mK_6J-vRL@=_`P;HE&Gwx(ZVQj(6nVe*gn2|(%pI@zpMEm)bH z{$_f20k|KUN(5O;9n$t`1o+>clEiJV(>xCPImNMPsi{dtE_C?I=+jNCXLSofZ;%U{ z=rh{~pP7j#Q$+l=Iv4zetIsPWp<903qs(&+6g@u0GU|8Is=#gS6kHV?&3c2AlLQ1o zj|bBfp0g=&@y8u2wAimeebTg?+pl`0}sU_f)wxi2GhJKRjU`+1q24L;-o z2Dg=eCgCk%VDldS>up}6to!zt9ym4|)xEhF^Eowx_f|qE`ng~`X@2LObYX%*h@U=_6oaqkqQ`{tT&+rA!UC89EYtSEft`i*aRc!lelsze0~(nUW+ zrzGw!x-!`p#ihDo_wUzkItTc#ko8W^M_%1Kh{-bb3J5T=4lQc{hfy;bi7KYt5clF)<1QWk$n-Gm7w)&|_JH+YhR~ zbss-v{EDY8d{?Va%bq=6uwjP%Wz}r>lE}QTDqOX_=YA*4C^*#dtk7rmLu|oF4W1 z#}>L#ux0r9P7)nQTxiYceS0aXHkz0D+@ItBYj-D9 z#~Gf+p}Pd>2`6*;l1|m%$uirFWLAhVxd+>HO?-|03kMSlB`V7!{Ma`6X8HN!t%^mk zdpmhJCY;SCK4R3mY|$lUJBLOSbU=NZtDP3M2#pF|*eJD*xTl|3rhb_x&E>IOPgWus z-SBeu(S_NFY#YdqdsiHS7Azf7C@6+3I)e2X!#68JVIx<3;$8(cvzF7eI1Puca`MVO z6Ojbd>pM?AjVJs2AlSG#L)j9QlmF^BKFx-xVw9> zJ4reZXlY$QoYOZ;+M?mTDSXX`AyO1vc#(_<_zvmf6=hS@rW$~#`&D3EG%!3<<{iz^ zXCvMPRxLlGxMac>kmL_w9ky3-JNs|BJdDeVMVa(7_a57H@fL8Rf4j|;$ zU=wE!mv&2OSvLAU5ka_u_RQ+QpZ8`p04JVY86OWJgQiPWxDuAn$4{AmZw(tyYv135 z{ago=tyxNTwtF`?6|GWYQeaU!-_z4$LASL=cjwM2BwhaDKB0p&evocKoexPy)HT4B zi?KcG_SI{;5j&M%j60vGT5_}z;W;e*dI$LZd2NsFTX-YQELF8&S>p}twe+aBwY%sr zis$GfN^WhC(WW!BysPn2jgw6OyK4AM-9Ei2FIiyLQ!uULoFOeI6 zgN#wMF}-fXh;ggFxVkj$0C1a+RaS{hdsTuKUo1{H!sfB6?Nb(ulk%*82^V7KR(488 zz-dyX{D83n*Drbr**Y6w*wc*wbcyI==;b|Fc;V#c)_<${ z+5F5#B(p8Dy#IhbUy8q&niK(EWWOk2EQ~3*;3nlB6-${_MnExa@vTOoDt&;qBk0y$ zkMB&SX3oP`xUL{KX+D~PCb$Uq_apKW(*T|AuJHs5CD~oRNGSBw!~A**qQZ|Vm7)8G zNiN6M&he~zzhBWVg1b0YxLnW^B*7Ijl&ei=N%)JFvm20>D zO$exfY(z>x6jW5YQA(6BkPs1RRJub#T2KTjkp?BDg+(pEMJt^mB_Q41UEh2}-R^VV z_dDnRjr0G;*<v`^b&TIaz>t>|!KU2v)rq|%PdU@<~%zTn|dt6@MIh0h) zH2D-vxAY)M;zD0GxlwiwGPk^3uXv$Wh=qbM4xePs<~-_Z^F%*$&-7{nzYz7nhx^PW zmmgyso!K=m8(~U9L8FnlS$hm-D`aF$KGo0|a+q}UY&!Oj*51uOBif(l)0VPcGw)_{ z=MH8#S@{bNT8zV*mxSg#F7A2!P4x-@u94Y>vZ+Sjm7t)R*Q-!Qeap7?W?7!Qcu_c_ zn2pM&kdBy`7-L1oPC7w=1!tuO)Q7TYJRf3JE#7*VOue1#LY9M_YS}sZ5X9sn_6jHZ zhM-y~h`+ANa~?ZHb9SY4e^fKmq^EwV0PD%HvWm({KFSl1DwlM!KY+P`VYkmA_>E_V zs5NGqDSC$*DWe=Uxt=DnD)uLR{ra^?H}8awmxU7u*BFx!7Uk4P@?`?iomeGmc+mvz ztt$08xIaithksdRkzN1-^go)0F96c2sfhm(8wO-0AJ}FL;Bc(ZVB~GD6eFd-;)7oS zgHq#~=ISxGYwC>Nqe#i6T~Hc=@y~==9=InTWDanGP>mb)Y#GvLmvAF)Ei@~{R z3gTyy(m+FF4eW7NsOWNUZ?bJ;K{b>S%vA;_-?Z8}m*4p8<0Z}?wTf1Rpw_dcE*r1tvl;5&FOwn*={|I}3}f1}eRg4pp;CxC};0 zKY#k<=DgNE{s%R%m0hwmGi~2luY~pHaKtt&7tT2(z51573Y{OMHHzDEV@SKpmHKB) zV8|<`N6Cnh&(tJaRfjp2MpvEvo6$SgfG^fwBV6 zU#3-d-HyBNooJjaL6tf)$k$d6PGS-n+?h_J;68=95SOdx7BLJg`9*i!b|aGgxgxHl zGmU1{PcJ{Sz*+!Bg9aDjBTOxKj9&c4Bre=wz|yvvBZbA6;anO;&oKeHOr8J*oi{uz zS7_n(e(iMjVELKkt>kF&Mcx-5z4Wkm4u|@;yOp|704@N!AUm9!dQe)yf0bfUBHL4G zt3OtEv)yBVyi32Id~*LobK2jpb1^*;6 zem#vi=a>HqGhfGZI!>CjCf~n&_#tdi8EdKX7svEZ&TPx z<~F2%Kgd=p7}4wZ`@#KS`Yr&t?YeyuLPEl=@bA2YeuRl!zaNG_0BYGU;TN$6p}lXJ|96R zYdnNC;+eISmVtRnn*E)Rm0qxUHQ05$B9TQuv>3c;9jNi=Q+xyMAM)iBv-xRhriPvI z>OQAv$AjSH0=Z~t4`6D0w6HZj12g89a@)39G%S0YuthSiS`~NMucK&vaZ7K!>FJxmSc#Nm zTaSS>#9A*21B=FW>-Z}oo_t6Vx;7&HdRHIjXGNQXlv8tJWaV;5TcMeko16v>?+qQD zb0Vo33N9a8%~z&GJ@RQ5~w+qklI-<{#CP({~>zF>hO+3HAY336Tn5!xz?C=^%N%88x4qOAt1;*P`myX7;`;$B}MaP{phDW6ZYY1S)ntyZ=q6qeE`j1%WA10WBCjf)_Q2scmYX~S5!O~ zdW6CoPu`t?k&~13eBcovow?QDol?#G%QxD^4}-Z<7UKv-Q$s_NoVq$I?g~8KlV{FQ z;@yyytp+i7l&i3Jj@z7riXn^{dPkztR8}X7W{|zNLyNHADdD91K*iQv;n*s++<}!4L&`lg|l_jHjVp6 zdvq{j@$);T28ph$x2pA3HV@XqsgM+EQ}4ANo%;xO@-T(}SVhyt^w1tBruhpRySKSZ z0&VZ25a0yX(n0-?p76nXd*%Ee z8&ANQ+3WHF>NkZ3ST5uYF6fzr?fKw&6Uq*~D}DDFT0Z?Nw%G7Ej8N1-O*!{0dF|nc zwZYVu#frU0ALVVBc$fWS8ppo&5>!v|I7nBFpc-)j1!vO7(qoRSKqI9E4O>^m&Kt^ zhGr);EIm=JfGTX+Gn8b_l6Fvw-})Rw*FKHoe&xM>Msc@{g41ctIu*4rTM^9$C(U!K2F@Dec||Vi^9s*RPUZ zb*w1GE$&Zy+yKhcnmvjyZcdMfuRP{XJKxLl)t0>IZj$!h_QmqKC&P^-rDf2QdSJ)) zHh!Rl>jRb+N8M*+*rwo$C#0ex!1{^#Fo1^fliYcq=&YXK2*W&>ao0*~AMiav(+G)n z?i?N*a8%krVcmjnkGBLmqcof-hNlabL9H^ZZ?k*-p^ApW*Uz|>L9o;)7u;1KExv`! ztDJKjhC%a_{gxft1aHT9?!k74our}&;S(oR^Y==6W@C?+yCVa9Or7`P4z*14Sj?*} zSap9vL8uRYl5GYt4v#SR(9)W%M~w2}&1*C8aELQ~vOG02^So!a>Z8^8!g}ex@W3== z2bdT3PRz{Q^Zt61N9r`&7zOQ>j!U7lFy-r5lll0earyCU`KZ%-fKebD0$1Ve-q9gC&uO$n00Av9v3Fh(rg->0!%p z|EmCpAh-wYIA!o{4>1W2(f*j}?o+k6W~@CY#(JLn%}5J(UUcP{ zMTnGa6{fz%a92?s|Cb0<}carjI#|)zOgq}=R1jz zNU(Kl^u7iv=yO!1=apR$?}x>_w`Qbu{W^o_c0AuVLg*z-2AgM3mYc zje56uG#lF$6xZpkJMW6=n2cvJIux>UZ^QgLJy8y-hsV6h3Yoxk5-r{eFqqdJmrCh4CFceys+Ig+|dVRw4HO^z7t(zR{avZ|}@|qfeQD_(0UF#fg z6G<AX&U;qCU@W;s`m&Mu+xP-}5SUt33q2S~F%CwWgIWu_Si?5x*xbP|ZnvwLP?ysloZ ze-aFV9XbpOId8m(3=O|Lfbo@zs>%~=B(7_Z=16|82Y7sxn_#(k(jzV@$#CXOIrE0h zUtJx!&s4zbC*B@=y}$uTKUYc@AYKiq)RKr#{DIGLY*cyH;0S;WL`_5m>k}XhlZo-) z<+IiESQ!d+e}mi8>E?xwfW_ zeW>lY^KeJrnmEEZFYPFcwE(TYkrAQ5?vlrj<5h0n1@PsvJXi?(fC6zMHCXieVn{j$ zL+zUa(U<-MA;ZSzx>@yzV1{E$ zXXhze)gPsI=w}R)C|bvn~ta!&ahvD85Ar5pE$h30<^X?ImT&csAATRV1+qKz0aTJT3cRYp$xwCHz*+^jb)rg9QdOA)* z^i#!=;l*aF5_cG1KLpV;;%?!T2;7+nYXEbNKBHIPVN~#FzK^Rbqde#-FX+KAPnpD- z1I!&h&ognL9wm3-BNDL`pnZTgJeS=$Qe$90ImVdCxW-$Y`WroZA9+du?%&eZBLv6c zmPe}K&3RZwq{9SSm}}Nx4*j*4{n0Hw(!Vg^tQgxJAjl^1PVr7NGPHjp6dU=nhIT!C z+r|7!jS@%rFqT$ZrkIk5rqiS(EV8E}DZF8-yt)2tBkR@fZGL#ih&G;nnR~(rHNYk= zr3=1`#Qw+Xna#qxjvnOA>bcEg8T|dxJU^5(WP_eaOdxiiIAZuTfb=0UHc-$L#FG7T zYqTZA75j)AszKC{kMcPH42N8(bl$g48Ikx&Q0G|r*9`c9#IKzvNE#z2r_23z=otPg z&!ZM;O4bDpWz}fY~~Nj z#$A0W=a-h}3(wtnycgs87D{qd!`*Az;#6>XXb;r?Kz>S(6Sa;pMaG5Lvm4@VSJqy1 zC>-1ky~1`BctNnq5Pd8GuCOX|!W^phA#U&JkQVDUU=ORKK95_QL@o{;L9r-ER_va| z(M4PGD1^QO>;-zX%*EOBD6Af>l-;vo4mC=mZA+b@dVSQa?mIidC2(iPz1JoHCQUn!!wyF}m%1OCSU8Aaj#nb>b`nsVWD^#ig*ZG6#NaAT_ zbU^ezv-*8O(h2-K=hHya4v1P~1&Jjgm+e_y(Md$A*{=EgAT+;^d0-9{YzgpyWcNZy z64Hj6^k`J|@9)_P?XD<<@tbMnqu5tT5Y%WT6+w--A;b3oHJS`U(;j=-5c70B=)~vK z8ZP0NB>3uyH#aSdA_X1_0a~8e^YX$8IPkmzk}x=Wc>f|n<2yI*MRTYXn4i%a6SyE+ zAP5j*prkm%)8|KEp8=)GQG|W+PRei`QFPV{d1uDC-zBG~BjA^x;616mxVM8>yIHq` zOW&nt8bVP0$o>ZD_cIy{+IGmvqNZEmD6Ux-DZM975S%n?hH~g8?9A)=;y1 z65H%P;2f4yqO;7ldxxzR#O=9)oyR!-wN5Avx^6*o|5bN+rc$s{4RU(mW2SPy-!MdELCgsv4Jw4tMIm9d&0>9`1z!Cvvksz zaC}8}7On$h{hshr1YAe@`ub(xrB00n1@VV#B`M9`gzIZ#%xAKuNrN%z`a3XAnNkEb z;=RB~2SuN{oLb*^F%_Gnp6Qp@p?cO(&a3plhXc)#TBjb%vz2!dfBh1VTkga+ z^&RWkB-993LJV?Hqkc{qJfs=!;;3VFWVM`AD10&(>L82zn_mmrg$4MeUJ?kak9>7# z{1(WKefVLW5GZ*5vV}#7LPX-)Tz7kN1b6NTPfzbih;nyJ)hhvv=fYdf+keszpkOgg zTz#$_x+@)S(18GWF}j+ZlTXt}8GCfhI}qyV&j$J=zX2Xs(~eGBIzMPRs-fQXs6HHm zx`H34n@d(vFw8#D2n868%Wk2m{Vi7OqxaG3zK5pVuf;6ZXkJE2Xk*Qit=u|&+C^S` z+yx8;gG1=RwDVt&o0A{9yPig+9X73l7K-1=N*0fS;C8xR=Ja>W}jJT#4|sNUzO-2XH-d(qtu!Q$M?Fz*7BV224EjkDX$vM8Y`|94-EpQQn6?2wcdIeU!GDJm$j}yVJ zl2bhuE2)2?LP@geX=&Go$D?gm(SLby>RapTetG=-v|nVzmNj+ePj1K*awr(CT)Dzw zD}6jf`t9)rUNd7Z_3ZO9|ILm5vpuo0B=q zsfjsgy*endoOfjcO^>#eEDSujElr)2PQo+W4Rbv9qIgZpqwz**d0y;*fv*|LLaT_{ zOJM#SQW+RNvC;w`ps4M#=aqad|{W^SCXkOKI*+}ng?#xLlYm$1d?aWohB+9NZePfqF%53lh zZH&_Bjc~Q>Q%cic!u@#}`BY`44zs$BpX$7u zuQ+cDw-!8;jXmLgExTR`C-F_m*{Rzx4i~;H)+Doss=iGY>Sn0E7cauv&H6=P$cV@p zWOS5~yh;~Kl9R{z0)507gDqF;oOA@5#L-obDTlau{T}glcxBEJL|X6W@Z&i&J*&cU zSp!0Fo3?X$Eh@cKe~W>Fb^0OWDzo=&oo=Ap7N}(QQJ|cGFceRtMbs zB|z!Dbz2i#sJgy+pB((Rr7ZhUA#5y?0ic}Fy47f=@kJ-OJJ$jis|HIDjGiC;g=VZ$ zzy5^KH#bY)JhP9J87lg4KTSy$VbY#Fdk)i)Ed3V$0n3jA<^l_m{Y9tqUy2pCEx#N; zIn#~4jXz3GNm*;4;C_*t$}k+L<<2|dsY~rjkOWt}MNZ1onzpx!Qp8N&sVvSjY`@jJ z@(F&-Czwy}^o^HL>BO?II#rshv?IGbM#(~LmInoz7d<3NCqy2N$MjI_147S!m6MUVe|;j(ztaac=?Hfk8ZY4lbtGZxp>HUNB|Z z%Lv6WWH_?^>_{&ikt3fHB@zisl!bymTr1xN61lUa{z+@B6|;`lavQhxmo{16i-r7!OSZpc=B z-Z+zAV^Wa~p5f0v>almHwO1;=4q%=tcoNxtkLuJ-5E03Qeskb~x2ezJ;1+8K?P1RE zY1E89Rh*jPw5@^h*0b4AE(-~*rdbvrrXU}Vw)3(K{Lu{GkBXNs+&VsSiVL&vTg4d9 z*Y%TvLX;v7!S%y)v@PhqPJtmaBEBnZSPfAhqK{cZ*Qwp$DFL9>lO7XgJ{1j;_>%m= z+4IW#ZrM4QQJ9o?z*DqdTQj;cYo0m&A_{VphxZ^nCQ#IGvXDat(k z5M`CQel2r5rH9(LR3;$e+CnXdOxaTTVKld!!B+oi92hJvp}iZ!cNZ4oLtvq!{{c5^g$= z@Ub5~U>b|+_VHF@aCagVIzqX@d~z6Qo-jU>lQ6G3s-K;2kTiV)g@8d?{Hh9pa{`7G zJT4}uM>6WK!#*|_^~MeUN<7dsk^GbsO~~1^OH^_1B-9lH0s=OA`u7ska#Yw?cbH_T z{K@M>9|Ac25dVW#9Z_(vX=rP-Vf{Opq7tpRi)n%f{sn+Sh2#z5`~;lEsh4ckPbI#8 zUsG~+Zd;3s2+;Z4ol=zonPB9;*V$Gx3f5(h*3`XumrY7=WM>PpVf8vig@kxO>Gc5Y zEi6WW2i_=M*GM=UH&9Vgq4mAM;!LSeVm2Q`_IJbRNKYL}7jI|cv$abvT zwI1N1`;=?BkZb%92%f1&zqKM74Na#th|NWo?0rl^lU}Ck1#xAyk@krc z%dMlZ70QObty(6O#3!e+6aMZw>>k$511_G=T4`xIXq7BD4o*&PqsNp$Pn{6TR9B`l z1edth+7m4(D2UQtq`1V)ytu#DzyBFdr}sjfdixvx`}$N=loS*cD>AL@MaCj?Td2ckTLHDv%ISIy#f>#5tZ)VZ z0bi4u3{IKEj?pir3zkw{NY>lhFiKz!oH_nM?c;HfNH~dn2+6tsMk>@_{J=um(wMlb zSI;4X%zFN&0X>q6diFY)sbzuv6&9OfoDGl;#t`NqouqkiynjA|;#LvmweY(|h4zB( zQf6DDG||I_nludkO!cfyuC1y_sD=D|J-idplaH3hGkmh&-Sm(jE70P!`kSJWXFvXo z803Z1u;#)dOymPWDOj%1@F3>T5>aWFDx4KLt?$0351t5cX$YO^@p$$l9>wYU+zu%y z@i$A3?J%VD3-v?4`1=Y<`=S)>wAya}d(HpzC;tATJU{2ZL~;Ii@FsE2dSJK+Wltk? zfEfO54mi>E$6Ng4>9-K00D9^M9tb(@lI_5s4Zl8S4#E;YupL!-@ZiCh=8-?xrYGcE zQ*d>vu>XFMpu@73|8nh!-=8qm@7edi znm-b0ew61E9-aTZgjV$s{KpR?+g^#yN*nzArH8*f<+{M%>j}ftf}85S%n)3Flmf8x z8r$t0J28hIw3YoHYf6!unVA_A?ewoMM0pbZxea=2c{$oyHf#A(;EB%c`}=-d3*;17 z@IEVDG|N17zWCK2Fxgo&p#DRj0xxu%DJk`~Wk?kQGm9|CfXZzw+@nGAfI!>$Lb!S{ zUtsZFQGBLg?^LQ0TNvgEI9)Fmmi}dOcB`Qs)RcuX3}YtGN;A9RR@!gENJAD-z~7lN z!ij~QS%ur`?4U72m=MCgWPF_@+4b=B%%FqF3kh#$@J%pSE8ehArHzXW24n(kjantV zv{-*#)<2!cLX&RVVf4q9D9+CUui7#n9rw8dS}^?G&UsJML(7k(241u%Tyt*p zrHiGI5O)3JZ9Tyi&+bzh+B_B7SUeeArwcSTuGN!Hls_K4UZ7~$EzF(4jPf7VEKO~C z*Gw>ag7ybn^k4Ht5W7HTy=G&rP}WKbWfYz38$i|JjREiG4rbO61kS-Sc98aHiPa=L z_Ii1%3Dl=cOE>lK{`7dUQC(LqM)v#+rz_`s6bkJ^&@S`2#rS9E>(O? ze~_itX#@RG3s3+ycYAJ-ONXln-pU&Wx57Qj+mLpHS>A+S4GGin@TYnPGU-FEr&TpI z7nG}ka1pn@<4bf85|)w34~@|eO$`Y1A`P9~7Vz-E=ue|P9G zQgnG~0?7i9T~@)uS(rr6uDUbK>V1Uj23c<)C~*e1u@j3 z?(t2B94QpN@)B%9p5BuV1@#E=&x9bcL*NFB zOHIASMs|SdOM;+`sF03JdYCK1aD{-okQPu5SFugNksv7{7K2g2pGZhZn8ewIKn6sl zUawoL(*ZeJZ$OLV008rvnc?M%G2Ppd3V8k66+}@Sp=XYF_#(5DT&%_#0!AUH2QDu^ zcpkZEG?K#FqzK>- z;X?Q$C`IRYP)f9|)YCn`i`{0`f25*-+2mLc312)~eV;KF-hGgm5COC8L-g}if8VR% zs_5mz`T{;H!)bNo7KV1HYNnPGi5&@TDV?$-1Zf6YNg$#D2f4k$3WBJb@NFKGAx1PA zHYWa(zpDU#qFHti37d0^)BS&E1ZBbn*tgkp`Hz5}w;9sgMh|D%gVCizd{?4uFgftd zKF`P)j?s%n&ZZQWrc$)dc)|LPIPV05G(T?($|UQgDJ-S@2|Y=L&&jIE&T`G(3oz_B zhxYdxrtVcO*CvgJ8f1w*QI?i<8%aMc}<6a52X@Dr%HwBrzL7{d2iB76C^|fZ{vV=@LSqT z=x9!+bNlEg>DJY(*<-L-c&vMPqg#_!N-*!0NQ}B}i?nY>F+IqL-=iH4K|gRE(I)VR zbMySSuJm7(3}=KmhP5fiSUFTm_js<;*?T~4LS|Zn9)$qu09Y7vV{l&E%sUez?pc`q zOifLF+1MPvac37}8rcH=YPTpzLV>`#i=EX!@`;Yhy!)zWPilSS9Mu$bxnXbK#MLh# zg9O;Z^S50z@29L1y{LSIjRmgUdL6ji7A-6Uo(?_Ny{!e2uNW62;4zO0G#VrWZHyy> zHmrc~BCTa_yQxVQapDet>%EnGa*^_`bgPKvB>;2YY3JJN^*lZ43u7 z4QKT($Cn!nqgafL=EaR1m;loJ0|#4r$vie;j(|-d7d`h;21H;-ndW|@SE$QA;?YK2 zUVMOXhRx-a*qx8xEz|-&1+=C%J!h6bsqLk^a=M>kmZ?>vIYS(v zlp+B{$Q_2eZ*&;`{3^&cBe^<{40+^FVO@UL^^;+84p-0Z&)9xpiNxw?GBP|6Yuv$Y z##IiOO%W_j%>z4VQSvdP@jkX`hmOgr!R8g^%a&W;P^p!n^Knh^b-z&w>m}^fe}ge? z@@~Sg05MCl3Fv)29Qa)n^r#O`vp#d!b}+sVYQM5*+H?p!A3^{YAVuGkT7wfTcaS|^ zU_*@yhOo}=cu1gD>$%l$7-Jp;|3c{SJltcbfx}4u+>08lv}n8fLarX3>(AJx62osc z<)=E6O~5gN48*!#BC${ig~0Jm8!Ye`X9Yd8YPb_j!z;;7FeMK24o&w_ymG6#q_uts zZLl4fT&Q0yH*NHHwVQ4FdB-u}cycLdtSpy=yxOgXbm)d3eOg4RVt}3UecYYGIsLCO zCYF0c0=!Y%jIfy1I6M)*pSfQd;qOB>E_c7>h%7R78#FFQ;sS zF5@5p5VK0T{eFO81vp(*<0ch4S9fdRjJenOa$?_ zHCRh>cR_Pw!7 zBWB)lMEFW*t@07EHZv~Nz;A0-@$(h6b z5^O>Yfkt@o27o}RgnCIg-a5~foFeuZK_N{HTJXYBj?rzIo&9b@bDWG!=Q5bMTTI9x z(GvDJ)PSIvwkp{;HrD?k=5&E8(;(?@#OafjZ}@L^>t@c+TJpRPWxso0ym=)0^8bpFFKeM@NU9q=@G#{~5owG!39Ipo{#f z6V*3kU#=||9Iz8BTk^4WKj4Xwm~35=y<1^(W-`EQBcxuPPmzsmSrnh^oc;7(lJKw2 znPDm)0c*-lhQyNA2xsLQqiEx|A8mtTf*YYpk)|mJlJFn+l5FIg*^6zOinwJ6yTj+4 z$yPA`JG3Yz!GAZk8|Hd&qZljMb?Zv29YXy40Oi8Qu7h!*&qKlfa{s-kf4Sz7Krv=FzE%pM+09*tJ+V{F2PsBv%va@@A>(42p5{ysBgne~r#4Ln!x5ba0^aO+GLqQj8>nI~%(;(I@_q_dAd4!_{a@|#PwHXO(u>kbY$SnU` ze96S&wK87Ci9pf)z2Lo!yvNC_kP`-}9>$OZJ>{J5R&D`BxewzM7114+ za1=E`XrB>M#4Pp4&8NR}D9jLAE&h}|@3l_29cl_moyxYpQH}$*B0VjU92*z;#v<-+ zBbILv%>b$)G1YsPjC!b`u&1dh5!iDYSJ;|Pv3yRi&1TBU=m}l!?8JPrO7L&Cq|P~e zo{R}0%~Wmb`b?>kscHag(s8-l!}$P=crbvnY}f3@=VsFv6GN ziD*(y5(nRG;TKD3hNL?Wg92pIP`jxrK|kVKx=mnS6Fw_*h~z|2m!phmQb((&1h>=M zFi9omOOImMsBYvYg;B^BapgyM%qDTA*29$Cykjy%j9jH81Nf_C;eNTgV{P=;E@yP} zt+DrJzO!Y7lpsvrV(`NYKhueZ2Y;m#xvm7?k-uF`iFRweG{77qK|@4l=#=C~=Y!-b zymP3~qY!0{pH8-}>+=(S**x9NhddOKU5V%R%|i`_qxy+KC#X5mh(m0+=Z*$;UisZ^ zpm1NKoRddU?9E6T)A9y0bC^YiKG9mcX0GF^Ff37UbG?}-->X9m*KmOb0Q3ZD9TKk- zQ85yv=BzlG5*+VT*fkNtq4NeA#a`zTb#q-=btwR5$J1tW*V9qcr=Krrn1ED+HA= zC;S5>ze?G6=R+<~@K?;COF7W_-{GU#o9&O5w|ds z>%*d0neXQ9=VEniF~xg)R~{OzZ=DI)pgnaX?(z@@e;n_tt>Lx5yRCHKospEFw?obS zl=FMY%-;c{?5xO|`0_;Ss8?vs@pFkzJAIucuV5tVh@Zdl2JC-O8(QAF%IRy$QE{)Z zJ2Z@INtXi2rpah40a#y-KN!wK`~@)0OD>rQHayW;bUgBv?Aa;dGi_Uv_KC)Q&;Xh_ zZ{UHt;C}SYvXpdnvJ>5g#N9H!ZlF}5(D`D*gmXPM9AgIzf1`$a#R+uxjGAyP>iczo z!s9tNRKO^FO-3mKL^;AYIS$#pTZG~i*sctAn_sdzUN={3Vi{_F^y?+Bb3ku=wSiK5 z^PJJrVX_j=3}!)H+2ZvV*LwDZTjt9B2#YI?`53Q^-NKiA_@lv4{SjkCOCqwN{;|QB z4>y$E0WUsT!6%ivb*$Ot1hn0AR6h+Kb;h^d4(}OecgaCOYOno)H3K!NT)C3ay#&cd z91ts>1=Bz<(@*BjADOzB{i&9W2_hpp8O1c9wP_aJXTBPka7%j`u|IuO2QU5C*4C_e z?LxINZPU;i3^ieT>TJZ9Vn7f?@DK2tTyb z@wo|cS&#*)V{?%aAd`){Yh+WX)WKTmr1p+Jubf+_l{L2%(U-3XO-wQ%yD&t3y6UEW zx(c32kP??7mN;Gm;tYk=TzgdSpxKnN<~aLSc#8;x#2vf0pLRKeFYRuoxJT08DMm%7 zK#Tmm&2SI8bSfRcg$VoOQ4ZWttN@RCm4DjkATH}MTxp*lAF5ZP!ekKe{gcWgU#!hoB17OX`* zv-H|B#jd{YR6L|I#!j0OX~_Le>qE-p!o)om5XZ~2LSC1AgD_gT`wpji_N@`a%e9XQ zX~nzf()%&f6Sq0GHw^`6ou;R+B)dIDd7Nh++>?Eaq;fzjT4ymBXy2(=x~^_k?n797 zGjjFDZDMmlNFe2es4aE#mtDsA_(Tgw{RE+7?*E`^Xv4`#KAx}Fo7B^E;Hq@yE{1c= z@!=|F+YakBtxkt?Q;B=}cTqjIIbAdS$zP32xMm$PE2wg>aC1*^Ui*S? z^~$vuF5T2fQfpO5MAZ|(GIoVG&0gTq`zM{~IfW^mqZaD}*43o%% zXp=YLW0b!VKnj*FBY~bfokJOm4zSgNq5lzFes)vk15>!oi_KRGvscqx#?{UE=a^)E zUw0T&pTyXENw?ZBUC60D{fw_U*S*_d0Fr#_P+^L{rVddT_Z@ZiIP2EV9@OUyq*b{;WUyeo{@@+zEi?@x04AcIK4wknlZWY(Hgk! zV8;34iCXaC?zTNQ`iN{~lBymWe*2K3NNJ&bhti=q;nKnuv#M0BLy?LDP>~NnB(Y|R zg(Mr{5NW+!U}?Q(LYf_IKRQWOKigHeGmIPdKl3nKIr&S~}@sV&{oAllJXi z=sS$0giBnSMX5Aw<>}>14ycNwHbPue^^nVZ$v>}#vmN+-8^Rx#HT^rjwrQ21`+W5V z(Ssl9ksjp{!aF@v{`b67Ybe~GNVVm>-KUH=aAHcokvVB~yr(+b3qdWACD&WrrqC&m z;QA&>efg4|Vh+6!wnjs$`FbyQijbPe015<1pBfllr{kJv@jQG%i2StNvi(sWwiP~D zWI+~RgmBz9t>!<2uaG!R*tJ1*T`SsV0~e}XJ}S&vF|s%1XM)k^w?O0XJFO~y^apGT zOvk-E84TN9!2OTfEF5~5o0qFKn%a&TRY6vLL<@%6xy-5v30Gg+U9Vq)ycTbIQHYDa zePG*`q+f;9ewnrn3)=kPAVbEmC z@J{_p{wW3FpM1>9gQ$s2!rf|g_3ruE&kbEk5i@7FQLAZwu9p^wLzi8nU{iYq3lyZ3 z-sLYgM`E6SW-3W4U$}i+lk@F;>+8-XZ|B;R>5-h`Z*VYy>8%IoeX-SB?fctNNCM?(LQfhD50}k?tFeR?r5O%aAHm#hby7%hoPoSyyx<>gB#)V^rS@9U7V?3$=({9~_p8I)4d2Kwp=BhM z@j%Q%)GCAvTBT5!Gwk7P+cMm)fyu>_$KuI889fjTG^o)?^^nJJvu-2|Qjm;7Apvc0 zFhw(XS|T%QSmR&QRQ`G2MkNn7mtyBw)NYdIfsI|<; zJu_BIsz_ZPXSP^iYprSTK6!n6o|o~lBnvBJpP?1L z;^1(j^_aJ-4%&a~E8r}!5NZ)z4(muh7GyC9g&ZUeS$Bm)0dGV_q?6zC5Urxq)vbgi zF_6V5-Oa{DW@!qpGLd}5@Q8RkT|MBuaR`Rd!*UioAE&u@$>K2 zPm!d6)`0u>?>|}|!|8nrnza0>>$y3}X_vUTj=OC4^gpq_Kb;V@|Ff<(X1l=C;0mL+ z-cfeKs4nBGkaX1%&iSY}kHSbf+I*baO1&l(6(QS;148-xa)wGsbn8ac3vDL1N~s8d zmGqs8IQg*%jcy0(aDSJ5-wh^AA=P*>h0U!1e;phi5~zcu2~V!~r3HyUv04n)*_HgS zXaB+W$e6vj&z|G|Gk`?ed!wQ)5x7tqd{uQ;2z^C2i@3Xe>esL~zi)O4NewD@ zg$_Xb14P;(8F)Jo?zNdO2gb@gI?&P$9+lDaK2g#e4`%6$J&NSIbSd?36aJm3Q**U_ zkpgTs#i#0CO)mLl3#%LLjw-c_^T#8Z+UMEa*3CS(zET+@A^PCnb8EtpYSX-@s2H1- z)ncC75S0lAq$)qUo+R91tTNpkB+%^#i}m%d=wY;Sqk|yFoXVsB#MT7cuWFAKl#JN# z!rcDgpJdTL5FCa$kgL!3;ITRRYYdgWZ!O8I})h3zb z|6bJ2zo9|?l>L9Nt^Y0rr|G}q*Wi455h7|Xadqim?cI~!J5fT)>L(6JklH`kqlrr^ z?RuI{XpLXrDh@g(mBqB%=Ued9CC<}*8 zA7ml@%{~pT{_|Db?V?$&&WfK?u(r5LD0OZycJOgqrEnA62XNTK;*MJY7>4dDt-pc{ z2_(4zIuM#urMNE~Og4JSY?CALSXo$DCiFBL{zX7k8*YT)o|O8D6HJ+mP_UEF#qI0f7?%3MwQk*PH+# za)j6lh;YSBMGz*k^#TZAH^(kc<0WFn3v#It%t%>?cbB~*_EJ&n>u(DQGec-y_xWY0Echj*kDY`E$J+snP=_X zhQ$X-3M$q-WUfx)^pq%1us00Yd8L>RbeV{?1gvZ@azZ9g2M9{>HhT2uWDADa?=z;B z!D$J^E{yG8Vvb_TL9{FIvh_+55-%`EwB%&qWB;x=hvx$q7zU`N@He5l1Is^jZc zVs$w<7tB&KbsF&5dGfGFzm5hwD&FJq$8lxpf*$hfxoyiz&3C?p(A+9Uo1`b4>g>-_ zgn*WH@QG)Bzd9SQK@iWCyidBTL?;+CDJ%H{7Wh(F=DV`WxQJv$zG)wu?d%68{ z!K0N2pc1Zb{p3v`C>}$_9Ts2c?8NdPqJp**t>+v?E+h?PHXqUjuRhS9LG4l1@vR=I z2#+CxKMz7WB+r~i05kIJ1BnPZ41{<;-8y~y9+Zm+0x8v$!w;Y|Bis3+PWPdK+LL;M z^Hq=!j7gOxdnWTg5d}2yFQb6;|2ISdF)~mYK)H>%6#-^4qirxck_28{5I~OJ(obGL z)<@hX0wbr}6zoV`K7uPDOb^&AckoH>?!O7mZ<=;KgXvN)vLiLkrvXCe^K5?qsRdqu zb_#k;f2Pe`ph3y!X{{1a!wdkb;^3}HR^W7a8Pd$49)^UO6X3B?4)s;i9(P)0Z{*sZ zhgGK7c_+3}<}IjnV2W)4C-sN0_SUm=m3jz668}*QQy=b@~(7CE_V+I3p)(`9^^=d zXUO=oKJct+7L|gq1TDFeKTZj=N4Tl0r7+P0iy&fXwG8hyU8feHA_9X7sKpHbIbi6t z=6^F_2*xEKc_2rFEq=L9l9GlDCau}OltIoI*lpm*u~gHi9J4u4(SUF_ibm2q4^Bo4 z#8%*c7S3Jj3sX(w?gBA&i6;uvGcy%0{0IeX=V&7$BZ)O#%=QX*_Ss7|aA0ou?~_%e z9s9^dj{h^P<8<6zdVt>9?~lqZo3$Yz^79506OtqhT!QPE zlzVHHrg8^J$B;q<=NKXhY6!drEXOE`6140O_P-q#mr&c3HUu#jVzeMkL&N$09T;Ij z6h*zsa{#A%^_&)^CAXPA<*QMrXfol1B=c1BaN3aQ!d4%wCg_04O$qVn9WBdCy$Q}dNx0Em4~W`9Xkxn~9zdQ5F)jcyvXBv1HC9_JZdJ92;4=$UIRmjJFLD z8cs^0T-yKU3F$@S1ou>tN4l|8^i$EgrgVdb-csSjS z(y?%#j0p+E*3h$?W422~ov2P({7w(6npj^vV-Zg54(Ak8`S3P4!Rdl# z%@~peZPm|zgbDGt?uqhHx3$G&!3qF+<^)diy_d&!`QZc>VmNy%o0c~QQ9~ejOrzY^ zttRh$6K<5Wf#SiSF&ys_Q>#mu8of1SF7TzJgTj1Ehm$<(o9V4vM=4nBr1^yx{uw0%TcbE| zt0GqWBr*h>Qxg-11=25J`JCjtv8S#B2Lgf3U5JmB0$5`Js4&gLFg%A-^1e)SC;#GX zxM=^$**xlJQg>1KCXDUSjfI(JEs)*&-3UKX2#1Iu{CqEhcl5MIi*;pWAAmZ3qUpE~ zGRf8D`XPlin~KWk^;$0=*7)fT1Su5ZD8ckVo_qQER+=G}T|zcB98cAOxBmYy_ttS$ z{oT4K1{ffSsDPBB2ug!=E1@DK(y?d}q`L*Aqzt+wM3C+d5v5bQOS(aF5ob*G=g+<0 zcklPT``mla;h)84!J2cfIlnQ+GoJB0`+Mj@q%E`JeBSqLl-$1*4H`POhO9+9ykKY~ zDBB7n0+=}8rkEF)IB}MT10p0^&|?kpHYX{B&Lu-QI@O4 z32$z!I~}Mg!H*Qrt`}w4R-xcg|G27vt5v5v52`i~5AGhP02khW&;bJS z%wIY{M~D8o4v=W>Px=hrjoheT=3=+OF=Po~O{JUeYJNx6?cM6eldwkg2e_a!645^A z75LS$f;4TuopwAy!eRUg)VbLbt-G9t%j^(U3Phx~=X^1soo8;!Mj>W6O07R+O~KB1 zi`e!Nf$$ZQQ{DcuO<*CqrxTA}Yh>(__&`C>vA7$d-er&9S~)#K)8_Ro-i^jT1C)JtEA*+1G=*H|EZKuY&fC~)q^pe|Nm zz08R1sD}57OWL6#E{H5y;JLYKz7cToGT-BOHLzvgIA*RW$p7sJw%wF+-R)Kv2AfNs>%dCh9n}X#I9a%!mHdgr zZ~C`tH8Ne8WG8n)-N3bhwPY(#J2}&^PtCP|1ogID3Cy5Z8$=7h7Fvx75nFYSah5|o zn?d;s>B^7!KTDunV0*BG z0{mA7>#hN)F>6e>L?iF)7xheYt)0|N&3*moEDzgHGY=Tp@sY@L0tDoqUKn)R1 zv@;tUEEYeAQieSY5QSj>MB2`jIKg<*5#RzN3F7m$qeYS8SskgH@1R`}5nMxD(uoO@ z-oHO=W!>v58->`b!U#dV#mcLYiDrLJtM{0tWRVukM#gm#fT3*G0y5**;j?=6{*VN2P zY?7}kNOZ#xz=(K)KAQc*+N;s9p;}PblOmt5w0fj7x1t60oi)KJ&oP)R`9Q%!6;#GS zp78v4wrAH_2jaBpp`YsX3;Z59x3Mki`OUDjqX|v;o*ixE+}$rA01*~_eq<;u^JJ3} zKW)njQPrAUtzf60wHuMm9%ebTHP}vMy7WjaCsXC*o-!!CbgJ`&hv3AkN^=k(4C*U( z+;|e)j;N$yjatzQUu3Q7*}q&918egUA$0|O{cy0QF`jFWIW2tA>LJ>jv0^ufv42a< zr6;|#GskauPf6Xx7tN>$Nn}(mJmm zwu*}zO-q01NiXbOv>sj4&AiNJq{p*3|A%v1`Rko@5(MNaRj5pebPrSCDD?0E@5Gml z&3d_G-#`4)_|4?Mgu{%L-qM6)?|1gInXGIj!!c`M4x}23b{eg&t`c#XUqc8lh1Vr; zw4Y$+WsJLHB|_Fq4zKk8q)ZW9lEF*=+#hlg?8`B zIwjpVKk+Cye@SbACV7AZ%^L(jgKAHA>eQw}*LY70v?hdZU_Sd{;&nR@;kG`Q`0#JY z{M6MYs*U_|+S;Hmhf&ov-co0bkV0iBh`H!0B^PWj~!BV3))p zSPFM*<-+-dBKuJ*cVyWypdELf#lk1HVcLeHVfTe#9=zI1v=XIguDC zZu}u5v{E^95!`obq?c5qXnUA>k4e~C^i}X|DhpZm;J1wLy<- zk(GC=8lkNqym5x)xt`@)5Xuylk&8M>eJ3-DOa>Nh9OzbMxL_GVCRoCb&QHSoFg@#= z`2+I7vD|mRuz*&%>{`>NQHy_dF3jt4zd-N72*t1dKSZfM%Co~De;is&5ps(rOE@Uy z{AK%9;`HTvYX5>HjNIgm53h))U7D^<(!0IniNaWNB<(}$-)cOMmU2m;ec=R;Y}*C+c^9E>w8kBs_@j$r6Ki>@9+ zMAJ68Jnd@tinOPEhgR0DGOT?*?*1U1C>sqDYV&LFp z4TO`;@T&fi)vo=|*%`rY2SAoNSBXXHOg^+?VkQavZq z5vd;9DG;h$0cBe&JUdL^z$O8sBP{FQDCraHsdJDeB4X3OAX4C%I64h#JgAtsulKTI zGu0qr7cr(Wmky&tLjzB-F(9gGF$96%btX0+iu`Px06mO5Az-ehfX3A7i~*73eR3XH zFF=%4xtrscca06jM$bw-#Rt5p|B+ZvklaUrCxAjS0T-cU!aSK#Kz1iRvmg-B#NZHp z-Y`?b2Mtk6U4HnY6JePT0w8TGvF-y2B=VSDxnlL>L_VuhWx|MaHRPbQt?kKbPNyvK zh=&eELDo4EbjwZwn>%UV!hiyC*0BkgQC>DAUFES!9h9QKl%MfuJ>*z0>hx=;(NQ}IUXpA3_Dtc^5Xq(iSlUH5ohJ$Qt;EYBI-ZRxm%dDVVgU%l?TEx zVxTX*q>8A*D#(GRVl~Jz+qJ$x^M~DdgSb_cCVl?zGbR z`IB+`m*mi!@QK~m^BbuKprv9RR{S9F=RYM=|0&!dL(w(jA}8?+r0S$#`diPYU2X<> z1P0}Q9oajK>n~2r@3(-#5&5Se#&5Li|FrGY4-dEBSHn>T!a#-~jY7ntR=4#en;t?o`(%`#MCyJOCGyi5<+VuXqRFWh`BQ84le{qToxz z&g*>Q^j7~$DfN;x2lh`fpo%{S;yVx~MHF73ls%Uc*}tJ53M3d{dxov1U7(0DsD@y) z?ne3v`#63$C{o+DPEt{`YQ~feU5asG(%mAA_ZNO!dFXWl~vk9SE8agkycwTH>RZsYpP z#jW?8eBit739utRNTZ-k!n9hDnH>53<{x$}?PtJ(=Tn(PEsnc@`ThCwil|DN-yT)K zJfZu8c|rsv72sST-wnRvS|XMyBCrJ<8=%@0H=&p!3mn&+rREnGuEFhqs>=ivUw)8X zc0G0Sm6@SyWXzPaQx4-9c`7tG*f%z+R*v6yKBT6A~fe7*~2Tl&$+EJoMJ!W4-8_|Z(D zCH9{jtTJb(Z~bwzWa@x+gvf@#zEH0#T6L^^@o#yVWAasSCr_#HfNZC?@s9te9`^|d z);cA8aI*hWM5hR;OhF0d3eaJpB4))?Btd_umsF9oQScL<2dgUoL$>6T zS%@0&c21%QA`v2rWQgEpfOK{t+AJU{Y{iQ4@mF^wf{=mC`!5{q8OTQG-!<$YfHF4pi?GY9;qF}*lsB_Sgk_)(5 zWyvSNH!B-71BdL>3kukkVmJ#g(1y(SGr%(kwUa(c1CkG$%OhR_75mh7j`=YFAa`|1 z<@F(Iwcr?QaM$#wp=)DI^lBjH$fym^7a47l8UPNE&F-xaY`_;N-en=tIfKk@UCp^GAZPZm_}* zPL*$DL3p?zoC37cdR@0KT0)(pRd*jecwVpb>5bIE1BE1bD8iu0n*jY$Of)0lI1l3Z zj}#OdG0Ne1YOyHDaDcI~3dvA$lW`#$hZM*2(1%0!|MJzi)wvDkiVd@{g8V z7Tp(`mr2~{a{nt6s$>7ugbD~iI3(;ig(ILc)dQaLqt>Nn;7yfJLzZx360+UQrdk86 z1<=EF3i)O~A^4P;&FODG5HZ;L-OSwpjUV&kuulizD5_2zJn+*9Q0c$q1QGmUK3Vs2 zGcLI<;~Kf?zeV^Ee1v9_N1Jxd*lM|C57Lyr$!y~7e=0Qu66TV*3VDZVs!3Mq6r?92 z;-yt6Hb}oPJEnV8*`+FBIH_IDUOqM-FxpjlOS>jlUX3StGG*H2bNkm|pOpr-6_+Jx z^6eiAEWT;p75xltX8Za6C7JzGw*y!_5`MZ)k>)$yFD;+Z9=8?Ul4n9iCGX!$cSzpw zn08+632-aQ{9OLj(ve8DP;erwfb3_Q&Uz8lfpeuk>?@WAD%)6*Soz^kKB=X4*%#(3 zP`-#$bJfbvLnt!YNl6-=$Qffl4d4NPW04G~N+Es_ZM3lBGpz$E9V2587fql{X(AILo=fw+Q5bLL5WZY_)(-)3D zD5QQbF4y>-Z8F=MC&58HTCa$DPLv}P(N~`-dIm=JamB@bD;rx=m5qmos|`m zxfGxDc}4Iv&gmKZE3G_IgVeV8vyI|>cp8S7x2`w^B*ti;yp*-s-j-1I=wyw%{0$M0 zlkaXD_}qV?DY`9m`E{F4SeyrQ{VmOtJNvJce9Lfya^Wus)+ zyreso{RFuCEgsq`pp&u7gwsrdC?U=zO^xFB#st)dypsT zB@xAqWfW&(<!m%RuF!VbYws)f5T;8u1>4!Hg9Sz#)AqvUkgH zuL?7g^2;U)JTQB;-Hi4xsXb0GS3b~$PHcCGXzz_wioBC9)m?PAER^GPpZ54GzU$<2 zv>nWcYk9QX-U=(>2@VG{t- z6Ul>>6gGj)Cy7?hHTe+Ko^hYgb9JMqr$;Os;yti$V~r5uD`7lt3cKQdgy7scChZy= zHLiwcs>p9d;hN`rlP=sejKa^CNb2xW(dKb?$``sbH(xlgNTVwAEK&UJ8j1Ma&O=$* z)s9+nY$bIz7p0ht=c|uTq_oYLs>*15fH+ND+&3dAOJ-+MPDJF{`&%o$emG4L8{P|< z&<#6I?c!=R&oQ&Bm-qf$xY^hz%&4uH+Cx6gJ5}vBs|PH^@akL+m!6+d&*acCRkeIO zyxm==xN{XZi80~exlCw5eqKRBaX#6ESk1@T&G8|rLmw*HH#+i<4OOqn^Rt{~mI>v5 z(>KQlGYtEpl*H?|U0<;jvmAHH)|hWUc=UY9i)q~C`eMGTn%7{F;mgDUo!6U(-|zjM z9+xjLud)<1Un2COaNK8ibj+(~9Pm|wr)Y(eJ{&)|CTOwx{dw*MpVe1uluzZAqXu27 znp~Yx?^DC=o?oOIkS!t%I5O)0f;Eikraa-`RwKo*E3-SJQ+v-41L?pVU$R+VgPDiP zQ(+~+1i?UxLk9uyu|lqE16i_SXCL=tU_0+E@AlxM^G_0AyMp*wal{Dh)l}9yiEPdK zD-ob~Fi#qM5f;&arEt>r-I=V*k00Lt$VC(2waL})WUsy2d5yCrS}grKTDHi@cPBQw zQfuK;A7fCq*=~;E2MhgA$%+fy-zZ2!*+06?@RyJ6rC2lx_uXGCAV?ax-IAa&UC_rU zS>R-SaesnxwUI(SVtJ0!a{!ez;HzG4U;mLG?sH6A(_^{hosz}eT)2lKHsk`lac{@W znAb$V5I?vV*yBG*u!Xurm|eixVz)o#pFZr4tXBTooS*o-nli*hEx2guap9IuMzKb8 zj4OsIiFL9OMeMN1=Hj+g*1muzuy&}mME};=D}xU-Vf2@P8#b+=4$h%70qw}43ECxL z;b{pKjB%I_!coK(%i7G(M4lN81(=?3VNXn&M)kRt=E|6_b~+S>Z;9vLPH)!hNs9F8 zm=$(%;yaD45c^JtwSv>}IK|?S*D*OcXIJrfoVg;i3CjU@{3@CLhdzmkCb8y+&dmwj zMhtz=7tl)`x~?5J85wI+;^VVe8b9!o;~_~3Oul*bTHtT#X8Fo|6jwN_wAVRGvdBr8 zM)TS8Ol4?h>%^)?OVnEp%Lbagzz-wUb6t#D!(}@W@;qpMn0by4Uxoc7i6<2(ZQ$MB z;@l=v)kSNbkjcrpqf2?h#6zYzHN^R|mfV_!1EAtE-z$6YxO(&|P+q?Hz7-zM*~>b* zn*11l()(Dj!i8`gg-mA|1#{ckuSsqp1h`Znz9De9L$G!TD~3?ROuI7(z3{F)TOvJA z6)hq-Gxb^`Y&C(Ro{O&G3Pp0t+}Dlg#^j5Oi{L<49XjkX_O4z9e(G{kFqraOD0aeI zc7h3E=-cYtK59UkzP5a9Rr>-w8R4zjbhMw*=h;n4<^%An3f0i6ycmZT3fV4wxF>NX zqf|fBUDbqRI!WZO+8O2PIrE&!;|T?XWEWgv8Rax9IkSS9{)qGm3tju;&or!fM|B)d zPk+ijdBD_gH>nF|k1u-;Hg2Q21;N|w`UO5pn)sq7O~s3NSo^oMI)YjWbS?9>;_c_% zTtC}h4CT_PWHC?8w(Ph!wEjrciMYQKPqMUJ|H;N7l~e2lVp@eV;WYA!z#CgoAR~cq z03-F)y1Bpc)6S>Lw=EwX*NUgqsi`Jtk#CCVl_JC-ra?@r7!1Pq$G<(#?ONF*5n#b; zPG8i2VuV*(IU)Kv-bM8qT;7SM@g!YK(tJry6;~C1xMK zk`qr&T%?pYG5L;7#3CL|t=AGKxGqiGs~Y3@I0|PCyE`P@>a+eC+*_!;qs@FU*_JNp zyjs3c)qkHvqbjVby$%k^=pJzyh%2#Qrn-GgEZWUleCeeEzB{PWxb`aq(mH0QCnVg# z@-@gmeuK=HslNj&nxs91rkRPRIVFRze``s@V$Pf>x}!gztBv%^Wk!>56nhT6O2Ld9 z7eC#=lajrZmmsD2`gJp>v>a8gM-`z)eDn5ox2(={>9-GZc_V^0^!i_`L z7cao!BA=kjqD?2Kq2BJiQuv7Lkg4d^ZFG>?&s~hO61ZGv|(J*PBigO;SCUo zJ!e!ig5ZSG=o#jlWxwiLu}F>7^=(WlHL0;pj(&w4J2B_e!~5Ug*43r6U${ot^y!9= zvv%oL&xb3u`U8(2GxIXv-{Qn4IxXQ-?;(4Rt#$6&{Z0ecNGp#eb6gK)F~9Cn!w(u$ zf=br%XEx1ubJ#9nQq~G@bO&3=L*UBhOaUk7z8E z`N44)Hf~a6RU6s|zw3KGKF*U$B0CR_(4Z>GqMxcE61TLfCPYs~OPcvX=%JQYn;>s4 zNXUYH73MEt7p`^9oua0u2RgdCnilofizO22#ffQ%B!b%6NX`Vxvv_=UuY)*ajsqCHe~zsxa~@|)4n$mWFOfSsy7UNo2F-m`Dg(I>jB z=!pbaL=X0@>b7h`Hof=*ETVhJ@}i70NASF0-E{upVs)EX%fBR}NAdP7Ki?n3C(-oW z3jr3>`z)-wiC;7!fM+QUdLrG%-?xK#ai~h9Os>_4?fOqoo|Ly|Z<{AvZ<^s!cJ0UQI;8E(+~~fW zm#22i2`9F`so+qb;M~MjO@H5@+Jx>t16%dyjZK8qchY4%b@jI>j6@$iIv$@u`K)mv zla1lr@}&PK7+0QXCR%BVJ3o|MhE84lu9vzs8ZC7YM{AOj7@{Fp+jTdYi{`mJM;URb}d=k_4vL%JT{0#!!U^Au$Quw(*-ltovX}h z4Gr9|9?8ke$H&D9g{WQ-QXGjk&s;Kt7~A(EJx;`|QSZu_z9r}Asw($;$s~fpnwo~q z#>U3#AKEO0em}KYDj4XkqN)?gIat?1C*#`3K9(*UpShGKtD@rT2~N!#>;mc1Mp%)w zFj(taS~jt-+s`iwXn^soExf8C4pzg$c3mUsO77pj=@btc`=u-Ttpxa4Xw5#!4Nc+D#oOo~f$;aS4`CekPwNK!@Skul^O>Zi-E{1Gi#n|H zfW>}oeWdNcX=PW8fmC4VI_ui|Gg%rC&!zPb(+Cg(tqy)kHZ&RZR>YC=`!u)czm{77 z3zxq`GiHe>I_E*?0?)BpuFSDO;!NtpKP{_nGu^!NAp`_m7%b{uo6=Y0xc4)zqU;a9 zdML{|KOvjS;9?Lzz-(yJ4qCj&Wmz(32^S z&MNK;nJ0xE;1zZ1vnlM(I{iaVX8ns_ES95Q4}9Kx%a;8X2M0R|In@wp+rvN~VoIKb zx^Gw`hIX_2;+bFc$x?Z{k8ih_(QjnW?JWIB3UQHeo0#0Doua*>y$I{v94SjFIdStO zA3Mj*fLrx!UHX!~X4v@w$CceFV%l1l6@%oXUg^FaewVNhAT5pVq9%WCo9$C(Uc#+Mq)LwX~O{;(^@b?fEM zcQk(nLmTR8nX=8f)Et~7NSh2ZD_%rJiD_mlg2_|Xggf3!U0Pqs^ouoww*o6AvRSh> z+3}L^RdS33wPp`2Du#rn(jq=o{v;fd{J0gdZ>HW~=PkDNF)ju7mJzW#caGf`AHi@$ z)84c{(zi84J#d)yl-hZ>SKC=>HqRM75Nb)BqOMwg8sV*gw##=fava5!TWo9>5FKKf zc5D`Dsqgp77)pnhI4)+E@1`)kWO7j=pK97U1)(u8XplpEo6u}y+}NnL!6`5vy6L{w zovuPFp8aAizklt$>%z#PLiJj3kstf9=3qXD&FyAdO8tgZ=e2u@8D$?hdoD6MKU7dJ zN}j>=BjaJ8u_O1Ex!CaaD+f+vO2*BbuP4>NIOk8-+awM8rmGar-T#y_%`d|Vy%0?L zZI>V16|c4VTKl|A0)B}Va<>#ptU{8d56ko=tu9)TyVaR);m6E+E@MO3cJ*rEC5vv- z+SecMdHa-nFJ^|7bFXKxWnFWem0jnXy!OVXC@)*Hs>|rW;gdpz1Ev(7*%GO`-&vz& z2N4G)k}$neGgZXO@BxpNMpD>;yPanDX9@|VbCz)+9A#b&Z!v#($Y$eR=IzkG7))qD z&97ZuC|c8C9;;k{5pJgpG4Hug#imig7ro;9+_NBjg_9!}H$qD63u&Y-)+|gl|J^sQ zRQzZ7@pBddj`-%(hv}8AWAJ*G#pzf6_jGXnwNVn@0%@hRUk$5`g<6{vH2_z#Ung{2 zLXEk7;Mi{bV&$WZQ?Hb-GYuAWU@1!Tx_B?;hsu>slHMvsU7fRFHBXgM>mjy$e62rp zl?m?J8nc!PB&wP<8KxhcSa!!hL%MYa+jDIF4SAo5jJX0&z}Th&j~Ij~?^LdS(zP5U zS9UtTrQdxr!HQ1$dTm-B=TK4F@UZuZ+M(;qghzz5_6a!JjUnANzfM)xqkk*I^*Ohf zUyDn^MxFix0J}Z|05mrh#eD*v&qRxB^wtSwF}L(8Q8ebW1?FAzm+Q;fl#d@CHCNAQ z=aWHPFjuxAX_na7|4PSdn9I#k%@t^$0?|Yojj9hs2Q-aJ88oUlSZVs6vVZnmuOk|mEj&?@?jvQ7e#exo|j;M~= z=V0<=WM~rKqz4f4{rl|NjUn_z(JZF{r1|*#6akaTu%qCcatW0T*}+FmY<8^MRWEK|qq;u6lue9$1dt-z$zZLadHdBbUFH;8Q6eb0_V)H47E|-N{V>-8 zC5b&mun9+l$JsoIv!W!E=;TrYyiPU{G=)588+gyH0I8+c(C(Sg9}ZJ8>T+^f@n^MJ zS-z>Bn=TK>afc|pt63%+7nX`sxR2!O7n_@#J$2;{r(O0=up2w7EfGFj;%#ke`b_)9 zFiU^zXkYjE7b(j57>A$`?y4XbOof15otQ;P& zwI+H6^8aN<@pdO?|4m(ui-8@^xP&=h$5+&cX{rs0sx~wEr55IuXS?8w#ThRclv*!- z`d0s@tNHhY<0xCQUra6ij^t9#1r_WXSt^{uD!JD;*Rgf_wJiWQ4W~W*e)cph`)Yz% z_(Pme0oX)u-YDa>IoUeGWEINB`4WInoP1HWRkZZws{TUQp)Bj~@d_A9e;h3~MWT+9 zwekU+3LAB@_`D~QEeW1g@(K;ch1xrrF+!^mBg7#S3kQAid*eJJH~jRZu!oUIFesO`Vbd~wk^9?bqp+AThbPC) z77bgi^T@>|vGsbxw(X88*w($da8sewDZWt-j5)wuTd5{D6+t8LuZmjEf8@jfb|8_! zLFAksNr%H@D9UnBz~*!%~rLmWlmk-Rrw|YcWp19}HPpsY=tov{E<%VZoKjXHgs8JmAi+ zRUMi6>-p*#mi^|D4C$B5=VvbU|7~fsxoK_n=E=|d`6prLH{)c3^Urhsg)qdEd;MX< z@_XcTPB8s5e<*v>KT7Mrk1P}T&-G)>{wdLi@1IMg)c&h+Y}k{bHUnM9CE-M=_4otHO)^JH@4k=z(r&p3sD=K7Ms3K|>%U<>y zoMRZNY~MRqd;Mymav?az*fRvyx^r1LyIIY5r`UKTruN50)`l0je29EtmamR(b?3t|3?jp15o>P~YF<)aH>Bz{ z*|99x)nK`?WZVjC>+T)APm|^!Y>r^S%Ie#GBjHhJOVR{?Nz1WqgA;httyNqE5$)XX zCoLUh2uw`3Lqz>V_iX10sN7 zGIw4|9JZ3{B98EY-nOU zgWAtarx7P;xDd3n&PD<$c30Qi`Q3N?3Py*y$ADUOxL)}-*a$@9C?S>Us{z#T2$CnDvYNq6 zY^8nJY0ZqsCgjSMD?(dg8psm|6ta#T$v_m#w(nKO=1_@;HaIz&ZJ&g$=*&`7YGR^D z0k!%-ya=|Hb|^f4e_St8YAZiKZ;f|QX_`}W);4(GEWM5q@r(x}XJ|k8?PbVTRxoRt zBY95Ho>mz5trkO03%SyTTedIlLq2`F;5?1p-fS%TNwDnJ)2F?Kv!{ACS^JvZ{@6M! z@4#4vx{cOe9nl8Ef>?it;lWI5@fORt*7#BRwR($zpo#xV|OKo4j9^Kw_ zh)p@o#TD3K_OSM@oVt1dlu)+ym-%^DJ|3GJa@KxvwzjE>7vmXZYcGSsyxlH%L_9|2 z6zdS=M4k{oTouVT3RR7ISYQS+rBaRPyo?Qx32Ca+`TH`cgkG^& zwB|}l7u_@0fLFFl`?RP-nTq>9vUFD(t|tc=90Dld;nBh zi1Zh3FLLzuCb!Dfs=~_Lkxv_tWF1-X=$*CX6AH$uu->=r#ky0z1XlbXobU=OSE3oK zYGlq%2Xlt{Z{oR6Tr?o-2)F}FNYDb0JCqo<@i0+?eC-<`-Km-6gW}$6tKXlccdO zJXF|!5vTjAmA^+-Sh9tZ^mJnHTl+!(m`pt}f`L3V+nfMSjSL?H)65;usovBHo$q@M z+R;L{pg=NLK!U%nIKa5Uc7i)#t|-~!=7>hR39OM@Hv%3fZ=4dUk@zkW#X9b66sg7A zyfp3LA*LZPd8#+&>{I@J*aI_1nQ)!^+{RhFmcYWA*d;6s1%wf(*_7)(9S5jkN<%aq(-e`{+Y}PA!RkC&ZefOmrARh*(WWVFv22E0KunJ zcBzX`lCho4TACWd+Ee@5n3tKkU9sf*jfKA4T1Jp=$;Yu&2ojeYzzNEiMsp^- zuBO9#p!T7>96_Kb;GZ}xru@bhDIOnOIoxk`IUqnhV@ymGBEJH(d|PXezSkvB$#}r3 z&VQ=gx;XvImiF0KaW+8cKneuCz-EAq%+_J`?$dr7C}!=p)I1oqJ zEc`J4Wliq1jM}si?9*u|CLAc-uI}6mTv}J3%)TCF?ZCXaR6!HQbryIrR{$qKj=O>F zS!Ldse@3CSz~Of`5KnU3Ec_T0E$+a97V4y`KtCw)!egDCd?-XP>zUr#)fr~78ZT>|!x{nbLcA!=Z>PeaV{5vnaL-lIRGl83{UruSWj z))8E?zJhi8qfM0~(0>px6}#mgh5oBn#t6QXjU(KN*bnuM%e`|9IQZf69qbY`{C%JQ z3=-pQ56&XInu^CAqny(l*y?Qtybk1`@uCS(1adR|1MzBW${DILaIRG5N!nDQ7R1g3 zoGLT|Vh~>v{d}E7HRcj=HDTl?#S+mdhUw`72HGWO-dG|;_t85^IxwK z8-F~{leCrV)4t>Ni)yovZK$^@>-ZLaG2o|^7Bgf7}JQZ ze{SN^(c@!@Xat&)YgDM=-cgc#3qc3E+v!)OyEXI!Jgh6BP|ypA@RA+O$!q{X&2hc8 z!4BhJl5Hd?Ldj0FYW7?y97F*kGt_SYA&ph zU77%XR0Q8(k+QOK+hFJOxI12B!wyNu&rGe@@+K!IzdRxd)qt6sk_Ekf zmpgBSB+gt)O-~oGkbT4O@j<@JA?lSQdJ$=zcq(=#`9(m0DA4;fFB9JC>&|mkrj{fX zn>^Sra(F8G@mZ*bWEAHTp)?kiU>fK*ojG$xG0#+}?x)-f6f8mR1;8M^rm#3#vEpK# zH>3%Tx|?BD-*`>Aql?%ISi=-aZoR8;&UXSD&hD-~BJ=VuNjG#mB*}X@G$LvAT)c+e zS92<%66gDN53@UcBz8WsJ>tGjjR!WN>97O&;nwprm}03oCaq+Amk;+#3D|ARhhJ8i zK~Rg3pv*q?o!;ih?&4Ht*6d6)qK8Viu~F^zD`wM@a@(yA7p?lvYvEme00AP4#DmVn z)@s<7kp=pT?3-_ozvdmeNC)%{N58WK7vj)Y{I(ra_Z^GpUy|6I$+3)l@O6rR2XT`A z@zX9rh2RsoWF?!{kv^)pMEb62>`~ooXH? zy_G~piPC`|ygQgOTp26=%`2a2kl^hXxeG%OV|%r7s{``@vbh=c*1S^m(FkWKsEpPg zX1I`LqkLcfG+}a_*r_(ziyTw{DpDAf6Hw1$<)In|TqEfKfJzYf@_3Z{xUK$Mf}tc1 zpd7hP4BB<>2Cy+C7%@}ittGM3y!PBDAdWu^{~v|23J9lB z`7mTXZmCjdcYa}z9sQ-gptS`d6gclxi?6GZ0g(>e#@kaB7>Roy`}=+-h}cOx&4wxj zjt<<;nU)DJ>hG+)45GuyobESfS4*-T#}C9OD7!C0t!JbxyUXE6Nx}?AtZ4dWAE2uY zj}yOKfm@BaGj~lr<)@wSU?wsv$lyYspAx+kNza6 z+L$!~5-bWQn}+h<606j`%GwDbD0^(rrDg_oCsPyrpxopSEJA#ZA^-2vZYI4%HtQg& zXPOWbcunOg!u1UzXSI@;w&n!b*I@(S{)%Rdx@Bi*Xo#&Oe*pu^qgM|vnmSL4XgOXZ z4}baWl33~Q(Kw!Tx}d?#(PTkFhY_ZmkGq>8R;P zL?xzHW*+!>Jh(9({zfg0Y|e@9e%|Xp444e>i@fj)QwAU=+uk7o^(X;v?< z0#5_y@U(8T3DZd~d%1>3x2NAK7l2UKc zs+BD-xsIORI8+T-a@FOhY>;dZHk|#OuQIJv|H!MUjHh#F2o=|BD|2}2sVSIjkE_or z_X5W^^~H;C#jM=A=P%N$#ya52a5AVCVPy9Bq7N>(o``VpDjVwA9pPrJRa-f9P@v*R z1632ERN~oV39s1O+`^JiLP~ukGgMUq2%bdh+OrH9LwC>qwN>C_0ubj`UMU$&bY`$QBWaCgESACp2Fe_SQHmXT)G{&Znw zd&TQ!h)Gv~pe`(God4l+v4(K5=%UebrtF=7c37{qY_)=x%qW@8M|}MPafm@o*S(8lAV%#$Z-0u?Cq8URVM45z8&bi9_f;4iGaNZ4;yvB=v^ zmiD>v#Le5o-TOuYErrpw9-D1oyM=cbx64jit;Y?f{9gfm6TT|h1}v|-Zz!l zCIMHL_2&*_L={bz$`ICYrXPQ8m4sajcfMnia(YA?VfhQ*SiI!dvG`@0n$MXE?+!k( zbLVOqY1RE!Ec<<}7-Bv#TIqqfT^A~J{_v$6;%6hMSaKHy`kw<`OL2m7ay8ki;8G0X z7|Z&XdTGNTP2zrFj^PtraGgm$Im&{jJ!)}L^4_gMFD2Jqq8AbEl4s{7vtl_Q4_J0w z!&BqBN1uN@l{-W9cC*lxPW$s|(ZEz@;Zca?N@r0PJDOgFu@~S`r$c?5o8ognE08ij zelxq^8Uk6+Yy*dl+~u5^H{4=JPu)r?xgBd(+TDqS$Ytk5Co)@3SvhY!>Q56>Hh4C0 zu4IaE6d7w7t$<5k62d`VS4+}J)E2W`mmNub49pdZikwa%C*C4Gk$~l%FX4!6^MUz2Ui$!CrIwyLr z+M8j(V-p+LFoCnxvdkvmdtVk3U;PSU?C>Kcx$PW*%7a(f&FO@b(*tq)=+TWpRZiy; z3B6qj$P6GRRLn1zab~bCDMxbSo3f}_%%3cqK-y?$(pi771hs~V(c))SR8K0*Uld2qf8#y3{uF4Hz))XSYEC4#>3RJ{yXE{oJSu_>qEu&)}0gG4DW59p3vsZxChr;*X+$->mrIKxC zg2)oW-0{2t-|1m4szRR~0YfbTVxo(ZE?d2WC0wzI87=7G%!b{w}P%OYs8nP6=jbu61(hSR>gXlrez5``R$2J?bKYD4oi~ zLU`dL*)-{#R~z}OZTR;_=LIRdN>ci< zm-m@CTHJMtc0C>;t5&5yc$+MV_JY9~HXaK9WJB@?ewE=nU9zAs@$DP$iyn0+xsb8E zfkoTJE`?XHZ2>#*Z(LesOI7BFPf=MJ>4}sS9ZxPOgdA>7MXqr{cGS3LZl$X#vYBf( zQBz-AMQHgIl0#}j#&)Bg2v}?pto6w($ukod5fR4A=nAwB8lcn9QWOqNjI`0+CNAjL z40pPGQx%Rp!@&YgBxG?tA|Cu6sISmTMsw3%2y4!V-=_yWSoUki^A%8CnCGS#8>^$Z z1YBz;T!B@C9Kw+oXE(9Jc{`vAKyY2@VW1&eB`V%wwrI*TiU>d9N}l_;m7FUR*tYyT z-w29FpoB9nC@0r8A;lL;let?@9bB^Zeq2=rKyx*_vG{mGChLXX*lD}VKWvLenCMbV zfbSaOZ~@&FVz<8(6`Kc$f+mgFsFAL!pqFeee8Io^> zK^6xMPa<1)c(Nt-#}r`q0=hpY&`n+e{{-5dv>^-pEIcdTbNJtLWlk;sX>2qSI`TJD z=2_-A%L(AdSh6#*~2+5}7!F1Af7-K)9*l5UbH@8Wj&0DuLuL;Q*n}lt?{)iUyX79m={&lP)~s zdD^Xs)rUwk1>~w(W|`sz(fnB!d$*Y{wGK9032j9K?gU*7Z}!znX0N@_!#ll8y5UwC zCT8IC)pS6TL_=tG?@CFJy8L2@MH_TTCAT)$rHfjrJ#LGBrH`tqepgXgSL2?-vwp^x0BGFobVQ!O*3qdHsaIP>8Y&h^ceeH482g_LZ8vk!-;fzhP`c{Zoh=wn zn)`L!aw5mx;VL<)O=KDBxbKS%sX^gVh)e3igD#^IesR*c5BZcr_m{ygyKR2hlB+ev%V)o zo510zg3Md_@w{#*SqnKqAduesmSF44QDZ&Y{2?PgVBquPr`}5hW?h?vKW1R_X|@Bs zX$7g^@Nl0C9<}o1 zaIOaQNIbjlFpv^YS;_tfSEggebacq3u;G7IcjkdmuW$di6qV8eJ9 z*}@cth&YVhphYT6N_J5WO~}3uMwYUZJv&*mhKzN1u1`+oe9t-GXFJdHdw%|!rZns4 zzVGXOz25JuZST#UccI&GUP+~_+gK3!O=KH`!w0@?{?ntxA?Y&FM}!3Ej?Ls0kyP8v zvW&*YS>fqCV&HuXCzO&p&p7(A(APCJl=A|xIHXyVs0{d<>OF|LUAJIJ#Z*>ftzwY2 z7Qhf?;A#>JDRaIRZ-QWLn2{hIYG~4IfkkGJI6RClO;1>#lUbu=5+U#|(4296Znkl} z1{uifrsd41F|0*J~sZ9SgsbkPBo z*3Z>|^SMkJpJ#xNkF}(>gywrc?~P~~mt+8OfNfPx zcm14=WG%l{kou*CDZXHmgs}+7BNW%z{(x4rWAY7G#*#@tPPdz$p0D+v)lrXwZi3mCu0MW{UT@!@w@_21N${li;g0gVrlFa|Xn z=ITF7rTJS(p8vV`=I_9d)KdIGqr(_$cV<~K9#emwWW8yO5~j`4s5{H(`&UY;T>?{{ znn$F;*qzU~AOFdVytJj(pl-uGJhPf4d!7lUF-_nie(chLZ4m5GsbdYrIvGt~Z7fVl z(lr}o((mGDzQZ&)n#da~A^6Ju+KGzY%^XnAb1rLA3QJ2fyLv=DY{>CYb+6ERx9OYu zM6ZJvAtvCGdfkK3%x4)$FCSI_PV*S4%3obQ69s<=8jE@f2JWFkHwOM~yn%c5Z!)M`=FeTkPr#y}~!8$m$eOg5sCvCNu$=}p6;Yb zYd)9xv90580?9nVIGKhm=AXZ&y=#-YHtKB(|KoP!vXzU4%v06uuY>?>#835C4hMog-6!DWH56=`O@P<~>44Kf5sF*8^hXyxI zp3|KdlZ2|mh4J2p?zTRw=%{y~>jT(LMh5ObV_=tnFgy&HQJ~-na&X)mI@m;XthHR> zw>#3xcffm8x_jDEX2VOmSg3Ava%^S9Pi@OdRgY0wx0dE#0ndO48#pkudvPJ$34+N0 z0XbGmMg{^18x#PDHx88O-&}Cy2t%X&unnban7lK4)=5$))0_>o6w`cY8GrfOq<)Y} zFYhYv#9|+%h4fn%DC45(Te?#?9GuK+Pk_XE+7($IBYs|XbV z0q}jXg)4&t4pTgGNCLV*agu%x0|<$MR;ypr%2SsG!)uBp{B&jOkMOC%y7ujT$g(+KCloDyW&#rG(8IxykfD{ z3MbPwivZ9-u0XgpX8^!0V)Zi@TpbQ+z4kf&sX5fbP;DR>U2ZrpvJBuyuBvuVYo7X1 zoCj_P+zdKAzN`mhd+veI0tUCSaQB1i@=^iN3{y z!BFU0>@KB?O0WNAc|Ae zVdB91fc0bWDFO$5SjK%q;MaHu^vCL&8u=?%7~rHq;pTM%8huW`%aGivHjB?idI%9Q6C8Jt`|4PsrSG2qCCaV zEhwnTI2y8HbOg;<)7nlviky%+Ugvz+K+aTOFCxl!P=!wMc$ea}=6|>}>#c z)wsPJKEs+&0ZKnw#kWVK1>!r}6r|b)D|^qu(8ggSu2#F#ARPcuHMM~(io86Pi5?@}Rc2TRfi1*e!#pMT~c6L^~Z z7uFpZ;QNK3KhU^%;M-*ZG$p2pp>^$&?nqe+GKC<@cz2DB@_%SbEHl-N2& zEIQ&l{v~njzXt8JeJLi=S$DE?Uyn(n$?8QJ$4YA-wqr9o(a-sf*$Il>%0?wpL#Hiw=2P6|=UJQ$6bS%-p-53AfhnP98 zndKm&q_6bV_`h-l}*lWqQ&-< z3w9{2?nt;T$8}6+*2|Tz3ea_e9!yLA*&WST;b>|9&NI?74?8{mu}}gc;@lAKvDyZ@0P!r0d;bV!U7+LUfAN$g!^^bDI*J zawnKI8=!XuI(DDE>$iX#a2d_s=LW?&$<5@*^_RT&d^hD)c&x)_hJu`!LF2oydcoKv zTUCV>UE4M`5x`zP3(Ev=K7=lv;I%`-SP;Sl44|Tu#Fv?$e0f@OAutBISMLEwNriJt z*Lv^Dbub1$S?;+F<{u>NM)yWY`tbe`47zjAKgKr!HAb9}E^{>6^4EWyN3%p6>uefY zP3VAQApkQv(j?mU-X?24=<|ntmaCXX!%zv??f+hU&5F+WruFsn!v-jQbgrB2h7R`Z|{EiJnc2f8c2<8iS$t^FgM9 z@x+VaL}&~Ee1tfzCXC_g0Q-p`j7t)aKY2kH0&(mt^LZB?7T82!iMzyNwphnaR-rV` ztZ7R(V$)wrS;~dEaaz45QVtE;O!p%cdhak`+9q@|YLkF3@=0a(E zcOX)mz<0M4M*`cZQ^Md;hLzy~Xl)=VNfO@uNz^Yw#RBBoZND%>>`k@p73JD+v1G7R zU567?AUqJ@N+EU~=W+Gh(LE74Y+lL{?#=98PL6(L*@afYiFzU12x#jD_;|Z<%$HkuP zlo8p?Ll9u`i*F78jtL1v%{$-%tin>!d=!+}oe5$o9Hd%2y&l&baEq1-SZ5KPi20bZMrkl z%gd_!gl%8U4aBNq4?5LUfjqagaCQ09B;&$y@^B-DXq#+y0qILrbS81{DoKnr%%hCC z`}hR|o=l#A-HP%p6TKP#waXCdKOG`dKxs^6wA|R-T8q`Pf?%fi4P52)gtWb;MG(|S+HbjxdGt@ zCcTc)yfl$l0MoxhPj8^{HV8`9CUu#ikieUujh_1Wj!sek z)oswi<2S2QNA%FO^5*Gl^J9zx;5t-IjB<|_Fs33%-CzewW|lip0`8sY(nX6V|JEHL zcl=#m&uCxu-wUlhu}^1)V4REuEwiX+ zOQKQpGiF2l*Vi#acjYbsmWv!cSJxl2$vr;hl46kninaf8Tch)l|HCuux#uHAyQvm$UjZxk!C))F zeWTZ50_-artk%ifGQOu8Z(wqav^Gc0_=>ZK#v@TP3A7tgGnxMsHDez~0jApjF!r*` z;&<3f{BPJxG1pJ*C5hsA4hZQKqSVApuNSC8!lpFDn*Wwp>WTz6XzbsAIkjL<)Y!pD_-ZEHdGmi z4WRkQ#g#GJd(&AMd;7ObS|hHSxcRp#mAYFFDr@10ndIaAoI*?!I#+2iR*hJ-ZNeVg zVSMdyh~G`Hyy8**yQ>|-d5gG?9zBZWFCq3)7?rdY8I=TOGP8t3P0Hz4k3swg>3ycP z(_`C#i}Vk>trZa-B`6d}b4GABdVTyLWG)$ZX3HcvV#1o6FN0C{vq+sDgoiK*ud*N& zxzvz{0+3qxBnNgU+HjRCU{qk|o|8!JoK&)O8E<{_4!rDT2scCSi2Pc;%sK@a8%#V0 zhdxkI2gAjfq#JMmy}To*nQxwl{lm$N&RVaUZiF7R1+T?<0*RPfeZukvrRcv*ltFMV z!xYAGne{DvtT;F%dZg|%OliA3EIM;==|@NiRRe)_nmJ)^6uU}IhQx$OeTxa{Re+kd zh;`qC`u-PCz#6pm6+8^rUer0VY zVCq2tEQW*97XV{Ex*6TRyTd2%O3CD{%oLM3I7bw$e3pSOpcU77-cZ1|N$(y0goH^C z*hIo~{R(lK7t|gIM2p)oyTKGB5(i_rK3|pPc7&iCXU(%&wU1b33#?EmfR^2A z7bH}q!Hs08KxZt35-i=>zJV}Egv7eb{CeUW!q9JqB6KXC2>J1CNzT(V<7OVITQNmf zDLpEMqQE|`^D=-iTdIirr&1F7t5sgLGY`2f8nDdH|AvMkBT#+EW`@b`#z7Q$4y=&6+I#8-SU$M3rSNsS$NIOl>lMH z?*~PWv!q27EN16&YfR`5Sooddk;`8<7X(3h&tZDVi51EW+g z{&S$r_TLA}guVTJpv;GKBv58)_-CL@uDZQ(wJXu9Sl z%db6dzvaqA{2^CHRs+eEL6g4smGZ`BoGxl;culM2X)lNZPXHSuRqa>M%xq4JGvgW8eGu zjwfYrYOZIW1g{2g!xbuXKO!$0&9<+lHtP*hF=({~ zE#NxGXNF2#xSM74Y+Fb3+HKbGY;x43^()>#gvRKW*o4(`@q^wBr88nut+cwnRu7SH zF!tzwor;k)_-iW0OnXNQ)^7Y42Du zu__uy`a;h%<8msgdP;$+v$}fA-q&Z2jJgpIN`F_T!S- zUjpPAQp!N)+boUs%n%0LP+%6s^QE$q94J7=lSNuy(oMQB_Gp+kkWmkEf@igBAnvdq z92po!=dJplHIgUE)1|gUXs0+tXaMww$mDRvBHc2A*eM36@Tzt;!o_9P91U`&{KA9B zRvy?!j_GP3Lm(XU@iVlfVFJ>x3 zktifQSvER$?T}#&$9#!fuGOnusWD)4>bB%dbf^|HcPLV59zhRYiNz-ij@F&eve!KSxEnEK!MitDaPQLm=iO=cFu=y+PDu z)Vo=NQU)N2MmA%ixJ(jK*K~@m6?SRI2$$A=RFsO~OiAF<(eMF#_%DP9b3H1RgGeyb zaN&Oqj1dVrquYAxbfGx>H2WD?K}<#{GNk5bOon&c2A`1yTS$Ft8x@R3x^HgTT871X zsQ``$ZdSW<#itFf1=PNwsW|eI=|1c#X1&t)LPlu&mzd(G(y6GQ80p=A(Td~7vhEnP z$nkgsdLlXDNPglQZkgkcpO+*ABO!Js=xaVNx;Ca}nYtIwc+^EVXR0rM)Jk?(kq=2sPu~Z9rgUF3 z?ar&|+aXDDwAIU&3?|y~gRk{lPR_4v(&d&J2aNtO6zPm(A+g0^xkXd3Op>eF6~rW8rL<@@?2MZW3p47|R@?+^jY`0Z!Y*ro4x`S|c|o_X-& zZe00h1^dV2{ZA&9G$qDDBx?7^7KAXVe0n_bCt+gk)IHw;->m!(Ik$|ykwM>{Q3FN< zU31`j?o6e?&&-(79rnLRDdZt9ckEbG$##EZU9F#=?e|;%XYiZ912OrFgqy$kK-Xos XlY>SC9x1eu!Ow+rYVyfvQMdmM!ihY5 literal 0 HcmV?d00001 From 2db706ef55f178f69e5ba04b5ccb54999cdb6fb9 Mon Sep 17 00:00:00 2001 From: Varun Kohli Date: Thu, 9 Oct 2025 10:35:33 +0530 Subject: [PATCH 5/8] Copying Workbook Preview --- .../GDPRComplianceAndDataSecurityBlack.png | Bin 0 -> 250029 bytes .../GDPRComplianceAndDataSecurityWhite.png | Bin 0 -> 250167 bytes 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 Workbooks/Images/Preview/GDPRComplianceAndDataSecurityBlack.png create mode 100644 Workbooks/Images/Preview/GDPRComplianceAndDataSecurityWhite.png diff --git a/Workbooks/Images/Preview/GDPRComplianceAndDataSecurityBlack.png b/Workbooks/Images/Preview/GDPRComplianceAndDataSecurityBlack.png new file mode 100644 index 0000000000000000000000000000000000000000..39cb67b6a8fbc700050d9610d5d7714d9ef6e3c3 GIT binary patch literal 250029 zcmeFZXH-=AwmnK~tKBNlDmmH;f*>F&AlU>6N)9DZfP$nVNzPzvD=ksUl5?m63M3R6 zTLdJ>A{Qu`f+FYm*494vo_o)SH^v+9eR_XJ(?D5!*WSOd)?9PWwcn_zC{UkdIY~uD zMXh-Mo(2`wuUIOopOt<&4zHwLB}T%JpByz5?oj2mvCYCCKbzlHzD-3{5OQko$uao* z*Jt;29jT~jYLV}s8tk&3Qc)eIE8e@U`Qv9{uD9tix6Z$PYd9(!%3c_z z{PNF~(ROFbvG>#O%dZz+-yB|*QVGKU!b=C2@NZutp9iG=?N9jiIr&}+%l~*ON&a0H za(Dmzm8H&w{pr8|gx@f9Z!rJkh371C|K~J6Mg$YCInICNWb4r%L#9@UuEgM6VuL>v zm1~q`XGSn=#$Kao$j(pth+cnTC4qU(HTxwrvsLb&@x=Uf=DM|ax`U=*ZuAr9^Xk;! zU;lcR-femnltoG`Icw%M;#nQ>rS7e z;Ww+V3t`qd!I(H$Y;=S6=kF)GweGmQq?O5>nEfR2iQLhX-1H1ghvgo9?+%?!!aXl- zryNfp7qMPZR3Z`T(LWBMN@Ce(zRt$i*eGb2b*GV7QL=~MZIDAwZNB=POvk`*2}i^- zUmv;3XuxpC;}!3P3wH_%3Sw@!hnAJfKf1yoy|+}$B5hVgTKf9+vG@MEn14`^wwG6> z%=W~&b;=M*GgC!7RX%8*+#4<*#9~SA$tDjG@MSYEux^melSpJnY(II&-y_x_vEQl z*U4HNo}6$2DXFRS?CjpRYfiveBw=GlMdS?sKw-}dsUCCRra2V2!mAbFdB}~=5NJ(3 zszJXHfeqW{P^q)e=`-|JR#&euE!Hcx?7p;4>5KB5z?cP(-t;$Dj*(J?yY>I;FSYyl z-@57M1s;{E>EN_aF$msZ{AP#c+oeSYK4}NW(1}gx%9my#m}FCq{SRYT)pPAetM!U3 z-fheeq;74w>E`NCh6t(wj6yoof(9)_A2@1=sb5qG3iW^KgZxUWaMd(4OrYVA;uTU=t=b{uknvit_dPI4co^ii zJsA}+wOP+f9;u2g+o~KmtNcr-!A+6ko6}W}vL)&TZSglMbs&`$HY+ zwZ6GKpc=DHD-qtk_Ni`i~WMaw^FEqE>4QBV)FYarti@0V=rmI?Q zlPoWBwIk*k=$Dn1HGTQ=Ha0f)$dNp?00x1URP=9+JYf-GVX5KaTJcivxD;7#TD;Z! zxkSy@Hcuw*F!?wQTUKVGyZq(Lmz$cKwLfwGI@K5#HJ4YRGU~G%Ut&wbMCH4ZwLYw@ zI5?AgE^~9o7qOn0p6(s8B{oIy({ph6+#c1dq^s_RO(%fPzjcmBMXNhQd2(zlB{1;x z9O>Z?e)nren zfxBV7aIMB0%teJ@4N|$Y^M%NIcjca4v+GqVecui(XU#rXH~kNHFB?|X|U3?aA$2cb%Qbl3w!k1>x$CS`=Kgv zQrSgCH?jlAOC-Xb^Z2a>1k)&zE?E$sAtZ-=ANj-GQ3;2wd?_iZ8@9tXEV4e8?sSq- zpCpj2#28~m+2Q-rO6;JrlkUq-CJnuNzEDtKtW2*715ZR$p!Nou(swTy}9Rze2#?6d{#$?TJEC)w7a`IX0*C0Lq@##QzTK)Wp7FY z*=kmKv)H{ouXu?FWJ5a7b&}AO7c&EenR%sSC(Fvq-UlF;L-p(nF|!&%%Z>SyLehPW zeS(IM-o|FWc;Q8_gt#$SEpLL<6TEA#b^YTjl7m$9qfNPC1F4IC#G+s^RF`(TeXo3EiL1h z*{9TDR2;*==rtO z)RF|_D=gM#WIb=(A{uy7idQx_``(As-qA9~8e0@j55jO10vX}rgB9V5Tj zsr+l>B!}il`&;9DNRop5u)Dd4dh{q-X6x%+fxXc?+q=80>##N%uAm}(W!+gWqWSdn4 zlQvLjX4RKxP%p92U(o%_rNLf-9~sHs-d=C3CS@`au!XUS3H_Nf$!`sR*UNvFY}Ojb z9Z+{6pe{xCy7^^MQJt_$sv2-{a6M)%Znd_|JP)IjAhq=?9}d~oT%W4)+IFCjDo{Vt z++evgZlPjRMiDuL!*fj-;&nvKXdtuQ7fdnVl`Ac_KCUC~nLY>G<`vt>_!5S%^=4^0 zRB`xhJ(0V2k5@*<5Uy=!p<M!5`SPx!EO@!vah=8VL%ug^1TZjhMl1`E6CAc4YKqh^0uVmm(4IdErto8NjJ1CYZT@PYikiG?Vwn_Vme*G&HgBI&c4nsJu>veW^lG!zSM64Fy{$?`t zK14tELz_u_g;Vwt`WnDC(}cN}W;4xBAKckpw6%3k!uyTD>O-G*V`F1z5#Q z&qCoU>`7YMz7m@uE=7SOvAFi)zCntKQ1w;{0;k|jB;Q4En!e;~I~x>S`h!TOW_D)g zYz~q~G)^(%rjPZgL8FOIX!Y)bCk%psen|_H=(oR5tnV(?SixPCd+$+1O4tF&FZF3h zM;X!G=i_~=nXCoygf*tOlV3XaKpZVsyBZL?-7c}QX)WE@-K|;W@hTicA!XQ9xL~?V za^3T_-q;IiM|DeopcpoZQbIR#e2I|N#@wfk2UaGPWW4o8Mn=e8=>en)jQG zX7PqUl>`sNvo!-J-@JL#xwpN_AIObL^W0om+1Th!e(6WYP@-q9p)oN%oq2F{XNbtZ zD4D~Xz^}MT@=Ubfizb9@NAog^NpMcKI_^B^cK-VD4-Mg5SqR9%AdZ0;ng>`MZ(PUfaI(AtcV->)>k2*B`eR(OmZk|zts=V zGGnz3VC~gv$xkWObN)P`#Elg&Sb3?ED07jMlT&(g*io!7C`L zqpPbMn)c_PKf_hdEd6~qLtMP~LVh}=ET@$TMVrB*Ml?DZhG1@Rq>oQhQh#@Y(*5_# z6O#)IdEYL|Gc_MJ@#8Ief>I~GeM{co-LyJ9*mrPtR^LCqE@J%o7wP@A>zMA0+)z~> z{!5qSGgab4?Owi~(p3zl;gm`{dV+>mNC@TbUWRO9V`JlRrxf1gj`>!x(VppZt%Y-u@NY(1cHc(8dY{cItoFE97aIUYV99tDLE zj);JOfV^snN2=1=>kAJ&*U8x($#)~7qq8O^x>r_Kx|Ysdyy5Mkt^rx(?TF8=4fTxd zty$(-|2J>c@7#HD@c6P-!s2-kY&!PmeMm5zM8X8c**z`oC6$Lug zQAX{YNbe#d(o6dvL8iPs>7*1vz_%iBDIp;be(#vv)HM`FMG?q7IFp#za0dxFi1`xEe7d1dWUbC+tDq1uR0QA6 z5Z%g3eyJ#~OI%vBXw>`t5-uJd9@4c9hGJ`GUWl1-acqz(=OB+u5AWRy0Pl&#UicjF~ob)Gy)hN3QOe%_jNb4T9Y!()(`+p>JF zSW@Y7cD74{HLO!&j{9}RP&^*L{5bt?Logu2j^tWD*vmgOuD{LRf&O z&FWW;IFeO!ZM*$>Y3f`@m^qUN`&fW=_ottJEW#p^`B8A}wJ(4z_)* z_O_O>nwh~!fPfL>$6MnCQTy8(sY;(aY=5DSfITDj)$dbH_i_$ki+EsqsB@FlnU!m4-$KFbAytHLD2~B!$BnLZKe>*qAZx!Ocis z5lX;~G1d0)WH$Bn5qM{XM0HeDR1mmr=sp>t(Qr@BKD8;!B0(0vtD6}bHaR|?${~F? zPcE`clv!C{*T!J5y?OfPY_uo?=LnU!o5_$G;}ykIgX1M;BT$CF`+TQ_81Hw#T`_(= zz-|0m9KK7olEV|@Q}^brCr!Kq&#{=xoTFhn<=e)$b33{|Aof`qX?7SJ6L8hSx-F#k#Fox68MCJK=&DWDnoUxWnqzZ{4`S%MY4pE8-2`3KoQfM^FA&vt_aW+HS@K5cVD0G z^xh=l1Zu3+=aPCM_2_gpaw*44$t5Qzvq-t+PgSm$xa(-xpE6ji+ztNl;X_13M6T zSgI&2EG$3vsF83%T1u*DDl@T%U}uC-QL=uAS75gm+YI&QP2!uD)>gVE8Z~b``+94A zt`AjXJ#q!Y-1-7Z|M#jpYhPc|VwGb>2hSGBy*y5%0fPgVh^_M6#3Gv*ro%lnH0{kf zP7NTp!Xfthad_N^5mIkYkS=yxHU^}a1)-Wn924#nG@K1}w1{2r!}x$vFPo9d_t&mp zp9J8@KV)=S5i?M(t?tmAT$^6r7BpC;PYB_}!@MemLQIA2*DYe!!bDHUpyj?hXgye@ z*bu@Q1v^B-Y2M;=jYKI9ZD4?)8vbk7x@_6BSD1oALQwMZuf6v7;I?ITuP_wb^{GJC zY-(@sjzE<}aUCnR6$l^@LPJA~9H&)Qb56f{^{T0*;CS@T5l4y$d)$3KpW zI5*Kz-i(+e#P{x3s+iOVs<%`#DQdv~;I!nwe?8ZtP0z-LUU0Wwjclb)craBdlBqOZ z-n2jv&CAP^u-_}K4`#>xe)shZg)pk);!*;MlbE`j_;)K75+=r_C+GId?ug`iH*8T6aB4QrpW&>hV`92p?9Y_PHLIGGvd2$R3nx zv}X(wy(iu&AjCj=Mg|7h0G6B2l6E%cGTm3FF2mlp87l5(cO6b^paa_#86(1x2Adl8$X&3uf*RG6}!9H>7 zRu+RZ>fkqOL$>85NS1l}$ZX4E%ty+p`x3TjR9He*T%)$s&tX`8~dh zq~>?nw;*I5GX5SJH_f8MH0iEiIU_q95uLIZ$2Ms`O`eEZ#K@S*;bzor8l*FBDNYC^IZz?COW!FDxvC zrgdiqjJ&Qq*qK`&saV7Uz8Wkr$-Gb^Kl8Lp5qAF6sY|=b4V%p;~yKPS$ta z&Wj_;tuZ3nw{QRP$>*e|n_H>+M(tRgM1+@8u~nZ=UmnT|HDQ~co}R4|FM&Bnmj;^* z`4x$$@87?#A4q!2Q{^*{73}lUUdcdZmy5IB=hnMbL9T5f||`Ite}y z2!h!X{RYeWKruR~_?>0(l8dVgr00%I^S_ zO9kjZmSRjuKvus7@bn)F9Rj~Wd?J226mW_@uS*X==p6tdpMB@d>g_50?5(Xs@jY{3 zotf6L4tskgt|2E+o(weEXxcy_)yt5pH40!39f02*v}f+#-oDc%Zf!}I`Kwc!nnPy* z^FfGBo0by88UixY<>3mWNU7*um=EGO=I6*XR7SAE~V|m@9i6 zl$krPDvQmI9{P-+(||a&T>5$&CMl`&j=SPykf-=pj_s}rg}gUzhL0a7L0aZkY`S7E zI|pfwUDDNJ!FM_`%fOj?F@Vv#roU9^U^X+6j*&2$mq#)51WHP;bg6ye;dE>BBx=hPKOn?F#-O6g@-eMDz3Si)9u=Q!cQL@^wQikot!YJgl)(kF=!o34 zyCSUDuLymQO%4~0INJ`@_IK9%02_tJ#^QQ&^(|YXg&kb%kwt>QOyHWLc5={V8o$0t zXT)9`pPZO(f*=a%TtZjgHEjCgy0t&7!=C&ncd6NKe1Y2c{dIG4*>r;DvnB1O*2c~@ zBVX;x>|Zy5bGt0Trvyv0{P!DLAYXN)$OQn!o`WQDBj5dE4NXmAxwDlta7cqimSGtW z9epEkRa(g?Bj=I%P>WrqS+|r`k^fC$$2t@tW3?#=UQgF zT}(k-f`N>Lq%|z<|H3vjJTWS>B~W(sw9DF*h3P=~<03_6Nh>kw=`pd&ix)3GpjZVk z3iMt&(WsXvXp3wfAD`+rI@g-Vh4$T-(&H3`Lw7{2AK}x^@k~%CxhfD!paO#E(Gh7> z!YeMWTkYe+0y0I6s3jI68O49tMy$#|u6aYia%h8squd@lE$S0&iCfF#ATNq+ z);K!Dt^r0G1stOezfMkv0;g{pFmD6OnOLc+D!zYgw*EoSV*^dyURaN;=QY!(-Jf zq#q82I8tQMuuFW&ED1S#?rh*k0_K?{h$dfGbkuk!CmDH#@E^AbN%?BW#NGM6T*e6G zp65Xwt2>N2R2iyJ_VrpGJf`?dSlWErP0FED+%QH=qgj%%pBpDGUV*LaKWriqiZ^^E zR0b5&!vZmPAd5gON1M$V?;0D^RoEr|pvvTiFB%PQei1p-J~vp5BlqF)fQof#58k&# zz~Zl(?mr2Egv1yd;f#+5>FM)$L;6?(b&AWP3_kj8nO{Jq)UG4i*gh(cTh`Qh5j&)g^53u_91oxiRlI^Hg3Gb;uFE1~r)mAZ7wstW<+ibfU zA0VcYnyH6iBukR^sxBhefe%Wh;==`h%ugP3&|40y~4Qm?5*BmRIxbxcAyOg{G#aYpC3_ z3ZvT1kpc))mNRdip3(2hqh?U4oJ$X!;2pSNxE?j1gT!C0GTY+>i}A_{*K}7$d`E5f zLeXfn7Qxn_;)!=&m5wvHR~<4RU{GEG0p*&8&tDoF5nfJxNYo}gE-uGLvVel= zeh;Y$YsWZmJpM?f9DP%L&c~2Pkvxj8$zb5bO*ePCX7a^7z+$iM+9)H!nS?8!QvYy) zi63e4766@By9V0PA-uG_(UAiU<$q0wV3z+DUcD0tnX$qr=D@zq5mN zjB0amb?qCesu@x~1#9ma*Y3kml{(wL>{5yZeT4zfcnSYp%W?_>@k3!mqV}4d;YOmb zdHmL0^VEw@#SjM?5}Jr(xJXyQw~hjKiYgeFZvB;CX0nbZ zj(GeX+H(+Gs!+YQ_zrhH!Mxzn4UZNJMAioSQ)8=KR^PkZy}I9WYK+XMDx_NRgkvGt zQ`@5BWA)}wK%mJV901a7lvA`Oo;kX*wK~rZlFSI9BftHBVSJ>X(R#H_( z0h(QIY-!PgYAQz52II7s(tihx~N z-S6$vJTX6?^HRqud-h?%wE>GsM17`GEBv4tIzRR*)A%ruS;C)j%G8{(?)0X$dRG^% zpi)czrEm}IVcm;k9&7IuC}&IWc=%;OgDS2>37M5=t|++6uC9RUy@UN-9BeH4_%?&`nFP;;cXh_6ihVn*l zwVOpTG!c)l53bVfGjNRu(f!6@>b3`Ez0VowY@h-8&L=s!W@|4G*?A(=>GS7QB*#93 z^w1?QOy4_5uPdik!hJS!w8ko&Kf^||&C8qm`*r9jF_%EXv(13=V_mcxhMoXdlp?Aa~Ce2Rc> zJKl$D!J5f77}}7(U2^tGP_S{pC?I4RQDJg}9goGeqPI`Ik zT)l@L7?O6rr0&cYwzs5SPEvm^CFTDDJ6lIG`T5wf><3Y8F6*HF8Xh}wf?rrz{czLw zFw=F^69t?yqNIQ*h64f7Ae64eqZoOgocuy4+&N49bit!e_nd3fXA4)_oV7`IxLA;H z&V|S(XKQ96R*Sm&dh))*+1u?6Z_-i-ixsYmwmF&bmao6xotWJ=|60Y@5CS^rNR=me zGcq`&J-)QIDtr2lT2)>)%v51_u9{+jTFG*E!=@hb@jd@A5vQ!-ut&qq*`GYI#V+Cf z*zZHzrOSte`;&`<2h%(b6~Qg;Y6??QNq>eUb~e(lhF25jJ+opWy_>LGs&-+qb*j#T z)aoRfyOSiYN6U#L8S|Q^HE;hS|1G_e?iqrPU#F*oN~P2$ULk|Nj)WkAY0cDzIlgyINT_)Ccap`2oN1377FTnOa> zqNhtkEr{BggsB$cgYUM+o}9QIt_rs&Fl?sjF~+ao$sKaI&)sH!zyJKKOhQIjvyg2| zetCqF*6QYJ_r&EekiS*r6cpwNqdwhtX{EW4d;mg$UKOSoRPHROT9D)e<%rI`dw=TW z>ZPyGiOrM@*=kZGid(}X(v*T2IXLpD=lb|%WsM*`6q&WM0GDQ2yR(iIoQPSDPeLiX zj-*Y)DT9W@+kJx5>v4j?d$Y>r*P?a<7Zeen*1_iFVUg>iA*g+JJEKvDnxit_52`GA z6;IH7<`>@%hhp8SFW%L1Jwz7x*a4R}h73Y>(n}wY>ecwXM6N17|LQ9mYHf%&#wMGy zWE{Rza~Pkw&)r$w$Kc6{zLFV5Z*DFnw)y-?&&%A-aNw+%6^Z%f(8mX>*lN-Y0w#% zMHEQAxkfd&alU)%F#qx3%F4WM-ZnF5SDmf(qPJ{mW238Lu^JH&m{wcb+IqW8A0U3a zXW#CCHr50LuTbUE3kXn|a5n`2Jqx_)X&G4i@p>pmdPhdtTzxGa_wJ=Y z%nMpHgWFii)|{>+EW+nH?>zKBa^#2>-p~M+#AT`B0|8PfpJSj>7u-rj^xN~0Aj+NR znBKTax-MurID7z;5HAYF2n0l|JA(^kh4m57#aR$I5oLqJcg$W+UY<`vLJ!{F18a@_ zxEHc|$AQ~h7C#Te3MH5t_(v#YYNi`%rx*pbz?*=~rmyt25HipcuqBiq5W`eeM0%H} z6McJ$s1y7`LVbD7O^)iF?kz*j8sEz9X+%IY8nDCNC0OODJ2@3C8%Tp~a%Fj09c`VH zQFGJ4-d?1;>r)rEEHA)dAkOPO@?e^PwMFO&bv$-Db97@K*~BbjwmIS9bT%Z7aH?|G zMLR?ltvya10gx?T(v@Wu$+%5p-$vzqsum+hi(Od{J+=v&Re~3ls9n3Zxvy&x<|pnB z9ySUzNqeH*nKO$I!}P=B(JpQ6m*24qx3B zYgcW_k*?74C*bebA zGEOVCJA&&@!e_4(n2_^EMn>#XZfdZ@M4M`M$o#;)4zklC8z0$`8`B-ctH>~Z9d_Fy z6a<{wS+CYN3>wV#i8_=1+6W_DOV;937l3PM0L9yXw0CW7O-o71AA~1d1Bd5Bu$Acm zgi45$&;}|HK~sBsdkDn~Y!x}GwT8*g`n|SGB_t#a2)Bq22_Z1)=(rB$gPi!pbuF3Y zT1(pxEvgY>L9ZB-ty^g3Aj+*D!2_A_9M8j!dEG+ii7#h>3vCAc4aKn114&%&P>E%; zklY(-4X34Q<3~uu2aebl1{Kr?tx-qBB()o$UrQ zZ1joQnhJ`FiaXB^{C1u!(;^1JM0_ILagp`xwRj2b9;cdC2u+!j&5``quWLfMLtMt; zP@5gOuLw@BaI?0!Y*;J6Ii_qAv6Fe=v-ys>N}naWhhxrhR2%M&kM*R;ozlHh>^%1Q z*Vgyf73^BwaivmdRq6Hcl++a1l3C!9KxBCH?l#P}|D?Zv@HJJ9&^1u}$#2FU=fk3U z@!|!-zCglz2m!BXZsk+&7y=nI+7q;U7E&w$a%yL)#v?BQb4g#e+wT4O9j)w^8mp+a z8tlP6uYCwQ-t-J~ahn^|pouv-g+mRC)Q<6zO{yQV=Y{ziXO0N-^EcoBT&R~T;V~Z# z)N@2+WS+shNj!neduKK?=H`AI?HYLaxqa=svYpKp`qc2M^}(a>izZ0dYh{fB=0^FVtH#N;)oE5a)M$-5k2JK-~a$= zH<{D7XHj^g(HZtyuStk>Mq;fm2*tr*nINWFY671!H?Atv3ybyXX3A3lJ#7m2?+a~j zZSjhTXzO2OBlv)sTNJ2evVVOLxY(QaXrcu5^=ze3p@weXjtM-}IudfIMCKg8($AP#kNTM| z=EQfqEX1K6%8iFXdA>>-$y_{&uax#IBgrmod?C*_TxvI4*^)kes&QHR_51NuTNV8N z%m>YXol;VP_nCnV6Hi+5zP@{CYVtbRNb*NB!AJ4SykEpdd|HGK2>D5B+sAwlYPlfBl+o-v71>v4OLGbtj_#6Cl%l00OrU*+Ck&j+~cpdqwcrlXLS72ZE{P*VL2;x zkX_+^n{PE|wEZ(2X1gR5=X$rI+`Powc5}0?!>Q*qaZYMbsz13~J;3>CWB1hG|D3n! z+nBCGu_RhXxHjg_f3&Z3uJio!z8^pSPhZTxhU5RkW*>2p>I+F78-6u4HMSsfw(8#? z;E^^e_(IpyuuG+JMhX&_#~WJZ7}=z2P-0v4RR7AwOGtAF)K@hZ93Qp`{?mi= z<4y1?S^hs3i?(VC>_V~&OLio|7fW-vqfOy7!keX{?_r>s)$#m|^t>wCY)$aFws(8L+wofXWy3dE&>}o{2jwXB+Iw4RO9a zPTe!;JU4Hpbzb(OuJY@uocXlxjMIacY(rEjBJM{IPB7Q8ZQ04=hf z>HfHZXO=gk`ukoz6Kr-CHg?z?aSS=bSXkEzEY)QGFk7KjcS#U~J3sm^JfaLoj*g_q%}(Vq#**eTmqOpaXoiZjXAc=7PGMA!;);Q|-A(%p+B- zFLAf$+%KT*fV|S{)rmTYa$#W2&~!R83@(*yQ9*{EuX9Em*Tn= zB77`xU9>g=3l3k0z1Ef+Vm9U-<)7s!Y;uIA?NGCPF)oP#qoIf9Plw_ zTDHq%qClF1QbtUf`Nsv7dZFi|ham&4H{tLR{*42AcPcg$JpV^jvf8jt&&-U?IQ{*Q z=QV|V+*tP=0;+jPw)-8o>gD|o7f1V`n+a}r7y{$~+$+gAD}ilR0~eXwN=zFgTs^8^ zr1lw1NUl^7&>WFmROFPptM<=;XxJB+IAm(7G#eLWDRy6)!f4np9uH#Kwwi3>q?FI+ z{PJJZ76l($TxwGtoVP`2TQIT{#4?DDI)#A(`go5rIhmdyU4bk{l?17DP`EC`ug7UQ zEKrNE8+%|^Tr8a&>geNTg;F)!_7}E+t>#O>%V>c~@9OJ;3`A{!FZ2~g$xE(lU(|t? zyu7wE7sSx36dd*L9nwU!Ew*yKNj`{88#||}@Yla0i?`Ngb;{;IRm93}$kgA&dLVVe zc$B+fksvatT)VWSa_`F%LAKJ`!|S(<$LuRSfIk!-=|z8Vdcz{JBGxo)RffXOwFCaw z+nS6bd#n@dOTn8%?7XPZs{Ky}J2hq8Fai5@?b}`mmm-|AH7hDUEEl;==p@7G;7bB< z?BKA~Fz`Ja_PslXYHRly#!K#2G9?7LjP3;Qw(5VnpqCh*W!F~=5+{G)VX8J%V?QcF zPwU5VKgI!RCB6T@Ug_aIOZ?Zr{`e{4e^2CpymBk(!v6vnYN`Kunu>eHcTdn}n}=|4 zpZF(3MO6W=nE^M$)ZbA*|0{KF@n370h+{E2qh_&NJ34A47R;7CB@n~}g!2e6*@E@mX%3h}b=~apBYiiCXM*l#iy;nJp zs#~P~{qC;mKg`og8BAx&`De=7`qCjWXhr?Ah;JHkn;1Fm|5L*JGeQ6VZhHUv0+_w- zT~4p0w{L%QJo6m$$^JN+iOuT!;PkL9RQz=FQ`t`+UwszO+%f35SKMhL&kr;vbS|Bo z)h;v|W3}5;K$@Y*&G^745aq5LCMJV<7&=DCh3&GgkMNfQp?e3&gY;Yo#lD9JQ^r(V z`uY2BHz`AlLd!3!AAh?89XYMh%dg9_^g#OToNA4wr>9Q`mX^5|U$G#Ot6M0KG@ohp z*eb_gBR;8ev`_A(CNAP#;)vnUi2fFIlozi~waP{4^cJ`mM7RG64bs<8*>AT8x9%9$ z7}?(Jg|54zKS5Om-X6NbML^GV6o%JYo{a`QU~cyo;%K9$669(V7fIDSM`VGPG-iBz zN3V^3vG1V|(xyFHW5g59WYc15N*O%Q5mY3Ug^+ivZX zsu&G5wJh-cPd=TF4xsufga=a6<#7g=>Qc7$Zv%I z2HwB*z4Q>exE@$Hpm&YR%H(Q(2lrddHPa7zCDz$nM^6-aH_(7+6p3~HeQj~nXsE;v z>8M+oYzBg%MO%;=CIMVIX`n#e@#j8#P%;`-`O)#7UP7S!vGA%=R5VuBx7z1$ z-&HwYf@mu)W;2)u`ku|GPpG3uk{K;OGTphK^bsiT#6Uv1J#~BO@lEoJ&p5k zo_%zbYR`KZ+;{cO?~&fPvaQgsGp-(Bliq<2GWLU!qfm`yHg8w&&f#m`!JXw9RJ6@< ze>(L$u;l-G(!k6Mo|7HaVw9Lzhm$KVXFmPB#36cmPX4mFdcHmjBdGaX;1dS3<( z1bX?`LH9+Da1TF)`Sj2$={*lhlfZ@@A&qE&qB%G6lcmLiMh#^nOb>&0IVl z)(>*ihQ1VMlYYbsio?_BB+7Ufxi_0t>`*PCP&gd{@0-5WT(f_l;7|ifNz`s6=gqlG zGr5H6$nBRSz%Eg93V)K?dJ(<6bGk}+oZ5MzOYYdQV@NN{e6=@tG;~NF>n%j9o+*J? zVx}smfwyx$;vrPj2&)g$#`}23E2;Fd9&U#qx+VBq_0!1)zeszmseuy?X(xrjgLcwW zeIB==gLn;m)s{mgHuNPizk#dk*s1D{&u`8V(-hAk-noYl1Cb{Th@nu#TvQ*lz>m)i zCSwH&<1H+lc<6jU#;7OzsiFpS6A8~l7uJ+Io5$EPPm#^83qnUurL2m2?>Ld1rwyG_!?>I3 zV6{htDk35cpr#fVGrXln(12RotCWMHE=;bw2zArwVYI-s3e6Q>xAk3^Zaz-ZIowJGJ;5kj=aEg{ zg@WCUY*0Cm?$CCuF&gEpJrELcrv`7IU>>Z|3J7Q?t(mic=R_P5FOM7c%S&M|*1J{n zvEm_Y)Qq@|QyVxFwSmFBW~>F>{VUHlucB%mcU|kEC-~MBNP!y^@yx=QJU#v3;r*{= zi*nD(5?GNwf9T{H*ZmWRi_N2u^cQOmt1qd(w+4SNS)v}aR4fm`N)+1u)!BosR9+c2 zRvfse+}+TXxXn9BVB7EeQ1+B9g{1DBbdRWH$Z!~ z%B4$z9g#d-768o(Yc1DRaYG_~U@y@EqErj|eMVwdBVmVUNaV4@;+%)R0y-8JEZE2E z<^$ewfor&vNfhaKQD?)@{dRuzHT5KU%1lr~2zpV~!3P}?6_qLOIAsCdkT5{Rx4++o zCEI7<@KY8x;oRAC=Ynk5;dIbqU;zgE7NX!UpaDY3t_J-Gu<=+cJ^&P^XHWubDS=f` zvCq&m7xCaGB-jdua)ATM0$Lf%DZN8CJU6VtI+(4j_7;S-ONxk`fv7XbsoAvB8PI|R z6KblZ&ELQb0g;byd(9HO1Xx27xYAPn%JhP=HSxiD7Q>Hl@-hlPC zibbaO3&=Apz%z{)8uaa|a+L(4wflre@J6zTeHuhP4Onu4o`qKUDjhKR3!_dPL<;sf zwoQ)hwHepdhp=WQiP|{99x56TjmyxD+1i5T&ZKdQjl-P7% z?@kbotSj*{^4^Y++1+!5nL$W)tKOWlB)j?}AGfzG4*X(n%>D|Le@ws{Brq~Kd~_Z@ zR8MJ2e>~HXjMc_P`k;%IK-#JVb5Dyl+esRlUh_m>TPH#xfDOP%Dq_Laoms0bMdn2| zL!#rAHSi3YRL}VjP1ZF+C3zI&Mhnf_LO}ok>XhNYF8R}^PfEnX_gA01Kpqpam+?Mo zwtOzH8$PNC&WKyV!VSL&Idx7L4}Jz#F~0FJ^cRcH|W-O3etU7n4Jwqf~bIiLNd{H*gs`kl3=i?%kK2+(!g}$ zgSzQALJU`~=5g~EqUkANrt#<6UZq-@6s`n6pyx?wjT7&FG=lW=!V_ZTU9-*L$r+m6 zX01+ZGwQke6}@@$J=vPbp3@`Pn)Vsge^F0Gx^>y1|F7j?rKkaU z{KCbHNJq%QQ9fUTeUud7$*3A=DsFCXSAFyAuY;wQsa!npq>qLLmek6ddhVut)q>#i zjfb{*JUr;f1|&bkNTyX^e7|uECHF}O-#a_;6m~_nPwjE~5mbaLwMBQf3C}o(3ABrN zP>6l=O+Qh6OrLY8S}cLMIFcI+ak0q0_Bb~;cQycH2v5a0l;M@4$`31J!bD~hE$%Ul zsez;pw_z+;cOV;qWq?1aH2I7|+xq)lt_t%)1ee2HH|h-w%z;noNrHAnbmDGg;JL`S zK75Tl=F>}B^7eG1km~_`-ID!w0&5FIJP}i}79{s9pDGVBsbZ#7z|J>shRJs}J!-y< z9SDobOI~K?(}<(fc`kDFqM_WfdqihMzIeU$u4kP;eZ7yZ{st&unAuQnc%Vok^mM>O zNHSeVw(-IO!PMw0z7dXX=~%t9M7Mtb}pFX;o%-{{W+EPmuk-< zU1xb%P;FZiWsPe6Xi;D!M|#iz&O_F(hU7x-&rU@iC1SH<8Wst5)6bvpIg^KV;fWG1 zHxt2cZ`BY?nHoSSuEP;8%~V^q^u4_!h)>i;pMZ2C0@<4h{n{8*O|!N^Pm23>@Vyv9 zq6ZN);*yHjmpmFOG!_;RWEXP|>n)ph4ha75PZ-f5_{8VHM@d;(yI<9+rEU^)rvHx3 zP?5TpQ#f*40QC_$8nLfIduI>iRObeYE8-KAef4TKGyf{mQm9fTF&X)u(qCWz;2r5z z0O?dG=TTmw&rTy+nXmKD!oq+6cp(|-i441>yoTpFOoyjvAYo^fWj zj7AVu-ump!@_?^KDU^ooW)d=2n#-roO&XZ!yoS1AhkA}%d^S&Vv1_a@fZwZvlC++L zToUp=Xwn+Yw@*b-)=JN1#9#!bTn|cdA0z`>%D`$YvJ$#8Rjsz5Qw&;^V|jSA9TIbz z#J_oIJE4`j!VW!~&T#Ua0@!y2&2OC|DE)9V<$^=F{!T%W|PS&cb=O`_T%hDE{&wF?jH~&Aadw$yv6GPh=Wb>!2?aGNx&ii zH)N&A=ZZw7nyDBoCwMfLfPVS^McrElM7g$Yqp(a`-L45O=v}=Pk2t|m7 zZ2C1iKvtO68#&}?I?4W}wwr%WNrlbFyo8-c9tdXSs`CxxdYxW`L>u!dLHJjY#6b$E zqdVFQq#0djBiG%%T?9zL8o|*Ia4&@CESn%wJ;KEe?lDr&MarisNCs4GrZ#dtg%^Gi zj)9~QFifaG`alPcX}A0KSQ-H2wE0FZV%oHM7qQ3g8PHBzfCfp=6ts#EcmN1{>Dr2W zneXp}MR&l5Yyv_($|R*LMUr&~lZill5P2VjCG9!3Cl5?*C&*NLJ}%~Pk3Cheb=-vC z~%ilmhP5U!HmxJ)*XZ%({DO)2P@1+U5giwr1IIRKt0g0q9rv-|j} zN5=7f?J>7H0=ftOIRd(dj9W8EWG{WCYU%>0onZU>)enic)aN@DfbI!F(_^G^fxIvB zH-bo7pO(%?b08qqI6=p2*1Khum6`grqSn8$+NHlCP6|hwT&Ri#W5XE61d(jk+$tr= zocHz?tr6-A=r0_W?MceII!3Q`V(7=;dmstCv^l2yhn%Ws0;|R9STee7f2Fe6ZTF0n z5^L z2tJxJMLTMPR|i-G*on_mre0HC0qL`Ftq6dy~U;ZePZa7yw; z1EZij485|R!9tUOK1!>(cuRFe{xvB0|bjI@ECTmmv64R86>2;?93YgT{Y~? z+rJ2G_$dIEH&kMk0?kUWPhWuR$-;T#A&9d{Bs)3V7X5Bfanqdz4vF*nSU(Yo&@-Js zNG|ui4fIRT-=Ntx$lx8x0JwDU@q>7%Vem(lKe3VTPfnoVX7yb& zbha)2okQaZwFv1Z3m};Bn03=z?ah$y?)3J7VizR%xM(i4ui_v3PKA@ zIf@2TynMtCF%vWKB&am00Z$%~pr;Lw*P!OGc)cnAm-A|EZlqpx&MnCcnP`QNU*r>V z5H<5V{X9Y9yU0!A%KJbu$rh zK>&IM>Y^;b?QI4GbRInL(sNzrvC^p3bKP3%T0cH21^+cYJF8~QN*Y*X-48uSJ*Y*g z4&ZT(zv60FR1l2;e6Ql1TwK6p6C4OzTk(fwka+@cwX$XXZvvG&f~=Cjq_VR`ho?oR zm6z!tg-W5Lx6pt~Nlza|#MKa`Jz#p2yY?#Wyx$aX{+(LkP%aJW6{3WZ4mc=)2C|ke z=^z1GP0e{#K+0G1m;?rY>@Hr!K^;3>ep$dAl!5@;2Fb46loKORi{N7Fh02v&Hu0aK z4GTm)}Pz+(ip75^X}kujZyq!#K(s($NEIK=4D zk2es~=9u$bE$CJwRp#g_p8sLOtie3nUs091-o+TUF$gL7h0|LBgC!#) z!_L+=c#dDFKj#Uco!1JCp$zqV{dZVYREECORo#T>xqr^Er88NHkYCG6N8mZydm1u; zR}geM!XTUm-AX++&<82+XW4iD(Xa2Bf{0>@LcukVmOmMq7>l1H^+2!bFq1)K^+%Us zlRtShLIGvXIi&z$W8d3%;l4EXmIR(wxR7*XVN+G;4_7!WC>fu<9Eh|`^mew-;(N#UQPov585HAKZ*|b$xeL zM4JQrS_FrF5~A|}{0hL%*hK9eZdXhHLy5+f>g$7xAKU5hbXXsVK{QBsM6+?8I*yx6)JuTTkSj8SUf8H?& z*jp^j0Ix#|7OMv$E?2$L+gbW_IgsRmq`_lwREn@a5wV{fVFkA3wPy^0D@(&Ov(nUHjKy(9yeuK4rG*oS#fD)%Ut{{B$ zabhMBw;0-Q0go+;W!*Wt~R5$f1;FhCg6B`zN=@)Q#M~KTT6fBOx-+{ zb#F?Lka^BeMAEs~sz-u?f?{t~@E8XnHF{~D)A{AWZlg40o9*$!nV>E!O|-Y&55X@Y z3I$}oNH_}@s6POp*aTs{?(XfGLw4zy08tluXW|Az3^Z)IAaVW1{rehh(R_R$)RFk` zO>cp!43v}>A-Z*B;|6^XL|g-2ft+Ng(H2%g(*Sj_ONcY+X-->?aEBg-^wX#JIMkwQ z^oyPlZ>_3Boq2NyN@>>mO;R7i58Xu^H_~B;fgXo@%1oItTXb_zp?UT%-E-mm?SO{D z?(9DwD6y)9MZ7I9FaK_X#brvRp-G{KF#ybKHq=H21C*7-`#*(~f-)u2nH#MMftw1v zD*)Vt5B}8;u_JmE{RTmmS3`I#A@h#KHjbiK;E8MU_P}zFXpWXDKATh3AfZZu#a^ex zqF>I{V>rbJko-3u=k$ZcX9qo(^Vc-Os>~e)_y>j3!{81sK;i=x{S=5HA)9z!?9hD4 zzL*PEv84g08nRR)cue34aZP4oBEGqTteiTKhv4f>F34~pQiu?^BQ4s>#ox+lAqZ3X z<5+bEf8*@RWD?jVgf4kEPdvlb7c!_A@(d+QsddCXsOxz&lo?}M-2pD)#h$;v0+@Ux z^npOgvELB6veum7*a2PoNke`Q=KGv{yufWZa>eH?&3Y}mi+t9O z3lIt>Tq{JEb~{z?4T&QCWDaBPGcXZi#XxGPK0ew<6b>rTl@b803qY7L@X=sL(t~`8&1yR;r84@CP!^|R#c(Gu+2rXeH z6r=1tNX_lo)LO^%N^6%!5Y-;?pgF`kdOJ! zV3GXWpx)a8%uBSOQ;x{~5;yo66)1gdKs8t<1UBN8;-%s8LgW#MwdLM{fxu0+TtI}6 zA!SHIw$|a^`3mUSAQWY*qt6?U2f-{ZLZlK=S}G2#MT-Z=gwZ_q5un=p`80`0IxbUf z5o`%4^rUu(>_4@iYsc+Fcp@aE6C}D-=4{u^@Ul%KYU+2CSr4+>NQ955CBU~)0Xr|? zGO)(u^62?%P@?OF?mNJSq1XqUKk&RaGZbpCI?buZLpRs7uT?YpxXaCbb5kAarwDV3 z7j;lrzGo~OodL@xVE28kAT9_y1D#-;go{>6e;v)p>dG*Z!44T%P9eJO{4eC!{8E)+yM7j zd}hjgMz~VgWy$pORIy0$qA8R`wf@ERgqq)i4^up(37L*7BeyegT5KJb9O!VL$rN+; zaQim_-rkk89`go*Wh~OO1HASkA0U$068BF)lp>4FV zNuZ;oWVoiI2t^TeCSc1SBb^&~>AmT_McgJnN5GX=7m43xKr#>laF@-c&nu&q7H#sP zx4C<2_*=k1=^@4+VdG?)$n*1)Eq`D@NZ9yLdHme3gqamRna4S`dWiHOm|vthI9q*O z<9vl+2U|9`QVH!kwe@F^Q!d0;t}4BGe|~e^X)M?;GxLmUy2s(3#fs;6S3NL=Xg^D& z!n^)_dl~_}ggbCaK_YB5RD!5&geT}HLe3m5so1+RifB=RCMF^(X$H7(-+==0G`Yh; zrOvg~DWuAqXHb97a^Nl~%Ud*uFo45SD>s^(0>{+N2iZtg)*bX}mo9V@q2*Po_UId3 zNU9MwVj=FhCI#S;EO+lJydl<4D?8jT-Y%`4m7=g5JqwN=BE2|YfBzy@eW2?hs1GRH zZ_;(vB1WqfKwX0-2~ejT4j7+?xYk*_3cX~isN}=;EEskM^ly7hWT{{Y2HApSp&m-> zGJoTc`UnA3Pp<-CYk8=-R`J&7)Yz`cdT+#5fkd;s=x*--3ITUOZwL|XUAJWY%!Tv| zMVg{g*4T@X8p&XxZ^+qUm<9l^!$Q+#a+c+AJt9yXQ}w zb-#c7czv2)Du4fZI3$v=PSJi#S%6;y4N>&L&S@YhNBPOD0kdqLGlj==;yNx@T|Ym6 zAMmuf3(yYW!53XHhoq7Ty0+t}5lq=g5EAZWE2p(1s#BmYCBu;G4c(uewaexTwKW1x zcpYQv?Br|1+5p3FT_5WKTY^j@Ku(4_x?CExSroxk(wo5w?3tlIL40@x+APucP+3L( zzLgoAng3;|WFz<7w-a9xA#p7bB@wo`qfrU@DwMl$#TM%P<@duW&I*s;&%j(WbZ~T3 zgFZ6CTAS+05?}wvMuA#oW%t_9hivUDRF(2q{hYe0Vt9HMxYPb7z5-U)St+IuL0&b@(E1R}sv(Z@_38U@laFI~|6(m~ae=51>Y+4<)NFaQd2` z=Q9gcrS~WMR)IH;-kp7lFfT+4%nx&2rus1ay#@KA3+7b zFc-S9CuTt+nnW} z_Ft(z7D4*G5S=2>o1GiP7z*S=AP~^XfBp_~YaYiX4ZxR|+inCPY(!s!2e0`e5E zvv2=D1t0!@hQ|IwjvP9=#_RSLn5RqsKw_cw?=|4gIr~tR%W~&bHiAIj`7eC6j4HYj z5%ksdt@|@21G4ze$y>7z!~3c8IH$O3^{O&lkG#nC@B$$x%BK+wzl2W$TI z#CBVw#`<*vvTMU>0nQf*4whBshGSqb(w|KO&-TLmH+TIHYTAD$L;dUh{$B!{y|6GS zVX+7#8Nh$E|7SeZ$yk}Ef&ad{IwgquJ}7`JLKAtY+O-t^Ynbyd_@R<5uM3-3k|Mq^4 zP&P^eHI8UvnGld@!@z<5MEoz@_kEH%s?b~iM%+inLCms#U63sN&%+9r|B}$lr9F1d zZAtK&eB2s}AuZ0O&iU#yX}5kFrmKANqMBnd#ao;69$7e_*iy`FD#_dmuV;{om#x6e ze7AAtT`;H3Zi%(PsTHp2XBs3(&E6!yr6zyU7N7a|{IrRJ9%uyq`OIUoi(XDk&n+W| z)Gw%a_Kx@B^Ot|0SxPaUs#W_MVE>s?Bi?UKA>&TCW`w=&am&;F+;1fTmiw){>FwTb zWj5@ahr$z$<+uXRzX*OgO^)T&I4gWE+m9c98Cmh(ow2#?XBv_9cJJhg()7E0^*SfM z8vS!6k?75MWj};s z98}j`)$Tw2eyYqC6@EF2oeY+%1zO59hxiLLFDqjTfR&?8XhV2!iQDG|#@^v}!kbaI zzj_bi$;@q*Q_e*1X-6eQYj|`p>f&I9KF^{#L(j;p%$?tV%2I5ZO*^c|qKH!z);`NS z>(bWf$u_4|+$OH%6JgUzCplb`Wo447tyb<_Zs{{oBJYf4>M54cT))ea>r6Xm(LF6S zRKAXci$gl}syE^-{PEdB0sl?Rj-n`Pyn%Zgy z@iaavd6^$2zK(g)Y&Fm9NC!YCJ`zc+Qi$_m+oG|uT?H9isk1H(TbgY1LWFvUkgO!u zK#yE<(eNmzb>@MrjYX$YxfzqnM|-u9FlUFf3ss}CCfn?M>L+X{?vH=cDQ3d(?*&)I zdQ7yEf9N~Iu4f*?rufY**nk_Ej1fUd(5?&fqY!v560m{4Lewo7{cztm#Va^Wywa4-(kAJr+BMTUcH1f%(CXL9^H#(@kDJ|8OL8CIG9nf zNY(<_&Pw?{Z6)29ZE1iqeAxq{1JFho1uYOH6`o3N-y+hF664lZ`UE;ereUsX&hKuO|t@XSz}|&)9c| zx!>$VwqMKKGq3?OxT>`7=jt(j?3hq06IR<9Wz1za?TkLGxsvMk`g@|Z+s8|`G>5Yy zDJQ7NN}t>B^aO*@ox|Aa#qx~P0vlbYW)g&R;Av5QnbS*SGt$Ggax3Rw`y1S@tmWEj zdmURSaJWcrm$A%2P9o#O=@;gdJ^AF2cDwm=No^o|)n?W9F)(5*2J(`St+KJ%KmO^@ zmXZvj$Oa0q`CK~<6zr3sAc825O8nIW>HlY>E4uMsA>+PO>+rDlYMX1vr$z|gL!ssa z{S2dXg$rHPX;9lNLSxmCZWZ6?21%un*5(uoQVEsJr44zrU=6?5_gpUqks|*WEK#DBKGPcD_BK$i~ zNm-c(`V)p4&Mbw8(f6#L)4oXK8fU;rLLUpc;m}=#d_{d{4aOw^LK+g**3g2f^vYl0 zw8ANkQEbI8GC#e#Tt8!eJFe0|#-;>Uh(6Ti$}gYJOU$TkcKWI;E>-(w8US&4N19x4 z&ILuZ%rc9wB(M?T3pry|LbETd?Xgj_c2Rx9I;i*>XR4tRboI)11m*aM*23;l{9m4Y zxQO%;;1_|g#yrq0iuNZ*Vf%wBxe`mvzS1Q)(ej6jx0eHbSJgI=;OQ;=nhq;0^QUmDZnTFf+jd9ipmkXEg?#_nYXs+BUjVw+nu(X?~hHYJOGy*|oibhTKUPm<(j&b4(^ z##Iw(R2oDnn66Gf*w%)LA~ywV@JJS5VQEHgR^8ITu3y$ zG~v^nReS_>Y!J(O-ar+{@TYB=;e*!k%9J&k_%|{aSo!rOu^hz1T?f@a>bU+6-&tuJ zZtmI{%ifm?>E6yQrP8~)eyG!@huRh#>2hF-gWX}wTwE%n6o?e70TrXgk|rCoHVps`Mlk0}g(hukL3+Z7GBH%A z25|hrVe}xtnj)SH

    ^29tOwVXw1KR14U zs-#MM{OFZ8m+P6EoJoXa%}&WQslIj*@srsGd3(~x1*(aDSpLqeyeAA+LH%sckIy+v zyLWc-ZQ981vy|_;Zlnw(n_NadX*|~UE|gD@TFumWmB{(JM+EORsM^fue}b~v$`;9K zx)@S2H{x8+;6nCWhK>U{IobC+_OTqIxC0gpm9NDk^3Zy*`3W=HLjfc39QE_N1ey}TEg;XNd=`v=+R+igT;vIlrRp1?n(y3!%G(K zi8JYVfzsl(&HL>TIrLTa0!nNAoeim^&|!CP9}wUy8Bd$oXrSd_{#>syZmqP)Df?1* z{Gm0iEP~U-Usq|Y9bj5vWa7yq9x2;6YOy`cykJcXaBtF&09X=0MS*X1{&s&QoI6?&%eaKsA;tf~P7Dx_bj2N9I%Vl6B#H#{}=9L&2(4yV%BH`sGu$e`mr zPa5>}Lr5A3zD{lN+By083*t?ta$v}wmD_P)Pf}kVT*8k}DSKMNvaW7?DbMvT2Aa%8 zVPPEv+WJ~w|A4$-CqF>2{e4!YZEjqGKEd3WI$cn}r8Cum=e4C?5w!0~d z+?s~DP!^Op6a80a6UQipI$-b;BLVd%C(0jQn-Sv~$VlbeHKL3fzP5C4^)vbU{hOsl zp6d#mzdH!b&6>u{vvb6KF!?lhobB-IDHnw&fbo`5Xl9$B*m3|8vP5870h3_S+jd37 z&Rp|eNcEn7gWW1pO)7X#6-8)Z?5Dl5Rk>sq3f$Kj%<~FUpS|GU>i83bN$dc$_ju15 zN`GN+F}&Vl8?Wu4ssl(UzgqYpVF5lF;Ot}hHPaJ;eL-#JS0}lKEhRXt2aGF^HdGk! zOuIWI9l5O)#f_X*YMT`vD2UsQ=vPat!>3R1Q=74W6{yDdlpAc8b zIGK}I7_>$&*nxieECM@&qLOmcYy4m$X!XOmI7^Q=cQ+U(ew{J$!TvN&thjqZojrm( zWgRtm7u21l_wl(Cm22FtK9(i#nry92&AOO-R#s;e=6;ti-mz+(h5ZBi{Ad0F%i5LG zZ^eG-KWDr=Jz@iNh4q;)eH)+iVr)0^?0j26>;Huy|M$9$J8G+6H+r2vC$Dei@McSV zMd(Du<1Z@GK8b=Kspt8i^`Mlz^GP;P?6_v-1&EpOp`I@bY?KwNva~pHrRQDT9TmL8Ip&F!&dibHDo;HOu@r%Kowx z2N8$0*(}izHy2i~cly9PP_ffpf{d~|ELnQ6`FE%9LncAxT3YQjVG*<{PaSmEzP`ZZ zl74uIk$QZ0jhSWMUVA4WFQNr$C7`uxa1eSS<7bBsAJS{&fB03(omv04+p+&-D1z7u zpXpczq(LifOtgU9IG}Rv47vC?@C;7Fp*45uU$b|LoLViE`sz_)8l+yk<2I64?YRSQX%pCo(lhfmeq;tkMNLxsZd*WJB4Nx6P zk(NIHg?6-O}Q!dw=%3Ml(+e{jK$(pz=06 zMt#%&Gq>WGmOW&uW%wsyEglfhtEuQFL8^<)F!<@c-b;rP4krZePQEnJ-U;#gd{j(=KbAinbrGRGKxR3R z;oEzD&M-lVhK4!v#h%#x0DJe@-U%i-LsamymRK}K_UfW3|J@wOIbj5`HY*B4zLql` zj_PEVnPO-y{+dEl;na58eHeyAgDAli5-VgWxfl3I)h+(HCT>RF$TC$4ooc`Z;NR;f zu)rt_JI%in7GBNyTziq$6bKkSPT!%yX_J&C{_T1}!bj$QF7$vSnp(V%X?3uO!zHV!8gV z5Wfz8*l=4ZT(iUzhXfSvl$mP^sUTkrSU;~jZF%G%i`OS_m}@;6kG4KMF>+s#`N@C> zBX+{YMPX~d?!j}TzKV|l{B68y^8;Nu6|R%S_JyqL%AdT%*}N*>swFVuz1k zBV0JnF{0)Ghnw-et?IRR37C;&uLjI1ghD!0@}v|=gM&Zd$Uvx=uT?5J(+BJRxzh;2 zkc{lCKhX4qv*`ZdMv*xx#)^JwSam-##A-ahXi$oA*e?EO)W z{eNRGHo{l=`|CeqQ~rz+2;{)6xL zM4*S<4G_X+X67Y_E5FWZsn{K#Q`&ax3g2S$pJ(Ci@L}^zdOzKt6ib9fc{`C_$@bS3 zPvpDvttaMhwA3z0o<>goVp&R^`R6+!=lKuVsDGaMpL_ieNv;3qAM@Kp zEkXJv=7H7-&u&pON}2JT^^dD2omzS46UKG>9&GnSTtdi`K*2%CldsBkLLnbIp8;tt z1?&Ws@9E*M{lGjXN97?r0|y#!#YYnSzrM!AnNO51wgxhlZz&T}V>g*Cn?|^BVWN_- z?<*jjXOQDo(MK*lIU%Pvj27z3X=z2xJk(h%UT4TSa#s1jN5IrX(mTm{pbY@uHla_Fgw#eA?%_|S z=b^b4fnf_p6GER1PephFM+H(r%qZSDEQ{3e7xctbi}S>+Y!103bxO^k86EDdY=*t& zlQr;M$}T^o?705_u=n0!QD)n|E~ucQm<3S~1BeKMh)5DJBO;*W41&axoI!#Sl?;-T zft*Sxauh{CqNFOx2oj3|2~|kGV=DIQUSXfL&sqDq_dfUXN4HHQ6jk+obIvi|-#akh zQDYg(gLZJ_rNcYG%MRVGbf7@q>OeK{=A5)mU0!TvLl`Lo`hX<$)3U(8yaF0lDllu} zp2+yTRmKmIjK|t$?b^zpoBqUNdj4lwOpnz6Q5MsK@b9shyvn+rdD9p3p2c?`Em)?A zzKDo0<*}#PI`r+4_U;*@Z^UO+v7aS7b2;JQ^>~JEaBfj-eTSvtKLIlp@0;R7Idq;3 zZx>gf8Wx%PB%qKc_YUq;RPP>he;QT+uGTcgji4F-V*Ht@aIq+x2R)Tu+fgo+MD_h` z#bwQipq&xOm$r^@re{usLQ8y~gH)LY0|wXvyYD5t2)XpJY1`E74-2(7zg$mr&oDO$ zAM0@lE7))Kwj)by+UOf*td$eNm?-Q~piW1d1*Po040}>w2T{<$?tZnDr{s(lY&ed? zsXC)gHVq+~-y5H@!Re@b7RNjr@R6#O; z;?-mNey=NV@n{K~zQCucVK(M1k1>`hDkub@iaVze&*;p&x5L%54ilP1#n63194_>c zUW_)rc(6!bTt@%hEo*on{P}YRhykTqYQIWJNvUh&%W)BcA~a%qQ!_FeG~-bxnq3NB zF)@N)N$$x*Gr=m_A#A_NkXM(URO~tA`2{FV=tZfyE>hYAOQ(F2u-@KV5zU#C)5cx% zk;_BG_2Px<)BGAK{JTvkQDi9F;>)7bJj2sSX~|{LOql3ebfWcM%{&jc)lHx3OoQ#D zChnp;c{<8~wT2%&H0*i&&PI$Mo(<`oT>qgaSWlaBG|pH|M~zeCL;TZ|fRfv@00RFL4J#VbmswD{T{nVWG{rb%2yZjX?}gO8YpVg!YDq3-JAu0oLIl5;WcMp*n}YbY#A+_epR#;!%7I!$a6B)JzheyN-ZQ!sI`(+-409TvFj4>Dn;bt&;@+)w zRtNKhg?3Hw%fGFs-RNfr_oWQ`Q=Kj6+<3d2yB?lv^3^){Q1mNhw?+GqM^L+c6WmbE z>gFQM%rj{xx$(oJnjzo98a}rtMs;eq)^)@Z3I@~ABW!)Ms+2*V9+5NbhLik*Vd*&g zY}MglJ02I3&cRrXY+@LWr4SHjII`Hn0fu5LZzy43T9sB*;N#?zS!1IedxX5(rq@ty zI{)Cu)2eqV243yF>C54TD8dqloy{CW& z!0GLmxAv+swN{*sA{#P@KNZ!mlrRZoA^@IzJdnw_%+Kd|K^A?Nr}t zqVooOHn;QOcuo;2wVGjSb2>^6Zk?odgr%RUMvMjx*HVzj| z3jqSyxodVx$-}=|Rp%2@Vu~+rTq(OEve15vjOsRKxurN_UReSVfvG@UA!-S}=19Uj z>r`>zbDRpreHKYuUrYJ+*>Q0VWx9518O$DB^w4UAZcZFvi(~v0Y8Tfr!9?R;;>`H8 zAHh5ns?V10!|`{Lpn9hW=wnCGy#(3ZGsj&o-iN!hQJzt~SFb{^l;4wkbL%$o-o9^| zfaTu@MgE3u`!|KYCTs4ou+M63RYa%nf_+pwuKcfvPVDL{*lv3?9Pgrc#L%T5jf~Ar z%tb%6w1bjGS#l0UI3?8AQkz?LMex+Y6{on|N{=2gOZ!qbRJ$hWUI?#z z)ES?fgzxCeAvU)EZP{^7s3;suT}VElSTgQRGlpq{KG%u{1JNsZd-4gPzMvN!f_Gm& ze_%K2fXOtyUY45DcfKB~wk*5y`%sq1+?+x<{EH!&i6H%#N`3?>SB9K{&|TE zAd>gz$|lC-l)KaIz4J;Dl4b>U-{K!)Mds=BP*I3@O(tAh9}svBtFL@M;sLqjxNzIS z{NT9OvLY#$*pjxDsJ-W~d+Le}NQoyL-LlWJ+$6ECd{i<&qrJ=)Vsku%7@(rlQ#N5` z0JzXK|5v!}LK0ragq==zUVGX3!=iH^5nvPR@kVFAuMo6iQ`_g#CcRW?L-#Ii6M}a= zaK&%2tN7jkM^fkb90T!7nsbzKlEMPLL`a-JrkE^TCGVE4?;TIC-&Rl1VU#lU;pd8( zk2az&6(t(r7lB!ghXz(D4|*9GbzJj^i|ozwjOkj%Z2ju{Qq4BAzSEG6|R zLzh>$jc8W%-pqf%V4*$s>7YbzR_n+8m!JJy;NuIftme3Qx-H~APr@1$<)+3L0Q8k}-ZdSN z!@R_zT(^w^lbyGDi9G`!#eFFFQB!1FY+poNO-9@E z64sfbNnjGUr7b?gxI@DsvzHaB(SWaOQrk)Ptojfyq@X6Pz)1xym#7%!xqrcT0^)*K zQyn$ZmkM?+O-}lf0^wUedKRh*&L-GzK5g7Pz(IUI6+|k-J@IKydX{J0S(Lb{KnJ&% zme<`Lek$m}$`!EQOEj}=ce}XSTuygpBF~~u5N<0y?xfW1o*M$fn5?+9yt%J&XzaJ0 z#mQU;ZfXznhHDf2s#W5>cX^2&N0k8A=}>s8ZCzg?Qs@wbp?YIZ@*$D6|O!1-H~1$~(`HiNZ{}X~U z0SnDSNY!g=G7)Z|G-IFS7O+Hq6Y*`w$u`~ygl`7{JCyXdqDj4?-`$x<$-FbV3&p%s zqdDYa(yRt5+pCP&>5?-t@bImihst7`#?{Q8-Q>m@)i=Z8D%sI0GbJ_k(m}mgF$|u` z;HFo6H)Kd^fV;_*WaU@+nD(m(Iyf`02sKb>ek~Yx=K2qO3>SqBhWfgb9lM1R8ujkw zY*2q~s2CLY?p3$%d;cz%Ll#pt4#Ac zdujd&%=ys&7tHy^(=@8=;d?8?Z{vdOXA=7Fy!=Ggl@io(x05EN0`+MFYND}?JJdWk zq`;=hWT;Lw7)sFa2s55K+L+4DYz$-9q@2R2*E&AH*3IJJjFOU;wpCQXIF5{0v>a;L z*03Pr*F-d-BJN8wJHf?867GsNC|R23qHKTDhQTAkF14=i1_EgHI@Rnax{{&uYIWs@ z3ksJu(;AApv_bG*9U_4jeL1>}cBgCA**l0!_2;ZwE>e5=GBg4J03V;5^a`k1x8sTt z3kjhkxbC6&s)VH;IF}eO(_i;=;9D?F^8C$UmP4Om$>4|>v%OPma~&>t*s5_Y`t5!C zH8{DR6aO>!p}M|bS@-GQbHmJE{8R*EbpZA@fqg%7%L}tC+&i`VyAYZgVc75~Eip94 zHyI#T?Pyt=2u%RfDC1%jYQjq|f`?C#iWb14kMA6P`)Ki8nzwU*ZLsP|xMwc+TK+S4O~d#%u;ZgT40U_-0Z4ebdd7*lpvdw^IQsX3Q&bM&|H1vuS-x3|G5@xO4vSc z4L!gGM8wh~UM{#G2?9cz?pAb!xph~cgkCfFcshTa`Hn+YjUQWAY4mcB-nQJTBO%jA zS-|eO&sTsx!_L*>%T&Zq0FnE|OxIQwUJhKZ=kAFmuU4L~Xhro^(Xfw$0OFH7qo~Qt>Z#7K*V2*ZIXw8H`3vAs46MDm+;bE6<^s*}) zFe4LDViFmu=-wMJKD@T^qnBte#*gjTvwg^-7#+i<#8xyV!R4 zzG)DL93HeK$no&6aifkfBSs`rg6)cZg;dM7tXOxDgiRLqN$xRK0Y4y zy3-w)zC!u@7*3;~pG5nWSe~~bPBfJtn|bD3SH%&R(>);`%gZ+Mp^kxj*B^%2RH8FQ&WWKx|5cml!pAWKx!g0!~cjEZy#`I)u z{o67diTBi6y0xnN5s$VB&P=kOMn3?PqXGekaq42&GashDsFUbObU7`Q{vCGH@*Ph* zfdm)`TZcdL?CcJvpJ5fKDQb19U5K#0fpw_}I9#VE!!lC$Ja|*|AoFv3mZ?J8SeXFY z(4YruTcaFggnV#fc4KR^} zPHFGITwq-NXqT_QK)K>VeLBpFGYf);5mmfU6z1Zm-op^NL)hK4Po9EuJDG!z>%k75F>7qvN7d!MSwSD=rFYAWyKu$$7PXp^!)RA;s zrk!7QQ~9iMq+egozyF^A;M>{ z4_r)GvZk9mIHeC6ikE*6+bLR zybxmFz5h5tUFX2eizl!TZ-TdOV1F1L50qQCuU7kW4!+KOaK4Um*Y8@(n+`0t`sn1CEg-!$+Hrq0zcKqsrqLO69l~k>`daQvf(`3nTjf1PS<^6n0s=7rAyj3SiS+mv1ezzR?tAwd^-OnGR1?;g7K* z7WQ0&dRYirZu_QkDyg?-fmsGF73hSty420tp8gz{5PhIdroUNn+5DPo;5|2kdyDQ; z<@zJ8q-9@+io~2!Wkwo)n-i+`3wAU0^%qrFbz}g-Ar_@VC|+{ebzNUJZhz7-{f^pZ z#_M9kl6h&63DcCl$Yho8MZDLN@&1#9|)`` zLdGcpl*D^^dA3FJRfS(vsq|~SCJ~ZrzI^JNWQ>}!3wQ@A&d?aUe4Jk2e2xKYpP6tb zM;oY?QD?t%HPjy1OQ;VZ#1B33*)J?dTSaG1FTZpQE}R=bC%6y#0}brj3hWUrP9kI| zN;N;pGr*B{MeT1CF43&aTUGf&Z2;v}=mB2Q(0wR*mDx*$flV5g+`?}ulPS_ru4o*( zq=f$CL~^69OGH*sc`^x*NnL_UV6(-KOiVPDmYnUofnSuyaX5W`t`4l2`bFmnB7 zOn_{AP1vl(Vd@>3(+hX&&u&i4oUZq$*lt^=7H%Cygd$G0JJJ0MSq987$(JlPZ9bT# z+EPjeMMSq>nwx!E?#YKS?CR}?u4yJF(d{K^7v4BhFwYInpMVMmmwxcxzA*93&ly+& zUHJE@entCCA!UVEZ(IZm#=Z%>qdOjK+wx9R%Sg+JE|u{-qh#~g}><_k2)nKg5!1k2aamol~eiWhz=w*+*f zTp=seqFi*P$oEkZZPn>(ESqGXbpchCLER4F*0kO9c0c*6w9?%smIbKc;#XSLCUFwo zid0xjU&6M2%cwqZF72ej91E-)>lT|s8hjzFqx9Q3#ModQox zAVhV7B)|DIwzSB_HfX8<9K*yvt+icUqdjZodxVQ~%UV!Y_SDxwXkjP=U+wn2Q3ARl zkxs)mTo(v(q-jaN(vILS?`tRBSF7-DnB|0}+Snw!elhe)e1lw0l70nY< zA@F-jyr`Nw!q)>qmvqhf=RLeG(i(&k7BbnbT|>QKdT&Y5;oM1&+>Oq@g>E()wNcyg zQILJFmp1Dq;uWj@L|u|+p{_UDpE{YFXdV&=p~n1NuQ(`~*flaILpa5cScLadai#5A z+$gX@@}rz}trWY1m4=HNN`D8Yb*~6PfK#z-KmaOdQKQefT46M$SJF+bW&rKE1V&dgL+qRTKzzqW_R`(C}WSN zsZPmPw@~4;GpRm@S1iExjeAAa5Klp1c8R5sg9BVC68lc$#eG#7z{HF}5-tH=9N zGq)dy27d$&l#`Gb^!R?D#TkiMbd?wn%;{m0ZPET&$@ z41QYcO*KP8Uhj)5kng`xu@Lc4R9WJ5Vv~2?T`YBa_U#~&_&!L`hfUT$JAKH2#tX`x zmNMb(c&wkZVb=3dwM6tl>A#C%Z|^ z(;}-S8Isy&fxzgJTq(*bvHXkg(68u7l9Yc$ycUOfOK=4gUAGQ5;oPw8s!z_6WmVF? z&bKAoEZjQ8btV9KiUzSd3lG;!H737aL&fy>;bUbG;Y0%f&g-{ zJsF(r>7fGRg{Ffi#HL4%Qob02(y^le6Dqc{pXcxu$RS|VYrJ?V1(boA`B}N`D?zTz z0Uhs7BLED7Yn!D}Q~&*giv%l~D50hv&$fn!OuasbB)W?Gm)|R z3zzA4hQ%6H8J9`S=Bv|=KaV}y_9e?jl}nxKLur0C>W((iGpcC=0z@m+_MRIDE>?3= zVtU0wbMVZ)ERi@LZiGOT<$-16eePx|3r5#BWveg9Rp5s+t{)?GYgAM(G-saqpY()D8LkK75)NmpW{x za_ZCs@+2CqEHc63{wO=>V?kFc%eN-&uipS%-|Z*y3Xb!I9Vrm*K(CBhXD%1;0TT10 zWvF!*Q)O(1S-wW;$RoJb8E8-9YW(80xB<`f@Ex-A$qs1@3&5i3fl^jd)ponj-+A2l z*f1>TUUBA)TK8$Wh1;JnHT%!jXwqxG{R3=@B`tSp?!nz(&m;QAMTaFB*P06J76LZz z_Nkpq%lesfKYj@CA-Ib)GSTF+U4&(HGt;4smK1PBD)oMn8}SNd?L$(;0$R@jXq(@nJ0(x)b zYQ$>dddsg;-^2>G)g~D>?AC@86;$BIBCSL|E}?Ak&cqeP@2-HV+J0EgzaSnv>D}Us z2Rp=1xl$(u6Mru!jPrIh^zf76z+LcVP{YZIa#ne)6Si5R3#)5F$%50F@Cr7+yzua1 z^L#{c$Ekz(JueFi-ULTQ-Qmsan1%D8KQmeOx=2ZV_;WmuMxI+z6c|DmuP$&?^$`ul zo$iSLrx?x(s93+obWAr){K`1hF!|koVlyKnh+4AIBG+UBc_{OWx2EnF?0ct%6ralp zd)nO{q-2Ajktj64nN0mo+LIN^CkN>N$b1Hy4={7eOsYsskG@ZWDagv?Rbx`)+gX64RU zfSi}8lW3TlU>!Nn0Lz>0#jgocn+55mC4tmB2AftulSl@DZ=qz2>wGyb!;CuWK;7t@ z9g*09{mk33CS@MR3o@MYz{)O8q67`dMntm6^Ri6-qwLLMBbUR@Iaz;U@(~HrFfU+F z$dspgMgSR|^EPH9x%zW=%r*M%8r8p}>+1@6n=Bz3C@gcwsG{`+Jd#YWGhnW?xUsyM z>RGhmOa4)A^7U_kYWhI08AX&<7QqMMnmK*=!C^2tR)N#+CIA!pA<*dbFd2hyu>|(jJI7whKN7ALsS#C^tlnUPBOB37Wzb3?YzjLozj$RB)N}GD!YZmm!vNf^|$;641R8;vM z_gu7-3pN?`kv`(;uE1YDU*wuQX9K!U+HLu1Ej^17A|wVlMTUF*dQcwNZVihP1D@yM z0B!z$6j8eyhR^3TsPg{$;fLT=xwx*)(RuC3jK1}E&dqJ~iUSGzetogXo69|Wh<_Dw z67|g2evP$%oj($A3(=)UT3>BgBfO|C-}+6%OZ}BnMIb6zU;pyAZIAzFp1=S8w>d<; zl-HA#$;<7vI2e1jojc_cqC7$92&#q1R1t4@pQA_;;zF_Gn~{AJc%C3OWDV{UCPJB( za8IKPs2CH#DzC@h)XiA;S!%~$)UN(i-7Sk@UV6=9Z(Jvdv z9}o5A2lOkwTf{rk>H*^IBkG@w8-ZS1uj&GR18qIN?V z%byMY^v#=nvl6!3l%|b-_c`e^~K(3jgn7rSHD{16Jy*-l!@r&2|-oNd;C4$Oq^c?j;9@hbMy& z54<#CAdGb7h1F=2nj!5g(e=eR&_L$3-f)TjxFGR5Cp!36+x#I98?}Zdzu+ke21i4= z+<#$<)T?PW!B;JvG+sWo>7U3Vx7v$Gu3~8$Hf~5^0?_&?vqa;by(g#d=}}SX-4-t} zd`<>C6ny0SBf~2+0ioXzk@_M~>=sn9JvY3iKA#4ih%snLKtMhsb;lK>Qd-#TD1gxw z0a|;Oct#;AOVXLk-&U&9-;w(@sO@kq&xW-FX4}b=3Q+&$S2?;(StC~xR!Lwwu5c+A z$3Y70w2E|j=84$GL^zZ{BTG=F2<^DzLlaV8_pgVFWDDB!KnwJil$8dn4#ZI?XrDpG#u%9lPD2jn1`K;DBl-M|bqiqUmH%J@?WX{VMH!e9Zk$Eg+Y9$HtD&X>PLJjY0Su`x z7kSPR-~tmx57VsAyeA$z)lfau5RC~{f&DOw-a@VB^s?FgbI^nWZWxuvi=yk!p8i$# zQGrSVTK-b?P3J6;|9)POR|UFD7$lGmJv$a+)_}V8Hgmu+K>g&~@f?yEN~b%F@kFMIM{4qwD&9JwB501}Acvig;a? zpx$`MzP>7AHue3z`pDKsx00ED-nx2t-}d#9;~b&W`){~RH(O#B;pb;?RMd0S)-Mak z9)jS*{^_{F-zaQMiX2owFAbSno#aoPB#T8nS;`J05k) z6&pl`@2t!9%I&>ore8|9YvUDc@Lta~rolkUcXVsCYfV8(TUFY!Q?y2d2z_|b70_A? zs`L7-+`)_WESzvGy=*G!Wv8t+oJCj}oGO5NsBq`2U-eE&NWEi&PSOWT{%aaGu&rXe zmI0@uzQ`}(fSnV?mNytQEIYU993&aL@k}RO@*Thlc77r*qntdO0IBPcFl|Zt|LrKO zr`Z|`8~^txtZu?TM`8Uk3AqL(ogg}KQG*^CR7O%k;-W8|3~(EvSC%Cp8%2Q}Yhl-S6d23E*A-;-wKGs>%Lq@ zxRmPLZo&#&zWQYnP;`TvK*72(-{RE+gjG4f9*_yaj$|dG@fCQg!(~D8*2f-a4>y%W zLd5v0izrn9JNHeQK!EJW?=M&;-x4iald|!x3T>%sXZV$gX!O#}al{1y^0Rg452^;? zpPu1+_A7&pg%hGS*^b@fNMcG;cA`b2kr!WepmDiZ99xR*^5Ss83!{^Afmu+n~bA+VFyD zk4`fFi3l|6vI&XXif(Cv-?BC>Yn`XPbb0y23V%#iY#bISR6FT<#W}a5}YQkFd;Qnr~Dx%0u3Y_gwDHS~c=q5HpjnM9O!6&5zMy~H4QfA<#NkyG? zYH}T?gu+X!vXYhW35lAMlWKhd^5pS6zpqHP_9dAB^sqy=AC48$FwZ zdAEY#OZvz(q&fu;?Op%?;q{-lP)p-g7LQBOHGBXTz}xGU_M}OdX?Q6qENCgw@Y8AD zBX=LZzeN`I(!pR;LeCJCmiit#)=t1~mwIlcJb3f_cKb~54VyI&R7ZV=RXDX5IdG(0 zX^TS0)ip}cM&9}G$ouHd5Olj6XkQ#pFJzlLsP*E7o<-2N8BE_YwrC+p$srX2@fPrq z3^WCG;C|egp@I1z?h=cc~|y~az(7$u3F(ewdCql z-bvUFWKB5puvLF<-xw8pC7by4-03DY_`}^3s7L_)8GF{Z;y8rfE@;*xpCQ{vf0`@h zlT;Xg(U=PsSl39PZ&)Ig{Gfqzz3gjM;2vwAJn>=G8b5pQ%$1H;k{1EA^VI< z>YR06ym&oJ9O@(tf_i=gIu7=(WdO##&hZMpthoh|vAvovc7(6o0MkV(Tyh^`C7fOuW2`bbJ;4_MaWNVB@C=mVnDgJ!BhmPu_?9TF*7qvcjR^Tj*Q0e?!*)5T(lYFkho8Pz zsJJsH4W=gCTD%o!BMMXla5=V?AA;5U%thSPcS)rp8D8Kk*HWCWJKlRF@l}CGQ zj^h!WZVvJbv}DW)W5vx}88S5`>o9Ni>Js$GB_JVo2sUz4aU_co7vFD96B!Ml`BafC(t`7^KCPC2;RG8Mzk?iTRYZg=AM^> zKfmog${(K5f1gs_%p#gILDE=M&9Z%lI-zY1hRwS$$C99{0WqsMRP?WpX$$fHcp3sO zuGwah&lwq03kyZQ9j1UhBl;F?j%tT1><3`Sf6!%?&nEb!x|kIu8=_?K@mB;{i7BH# zTCYpZ#d}T;ofj~o#X)B%1%!sM)PKJ6DH#T+9H1P2<%m?VW2rD#&zf*w_r3QnQ^Y8=AP+?pLWsQ&e6Yf ziz;X=K}{K0lPlTZA(k%tVB$<%-wv zue0WeaVE?${~MtibA9N)NvQ5L+i?u8YWb1fGkA~uz5DcN8ihAf2HNUT_VNOnE>LyG zAab1BQu*a&RPId(w>eE5jZf4!6~LsZBr4oLrb1y!6?5@(eHYB~jtl3pMyTG1)ZaYk zq{>8&Dz}|_!ICaffz!d6_18yP_B+0j%{kL?{{UEz5ow(Iai{mbTB_GhJR-u0w$Ir# z?Y&_DhaK$s3Mtooib`cf1xGGliU!ds51VK(Bet=LQ@zsr53lH6gy5v-Qc4& zLhU?>ys}>xwBLn2=ayHi(yM;3%iO>7ghZg_qCLgMD}3)UhRhegcm>Ne6U%g>3#1G> z1cc0EBEOCe-k~g7zW?L8`!EHFcs58U{kgSZQpVtZ473=>@>%`0p<#ezzrb`YYUez_ zNeJVNkhcjA;9@g!Kv+!>Q3yHE@Fh<4`^phni?4&o3;36 zaP+rybfmy&jb$(*{zC1Rhd#)FTGUsBoXA|J<1$-z9q!c#^oP4+4s%cXx7ovi1MupA z#$AZ*M=!Cca_dm8TTsPs-Y#mZ;m%&@Ww)NU;ov%cuE)C&(t1hKb1(8A)KEVfdwX60 z+nNM(UP!#^#4TB+rP`}x;;Qws&`3{7(N*t#uYTgSg)SkW%TO%NS0(7UM;msF)oKsj zJADYQvO*4r?a%xLAI5?%Cox?^B0E<3DZ^y}yBbAgG0uOz$hc&Dp^N%@Lu)a>A{|8z zSgj$zUQH^!?=4C`*t=7LIFZY-C90)CjZ-Uqu5>YDQKApxErqM4izJTI#W8!1gVhzD zqGU+HW<6}lUbt84|1K3`XY~6{oo{b%N9xvYi?6ERm z_PlHmQH#}qj`0`>{HFMQazgxuWqT4Dju-fZzjXN79c9D3uYJ zjyoJn2F?USe zW@Xw}+Uu)0gVILzzK8Nq++9?9tQIbf%9ldzu5rYd-bcTGkv^256s=!`8`u2?Gj?sOMkLFqW z>x$>>yatzuN%kgwxV8|;P2RGx!4;@N9x8u@2lTmc6%YZ)$qfyEc8YuGOqk)ZOjHp9 zJ#2<+m)j!9Lq}d-f8JeXLL&q*?CwRsxk5b5tbvIcuGM>9Q8!?=oYT*Asy!)Gqr)$d(NSW%m+Nw85&I4?lV(^#mu z2;0EehT~4gc|ZBQjU3;q?}Z~i?-eOD#(aa0hgl7oc_?tSB?o$E_ z7VdGE#^4OW1=>Jqx`US{F_R9(N5#|0Ifd1HgEmlYhkbZtzEFiu5h`nIq$$n1 z`~C(E$!Anxr#X3V*tTLBl4ejN`|3ZRoeHN_V_TxhV_?J|(VuhayT4JB+zm$HM%D`f zdtj&{Tw$WdNU*m3oaMsn!ujRgO(tAn^-CAfgsGF7Ul^E;8d%KnygN3Hgs-|)Zac&U z(^C-oTBUkZ^-x*wWJkg|AsNhXTPYeRb$hj28}Ik>@(t>aFJFx3n20ko>V|F!nc21Q zPU##x9;Q71{p$x9b^vlI;A7v-AO7$2v7tLTG#S{4mF{T9h~#Pj@(CP#Itq-j9Vuql z^g)}kj~Qa}Z36YKlRU5z{&RilN4~w9@RGn(mBR`(SM+J_hmqP31|&$*J1i+nc!eZ$ zXtp|p`vlTPNPoW-Nde{yQ7)7T89@kzCfSNG)3*@%z z<-Ylkv9Wg)Ham!`5)NWa8&t(rxJH`l9_->do)3E{^8U{Z=a{7O;UrjE($CpTL_{9I zPdy!6QV6p*!K!9F*2x2k1rBGAz11Sh4Z&%PhTvqd?L-M^=FNQEFv{|X zp>`3Jh!MywwL`@!Ha(& zat7+UAjUmGf8gv5h-L7#frNF}v#E)qNz=g^m03XMItnL9N!YpCo@V4R?55A8am-nk z7)>HN_=C1^H5g7bDNe~JdCF@Jp$pR1@}W!0fWE-q1--#b=(;3%htbKFF{i?n*Cu8Y z=j)!?Ju|0tu6T?eW|<^SS-5BCjq*<%cF_VZ7HSCH{=KPRnNyQ*F2krC?@#|=D(ntE zTm(Vq{)I9|%U9AM1_ldZw9?f|&5^IA-_TL6qoX59CkCp~6u(T%s21Ch(wk$#bA|lX zT*?h5>_!d6Et;fHOxZ?aVtrAK#V_B!i|NP);!a*cE-}LGZ&p)vYUkdX+AX4_1Qk)? z*i+TxopNiFKQNJ~JP*-L@+CrQ8U>9BZMDmH@<-Bf~L^;G`mlK5OR*-@!|&ZdMq%tG?hn+lOi6uU1=2kN1XUWl1Ys$ZDOu8 zi}OP*9Vt|E$S~p2uRpTGHzyXAd*n@Z8pkcC-X@G$;U#_TNyrH=waT!IY9|-A5q~$x zaz9t^Rueg++;vIJ1V%@&@>B2?RQAsaVy0Rws&7;YIxnwK`3^>(kX6 zrv3?0yK(2hUx?ZezDxh-VpI0W>xYEcts(zjxULdW#t^$|kM)G$;(}}(_i?bswE}IN zv0`EZ$H>x!?=(Mi&aBc0#Ouv@v92!UMb$7Sl|B0N0ls|rvv>W1%KIj=cjmP(zb~}E zI-rC#cKx)6gyK`Aoy45)L_?oRVIx*>{(R2SuQUd51p*8iYxWpVHtDwq{bQh9BF3W% zK5nhBgtRIE=1@?7(c#^{Lg!B02r;1g%6{f%eHKCo zVLJ*TG|y$e0AtwhD#2bBHi$WixU^I+=Hfj*dw-mT*mt9e(9z5Xl(f*9(ffaLmu?%! z+&#DaNCy0KPv{RMAQ?JrYP6^^zzyAmk&KY1lKJT6HL!4h+D;vg6k;?Zaqh-0&Z)TM z)Kr{=(Qqx3?k1||18@u^%}rIF4qnpDGF1+sgxHObY|GBMr*2DEunTEQ=;^@?xwe%t_^`65=WkXNFg^p<0 z4%>IZo8PG$!W4ISd!i9pFs7qj4#%3lf58;jxAGJj zl?6}=f!{?SYa#8cBf`IAJQFqImP=k`6=%qaDlQZN)c3Cz;=5Y$9k%D`gAMFm7h%L5 zlp!ytVZ$H48u#gxMlgwI*~%FyPyLr|^V!NpMmO7hbKXCED=w8#?}TeW|(n z|B1e|I>CAkn~k>lPWXeF&3Xw%X72vhe3XJ;b7FK%=GDAi_pF3MYMa!z;@-C-%#L7V zf66p%&{Op4$1hJvc8)VGl=(nlkzr&J-<^ee%Q|Q1UP&cJMCxS#OfPqL;Gw&|#!ct0KYem=cN(ND|wKeY9g z@rAyv5$##*t0GCsx6mD-*+J$R+m zoxjJ94?Jz94S_C4DjfLYd9&G>nEp;;`swoDNlZn;zTAOn5_$~>jh@GM5A2l|t2e7_ z++}&4&TwIN0XmXK{jV)%=VG%~!T@?oS6eQ0@!F@R6VV`CRa;Z@4N}djH zlH;Q#j`rrjLV6yh2+`&F<<=a^_`2B&hoaaINY%ed2H1qp=NUjHiYVzlBlMaisClPA zMMJf2fIbhViu6o7>f{#+69?K#>BMjKX&%f-v#gadEK*MsZ))yJD-jUbDRIDP70mk+ z1s2%lu-f7tqhRcDQvaR|W~$*l%i+@hS&=C9--$$}tEq%Na4|9{YA7cg|&R=zAXwI2TLct@{3`2`i;j0wkD?lEIBZ zEHA3wE8?b(!x96tW6AYG(WNUJSC>Bcn;aN0Xt0ZcxCFfA_;R27sW8L{Z?CtKSvE;1 z%|Q{4THdn$2*EB;i2Zhu+U7L(uQ^CfwALJ?b!VT2wsG(rIQ33j8ICie4kT3OC}?IF z{`N>#tVz46<731^YdDYUPVp^NPbnx(&`FsvUH%|8^OG$U@{HeFA`9)ROCW1fD0DKo zAkqnARQ3hFqJLNLH4rnQ1Os@Z%B;q25OjHwRH{^PHITT1y93QvSxNXyMVdxuq@j>P|Z zz&x6o3^_k>wx{0!K!eH0PRjg)w!rfuxMF^ZlJ%2W(2YXFawI=DVM&nC%SO#wq|QD~MpRD+FJfEI{2op2VROl- zG27-C%C85r=>BV>^&ha$;|VM0{7xZgwcsz>Q2(%n-NuZ6dxU@1nM$JZ+}rfsipw=0 z*-r})b|gJ{3*WdOeV&c-_tV#zL9Ggp_-`No)^PcM^l<(|KmcTE)J!u2^g~CogRlix ze@>jIWs`c`=xWTfZpW3Wxs0=n)bD79|6B9t`@WN$;)jkzQU4_J{I3n$yi_+zWBm2# z5kI;CSxe!gFUtQPEvFEBzrp|OYe54Q@K>9&U&pIudG3{Ph^9DmXgC@{Ea}5cTPS%lKZf z9VF1NkFWH!4IQD%?-PpcS?YVZeYVGCvH&kC6L#tXLDR-(Id6W}(5PAMPi|M{-|k$? zhJv983=B6n;0a-a?Qntl)3qNZWMky~C#E+jK{h%iE{=_m1^)o_t1V~kH#@Hv^+`td&py8Q zU2qgcALrNQ%*8POCRK$JyDdM^FRaX!VGo$+murIc7Ja;2pFRAyFZ%Vlf5R2)Pqm_9 z(fWlk(61DFB71QCG|EwKALiM#ATr^EWoy@lcQlWF z^U@%F4eIYH^|hA*W(mapcqGWXInjZ!7lB|vqL zs>dv=W$t`})Rqh|SoP5HglLdp3Vj+T0MwfVdjXb1dr$V&!Snc}uKVJrfD1cm1p zc@>EUv>(GSSi)2Cn&O3vht1O7y&90S?A2tKQrA{bfqveil45ps*X8NsiAlz{D&`PB zm>?55PVUUJ*sigWhImU^`IyrS5?LF!Bold-)8d}?7cyAu;ct(fc=Ky=%dNS+J~(=q z-mY|Wq|^v3-B}R^!ANBe;p;{khiy76Dv1FlI+Zs3}qJe#}uRf0J3^_a9Q~v79 zXf)K|O})@~xWKBcG>GpVHyu@j=OBx3K?5{l zPKoVF2^HI!dAsZKm}SO5)agc2xL?E0zF&@g)<6^)dI6PJcB4SF6xr;3Ju*({TPuJQ zA&kW~s`yfh(N0bQ;G;U3cwLDeB08g8@vy zHs`?kfYzuio@NWu?Mw|DvlIcb%f{+{?wvyR%p&=7j9 zTw`4P{0jHapXZQ`I^|_ORr5al=e&2OM-#E7t=m@WV{qEt^86$_27c8qbaeK#w4$Nt zu*$Tme}CA)LkZ7bfD0BgDuJc@B~pgMITLvN9SRJ(IPoEi3tS%mL>IaOdk@N@^|^H^ z)R+G}lE4LG7wE(Cpc-z$&Zddr>tg-uGeWUybKf+7-vWPqj*5zH|9@zC{o@V2_MQJX zSLy%%+x&X|US9gg9nAkXo}1Pyy(5zn20Xu3?(kO@Ug+Lxt4ToZT?25W#Qe`x2q=jheAInz5L4w!^9xc-1<1zGYUZwJ$ zB=OlC{`LCo!eabl_N&cm#LI;>=k~pbQ{aeKNQ_fRY&|)sXCPan(wBNvhv<{&RVFMI zsJNPEH*{j{!r1(+)W|V_==Mrhs$0JK#r*a>uJ40ivE-QBM{M~R+2q0Z1i^B&W@*xR zLLYbeyQhRA@bNZEPu-RmOjefWBZRD87o2zv#m|MW+uf7kYiyJf14qPLVy4l}6IM6S zizz~Ivp~fB8PB99Ka5?ekCo6_ULfS1mz{7@SlEF_b03VM{sRP@L z&GF;hHw_Hp&zg0_0R<-?W%jwjP(1)aNVpC>jft?o^5TtMG|O7kggk7%P+|U57=wqr@doeChiKEW7{6>U`7coA>W8imiOnN7R2^8_y~|3JfZEhnbv%dWyIP$)~Q zE~Yc8B{w>)tp&!D6nHZoUR|0jOu`7__C-~Rw1^crPH@=aSIcU4p0O+K-g3QlRi~|C z(T6bt9pv5TYjqH?Lnaa+g522^ryv|V*^Qp_ck>CPnA>jECGX$PZDn2gB<$LFitVNu zL_ilBSC{0pT*+-?O>aDX4~nHg?ADIdq2yMklUyQSmltIR>-K_Q;4ZWIzV*wovCFJB zc9#J>SQx~*#V?k+$1WJoDnW>4|A7Nw0!x$TDYzW&+PJbi%5(ccWoc=z(uEZ5jdQI2 zY|9@cmL9sTE{5hf%^0fm5nf&LZ0pz$5+_gFzIPWSIlsC(eS7NaZD(iK%#?e$L8iB4 zu}HnhJ{^zMu`se3Go~k#7sgVttsVPsk{EM_#&G?gIAU9ion~y?4ML>?;pf{e{jiEp zNT}&8D=TpF^cuc5*Ksz&(rl$-x7D2j=l>$_yQ7-SzILtS=vc;rj7m`fQ4kPm(nJRV={58+ ziu5KW^kQcO0qGs2LjsAE(2Giw8d`{S=@6RKNGQ4cb)4V5-}n7}*Sc$6)*1(eB=39P zbIyMDv!7?5&fWc6LKf{zkgxp7Ci|wthdPuMA~nmjnn2sy6tdrT&oJ@K;ia5%`t{`G z^fb5Inq{IGS^;0PTi)>ITpFBqZQUBfuV3w5M!8UZbEIo@*SX1$veLpwesTCTQY#M= zd^qu|k;mlKbqcA4umE5!B3wWTb_q?SGl0=8sHF=%_;kR?cXN_PF@xbub0Dztyh@uP!aG-9HkWf(R%A*YG^6*Urq7QweSCr%?X zPcuuIlpqQR6O_K#`msD7%tg88s1S;+p`#XE_-5L|wa>kG2D(G@^2E?%=_>LYBb@v5 zC{uHGXP>WXSyXT`5_i~l>9lpxZh8$Sk$QoT9j0*kRGeWVxM-l`k9G))q@ejcValAD zcW@Kwx3&k&hO6tHO?R-FYYr6_?p*FB9pzH)l!@2HUaxvb^70f`j2@nKZvS+eD_~=ka-27Ta;>ECQZ(KMyIp@CQo6@?Ihc)4>(lf0EYc;Sh^b&n( z0;@cG+SRMJ*0hN%l5nhRQO3i-jfDXVya6pRgO*HR;lnLFecU|ktqI@KQxj1r1qFpJ zWs#wt*{n^t#ygx5J<^=|`zYizEbr2gH0S=k>kC(W1bE~*4feqpqz`hWm(=d^v7H46KV+&QeJi14v_m7) zr6Q}ItOz22XhrDMu=s}giF&Dx9Go{ng)64POS+1c(>S%*kL7~EJsTVRmm+8cj{1(rd z6n})sumTDMf?lr)ou;!RC;yuL=i!|FMONX+Nu`hvAej!Z60oHp9b*9Cqo5(J2^ul50GQo;U;@Ilf6^n#S6n#2Js>ez5A(Bf7xRKdCTw9)ioYE zRG2m%-;sOmRsIb68thEPj#xGZGb2$O%Jaj%TXt;;9$DDyS>ST9nxH3FiHG1vhv~O= zRUWC{h=N#5yCjgNDi?g@utH`^0L1x7ZL1d=yfsRPA%4Z-J3lgy&yvGLX0 z6z=-Ex~sgrDsZY)haz9qBhAc8PmQ?6q4K$ShnoC8*52u78NRV0OFfL4T*AWI$gjP< zB+Vhe0DUoN>vIH$k=v3h-)gm&oT`)bHxxmKDoC$cWnf@1J1XF@R7Iu0K7+Eg&8^*9 z30J+X?(JO(aRKkTFmR#!5S*f&2ZwS93(G>UNbP&~UW|>83)%I%#7`>P9NONwaP?vR zk^08QId~y|^N2X;;J%NCoJw|V3gh6|2(5qp;D31;>RfsZtKSo0a9V%t}af^#AWebZ6s7cXAi5A%HWitF}m;~M&g z7eRD{!)p8aco6OP3m34gjC|Tu`yspL2yF|6t@gve{@RfnTUg{gtzsH$H*gsZw-y&D z#tuVb)0>AfHcmP(X!(xUNNj*9O+NgJ)z$`cLm5hch)?y-ohRnRB)gvanHkHrL~$Jz z6_u$}RDZB;F&(CG^zEH_O&K}43kzQbRKq6@1E{!kWOXHApZvjtPFxWy&Q1)y*-^vu zz4tdoW$tojjlI+CeEY7fS8mLB2dIXlErD2+tP<{CYJW(eUq@fz^u*j8meIspT``(hC`>Q6 zErwtE#O-hIBqSvnE}Tx=562k~3@Dm529uoq{Mro%zkYT)ot&7hW8$Nnr%%xK^{swr zYKq?e!tYU9!7aq0m(R}+PTMec4tDmdVq*Go$C-tz!hN7b-UIO6{mzCB%| zU?@mk7|dw26!q$qzqva_V9(8A&m3d&a=Ziih1n z$g<;(s>E_SqB@jg_0dA4;OB*HvtcvkhL4+_J%`b$sc!SquWPKI{Ty1$b@i&6u`v#e zrP(mK62+{He0h5beyF9g?=P zxPM;_t|L>)qq>g9+mo%H)|26E!7S=@&&nzXV^mR$;2>Bv@(j70z1Lgx_QmGs=Zkr) zq*How@&I@M5p}Nrz2kF0xmPSKEQB0}Kj{|xR9u)C8@mishhS|axcJzAV*yoSZv=7N zhPrq)EtfsRES-Df!(Mn+_rnSb3eLa-|MEqbBU!mOT|RtmdzFZVj|BTLs&#h<0<2o0 zdE44b3qIn$ccE^HePUO4H=wnwj>YNy1w-X-nhW{_m$AAgjr|E`g#95>%P|{`b@#*K z1nq5mYJ(HSn!39+7Z(?g*!LQ89e;E1z%N{ql1A#8#JsTw3cb14j1u@CG zEB&={Sq+AHmW;0{cUeqjlMB8IBS5er_f}Dd490Fj4d`p7tfYNsN1vCivGT5K){2u; zWO8EOvu$trm(7JVzs@xYc@1ON;uSbBBsvtA5Z>5|#k;T^)5pH@QeK@nl`v$}Tsz`> z5mQjLJY_%|`Sj9rofLM02XD^XY#p7{0bH|}9oF@rDbjw)364zV)l!6`@C@87HO#EIxwhNzjI zQ{30tnI=c@BynL0qBw_|YMKGD202A)E0FrMqN3u}F;?S;eqv5LVpd)3%AWRN6f)i< zqV?=)Hcn1XL^ad7y%hp{xbv~+JUhw2loBagF+T?Z=`da1Ye zs*bTlcI6*39_yKxr<2o~y;S9h<14*C5|^tFrOe&^A%G~>9sbR3%wLATc6;7-(#(RJ zuaNTam03NBi~EYsW%Y%MrQIxxBoBQ=Q(0J8h^tr>+i|8zt*=*l$bOh?uUPE)@N_?V zs`Z@Y=0te8)wjQnofo_hdmb{YXlsk6C5j$$Q5VEqvh7(s3MC{Y&Jesx;CRU#IM5)+ zE%`PDlA)wTL3w;NEiNoPoI`%DH%~`bHzu?C25H+h!*lF4=Nd`J48fYzWmhtU z;ZTh3Ut1H{rSGajERZGYK6voJb7EA^1@gp$zx={wdp}0K7nT91YC;DX_i^w^R?tBJ zm~3sJNJx1$Izm=mS}ZIq0fB+tfL6|&J(~&X>I@X1gnJ(>jLNZeo(N>*mXb2j)9dr3 zKc@;ktoyYsUW90dSd{wJytQ|>s5;5FtJb$(9dmMZ)g~rMGW4@)0W^KDUu>Hb6fbOj zhraj7Z@(e;P~^5`Ou`u%0Kh8H8+rK{jYer}Mr#J)S3@uf(nb#XrluxXf@DF@ zHB0EYII|(X_!dsN_Z@kE7mjxARepZxLNY1rqUF-zu@T=bWnkCe`uqFiDt0|h%Q>v9 zN2+~X!xNaS4gpAr2n|i4LEImz2=VszcCnl5g+Qy}>kAUpGVQQ4U8ygCY2+YKNe33q{!c1(?%+-_}d?&@tbXbrR+uJk}eNTKh~S4rt3Gw*w- z9I~fkwUvG7J5*!{J*l&4qRvyuIo>dB$nQsMnJ@wy)z0A6xDE@S$EaKjo)gmaOwf1x zdH;8>Cf82&G7k^94nbAzg?>Urgo`Y7*b9$@=5I2iQHj{05d(7o4I=xGqu66@WHFx(< zPEAn)`D!}gNn?Q=h+CU4>_1Itv~CHAU{JkT@iykJ9vP3-#v=_+DZP1Ed&zQn?Gx5h zlatW7Y+XT7u~08L4R*M6zsjBBazMM)xyQe zX@G2}NTcKUUrzM;v;JrmN2nS7h0WI@FBRZUgzFAvY%EouU}H1&Cbs^>48!{0D0PN1 zUmw_IdN3$%utXapciR#sQL%O)P#4HxN!y;(SF ze>S(;C(skc&Bvmp{pM4s=V=0G^XMw^WN@X0ukYQm>HI8zi?X?VooR%-{%ZZ`w7~VN zw37E~&BQj;-Hpwd2fpp_hx+#WtL8DuMp}z&%{3RzEjfX)cVvO7Bvj_+Z62ecV!cif!u&t7+sKZ$dQuJI%);CGmEP0}G7r>t$ zf(@gPL$4CN(|M28wgy*T{i6F2uOb2i1HEmM{0ap5_*5aW5h@n4rrL94v14U}&abR( zboCX=LnuOpUr`qH8+W`IG^5x3_k>p7@l;Ti1<3Wm;+w5gNK0e4W zDOt%;v5eQcS0-D~^8ly4yyjkAuz$ryqmD;lRu0q*vczD?Q_b+!4+ZOy1vVp3r zs|SRH=xAw0AhAqdBe9%u*fdP$?%k)o;DbM)Vrpti*ezLy`v`Z)(=T7x7~s-UyYWSa(1ESS0v(9jGb|$@lAicgg z)L5Af=`O)>TozuI4b3Ny96w$x@1zgV)8k~*N7t`CIo-e`-AsyFfK8FIwPmw33}Waj z@~}VKKF6QsOcL^@)2v#Dc(Nd#c7XuMs;oOE-j73dfMK_Loi^#i^R}N>ayV zES0vqwGa}^+m(68czYMTQlNoszjeJBu2!zfBL?Kx0Nfl z?R%K(w~j%H`Ou1n#*uT>R*xJx5)mJdPZ-=z^;=zmpq0Iyz%*%LHs>dP!e*twsJW$G z`#X*;uE-^8rJ!)#v?n?4+xT$=;_N(rqk`Y=t)wXE=)T2&KN!-I=PE5!LA4=0=G%N1 zrg==~;K=6d!MTInz8}ZAu74I`%yHqX`u@zmVqF`~ZQ1mHa~+bPObD%(AD-;WE{*m! z>lc?}=YN38)2B{HBqi~}fDHMN{{YE>5v*4IojFQiaHElB>pMXyUgO-IEz=1K1v3|T z+T0%S5@4qH1L6iUFZhl`hZh!BZ!P-umpY~){Z`iu7Zw-oHH$0f$h=17*(!-*7`<*C zhsxzwj^0ULi=t%}6)m+xM%4swyWVR#3J?7=jB3P0MXd}bgsZ5@RNH2qh%`W!u)Qfl zHfPlm#S`Zsq%{dltjpSrI=mVS_z~s1Bj&K{JszWL48(DXp1+Z%exyhu);M}Z&62vsPhgav|!I#3z zp9T#TTi<8P2`RSTkm5E7%zgMuF?F{`K(_UTs^0=lzQ@QA4uIK zAZTD@0;kSPdKM+v^nkWLTqQ{&2cjT{vDD65_^DHh_7Q9?lM~Yz*mD2{bXj$GxJB9l zYlfK1)<5i=K=>*o*ZS=@O|@ECCnqNj;9mfBq|~{-;yXevwlfG?2h7JMu(}=oY;*G< z*Y#WUy0NXL8oZezw0jWILCC8ChpIdX-Zt}J@?~RxBLGXc5YorT$jFGE?`U$56NK1q zL)NYoVON9$f$d92f7$&0{SVcU#lf=GXUQtZ4j=BEPWHn&Qr~F8fTC$V@;e(_4h@=5 z%q`m4`?eFqqA<^%t)5G1uUBC77IoTmC)AhC*ys8*joPWOr!EYms}~y>PvlsS z-cQV@CJNY0DakAh^Qfw-9y|V9cje}4k!5Gh+U9yr2Q{M z#D}MSUKn6tWVGPDBI>lG&txI5qS9Mnrl`o2%pt|wnets))*}$}H*=KhPF#FEw#tjz zA5rytuyIW@SFlAe6|ljz<$LNH@mbM2ktQ`PqAt2XJ%G+${3$xH+Gh(`pVU!VaWut} z{Q*K*`mR$D)RD{IV8?FykgQMj8CID`VD?C&Re~K&(AIDFp|e$n)~zFq+fe#6Qc*%4nX$~(s8AK5=Y-|MN=iy74Ai6vh%nO2%N)hdV}++d z8T@CrzCtuiD2ppfYJlz5KOSP8fojeQl}bLXDv{E`BBMHF^agFy%f-ef9TYFv3(N-w z_$(yYgg((w=hngX#HO<&Oah=mh&x^Iw>-nLE(mBPL%#7)eohgv2oszwn|A5``jNI4 zt_mVDGhQzFm5q&p%?c>3!Dg!S;K9?CRpO!8_9StGu`f#AuBlVrYoTo`jGvmCLG!Q zb03~QUs+qzYE(&llYUJuETP%@5Wo%w$kA6;oEVsxa)H-TK_+jRY4q-w3OO7OXFY(+ z+rIFfTU1o9!c8t##{>hsncbJ~6#!l)XGc@S&_ut*W{fHlqINe*YG(69Ml@`d-gx`? z2rVW#mapQ(+hn-s5#k^4B7&)r(MA$vsQ*XhafDxHR%dQ^6A=-KPqF&b>qRq}Tw-aN zzP)NvFiARBs2neXB&O%Z&2xRXm*qgB1(W_b>>BLO>i%oMsse!@3Q=QYX~aQ7o=5&A zL?XNH`kPDPU%&oURu-xBN1n<8;DPETCr6F2bC zRc_`(m$GfaFhPXT&73cbVeJc)AV3r&}`pCB!7O3hYRN_eML$~O&~xF)bl&_^huGs`W_ry4CN zziBR9A)#F7-{;QhFi>f_daYaOMRPjx7#*VPfdjCi92B&?C@&Ttp*2ayYnsGhAbE-> zi!W81@|w@|=EXxO&j1vbk(I^G!_(%j$6{{RlN~DihUr@5=@U+Zvg)CpntIKi#DIiG zv%DY0RJAh#63kw=joq(g-ZGC#G!-$9iB8PR4R4Grw@6dj1&84Eg!Smgqu4)R-y`6s z+q%P5C9bh1uc{JXZ5%~GT8r=s^9k3P141-`oY=Q-pKa3o>hf|YsCrY8dO@b1^P@86 z0k;`I8o+{O@S862QV**zMyGPFFs(yzXRe!gTd4e-j^mOPs4&9=_WQ(_*a7;^LKghq z{l8>8j8x0^U2v#WU#iyh+*6x$h}B&Us57;P4^xp;dG`4UDK$^ea{f1Fda!gRC}R(k zY)ywC*Muwu7+k@}AMSW~dUD;o*)@9ci3cl`_+*zImoa*UkXDwfS65dD1oYbp6dB5F z_U3Xx?3`qrxF#utD!}M$xGWC#eOUsiciv_EVp(}Pkkj1({Z$4);_`Bla|(frF})7z zh(m30qKZZpXO9KC^BWo(_RKj{ojG;tGQ*)wPwFDj)11trD_OVc+pE7}I4=m>cZ}A` zA$NCIbix7G)==bmq6|kbBG;It6U+?2yVy1lc_|t=%GS-n`jUrpUP2yGD8nB=m#vU$Abs z9AH_}mPF{Jck%W&GXW1}n>MOAIXbEX{3E5AxR)ijlLqMD{Z*20 zBQg8nFHuZMU2$yFTaY)Mal4^nY-~&!DM_{_V=@3NuZ@q@Po=twiVp-IGGcD0K6$cd z$f<>=VWecxGjMx*8)0jFI=7f`0=)=Nb%@3N&h6W``-?onlYD7bdD|J;#xyeCf!7%4 zwOA%c|K2Dyv9yG*tGm~>GjZBERKaoVQ7Y_T=r$qpOs|21Q054{yYPsAbU8CXf;)Xq z8miZ>*~hoD3~FyLX`5vvXza3zN7OiD+vbRFEWOD~66r69nUu8xQH2p3I&BL7*5`_` zqsbtT4yzx@TJk;tf8p}dyW;^{WA zshZJ8X211tZfsfh#E12{-I+gNZMTrgIweD{@oo9ufUDweI6hl0Aq2i=jzg8eUeRCT zkPI-HM6l6`FKvOeFZJEKiy-SiS5=A1`jKxyG(v%13hBs-2U6@j9;(?I762{_&6Uv$ zT^X(J9mhmmt_sLHURrMmUBzE#@E{hnj|b%b*fDUfqB&W)V=rasNg?O#^MlS+Z@u45 zKrsmzdRm#jip;y0s=wdQPZfr+=~n-_Iz=QGf4(m& zE^Y(C5GmtF@tNQtCeDJ_Ub{_Ss0|y*?jL1PXdcv?XM}|dPNTiS+{t9E-8={r+3wDAzBGjI_ZiqS|t zMMnD8ZuQ*?ux^2_0t?3)96WGf=J|=+YEX&R#vA8RNBm64#a5=qcCoZ$Gx*KbY3|FH z|7?loBab9+Ra910p=oPY3$F{L9*ri;?P|e}2miLdy{ZYlKolf*db+0`hN0fIL%4@c z1L;$XA<3wIjLNL^DRo^qkEB69TL9+bv7hZiwH2e=0pvSWFK4EvroJJ=8UcPi17I+T zipBd86H@;E`_~~q`i|_Uh}e>n=-c1F?gxCLG2&OF2CG^d$Y@`~l{BP)?zijBapejG zRUNQL2Ou{BFGb{ol7D)A&Ul6Oh-8QYjB!OdZf0wV5t|2+(`7hmtg$`B1sFP3Lym_Ogp%J!C*=(xMc(t*( zQ@efk)p?-=(gv+KZgtcj>AnNQ2T)NPA=2c#a7Gnt-Ks6HGXd?Sw^T!~M#f{ZCEA82 zl?AIzwdvY5+W3hrX&bEx@96Y}0k+8GGk52pl8*0^Lt|dTWX&9(XD3l+`NWji44rE+^Oot$yh1(+eFanFBQITH3C=y1ddW zeL^xF=Csx3%4ERbf2)0Ydjnb3R~meE(tDphe;!0E0wqP&E^Y3}ufHPEER*i+8H?V2 zxc&R?^W#jnE<#==2|CFJw-F%790U^H@T!X=wyH*VLCb6Oq!XX%4pc_^)|1M8`dF2% z(ac$Di+pj@t!RDMt_RHDw~tR|CaD=W=po;laWY5_KF6RU`9;0X9}wM!x~u`8LO`! zo+>Dau_0`T+ma9RSmQ*UwR2ABN4o9MVC<2#2n^RBj#0?4!({T@&Tk}r7}?!l#&}A+ zsFVq3!suOb2h#h(*A=-271|*ZD}Tes6q(Iw`|PZfHH6B2nQuPIjuUanL~`Ge{2>Vg ztae@(Fc%2XgagjRpky(l;rXdxW92`KVoXkgQ1PuNqWhliIG)bQ%`i@Iql3-di&#r?YiUV}5fIX*uPAqQWhg>)yW;2Phh)Pz952nMb}7TPY-z>`SkW%X(_B_2-oDZhHp%otTB!{b@!Ot^m+bkRCK>8iSr9j^FeZ zNR+P2$4U8B5BqNM)YsQHkw_?n5(WSVSvSG5^K!R-i|a*UZ4k&=cc#7sh{*%cf8k5M zG*Q*VI6r^GzfHIFaY_`g9wO613P*eQ?rm-%3NQ-j?nB$#+lzUwWoyTmuZeIwu=4V; zsN4-h2rqa<20TV$08*eP)YRD6=#Ege)05n5(%(-sfByW|&&O{QsK}-eMVBe1Fb{?> z=AKMn2eSvYquWz zRW9yaD7H%R?y3W4lA~8>4gp#d6hgbpAtmcWZZfZ}8TC~Ws?2jLHVa{BAVzS*r~eT5oepi9iVX+=6Cm;zeOpKTQ{x;1K({1&Nj~yNPZzDH? zOas1}ZH+Y9pso|6QZa!#aZq-s+U=i{H9BhDb6?2EXB~>JT>Si9Hg-}^xZ$?F=|V;Tr8Oz2}> zBblwkvX?W?@2<%%=no$)CY6l0`+!z#`!nAa+ChCf667Z~-Lq7CQXDJ56cB;O7spIhEZ$%5I-f*7de0N<9M^#q>&M+AL8b4))9XwE9==-Kn>RV( z;!E4*zGbev!KPDcJ>=WCaO8+J6cNtk8Pp6*T=>B7Vih5LvkeczgH@F}D|I+F+2kFx z^`B(aRpq0Vs73E?-gT=nU$O6MONp*95m+7jU@`>&8x=21hUT7{@xrz@iQrB}-lX`* zkrlhKXC59=F{7Kty>Dho7tM81GwR2LA+)|c@~h>$4Y{rUDhp8V>K z;7p9{F`_=kW9V_y=Jx8-bN<3DdA`nN?pu8kk|mSe@ilxeW!bWFR4UY`np_iym~m2! zs{E?IV0s!^{a}IVU%Pli4OXE((5mHbgSVXde_YNJ>p3Ub_!&--{$c}M$D?1Q=Hygx zmPbEbWZ1pd@W2O#XFu+J&tuUT5kCaCAd((#zfBpw>a{Rf@2&Me-e-?mTj+l|bp`HJ zV|pw6r_1%9-`Vr-$lL$%OYA?b#6N#!59Z8kLT#m^jZGGjU=(NkGgePpz5qN}uMLr+K!@ciy=W$W(SLqo__~!}H2xmJ zpT0ydvZ2~T)vC|)+&@42TF_f%AVP2;tFZd4y!PnjkW)JT&rftNJ1e!D&k(OD$N&EO zKM(c;gGKjL8>zVQ=EI)`z0y;$rcT2D?Gf(L5UsUmN7V=>$H`^)h zbptDN&8HLo`LsJ`7yt8uPI!UGfg<((l(y!U`!|U<*_U?oSdQU@RI78{Jv?S-vyyuL zK3UsV_|Hq9)SUUxg$DC-skil!G+&nKO*IK0`E7MltF}#|OpC{W&|`zIPAwVn>~=r- z=4U5?fZu;EuMd+msi#Oz;UP^Gj?goae1mw?UC0(c-<=Oz0eY@q*>tg7akXYsR@1~? z9r@41dp)wCu%J!mpP_w%J@sEMfoHB~?_@eVW@Ej!weaY!Bx`SFqnnYtfW1>Y$qM9`W2&E*bI+{N?Bj9^gK1(C#1O{GIj3m-6v7pI+LM zGyZOp{QhCTtYPaZ5pmEW4sA}w7`15gtbeXO(bUqdIKFreo0O7*@CrZ?z5Y2t4L|0Z znlQq7o1-HNcWZ~cMwgN`hA!BnYTq+X8sl>)E~Q3yrA>5vr$m{J*K)OD9E^K#Qgn&b z4i?FtG%q(cH8bIdb&n5<*kRm;6Z4XFayyb6gDFv+X%VrZX6*3<%i%wlcBZBD37&*q z30EzVW9J{Wx`6^JE0~#-E`OSbHhKt5H*^<}7Jvv^W1Q7n4e7{oh_xMZZY(5dIOnG6 zH}7=kwDXF5cN}PxIXuCJ%KLI-<`VFzY=?iYa*~dWsfk}?fc?M25SH#oj7dS#9|1PS zk~b`7>{#Ueg%T3impPLyNfZ(k-pFq+JrCMk-==_&Rs<0p6^?9$XybQL=g!5}P5d)2 zaF2WQ@xQUqx(h!Nj#SUFG3yE5JtyZz`FtYW&$$J^tNhC^5U&$s=50Qy8qWrA_`{l1kP(H~O?mU?XpZ|I&)DR4dw{>O$Q}3l zjq!X7)6Qx(0N@E@umIT2GmfzGDbCBr>|d`c*g zRoPA{cI9+uy`g*kNKp*DHntyVHnjd{6UV#cJaj@^lhnawCFuC+02_-1-&Ah_O0jB# z!tJ@0Cn5y@2#|50mDtqO**8(xF!G-Z=VegQTD5(g_pH$u$2Lmj8vmlQI)5~zQQAs|dtaaCRI>R8_Uz$h zjTXD&1~|29vv+{wp;J^+2OzV(L1lBiZS<)N%08nqZ3#k(v$M0ALjS~;uh!Zr_k@VQ zkTHFdCKO_Qc%-j8*26XOR;arMU_1c*T3xXMNVc?U&eK{C3G0pL@xmmik_Cu0-;uXcj}?W^2{%L_Z|akL~7t@pB~G<5lkog2nR-} z$_p3F>!p`-s5j066)<35h4S@Xe^XOcS=m$NrNaTTklAhv7uwo6a2fC|e|vsbfsH-qqbWu#rpOK~mlOY_dmz`v3RXLqjfPIM#@1uy!=RD2tqv%+=$I z4h_vIDiRd>^_$345EFkvT}Sf9zk7VCr`A<kL>AzyGhHdFebTOekp~Qrec5*&b)r^3>fN%TgDA!nJJcx=VYt+=?{s^xcyC zi^vd}?Ygy4f;jp5D?JK9Fk+Kr_qZs5z*j?4ICO%g2b@-|g}h}DR=9y-fdYXD5%U(L z$w+Yk_+3HkwX3W1)=gdSK}R=T;PAB-4TmS&cx0;5v!Fb_z92FZXOVKmNFL3o!${$U z$Mb|TgA59O4Uu@- z@E$*8ghL~3s!Gof{`7D`F#w5NaTYqioxY-?rlj;n+3*pF%xUwh#2%eYZFlh^1& zmARoFZ;2~LEWv@HjMJ!d6^mIc#GWU_M#r}-FwOpSo*|w{pfq9l$h$jR>$_WYe#WX? zE%Gg;40g;q+-7%{D*2em;Jen=>)?VzTuvZkU3pBs!HB;(;zN}J+Ws!|jOqdcmR+7G zvGb#Oq%XJRQq$7V6CDqlRG6_xgA?L4 zGnKSKO^1f-h-H*xC^ekJu|wHN8EsA005K^ro*4DC-ST4mWjlNDJWaK2>4)5=Wj}lN z3~{j`W*+dG7#bOBRjAmlUiOQ%qQ_)1gV>4HfnFr!3`_SW$*~o|FJ}wdTD5CDh>`PD%~%A=har~ zWN5#jg%%x|9||uf+Z+8@5Q~-uFEEZ}iEO}4dBS2P;T@#pUj_udRtKMf3j3Aj?v@tA z?Er9$b>D*5#36XLmGk@TF&h&H~-NLK_y6s9^k+0f9at&le$ zB)a6h(2+2ZY8^MsmAD8mbSGAniz)NarySo*VVwRV^I$&=DDY{M>_I z$iC-3+pCZps=F;9grD=T4-9f<2Vp-*AFO$`tuU))9)xmuMj;^~p6is1gaktwS$oi% zMvJ*E+VX0fadk}r{jLWx1u_Tc+4Km3j4HY4eZgB{`z?av>_s?j)vR(lz+# z%!mm{QAtq0Z~<@XZ05)3P+-bL0s-%>6uXv2ngtcUE&OAv0<|-9}gbjke8H}W-yUxO+}aGn=W;N`jFwmg|wz{ zBJ~lX?YD+jlKll}ED{QA2a2q^g&vF@@L8T@wC;HK6bvDP&J9X3P;6Svaz0o7Lh8s93Yl>OyWPi@cD<0!b0n3(uOUw7q7rsdxiJO;KKc&1yw zL%9{cqpC)fh1JQoVEZ+)XV=STywYF<^3+ zSoZfNpn<8VT;glFDH)jjdnt@?i{uD4 zzJ>53;_5uF-k~*vI`sA7!$5j^%KvD>r(F5Yt7H*rq;gX8Z}@oeLi0#*)ycZO@ThRH z0_M#SU=S*8o8B(+&^h>T5G+`Phan>7a^H0%UifU1bQ;!2VcsG&y&(z8RO(7b-BvE4 zsyfecrwsUps-4~e;nlr+?yRHB8ZLqPu7{w=2u32yopQ7oni7E&hY^*MlUaRJOPr4O z(W-)R;^a{D^@S2snTMOfgEe8K>EfgHu3tawmAQ8>+h}V8QImjx+}>6WOys_XmAXR} z=xFx%t&iQi{L0XoMaz5neJ&ChHuJdZyjA;Y)lb*G;2b6C5Q**g#-6hoH%I89VE6*9 zRS?l~XN!?Uoa|K*^{kFW4_O#Bf@x?{17D(G!}_S4(@47lg(_nTJnMspXUAjsy(*uD z;Y6SJx371rHmBl+yO~kO@m8bvc^f0U&KlZJ-#0hU1g+r2;wa)>n(F(d<=ea7>d{$aVYMggQw7P^wSc<>C>j($r0;SSx)Vmawz{FA&`e|RfZH?;1N&;92jT7 zv4H}|mU1jV^hl@lFiuSCs3I)}K{1&!*#R;oWL=3nB*= zM3j^vY&83|Tepy-bE<$9Dw@(6SiglaomPSE9II#DE*EA7ay<_(RJL+6;iRImx47G(^%XA`-Rxy*K)_Vstn>{O%-4 zznRARK=j7E-mwd}4Z&$%P*ytewajW`pd5V!MApciUD`gxEahtmyE|g2fO+#h03#Ru zX;R;fN8}d7c>=T+faRuuNc5n8j`|dM_}6iUkg zb{Hfz#r-l=v91PYs3M<6SHze!9TpB(mcG0Hm;3ePJDORyp_xKI^ia?q4g3UqBeoyb znW*aVx^Tb}7)U`H5!^SR@ge0nbEYZjIj$5;MKVg`=f6AaQ8`*@3%a4Y)ofHe2p@#p77Y=j z?B?bsqN2<*sWCoyaB~F|6YF+(vJlxYZN!(Zj6@*NauMvvDgb4R^i-=n(Lyts@kKmN z@!%drZ2lFE!Rp{Bv};EF0&27Is$B`Edmy+#dJp0Z9I8+iu1ngsN=mP($%0m4Ngh+@ zM9JAH02XJd$1a?K0j-guy7{y2elVGHvdLl+9civuEPQY1un-u`>sW=--ui3GvH}%b z#suCpO>NmI6X7{WEj_zT!itk9F1`4xlek>9Nzwg74^2^c zd!x4R)SC50@ufeQt@L!AglHSHh~Nk@3c}JuOqxmF6nXG=HDp$@fr^OqepJX41WcqV zFEn;TM+Z7&{r;%%RGh$+NeOsv^ZI`6OXs~PrjE50XL&ZYP2Z4>Ujl;C)FSyEM%Qq8W~?^cagi*eF17E-AI{A-VmT4N*`dqIM9O zT6YAAM7ei;JelF+hqOWgnpX#&L0CFG4MbK4&73Ute~^Y+t$&BIk-!9m97(#G$%9zM zPn|x6ERDT8fu3J2yQlO?R4Viz2?n|Y^O~sA^KG6Py-w`hWlF*1{p#sh~>U$KO4EofvOfBSmF4yyPg z+tdrlscGY^Ob&wrEg*mpA|E&}3H28h6`VQIR|kH8k2dy}NBVInv$7KGNzGR^^$=y7 z`|^qN^snw!8?-sG@CbHDx${68Obxz}1>l1MW z#Ev(z8=0)+j}2j)Ht-<(oPGK7p#Ha^eM8W(#<6M=nzWp~WL9#*oT1D?Td$01sm)gv zAf^V$k$dvIMC3IriE5-AqXGL*@oCN00(p^3j@Ao`1D&oik|K@PHW?6~;D)&t7Ht2b_RT=lzzxC+l_ z^b^ovRuKe$JS2YyZO05T)Kt9eM4 z53Ut!=p!4(uFA(3@8o}+RoHhP(M7|Y0o$r|zhLR7#yzMs(A~)eGigIsx(vOvBFbWn z?7-0g?h*>*(2m>2J_|yKmI>NiJl(rdVa+o)c)bNK20b3MAH6Xs+U7aUT;I^35rWf@ z^jv$JoSfXAAez=@P<%h^GVJsq>WmX|Fqc5THy_eRV%x&N2txEz<~&vr?g1_+Qgo@m zmkdxx5fR7%J#_}WK4s3+&3I!;=o`~g5{0)4RESOt&j6yqqtxria<{OxeREkm_eQ3i zeTWu>6K@-mMn&;-a_eI)y%7_L`+L+F%3Wtu!PD_$=s+XGZnYJ>fG|Z6F%aVhk3liu zw);pl?s6tVXWez=xw$|Ra&sDmV!8-IspaKm5F3K;|2cA;0gw~-0a(3-1Uborb`Ft` zLWiv`FbYmUM_rJr1CTX0MjZyeJ7Cb*rSLL5aZc4_INU89jCwZ^rab!$q8-OVyOP92 zyTPo1_g3K`@6Hn=*l-tFsH@)k2iM2)yU0bLO$u^Hf*DZ5J6OVY8#FrwlUaBCuZ%uk_k5-foM4q z`^fwemlU5W;#XnOTifc{-UZ02xkK|sytt6RGmleUvs9QTp)t%z96@Pmk6}zfdr5#H z6}B{loCqVWM}fv^a7coS;PW0?jbQ0T636sE(er9O17?lK6C;w79YjXk)XfO7(1c*} z9Z%^R;&kiLRGqE%S`t`f9`PK=lTFRw&|$lIQzJiLM&2N-$b!fMK)bod*T*z24Z6)B zYR>Vcf@&(4Q&PVsLXt#fo1e^o_;Rsy^*EB)0^HVvRi&-WYJ%AHKv}ZX>e)Dx*R(?W zDzy}^qlrQE^U`$cTZ9J!XS3iVI8pH1$3u)HNgJp@L4&4i5I)e9L3yNe56~RK_Ji5( zhmv-S%&o3MUVz`ba|p2&Gm=mfpx4UOG4@69J&Dz8V`jjihO{y%6&u)x!fLBOj|@w= z9(^7c>3a0>C_wS`+Oc}XTM11%08OY*eS6VseJ1%cG$YEbTlQKfkmonJEZc_5^z=j2 z!Ha`HdR`F`H=ges25J16EJlg6wOMY6jzYFy)WG+r0W{_n)!56>Mkd*FVNnC`g--qFzn zQ2;8}(8gvBYyUE8H9NZ%2rNNj3!=DWx1veWa|Y~dlp%`gZ?n)og*JgWf|)Q323!vn84cw);m#^(%m~UC1{L@JMcrG6Rke2S!WiIIN-=0K=oF9^ zQBhKmM!LIOS`0!;kdPLT?(UL~MRz0J(hc93?!ABKJ@5JNyUzE=x2|god$HDBYtH#R zBkpmJd*sgxM=BDnsNjseU)JuO7e|CEKz!>FWB|~Ea+aj#b{tvyCWL0iX+vxKQJOMI zk~CgF$gs#Eja=fFtT~o4wze@rR4KmXfD1{EfRcI*$1Dx<9gb{lV$PwAYzE+(55(~A zEp|7N^?rZGX$TQFG}$RspS|?P!~di81}$Gkggw%*DCJ?97MWxo46VT?`#eU5#HF9G z3FD#Aq#~;j2vMv&^pzGso`?|J9f4sXmu}Z$8AX{o%|1w=J?HW9V+w?SU|IVS5gyGM z4^du>u&?XmPK%(NRvb7>De{T#(b;6Cvi+%3~kHMwc6Gvz=s?& z3vdCHeRoY~@95xQ@to|4AJN%D)X>fVFecv48gR6sl?^N7)u=&ZH=aN;5gzBEBF>tR zA1?#pG~GCi35jk2;RV!`9dt)_S4I^;045|mI~(bBov#2oC!$s|)97ad*HAoKDNn~6 zOa>}aE^Py!v8VRZ6$DS@gFJ6}eAJaQ8Sz(;wMTFon|)mz%QEE!2e`Pi)QcowP5xwZ z5TYS&cZX!K#84aBm6S5E2hzm;Ne3&PcBLU-KzdmKC5bdHg1$r~F71lpL+ZOw9#|PQ zuj+4(G#}XRa$tyv(y#qJAojNVOtDIM zLG5cad8E*pU1#wj=uND=$D3eiHU1MkSr!(d_s@|yK>EaPJkJ0IfuI+OzJXX16>SWt ziK-_~Lpp>FYa>O4hZ07^_g{eXIoe)~4f;|4@p5X3{UaZb!AAv$zKOK|+g1T)PY+_Y z?ACY~)vHtxT!yXl@dIE61K}4@5u{hhl!Z_6z#&ee6bm%~36dkETdI?v83Y^RnaoKy zPx?}?;o=UKZ&V}zSfUEk!pTH$c9ar^n`_9N&eGwvRD_e2muM`#0rb_WT*QOwGx{dFawL*v-~qe zQiae^V^&cW!}%J>yO4o=U&$_)fMy7C1mYSgG&NR}4TALjfeYxx9vO6yAU_d7FVI^{ zf(rbADtUkwAJg&a@{vLc$z;WCCfR;8N`svcCA2K8P&n5)4!E z94R!;h9cbQ;XLsTTcI#PClFVyJddWOiulY|6sHeF2~If_^`0BAni3M z_R;gR{b*>)?T4@ukzqVqOo(5J0bq7{y}YRzz*$<_maV-lI@^hEZ6VUnmwr$r)6nxO z1A>Lr84z$5|JDQHHem%=f=F}HIaC4QjC%oVnq4v^zH9qv0*HNCD*co=+^|rfi9iKh z(-Ab4o45v?PM)8}`jZ^W0P+VDTNJ_($c7tFKmmQGlijEf_?1E5ed!3A4 ze?hc#_cUx6Y8xCTLp0#C`3|N&G`gw+G7Xsns=+cmm1!;b!9wJNL6gryoJaxNiF7su{Q$fd++;c!AEn=G7a0%i++hqN6?Jla zr(7sRanPkK-|ApwmkNR0mT9HowqQg3YFI!(F+yGkBM6;K`A5Inn0H#~vxS3@LXr#D zfOvF5|2!N&tK@Ey_ZXq-gN_%%Oo{4zC$x^D!}OoTC3i9tQ6aRTCXA- zv{Ma=Y~$q#h`c96$gTaTewF$h_)IA1v_fZ5BuCh|c-Gt%X;4*qu2dwO9?A&K=rAq? zwpo02uYW1L+D1;H^2-?lCGEpqAAO9oqDel$*iC%V;nw5z^Lh{16K07?DYS z9o_TJ{n8xtOM)U9P^~68^6t^E5XcJQj=9A`CBq~p0}@|8i*uJWP((bhIIl7)DM^w1 z1f{<0iQ~>=q@!n*Nr4o}!I7Rbz*prU5=LOX(<@k@@L@B%c;oNQKLS!_{nc)6{m}Lf za$W85Cd(BtmfpaQi- z^cM(rJ#a|V;siW_7_QH#R`G^Szk|VA4FXNIx6|mR!+CNO6KX^@z2XqYek~3t_9q33 zpprZ|OHfVZ+Z)n8vPES>gM=i|$@f z%40}duQjAlbgp^7d^)Rv1eJ`WVQ`0xRt6Y(KuO@xlynQavsM7nhQ@{>N1KiHu7Dt@ zp9~_rktw6DB2!*~@e%DSN=Kz)EJJBP1`CZxB}7E@5u_Bk3Q(TxcfXVyvD?8ra=Wm+ z&jIieD;k^}XuUhlyZ;=5!{x4N40Lvrlmg$+xaA07hl=GyTJ;cVQKOo77e)#!6F>{H z%t2Es@GUtI0xIP8xn|#;ozAVS81K7kz*XWfV<_7n0=LZFZ$ZZ{;hM{0BlqxZ6}qV! z{UV3P!c4{ryyso`vfGb?3<;NX&+Kd-g>E#TrX$tsjm}e5$RZy;u}}7ohO{!Pf&b)t z1IX#YB8I_nl7m^QgLL{tkGDrdB?tD^o@+f%j7ruEqr;g2de_s0jf%KB z598sUcv3GPgtVAu9$R%ZA8C%raYX3PFwaj<$Gv_Mp8l@pDdgfU&?17Ao;b`WbeOKm z()X#VWThYlpfkHK6CI~zjsD@t)r4pO-qxS2u8s)A7!B-nBd*TvbVYq$3oY$0zBIWT=H|?x zp7RV`5@L&>I70bP`^n#jLpynCG?11GbkEk_UIEPW;x82JQ+W5KGVwk!UsC{h0C9bO zx|pK{&`oL)PIr`(Hv#}CZGN}B>bbo zA^cy@$kP5Ftqh-Eu>bq|KR=&_+?Rq(`9B_#iT`~VE)xg|kW?FJ2c|J{bpL%&oMA+O zdTk^TRKdYjsUlmx)Jyfh?{;elur-kiKc05m~89>(~uMvix^rXvL{k6Q#CwnhHEE*8VqcIl~& z+W5`cgO|56+9XgMb+=9yiAs+!BJ?kWWa&j}8lCmYJ7CzdcK+0@VN3ZM!B>_vHq&GY z)Zl(aP;rA}iu}WGYgNL1*8?`~=bz8WPJ2<ogL9V+jwpfpR^ACPs1^71Y4We^|eInvyZ}d2&=zh=d zXL;#744xe{et*&2wevAFz696d@fO!ttu=Hp&ZA=0=bc3m5dlPc511Sry=_WG6$F*+ zE4!~EImW5X$Zy}4`{ly8FUY8iOqhYnPhv+g{&_6CMN3Po)g?PGxHxmKNPDDUiDMNtzDr&}9et;$4%gc)X3sxA@idP! zJ08xaHFE=v$qn$a0f_xYU9ia>4^?>iiHgY{rxO*!1qeIXyrj~Bhlke(^ndV)KpGQ) z%Ijxe-$(epkV&^OUXm?THY-I6+4C(C(7uIaRZ#Pg1qpAgs0Yj(m?3D@_xrb$m28RDxl1(iAD&x8#=CpHq!RM!P1$UnLG~8ra}*6B!WwmRoexsJ zUbF5Ac42LN4BX-1X+(Ax)MlO>bRGx&0GLdvXq6h;$2v;%c|i0YqzsHeo(hWc#!4SD zr4ocv)%f^pf}n84axwnPvglPKXVw+v&wcCscuup zLCn5V$4xF8#9=b_9et7!$r}RO5gZD5kHc@8fGcaW*mVzxlC|FkYWSamv1^>XJ=a`> zNa4x6=F@FIx7^f1F7-3N_r8V$kjkV1IE}Ea^iWZhx7|XK@~er(Hz~7|gU!Zcqki;KAA_bR+%w<+;n*mL(d5k{U_I^2~p##ui{ATBX-fIkYLQr30 zpwdu@TCFpZe==#|mDm-n(7b_dhL!w|IaX$78Qj?Un8)-oiBxIbuquGNM-9Z$!2>4{ z>Oy!Un=|m`5ELJ(OJq)~Ea(___@W_==Mw2DGJT0p`&14S_6Dz6wLtaBmJd{tP39Gu z-gB4_>%1BTO?h}?R=v7PPGo5@R><`1Ps@f%RD`L=FxG}*peFGpbJy$_ouWaq>8H`H zBA@BISNv@Qlw+Pn_pNrbZ(%L#v}X_NeT(2P?AMEMpb-(neHpsO9#;H&g*|Sp6EVH0 z*b$@P)WKsz>l>*D)=I6H`O5@t%bpnYVt$#+?^`4o2`_Ka<>}9 zqR|S8l}^oJjO|>rtr}MC^Kbi!m8Tkd!(lPlyd!((oK8+T|p`DA1*GmSD ziwtM^jM-kMzJ9J2O5&_Np$IO!quX71A(OC7{)}-B#YtKdiFoXS=g&3bE6`{q$J$TU>|!IbgXc&6PW?!rKD_bf^8=?k&`ktUzV&k zv$Ek81?6t5Eav5h*2>=|2TussNcF8r?YWGlhL8g1*TG*8czw70tbSwezQ-qfT*~I#%ul ztUC#c;Micf5X3olm&0z7fBZRc?X>7?vP4L@m!4kLu=)hc*B`msjVU0u98$*Le$44C zRRT^$RJ<>rLa`@ur2ifOESOcw-+`YMI^6dC6L)D+h1z9OO||6G1rf{@tN9m1!y?~P zeN8W={Y>djm|dSY+tGr$NCJ|^z2CTlI2YlQJ%En^D7Trc+$ZGI2<^8V>bfVeJG>A( zye8MXMO?cTS-W)%)%~V#9N+`MY%IfCMABkNxi2Xd(5TePSEkB`ii*po8_aN^9!=Qm zVl9cxV4#I;^be}Rw4u+an^JdRdyA@^G~3)8yqn{W06W$!O%5(~HC+k`Q?ili%P=e6Oq0rgRw`h}Q{Eq}@O53(M^Q6Iw|7Q-t`*>r; z#=_3N^ypxeLjNs>Z4Z0G!s2Y}ps#J|!J{uuHM@g9BC&lPNs5SVe)DDaZM@LG`(%7 z)?5+*0}nYEsBxl`94aPG~C{^!z?C! zwVscMtGwL5y<7mDI~BI^kBk{!Q;&DMEgJUr)2k)3AI z8B`)wrh?0T5pHyF*=cPzq`|qQwR{kRQ|ZyGKE!oy&{M2dyJ@mK8pte|VwdbRJG*R} z@9Jb*A9!k9IR+OfB-Zh{IJr_P59vlX{I8#(>uGZ6k*hzGecWz+yUIRp$9h(KJ&koP zp0g6J)UP0Yzx_^8FX<^SdlNiVdlSWG@^)@g-ozk;9nZ9@x|a&iIYLq5ys6(u7g~oi zlT=(T-G1oo(M|P++3DUcv+YJtywy^2@IkLm!<|9;+p+negw0jD#jeWc=x;ejjO8#o z&qie$@jyiMU|NLo?2)3wQnJnBjJqHoosUE8n#!TUR#G*mi%6+{F67~7ShG}YT6z8i(;_jiz6ynFsBUmSY_4&0Z;iJ-Uvv)kb-Z$b znU$?=zK9VURKxOndV32UX7scRf?@j(2XhBnJO_84NcB|F%udJT z%=70C!f)PrX>O#DsmP{p*fx-e-by5S9* zUk3e8>^thaPYSpbgmf-DAdkqTaEFLfMct6U3DfY|XW@s@&5Y zPX9b1-f5MrfKO=z+mLn79qgCjegASdvC=*hjqPxmJqC^esV`sC@<*#V@XAQW1-Eli zPY4snew0{wTA>~jrRFO?VL$8OAxeEeW>fmj@k!d>L4H9hd9r+^t~C}bj(JdeKy}o( z(Va|cUR9>5K{)rH^HdGPudK82<1;?efc*(pR%ny{@>NrYoHam@&Y{W8bg!HO&RfSi z!>F)Y<}j5S&S%?OWnP!D>2PPnjd-O~TtpJKs@%6oGX{N4RiW9bGsbptPXFw=1N>Q? z;BR`-v-WXq;rrj@$x=l z28I~^+820FIP!8UU7c5zs#h~*Z} zx~gop^NHVO)!|`g|GeVYI!2xuieYWyB3)o7n5429RD7J89~JWv3ULr3dlvI)e=b({ z8#z9ePuMuURf{f(dppR;u3aqb%9Pne$Oj`%_FE_&mqEVM*D|1H;&k{kovCsrujppB zdi9G=JwRNgf$UGeb10~YoxBHX&IWmgDKgf1Pvs&Zi4+VVOH?hlC*Cj=d6Q3exSC5% zrtkrS^6Q#x)S|`{!4jS~9vDof!4=S$1Y{%0SeLVKscHs+GbP+YWhsBE)%wOpqt$QQ zm7Izm`Gph%1c6E8#g>G`F>q@jwQ965wr$`W;d72k{mN7<~2WRmbI)DLEX#(+hG}4n-nF&L9mAC znk9-4E9fN7nnk@>@!W#!UFfMf$sf3P@Rk&_-i!}+c+@l0!86`CiWQ0faP~x?@b<8v zLb@hyB!6M*iw(=f%>p8vZr0#9cCny1%F>RA-QOOzWqzDV3;Kzv52;a$;vI!*Y|-Oq zg;p6swi!KJYh7A z{Wf|pM4EqF8gEv%!W^aIoE_*BPz{k!>wKk)(hg^9ux$mJY&3+T!32T@dAL1p0GPr+#9Q&i@;%@v4I@Odx3nM`A%kdNxweEFQBuo5)IN9T}jNp(1Xv0Dq7Y zd_ygRywUA2By9J{I9pw|QyO0zhPELquE0R51a-O&38y3c`8EN80R?T!K~)L&g`cdK zP2~F7Wz9o>@m2ohd#P0Z&eH<{`cP-L)K);*L+WsnO>kyo418`q6ux3;&&f8U5527Nx%NY@&$@q;L! zDh(Qf_21l}IBYci^OImWl$cWyny>D=w60=va?lk;O6P)31VB0k8B-V^VE|q>(awDh z5;e%zN}3Vvj(2p@l8=KYA;3tR-+gdfTJXNo@NcK>j{^qc64ZM=`yKndtM>7R5WEnwK)w=O@-$X8;z9cv8?qu=jgv zb)BQKDTE3TGaJ+*cVkyVXdG5%zmZ$ARnRXJN0U4X^%kSIb@`DCMBA7dj$f^}jcGv% zRF~9G7PgfG`w|lXL>%6Jy8ZoQ!IvA{h6dlpe#kFZk=&38d;j2gKiej5_s9K=n;O~x zF?G`?P)@fw(uk~R^3m4~qpZcE#0GXLr#-1{bKbrk|03c>aMd_O^_)Q7R^O!sSyrK8FBMQmmx0xmA6^X-ugIb#;OUw8k_-tKCteB=b#!E^@`4L9 z_g+DdWwrT`#?BpWJ?h(fU5P^=Nk0C-T3Ci-003@+%H(~)_Q;`u{Hfw#nJj?(SCV?O=6QPXC zMqp;`m}eP8ss|JY^>kGi|H#9DuzCRv^Nq~M6Sb8gUvDYgcTX#T6;*lkR>k_m<1EAU zoda9Ji(i}AIa55!i*sK+lSs4bg*(xzxD7!L{F(-_jRWmf4gqJSHy(Wj>nzO`Sr8nh zN%ihwWEzj_Q4Y@4JoIv)ZJJwMSJg7$gT%(+a*-UEZfzyS7R5vtJ>xmk1j-BRtMjF| ziL5&FGUs8jhJ>o<6Snp`HuJNIb?Qu@9BDb%bfjEpT**1B=j~Rcb^GOFLpcfSK8I34 zvNpc|8)rT9XVjxP{o4(FD$XZjB>MQ1PZN@}dbsl3&P73EuU$0#crG{i^}%Mi^w$hg zUMj08mo}w=2ufPU&EytJkID?+BLyX5-Oi<50GnpqgQ7KgNTo)efc(z6Gq2a|cXYVpm=zvRM8C>~?rY+4m?`e-zt5w5%U&JJ8Fthx~j$8cWC za1K+)RKBQ?MzuU;MUvrx&v{s>dh7RqM|o;AIQj;JSV2^L_qPBpuZj?&Tn&o}&-)5+ zkg_aJ>qDAYMJE;`g=qOsPjdFDC8$Qk>kBBjW%wz!M}_IDd}n_M_2pqBB9Zt^ zGu7d4xK1A@>?`D#LaJku;cB-;%uH&%z2&NWW$}LU1Fi6@V)L3*YimMIP4&{8txl7$ ztF1CeU)g4Qe7D`jmOZ_|ES$96y83)2wo==K&|~N*D&)t}CABZcn_cy~YxLW$bUu|X z@zNvrs1?j3?RwQB%~3%HCaU|oN9!~zZ&TmLqL=hAo;#GHXkmZc0^g zNC|n~LB5p4yE}k@yJz0q2WDhJ6Ph@A$6=RVS>Z;tIt?%%w4=dZ+rqjrP~UknLuC)E z8uU>ISe>|zC(rK~!7^@~40y7YqSNox1~}9$!cx_nR3jVrh5}8YMK=qzwYLualrISC z{tQTgh?w1G@w)aX()kIJdkOly+o#xV3&j#Uc@lS07zS1futv+K%Fz=CQX!(JT(1L| zU$iasROjoEUTJd2DWM4s871@Ghh0>bjXg<^0i_a*F6ujmiMp(v+dZ-rn#uYGDcvz6 zypzyg8wWl-GVrv0fmTx08CWrq_rm$c_?SxaGxLz5F7#y$$h>}%2vn^<)sKo&9abv{ zHGob%LXoAM6kd%FLJX!R#oSBcK_CXoYdT&g2O^9?KOh4}euqKct{cX35h?OYGkS+T zvMWRT#X{^&ZQ-M;xy zr|db^X&iWJfH>?)PtBaAI&}=GZ`mv;G*&>k+0zn|O(@VC4oRxCri7ArjD3{Yl4aZd z6@wpJJ+Fr;1l}ZtJ5{toL<%65R3?r+@#x&3evrR2%TKDSOb`f!gj`Pqe=iGly}pxF z@m8*i7Co*qC@X~kP!ri1d*i$u_0SWrES@7(DQU6oWDZ)L9&%(;^Hkb-NF^~O4|Ym# z`Ja!h3W-p9%+W*AKCnqs%1N^<*AY>GOtsX1nB$Uu3i-BfpolJcv7*+egsQgapZSKs#Dkq$%iAC^Q_>?B9_tjzb3Yk zbK1GDP*CNIcN||(rW8}LBO~hP{c!I!;J~6MhE}DO9*{OKE}oQ|>_zH+lUUJ3?J^p) zbMjQ~P13dVolh0=!MV(>Pgak7>bvQ5Rc^j)5>A`0U4nW0tuC3LY->zIBP#-Dl{ROa zwhr-9xw=ph?j~pK7Y@2Us@f1rTst3r<2Jq?FqE+mpW@50_ZJ@;xvA^>a}}&uiAbwoF^b>{T00 z@uzMJ3ZfI6lhUKk!>PyjzMg#n-%qe+>CluO54$`FNef};N13VN_hC4fJQS^v4wA$3=hN}R;`xTBTlEMjJ58W(1Sa=B?7(bu*l5nF0wD+v+rAzgK)`N-eF5e_%Y;IZxDyAI zqL6m=^^zGoZB^W{^LL@A1?>e?Q$1|BEzVHYLg4kr{T`2BaqOr`8Bo<=V)>Pzs~T$O zvigmMLl+rG&ZabbusI`^p$%b}(QsZO%Kn3H#4g91B*pB`5%cQPB$&}W{3@RdS`th7 z(z)3ysB*ftnz}UW3Qd;qM)7d+PSA1&xe%r%=nND>UjYaC5bOAT4vvBKt%3HoHw^Io zAY=J4sO~f_Jmw9O3*WzcGzLJ6R1PxUNK#VZf%h6HMN;C?AvTeBy=44=7p7($NNFhs z>;^pi&L9*J?dCXS0;NX|5d#=qfV36!*z%kQs{n}oItl1k6Arc20PgnS>OyoN!cV8TLsBGZdBYr>3yJ`o{H4 zyJ;+ebJDSH`rZR(!1#Rdq)Ya%K^wmHL33>5IgHhkNuXwTLSm_@4+~BeW<4c=;;ZSP zaf23|mGOdoD*MGB;>5djMO!}?)#WuhM#AQxno!HPGU1h5DrOLHyrx?hUo^7gUiIu* z)|1;_VXvK5D}L98zDtx+1(!@M9zVNPR$l)>KQyU{6&wxr<3Gx{3#=!l0dFG^8aP+w z)BJhZ&5rUmlH>VTIO*LoBLL!%92LK~F9|Li;P{z5acP880X3t1LjMjZt3#-gWj$Jz zL+iv2h;xfk^p8D-s|2j#G0zr+I8q=CShgX~2A@wAenkNb{Ct0fD+PS1q*d$Z}cLMvww6=|2g{qXY``~ODv`TH;1W_qqL|OU*4O< zr9Zhw!qHrjMmLR=fXP%JK=eMZD3=6#9$9Zt#FbO4t?UDbY8~kF{NDv(L1^`#e4_M` z#3AOr_a*L})zosedwnKsuYfob2(>MT0rieR)6%ZajpnlKTcIvGsciT&(qr{C4e9H< zd;nU|CA!KNLjI5n#og?0N9y6R)bK3wdEDjwk2;UUx;QSNwcZ4U762Z5V3ryxpYBKA zz=w3ta&^^h3eS?k>YTYWUL@z3ggC^NSK^Akz0^Q%^!$B%zyINU$#o!fB zP#bbwfvIH&^zTd1S{DY5f9eLlk|UK{;245L1qet~aIk;35QH%%YW=pOQZ7Tr8znNI_gC zDB5;Zd7$D9NGY@hLI$bZGcz+{6yAtU1Y-SMm4ZXYz9zU$s#gVkX7GBB4NY_9jBx(y z!+gaz*~JxWb~e#>;CWrMgw<7kr`YkIj>>IxoaSdItP3-(nyEMEiv)rY{&q?VP5Cw* z9UyrI%4jMvD$bYWXlR+|N+?nx#TS|%*JQGj`X8cOmIf5Nf)`&lz?s7xlL8`^NvnL~ zNc4t`3LsrmH)9J)3u?O(X_FZcI^>xmn#G?mdA>i z+w&#;mnSd={|27`Y?Tg@{T7*(FzGL|TAj_N2BBRLMdG?@8URcLy3F?YTMnWt4Xg-! zq%%PZ^_jwOSN4a+xQ$Pi*+e{_kQwwP2$18-La{ai-~JmV%Tg+JY!Hkg0ZH?ynr4kF?_jyp6cSMwrx4dQEIl4Ee73ZnMIrjL?^ zYIN=dv`&ei9qW|0K$k`U()ZoJ6&pqmWF(NE(aaa0*F~+6TkjKy^rUB38f93+Tp=Kg zX6E`2Z=mEM4Hl)S`jM1m2;><*E2vM&0s0fksvG_{jY~g68)|b%(M^=X@3czu!zNj6 z?Rn=!wUCh1{PC}IV&N;#lZoBOh?IrjJ#;FeeIe`>*`{SJxlTdz>_h&IgEC#cW^QlA zpAjyhi&1<`-^jmMYv@gtL=Brz`fCQKsE|CExmHGfnT1AS{OT7kZjP&*;yqt%sDB?n zIDIV3r#h~ReHG(v^}upsYL;u-5zJ#YOXJ@?q|mgqJAOjEG|nqpL_IOu_};Iq3dY>I zkDG;^{@4p_eHA$}RRsf9Q0ab&uisvVp~yiSEsK>t92c5*A$;(7@3*%7Ltao1gN%ev zN%fU|DU3rnie`SXU-l{YQm)}*-O!`i>AmyMLSEIeUZg1;FR550K?&%e2Tw@D`cs|i zS_=iY_$TPbJrr-5qBk)?*PJyyj17H|Puw6iTQ)ZSdf67q7+;Ua#D|_P*~7S_TY-kl zCtb|8+>S%Pq?8YSn2k9Rs~pS+SU<{s#QcEm63lCOA=Qm@>-L&tEQYhYiCsAct6LeGp3TYWDU3am~YIC^A5vXlHce? z!)tbPA+=CfY2Isv;}qENXUNn4BHesvUXJ5=DKYU_mp|17=HgPJot%VKqoK|6#d?;N z@svLPLLKu~1;1~pHgymA`vYtHjfEX2MuJun$>5Lx>qwf0FOVa2gah!aY@3ZM;N3tsNiNXzKlt2C=!87aH zij4zZf*@<*L0luZw2evOkC}V|v2Vpw_HpKZIpwT<94%_TLy)rZ+?4apWJg6|g z`YdUSlF9572Ghfn>RH$9{PxH(PE*M6304L2=7-Wxb#@$Ax?0fC_ES&G=G?tDlR8$W z{rN2=QZ`iAjM=u+41`A2mvgV5-r`+zYdy=ujwRhY_O?p8yHpy`&8A6ll*A;Ir`I7n z8F0Ycw@}H`1UIpLBY(u}h$o@+Duzqi9ygYMK+$=hWlEJ=G&zIa6_W=G(?8F4J!-=_ zBQ3Mu>a)P;i`x%*BmUyxwLP+FzRQmGCTGf0rQ+=cbYjdeJoj$Hrnr4Oc4Z)y-;K=Rf2*0ZT6+HjwhEg1Z$+-YQ!LNF znt2Wsof;n=yssf5BD#)GoUV8?<+MnCzgQmhoSUVirbpD?5af}h7+KnJKof;o8NclP zFB`w7nfsDYylPrppl$f*)_6mNvXW#$!e8Fr-mb$qekqBcdE<7=mm6yuOkt4wpVlI?Q#48%&5fouBah-0BKX7W( z9e3f>d&?Yi!FkdTE>25Ewtg|H!G-p9LSzHo=(~;bC`uljWX{Amqtm~lMt2_{CGsUJ zUqQQ{kqi4LZm+0FKW=lSa&e9z@wh{ul!uVdWbv{U|V$~;1OT&Fi zq&jY4HIIEha$#;e_4D!<>iig(hiy~qQ}WBxCbx6}n>b*%Ewz&5ZVuN2?4U~p4r0jf(f#QSn0(AsZ(Kwy~Zor{_21zkKfIVzI^v4-fEdv^uQ{ zn^xH=Giy)PR&ru^j(YI0`4Of6C%f_qAN}imHfig&EH|xhaGLsMT~01eCHoM%)^7GoK@qebQO{$f2 zCi=u&&!0tW&vyBMJ>sih2RchAs{Q5i$#qTgcV=ix*zfyzWGWtz-4UZOs?KbHP5d51 z{>N+KCSVEb5A{t=3BOT$XtxrkzG_6_a$#Q@FL>s(>Hqdk zro4_WBNpLb+AnmPc&&C)u-fS-6n!5E1uTnFb-Xq4SWS@h9a;U$Xi7~>>;7XhX0*kN zZ~OLRBf~~xE?5ZNAc{0|bxq`zscpRIY_}-cjQ1U;!j-X>55Lx}Gb^5y{-O^7jicZm zmg4<`z@5Fl21lka%xc%eK`S@wZL8d!@Wi1!TOYGY-+9^lY%c^0&z!a5p>?&oyfHE7|fUHB?UbzN-u*C_E~ADOjg^dX)j=!tMkHe#e?4*Qt^K? z2F5(QxhKy?N2i|8Z0>hCNk*va5#>inxMUn_9{+4wt0n#QJPE$Z+sNfP^zO#5<#T(g z8(BM;_pb)u5JFkut-n-3E7_Q)EU_w5+5g}=KA|25>*3H|q1=mj?$tAh&hpf!SBN(f z*>b4FpYID3Gjv{hA>-EQUQgI&+zAU#5PxDWgsg4qmJ^S?qKET(7ZxiZSd!tip9(JlVV_ z7uRSUdj&sk*!Gn@ncMjxN8OCpY?WtNjcVcR!LWt%J>qf8sx5JDIA7Nps@CxLU`#IR zDO{r*vu<8>)_D|4{CZumH#K1H8yivYuQ%Vqh5EP&A~vm-G@QQNMN>H_Kod`X66)rY zt5Ch6tLn6@|EYWEW-Pu@P8a*@2OS&7oT}=dOQn7B<02cbEyNFE=Nl8Uu${G6=;vF% z`8xSVY^EiIzQ6ki)zPuO!Pr1jGLhG~^fM83F3)-7D|4=y6)W#QxudV&R&x`! zqyOE!(Ny<`Bd#$|TzJ6w&K`@!e({Gca9ITf?eP)YgWl@%t3LVp?3qOy$AJk#xt4W; z@TcPtOVy}oKgh0HT-kf)Gn-LuFZJ|1m<|}9FkOK5(uQE#uer0aVFVZ#b#?SKme|B{ z^*hxRMMKy5;&sfv<9#o6D7D}sL5?n>@UzH3NUAHSIPTU4L*vcY1z}6*?>=0?`31^T zt{1Z9Uj~!jsSRf%i*yIu(8|Kly23-^j}!fRapE3pTL0VZU&LQ=*$DgLT5E-z zxZVc4#$iv&MD9o$c#2V{Wxr@f;+=zAQ+TI%9fRb-4ZAB41k9qSYE`zEtM}hR<>1z& zW`iyMn(dcS_x}uKADZ5ME+jc>Y;5)%EUDw(YYgWL6qQ$!K4IZpzo=U;l^=Dt-KXUK z^*S1vNO@$RY1-e-Q@@WFJDz;CfF?|F>P61e$-X%c-64&fSi$&5y1Oq@6*5=UikT98 z7hg*;Nj%2W!(hhLDPU&APw%R`6F^oOZ`*cb_N|w%QynpdT!eH3WX#QTM_qV ze#nD?&`PeD!e2EC<&kKQ5^!&flh4T=gR~8+1alxX+@an82j`Jm!9_nl^ADJ)EbXoQ z`)`!N3|RErVs*UCzS2HqARckKGm*{p!pFf%GgYeM-pEFD>~&VQvx{rV8g@96O&`Bw zuX}79fJM{2UZld@%+37Kk$+lpUyQ!X5~pEx<)WYZS`^8u$~*5;ny!-o}aO}>c03C6ojXv zr>6m$G#A>wc?3m<`Iw&PV#A|Mi&B_^pw=pTG$Gk=Zwn!a?BY&VF#HX9rTPpyBv*9cY%mJOye8N? zo%FXhw|@zz#GGV!gq4CFS}UdF;7q}%+F{?{-{0J-l;VUf#igXIJiYn$_fW|Cx5-;a zn?wC%zu!K-$Cmc2^bi&C=qhTGw61^Tn#%s8xG*-#sokKC*{rkr-$ZR|^-tM>2ln@a zba)Eni+0xM6UQ?7p@yjrh>p6TUyo<-5pT|HDX@ zyVmIp{4}DK5%*eajmSsv?Do?Jk{lIdB#t50l~%ny=uBAQh$||f)Bf;H{7jdMvU^f1 zZnu*pQG67w>xJk1Nf!J25!o3QsPtY9Vs6})Lu#xKFMi%@y=6omck#nKB(F~!Qd8BMh=#D*Rr&Ytd6l@V z(Zy?5;)ceo6llx1kKuzo-lS+Jv(Bvibj$w2HK4$&iFmoga> zW`_DkY~nxmGcP|&LcMh`BR-zA49gFkL0N{!i)jO6;}1`pr$TRgeD) zXws%jh$sn97<}j1Wn4p3lFlD^ezpuL|IVUeKYG8=i>5=}R=*tH6SH5rJH)GDE=pq$ z@kGU3<^ml3(6MA;B;DVScn!x!Y=MuA6U+}pW?II%Drr$U&f(W-9!Pv=pq^H%|HP~v zDIcKLy{OrH{%$yg=~od)$*ZtO6~7HHK;DA!QEC9CW&b@)J6K(@O7evVc_F{KV9r*G z`$RQ?zTmJ|!No#SqjPiJ@=WZ>IH%X?OWJ7SjjStE-oH8eivvt2H@$obwce_IY-MGf7{?yy6=48Q|pIl)!O&+l&-pWTw&QSP|3LX zicH~#fsNS)ovQb=|FvrzV&kv#HxBi@tE8LE6tt00dfwK(G22c8$BxN>5cSf1{z^8p zjL~H7Yhr)#1YOc+k=Vjw*c@UI8pC?(LRSJj3atuDNXarc_ZeF@Dw-2lK3y&pT^w9( zoPfs^q`EdMi4brDYWIxodw(oHZuz+X&ebI=#Xn(hwuu`|EY{T5X1ivG*+^sXT1P>8 zGAwkYb6PrJGyqt0mjM_%-&(CEz?ivAOb>SLt=z>o0$lg&^F4$wQ$1nHw{R@e2K=RSx-n+te^v)|B)c;{^i) z@&yG2Q{Hh8a!lTeHaGp84TP=55+a3NmC?MOC|SwC;LLa6ZgD%BLGor{99LA zytISoUOaTVp`fDTN5&(!&Wu+7>NF&)U00#RE1j}6!f^jegzFlap}=avxkE31C^4yW z;p>ZrX(wIT{0ULCi@dJkC+GLLJ#9LL-e^yMJFcEP8}aBA-04bnt-bJ`<}mD`{s$5v ztteI7LjA6r&kHlx18Bt3Q7OIlC#-NnKS#1eFH0J^J$#pBislvmExqjxlpM(>h;LpPLli{${(VQ)BOMoVt>>P!3q@&nRpIuCthFOZ?*pBb>{FPoGB%=q)@* z$TcB;LJSc~3wOW4D<4-(_JGR~AF9utBPVnJzzb9!R9)0&BShS1(~xJ1NO7h%qOt(ER+|eKs}$ z1tVD+XB~f|zk9s zT0#j06%dsUC8Rq3x{5rHW|w{bbk0aNm_cM4AM(v@^<=xOW6sdU zI4$kBn|C6NdFk||W^0#n>8r{o>E4oMdZ*l>Jx8zL@%{t(=$09?M~53aBeT^PG9~h6 zsG;ig{<3}8LVu5jYAvhIb|FB!-8fpRbKYQYUhqUR9c;JrSm^S;_ zj;qb0?o0x6qDfuz%Iq8|QoV=1NOmv@j1@24C}CAeJqjDdI!fi{6ASjwywL*z){aU{ zKV)Aq*uK?McZF1&>BDAhJpGDQrM6zYcHP%=Nl6!@us`98HKH$j?##43v?^+Uo&!I_ zYmObZO@9ZOLhLp+EJ?=o*y;mh0c<|XLZ@|3iv-oyA1bNb&)qWu`jq&(QuzjZZLsQP zj)6kxz=untTBZg|L97xWXfo^Z+3bfm36Z`l#TZ8-I1X#4ZTeZS+<*1yocgo~ z&5qBAsYM*-x+Ozl++a%47P=hwM4OhAg1c%Lc&z#?ztY$h`N1x{3gOB zYCRk|ikf0IpJ?4_m@O0=U9BQ3?2vEo%`q6V(3YZwyWf_KCTdS=Iand){q^QL(3Wg< zZqnnz4|^qVhUlO!!+u^uT2m?%(($V;yi3O481du#t}B&;diZ^zBG1%~>9DoeW)7w! zFBW-=Te;18P1ypB*Dj?yN73CUYc&#F& zH#J(2RV&i(aH&=Oh=GgSsTVP4{LX7~G{0!hg-T_1K*b;GklZhyo1;E(<;hQP@H{MM zpz(<-;1{Bm4rKTMg@}TNMgVw2pFdpWn9el{pcA+iYOM}7gh?M-GOWM=jzILH>HR!< zs5MJVtFLg4Nk*LVM{WMzBSAU=jXvgSPWicWszdp86sbXOgrTg=Q)xZDL=xedj=D@t zU<5s@G9wWj%Oefe$AKYM30vEXUSu?n%Lat8TM-bQKHxR^ASWwLP>G)5VO1*Tfo)~y zx)xm1+qa%)&h_7WMFUpX2&A?>Y3kODSHzgv+7^(YJ*t&IH8xg(6J&NS+h?9M9xufR zP#ReNR;<3ugV)E)!5YI-A6-UXGHk*BWl8grBTeY;+Z29(upk@e_O(V$K;YhGaHBx6 z3NdAK)<3&8i%rOv&~4_sc(J$KSgAJ%j@C%KL35~2tDxt`d#(gmKlGr+*@i|X^YF(Y z*I4Q|9Ko*N{OTJ9A{-5nMEyt}o~!*+PS za?fRZRCG51t(=V6!KLf@z?i4sQXP$rvMxe_Y5e_HTTp7c=GOGNEqH(vOuXyaM-c6K zCExbjBCU(KWZ_62vQ~?Z^tMyL?m6?A#b>ga0@R>^6|K?IqOj#{Qbnb34_wQ}A(Dj; z+(p|0HtBTBe7F^i2h1g<3p(z=&Nloi4<}QjCGtQ!ECb(Vk294js_3B$i&J;U#>ehk zu61k_4Q*#dl7*n@3#keT-{2iM2gPH2mEe}+1mA(752ootKc5fgec$4QPbK0axober%}M24E9|*o zC(@(G{q7)z!i1kyQf$lQX$!LjBe7)_qQu$Nrs>&6%BZvV##Og1RydZd+j*VrJ|1dB zjDgN?@By%Z-urF+V#~{$l@<3w6q;D|e<{cvy@~PF&ZmcWvQ{v zX}m@^+gC1IN$~U1+caX~6N|X$NS2nC*7@Q0ixEX5sni-ERJ)T;W`6p`)1Ke2vD&Ys zgys0X5i)OfNoVJ}L3&$fO77EYc1R0)y*43H?lHCCOg;VzO8eF;G>Av~1RL zOR4naFF#BCO{%f$)v<|=B(6U8jYD*H#}$<XZy~rTk#mLwhDvP1ubXu$Awt=Ez`mq z;wv{|cWz^dI|~IX-g8R1>AZ1H(Rn)0et-KI{RDIfbV7EGizOCNj8E3mw?%2+n-$xR zVLE$HH2NP96lfGzMl&{;ly^poxMAezP;vTNHDJ?G(wHsK__93kx+(cho@B9crts{+L>9)80mHUw~sqEH}Q+RPYU0bg)B&CQ$@ zD#BY-HLLS7ud&gdP?)ZsJSGnZkwsDPg1v+boXXhlc~GD#&oPSvUlfjqI!sDi+GvC;Sc{f%x#S zToVk$nkgGEC**ffR|^X6n99_h!4$ybqmuSqC#@OW{q@>Au*5*>y0Rp|1}oF5{LRrs zq^oC_&HC7nfi4}i^D0>D)X%;VRz^DJ4~-!kE%YQ3$~wUtvm!vd;Q6uP;8IadXBg1DhU z+O~XAnY6AsQnX;X;^3BQg=Px$($%x*D;J?3N>XG*%&%!h4Jq&_;S3yK5cQydjT0f= z*w+W@WWS@4Ip_A(frRaE)66%{>bf|^iH;`f2l0KzHQ z6smB1_%nRgFB+b7el=Wtbcz4r@Noc>xpRN2oA?$emIzWo=6!{r z0XajC%0?+W2L;+GwUC{^IwfP+!3#bu{;&{*`5*DD&Gw!5!0axT4%N)r=~O?i!_ktD z!kQ^*(x^jVIGlO^z1goZDqtR@Am1pQvEaACxo5uQ zLGVVS@*wHB!I|}kBjXvnj7qf0&>Dr{=FEwSKmvuOXWxd-+ z;3RGY($nj~kZy+F${B|hS;w12WGJ{F+Tb>tGc|3wJlf;f*1#zfHZ>?{!vziVS1?G2 zAK9O5p40FIB%`xTkn};(gSdKVrX)e{4x!>EB~eH?-2&Ivu^O!XAEy zpj3Hp&XvkzNW1x_jk`ps=wz-5S_&65kN0 z4T}_L6>VF6p!J#M>s`o8EnV=gsFm4!uG4Qh|EjWYA+IUU$t88`K_|I>U;+hq7IC+| zYIUH8oshdGM`1#g+6U@ZcE9$Jh3;r_s0dD6TIYOp%3lJ!x2wFbk_&Wh&)MgdQMFV7 zlENqTE{;Lbw$ZTeYB4VqU)=s{zf)uCkVIsH{_bN93!fL&Wg@FwzaXJpTD@PaQC1)u8|bo8CVtLW}^r$q-!P#f;!`eq3+OD?QC07g zG9+D?GS$AvuEFPo&_e;Ia~9$mYp_G`Hrziwk+7B#^U2xRRQPmJ>Vb=zY<7gN`&?^5 zK^qf!6gfSjzHtmi-K^8U6aXwnoSJU_b{jq_-gSw(*(~yW5VzCBQK!D}_jYMc6VgDd zsW0pWW!GOm7I2t*;#v5&j|Qwg3yw5k=x*WD7}dG0DL;vj)_&%Dla6@KuAHg`A(OB( zu>Ue6sxrZQPTG8vu=(ON9XTgWsH0Cb_8p&?M_9Ji0ZuIM@D>T84-Q!x?#|0XGcOL@ z##CrSRUvoGbZGkY+U@~BJ(gAx*#e%rf$o8Vfl`fS%_$3=%ajCl;+Po=dqYkj}y&Q?@$K|)ro+XD(aTJ`~+^Egv3EP>@lIdZ) z(w%)Hc)_06%Rn9%Y1L%U_^S}q;qXuSCl5am=Do6}a7N1XoxMLoZfH6099?tHms^jJ zZ^V0rh%X?l<9PH5p6d;mX9eSW5o$IjS+`Iqm+NQsq4F!my2y%0BP9e)pJHef>FvLO zK>P(l*)&{mtIkZ8NPyV{nRH(8yJtObO5%TTw2p zjp7|?b<4VpO&v?{8LhT5?Ugq1gYoKpIy62#J~EH3MOh5h$XbkHf!b6D93`g>Iq^jW-5>s(_M@c@`I?<>vjjaMOn`*tK|)``AHRcP1lIuhL2Y zQ!;Uv2+4t`K&Yj@igTS0=az?=c}fGPnnyvI(toJ#k5rV<+e~dPZ4bF52sHzr#@AST z1kv>JFQQ#Yq>Cq>^&!hPeT+PyHlLqTf1JXW%uByaU9gwo1QCi#giQ>Aordnub}cxn z^h9r}+~Zk$KOyec0cpTsALz=9z*H}FU=~bi)<5QdK2j%s{6oe z#SlNw=!e*PoUICV3WyuzoE%*wg{;qNk@P$B({inBTria(iCf`PwmBz`<&xd2_7eAq z1Fn_5?nQr){)g+0k_+yJMccS(;SS*0Pn~+F?^g>h(AUoqRKX!3PkuBB+mBNu zQk%7LuAZZ?Nn)E=U)I{)_x0;;-=@AWFD|Tzm+aay#?YWXJaK6!^l_L3D)iV@P^;Al zqN(v?Z194yH%Xtgtt~?)Z*XYnsUfY+CpIBrVTcY52Y}VY?C!{c5S?LI;5-yWcj+k{ z_7sms_hL_J-$8&ai!YN3Dr71lJ+}OG^nx+1VskxHH$Pwv*9>`SDatppF-8@_)R)X>Ubr=3u3=>UgF!!O!cj*e0 zZ!G3{Dcz~1!u#{l{n%Q#3z@f0G6SlgyWRWjwN*I&&FyDHe6|i%hYY7(j`_BS@E=ap zEXZ`ka$Uu%h&?K6^O_ZVieW#uM;Ja=e^{vBoymKCVK`)}?t$JPQ<6!Oh?D2!N10yF zr8yr4Fw19>pP#Bcb0$(O+`c~|(gNFYf*VKmpI}Ubri^EbC1_tAn%_ms%}E1*1r8V0 zh0>_dHp|Z36-NKbI7M6M831qDxz&$Fc>?IzrRZRXeIyiQe4j% zc}jJ2p1c_^am1M$(cp3+WtJUAT|@gz(}9Z|Kt6Rz(j#LeE-GlG@1|1bgb|aDlb1a| zM}2r`+2jY59G4%pQ#C{Xb%P(hU~QIviu|oxj~g3FO!~{tYFj9t0mY?vjS&N!N-Qw} z_fmUA7;HW{+SLJ7F9QMELJ8SZZms6s{n2eBa)Rux!~R@K{i)n?-&k$~F5#D<^L2%L zy23>`wEJ?h|B@nY`{8m{L0Osyx5 zR)QP-B#GoTzOM)SUPu_es~ufng8Li?_r^YOK)%g;%?r3$- z!*;ghh>#VHUz{`?nOPiXL#TB1;dr0}i1A#cd3-4;G)J!H5dDLPd&B!spGSlG}bY)}P-!H}8pK5vLOkCjZgOQz`PuUBbppn<7hNj|Q7-HN-KL zvC#Fn-E!ff21-UVP{Bp-+vSpR!zV?lgIT{oQvD=%q<%tD{U%rReH*2_s}GNurkOKh zDn==2xZf|95ru`9&OtT4@lyK9!ax~p32N4dEnaNRfRX*E;Rp-`M2zq@9>@=hO9>yu zQ$X`5qf|q<@z;WvZB9}bbXvI?RUX@ak-$@aSs~jl-uu!yZlD=D&LudUXr&{mT2S^O z(YYMEEZ%qtI91e(x;uE6qA{g1N@VRO+96w=E`XFFQvM1<2xWJW2{ho!FOuWdTI3SK zbdDg<4%4RA`A$oc_l-0AR-@L+NNwnD>x-nved?y#A?I%0#&W7J^SlF^9v+(Uu-MJM zuXM4?>7-s1zJv~zNYx$*T?Lw@kvPpi+cR+PyGT&BS>YN&?oC9ft~O)D+krH zS2>&0fFK|0?|VfUTa^+x0uNA0y)8H^k64H{QXyOIf|R%;bLsQViu_I&vam-3W-pK3 zP9g36=BT35svQaYIzL@t>_U%!NQgHnw|-l>WC*J1bqr3?mekY+ded4Qm+nIeH5n)2 zPWju$6*?vZ-1Cx)&@AY5cKMj~!)YXs?FSub{|4H4I1yF!_0#SeNo5>Q&)wKAXU%nI z8CJzT(-{zvA~foB3G5!M#aKe)t-e0UFP-IZOrbPkCn*v@3Iwp|JSDFA%3n6YLX?D z1rSYEt~kf_r?YJI*h^uliw_;py4(QYT2XNGte*s6?CO6G@{S6$o zVB-BR;Hby?R$Mi+*tLHGM={F0>(hdXL^Nk?BEwU-&^^y3#i3 z#D7URgL5|Jf6PWDov=cRXc7%hMOROtr5%L*Yon=!`b8ALLyBAIO|~87eg?8XkE=b& z&Z%uWr1suniKNDzPjfEb+#^f)y5WenPE80*K#2a$o0rT30zKA>3Af(zGP}IZCyzOe zORYv*;Q@~wgq7n$wfPXu=dCcl73tD@5C@M(3J z7?q>UoTE2GiM7f=Zc$K(5e5l0v<5}MNP1S~^SK~;A%Yls!7pJMH)c3o9n`|kntZT6 zj}jv&1%N*`{WWfbu_OSDl4h%jDcC`rI<&`MPcug+suOl^D$Um%9 zc$tT{F~7PntKz0fI?Lazt8tM6M$jU_XOAIaeo?KI+VI^r)7f6v+ND7h zB%p|>pLguCz!~*pT-wLqg&tp+r+=;(cz!5khQ0WJJJ)9$@@M$hh$hTN5%>d?CB*53 zzlE&p^IfjepnzFLW!e?xwCy6!gl)^wKD*oR&U{n*@zH zbI(orT-Os*+he45!Y=>`SuvQNd9DE6l8}=tF>n5^(U!l+{!Z)8orObGqgTtXGMK?J zq30K|%@Z~YSY8t}orivrv4pcJ;8!ch7N2Rw23a(P?azisk`h;*v$_^%qwZ05+Zg}( z!gbzad9{rbj|8MX?NI97E7+l)-!-bc3cdzffLUFt&UE&qGHCLMP!I^er9 zX2RfE6+7}Jpo)Z|`0Ti7$qlVi@BfA1NO!L0gwm_X>%!yXf`I+2#1j(}1}TQU%$ z$VSDlHjrM2`qdG}FgG~IvA(b%2xbzhs94vb+5HNW47u0GQah4!0JCbq64JI7NcpkN z6ck=`Q!Hwkc1c~Rgf3S_g;?Qse$55$kZ@k}yV$kLf_Zfh)B!)3~^}+N995wARM~`}QLfle`1`56G zv^sqU3@dj4uW~aITUb9tmpg`p`pmPr=LXqJ{uwLqa%Y;s(8GGfn8~$~_kX}EN!XmG z7~_+bU8f}w!KT3@leO99*xp*?o^6BsttdmsdyZl3f@5AM^9~>Gj=&KMCx|)%|nQ-hUsDeF=o-WAB%+;a~SI9X3EeFi~-=GRK?S(&H zMiIQzjNm$`qj^CoRnT~ zlV(iyyH3lqh=aW-@W-3+8>yAHg~Shj|FzQ8XWk{5lX9 zingn-O2~SIm4^FYdcTr(@s-oMrliFEPZrtF4|4wOC7n(99H(d;t+QsPVRFbP>U9t@ z01mTbao_fwQ!}j^etE-e2;nJ$WKkf*y@;*c7U$*%UMF54RtaQop5TKnabtE_!FM?YABQ zluZ#k1qHSoDzgM&$uY#lUCHm-73L0N(?Kp*Cq$4v)G+MtV1lKlV-Njt*HS1X12c$F zJYMe9$c5~9uQyx$4*Copt-dYll_^Z9HcLjLimu}@n6?{!g=W&f&ki%LKW(*$WCe}H zD<1$%987uyo>iPk*BF=v@$sK800ZBdj6%T`!6wDV2sNal5)MhfN~xVjYmaXg$=7Y@ z$@k6UI&CT3YS+xXZi<;KFxrBnL$AhIB;dW;bOJm`>)BNx`p=y|f5q(l5mUyyckeRu z$%(omtWM#*d=Ay=Ev2EzSW~{&JKbvqp=hi&<}Or{!_X~x&3R2TuJThCh}$!Ax^$J` zMts#>Q7;BVls{=QFzD@f^B#B%LrKGrtX%X{ zKL<2MNN=9N+63+z4_6;Qo!g=u0~jcC(H_RkvxKNz$&@Dk>rixEXLzN ze;|j>VotBZM*#!wxF}7~rTfM~os(BZYZc}gE}w#Sp_yYbF((JXZa%F-vZaBT?$jn9ScrO=$?YY!gn*P%pxKTH8Ofoq4K^x9lHL6kqhX)k7UOd54coJL@fv4Aat%^bLu3Uq z`v5ClJLjY}kbYQWvtM_z6h)O;GKn=>WUyvh5r*F%PqfoiqIj8^^B_P11n4KBn=;4^ zalWM*%VG+l6Qq#IktSy=76u^(W(L94-#$!l)aUTlltYV<09O!m=~df?9F?SMPh~s zZsbLn0Qh_eoy2V+u*E^o0?vTQEeB!l3>%gl*q?{e!o!%%nh`OC29pCqr#n-F5KId& zT;#!&5FrJ(a`-k?I6?)+?AFLBC@CeYnI*X*KMPckOUg$#jF?ntl;Ruo~c$hoMO*<`^@y$y3&&UBplIH7P>AI*>Wh z#xW;=6+|7p7a*C1Ltao+aEUlTYeABu?u)7ps0atuF|fWV-AsaW|LTVysWueXxFl~5s_6Cl=7 zLnRUCJY-~7CRRrjAym2*sO5zWobAM}C2#HqNc8q|ulV*nd9)xue~7#=$^t{#w-0w! zBV~?Yh87lm3^D8kwsTKMQ#F#<9;DDK_OE{UKY(_k{~fe5SA9_R@2Q=O*Z)1WGvGsA z*ALykb?j)$nqS+iLzkUJ(iYCk@1?#ki8qxqJ>NPJNzta+xubKXIj(w~f|DWM`=%tQ zP&k+i9ee$@1gVLnkwBX%cD+^3OMkJ{svxTl%TVq?z3Y~eYxzKWo|IL zbrmv5;BJ2Uv<2+;?<14!+>c7IW}PKwc`+>;(b9r04^BuwY==1Ks!lZeTZ# z4OY5o7cUlDr(>w$;Rj<@DxkZ7!*`sW_io-PAX78u%`>1s>p02V1ldF>=LylU`V{*< zLw?b9M#7Cit?qZMPAhHFpn11mdQj*(-4YYFM?SR45JUwNVCXTMbwe{laag)1PMzA+ z6XJ;vJvZ<3JlZJIJ@=bo5BIr(hC_v&!T)t)r*s(4kMB>4wff`2`eXtF+f^@au+#I1_%Ln4a)0p6KpIKdLgtJBmp zfY|lbkUW$!w4OUKz)6QYi+|jt z%3dhuJN^gEQRrlGtUD#3BPSZMKK<`bBOs8`&?XHC{q+}~i6h})Ke(O0noE@V?{kUn zUmq|v|EIx3BJgd)2a39Dt*s){k*->;qy6X3KhqMMBxcH@@UU>1OFtx4i6I7pg#`7pz1(tf!R7w zrJF*J+pj}m#NaO8eZi77AG4|{?1A{FSx`{VtJA-^Vx80xx}axR)dJ4CY;5 zm&%#T)O1zJ%#A4R{x&&sk~Rms$N1o8KvwS_E*3 zTM!uo{~3&eN944+EdZu2?iPdF$hOxqx>9Otv=HMbKU)6O{JIGI>2l~Uo*OvoOG9@c z0>r?&X9PTDiazrTtaje>TMq%*$Sf${sqjeq$=_@{{>tAVa0UE#&I|eFbpuw7Z?1%qe$osV6f3_2zd9(R2!bmVi!h|&RUqEGgRga-o`O3aE){l3Q1SH>^A>the8 z$l1ufnW{5c4{3((TInT)`+8Ide6q<=PKig$!4z@04{ zXNO($$~O85kbl7>oZvGj@emTBqX@Vx$QegLa|~$R~ku|Nj}6^T9vVy3Q6; z3hJgnkynku_3HN%Iw_-!WZW_4aZe(yG&Qs6drrINjqaJ9*yoP0c zqFoi`0r<4I1UTRm{NxT|xaJ@h;o0lgthgQ$Uc7!|HG(`jY*>wNb4^mIi`rygOCK!Bxp8= zWScim5&_;sf;(n*`j>VcTb=JtL@#cdl~J-EOoPcjQJO{kXE07knf)g0T&t&20xX;X zQ`UW){#*rywgsgDEJ#NpD*@#t&sbZ%UML+!Z!4c|i53mNI985DA>z4Zd}n&MZI&8= zFM$5{eFI-4cE4x2r@xphCbiXWm2&{uo7>K-7SW0STgry^Vnax4_rMbvQlNPau|U+Y zpm2gtQFF?NinFb%cXBxvl|!aj&2kIauaIe$Ae}Xtz24(&Bnq(PvyIsbx4yZ2|Gox475(-Hpwe06!XHx?Jw!8PC8<&O`@RmrSm@_0_(;_5!rjS`KAaYSV)k zopumnx4Ky$k5+M7Aa%!y$9kLXR6_{?Ev{-@Keym|zO_NDjziw%Ro84z$1J4v(F)Ck z2Dcmku0Op{t&OjI97J0punLIRjm`L4+1|W|RiTyJTo3wsp5mKr?#T@!c@UgY;)WMc9gO@q~1xE5)T4 zcsKGF!CyeqVF3s8M{id3DNM~XKW^Ul5)}|6d!do~A>72p*m<@3im>2tCT>~E3Kaut zd0JMFgpW%bS0ABYFM!7o{IWoP{aCz3enDY%$LDIsN@1TL5ipFEXS|a?cyt%G(saGI z|DuV@a5)PnVHi;F9w)wb@P7`1*FIfg5A5`mS%}AiP{^h^i)>}J3*V~G!bltpwCtw1 zTWQDsu1iyRB9Go5nL(+d{>JzX5V(;uu33Un4!Lk-tnK|3-D!%%{j@=qNMry$3D5rb zi2n?g+}H$!UO_OP^4yh>i)CR2yj=~D;o%Lf*>u{Hw>J#cAEeEqI0Ux^#1ND$btvx0!4(Aw+JRS+xZZRAo9%E&Jwb;}5m-FA5e zSHy__S8YM`rDEGiIhZ5ydW!=P&-E{2E>$g5reD zz$DHAxR6(0dr3;(<{?3h5FtfDPtV4UzN4hXA|OBm2^274Ct;?UIkl?-`NVXmYrIHb z=v-&xkhSMC-QOziL69nE|8&mNv$yyj3o^LFy}!F_O13NF&h7jwVR4*re$6aI2VFK+ zJ1?wB9!)K{ufZ$%i4*H}hW$Z3I%zAXo%kXVhkDX1r`~u!Kpz%ESLEJ-?_QQOoW@~n z50K2aaxAED`c@U0mx6;Y+0_$s>DYk&2BXi3Y8(e06dQVz@A(FDmuYtN{nBGd;H>)7 zdJ(CWY1xH;SJxC(TXT)TEXAu=J`9ZSqMk{|G|VMjGTCIDM1#+gLCW57l9aK{lf;0K;z~qcMCC~t)kcSBSZ*V zby@SsqKV8Eows_|=z~7KV)B}hEQUFkh4P2B*|*bxq|9`TfM+D$z?a>p$HQSbfqTG9 z#eI$Q$i36t>Fq-xTfKs8ln|!!b;))(571^z#Q|v=}jk@EiRL-;oyw)A=%oY}Jfh zRs#T8Nx%T~CU=cf;{b7xm(qkJ0w-g4+X2F?G_KXZe=qS+ShH^z9zXAzYxR%JQu-^j zMt{tFQ^CPj5L1)LP}Iyk7#7iYJ@V^~t(3I1%XjV^{SgF?&xaKS$#R5m9-&&@^qX7U zFwPLmfn-)4ib0_F0@a<`6q@^Fn~o~sQv#O{Vlq-T)CpSP=t(J!fXO81rBA27gD;R; z!e6#v&cui?G2hvk*`X|6y%Z?LGUk`j#{2JwZG0Qsu5cjPb*W)zY5#7rORKjQ0XOb>{a%w~S$$ z7;^LoNLCJ>+&eUG@@({~e_nd#8p)%}DTQ4-6ncgQedU{=^_+Piql~%Zi;|g(nrqD` zML{U6Els+Fn@-~!;gU+`GpzczqP6x{TZETmc0t09^JZiC%B>aL@P4Bb(l)O`tg^U%JQBKgZrarzS!EYq(E5AT@UZ4U+f7KIM5 z$Z1(g$n-&G7eJ2;0$CEqj(?ZACpFK@JZX-&s2Ccr4x}NndzXcZFwtj~+p$<95kg$t z+%}0)k`Q`3^5td>tc{It9IiMUg<(LDAbhxqD`-DRG<>Cr zsjBO@1`K*B@_e)!4vMRn4Z1RLv~fc_SbLRGAiKks&Sh|O_QgXjAZlHlIbljxLtg9J zwf*%C4Z&~~2!qq0Wu}|$Q4RJwV};K5`m_p0xTotqy`IA>;H;oPC&qZWf-%Y((+-op zvW?GvOBcat8L{Ah%;1W4gb1!5(LmI)e@?nI2h@01ib3m{X_ESA{;=n0WW=%A!GiO% zb$xjcx{^qIX`LhpZ0EQVNU$(1G0nA%B<*mkB~4b8`q7HKe}qg|MHKA}nO}y93LI`B zLQKV`U`|HhFIj-`rLO?sgT@B|VYz&+6KEx}OT$KsB_A1b{q|smev9Y3n|5=H+@?S% zw871tNbPZ1sXc_cXF4fnmJXjoCNwTd)J6bBZYEqpi%2m)cOVcC;gwdoD?Y~ho~ZHxHuWv+TVIP#Fg)}TejDVIJaZi8MEJ-H+E{K zd^+tG%qAT>FZ*Tp6iEK?M8(Hyt+HEk26p;=87Xvz0OX-Lrlgl-qfV(Zf5N80m^kJMG@vjOW`^c5gTW0b;*|?A zFdbEBEEUUn^2w$XiS2gHz0T0hZ0W8+hUJ#VhP_`)k8>gRl?t7Lky3il>fBz-HfVh@-bNZWxUAOf?wuNVqMtv9TL zigT~^t(|`ORLloIs)lvsAHg~%ItHD=NsEAgUY$Km_`wGU^Q5=tux{pGANn_uJ^`aY zig7|vfa(ju7CYj&Hm{({j4nzEw=T^!TPL?rr*dtKxJ2k^x6qy?{?nbep_)wVsX*7e z02NqWvRL5e{$S*wsfNh5mzI1m!okvSt+3%2+TbC6!7vds+8SbX4)X2vY|PJ%3A@&G z-WeYjgW>ZU$FJ9WW3GU#kE1o*)l`hB?VQ{7FYVf`?D1WSgr36u?BdyHzc4LbiMY>y z&DdF+VS^o_+A~NicxV}B@ZwuuB_qJszQOCZ=@kN78R(Dsf10urnlo-!@&e&Z%C{Ia z_kkUXT;j`dZ5Bk&fl5nn(SzfljP7*1NaxZEK0lqOF4uqXEiV&K3H2jwHIykDf>%jV zo4s=>Pzh*Uhj;4OXU8&LjQs<`R9l`u(re-!FDsR=b=_G@XW>q>Jt^9aFf2A(7ZSo4 ze&o$4NdFoL#C&+(t2Ds(H#}gT;Fmy<|HlGr(*7pEsdUBo;P1o_K0^GcU> z`+lFTBy3G41VPXV>9GyB`3Sl{(45KWze`(T-W;DTnr80k6uTI@d*UZ6^ZW1rzsjKb zMaKN|AMnp0wEt#c&3_$D8DyIe-6i4?H5TmhtcQXpeTIXh z4u&RHQ?qSu3)w78(sama=*qP8MmlOJL6(g8>=&obidAkTz@%w!LDu%ATJ0a!DD$)p zJOU8HHax};HN>3WYsqhJ?x%o+tRJxp$gvom$qQGJ#283g0|0;ZEUF5w7b3Y#J!yo2(v1ACfk#g_TP6=5jla@@91LoOj9`48L`Fuad4`duJHr~UN6$G7n!5Cb+9>EVGc-QykEY2`LU^^MGH9>z?6EYMS-(!0mWm@#5;(uIb=a{xGjna37<#7pcf7b>J_1F z$76r2O9)MblK!_Opf6krj7vfoXL1hrQX|GPQg-YT%#tu~k=BAQ-Og62h==xp8Gye+ zr*LUcqk94n2nw7MWTY7c@EdTn$DPB1)xq5!hh*n zC_sy8!rJTO5B=0RMIxY5)KZA-F&id?{d$Flnurr&Si-Q7x zb6|S&9S%duKS8z8-rI{zbbfgRhVEsUhr|k2Bgw{)3E04kKod|5PgC)% zK@Lm_a-povWyd)zi>~>}=HmVsHJM)PqFtaP=C%=Y+(E z!~Tk@IL--9H*`54d7&)Z2Y-fayH9$Tf8;aL30oWl$#HRGl-Oo#rCLkWt;ZkA>uG5UP3vRg#NF;GdR*!_ZJiKyQ{@FIHK|Bvv9yXs$qN1`8o zw$wlkA~~!ZnsyvoaY?PXhkp_EZGq>g8KI}*&QvQtp7BTFY#>! z;ptTso&p)fWGI>1c;6fvWOgdOZbIGNYL1TVLb|el1_{|b^tJm{z8}e_IwRT51XFAv zAAle23*$G`#l=LjAx4Ez+kb!Zg;JZz8X>K=VLBWKjb$Jng++e6Ef}W$5^YQp&2Vj~Y ze(YH$W9RPep~_$)HAgRzuMzSK^z|RswK4mPOoQ1j$Pan;n`KuhXr-@}49nM({2)L0 z{)YV6_KEweaV;w0|0((LXL&8^h(iZ(Asj+*H|D@KQ!P5Bnc=hO9kNcsxL2lfuRY>K z90Lp{{N%Hgw$yjZY^a@*QtKpMcPOj}kqYn;M#jA7_hS$|iijsBqc;`)3GIP`gLC=+ zl=qnavJ7b5h*in3Q&p-%SAcUHfrcj+bS}l}>>AH*1BNwBEJEy!ju|-MGXtQeL6QWp|%0%|KFK<(TLYp{BZxb$E- zTEZzs5K8xsTzW_f33P$vU1-FSurp*<#hBcUHNAUQkN^hSY^w#)#PN;+t|3R?e|Nw7 zS+DZJ5l8??K`4s?5+YMc(e`yR{KBn5clL)AN_c0#qaV4MHX8rMyq0C+wAQD{`E&D9 zos=TJ$acEb-GXG1i{p|(LpH-+;Ww8ePBBtQ50wlO@(Tl9Ud|6dPH;X9RSS|k!g(A1 z%0W2HNvrB8isz0?3N0VRs#JqEZl=QV-~fou1Z-JU|2K}K3a^5$A4yVx%%I-M7-6WE z#_LB(h8*xwFwxX7cl%p&5M)pl5AHGEd&$Ui?6iI}6E~vnAq))|b?d}joq;%WIYbwO zs*WFy;-~DNd&Chf4*UkX2MJ(6fSE(DVf~V*7RuVIcjcTG;Q(qnFio~TV~1mt;_T&wbCo&Y%viZvMWRVa~& z!DGsZ+IGd8B)D3N`QUXtul>jx&2=%{V~l9LZ-i1pV(VFh(b^n$U^Em^4~SKWHAx2T z8!HGCFks$Qit&ri>8lWe}Y7V#DEMgHd^8_`Q<#j6MR7tm}OB48nK_z4yEh*&c9K zLj!UA_nWeGP-AMnrZ6H$N6okL}_Lmg<*@v*0YMzJ=*xPL|FGMd2;7d6%1-^e2)Xul)~>nVQN? zFwD>>B@23!?ETX6#!Fba>6*&;MVJgnMmRZ2Z`c=@E9rxMbDd(;rlN8&BJ^OQFYUm2 z7fAdm=zuw9bAsDbLwip?^z}vD#jNjuD2e!%@V|EIi`ko-Yf}^wNVYBl^${LUgC6E% zQ<%Q^+Qdl8w6^YKtX5?O0$wABwbY2k!g6E%9?jiHdsm(gt0D1eK4{E zKTTvIl+l3vh~}Od3sY*QzUONVEtSL=QsG%ewEF`C`c0c zv|#g(a8_+F(H2VG*mB0Kiu2Gt``Ch+R$U_ zouN?YL!t+zMniCO9cLCKgY>VNO{pfXlfRuirN1v9@>d`O&`tWVKlPc0*w9DpM&UaY zHSMn1Bi|-~G5}byEkVhqcWdVNIa;l%Svys!I)w&!5$n!r1|(AKWf3QH^EHaHw6WHZ zo+Eup`H-QD98yp@OrO_jd4HVl01sKgVCAUntOVt4or(;Ir3h?@t(gOI|U(+*b)QZz#2Z+*P}(6XWaXhg3deP*kYX) zG`cQbbx?fL7XAOR_ts%qw(GhtjY$QZy$W9I<%n*{ zTUWF@+u%|u^43g7cDJ^;)gMFuH@&7v(G?6S6ym^%1y(2|y^2+wNpZ+v#DL3FadB}E zHuC01P*ZUqn5%ck=EYFvR|SwC)b?k4+EgKR3kVMOM3UaE2}ZD^NNifafYBHGc~MEV zgl=F@hst8b-GvY|StP(52)Ps4&IKecF4Od%ntfW`ziM9&N#1!>`EQS67|`5tX$scq z!b<~Hp^gaQ3M<=_qEFmzyTbKCu7@uO8bpI8w!Mrl`B33_toQj7FCGD=p@**7DHU2| z#(G5qs`^k9pVkxyL5%|i*5;yq%$10emyXT)e)?@G-IRg}lz|b$fbAT}H-KNDwHzr- zQ($PaPu)QXsm$y_*`u|(Z*cI8fEG#)zD5>Eqfi(jlaz;!Qwq*9f)ZD$6~eP1+JZKT zR@L=)NO@f6`mg&c&hmlwJmP^KUBVJ7H4Z99isdX1lbwpbYkbIfWmJK$2_e}zPCas% zd(zMNcwKS)B{IGNRjW$0I6B25ltYX1{UVUrKu$(j_DLAs?!{oRT3I1fZV<_)6Y@rw zhz%JB8M3FpNgB@S6~aUD2}?opUc^!wgH@0vQ>Wk~Zrov62%o=vO)(q^stc)WXJXnc z>G{aam#VkK&F}y|SN}_@GB}FtSlPlmVXI*#1bz-#IK#;%qSJ?*L^K?@$4{s?amp zx$X6eB%*)4Cqv^RW(o}JW~fy%q>RhH08L5Ymaqt3aizg;cJCGlnSt&siOM{p)Y`NL zS^o>j_d!|MQ$6Wxuq^&5@(bYMMIejct%o%9{|}f@q32SPy!hJPk4$~I>@1&kR$huZ zN9VE=PYn`3ssmzAlt_6k50IlnMW5wiEyz`#(+Yhoi7=s$2aacGw6yO=xpxBu(OT;U z<~28&Sl5C?rg_dBQH}F*M{Hjaot4)&{zhko#|`#G2sA2Q8>@omSi(!0eM~*&60d>& z5l)S-i(sUIWKpq!bOiN(8Bsy;4ir>2X4)c%(*+G zKwZiP_oF0#i@}y5ca@GC8^an%v1IP3Ozx z%Cg=E%iOT7Db4s6ocD=15sB{wUxVSnBnIn&6|*P9$D-ce*lL;IjT>Fj8`nEQMPafV zv3msg(nIfh+JV6{4agpj=ln}}gqQ1ZMhxlgNw-&pfu1n5-qCXh4PF>>^*%7r*RSG| zj#yl9TvT zR7Lfl14=4y791vTSrtAQ->3vax(Kv=9)fD7UTQfU2Fy>Ih+#aynZ2Nw#w#o`)2I!I z#LK9H!Czn)gY^}3^|V|h!3GQTQMUHQEeNNg{j=&nacsCW z?dAiU0cgsu`%5f^Wp+R~`21?Gl};PB#a?`Fs5V5W5PUykC=EaqP+v{_-gAwYzf-A@RHkLf)h!kGogMcxVGq!b8PXGB_a%?|7WYdpcja68`~Rw+)TJ-~ZGKXf z{~dl(WS4KJ8%mquynVZz_0apqphSdQ{q0AO;)jdq-IK8N-D~2Qt1q?YgV;h>P*sa+ zD0WEG=~Y3ZS|)+9HkU0t5NLoPyy@-xN2UEMKM(QgbY`{GXcUN~{Cp>e=zopnzV$bI zHasjQEX=%h3>*=!3ioC1+ul42dS*}^>T%ltH$9~)g#WpxR3X*TveG}ZlDh8lAFQO> z|CyDPjtp2y1^g>3DM%{+iIbE}$lKCi2DMvXhmj8X;{g!+HAr1eR&cq{+~=B{LFt&Dj;fY z;0h7SV{`#%?0B}c?#4F^x_k|PD~uBA#(L-*9As=n7k}z8^oPode%(M+=OGCM@ywZqJe1lWFT{83z7C?1c8*#Wg&<_O2Yq&KuYu0f6yzUC(U0+#XQhk zHB|rm3@t&Lh`04=SUk$MiYIYr=TNe!vg0NUD4A3H|7&%G1vC>q7^&s0dcdvPBh?{F=_IWBC9QfLX zuUH51T{{U*3J~g8HpPg$VHt`1Y2YHPebVq6Akz#qTYbhjA_4+0|Di1ud(GQ78lc*@ z?izSqR2R60Q=!n0sUn-~ruaATlx)dBb*?Y&R;4$H96H&>sfdRtkYW<>-iwHDRk(-m zLC=|dJfu1^!O8|D!E5vzkL`Rc6#@9PdfBr$Y1|L!*Xc@Wz(FC+2S}2e2_Rt)$c?VI zHR99g0~qAu?!{;ii66P9_6H&ZsE{rTG#%C^C= zP4_Q$m3SzB-qWY(54dP?s7Nv2`MD#swmZp(Z3)yT7baz=_~*?E$&ZeFMStG>|D|7^w%JE(uwH6N z@3YK$vca}X`NtBJuyy-eGq8@KW{wR7e06Ru4eGCbygsA-8u4uNX0TnrXsxSJ&&q*- z#?U3udPEFWVA$BrNSXE#?G~f36QhPk%ilw2@dEN-Fb?vBV&J>B_Q9dwzk?lms|f22 z(QusYR|&+91va1S7iawesRJE|7j^UUF(q@&vrR1(E?maLtP*tI9G1+8K1*5rDR?bw zm!?0JY(E2Iq``AzD-CB3VU#R_7~@S_rvBo+hHDM{78%Ft^#xxUUz~`UT%4owWjB8c zc^DRIXTGf?yZ`ev7B$va(Uq3I$V60omdRU`}h%C-JWv#09@04@T2bor*c_{qG! z;w$^8yBg!cN5zr&H4qt@;CT-GT9_jKZO;UIhk`zUA-nDxjgfzfwoFJJ$N%Pc$vUG_ zqmQNJ)n-^`)qs*ebfmytByrp7Wlk^6O)%bDLupEaYsvIC4NXLCZVaC<@+H$bTRup~vjltHvb20O@)Ld~C zEjp@Tg3$fbU~_N9cv|t4m~xB<>QG#l|NNEN!x^QQ5J?g2ci(LY6zDs%Y=>M*BbD%H-h>5B@wb`R}ilD5Rgw~q??WRL8LGLf z^#SqJ8s{s5&mSsvanM{|`ykuEabpyL{^40bn+_AatvZv@wF2G@nMi4x(88p^2e}#W zL-~7Ym76$JM~0)S$je8r#2wp(NxelI|>)90T;#^-Y zG&dgrIJ0&s-a++nSQSRuN3Hn9g^{0Y_8tBGsaF$8VXqrGomkRb1)J#Zm&UZPI32L$ z03B);zTv;O#L93iWt#Z@A1tw0I^%0gd;I})K@?A5GW800+OZU1!AAVvq2=R|Z@z;@ z*1_#Am>ZE%p_167+Md552jNSYuxWp?I)-rW^y%4%^4I6Bi-_f&t@&Mthe{4{-}D`R ztUW4L=uWs!VV*}}WU@|g0{bQG_n)1nM5Zd6Ch|-+ZVdiY#T2|>P7Ulez!#P{%cB&X z_9f|`&QWaF8i|$LGLa2?7+)MLxKU7b-HFVww0c|8>0|$dI|Q2=r9Yk-h8Q$~c}bv+ z6GwgR`s-F!E|EtmW4DGj%r?j>Ru~_MocK{jGLZvYq1m8Vi%!2Y>`vlf=RO9760??X z$H-sn%o%k$DfcK$katAeIG?yG+i9F;T&*qq%FBevv;8hgf~LuxpRI1abIfGbp2sNk zLDGLkG=)Ej8pqOU<7UKQ(zWQgUl*~ac(d7mL=v|d4V>CFun_>$K4Ry5J_~6C$l7*y+1Zh9z-lL zLz)ts9PcYCVs5&(eTtiZat&mR(9sB;yQ4YqE2?q;7ObtSH|)kb5FY=CfRkBe6NfS? zL&f%MsR4aIIxCJ@HKT=6;?f5!K$XI3CItjkdUl-_b1h(G4K!1xgTDwifeV`dq z_@7yW+4?s8SFORiL1zf8ek9;vM@rLRE7rkoUCcskvo&Ibh+-u3CXUXovw$_MF(ShP zr3pmD2sohjAfcIv5^6N$^&+lH;Q9?tKi$|flWbmx9!X@HzMMbwxw;1d@A!uvNhKpU z)R$_?dMCD>*pUXymWT8I3UEUXDAK=SkhFq#{+|Fhp4BIjt8=K%Hk*b=o^h}s0phr# zpHAGgE^S#0%_co5rpQ18AP0P&h&aoSq>mi072Bf9|{YSqGfrG6Y)}qm_y7H{}9Cfe(xT=h3fusQ(#~5@(Q`$-WKq4tiYJ44GeTN1OgZYzQ|FX}P z16JKG@X4I~`9)TTlNJ`y+~{=P{}!v_lb9B(|B5_5HZd zEJ-+KiLy6e)RBC^TfYmP27K5t;I#c>(>am^zTAT*g%9OVbF0AYiDD~me{TD!iauJ` zN2eS~UV~$rmKj-~_Q!uyd4hA5C&%Ib@+A>@BApa^YL zkhGI;B#A``Z_ZK>#;Y+Y9KIXy1cv?XCD#LW4KRa_of)^t*EM$m$(8XvWcF~1OZq?! zyMm(SgM?llsMC$DjqFGB`6*u}q7rsiR5`crG7~li1nN1=E@UokJi-DXM;z|3UzyGh zi~Gah%WrC!({f@J3HHhO*B|yuzu}lVo3o7bg>n@Y&uPreM(gLn^;9JhcWWmGm|7;9LgVCO zzdJ2w=snQ;E7$E1N}nHWSeDW;^`**Bwn^xz;;wAw*6WHw0rZ0k@>c`shb%1E*<<8m zTCkQ^cXS_f;exa22d$I0!1KTm<^U^ev0YKL8m?4i($*s3%5(cXlx$IN_ZRfFen<)^ z68G5#P%CfN*E`H%q<Z(WG>?I>|xwqSa_Nz#%Y z(bu*fxWwywu9iEf z)?>B|KJ~qZg~zB=`IY>Qnics4;SU1-m8hpaqvjkI!wGmJmqcQznws`Eqvo#-ZM>==s#?H@sCFX~QO*3yg)H8%~$*d=YgDqS2Wr6?s#UHQf5f{eZfJ@Hvf2PrS7$-bh6bzsm)IU zJ7a>E9g!#AkAA&WxxvdIIi{C4++UpHWLiWMmjMI12`X{*!_7O>=@Mt#L5n5JqU-kg zix(L-5&?ZBtUODvu)efARBGMiK`i>D-@>_avy1&rz(~wT^XYerOXJE~IL)j1_G^@a z!O^t$>v`^N7g@2m*zpO{`kRRSdh(>HiZo&5UBTI$fe&t1`pu&`bx(Z#`t|2tqQA71 zfx#t+ExOY+J$UzbF2FAvsT$9rmPjuKRI<^rg*1T!)6VQ{07YlsCq6wr#@dVVro+Oa z*UT}_>^yaQc(y%TCx(HM@y4ErlRAISFTLtV#k+6QtrmzGEir@8T0Xb9)r?j}xHu~+ zpD8qRc-a27FmATL7_Uw6n`#mnnjf{WJ7}J6VV4Dmgv_*xD$pxGz8AUuQ;Ax{Tr9Zy zG@}Czp;UyXT*{2TiHRg|!k5cNJ)E0*<$*=0r4Q2{Ci2aI}4u)l|&@e4hQ`(J+V~ov+fX3>UPARX#??R zQj;Gr%E%PAG(K&=E{*Ppe!d*%Jw@;;CkYdSUwAgoLuYU1-_kL8?1#jUjMnBmL% ziJW+m$DU4c*}Tb!j1BIWW9SIau}7q1STm)5OUHPJBo5Uwn5!bvF-`_Ws(!QuSgT&I zI{udTaRlCHx>uqX#Xx_7w$;vbsvhBexO;j=@9RY2w`Q$UJ)dd#E}3vdItInynK*nF zq+`bTpPRhlm?S<;YU3g_K^R|LaN?E^5mvKFvaS_%KFco7Ilad7L%sYH<>SiV>%FdB zys?-XTo4)8c2>vJ1TU)L7JiKZ}^ zK{C~#L?R{2Xo4+WJ)Z=earHXf*?Yw!jw8e3yW4f!LH?&ea}cp+CZOWQV$q?zEo(wp zu%n9yjdrVQZAs_cY2L+Wf}va!FROwI3WQyRY~}~Yd0SN(UrHmK&(EKaSvLDH9=Ei7 z)pa0sd)of^*=06iFIJa6_sGHa1rNz)+FUcca?MjF?15tyaQDlXFJCeLf%V>By5ZI7 zCWQw@8hVif%OR{xa4%TJ390;MHcHd#674FnFk8Ol?MZ>@Pc4k$-(V@#w{ZygxEo`8 zR)ccaZ88et3GTn~xe%Tm({x)fMbieQWI$R8#aI7Dp<;1&OyiLmsP2;xJ`h@J1hLM1uFX+tr!yC}%5SsJS*hh-q9sJT&c!Qi74uE@u%8jIDPs=t9svgId`tMA?v<`Pk6dnlh_lj? zxj9S$9j83?#O&ohw{Ksj2J~tz0~l zPwHNcTSUNoR*-R;?u`$Y--6L-u9?MdTb1^z%De7ZZ}k?MioA7V6i7=wFj8U}%m5>$ z$Vlq@_r>Wy{z}s0zRLYWPK&yFp=r;wu^~p7{f3S>LwLCO0nj6{=7OcLD^)ede|~@O z)%5-`L{P{iz{|_KN7w4*f*#r01zPE0QRlwoIs%3`Zl#!Ag-RXtBkP4JGl8+xc1aF-p7=-YHA(yExeQL;14?68f#>;haYkWj`|dmYe7?~tmPE9b*<)H`M&31nUuP3n=_OYZrV|v+_lQ#dO;`5 zx_xZ1`(9zI@$iz@YnrFeG@my$L!UN{3|~4?^J_ zNHL;_e)NAc%cs6#r+%Y-EOEEVn$dIMGSh?ATTu*dSmBDs=h};gjHh|HI~~hNCC4&b zk6Sxi-~a7F0!_c|6zettqK-MC0eS}*Ir5snate~(o@y@ zC7NaJj=d}c%V@YPAp_c-Es;^^{u3|1F5T-2!IyUQqv1VsKW(ibXTjU3T}1l!9W4f| z?4g{Tw#SRJDGCf-V1T5iXh}+0?)yxy(c{^}2ZoIegMp*^t5-qB;kefQpD0?pGefNR zx3&sK4f*CBeyTj!CVWd_W(pg5ecjz!*~WJ zuvng9VUW#w&7)UYds-`_9zX0n3Jh`HIe%of?CYqgJ)L+Vf7eY-Ypj#g85_h zlf9`rBsYiph<59_AdnW;(G1w9Et^f5-#TVQO)a;ZJez6Ui(iW$cIryIc;Jq7WU*{3 z14o-li5l1B@woo`D26Xz4RamVC{{4yqdq(|R%XOt$`>KO{_QGSt#EWg(*s5fYMq9O zF9@d7yHqUNWFP(zFr5YeN)I@l&);#l$40uc53#K-U^+kqMZ`s5s!nro)Qs_C!9~Sc zL*a-b*~r{y+c&kM$t4U!+iW#wwbod3EQGc}WHBLx$5gbo9dsQP9Yr`K)6|>}LY(1E z1rNE}jjo56B~i8*aG1npFt}w@4?7jqf$9rQ>CNB^p5T83F{#B~jct@c#>ck}fHHa) zC(w}IgI>+{YkN&zk(O5!oVR%OvfrtCoNm!$$LCJ&ckd{A0k(XXJ9#>19l7H*SF|7P zv@~b7rv5ZL{>q2wQ8T!kC_RQlvi>!#?~flIOnmC@fNAgi)N*zw+S_xR&ySawgy{3} zr7vA+JyoM-jm<`|c$ey_L>~J!e{K=g)ARgoW;8!!A+(8c9b`hm`S4bux>19lEr<~< z`DpEuEE=;LnVhNEnU?O`gB7_n)sf)b*PpkyUTAAQ&KpuzgoXB4`#xlaU%vQZvm_V8 z$qMych#f!2@^xIy)`D%^S%*V!RUZ^z6cmVWOH03jOA0z1n*+nnh@lbKj}r}Z+`M(` z4Z4LI-U+L5F>wyd<~-x@FkH9pTeok&UAcUb7nfN%BXD3yRUYkS4e{!x;soPu*9-jA zFlX~aU2SvaMF~lfie)aiGkQc%xRL8V*{REPHh8eTlD%rB@>c1ovf8WF-t4wFZ{NoM z=60@GO`f!weMS~@#_72Z?jG^-l0k=5Z}yl5HNXBmmyVMzMYv#yHE+4M?zGH<`HkTC z?@lBTe4S-n;D*vrU66;7c@s+fih;Ba>*c~i=V;2Z^i!AYl8Jejbk+HaWHU%_!$a8j zlKhmpZF`j3;pb>8_5h?7i8BvmVSF{7Bd25RtA&b9W>^fg@F*P5RAz{*f(FPwvnw$? z^ld~D{fO3qzo*vaS5adtmnVKkWwD=*4(;Uh`@D0=(5!TX<4^#na49cEL3 z>d6UC-bS4<@W@47&%_I8qOOSvhvaRdWl*d8^m91`1;0j;Jc}ixNug!FKAYV_tx%AK z;g0s^>WQ0A+XY#ecN3h3ZD&63U657tkVb{z&Sh?omxf9iQnZ*2R6yQqYFm*qU^~!$ z$$~I^D1&${A9?p(`^1&k>Ei0Z|LC)&3iuycYYtyQ{EzbGBt;%QGa5``d3Hv@k2nY6 zc5J9?<}z*kRw+Z1N+l1tod=7;(|a=u!0pUDh{b=I|73l-p3&q-QwraTxVGo9!Bag4 z{zniqA!xx*VM^Zv>7|5~;Ys_)+!wM*m(9$Z6ifJ$TiqZQf`pL}tJn{#6o<-~3~jpA zDP3&=PPrwx>qz8Au!)dym~=uhnZP-@*31e6_UT~dGlF=KokK?Z-NsW%H@0Hb5}aj<;P5I;9z0C&(hEuRhsp5iW7z-4-Abc z1uhV1nkL}awui?=`Ho$bJ?o+&49OWV#-2fG_oq3v3Fw5W*+RgN3r|{8-CZVvcPi(M zFD1{{E0}6xj`Z8>a|{FB!VnarX`yv~xyQT&p>*}QMVz)8dTW%3|JDJv)2A~vm)1|pmpJ#iX9}?6(FwL94A6w|cdss=tr)P@gC^9?b z*LpR1e%)a(%Fjjl;uq61WOVqHDORNx7M52;PFr~Z(xCFy! zp-o3iYe!P!aeoy$(PRbcs5pzEV)r@H_L|_45Mrr7E2B0zVe9anJ{^EMRPzp2=#-fn zBU@BSepUomNub=32ca5{$fol%Qk9}SqWqnob3Y>E>AorE>Qx)&f4Te4*ci$R=4;bI zgf#DQ(8}j*0)w2A*bw_8U+`7Arf1segyZKVhzrT_XlYx)WcOUk5u>J(=YHEm%2HFx zYI;gDH(`z>;L6-R^{vf&6s{*x&j{`P9SMi$9XYh8BL8tnu=?b5h0Q?HRfNif4cMCvDI}x}Z?8F1iKz&Z^MbF3#a2 zAzz?E$ibJFvim1|bM!O&^Tv`VN7?p2pRWI?amAmvrf3|c4F0_NzwwvBf(a#H;=O+- zhJzHfKHu?|_)+I^tImarq_$A+zn=&z-BUl zz44vi+C0L?Cg~H0CC#9N<|inTu1(oIgvi(XTX$^Y63(E51u?2ObMbT9)U;s|0rjHm zeCa=8!s6KypFGvFesf7^%w)luMgvkCbJAt`tyVd6=NkRa{Yv)Ed-LQ+61I6!013&j zRG!TCpFpf{MCyxrJzK8BiH@&nbE^C;U4!e^3p3bu^2A-9*65wJyTt)A<=dSaPmEL$$o%ieI}l zWwMHi?q>wA%p-*620RfwU%Qa)MT~MX{b3PruM{I`x)8swU++F;Ws;9MA+44#-gyr} zP_Sb^{8B@^4nYr_Ny}a3Qih{wpAFgEow}+QD11x~>RjIK-DggjMO3y_qzd}*#x}8s z0{CdQC=pQ`vr%CvGgyl%{or`kr=W2?1oF-0w~sUef)uU?#~N3r91MZ9I(CBCgbka_Z8_`L?XNCkh?IM;d#<<}h<_dXXTQxT~I-^Qy)RpWEQD;o5F=3xZO_a-Gon%!j!T(d%=JBHTW04SFD5ycvS_g_9h^);AIoY}pEhldc0b5YI z;c0AcuJZJy0-eU!pFYjOzXIIkAh~!`DNG0PMvew_uEyEfd4GE??TugD99aObB_y$? zh@Ux>wV41}n@YQJ-kg?Xy%sU^CDFcmc*rY|DpXd5^!M}stO#W8q2hRiWivOJsCF^* zBR2N4&A6A3sbXk_UcC^}ngm^&wznk3$SZAbGnvbMqgfuW>+ooJxo2XgJ|iXN7$~jy zz2lcmT{ZWAxCKQUl-srnIPp-S^76O?so6R{GCU8*MU!_~NqWkDSe&QeR)Xpg4APdE z-;$NBhm0JodtPkVE_6Tj9-ol`l_Ri}^78j@*xeYWTP7wWdkGDCZXTWw zGE?NbpCPdvwM}?oUn4U+##a)-8NV$;AM?$k`8!jOwC3H{koLCg8k|vyK)tp@N5Xw= z=X2Xn_Bs}D2#tTKHO%_nj4Z$*?!I=ORoE4M1@B=ti6ri+WOsUYr43|bzLg0~xKQ%<)!rwB7@2rT22^{`ci z3u-!DKF>8r8ukWMeBiCcWtj;;?3X5oS#g#DtT6{82VLE6iXrOWYd$wr`kvf`O#vdg zk#7l7*^uU;X~Wt`NlB^dyqJt}D5V22?B}ajjlW}oln#8UZ=0TH>wFzqyZWPXlmW?4 zlVhS2X1?LN?4yBIu1wLwcu3v@1voOk&%G|MTMmxgSI!DlMIxL5_Om*Tcr!VS}` zVia{eh26k-=_lusU8lnu#t7csTqvNv>baQUIOkDRG=6C?WLvOAB|V1#FfkU6rE8Vv z2;icvO%!5}Gwt^&u|_-liSlL2o_}6JJ`Y~L)|?cS;@G~GTQ_2@W-*Sy?ohS+{jPd{ zCACa+Q_3?ZPS}aXEIp)p^wf^XigyUfI$ZqN$bWwR)f|@%vHb9q*!OO2i&XInCO#u$i<{- zNUhoMrprzZDEgOn%=mJ4d>G)F7QwGq5MsMBDgNqLZ`#=7Rr{HM<7jA*nU{>Kvijyj zEfY!owv}$eWHZW`8)v#G&65A*nxn_(m1`&AX`W&6cUSuv!PRZn>VPMdZVo@17R$99 zjK8k;>1(WQrY^J)dTg{g^kqbqUU^jO<=WRF5ztY*G9iPF*%G$G4J*hUmN|#b-~*^R zA_2Kt^7gW>2HM+(G0~vX+rpL5DM9o$w3#|W%rM?T|KvDK{^OOUrlg=bRzDe)M^O+G z|Fr)3?QU^86ojBja*~cLS%oxZC+Y5n%g6Zm_yESMHTn6mXCL#)Gr*pluye=v@w^wisqcXQ+<4JQH35bZv|UWj3R3V)uxHFr3Bjy@o5j}SS=P2Lf@|H zs^b|bH!z#hFLf808?;Fmjqjd&!17oBd~eq>HwPaM`8PAiSbce|V%BDyhCfRf2s78? zJ7KKNzq4JdKYfHDAFA1Yt??Y`Q^1vktb8c1wA;?otH>^Hzu|2+n>q!x?wY!fDw}(? zrO5w71;^ZA-y$&6=_FE0=*K+Ul-gA)_bF^wStHADzIAA~UgXP(A&v~)5Xbyo@6)0G{x=vcIxhY#E&X6RPpD@+PcidB*(i@s#NH<5; zV$oGOF*tS2cN?j^q5_if0zd4p<85t2-Gsq;`Lf1{7_ZOif;h#Ie!=4zGNhv)%^CW` zPBb)IZ`w@wFlnLA!VC9cyzrepR+JgJE|ZrPR2Esj^ay)>v2}j+ogoH~QvO$Hxq@v- zQLi6m3W>=8#CZ5nEisgvyGkvPJHSI3(c54Ndwh7LI1&Xcy;G*ZN$!MhAFru>J<*HA zg|kCBOiwN!sOZ=sDmss34$YGmUkH_Ko!@4w=NQ~WC<5Mda=}{Z$cJah{@FNHtVJ2j z9iOagnU9aC_DPv)@I+b;qoLKzgcdw~)V3K18Yv7eR_Lyw`|Ib~OzdvcKG|$#MoSUO zRW?Z;v~}jTW2@QS+dq~@ozNl3VM!QPOiR%+4#-3m-vTQF_D~~WPY*Hq<9N~ru~H34 zti7NRx={k}=A?*SPzF|VVFo3pR&Rnp#`GZR0vRyMP@?*5w6R5CP-Hjt9&~idaR)a` zxPR;DT+pmw|3gRT$&M+4Y4{ny20BmfX(@E9uGxwKr=f?hbvE*B zPJs8WE4#-7F)@r21^GC!+A;{$TOC`O1kLAAcY5+qYlMKFJ#4%U!w73^h_6Nq<7}z{aPB8sD~e);3os zJ3u(c=hdqN;hZKA&LQHL6aU=Ue7&tPI%oE2EJ?M0VqpP$w`J+j<{Wcn&@MFit3SoC z*Cw?@SUGW(B$0%53=Y1QG-deRs81;5cr3|-reCDWwx96|n)12HCwlxVUNlyC05D?} z)4(vh+wpazV^>4x{HOWripD`7o_=N3^q)7CJ)~Y3;6!k}@JyDf*@pK>o<2!?A0P}0 z{RbHAR2^ugb(-?E9 z>-&@hA+n$MZSxK;YOh&=n|{oWIt;gaD6lmU@}=ad6|&`^R(6+c(PTuBcFA_K%iEbA z<>0uw8PVr&mn0+HPE;(V^X03Vq`^+t<6k}phDlvtpJ9fqmz{4I)6=D>*mqQ`;$!lA zxy}QJMv?jsCH>RmlN2IK8B`_%kA(FnGRaHL3h;EFvQ(riPE(hdXDc~ZXWoNmYcLKG z{p>EfmcfmMe7q7}Ayne?NU7>pW1r8Za}NI)h;dn5gl%+-uJYYnnpjKEccM1&a@6~I z!9B4@7E2c2`|3N5Lzq$1l@`apJNU# zR+#PYg~*6@UYfAf<=<@%xej~bWe+IGr#sD6KqI%v!tA4<=cp!;JBI`9%db#}Hi_)A zNYV2%x+dl%du8SOU>E3MR_pmx{{txIvO+3XB)&5J<}J0>1+vO*MiP=8kB}r`zSCOH zYl&?4r%6Hbb3Td#gw9W<`^Hhf}!-I^#$6Zj@ZCM~!=sA1)7tUq$@OKfI;PDBx zO;QGn$>{p0SVmLvzI;ovXuG8RJM3t1`D1~$#0uUsR(AHDD3AErtYe%1n29ko6aywE zx~zjHcScMkx~vZqa*T6asiIr5)qrBG4M*2PriVoKfm~gS_1^2h%xO6B14|>03~5;r zl}52}R;SGI^z_65F9ItItpe?>CgxXsX&;K?t95A#XWoON{24cL$*}%BesC8fw!x)G zT{vg3gf0_Sa5v0A602a9qO>t9k`jO0;Jm7$jZC0@SIPKV<5^<;9FjGP(woYyZ2x=M z3rY4rz+Mo?r2iuJqI)?Z@Q`{DSJYH|?0R6CG*}z5i(%M&cjCY@Nf0cPfJJgp5Ro=vyF7Y;U^PX`F%Sk!L8JsFVXW-E=DzMjYky7nfHz%Jd)8BTy z`WHL;zXD(;{xbju-{b@%Z0TxyIY8GXz zCvN2tL1Cop-Z&9aIZo0!P8%l3$5Jv`#Gygm0r@i2)11-8M3T%<13$nm3FrvWTo!|J z8RC|tF0$-7+#5Z7MKvV5>E^=AiMS;|8xQ1ezCQ2a344DacjKMPY841_HwbR!$Xh(D zc3C1R|ocDi@EuB2#nVHvH)X9XUgWQyv3UWU%K>#Xb!0#2QVGwYM{X(=h!LF1@| zJZM;HdM^g5RnEJQV3MZPLgk*d5#R8CorqzS_=AXfBdVg9bf@Fv@EMGt;@1#L$jHb< zV5xh%a_HyqdRJv58Ma0FY3AUB_;?J(n8?c^AMz4OO?emPt_Tq2K|$sPvg19(NzWdu z|74htgRlC&RZb1VYNX0-`rF(iD9kPQjOz?n>~g--z8ADV$diy|R>~%>V_{)Y1qMlR zUat+?@a;~r<4Y54g+_1=T1oP3np`bjc=M!V=uyxxBeyzhgOk4?9yH~blW5;0^4f?+ z?+lt`3!H>@T~BmlBP}#q?N-F#a4VM*PCj%-N||`*?ajMWkyL)9-sXidO(AlMxBv_E zZ6FKyvE#|DVaIU~(%S=ln?eppih(?PiMrSWeH*Egfuaxf#wG7ZgXFpsfPQkl>K zKsi&xvC16BI4^v`>1W^lw8s@N=PE;=7+zqw7h52{wl7;SptQnz#2Lw+`g_TAck!G6 z?VD^5f;Jzsu;PL54r}fYKPUnDg>2%MPBdl_yKCJ=(7qz>@h^K=M39TIcGMjSiqXQ3 z!5NMTh_($4xFh|FJvnWEDm@ASkAf1aA5yw zk(3n-7D@9V!ThbGcl{$MZrr#5rIyXYx_v!@?go7Oz>12&WG=Vk|sG5@xe zUu=m>NF$g6u1FO*_)sb-Ss=Q$lV=p;V>h^>k$$} z4-Nhw7b;%E|9rL<`v98(k(&F?z=FvUS0sgtdP z{GY%v&WS6aVPk^&dpKsCh;eka=ju~W6GHtD4Ym0GGbdS`a6jWeS)7v|tlTTzsqCLr=hXc!pP2sjz%#X40YC=93Au~gN!yU#7#cE81Y3~y)~;WYvMQj z;5CJiDp@l$5zaR~)B`zqQy0`Z4;uXK#CZ|NhO>ZW<1`wxG6jr_-SF;$k|{c7x)Q@gt);A_y$~(*Pz1E1 z;ZnLeIKsf0ViZE5J81)L`H(OqlTh#FR@ms%7+j2NDw;9gMae++&#SFBp*^6ib+Mo; z_(*ix>223aBLO%z()bm*+BA}u?E@7^)eW6xTdkebPLe|YK&+6LrLWKCF>9Kc*^JG>%-?ktnoP5eyRiA$Tp|t_q&V>_pH92l|e#V|DeQ-ru zy9n2^3D5TcW2uXN0d0&>O^2&G9$s=Hqt5Sy4cgbT1seNvWJ$MOD1D#&Xtqv48CI60 zcK$4W-Jg3SrxKcfBVYH%MNw(r8QFfl*=DpWG9HFmh(ZCa&bd7qB{wz*s4(o#&GPz#PiIDz_38ix|Mxt~^&<9SEKExDBz;AS2SwIRX z+;19(rbsN$=&bkGY{3-C8j-C5vcYF$rVQ0zeN3e`&K!svqY zi5-JJQ2`exl!x=ktecqeqF)r&`vN^Wkk4(BvTkZ8w3#t$40R^wnWdPGGm!2^%sa`_ zYy_U{@qhvNPhqBFkSc;Y*yPKKYm$vi666hC>GCn8uUj$K%8Qv*vmfz6wE03;Is~wl z&m>{=x$V6i28;Go1YGJZZLRfxjwRrMl6?&jF4kcsoluo{?MbVB4a6pu?oSRc5%q?0B~`&oM_W=wz(Sn*>L@VeTf#;leXv} zwzT%QyN)hL>K~M509m@BDN>308j&!c6 z%!QQf1D2zrVhLRM&=oEv7`J>{KyH_wPegnc7fp6z*Fxk(!D*}(LtN68SO}58T03aq zM5kU+*lda=DdY8f5M8+q%muH=L~iJP*-nB>>Q{LYA>ei3QYOykKTV>J>$cIE53;FWycl>B#G_o04_9io>Ar9xV|)gq{Q8n#%E0a}O<}DIf(JM`Y)tl? z{R4QI#^Rs0)uKr}5Tj{zVmK6|IjB~E7|m5oxTajB+*pmPVLLw%qoIMbrB-f>wZh4k z7!jihG%`C2oW^Lm{ixsYOALdB^@Xd@f^uaa`Bsaql&5SyKBhcAECwy#*p0@C#kp28)0tn#xhg6)eZe)! z4U@LrX`}A7;h&lqok{897h+$sR}EI2aLpM`*j$2+9)HR+TowwN#X5D2J1Hln7D$mC|SS1 z(BMu+gj6}gQg|JHx!gSRzKK8&{Kr54?^8DaKaTR(3jQC5qpWC-!hp)}wm0x(oyh}H z0DS}NlBdx&cD?79{*%i%>;kXgK+OU`+hJZ7tK_OdL%5e$Nx`c56ca0JUAH?1I4|Yh z6Ohoj_k74r4K3WT0vjz4h}Iw7EY|q~pZ?NXr#G}kdL`;bZHU*BL&C8C_{OVJ^Fj{d z7iUns8knqk@52 zLE;7B#S=)U22Sg)d;Nj@-BCAy$p#qu+;2sh{8%)QHxmZI*n|uW^1NL8weZ+XQa6ep zTS!k~7SnN;>9QfKa#DfuDwzEMbo1UH6^9kNUDh`73;+%#u?3A-Etu7$&xQYq>3nIRLZ`R{lFHNi0mR;d* zMHFT1mfs_aGM6vE?KuccO zL^JhOD-?w89TfW)p=xf`v~b#O{wfj&Y6LZ&oVcSe*~7sK%_5^Oj~yYtN6>==Ef1uc z4MSujP_;oD3GVSg8d}TwL`Vw{iA12?*2k_GqGE_TtnTkAV0Id|&DL!ZB2mdZQ zm&p}|_+9BXzJ*2ee<`VwzV^RKswA8?+;Lyag;p=jdRmRW1@H!PVX(G4v9R#{kf zS%{%lB3?>pXdo?HO3IUTbpEJ?N|B!oY;1&3NY*zrybGQ`Uzm&n`IO5?FRU+756Ms{ z?9#nyGw^QCgX{54*?V%Q`m)%juPixNHz56N)*cX9@ptAm)90Gw*E5y)k;mheRgYAP zfh0TT!aeyFg|^j3z^-k^(I|}nS=*W4@Jv*RA-^2q@)eJE9l;Yb{W<|0Qr~-;gR9* z0K|UQ{d5?Cn*UrR1_G%1n_OGR+7u*$Xh5t$Eeiu@E`*v*baY(|CUq%T3gH1Y+J~T< zhHx%0{xF{Ne6!Y7)KL#~bVf#B(td)7RM)JV&Sf9>ur>>?G!HV>9ljQ zT%s4GB?>Mpl5l#JB5ib7SzVjy0hYHbz<;3vMF``CK&2Qe@)LAD=}=NjL`70^tsb}X zpJfd3ZcBjqD>SWuaN|uDr7~d(1Tv{(l^d<-oaktI6l7dQ_WlCrw_s?FLqqF10>F2p zyTTX_RAs;RcXzXNI_J{?s$X(v;}A!7g+c))0+K;X9s0URajd9_2d{;IRwKgrZ$@vg z%|+$W&jb`P7qs=>m<+o{4RsZSU|MyaG(eapc#_{E3kY{ObR(_YL)k$pqhq~xrp_WE zUCOYYQWSijY!}clyB-w@&j#<41J?smTC6&@tI~`9s<|2^IHgEUV)JDNZ#gmfle_ zkrznLoAKehPyqfyP^8n0k~18xnPYdHkj^qcRcpuCs+%xZGlEnu3>xAO8?|{j;`$$S;#+k^qe31zOq=uCmn&T0 zw=R|3eOY}iwE-K)>1GGDgLULSfN}m9E~|qR@h!ci3>k43OMv{ zain`(nD$HSpgwM6e1f}sBM0I3YQ2cja}&I^b0JlVIDr#>I6a9yv(lq8Ta*nlPE5?G zJB6}q<4sVT<4g$ow@?(te*;B{WxQ(I0Ec!BXJi}*GKC5g7S$|qaXxAN1{7CwQumEc zUhY^khjVY=zTL^8p;VAQU3lY`Tz<=SUAz1lim3mmx$_RE^5OruhLIHt$*8ChvR7n} zgbEF^Dl2=Bl0%YFW>!(wiJ~~kp2wCE(lK&6W+=1BJjV06Q$0P`^L&5T^<3BUy{?}> zIb8R-o%_B&pZDkWet!&Ycs~|?W_33Pks8>Oy3G+kUC#w_`8?@3=NI|wuD=bp*sFC=sRWn|qA;vWzebO>=- zKN!ZG{g zAj4TVV`#XBATOfbl#lSz+b2Mr7CxQ3d&V>ns3hmWjU8Z#al0+DFn~H_>I>Ix-C5XG zr~3uTm~o>tO60CCu;zrE1!%2?AXf@FetP6C0c^#qx;j>}Llg*vC>I;i>~Doo`R6O= z^}chg7<84zk)cXhmntH*EcgF;m3X^;?HJM9SK zK9JMqEA5C(BJnB$>nKJ8)XkOEe@x<>A(vq>G^k?g4!?r_M|g zyyAFvcsTCaC+EP~a(~RrwB9o%5HmAp6i8g(q`$aJ34H^JnQ=wjdqDf#cI`JrDF*gQ zr<`O0`<~Dn74Go69%XR52N8~E*BJm{$SPl{dm43>aQFY%>SUD@-7_=K z+UYdksX>q!^xh3hm37BR=T`p4EmMl1LLV440`{W=j023__aUbk(1yHAEbNn4{Mnfw zN^#dPPWa$ky+@Iu!`zePv=6Qo4jE8y+b_q@0( zd?&1G0^ExMVV#l9PRH57n$rLY4n>vS%oInr*9J5@9&MV^g#$RDr$T~jXqemTr34b;u};TWfGM*YG^U~ z1Fkd!kT=9Ycu3QaiIMS3^OU80JWUya!zGC<8nn@*sFM~SJ}4aVKcEQ#i7&@J%D&+* zq4IGvxz~Bd27DvWq7HrD*97#jif}H+Y_CR`h~NbPg~S_I=z&O|2iu1>hNOSzO#cgj> zbe7G>SX;lWA06(YyQ--GoR$m03C}dIDC1k-dpFOR$IR@T#S`7}jFQ4YSi81aFnEW7kfHb2@I)qPNLdHX{+?fjd9Vzl& zRfw?lnayT9k2F^oxP&KGNVtn@XlT6pa1GJ|#gI^nrlzJhKD^AdLA8Rxr(-6lxocx7 zP@Qq}MDUV^1nk_j3xiMhJw)S=XVpu+@AUwV_s33FPSkZ26Z|lzQ>s$Km42(Br=>b#UKH+Nt zL&amC#tw>#Dl@N?7#?F%?Qh2Ptj93%NRVcQZ!x`@=0Zf#pi7r^j}oUw-W^@qT< zirOY?nK@tAD!unQhYe|Bi@TM4%r?*JJ`q=T;Zid41i{O<$CBU*y1AsWVnY8i8+85R zFLJw(63)^tA5Qj20TpUnz|Un%A&ou0315CJTarxUu-(Z!%`#O?k=nNFLW=#ai2@~J zCA*y*ffk*6JQHcU}&g2@cE z85VUpzo|~w<+~I9t#fJ#z}Kg!pM5do_$U}sqY{}pr)aU*Fqm?#5O7>_K|!78d=}Md zVs`vtxZq(!Fd?vT83Z2JueuE2p_)NtX)~cAEg+Sr`X~n{S2&NhzPF7e47VuuU1tae z$JO`tkNhpW@9APJgI!+rsi!bF8Efbn7x0_Gs-*$Ltej)MUZ2H)_=a;E&)vJwHC1B{G}*RNkc$Bdp!JWbey31|n#lpmb(myW;4au8rmjEQ+_ z@E%K@k)SaZf!*9ON+MH22mJq_*MKVoL=Ln^}ptkmX2%E#;0UtG++Xr^W>DLS)|Y!37FfRxIx|;?pEZi7lwD!sO3w3sSfSI zZK2aOh@nSXZ8>(7Dt)UF#C|JhuWm+@_4x|71Y(B9o0uvtOGm86Ar!?tX zvVWHX^Bb?I3KVEPKar!R^j7f@Zh=Q%Mp!vHGCh9BTkF_& z?uR?X_xTOv(y^2TD2(4JUIa*oT#Mrp{dX^DEsR5k3MnaRpPs}^dK>jczati&NDl4i zbBq_iQGWdX<43l7m(V|VC}qgqgHH?WPy#KI#1wWYEf*K3e0Y_VAWn7h#f3Oh?SE3% z?vqHW89ez?SUR!XdAMEjVYcw|v@ulrif7b~cI16lH(+tMFV5Vf+Z8d*t|b-l1~q?RF> zv+CUxTNlIM!kC02Y-sl4b=MiWu?IpX@jb)y}-+-Vjh8rK&+@q|=APp^?^yW}mn^@1qrje^+ zOLZULg@1lUfo%`Ve_7ZgiD)PiPJQ3X6t zm*-vxS`g7{VRg^cBUUYJ->>2a`nzHWjOKc2os z6wO7JZKgOO5T$$FYn{OCtD3CS&IL3GnV{|Z&n44~9nFjl1lvxueUC5kZf0k)+Q=g*SN4g@K1|LranMc|?V_d}K~9JC zmKz-#S)L*HZ#+e5a5&(R9u7w4?nDRH6RK^B;Ot4Olz;;VQFfU5Ggtny$To=^$B~Ul zZIi4&HXZ2uXnXYK_TJR6YRvoUbKy>U!CB)Zk%K0 z#!eM8^a>alLUEn;Ef#Sr6zn$Gc4Bz-$3~Fo-@fVfW@ub7_%K!g>d13R;y3DjDPEkWi~(@K}* zv?^f^1SBv$p{>?BJOsk<{nK1^&epqA`-{TH(pOEaAykokAhse5IZ8OyQsWhOXXOVn zh-@h{zEb1otO`Me2f&Z2CGPm0meB`CL{u$Pw|u4hEsOsmT*dt_!&QWM56RJkk2DH) zA_0czC#dfL=riIh9&{-=_bQuYye+wLZOTp|x@!vJgRl~9NhkSswBKARoGe6JvQbHp z)x_}XA*uHM_N2g`>=W@4a&dKWCyJxiyh><<+tM&u;Pm0}s>+l1X}G(OJ!`t?{E z%rUN7J_l&G*G_m&-}V5f0xikoHsUC1uN@ynLKp4PhITvoE-gD;K?p-i7O!4L)wD;8 zGInD9;v5(P3|NiX!3 zpDisL^zB8eW3OovZ_A;Ru;{9|LWlrUW@b}VSqg_zX!zM0(?Dfe@VMi{6V2kV%xEg? zt4W1Z7k@B8#__FRK8c}RJ=n3>@hOB1^1LMXGTAbT|q6*FGmcl z3%K4}VU|o{Rp$ znEd=h1*X4W`{(cd{^k<(A5O^MZ(OJBkM#k+ze``h_qV&V~rFk^L?|8k?y-}tuv7bk3W Z^JILS@)3m(x+L(Wp?XFoN9l_HKLA8{C%*sy literal 0 HcmV?d00001 diff --git a/Workbooks/Images/Preview/GDPRComplianceAndDataSecurityWhite.png b/Workbooks/Images/Preview/GDPRComplianceAndDataSecurityWhite.png new file mode 100644 index 0000000000000000000000000000000000000000..700478a4796680c928b2504169a1b554618290a3 GIT binary patch literal 250167 zcmd?RcT`hZ7e0)y<1nb`C@2B~qf(?xZvqMmgx(S$v{8C!(jk;sK{|xqMS4P!5_(`1 z>AeJ`1f-Wxq=a66C-ath=l%Qp)^DxvW32$W+}wN4+57DMJkQ>jU~Nrh+KWsVsi>%E zAu3OFsiH8zvQ1#e|>4cq!+&V*IUYOQB%>kssDE9{tK0e^M5-+FUj8e z_X}OTjh_A6DO4A(w7dN6$jg5O%}M_4$fH+^uDAbo#74-&$m zQY(}{9IzP_c9{89yf#}k`HXQOZKiBpjnJ9O&4IQQe1e*q-LMxX&1xjzrhk9WUZ6ay zi^Tap9lcp5B;M^cyk2*wk++{|q^_)#r`PV`X@2Sb!7B~sQ--nF8Fgz%NqUS%kfJ-! z16A~#PV-|TQ@m~oXO2FVc+qVaUQV;|h^e8^ZdG$$VsINlWi_-(2R+o3ff|>;mL1`t zmj8*Lm;SGXeu0`#nUkDS>t{M`HmZSs8c|E*wN22f4j4r#TKGa?8M!%O-LL8fypMHo z1+&>0tI(A?(~+U9=yFUvH^Lzvb7|yx#pa9rbO${cLviy`#^7{K`Y|27tMTJIRXDPD zV#BzHhUz^jr>0EpZc_$!y?P^OT6dj1BuCN8_D8RgpI1Je@rSQLA!yN!JvGD(Or7o! z3KqfOb<=Z#MP;P=rnM}gxX^4Pu8MAsDN-Keg6Ab=cI>ubL{Av#i=;@eUH#8g1m<9= zN_?AxsDzK?Pc}5Tz590{V?I3UGMa$}7R2kxvemUA^qiTz{F~OxSeDQ5T5^a}^Vd#n zauyRzFt--U!VXdHRbKIal&xtJraQ0enLIJ|lpnz$(LnpxQc;a^nzOg2T?rWoHQz6& z#uo+nmPcIV@SNHv7TX^lme?QqzpisZQ=>=uiY7fYrgbwowme|!^h)@f}R-{Hbw%*2$jwf7e9k$aM5bbrvBB8$mLXbgi&)*<_r=Oz8M%CZOX?n|U^~BKH1p|$9lkQHI_Y_$2EEDDslNtq zB{iut0fEpx`N$+IY5O3Pqm@62TI3vEJ}#@1Wll{=>;uY{XZiUPH9 zxKf?e_QKJ|pLo6>I%4g%VzxgE@tCNr5VK%pkFvCrYgwx z$?hmhT)_=>b)fDIrr=q4*9I30UKKG}F1FJ>HBvEen_ntzP$YlrBiGG+3~*TZh|2(2 zpo$Ikx4UV5(*nm2z{u899Lc@9bmdjmSr`AwuJe02zuelN zEABf&y$*F_15xWX(D>}4x|m#9GpJgX8DUDU(BQ9q^=P-Vyxk@5A9MlQ&e}ws?ewC| zFO}kyP>@0EHrOC?ZAFe0dnGlzFZP^33uNQXBY)Za=$}h2R~**08>5)Vi1OjBY#Q4H z%P%@70lz)jkT=!vFxA~fzNL;FEMy z;qHcgOI3UMmGrute%>BR@J{~L7?M-(Q#5nvo}bciw3sY6j;=!bA1}IBr=RSHjn#XY zq~&G|EzO@^yx5MC#U{;kBP+}x7A_ZYJkm?6^R^Z)0>bGjuB}^Z24dBYMpz3CYcfJt zmB=J*Ke_Q(b(Q`m+7nMu(O{C$jd_f9M>P;lCOrQEvwJc7wpYT(M)%o_2Xt0x*zvE8 z_MLUUeXg30;U0O0ApkK4??T^7_=?43G1c8nVCQGi(YuklhSo?b{Uh$p^?(Adpv=brF#;<Sr+i#ZU#L)DVI8Pjqf_<56V$ft{j<+g zUuER_%cWoXq8HJ#AeRhe;+^oTq{Jr41lMGYTj&qc#`UHPHB#zTlPb!^Oj zR{1;*u4N!5uBvrI7JnFZrOVcyo5nXW8N2#b0FiI z6QZ#BeDCs|&D_qF!HU@A5mlA2?yz`VC{}Aw7hbfrdQ`-x8 znfzpFWSl;L5IgN>H60+^TA%p!OF|kL06d^Rb}9()KrX7UH!Jflfmc3WnWj^U8_N@0 zp|_{hBkg%-z%UN->hN$d9HZB2no>ET=sMj4K@51KJsCUQ63-af3gYb>R6^8LlQ+r> zg2*0(5(|%Yoc{I4=X;h@C+4S<>mO(@_NaIujBfnnKel;P*{0X-0tt4}m8uM!3mdzXAi<;-X`4|>s&G&oUq~TJQ z)1~#DEp&EwnBt*hh3HxLQOd2v7zYOj%b3K>icM{mke`|=%$TndO=qT0UM#rA<^(nS z_74?RYhIXa7LN(vJq#qly;IG)p7fe23Ch7A8#uKfrjmZKfEG)B_fk8Ne^|udssP11 z=zz4Vuks{S+9$3r_7ykXtlZgb$U;eDc0jl4GLAK_!qbF>YzObC)e-pSd7Rs&8!|b3 z@kUucmdI-t>HM~MA`GhC=Ga-PjDG%nmJGn^>7@=e#Te^V&r~D2M*MG87oQRq?r>R< z&#yK2+|aFG4>W+b*2xe5;F=7q5sM?tWKZ zsSMC(l5P7d?NV`}!-*s5e@)?`k%JOspGc>ex#j#7BXUWl@ud%+|*erlC*G%7$Y%faym8Z z7w8YuJ?D+%`Pfq2T(Q?BdwC==+`%E+SctPGu4?3mGTrsyNfvz#J+=~zLg3eG06}+} z*$hO9b(ogDqK|SKY6V-Sg>R1TNb+eCI_Nb@yU_ZwoBMtoqA=1aZU2wn6VYQgd18c! z{mw-c?b(Eu+wcWOuFmo=S?ZKz158Hvc&C^rb}XnN5*D8(b2%E>n4Ibs|>G=~dE zi?0yqNnI}lMAEUkG47{hNjoP*pT>$_Uz){QgAp~jJkRKXz_Rbjc-ifEJK-_8>p>|R z<#NmATm)nC%al(K?b6-O!|XPZUf~D76=j-_ugv$akL}of@%_2@b~dN~;&O$bXruFt zG!4ZTzILZ}%R67p5ChfGn;QSwcvRoh=Yr>|DR6QCEfefg*^a)7zCL>eK+pD2sn}a1 zUg;(=v~1E_UH7}?9UT(cpS>qcDb-Ce7JHCIT9gh9tpjD;;*?pICu-*8KOETxOt}nD zLr6lI)Jb#lUDU<5EoJGAXC62VL#XAFr@Y=E*>OgFrg;nzYSD91L`)n%24tT`tby4Q z;Xz&CHGciJ76ht`cCn;6-;=}F!X=kbY*_+;Vatq3|2JIXO}PzBQL8gzVC7OlfR=T+ z=+WXM|Gi$1ZYF&VeDYj?mWvX!gT6nBxBp_OFeBFex6*`a)tuFx=ZhB)XP!zx2JCrz zxB=Wek^4+6E1C1Cn(bo39j7WdH!r8?;GlQ%f+}diYWYj#x0XO!`=`Vf!pJV7VtEX^ z1I)>8Hv6P>W->y6qm6)F$hR3!82nap3_#WxjqAIMquI6cmaESGWqry-X|Bs|leunQ zX=c@uof)|9u(#WxL#Cl1J-vEUKBT0o{wpcx04Jv^WNDiWvA8Lhd{(gYtZYy1tbPQx z!TK=!sVoOsJ#nh4mk5!O!M`Y-Pd#)xQg>hjn{*%N#$-`&rb6V~h~G)aS7f@C9S&~q zCGzT3%mTrF$zF;TY+uroxiHbcnDG=E&Wt}cnA2+W1eiOsUOxM1&6 z%!d#Yd&bUer%N!BU1#KiBYFMx`oJM=Fys=76!WfZ-Q~{>pf^_0EWMdE{yLle0%T1Y zp`JE`{8_;js>;wG*Jo(q5^s7nQm@%z>D9W~L`Z}|>Bq{J8FgOR5Nuj!6WD$5qo+%^ zPi1Z8?Ye@hhN~*kzf!mrgXGp|Y}gZGY+;6Y`q0?SpxgLsa`l}zg6 zEt>xr>ybbwVXhi=a#uL+)?V|As#UeHnDw0>@jLLe9YqfXK|6?S-}fsdv+1zw!zp53 zKDT62+{oH2X@fOXkaLUfJ;D`ZX(Lz??O^t<++I?6ciP&Iu6f%N5<~Pf$vWHPD!gWV z1g_BQ71TQ=eA8yM2HTH;ZVFt7l|@_hD;zF1z5qxk#82=kGj`B@8XgAQsLdswy~9@f z7qhPD+Af+Yuswuoq+AJFS`!)6l5BWSnBM#a`H~2e8N6~EvsW_V_jt9MQeKsOBa%dq-g1oF<<-qvyo9gqD-&;nUvxqTb zs*=T=v|@HX_(~z8l%br}Wf9z@YdjTtcU5ha*R*Fr0c(le;^@>#r>P8}%H#r7e0JVC61zM`D_;Mp#Pq z;p^RlKvGO*vDZk-;`bUi#yx@mQatx` ziaA>S&w9n0zqXM4UW8panu72NbL`%#>f|!XxZ)9G09D2=yDD_B+FVCBvg$hqMncov zuhXIf(|n~ywJQo}CTbt&k#@9OF=$L}hZu8EL#JlDZv?O9Js+ss5QAWC&SCO_CGM>q zS|ej@N~%cto{iK^?(8_3*Wu8lN>}AiA!DQY#!VBX&kikG3a5J0#`s!Hz%_^+iwwfGS-%S7C0BE4%QkPkDtr%e0Wif@oz z6GAAwUid5Gg<)ap?e&0LqepAj*^pj-xh$YCkasNv#-xghhr@hSj3>8-Hs~hiiI}iS zQ{VnAA4Du~GT0dG+&@|zm9r|-^yX0|Yq^8llci!-%&x*CqeUik<%j<9j-AbJgbq zs&OlVh*ip}uHhSmbx6XpLy{PHK{WFt!D1RQ^EM{r>8Zn2QB`P%G<=r1)1D_%fVJ{0A5Jg75>(G3wx@(_@0!I-)Ny_T1+ zgM9;L#SZbT6ki!Bj6JQ3l|V)uIgN;QA1{Aw*(uCskd7be)0`Ir)D=jbc*w|V z`A@3GQ^kABbs`50cGLHSC*(XeRb6^|k{iXO-b^lxb?vJVha-Ww;Wb0_biQH6$Eae2VH5Hj z&cOqje#p-Jx*L&Sx?Ar4`(rOhpon|3fh}W^6Z&EBw@S zO3sTb?gQY0@F5YGG>(SD)aB?7-}%DC>Y*U&)E(jl|0>?u$>^;R*j1?ln^|3^-2?TvX|hym?fmzo&3SnQJtJjI_KH&(AEmAREJL#VI56 zdzO6;*@dJEyTc-{qbIJ9%rYluJ(Z=U;~>8su8K|;)l~i69_w|Llk=rf!yDR_O;To^ z>S4$5wi#z-k3;tM3ff_&3E{7kxv-G~Jz1x>S^gLvMSkG@*~lDB+ZrTe7%=EzAq z(p*n1xpN$eU(AX!cA-FZf``jcz7@^v5C5Il*h9bXS(WP?JJuN;@w?|noUt3!a)WcqNct1`K`B7bO7)?wA=6)ZBsJG>#E&I(>uGJplCtvQf}Ze z{-Vk9Q0@M(<*?w9^HNPvrx8c?e1(>{`EUZti~uB1roI_XXYcltioIF{>{DZ7`{%vy z^MWV({Wb3=1G<_G<1lh;`}yYO1IRm7F;UL7K}1s#{H)841j0TDp#ppI%yk}>yL zS_f$~sIz@ifP8#3*P0B-uIS$A3QYFbzk)1Pl&LF+lv9V-xiJ?W^-6JF!&pd9^F^!< ztuiReq%zelbZ7r+`B+Xfq7EqnQTtWHlzNt{7?Y5iu-m@JI_P0h{-MD83!O?`6~2bL1*0r5SugGLU&g z?$7Pyfqzp1;uuyBkLE$xWaTG%0|htw%ex)@@iM02g8GX$I`Ek(e+4qC3&zFlt@t0y zMwIb{n}!yY8khRT`@Ot8KRYK0sb#&Ex5$v8^F4gL1;f|L+wP*eI%+pKt$lLn{NC>$ zS@bL^5Bv)8rgwa*CG!ntbyr5KV?*eBj)Hkw1)i)_p%j4x_5Q9im*173yYGhTAlzhx ziK-dlc6iJjMxsHk#3?vf;lOBiQ<;45qDp;l{h)oJQyM9!3-opoFw2cXnkaUS?H(=a z(g}?SHCNe(nkc}Cx|J0@mL~Wix}_iA&FSXmuhdHB8x_s07*<&}NDlwCNvXD~Odt`8 z=MsWqW>0I&o;=p!3TwV;%G-En@or6m{y(U^1fBm@MUFCvx*bH_u~ptnQtG;3QTkLc zp$eM!gxW&rzb;Dk(l0lvlziWA1IT-syi8Q>dsuJo-)Q%GKYPN58Qjr~JsU zME$LBeg9XLh^F(+g>NTkyR6$CG*^WLMyK3a{|o$4QPE#!Z=HViRQ_+p>qnoTy545x zgW$h5r`&K}mKB)ZC=*`~3C$$^t)l(mH_F{_y6K`^#A#$(lN{McF(&m1JwLJN)Jsj) z%Km*K!E=%iwY#j#XJ)(OQK21>D^)xs^&gKd^#1!as)JkYF5Vv!yTyfDxh`j|zzb`V zEGk9u^-g6%2$@`Xm1N6~zJ0%RQjPp{iK7}Y=c%_3KUm04* zANjxS5_2KB8Yvyk&CP~<5LXu$oxxm<@aDe;^slS`HnOuis^{tH39|yC1crH43`IGPks33yp{VZ5x5BxyB_VBru8E{$^uiBWBz8$jr>Fh12Li z3-F)&$!@jXV-mJ}&+0RG&4OV1zf<~uto0%yeAGdl`BM2f8|pYynazL5@bW*$Fz4$d zwi{=V@Mmtn_%TCpe}&}672eE<94;z8gcVuw^?0_Pze`>iStNfRB+Nqz{f7SL4zdAy zv#>M+7hmIU|KdQolPN2xd*xu^V}d*Ad&r7U(<23?idN|P%w`*j+mSCo2Ed=fpj2D; zW7;kGIz)|)$JJXKmj2dg@}2dk)+fLZ=MnDNrTLE}S${2{D7pk*T!kCl)CcDBK>Xax z+tC)X|L%La0JTon?Y8?m_s^MVM_F-lCfxgZuFnvB-MId zq@F3uTQSh^-Q9PhwMy%)mp3H-y+7I(pMz@nk$Ymm#SnD6C3=)z(5(z5sN7;#rj=Ov zQ|m3Re`N-3Dq=9BQU|>ai=b%AjE5A@?yL8V3!QV-5IU~5!6wu3N=JZRE=5O2GYQZ6 z;2io*xHMBAz@`|i%Z<)X_A*|-c~jJpm6e6_-fTtm*VnB05C{_HsG|4pe_@e9>T|}l zW7bZd3n#g+F6lgd^5hoQRo~Oepk|Y0k;7+RraNr)cv6H{QqquetuPj^bZHOWH|c%~ z0%noevNTj)w^_4>B$q@(Se+mVO%I-(a&)QE5-DOnp1B&5qVtt3b{UN<9>4J!7bER z{rjmO|LMMkl(cld{fHAfJbcp6A~oIni?KNh-?1;g*Q_Ofn$MN~W7s~+9ICG$TY8wz z!BO>VVyD#JkxVyV`DkI5a-{8CTLPibjt;CIHr>FKyfUiTc)S%_>J#w`4Nd=#XNqDk z9-&T7M$F^4L~MF&zp4o??{Cf`#tM@jl8`G?=g)G#Id9}u#Pf5ppHRgdQ!XVd<{dSB zvTK}sKELLG5v<0`3D=ng#}mN^3Y(>+A(7!~o6bh#-ae8yb^RO)pF6kOz0!KGenDh} zdbv$&udU8&V|b~*gy;T!l{9Ht9tH-6HDcZ3s~TlZEnRitgA+H|lG>GHTP^@5pfmmq`0`4M>qRDL9|*TLBMpN!cI@jy30OEQ=sFD z&$LW zye~n>@|9qb^ZWMg;k)`Df0{Y9^3HGSz{JADhHceTuRPb?RsKQ-r}9CXC!_VoIC=9-M>%3!Zt42Xj4+;Vbex%=L6?w+uNt@)g zJKJqEoUD8+&6+k{?`{rdAg@VGEe*_f!sc0IJclOzkHmaBjLUF19Ht4sxw+X-S&F_s zZ3}{b-1t-h@I`92`jQ*G@mR}t^x^k6S3Q<~Tsx`pNI4zFE0Y4wOxIaiTiRXUg4@fT ztco~JmFlgpd&S=o5O`*IPeMXs^xHQTyVa`EJ4F_z@Xq*{Q|Be^6X)%lf4<0j0*;eg zLDC*beS;D+LUu46{jFQJsb5vi_9>w9k!GDIuM)8JicUdd?hvm%nLb}i0A{UM--Vvv z02_<={+TU-`sr!Cazq?^O%0(UR`xwGaDhoqNW)P;_-U0-sJQci;?eFIc5mwJQFF+R zLCW-?*oKZz)HM?kz{HT?n5QB1(FS+Oh0)-6ee)<2LF*WBFXOv;f#wYKoEbKc?9>zgxlHTnJfQ;2SgxFfX85~Aj_ zInylW{X=h*X{dviGX~O`z&{vH8WDT({SnxXS^@$B@kn1^U)jyM7>rSQJi(o+Y^v0v zb?2zogU2*COzvbyguFsD23x*zXr$0ctyk_Sl_1)d0>Xu;{jP(U^Q6h?>FMG8Vn#Tn zCjXM!%uqi}y~+aGKM7;aS+%NV!EU|d*qiaB(R#T9vK;#lTX$ffmajn_*1q#@Nj6|t|HUsz%NpglD4f8EJ-VIS1C*Ja^mJq zA7kL_80{e#YfrF{Vx5eTq8mo2snCl(o{h2w-EbPnGtzL;AQ*TU0d|E|@%E@$Xw61rcZp;UT0zumVEF+V&Lp3x?NaQ0x0!VVz%2Z

    ?sP^~CK)v<**Bb-f%zeQzN&=;2babMy?eLZ&XumcZLQ(4|6^LT zaj;^ye}CUwBmE%+oCn`N*#qM1xpT;Di&pv!m*GM$y~3bYw0vES(srOS!%ml%QO1Nw5YJ)}1*$?w0VXj0A2)9taiW zdHAqvi^%SH_WASYl`&lCLQm2?NV1GggcXr-Z=BtZrSqXlId7L{e} z+M*UcP7cZX@`~0^o;+E?kCyXy5*tzSX%CYQeJv}_*!{iQ_lzJEi-8%4*$>yn3pbYA zP+W9jez;3!=;OCGEc5KeR_h@3y{x?GpEL>N_7>3s?e(S0?^Xo-Ih!9J!gaftOZDDD-ETjJ<#uDY24!6b@I!))$9EamjV`Uox*|90>-uvwjDhg6 zGSeI??XeO|C|jLsG$71=WsnKzn&kY!zdP;8;lo^ZBbY7swgH(nXuV2qb;GIUkC!X}*^${>ib!p0*8 zDhd!I0V>K@*oKW1Zwufz9%OkJvmYEC8Sk>q9ty3~wa+T;-NpN?Po6{q|4X==`%E}V z6krO<_Fxt-Ot@Y}KG#S>j&Tbm()Jff2Fs zLt!_eH`r35ZYSuc(@WHw3pIt!AogT96F{~FpcSiKWeezIb`Bd1XO>R1D)^%v9gs($_1-R&XzhPQjwvrMFD+oV>x}0|ZUu8y zIFew{eC@~QspWEire(U%E_&xtS-=Uh$hb-qG#5u#RaG%bI2D5N*mfn3xX&JXh}n(l zr^$H5r=^+ZE_eZIM9cJ0#aP@q9*f2Pe8o@w29JK9!Hk=)VQsg@vUK0F7Bsj%w2$t{#G;nw2b zoi3&p$7>J|hLK!ln+ax*`1<}@t;5Ody8!pEilx z*xO@w*T%4p9G&D(6x=F=qw6s zC;Z@n+`V^ioZ94oA?0H+Ky=i|xg24^8N=OV0Rh0K%)PL)%QMBq!J#l$DLXtI!-QZiRZ7vPyg--Jq*u_Z8!_8nu& z&3iy0_n{s7b%_}ck&<+hhag}uI!y#b2JO|WBd7jH?2v|rhWK8WtvSdAYHBQGFqa1| z`fO?K2uFD|B&zYmUqDIl)V*m1*Cd!ZBB|Hq*qow{?hJ#M)d%kmpE!)CPfRhmH*$W#lFtMT1Oe_qai4)F@7}(}0MZK- z+N@$TJced=YN)=3=IX^sd-bL7pWiUac!rsnni8sAEQptB2>>T&IPpo{>+kP}?;S}4 z+?4NMx67mR@h!X(QSj;014pghM=nZJ&ybrY94)uf0}i=aWRd#BS`WR(fD@~D(Pzgg zhnqocx~p`I&EdlLvV4#}gcugi&AN36n`&!EMckIV3s5!Awtt{Zp3k^apO#59 z3T!RJNO6&K!vUO*GmIK<@wHp3fq1KLW#LK*p4yQ zU8w~|Hb%-0k9cOyRRF_{?BBt^z;@TXHFJNbbP0)M=`r z2ol3-Puw7hSuCjg*SIH51{|fm-LoGtLpc#KQf`X~aM{DT!QLTY?}Id1?BH42@E@-t z?e;?j+dqH4({%7ID2RmLvnE;F=C_0~VmC&PKY)F=l3Q*>NzZW->ciOBR_*8!6u%_z$s@hJZHmn=bCeRu*imUBElPsj!Y?bnC~>O zU9UeVD=!}$!NQh7SVBw{T>QlMyE(-ffD=f&99Oe1&oon+HU?;D zq=;$=@wxPWd@45gjzQG+haQ^UKtci_yQdZ{5pk9=^W>ClAU`0!eafT=a_BwJQ=FcT zj?T)C3fJiPxUoi-`g#_5WyGL4B+h;7E6uyWzz%>wMv6^&j4KPlAS!&d6drBEUwjfU zy{HQkFSOFZXtt1Vb#+x=G|sABrSy4o#fyIB!+`Fq$m)6xn7 zyV75tCwJ;yO7SYflz++T`JeCe@TlgU$?$XKT?f&(nBun-8yqM+Q z1lU~EX5EC}xYC4eDKv@1&Ke^fXY15YFR4Wc)nzRKXxw@Jgd1^ z58>sAW8y8)Olh4@@SOu|Wjpf~f*8t=j{Pia|F~MY2k}r)gz{8`@qMedz2PEbX|MIv zfYW({w1@K+jI{T#Uz(c8^9gG7%*WE0Ox|{Qb#JFru(5;RMV524{s48joR^_r zZq0vk+$oqW;#CZ~F)WHq4&qd$K@6S>7)%ne8T#<7$v1@JDTtnlnq&#*23X;-Dn-D8 zs*|050%rdjOouT&xQJYnIX}M6RfaV*?ab5w!8ln0m98o&Wi&h+mLx*n zYz>7Dj2cn)4#4$=yTLm%N=ea4KFQtIV4ElbmmjP1DzO^77j%`hHLr%~FU#qO<<1hb zZx}fR1nF}S8)9=tOVne`-T$=tI?icOsqXARnXCL;mOKTZeqT@QE@-_xYhhs(5=?0B z`@B`|1_L{KiHJ9ET_XAT0ji zhJcA-r0i~WYO3ne6zU9WYnyMyboHth&Mu};Et#EAVqmVR$w7aEB@Llqh5Y&Qtq%h^ zYHGpfntM!Z^G#~DE?&Gi03hwoNKaZwcsSwMXIp<{P?18hNz0ke4Ujfnyem0mnuYFl zCMc%HrlqA(q$VjTDWjFK3cD<1uvYBp-jrQUZA}3f)7JL39vFdud2O~^Kme1tLt;l9 zuZ>U0?zesm9+T=9@fpVrDdd!|!^1HD!<{(F)g}(})H!1Sd9Se9W38#K&i6I-Y*@~KXDF{6A*v*mKEl|U?0 zO%Nyouy~1}lQpy)9l<2CAOs zSA8%~YY;FIdIknA5Z?CuCTK2R?)o7apJV~Cwz8_znEC$w!>jW@!{duw=Q}XV3%QAj zx1JK4=$eH3`@!19Wr4!QVzEwEV7i~HHU^SpR0?L4q|PaOT3yAXUwEHm{j57hqG}~c zi1$b<^d`S0C_RtbXx)|<0LroK_G&pGu>A+yiyow5{=Nb2NZ*+r4C&S?Zn&A1K`7RuDo~pHyOPR9w~3=Xakm&$1n_p-((BRN3$j}$?-#-3I{mZsHf1_(0r9l` z@f)E)kIRTus1{&8QDp4Z>F?5x<{+F-2NjKR67A);yF@T1HDx&ySTk9i-Jp_0vH1wt z6VL{~0}zyO2qN5rgoHr$w)o+y?G3Zp(*`k(l;VuAKf-f;B9nQf1Pf>}1^TfUz}Chn zaq3`yziqGaEc;xqR!leBf`t_S#PxaQY6S5YZ} zV8H)w@|k4!%AF|ypY98!Wp+Q_cWF*i2lqxy*4NzRGfbQTRJAky&LXj#z;-#6MI`Oi}^!%sum+zOeSK)O3BF6=^keAJh*zzlrLp=XwL9OC|8c%^VeL zmwrrDlj0TT=@^*(z%C^T=jzHPbn08js@+z-7mUZ_S3|xTokoO)#Px=20 zBHDn~@yj}MnV&W=A)32)w3ZdtIUWjIgy0}2LC&jbuw(o+Fu={67Fs<{{$kR-Z1yx+ALr;6b z+m#WlGhx>$+soV`b{Jn79v;q$y#H)z?8o~TKo8nUf3DCH{V*&TeS;T9VO#{>qD;5A zZ!(j^@@KK^{+kDj@n1{g`IAWi1cDVB$USpJ3vaUIGW2S|6L1K^z|jUO>aLl%)fPRL zy=ygU)CX1shk_6qSF(YUo+a5c>f&@}TU@=os>ayN*dzp+kN6BfJ!swoL6wTCT7IUx zEQFyYY5nWv@XgOdr#-=m&y-wnM=UX&adXw|;Y?!apuD`hckj|)2V7SW;aswNRlZQb zv<{93=qcSvOJ`Zb;J%CGtG=jJ)Qlz?A-@wfK_t#EF6Nn|4mi~Ct?%BwvjZjJveMH2 z)=>HWkCAc%m(KQ3@xSR@S5{WmNR-q;Z5%4QE%ZQZT<3QH#M|kXFjqq-i`nOz2b^dy zi#rXxe0833K^i(PkhtDv9<4*+vU@DDu1`QUAO@6J;M+}+Kyt_h^rJ+0`La(EV}ZYc zfq*&8RwZ9m%I5aVI^(LlcMDG&kYtP#APJS)cRD@UAvbuT>ZL^<%VSU{F?+a1h6$)M zfBE7BkE5{8SFc{VzIdVCex1Y8!XiuDaqK=Qf`P&vVO_Rve%(wtjt8oXjW2Rv9^jzp z_BK7K(Kf_dS5MDMWMfzDIN3N?ozcT@?ixknDYa0>ZI`5lgoX|_UG-AI8GN1_7*}?5 zbR=X$^lk{6nSf`+`#vjDLyH}ZC_v(A=*^2j4cVk?r9+MajUFRWGUou!u5q&glomm* z!rq{#w{$>*K7?$m&V=O_G6_jq^Qv$k6~+rAVwuF890)z2y_;CK*T;r(B6v-qNIAQ*H;Gge7YBZX&jVWuj_)O^uGQ(?jNmYeOIq6vxOn+8 zMU=Y_YB}Vk{=t=pzZ>Uk2acP1JCmV+VQ7OiLn|+z61{V$D0C69cF@no*}ODCTvak9Te;EOlq7# zbx8`OmfWScsM+W1$EL;kMPpFjEE*Of*{no~#}2hPU6QI@{u&=2o}XhsUCMM=lX2H# z#wvaXG=X`5e|FQUG}KZ0wVL|cUYpMutCY;F4`}RYJlVwxm{fl_q-AO&HZ|$mfd5(X zz|J!`ME&4*s{!pSrOyT>@DoSz6temAUi%vz22t4#!8AF|O-*`0HmE}8h`ATDr^))l zfIwANRh1AL8j67xA$%wzX=P>QSe;Fz)i1=I2A~?(s7?gItL$R#nhh8GAL+B{_grD@ z9t2nz?@QKPy5qFx)ER}jDu4WmAPhSG3VIYhbnCS!X*pBji`SoxZq<#dW8;R+m+TX2 zKr;rv*)0aTm|sN-&ERx0$T`)n2YFWJPuR~>Du2s^c}3`!o^+{u=H})=v1$jZ9>xHh z3ox49S%d#rjayz$+Ni_uB;FSQXJ>9T0g*va5Z3_ZgCW3(c4i~xE%)6qLe(+XC@}1# zON2*1KWd>jBTq}ts1WdXHGfOXY*@+Z@Bl8rRY*waA`Pw1^cPQ_g{Au(KgW2UZAU^= zwikOl9mG5P`*mcIJ4646ySI$0vi-hBc`PhMR6tr$K%}IlRYK|R5)qI_dXpjwDka_B zEhV`@NdXDz?natT$GdLh7yt9+j5FR79y1{8($ez9?YBhNuQo}=C7AZ^>&oujD^Q?>!XML(MzvIgqj!aPAGpMoFwUGYP1_MgcCmr_-{1 z{=x+W+KP&f?*626OH>R`0lJSK7|`M4)e;Bn?X-sG)4qIco+l*c1AUsZ~7U$@Z zLy~!*7DaZx5&a0SG?a;Q`@Ha!Y~{NsvJ3NXds^7`{I~41$Oac@GpQz0X zpk|s_`ksWh7m(uChm4hDxUX>-L4sg4*Z}omX#i84%nQsM*CYS-LA8L-O9PEiuw*J_ z=YNPN6R?$lJ0Nylik;bwsr=caex3a-Qy3Ms>-q`gAmoZ;4)eSUmqXL&g&s@*;3-lt zm0Py6-(3&3o-BoyO9|<*ocs1*qQ(7kLMT63?CA$_o|Fh8)o_Cv5g&Tyac$Q_VOZ}* zqx?E^8j$;t^$!REQbcthS!~QmnhuqGUH>(i8auN5%=8?e$vRg?sP&RZm`=kR*JD&- zsIA{(a#0PBp;GLS57A5#skrY3=1>}t1jWdn?5-kl0~?2=#51_$Nl33?v&do89v81M zJhVAv)kX)mKi7{e@upx*Zo`{U5Zm;sGg=&W|UxTs47R!raOz2}6@^AU%l&5V#)Xsj-=- z_>z$;r9S4)5Z=&ND|zbH-F{vay8oNo+&0(9$y0h8&^g5^5ZPQ-WI|J=QQ z`*a(lRz+Humrl!l2@YPW(7cdPOS&ruQBfQCe_oZoxiAAFMwKW|S8RxboV4*=A~TGI4d) zqDbPWV#e=5iK6Q<2Ev;-(*Jpss?cdyR=}mz*)^;8bCoYPAFZ6ls2Auz3Yq=Z1 zTg=aHy5Z+#-+v~G4G}JIrsaP5@*tYuc_83G8Hxa;t7wmZ6VFaUMSUlw4kjC&2HzFP z?Cf^;_Ke0}{bMwem0o5$pT&`_p6*&zxy}`AIS3eLkijz<+kq}SHp7Wihoct+3w0YV zW!kzP?Ru8kEoK1A^2Gv=`Qmiw<2(26$!OW2q18_vukldhpX|%iEqu0XiBvr}ouW6s zdwcup0->XIRfUpP9Kw-Falg)dsCI^NXluv{as&vZ0#nk>nVoaA9wLp5Fo_lGOW9s3 zaB4+X3|z)6=$=#u^e{V9^YiJD_U2crj^wfjil!G9?gGa6$v+_>!FsO!CekMTXY`84wDu?+^MC~O{q6?+R}^wHhqU!+i(6b+s@J;=A&^zUDC zxj9Z%IQls;tyRQ*dBC^(rkJXAAOXdS5E+AM; z0HRmdCmlf;9SM2jQuNf|3YZjW@*f{u?#@zeHgdhby|=i~QCe^$wq-$&bPi)j+*h3j z?=tRSMo8At#ECvM)p9|zMPWKpjd@cgF=z+%vP|5wXWM~BsF-PMipFdWMpQj@gSo37 z)YG#uu39VTV>cvSxo)rYN(&q&!6*yOyN)mZsrF7mr_J(^>ZtQE8etJG_U0~zYPACJTEfo7klXDHc){oaKJ2Qr^Yx8WJm%qbiDfijTz-qSe#J^M9H-16{RD7f4Bwks+REYo>; zd99a+xDGcv{kRurQ;FG)AYLhUrb@!70>8-h*ac}BAYDs+i1~;tmBzr-G`OAIOOuI$ z*ti)o@m-#cfITGY-SGwD>Rf89i^5z>Br&&jm{RuMz?H%Z3Xw_{F-Y>AAuW+MFg->t z1f6nDkf&#A&~+!xPZs_$&Rbml0|Xr&IEw%^Q7dMvNkZ5}+EQdbj(=CF>qD@%;at1U z2OqCa;CdtgM4bumxVOB&f;1Z9gGn*T2rsC}h+Q!|;$!wA&_g4NjF2i~dD#YrYP-*^ zo-}rL%IBgvM0|bg3X#*=*a(#5$kK*F5(zsu*9wKsL7h3&S1YE!Eh`!_PSqSlYb<(H z0N5jxX~^3ri{V4dqdJh94DjjROr$w-W03k3=AGxyp8a?mxs5ndpIxc8JKlwMr%G!h z1S(L+tgo(im2i#}8cizpink_<8A8{lR-o_mNKgw5xA5#~R4ZrpePRXrlH zaXB!|)^By%uH+}uihm}|ps@*40P`FeG#SEiKo3whay)i2n2l7hApck)OF`6({pwaf z)VeDCg7}1l!Hk+}P@Wof=Lef~60sm=rca)6M8a>(F&{W1^;lFxp$Q@A2O`w1@0}ML32M=C7dh}?sUC@SYI=i?~XOg-I2-khQ z>U_ZJb8sHI4^;0ugr9(qJ)i@0yjf z+O697%rO@Fwsmio>)uZ`K&MRuFj*4b2UULxbp0H9}}$~^X`7lGsk550D!QyEN} z&1zy@_QH{czR*RBYzM$!fZlc*ZufTP1I9esmw?^}ogx9Mi9Er*DU&+f&Q$do zPR+(e!BU=M$m`(i{Hr%%w&(E`-C{;#y|`JJ2kVZ8id*H|UUnb@ZN!*tBz z{=CmCr!g>5s3JY@PkSVFC)I|5W>?Ec2`m;A2MGs)3-)+8D+;I|EM9tZ-Ale3^p}zw zIscNyee{i#r9QO0cU*hX>g4~B4S`dxj^ckQ`~H98ru+Y@=;i;6*Kl80i+(}gy>iV9 zmwJFxc+Gw-ArJ9+hOckM88E;R4>h~1o)eXKw-+z)x3u)Z!=PXwMci(1-fy{!vhPw% ztoQLz{QWl%DsAS*9!7K9JaUh9s8sq?|1Tc7gh zW%>UwbN&AI+BFmh*D|=jC5FUy##{LlcV{Pju9!~GecX+B{bI(=AO7;U6#es;LnohE z{{HsPlXVlzA@B^Hl1chVjhjZ9Yvh|>OqawW^|l-FO>+EP7GheS5uIA?9r$Mnmx%vc zB{v0bll(A6Sh!lVU!(7a6n56v#Mj^T znjXx}unUxfcRJi(sdAX|f2>e$Ybvg~G*Hx?tRb;s&M>YCARfxeLfmr-u$AR?1|>wsZzGif5I^F92NAzE*`Ut%Fr&7%7$ho5|;UWn6M{@;x|Uh81S})u+vDfFB@u>WPyl8T106n$clbsD&VeP|f~1c}AtF%w|!) zJ4L6)!{|rC+o1cg$U!fptNlL98$44Y60NYf5jthuLw9;T%wn%HRQ}dK`YRCG+9CD55({S#TV90VW18K(|8d- za#NzCE`VNFTYq2Y2Mg;$mP6oig)Xd>?nGy1!2V@WkfoUfQTuqtzj%39$YeVF0 z;75sy2us+C?A!8A$VNJa7Q z3i)`OqyXgR1p39eqp{hX_0ntvf0o^@)_++CEGz2kYNHbV)`Y*W02WsM)&FBP_P^=5 z1(vtDa$rz&iH!HfUw4A_BBUvVALiYczVSDnzP>}p%=PyyjK6+`CN}T{lNQ_GB)6*s z4TjBphooL}Flb%5|DO7tcllQWoBjXC(PCN3`CiQY6WITpwo3^BCM&~qD34p+bg)bjWC0xpu`WimtdT7PmCnCZQiw>W)KWNO zY1xx5lqu6ZcEsVR)BvBH+$`(NE9^%dbv2N_F4PLwb|h) z$;k)s0%Cz9Np`a?8NM>RP7oW)o7!<&E)?9{$1gnm>Cz8}3@o-H>-o_73<+`L(eDiP zy48@{d?Z<(S8%j8E^Z%qIOAZws-R+FkrVXb&CSs)zjOb7p9{VPM=~ff7lEtT z+DV89T+Y2!_idQBV8e$rgQ^cNQR2o;pB&b`WSs#=1{wCWFDa+3>EK-7k3^;B-3hN6m_eDEPH;5qLD34ek2X3>TF`X{fYDP6?1B1eJ8&>o>53)Nh1~by^dy z^O;MecSI4~3L)b8lJP7+(cfFp#veH&{04G7z>vE1t#~}PCdw;78gl~V{Bw~a5c}CI z#&qv$W)$X})`s<%3+)AF-XM0qA+{&uQQZf*XL8?mH;yvYd&SKwxwPD|1)$2ioBSg5 zDoiHmeh-Rafs?^-pN*r`95ig3fQdTnrGF*bx`anan2Kn^<=wH3XMM>K4Jp*tAkyO$ z7Jf`Op|m{gonpK6QE}H)z!)T2@H@~JWjkON#RDLE7}Gj}jHzB!4w<>(kZ&d-`iQ)R z7}NfI;TlgIWaNYSb}M=c{sgdSTK*CGz{a2jSZs1U)c1LKNFr4gauMk&pNMT}abaJw@NaLEK*hWdCl`-}W2 zz=#6y<|t$U53&R*SfLQ|v=N3<<8u}cZ1N|&m@xUvQ}a{zVTxP_Vs%Lp&J1|Nf!*Fw zwK9`%gw>8{C{{pn2~spxsgOxVjr&ZZcatT8v>eqBa}$uI~5 zwtpay#QRN@Kx~SEM(D-2k6@xk6UAdEC2+9np0`uU1Dd1})V?YH=Ymc`@yf0lP^JT2 zn+-G&hlRGLzBE2b)DVk9b2a?k6W!t3nPjyx14m=gRXcT}E*k243q*rS??uSo+QA$myG7n z1pbCH6tlNQ-OmW<(Hi$wqF)9mXjVE2BcqO`KCn)6yaHkcZ5J)NhG%t~7|zib2tE9- zCIEfx5_7>p4-?j&CVQ*7ECzmF?@dMrB-wg>u4)*bg9c9qVS46*_`VFLmVn?t8mQ!( z_L%|rUC+RP28KqEzD64*J*Y;?x ztos?9Lez%7W`+HaJ~qYeMdHhVj8+~vjXF=Q>cHaBsPU{ygU>bG|7^+?@gjhXx!y6j z-+l?&PXxf{+nowTu!+BgX;n^RB2vkGwON*eJSzLggBTQdfyWG zw!WAbuQ1<1%(;xyY>o%MTB(R60vYA-Sc!x<7&YfOJAwG+8aY9Vuor&^cqW*Xa_;}! zXj24!l&;m7TadON*Xf5bQocOE@B%Gd8fs%Ef@PWkzwOa_IE-Y`yc1N-GK$d@OG)rs zm6&TjFz5%CHXIuXiu%&~Ahsw?2OC(3fd&&FHAII)S|LjYu&qzyg)F}gEEWfs7KE8$ zvp66Of@d|HSQ{9$BMf!D7|4u25Z2STZ{HMV1G~^>|1N5Zc^?|X9~w@Ai`TF?qLc=I z5x&E&r)0bqU-Icio45N@V~y%QO#gL8$yi9+Y0 zYKq{-kRer*4+(o0k9ie9C1$D%omQ9y#Y0T5wxwNe;xb=ZCXnFw;D6Qux zXtFz}1aHMa;`g)u8HaY)J; z*j~tnQJDcPD(=RzG1jXC5VaQo^Y#-mTIWaa-;T<4)i$v4@z)|{Kyy=Rh59%i+8{Rp z7SY1)YzzW@1l1QkS>I6>0b&Zws58EOQwQEs^J?W?wDFhQv#rquL%P;KS3iN7PiF=Y zXr?rGF_nX$Y?@5*0fM2@ETbmqSWbd>M=@ylvIdd~FG%JxqU|MY>#qmDFHuwL^;Lb} zOTZwf0E6`&ACjB%)R#w=%s&TYxkL^_S-!V5&(KzT(;Pqt!zjg&>#p098 zZl^$?1t`G08^%-Kib^aW+UR_AB7B%__UPck5g>Ma^Gp6?+-wAQyoDzZkL_nriJTp~+REznOLXnq4m z0FDI)hSfWq(_?dKh?EG^+mLRd!vnN#h?=quKvDeWe~aC2gcraK2^gxj!wQp&ZiBjF zdOm#p+zI&9U^=BaAI|#5kr6FOE%5r>Z=<8yxxOxn4Zh?>Mpa-I!EL=7r{#KRg9wQh zfdH+Ytzp=G25UWofI%&3Fi^ImQyKLYb|f;KG&3_Z>dz0(vlVN zd>42dWZc#YKEyeYmE5GF?#I7+g(V)j$*=BUBRbmz6pu9E7l9Q)Jg^z!P>_8WbCnwr zn!QAH1~fV8z}}DGa4t)chzVFIdNNk$b^d%=5^%152_%iYvSMOcjhCai5Ki-Au3un* z6)l5inL;GzF_U=jC89>@eO3Kar%xO9wd)Lg(n0UxUXR1&-;s$SCx>Duo!|bL4~C}m zjSt<~tmp2D%B}D_7ycsGx63w-5wo%aT^13%!@UaCa+0;0aS9ukcaoBlieN!~0J%Zh z=?er#2XD^75|e|J*;Q;VfV>?9tIb9lFAVrI7%o?!GBnFSQ%grAEg7DoV=a)>pAG}; zV1S9r5MacJdq+$N-?B+jMgjw?4(dfOcrO0P@ z0?>}zKwYL==q@idIiKvBd5wrDeWlka7oj$+HK2jgV4R+*SRMk0Z9{oM@cOkv=vQU# znT&pxLJ*4}bc?)EUyppn_{0!R{|4NB|06^$tUmquMvmBTlm#m{%^UGr;fy`ISO zE;HF~DJcB^7f&-j9HxBhdX!I{5Mcv8NM6 zUd!S%w}E+U^rQL>%4T6R?P!0cP|F4N2JA31{yB+l^yP~i?FtrxUK4yfqu{h zn=oCxHwRJUoe{t&l-Y;?sQ}48R69d)NqtLd|O6R> z)c%v$pgI(yz9c!Pk)e>{`dw5GSYpn*({eZz{2H2Nw!pIURUR(Wg0YaIib@#c>C?Yd zzrcAz*!ONHDLNB`Dbh{)^C1Q!%xENtfX-GS#YEM{VN(`(s$cq`o)^tja!zJR7GIpK zi%nBr0Z?f7rh{es4YK{t9ishe8*$i4eX&po)o&jhLn(|CoE=JvDMTnK3t?-8z z9Z8Ll^n0K{FVd+w<3q%w1caMcbD!9B-A9&){~d22#w4^q zW(Go4O?CCu;(ja`7755YglsJ>m^>`4`X9Bkp)T{xmL=MQq3%^P6 z*e$mM7}y;z_!!CdF)=ZSnyKgbsGREDU9`#z2OFX~UBDQEvzhBRCyeGbd0?=^(z&Jv z=2+H4TNSkUAkl$rLpuSgph!C{;NKf1fKpeP>s z6M|17XMfHhWS*x+FL5Q3z5#|8A_WH- zx2N7d5X?WEIKimWa_hZ%OT?ZnSW5x@+GQW3Y_rm%2u#q-NX`}SxPb5-Cndh2cy~B! zBh-UE7+iG$dIF|-DlO4G(ol-_ym@~W1A+S|$(NJ#(liZR_|o5Ys_^l2vYOhVTiOJW zaW4Ioz=|`uWp@HW&D@AHY8lurSD3 zA(m}rF(HA^!7vUK(p=3Or?8%9S&Ua(T3g5{JXZ*bb$ajT*9(f>WZ>Q^_$?13a#aMg zq)fark_mn!Ap7?ZVNy>)c*vk1f;s_QA|=ag?C99o6dL>}LSZ&LKxJFE1dRq0|FH&q zW*HGdif)4+;45OoWp>3;1^_J3x0MkIC|rWSfHWF_C} z?Rf-cqGVAC!B&MH9=K9zfU>Dlu>$Qd6SfOf^_|@pUn|dR>go%(L=+*w!os3?CBl6R zVbILj)^8Kr-gyd&lVQ8eBD)nWA6Kgi*aA#o5i|7(fi}VMtNEx8c-;V2h$7l-v(9bf z$Sf^%*>r;`L^!bA>FT?!7~aoB;Zov`P#l3Horo-EKn+0CXcEy-kc4g8A&01u<~tNU zFOdiN`T03HIa%+t>tL1!mA4FU4~fb_9xHvy9^e?> zHal@nEadi+8<+2Ve8-j+hf{b%xbWSbfDan9d3NDx@v7`p2#FLptPUUS^vXcYNm7d#X*}JQ&>c*Wr z-)2V@D}{taCT95@;PLB?jGAR}85!q8cQ5)t6-WF;Soky$U#*6$H(JClyLzgdJ=D-3 zg`4{Z`o5ErQ(WnIBQcq%a=T4s8JWw}k}=-W#bz~EUH7g^#q#?INbM)GI6QX7^o!Un zBvrgIV+p@Zgy+`OBz7=2e!8#h1tGaFd>~fN>`%@JGa>sDqT&&?4JVnAN`Hf$F5dSg z=kW}53i%dk>FI05y$EzRZzbNlu@>n|&vjP)i(5Zwzw|Yb z*JK3K$!cmY*=U)*ztpM3ZO*Kqs5qV+N-*AEb%?)oYv2|YhRJ@TrCZC>;1*?qu{c;3 zwsTRR@x(o*pm(`gfQ`yHCF8=chAfqgYNgR4{ZC@Dn z>VT~7`o>)19Y)42?%dBg8l|r@=#)Qx{P;>TvUqG`iH9w=e5F!-UL#;sj^$bNOv}#r z{z{(izU}RU1Y8HqPq*bkyEC>sU{tnNvpw2ekRHx#={N5O4G*9lPbGWQhU`WU`$}F0_HuTDd!jtO zv~&YZt1U(kx9K|TR!qNEzcn*;XbeauXU$}PqkS+z7`A|rNp<$oi1y;>{8h-S8(&v;of{te2L7TaHmpD@KXLG;|T(YU}15=IQzD%0W+m zu`{*pOV!b#xkg5oP|pCpg0eDaB>&(Sk`p!svtP$pos3+-pvJqRf|n}pGvm_k*w>TS z1zbpv3N{4nt-oJSN@Z%GNRZ`LQqQ*S?p!%(g@KhfuT8 zhz&nWRaqIaRO(ecJb(MW@Y0J?L{^MVghJgPZVnW*;(815r6yo@P0R5jHKJ zto$eEeOrlWZbj4uKspH`iiK@|_Qk7}>42%o)6KctSYHH=j$V&>0H?Kdid4>@L9CF^0vTSQ(6462nLRyhM7z)+^QpDg63`==B|NAXWTXDhY5$Ado`iXt%t#yU%cQ-9q`=fnPz@K^FC%x zRv^|rdUtwy8Ujsyo6F1*R!UCJ+fiaXJk5QCZ~-~6(6I9iF8_TwD{U9!m62a@#(96X z$fe#EVic&Sa5y4yz*^g4KN6l&(J0I!bZS8wwk$LUo|bLTr&jJl9;al>t11`Rr^f|N zp3tL5uV-9-y5ZfreC5h(nD&0rFF-jHESSdl&oX1`dac;aw}X#1+X#O4yB{26wk7=& zCmAU-)SiJ4Y2yvxQEY0lOVW+sSe@3T<+(W#$A&LeAxsS+43W&%b288tB}*;sf-g=j z?x?Gu!11oAH!I?&npNvca!0JDKSt~kS}&8jZ*J;c|F|Q5 zuq*9aT`?O|7t|QII=AAII;cwTabNv-+;eBO#>Rd+IN6?t=5hEj1eA$+t^#Am%aNRu z*+r`NZ5FOUa{{x+3w|3$`%f=nxvY7ex_JHmWfD%8*A4Z&AGSvv3F(xwz7)9blR$iv z;2b&I%sG04j_v|@u-K2kogLA`Ux9CyXV6A25yOTD zoiF22krS7GTg3bJ_Iut$8)0V1p0%=_jkcQr|3CYKwT73w>w2&?=v+x>r>DpB8jM1N zzi8VH+YrXsPe_C9Q}wMx^7?n!9+T#-hjeoC0nAQ2=6Uew^G*0ss`?cTKi~a^=!4G>bW1H zu=uZ}NJpk~qPt*i#R>#WUaMayDWDeE#3%PDP`zglJwt^Rl%#_Grc zsLMaS{2p)L#_yD`tO5b+X?Iibjus881`>NF-_uwC7j!Zav&d}mfD$m2H>fr~FM;EE zX?u&>llSdcUyUzXy->LhSJBeX&;<`>OPdP0nqK$p#s;MbotcPOzp$- zV7^`tdYC-WsgerVUMwE&!3NW>nmt^BTKLdkAMUt<_6lc>t&SJm3!j65LH)BSyHZ|v#>P7`X6r9_&8m3>kL_m|-DmU(N3mLMXCRd~0^p(;HM0*2M*S|Jo3 zCt!ws`6$->f>EF)R5bu?;|EZ5hh8?2HL;Akx}G6q(s%%n_)IxwTx~ZS$=RmBD!IeJ z@bx4v?<=IgTyB<^lf#2RFl0LTw0Mw@|M3RKdnw+N{LvzZY0!Q?LnJ3%TNCLe?6EQ? zbCMnc5cSo4a6P^NlwuE-HVToWoY$U?4UWU*URQPe7VdGTldZ|<@sM5?0I+k+g$Y1_!bZA>po>=jyj!0w)bpotS3{|&Z7;! ze$M^v$)o+{8l*Jbh;byiN^?YhVW#bIZ%*Emxk19!$=!;x&ouL&pX<@r8?PfgcEdkD zDlQau78R|kfp`vu{WYkmbZZ_{jPK6QjxYT*IpUa$_|etM)$%a#lCOKFJRPhZX1ykg z%N=FxpfH%djJTZ@!dGt?V2=qQecu7 z#yV>V4;H$rs%ren{v~lhKtMYkqm*ijX1PUBNC+hr6%j3MV;UryYGI~vU!LVv?p#I} zz89CZoH4N_^C^*^O!|$(_#6p7oAi74^_gKoR<9%y53PJXXjYB`KH0UecQ@8x%kb`u zJwYj+XSVKy?7IrC?`6qvR@&oFx?nQ3$AO^US9xfa3#Gailr%9YeMWuWwKtZME?fOo zU-b)a-p!}}Mt$Q3mVBxdOe-{3j~rKSa&q=gMh3tfrQW!?V=c7m2uHsFo}65SWQRWV zzA==0ac~wjy|bW-PfAL8*BuODz6sklr1(|*v)4e|AeT1CCG9Vk{TdT_j0DEO(zJlKH46FY4 z2QOaSVPR#}DN^Ab33b$kO31zh`!*$I!c2Pl@i5xBSBex`0lQHfLd2skoJMQQxIdo? zS=fb!R~Ob)Uueb#R<{{=L;W7>qShHo$M5M!y0xp(qCRR0qWy~kxoAv}`r2wuq6J9M z!0zw{ryYsQ(MGIp-D2(}XVor_jI{IT-V@qwtD@TS0-R@|_^Jgu#Vr~dY^cDA0CxOz zpnY83%#=#o76uFg<6i;FQ(zTK#80Xk1}&?hT?%jBdQ8|=IVwPqy5;9B;&hO`GvRd* zVec#Gxe6b>>QKMMB#m7q4U;vMl}VZrFT>l(!lWb#jz-6SqJp=yL+c45EX zC~y)B*`H=^m6*3x?34*9$?5$2Mj6vcJ!-VDW5w@)DD(^FyEo0t0}Xg_*Ot7@$lh4TT8=U zk6pK4xSy_fgHQVPm2jr6s{H*E+%_Dct}y%7bb;@rj{&(55^CuoG0%FWFLI`%GjtMM zNv8WT3!W=g4O6s%FV&&IUL1|7YjfFRMd86=rbH|haE0dC<0C>G^6S`GoWoA6{5wy{X84Xzoc#TYUoU(2E&}Tea%%tMOSYh9?Ec?3 z{`bE|w%7k0>9526`=6Fe?*H|kzu!8oU&n&G=zD&B`S<<) z{cqRLd-r|+9O-}j6G8UB;h?3w7GQy(o;eSe+0b3t+YCY0)$gyvDKjI35Sm>*Fj2Y= z4|wC>+(J&}ZZB}GLlX%>1&{f+-xO22+2r~U&S0X`wvU!qlT2yGNW?1vllqleO(e)1EMS1MqmVb{34?dFX_sjo&i+va``13pdkS7kpZZPuip?qL3A`!*w)ykb zo#C=V%Pnag*scKc8KrPVOF2PP z5@GoFh6pJL5HEz2{>LKJuw5DPfn3-K8agDegMMVX@!v1U#@Utd{g3s=2;-6<8pE9k z>EEyEx;( zoAs?I=pQV4;Y&kRV>jr9ZAg6au$t&{pLVS4e(Tc@G{BSPTf=;B>2)&yk29LOLPA0( z-LcAE#Wg1A>MS6Po>FW2c+XDY48K8LZ$mS);VyHMKH&)*nV8swTg_K*>7_3nk*L~P z-CTH57+#jv<|}N(D~U#@>J#>e??d(|(~3$zkd1l%4xNA+snIhjh~JF5%A@tJp~+Aa z?^@p@tvBy-ZdS&W?nbQOxKCQEWGfBvY;t~5%WgW}-!8ujL(%mFNjW1i7HHw78zlp3 z#=q3QuX?Pn?*Vr_tv_#YsbqU3ey+O!8-Wpz4wn^j*z=+G(<{~DbJSq%y@4#r1mj_l zuiUemk?@NJtyQCTd~8_qH@Bo@PaAguxq=Iamtu_W!j(#LR`BkYu6?$@@p7(vTm(Xz z(J7)qlZ#^+$tg~kJ_mF87jE7g+4=7ArgWdrg*f3Lgc2JrjLl$=G|{&-vst3Sp~dH8 zR!YTVD(GpU6mnFlXtQ5D$m@77$mkvT3pm)Uq%YUz$ILWOU->#aF`4c3ahaXhRFE;Z z!lx`>E&KZ6w>y1HwkU$JhK=VaJ~(-;Dw@5u+5^WGvW2{h7Qup>vQ3LU`#BXy@2|Sz zdQKXt2hMIU^w(rd%Wh8Y4TLZ)aCbS{#zw$ncRjRJyQU69wATdf(1ti(TDzi!Mw3)H%W^XZ&1=-{+ex6tu?_D@#%2){zYHhU`SZT4+QxG%k^JR zZZdxF?GRS1q+Obx^hm$?e(d6Iy~wxb=8gM)@7@`;=@*QzxE^C)BISK^5*v3M(7sz+W8o})f1rpfE{$jxDSl3OsSG*fF% zNN&0K#_WmtbnMsm5uJOUXN*$RKak#6Q**-upFN2xrM{*pq(J^|YP3aHq9~pf)q}s$ zAk^%2W&T;@n&b*^iawpyv*sf!d-}X+UN5H?3$tUG@-|8i%Cl9+MMS5)91@?(nrFFC z65#2$sT>Mrv6wdT>F;K`taa5tdaY*kS^iTRCwbW<^~Ffnc7|_Fgwlie#B!sz=SjWE zm}=?t29KOb;R*#!yOytBuHs^^V zn3n-Skz9GhWh`a1EQxGAc_Zm-^b0=lZYQyh3fJE>a0jihPno7Q-^jOR9Fa*dK@QN+ zr~Z9h(hooH>RouqSO2Tnw!mKf?605pmj&(Z?}J^{#{gc!m5P0GR_M*Llo%p(ov18BL`PJkUfP!Y#qVI$GN% z46<1sD7tW!nl~qFGTLsmW|2;*fF z-(SIgKeuNqd8#2f<+d(7JS)QMaGCG)JMVW7P^i)hdo(E9YFah5X*mNXQmUU=M4lDm z0UzWU{dqVYLBo0JK_Ybpm3PVF1kHi(-=(?L*42%-@~kKv2|TNHKZ|q0y~P&erVIdw zn3#B;iE7!pCly|IEYoMxTBh>P^-0*+6Oa12P#j3M(9|{2lOkovesH{ebDjPtuM=J# z-b1s8Rxp}U{Xly5-1!IITu)+z`PrteEKt+)o(Vra3hZ)4x z1=owCtJX!&4S1fJaHX!h6YekuPf1_STJE#!ke$7OvU+jDQs4IRe*1%pb-uA#~*E6ZjQ7Y`&#?gaS z&|p@-z3_?NnJXljDb(Pk3%~T|!KM3_Q)l-OeoHnDwumUkn`25HZ}JZBjPpZSg;!=EK<2!W0bp zu!hU{_-_GYJEh@VL*=ry2u`UQs55htB$;-Stca>auK{V%9KeRAO z)GthH-(mlwJbaLlW(|9Ng<r`#u@sgjXX`+&=@l3LmqDM9^R`%^oE5t{ZT;OaBsss2GhQ?@6s z5E6P;9Zcs&82T(7AFla*YiY4@EPws(oeS}Vo6xgo32oR!LQ_=`HC1@cIkeRL-9we8 zz7@QOs^^L4h@h)K9+k5=?UswW?>}v7_u$Z-)<+Aja~$6gYt^cbVy6lA+Ks6HYnW}yqOzw+u8p2fO@?&SFrWa=_yUcYZI%&kodz|Xd3tbdl*)R9) zI_0*x*rUced=(W9Z^r^P4zZE0!=8*0Lqfa_={+Jjs@{3?ah z;Yod5zbvb#q*xGrbvI@h$P2#g?(?D!_iz!!5(#3p@2?`eZ*#>pR6jf?FYgX5gCa{P z*fHJ&cr2WPoZPqa+&QzaatZVc516!J4-z?Fy~5^<2D}9(2^)_}@hrIxZ=PtLm^98m zTiuOI22*d{$9@?hr=Y#h*sW4C60=16IfR6VkN3XNrfgr~6kG{5K44BEbdp3tFjwA6(n-yM z;u9LZ;T={|R9P!_Us z%IF}uot?Q46Rvij0+jR%^>-10n01*Qc=PT;NiGSkf8!EJ<7Mkv z2>;Qhw2CZ_SD9v>ViBiudG$O2rhaTEQx(-w-1U4=#_o!Q zhKt128%fI=q9miDyE)`PbP_{%8xopcU)8eiXwdjG;b0cYtV}ODV_#V5 z^F%a3QvR=n(Jvu0p+}7#=iTeLc`CZq4{p&A_r4uj>8nmXDen?A!;Ig1k%1kl|Ha%} zhh@2T>)xm+1}RDk2q=PpNK1<#D&5^F-5{-^gp>%VbSWK@4~+=YozmUi4d1wRzU!Uu zUTb}8t$loZAD@4ylSw?@&wXFl80YyL=jCJOat>Za4KxEfB~`nL>UiHM8+k3a7(d5Y zKbmiMUO$%exp+l>Mv7uUbMyE^-Y0l=FgZ%RUPbb=o%Q1keg4|k`AKBxDpF=StwwdC z*Q#d}y=FXY`o>&v2kwnCu$e+#4-41Tc{yF_u?79Re6w~}?#s|~xm;?~zpmSppG9kB zkDWPUu}f0(F+#%!r{YAARbF$RD_QN~yUNAFYg}vfAF3lH`Rs>@hqE+?_qr}|O!Z1j zlyd2$fA8qL+`{HZPb-O8mtNOpsRn&j*HT+)UWr~yAZwAbwY`>ERvd@D%T)uy?Kw*) z#@`)A2Btz0UBR6JmrM87do;`K-Osl31*LkrN&dQPm6ITfkDIp~$x_CXUTPCHexOkm z7AS_WYy8+5vpmYzP`+a-PE6tiUY;C*atHo64N@y9*( zi$J4+h=dZ8+{n~ZEQJf~T+f$aK`VMO{+i~yc%kjA2X0UNIT&*c-L`|INCx~HH~fLG zK#lPT>Z{3Nc)(;7W~swU&9WOl?+&xG?a?0d@YsF(IBh2)lU~f$r=y3k82C~ zKFafe!(aQgQEYG5`ikaJB_F>)Q;?gdSlB05!$4Lj-U=mYZZ{g*p&l>L5|8v_36;>2su1nkPaX%rsY_U%5>%)9gfoROnEUfnCLH zF{BLc25oh?h=}m>TH8-`?@yms*C`j9+-_{#l45~^t-j?D^Y~y_sWxnvEv8H}w2T}C z^oIs^p#g!B@&(M^#r=d-fM6?zP!_>8b2ir)*v>y$w3 zBZETH{P{^nNwITi1_B2(x3q_favE(E)34_l^1p2kOSk&Yo?-FKICT)KLLH<=i2!cg zB2zO4#Y|_ROK7NmGsMG%1@V1Y0Ri$am>qP~mJ)o`C!mScJivXu&h~}~GibXuIZowv zpPWrwLa#Hw?sGBy675U+c40G*lh4mlac8B%JsQ6@ zP&un-q{w=SyU?FvUUkXuwTn2K9#?Bm-t3W-OC)>LK7aI{mG%4e3~RMJa+y5c@bp6Q zFTHSG_5xKf*AsNKN6C{kw`d>c2~fR%7|L3acq!;awv-~%5>xuMB0AT(4z+!wwY6wY z`oYT_@3Cla(V`)H%{Cs~8kf#h^A!qO^LCG3g2yh;>xl_>kF=k?-%gxGWx~o)|Gh6I z>nMB%_?Gap?+Q}s{u15JpG>BAE2M@YtVqdTYFO6@0s=&yw)g1W<>o%!SnJuj*Oyp1 z9p-7#3{{3~PmDpuKzeqol-5Y2fM0Tq%MI4GtGX7*26IbttmZRqw3Xm)esFX zWoO|%MfIvTeSvokLh=Y3H_y<%N_td$_i&6_3|p_`*Yjb2p_rB54KeQ3Yh&y$zVYvG z@~U8Z-qq~pc(m1)c8Hq?)@@cakAhf_a%91U>Xp(qz1Zi_y%8jT-52+n2&iV){dDlw z7VR?t{GF94eRawd!UO`vOiCJU&?I#8t`hq4flw5`71rq12m=O!va(m**{#svW8)mc zE6~V(gO+#Lxj;4Z>9d&hOGS`70%DYM`GLgLj9U_2`p_x^QEDYv!FM+uSLx8uBs_T7 zV}N{8x6%B8YNfF59Gm^H`Jt`Z+DgNtd-n}=h(w%m(JT^t`X!mozCPbbU9lV7h7@%k ze3m#y-Bj<(;*a(WBa9IK9@Al36f;?P*?>rKJ$!9IX8Ja6P7AE;+j~?&2i(iP+>47) z#!vS@cT3z+)!|tchAnDl;KO~#%0WMLVR@H|wnqZYA1Q(Rh0ON{|j8Q#Khqw!Rvdp{x`T}ZG~uSzYsQMwy1i3 z89kO%3HsB(>A~YVGb5e_WMPuXu{RCcR%e49oz^E~P6Z3fe<29U{=4QWFPGjV45JQ~Pkna6@^6Q}y%R-B2a@eT@!9_32!&`;nwj`&KEdVCA+Vi!?tF59GD1pJXz)XgdLrSbWKb@u&y492 zr@@D19%8x3A6bkTJr#3N2?>)xZxamTh0ec@`9*uSPJ!yz0%HS1Lu~+RziE$CpPckMw012Lv@|A`6R+jAdC+5mc&QBm>L3H(Up)Uj*y zE9gv0M#fe+7q)CtAr!4TaD{zVpZ|b2OZhUH*9z<6Aha3wo|_B02kjT9k1`#}V+Ckb z8?Hshu|}0}PDEt3VlLBDm*CWzub&?)TbYSDf_KMEiHvaCr)dNS zDq-r;^Rp&Nb-7}2F9I;oDEx3US&icyTC*YRqv|2KXQW&~SCL8{Ph;^fmDa#Vz*5j= zgynS3pbC$S45VlW@(Q1kjw+uZ4ocW(#;j2(uvlq(0m=>&c1T>+_{7VQwH{RTL;CfMmZ;CLx*} z|FwObAaqM^164+)YyfJe>)JNX)6b=qtyLlw+yZ<^6{Ac2nytzAA$5w^y%>JBN86bs zx<0D*hIt3=^6o+vt<=u5W3^M6LW47ny>pf~b5SMPs}A%S%!X!pI=_xQ8`r*rInbxi zyj@ejubLfwsLOG`d49bsj6bi5c$!hU%ZG0FbMUW3_7PbuGR7;gdtRYP=bBAh@?xlx0j2hDOp*>nhKA}b>&+>a~L-3LA%^zruSDr zjhebnwU_=S|5~wAtnmy;G$5lEZ704P7wcJUYig1^TQ$R^oT5^}UoX^f8Ae7Q>kA7< zAL_(kruDqb>~oPp?v5Za+jCrGc~4%Ii1XXE=dvJ&L#rwt|P6^2l3ST)tc`F`@PtqfWA zBHfNwG2A>coD&Bz92FsbW_>KyWGZ{g`C1-o5rgOn;4;)zdibWS_@7dFoQ<()KBDyE zSMYFHIcQwIkV$E$5b$_a!qD&n>~=3%jut^fo$ITtEK~MOTOC&*{gJyhZBf@LcUK3@ zl3?!p$`bB31%De)SWF<{hlhtNm)OyPk`){q%f$4^-tLFut4`ZbLoB^u7W@n(oCsTz zb>=m|S_?h@M4$X1sr}XQ+v&McKH*D4`?c5Os6C#L_vV%*Tu%Nfi3hcnvu?BCHc6Bb zHWnMN`c$Y(^RLhW{P$M(lOibgPSg|*z>qOZk<6MjE)b~Rzw`}4Oc?o?Z{3++2$#ksC z6|GN3dh@m;Sqx}drOZ{69Ld+AyLuI9EmetOy)xffab0_@2ol+MIC1;cq8k>{hu@7g z!rD)7ZVgLGWiBoWmzImkY(-6J?xxda4p6k}!n`kJVS&g4-D|g#1{JG$*3Vto9qh8l z1Ny^=IZW%qRZ(X=h}>ezpbKgTu}8uqqTlR-YQEK?=XTg0l8i{OsUi;ECC$DHp- z)H^eXceT6I{IjWtFJWl+G`!2}3wLh6G^H3hd2~u*^hV_}6=5HXR&!RR5}_q+2l@n} zIig&s6BY%9ctg^UhxMs_e0>Gwy|FbDC(GwaNd1nET(hf;LGH2;avd<^xLvBQ0a6$t zq%e%Jf6XW|hF&CaJd&H;>9nRLqO!X>ePy%~$6VEviD82j9}r-J*{!a_K5syV;sC5{ zuRPUgB*mc0y9&(TLhPxlLP$I-6B7=2?Q$pI34}x{D|Fv};21V3nApBfe_!Xvq}Pen z?cdg7NmD~Z6-@60z?mxN&{|^!f)J(|tdfm{KK61Q+Ua=N9w;#Gl66gI>0tEqYik}0 z58}lkS_5JZ4zW+gLX9($JBC@ze$CR|qVDHA`bLh@e9O0-0;tJf^P&bXYPI{my#h6? z%kB#p2fl_+x#1Ct@mbbie&7j8S|v-@99}qi_w=hY%_jQnu^y@X&7*invuW;iec0+O zwo_MLXinnqp4R~vpcEm?^^uP=XhOb zTT1FQLZ4)4Wov>VP0Heo$Qs2TS)c-pi;~+O$WP(an#Gfv)utw!q)K@{!jsGv{XN@N z_BBX=jqA{tBrLyJYzGVVbq1Ny5qAED!tTfbquoHj9Y~)1t%SoSC0a;~7nMwIsF1}u zX9kMKfE*9!MCu_mXp%z3_pZSGORi!=gtBMZzuugD2aI*lwI||vEYdbhV7tAqqg`a9 z8PaynswYU9Ad6#lUbFfWbJprDM!pO#6el`$Tgb8l4~O}XPtIhmX$8HPmO{{7m>Tou zJAYo(iwlT?Q@2C&X&z{P=^AX=tBc<8w}Wm+*HqQh=D7ajd~+1L8mk6kYRIUo`!6k_ z(E4^dJ2h*;^ONg6o&VUf2Zgt0NKAd(@M9`myifyZF( ze0cI?L}X-o{+VrVowyS)3V}nq{?($!`rShN88|`cWoyM8nOGVH9H%-rRLpvH(q*!* z{BZB+R_(3`#9u&(cRO2D30yJoz}kmw{frkrIl<~(b1I(3b#gAI;HJ)sJ5;)_lb<|C z;ln+%MaQgMKAeRqg^gByP-IlT^#$~hrQ_aLP`tQnRBz9P%?980whl7!=t4y)&M<>=h(EMNj}g|P=!mEm=e`4DxBv|aym!9~h@D-+-lK9sJ3iwSBO7}j z7qSgVqNM~jBTsZdGm%mg5KGQ+uOQW@xh?mc)wR7vvSAu+k?Y5)r6!gZ>CJVq>k zg9mHpuMqa!eHrmv**Jo6+#rbVm5jke+gmAJU6?lSnMu$>^**N{@qzpDF4+{-7(KW> zS7%oG&@p*W(yfq{0GI^kvHplp3a3W0{+(4I!KT`wL;Lf(v=pW2bxtAgMg5W73iTC9 z*C+T?gClYC-FRJ7{yN|;27>@Rlfjj0CqC3uUSLSe1Ix<@C|Ton;c_A2@r7HBAwYn< zRy$9-IO5nD-;7_qMU2Ibh~vMdix19E`nqG8oVU3g&ExybpA?p#5pwaqI~|=jbE~t~ zapQojSm;?kwUdvmM_*>2Z=r!lc;|%x3#Fi=VRVXUZK}j4AVP;4)a1X9LmT$jIQh`T zX1&i0Qoir|xb)#mAT?%0^j<%dQ%%)`Y_k_V=E*pVH|17&XXrvE z$M&Qp%8?sQ=Ga1Z#&3+;`UIaMM-wlOdPnBZ;?j9|yciv{wV=Q5brq3VlUf?gwV~`R zVlOeQNZ#~8*?t>wi0@+NpC)Ie!NgSJ4*h9EpKPxX=&d=ZRu(TzSDB2xj9>Up6^myn zePujxc%gt94TRpud9f2^lsIAZXFFK&<(6*HL=>)B$UnWW7&#XLw z1{M5ZrG*i2hw!Shn&0Zq>Er}>O)NU){?rwGy4Wk~5jgc2~^X{=>iMx zcKbz1x7r@hG%Apv!*uJRKwBCvRZ5M7cB#k!J#_am|3`TbIB2&W!eS}~oU4}?eBt@u znVn?o<6@TJzvH(VO=RN=HqDDTOEr{f_+Evwq$ZB~F1d3b&WnD2y9z>BYouhI@AkRu zpXx@G@D9cXbunbeB##j0RN8PQ4e9j`rGq!0v44_SX_l0YiheF-HcC8{yXqY!5Mj#9|0KIHgA#0P&kYs5IIC59CPM5I^MVG&BJRHg;0%ub!c zx8J7&u5H1IwqWn*A1GpDbD7}Y=b+nSTF6*xh9bRTi>v5a<6v?4MtvcYPXDE zrY~I~xQD2uq4slOGL}3WZ0qIxZU@@%Jw&y&V9;;ag1g7y<)X4L%Yu0;Ggx_gJ)a&lZ4E+3%oxi=HXt>qnYuF!TBx;AxF;n9BZ`%AYmdNI;_-XQ}lThpf| zo&8n9XYqF^uCil6F~9NQdx3k*?Sv9jKo|SO|ImHGOdB45sj~gePw7(s3YGjzN6z_NjYwe#T>AA#CxBWv1Nsf zhEGON!z<#2SL6pPxLsaV4`J|`R=M23qzPn%A()zC<1<%)4+-LQ;Z*YbRq_s`!;)AjUPOo@Q(Ja5}C!)j1r zzDW7%pk4UW+4l*5ECP=!)Yy$1gY|x(&$WPU@j#;+NSXQPmw<0;6l?%gu%F&)9&Y>o z7Y<7ZYA|Aif|L{1238s|(G%f-z~9s@N!6qn1P2LERYm4qXb8d7n|VNW%4~ZBPiC_G z>%gxFlj7f74)Pnx;$OHTNtIAjV10HqTE|4Ev*>)$<%;09!o1~I`siWiJw*-COt3b|G$(h3R+jg{btriCXP%`}HM zR-QY1He%^t>EwUDXUNx-WU=@De!H3;|3NN=g}as8rbrkcWC6jnp^tnH@+%=$J(k}s z)Pr*hKD+k6VsLwvEmJuP|IS3iPwkV9dH9c?@y|c)GLg3jewlEPt2zkB2n+MO-cO9= z_4S!6>H3epOXpf9z)r41GlBLJ9@;~~8*jeWQ+l*m{?!@io8>j+`OJ}g{~P}+yB1$r z5u2b1ix~24&c)_UEKW`%SS?U5uP)HGNp%EI`v&KBJDdh&losRK-x?6t=r*dOVvk80 z8IjAoviQ~QBorZJ0Ky4X(hLUWbAY^Vz}4;Xl)_f|6Iv;j8qE&g z)p3@>ere}cUjPGtV+WVbD48A!qu+n9l8kirP{RjDd|+tXpk=?^pFJJiN#qml=t)9Ih@KYdDO=z;*!sp;tkKiuEXXRse!1B7|yIfa+` zUoo#WsefZ$!9%}I+obef&BTEc2pog=bL{nhkj+O>herh6@VSFA0&wrX8DYRrU>-oU zg_dJl1??sD8A5GPTJJd%Fdl6Gon#Ga_&dqEU@0Cm3a?k+(C~RL{1ZAVN2B>s(|#q` z+cCq*Nw-W3W?_S(a9!jXJQuEL^5zXym`Jv4PY>&+X*_~oWJoY!>p$NY@ z4`!^yFEJ=}3k4{=tJdQ;5`^udO`$BFc$DVYvBM$t-V+xweYP(M2D!4PIRpNC7Zdtq;SFKET5}s=PkD1qqQ3LRzWIxPK zAS~r8Pj7_3ga6dT?;}r0%1USsZ1Ff`@8#}IJ zn6XyON7r=&p=j3cfgN2$IUESZxtlh^ouWMhj-Tw-d(qNr37QwHDCbKHbF$>dHDVj z24xM+%?~9d19JlbVtfZ-fhF7Ytud@m`fK5`--ime#kBxzYXdjkQHV&(N-g~(eBIr? z)fdc(IAaNqcE`-^;|9RPp6a)74eP4UVPIl{oQNRW%}-yM>ip-sh63?>G-O|}oe;Z} zj>dM3mr>kGSX9d^hxEzJ7utK4!BJ5O>OKOa73c7RgEtb$=ZD2xqqxL0GbH~qIKXlQ z<3knh37E|F0naDpmU_x^{=R>vFGm4MjzEv*K&*9xK`DWLkyCv~d+M)(- zI1hJf033uJcGO_w*^q^Lu=Q&-G($M^WmeI1;8w3kRr zxi(e>?}NxbIbM(C<9_3<=x-OPwRrr4v&lq)4h^;I==F$iB7;44SU_Z1=jWe2E-e+< z9dO#C0^xq>^^A{?f9^FdaJpU+*}g|0>c-hII8|nEW9>XU@0et(`1ag z5iARx!^7*{+VM6qvT~*M+P+lXYZ+l-74^T;r&;_}A39|j)IMT|q|*HA!Uv`RjKw&Q z(^5=6zmWn{LIm0X-qe5$8K#88A|O-bt2jOb!Iej* z%t^OEH3#Blw*Xd-`MNdhR^jHo;u@Z9L&EhD?nfei*CLimtx9*$)CB-SO%hK$_&uPm zs0ew(iEu;=zW{t1*ibcKPE9Kq&td(H&S{z9kZ8Re8KIG)KNk2)TTA6Ql9GBS!D zmNyXxn4QxZ=lC(rr!B^>zYfj0F7TRGeE}Mq~_979DUKx~GG8Wz4F(T<4ZhLzI*AM82ydFgP=E zGJy#@9u)9pnog(NznGr$d~{vrvEvTqHLn}BZ;Dp88QverLX`wp()ShL*nE74H|5rB_ma($Ey)uk+bXZIc=q@GUcU(rD+RXqZ)=>-HV`c)nQU z-Eu>n#_HjM?KkHL=ThfsZ%Mw!y7SxyPo>FRiet7aDi@zh;7U|lWU_bN!NjZsU=8I= z?|8loYk8SpII<)f7}k;=mo&TM4^7ERI3j_GUip!pKT?yC%7;c_m zz7loON=#gQiV1A~4OsDutq$|}aWXQ7YD=BAs#_Dr;V z^qQtR^0)0Ftx3x%dM{ak;bR1$(d6W0m@!SrCD>IS0OfD;EKclGR>WyK%m(zSvEWj& zvR0exGr-OQp$yD!wfHb5(9VE^20eOJnu29_34e-ldRp4+uKAk&JfrpF-Ormyn|+p`FLcfsMN(2CIMd0MBRPe<2^#)6%^v44MZ2_ zBEA>$DbwV6hHlQnPQd%hH{#JA~d^tTk$hgTeWkyu*f6>;6Oe@&{C^r=v7 zXysuAo_h(}w8gx|vGvK1^Gief6i&IMPIIE=@oLlK^gq`=QWa!6(~3Ji?H(9<3P(&H z9tEmfaK(v-N@$9RLmV3Gci(vN)7@oM*zq1DfQB7kUsQ?u=%vBqII&Z4>GOm2-Cy~} zA%g)iBL~}CD{iF7)Cj>n^|2i{c3AttCbzk=BP#K%_lCgwDeTN&vAYeFq`Ig(HPVBM zBZlrx9fzO*b6r4Lqf;;U%~|T#zaQ0xtqo9te$!+8V2_XYR1hF=Yf%Y5LocuYB>|%e zIa&&YsVHnF5&W)p*`t6Ls1IRtZLyT(<=Y|@Vwa>Kc?Gmh&g9z{$mr1D2-r}arkeKW zx^8G}(dhV}DCD^FSPT2vqUnt%dFV!asJYFingy)v7ktd5m}hPZzZrfBrsCaAl)Idl z-*tsXww$bcSxeI3AtV_^Npn9&SlW4(J3H>_$ED3ry>ach1(2PwA_QCF$w?M9Au_fB z6HPylm^+?Ar4?*$`5gp6Wv)zman3#WP1>4U&sc zM#2&(d=N@>t%y4u9@X*-R}g&PDED%XiK-HO&|A?GReJtO%2z`|WQ6HEjne*4hpC6> zJ^IY)Y{o#3XODJXC}AzpC@)!0#y10FDZ;@PTwp+PB8&-?q@#!em4cE-3*YCoB=yHS z8rj!HkQrI!Oe|FVQWrE|*tyksZ=qv!L-pN_r-vy->9IZvjlCmcz06w6J!-Re(1tfZ zJ3nv6FT4y)UMKpf#bFZWYU@JQ4WlA=B`bsYtAlh_$NV5$zkD0?_>g@n>3@L0e#P?9 zqj{ZNQ!@3h{Oh2#FOU*29k%Eg+apd`Wp`X^>N&6P;j~APkAo#&5esc4ylG#ty8EoV z^`=~$?eCmg#M|EJ-hRHNN;Z`CRZZFxu01F=Y+VR?0rE9E#`)(J6d*eWr1Etn+ujGK z`QfW;TQ>&+X|?_u=rO^n{WEgcp2@gZJ?JF(e$d&C4l2)|R|wm`iYZBGg=h+VtsZ~q z?#}Pdx~2I&$f#q(*4UfgGXjpxny9&?US=hTuT3*pyeZ)G$De6*E~%|G`FIH%TLfYa z)z+eK=4SdHqrIGjY{g@LAutyiGjJ2SE`^+m^sx0(nvQ6f}QS2C1!0oG!2L ztGF+bs;8ArvD!v)vEhOvGrl)3`p}-D8>~f^7GROa6dA!ZM2EZ4rIN8OV?4N#iw!!H z-;iPUMMKiW%b#Oyf{3dR-WY#8_Yxjf_E(F?rQUH{L$?j;ZPz&?N7#o_V5SdYZ(BxF zq0Nyi)B_gI-oD_&KF4oj_O!&d*Fsm5r%csgYkC`mo_hBHKJ?jkB@bbB8k41v_`oge>eF%~J_JC1hmqzv} ztXKYml`c|eU{;J>P*QiV@ynN6!{dww5JvFx2`Rr~FGgQLpbXX5bs?O9trwf0!o%Z< zZ8niXG|>(9+hZ*jsL6P55m3(`(d8wFwv1f6PM|wlQU1Vc4Hw~|I7eP2vPfa(AcJ*K zXd;7?+C6EU?I=sFhucXPcgI(3ARot(CHMZgwLyfYVgU%# z<4Em$a0s5^XI|rkT%;N=vesj-jsWUcyVid`0*!5Z=jZ#>Tq%@UZ+AfO&f==2a6UbD zwx~Sk!uKf{CQ&X}z>1w^r!pbx-DaXL8fJXn2ff%?q;ELh+i&x@_h&?SeY<^B3wg7+ z3u8+Ju1Xu+dC!xAQRjVk5CEzHMysE4GqE;wgCTQq0xJvhImKSO5=++hs!oru-&2&Q ztIn$k^SA&P-;`V8WMhqSu4~^UIkf|ua?Z}ZKAd>$axZLosl7tDux7v%XnZ%lx;;KA z-Wynafp)nJi&z-i!#TU5H|Xb|?-^P`JlXy>oCXvKgw6HnO zW2snpeJJgAE!Oi{f}1G>(B2@s<^h6%y?HfGJ{b3ad|?$GT56SQYW8T8l%FM!U8GT3 zGL9!^gtEhXgO>>4p@zFxheu1!=wET%e-7-(_v&C{)xcEC#Y-j5;*X!q!qz)5GVQ#D zDl25UgB*>Hz7q~N<(D+RCf5Qbt?1Z_GPnX@mKiT>G#qC4`aM9+8AL<>bsvUGBb>Lq zD=R4zXQ|5z8E_a=`;va<+_xbQZmYWgi}~KbNLdH!dG8%9`mKSOB2A+Cc7j>a4o!W8 z4d)>=J5Iu!ypX?1{DmQ~2}A1?ZIKQGjHZtKR|njIEQt^;&$I8C?g&fS+_Ea;;wT?F z=mMeIFM*Du%z0wkl0OL^*Lg04Y|p<_Odinq%TVYf{z}B6tvL}FQ_3pELP(3Dkc>FJm&=!j&Z27Wr%XIHrxuQjEU9GVIb>XdXygL<06?SeFI61!UO*;X zz$cB+3ZK@8NkoWI$)9;^Tg39!*S!!Xh~q6EodsKDF()XW1K{190LKwG9DvW`Q)j_@ zGKtwu$2aG_e}q!b)lXFu82w{?z0tzD@e&lUBCKE@=>8$M<8f*qh))RYlI`K5m={xW zUsjS`s!lfg{uG>q6=5THoSK&QT<{3lGo1vn_u1n5(U+su4)Ixh^hcr}$^+OHL(Tq}D@<@tD|VNTA8Lv@rW&MEvStbkBSioaM+NixH_t}bE6x8X)mBI5f!9T730 zD(Y+*m~H}AKQ!`bIVU5SMbO!LLN57TLPyA+;j)eC_0Ox|Fva@a#09T$@Gkyt;@o_F zeciE=?^v`0XFsNN4x^}?5+*H?hPCB=0+3%I3D2dTLO4xV`A@etcLevDlyfN$q1H{M~fH62>;!nliOc zDdC4bU$6sDJfiSipL5x94%J9jupHN+N#)6ji17Dl&6_vzh?7r*$k3eU^;d2sc-c;M zU02=}cFb@|;299Ep;~WXILc61Ca;HzO=dIn^JgE3ZLNoV1PG>i2s4ko#r-TB?V}VM z2SDGp^Rr1e2(SHNgX4IFW61&S-^%5)Hy#z8XG6jK1&p!l;b&vV8p#-NU9F;UCZ6y1 zcep5+yeWi!%UAmv-Z!OB*v>hDh=m?a2V4Se|BCS1!-J2qLDg*y)7^S9SQK}>Iux#4 zGD*F3;p#S>*U!z~XJ3*aK4@93*gyl9mkcMEOS-)BBx6v?WzDG6=J&#ItzW3e71&PdBk(*?M%k>BZ*vltVX3{siNY`Di zp2;&wO{2X1SVX)43V-F?_!`FVy|l&AMEh7yCf+6^0~>&+hG~;qF0$B=ckp1im@t{d z48*83>Q9<$z&KA2*`c%W_kxSx399UDig}4|P`n%D4!?im5oq$7b#d{*0`mc%lzsBa zuroLIYk@u!+sKEYOTYRVM!5lEPA!cWHA0IfM409#kA^eZpuLsR{k01;!FpAnz}T?L zFyBhLfNL}%)sL+~HMeKrLpF(g3<*h`Ck+i@AcADeKv)1o1?0dCMpLQ`=bns&{pR11 z!7-!9{;zvXevS!Nis%c!X(Mbs{me>0TmT>KPTQ6(cC&F-qAyY z>0dX)K+n)r^F>YrA{$d$0DEBI>hi}&-tmXc2T9nfyY^U|qWZTKJU}x}R>uJ&STVPh z<^|E&Vf;wbi|b4Z;qiP1Dq)Y`oWHB$(i6L{moWXr&g zZZMA7hBEE>LYqDd3`0M9#_qN>CzGLulC;Hy?|Rw5U;y<91o&#T!|O-;0g%V+Q=NXb zClMmfwWsQXMejo{$_1eRWCzk;h%QPBpDgY~rV{NB==i%X-$&CP#vhhBkjN?{f@f4? z7TA3xa*I|dr4Ul19EYqi;3HFyQ^|iivgtroJ3B!c2-@Sy}7wde3(6M~jG@FJaG0i!($eZAZZ6Q9woo}9H7BF%)_%T}CMa>bXy@b)jNk+7S z)EjjJ8?&m6XGx*uOVT&>58@bKSz+&IUR)fQ#j!u`ds0ry$HaCmuiwA@{%-uGY5mJU z4#E4?aVzfr0fXuv;@IL690qxc3lnCxVwb62S3(gP9Jw2ASTSTo*Y}U}}KE^;=feC>zYs%#E%}KHUEJeTmC< z>gN%1|2G3Z0WUmt=p`IzEkk@+@z~fWvT*<*JppU^rpy4zv%gS|v7^Lu3ob8uyzWC? zjMDoC;Sv0ncaIIe9FrUeSiMk4@Y3Umd_}-GME+~vN2=)!&!}VH>Mi;6l#lVZT>+p*Z!{r^IH+Sb`QC^?`?J#)#O5|(BSj?ij@}ZLLR_|u1$|$ zDS7oP2IRh9xu-XJkLU;hzj|+)nhJ*&X3s1>aMqo2iCK_5F5R}fp)ZovBW-YdXh(wB z`3VL!G-18UkTDE1 zyWqB_wCtxkFhA2{L(#I_Ale{(^T+@j3wls?vsu#>KCs|m5H`=k@?UA@*gkzKmZWE+ z*6&akwh|hpq8_{gA7k@#f>O{(OMt)>im2HzZxHvhbXbcS2mPoF4&FjbYxJpLn`Zff zea4HYmV9vLYg8rl{_9L|ebUudO*SMVj~t$8z)`bcQ#?RoHd3{?gkqU!de+hocUR%! z4fst%h>V@39qBvRl)=xK78!U-)_14)cmXDeWpJ{c*Ar$1oPFzu1y1+VX!h9tVxC*C zP)(O}FCuQ{&b4bqB#M8?#1!UvEFn6aurx%5ymXb;5sN2<{K5(V$7E+rK#)h|^hOP# z6Q{BgQgYoEP1aHpi3Ts^Rr!s8^KO=PG?05Ru(C1#b>;sfj zzP}`U16gVLX1D0~9tG8J#ofb^-&O@pJlj1XdKRZ#kG{|M4$|MGOWD_j{0wt?!dE%9 zbo*ANLP{tn=%5lVZN=vqF0E&cUz^QhlphFwZUi8W>A;(8`=)8U>WgW4pM3-GdKA*L zc3%1jDpf=C?bmm;RJAffmF#3I@+*Fs*50LtqTv0n#DXMo=V)hY3rjzkS1;Q;p)-hh zeu^{%uQiV7EVI6fcU|b7($jqd1C}oy1o@7$O}8rjZ$r(7eO6tYBV1qS(cPy*t|HPC zf*azS*Qt3sz>FBMor%V=F-UU?eC%Fda~=7_a4g`;Jk2_Lj8AbQlel)6j5rfD%hYrSN58{U*GbiM_=GjHqM&`nN4 zp}Hf9m=kkx`+51c>1U|YfFIU|Nh}?faIo=_HUfoyO(X{KbdOdCE$K&d{)|Tw*DB}> zz?oRFxi{3^zCr}S_hywm_O2cg{}<9B{#Ec`GcFromag&}9K#@)KQuWD>}z7~EB8Ja z`k?Xr5rQ{9t1#ZXhwXN_)8ij;>wiWt56i?aJSvx@o@TRQK*VVF?Q|spc>yYF>JA89 z2Rykp+hunh617(YTBCWW;hYi8uq-G)kU_rUS%R+aGcCwmum?@g)-Vo`vQRbT=nGwn zA&(zMDA~^B8trX|QkEk&G|a`xnC;FG_}Xu~YTj4%H3*%jo%9=Yh7t!xw-}SdoM4_{V;tJ4A?BqJpr%vb3>;VJ**z$Y%t^ffN*mgd@n(hcNq>9fn+1r461w-KWAtGtKLzt&W3$r7epK&=uO) z+J=!{wa#OM6Yr*zgtN``>H^?Yx-3IA=V?#L1x@SCF`Rvx_HogIK~BmuU_4&L!Fe+J z1|3EDq{rYYr~c{Q;g!ZCNcjgkqzbA=W@ecX9r2-z9tN3O2CP?~^IgHe>(W?oR@ zbhSGD9hL#YQ2!@q0I=IO|WljBtz(?RFuRzke3 zBy7cQwV)yQ?SZ%h&WV7hi$|*-$6_&$g*CzTF_n#3EMMn6#eTi_l=a5DSN1 zLO6zOXzlXd#;lRUQ1=kO1dYY^__q5kzk?3-#lgtx;Ag|Fo}rLG+b8^833@m1L$fcT zy*N@DuOG0!aLIO8?|U9Qlle*87ox8aC>Jg_f01Y{<2 zmAOAzk-ob8lsut()PB)E!MtB9DPJ&gu!q`%v+Btm!g;9)`0Yr#Tj$!HNYdvJaBaGI^Qp zM#wL0fCR#{hyG1?Dj&^sy#Xe#pjA2=ENaGks*FB2#~?vxI*KkSwe3ob&&$>~&P0aA zlzZGvY+gwD`WGj^wa_m_>@Lr1Td2%%(Rf%DHCk7nHzyIvN!ONl=MP}P)|Mv#`yeM; zqhVf^Nr6d>x1SV*2aYYIH#MsIMMd3!?{N;$Wh(>An6oJ#R2d}2Y}LG-i8?wzTy1fH z`+mI&V=?r2O%dY=9t5VNX4!2dL%1rmn zw(SMQL)vz$vcxlWmFEHGnRr!UKJ1lAFiP0eu=r|mq`Ip-FL_yL)&&;vy<1@u8pVoU{NPdI1@`|y!b3?nsuR zK(OxOOZc25F|MDGIa|F z_)`v)C}yX_7=$BR&>Z2M%NXplM9k@VauYpl#v42f<^D8pyWx_8{6pPs5XR+JHLPL(!ohEh9=?6@ZKvjpQ?ArxX^oD4owAcnc~e2C z4h%^llUE=JIXQSfZMjziEn7R{YLAk>Qn7URgM_0hn3(~U;04X%ElrZXOR!IEC>_f} z&*q`(bQVc$gK_=oeqnhrIl_LH-}Ct`E`ztfTB zVtVHML%$XtTIvtCyiK9*FkJWn>)r7c>>sk-ygZ7L>Hh|9YX+HY9#(u@7=-`-CqWtb za37y*zk`LY2wSB`eES3yl$i%VJT^k0{?2jNjTJfT7yKjetuc=cw#GkGmu$xvmqd0` zQz0q0x_lS=?Xbls2xB{*0&J5;^5}OAjVnylPyL3qRcM%)q#z9W_b+wWGmzO*(xc!A zjXB3Pc{v?Ao14ptx=45}Ofd;%V{~Q*>@2U|BNSwFU=NwEJSlgQ2!^H)v`43<)5hlJ`&;5F znnBsX9k7~fxmm#|Bv{`U?0PeIAv)IPG?lmVQ!A@Itbh==yj9Go)ouR^Xl)C(#8kS5 z2=lqH#}XqRPNV4C&Te69BTD5qX};6tVfeDdTfKCvewtjd z6la9t5FTv{xjZdsBXwaC?X!RvnVLT4pueT_EHgVe!)iOR)q1|mQz}zJasn9HfXqT7 z5V+1CAW88LR>SP_;ua7?B2@_^NC?8RLSGy(ib!~@Lm6&11FPF}mlo%RG=BHd0GZZ- z53Hx%+b6p4WDbwjnZCLxN&@qvh$<9=RdgV|TGGA7 zQ{mijrpkXK6L|N3o(a4wFR25ktV9WTXvSnveiGD74%RdNGf4+&F&F^kr8j!IlW1F$ki;pBfmyVjN2x8wQ3>WWt zHN9XAts%ABrtvUChpq;N>-IT!NO6WlS8tGwC}E%qW9T+}6sUW=8FUHs6oj{-Sfzeh8UZ%SL2mGKin2$Hz0ptb_iY9TuU@yDhBt-eEQyJh1v9a z!^}U@g~JR!Rh!8MOrRhX09=I}XnlA|t+tszhJMuT&$atH+VOva^xon;a8ANT`*&>j zK`b1Z_`kt+Hy{yM>~2#)HC-%P(EJF?2I$GObxJ|7D8}%)+&60N5+$B;;1udC5NkkW@s_hxRI4Y)|=-9UpsutE3CywqEP z;#*l6AwiJNOT223wgVy3x^w0_NU90K7=Gi|p;hiCm0Mvp?M;3X`h;wX{J%mP^?sMk$)65*9EG1M>WN_%!j_*gxjfAJ+H5}ez-dmHOYdPVhxwDBn?_6Y&9Qcy%BM7j~AQ@RmBKpN==k?wAI$JDj0BKV&W9j(N{{U1OZ%9KQh}3fs=jJf(3@zFo}WY|NTnGVY-pe{AGLH-A-Z z6>C`9-||$-wSA=5gZrC+oZ;j5tdw?VGb!Nh%EC!WuRbxfvxPt2GrVf!`k{5z(s}Bz z+9^x)(Q$5rrHbWI7nem%hwh@w-9Io4W{ZbB)J{(hiIR9CAz?S- zsD-#MPbnxUg4lD^j@;?L^8|CPPBbw@dX{~eo6~Ay03>35+OgPmz;00S3^O&k%*dFJ7 z@nGBy3<`GMb09<`A#RxdFD$#oDNTek0>o8tGyVkckyBM29!J>Ir%(9{XTR6ywk%zX zT08}DzFVAlTC>{o?OoUADUmnXIVzYdwXIM+!DaWZ^pWU((4u(nEH|iqxTz&f6 zb|JI_FExiXcivZT%2aIb@|nN!O=oO~(LuNxFQPd{yOLhd;>ebrPAb;QiU^%nI&Dy~ zTa5Z1tybbtQYsbtfy_gz@(T&5pR|I}=K0-HDE%Y(3j|g{h}w3lRrC#<*9ch`I2Df} z0*jVgr|)}Ma(-S9gRuWj8$;RifnZFe8sj@Mf;8?S-F3|+9LQV< zWL-@qaT92{9=Dg&hERPGm~!AL!GyqT-~5OAFmFQh`;a)Iag)fqR?LbT`6Lxyfws z@rEe)0#zmHOBk096gdX8y^*jJP&tFY?$r(klEzN0RWRi0Ta{ntt8}psnG*H! zr7ZO^8E(I%h7Q&Mqtv&FL@cCvxhkd3Ef^7(7_FVw~hI+Fj2K1PPC z+|!rGQJ~%G(=^v)^+rL^$2|PPY55hlwj&(+hy*>uS-(?x?nT`OoBcihpBz=|pN(p{ zt#*dr22Z>X-U`-Ki|07Jfq3ZDw392a(}P~;ZC(6i%lxeAt5Sa?#DB<{_<_;DBK}{@ zV|KJ5&B+Rk-V$ARiRU~}VQaW0KI)x5xp+H)kM}BcvQ)=U|KjfFv79Gksy@6?RV*D9 zY~yl-{g$<*sZBoaXmdQ5g1NPrY^NGcy_VtN6t0|C3kKJ&HVIvc4*Fvu-C?iFpCC#9qH0a0t1|cgnt1!SK>Xu#=z=kQRnD&EJ20>E8E{~78NH+H87J+f}>1| z?5?t=W*`6%+amefO(&A?P+=xkByfNM18zj+GOL$z;|Q6KoAohMe&>`G(v6AGg|=LH zUjetO5RKkuevW4|3YJimD%`El z_v=IuuzTgtW56@HxN&&*)L>hL3`O7{R>^WLu=63*LBvx@8{?KIBvd?iL~lnHG7$*M zG+5(nSW^#q)@qRaF8X0!K>;gFw3SBakZih{OJlxY*%}ssXg5zt7SLI`w$7=SoyNhr z{mWt`mB>MXe2)yp?=t3R%Lz?VPNyeCKiU4wHraPOx&q(0NMXKDNT-w|q!M-HO~?nl z{O{jsk&m~+A7-MwgmXMP&VdRBtv-nm?+th$7Ta0*<`&f~(lm(ZyGB3xO@Aa8bA%B% z(KbtcAV|66c_xYo3x9<6z)dr%OhW=j^)JxA*p;Qk)V>W(ERcYD{n5#|-Kz1{@(@t8 z;27@=v6qw`DV#AQZXt|+^Hj@QWrZWXMKC;^G{4;EgZO_pRyUdtR@L&lVIJDm3>%xU zL^7aqN1^`GdH4UqR?Qa2Wuu4|tRcD_H18yLfrR%^e8r=vhUE)G*TXnt%-ln_{f?M0 zbEE^=8f~~7{bJ_p^XS^p7?r{=r0t!?emC&VArF!f!_))G#!J1=$CCKcNAl8nJWDV$ zEX+I%d?5pV3~wMmE-&ML_oIw>hhw{xPKRGBrRI>kAl)a+kauvyj;Z{BotW~GQcyTm`s$_%16{ftcK578f^XT9HL#^@s)K7E{UgL3!R!Lm%(y-l*XcI18|Y zP(kq(4CmUkc1~_A8I;)NY|l72^BAF9M#ih=n<3&Ov^RqNk=jUO?QlMzJ*@88$>zJf zh#J^o&fMmRWsDrq^`EIC!rZyxI^!{Nn7$hIB##F{zuO+X;j|})v$odVGC~B zbBP`3cC)X!6w)*7vRNrg(TDZ z`hI`_?8FGzj+qadTM*BE#Y+qTYa)Ki-V}E_YTpJhk;7T=mqfZbqdVN+-D?fLc)H%V zq5DAXoE}!w3tr-1Xrdk`x^M_wXGwNF(CUbl$7}lHspJF0!?aIy`64(NKH-Z}0A$sk`G`KeDmesB{$SOqZ57@jgvg zkz~9>JRV{qHdLc=k5U=*n}@`j#U&<%I6K0tBjRFWkAWwUsW3?;P96|vC_+0Nc%rTUr^&qvmZ zRL23VMO`=!#_C3}NZ*3yTA2xUBF8@lXe!$^#;TG#6LWXAYIy*PykM)Wke(|T{`dk2 z?RXQPXVHD2@=lGb;@%;ksyem%^<|l6)_0~vU(;B;9kST8j=;Hqi$2mM6W^CG`B*m` zvumTg!9*mh>HMv0q7KxkM$ce@k5Ifdp*o#oQohUd<7O|d>$eetWD25`OT8ht<^%-= z#~3$Z7X<>Z?XYrnQAvFI8}c|7_h?>{k2*ThHbCzzG9DY2anaB+=-A`~H1a|UTln`Q z3|j1>b_4G|6NT}w$b3JGwV27>)OX`9zP^k1KrBBDnrDT2dml641TsT#-&wp`|lkjc+i;FzLFxjkyT<-;c zC>+M&_%A=oU~BM#dvj5ZtpT@qvCUxTW5%(MTb$^2M_s^owGx6DIyGI5bHVx`;@pD3 z9tp`S=HvnK^w(4{;4Ub}Ygqc1NK5mE6_(U~Y)tC7t4C{7c4DEwkvXNXLNFRMP~2$7 ze(S-q35Lj{xMQ^3F9mSbY6D*~%vdBrxRs~}p&(GFq(qx%L%|f*&(x=*s0!;!PmO79 zw)lJ6IHDw=b=r!=PaaDvQ?s_zaB=4mxtJo-b8YcL*&G~)Rog#WQF5=mzE^M%K(rNE z5c}kD0lR4ct0W}P+5YEKugKuPmFX31^E>VQW^7FUCPv}H##@hln6Y7U?q)TaxDF`P zE!;pS7F*EO*D^i1TAvyCPp-}BA1UHKUegWLBjQW%@BqB6-U@Sp)_)vE2P;7@2#SJF z8#Reo=)?PvbY+#AjtqjxZdFwDxLm+%N%Lvdm+5~sZjKfB9El%er!odX=%A#bA`HVE zs!qQ3IiIq=!2qO`>h}+3(9gYrF+n8$trcZ+eFDeZzbQLBAD4_wc!@7V4JGpqq4Hk70)HC5~ERO}>OKtv7;AFoeQ zQ!{>5O~EV8w%U!4it4P`VvHEznw(aXFAQ7&c>%LhfTWocC52qe*lVwH&ZW#Tmg_qq z{Tu)WawQ9Flb@xKR?!tQtmk-rWtoXy6joZXxlWE;6tV-J&HV70>k6C<==_B3;fZ$| zNuTA_IYa5LzFt@grjJNw@S!R=plLx_Xqjihie$4Z0%^v?yD_hrP&{QmuOfZKG#oYV z*vp$UqI9rSFgC2`iyJireXWUhs(#bfUll(dRjw;7lt;gigu;e=h;_Ssf52aGim-MHp!25R(cimcHRY^FI3w!&UK zMtplFpUvH8O^aJTrPC=*PmZ>Q8PoDAcJ11FfBDCP?4iEj&39yIzO&R1!6Sq9W47~& zOwXPAJUv~AS5l@`S6kxKPiwoEMFd`hg$HB;;}7l+?|d=;tG6QhBZuh`y~|&qL9K zl9(u5(c^_emBSkCLomm%fT2C8zOdy_qgS%tIq)&=WVfqM_phd}{tqrj7@0j*>w59A z*SQCC@+^`kdtwks?nE?T)Sm8AQFSgl>>8be^RReD#RP1kX^CH!B;RpBhzJw=603xD*kb@L z@LCn!bp`kWLiY17A|sv2dFzwJhEgEdodQkp0^11ao32Y ztpASx;B3fJxD@t=C*=`AxIXo!yP3j;_I)c@6K$itydQD~)fo5)=yL53ep0 zYudx5UCQpHb_X8_39`dwqf#-%&@~C8Bb&g_e7D|8HAfKv)qvfK6uM~u3Iv$W283oa z!L~_1462CdgooNeV4sOFv}?CB=TaT1)OwtR&Y(>GnN4-hpd&gbDwiE5heijdLmB@c zjOMi^sE{6SCFGeLzKvj1!9o#x5eJ5Qq@qrm`QVSeSy*+rRg5D0Zpa{0R^Or`0n*WW z>9&OA(?%F*{HA{D1^fZx!Y|;pYoT5fP;b(PRw1!72N-qyVM7v2iwDY39($-+83UJ4 z&W?6RT0BNp9NMDU@SoNm#mUWq*$~QAN?PtI#{!^dKqqdM#~YJ7^z>L`m5zHy_{5o> zI1KL`^|uspu$fZdn)P~J6d{NbR+3usyKq=y-)crz!xSDefTpA!sX43nul!WBKm621 z|MX4Xof_YhuvXxf+(&$%qguWn2fpo5oapnkyMRhj(HG3@DN#hDmX*d$Np+^N1;8~7 z$x)e$;t})+oM5Cq67PA{Hqz3{p+&_h=^k=%0NeY}ATv7~tI(kRS$KCP*N27b;6zb> zoU<;$TVr0RT5cN@&^~0b1ne+G$udyk`_s{yZ*b=CF@Vofwb-ANaIXiVY=GCobkXGU zq3}0pIS5vjcdM zVBOyOGj=N6QVFlm8$Oawr@b-9jc!p2R1`5WvGoRgX>I7sy?DvmGb;{}m#dZra@dec z91w-XCZjLzi-80PUUIgVq(Nu*NCD}C5U{bFN@mg9&!Vm++fe~2{hsA_#BvVWy~C2z zi-*KZg=)*1HJbq}4*sfSX6lbF~ znUpGUI}3qesabo=Pz`tG$?CIB$FU7=BASwACi&sS?v=&h+L*~(fnhLi01#` zO6I!nJMP>jPtycG>u491f{*8u563>W5!5C9Jif#Kyc&8oNWbwf_GR6v@ep*W^{fV+ zHx3ym2ON=sBCc|5q{>z*GSIeXN50{3rGJFcuAmVas|%B~!p!KNbJ@Qs{0E`gj0p_M zns3PBK_no$*RM7PGXaxm6EulRmzjFn29C^|?Xw-nyRtZT%0=6ij(VrFVqHceJOwvd zNT6~E4sYD$mdBi~PMByBNY?to$vZpU ztBq!Do%yg=3%=z@7I$Kp06ftC!LV>h=Gn7Pq^3Kf=V$sF!9o#sa@zL=6|iXC%Mro4 zmry)Ud+=MfVY0&5vV)L}{_DOg7^T+rJ7H;AY8mX@>3UpyRvokXbws!YkE)I~I+nso^mGd7Jm_ zm^X!VGvJdt#*?O}mPZg>+pUZg8scDFAx-C{SFQEnBX^oa{f%L)=y;}ZkWeRd5n#tX zg?T=`&sr4znAyJS=En#$RQv`=G>4kf3PP)r{pHjQ9PppjzL}u>-@uO37ybz~+%(y= z6gH0;1IUgs?JQ*Qd*t3|;S;UXJesixsDYuDd7-{dw}zq8`|C@E`>pk4D18&Q?=?fg z?xcj+8#n*URw;y?@tM4Vtt3@0_Yf;^>zb2d!bo~n?{YMOb$}lBt)$e~wG+d}VsqMj zSn(#~5GpLj8W)tC%nRYVe1907M4)wiK_t+vS@$X~l?f+MDv)-SzZt|^v64c5{{tiU z-;u_bdRzY$X)KF||A^oe3;%aQBPj|mT$hvaZ<{7waDq^(H;H-U`;Uvj!~yZm|J%|2 zKbWQe{YA^-?|Mw(`5zt&)(R~71-4|F;KD+I7%~T2VmGrfLf|@w2mxUPFY{{#f;9vn z#%L&iQ61sS=D;x`i-NO65XP_YzVppRMJU|=dYF9u8zL;bH<_P$7ie!ObFqUPk9i?B z^Gp14W0Oiq2n7)7e;-c*EE|@NXcwu$9E&_XUA~+v$ySML^kVb)nhH5Di(L5d zYHhGR2SHMxP)x?V!?ub?0WcMNuXp*Yi*W*+7CU!ti>!x2$~V2#`d(H4CA$%lQru$_ z`|Va1}N@w0+^lDz(dw%ZvIj3$#v5d#B zK0VIXrW78fc00KK^ueV{b;?&}A@r0J0tIu-whji4?3Y-+E*&^6Pov&1Gz6|I&;6mT z@jc4L^Ukj7Sd%8nxo+4FeJ(5qDbxEWS{hF@+#0s+85Y;lx3!mHCXc&&)Jy+ikNDE2 zTFFNKxoylqwqYp=-82gh({|ck4oz7l)aZrv-U!)|nBus>ezR)X>hnrD1QS{w^pkVy zN7*_hIK?$oUo@(Q>ALp5qrjMjJGJuU{APE7l-ehW;%x(8(P}!UH?(KlpdGrdaeZ@Z z>wR3i!`zcHK^^&S<1--qm?!Z`Z)S zTP{e8kNuIFMZQZ`lgTsbxcr=ZF@(8A-<0X_B&mEF*;quZ2H!s)J>9?8G|e@ z!NMZmW6xi3b=|ZR9Z|QrGA*B^6Lh(U!SR`kRY58$&iIg8>2cOqg(cxqi!trm@|`j& z7l)>ba5S!v-6UOOD7xTx zEj0H@olgSJV>3HK_G7pA>g;nCm52TBBX>SGudh~|AU_tIs6xjN4?jRxLDwz8$?`uu z@b$nO+;c0)9vRoVL&;S~Q+jr~sk=Y2!9B)K;=zAWeEgVR`+Zc@rCUk%=AZAo5{{o9 z5%{2biKFF~_@kxZFmR&A|XCWNGBy z;NJIj_cV1mIjUNDepLsog@uJh1C$q%=p-ytHAlFR)j&O3PoJ?d#_|MJv^7x2ew7&h zH~gh6dC&!Eel8sA&z}oMgEKOmW~0)uz2iqMI2>w@7*nNUt^_rC-xB5T?|bT=r+Qi^ zn1b?R;<#z6pbf?{0wkAYJ9>)axXBYsf=xQ($M&}ZYnx9< z`sB}NpuQhj5m?6qbjSm04gHih?VTbU#tdEc8aE=%JOcN_?K<<)u^Zcc&^zW-t@(h1 zBTIOJP(P-9WO`FA6{E%!Ew;}b-FgCdUx)i$=YY3^;Zq#wr?q$84GuUIKx~vg_14K+H z$}f^Xch8%OQmr+MW}RVaXll|u+7-x%!I$-wB0oi$h&@g63%-HEww;uou>NeW;kDea;mmXkaX>M-*;`+Ms z7i&bTJ~5}!>yed42%&;DtT$)|x7f_HZv}`0XqL?&iClLuE50Jkjy;yQ9 zsf*g(l=njoo95|R2_@|lq9ZiYp-RD0GUSTa(BFRN6pTk*nvd~DAg3wPkSwxz_S*PC zle2`fst=q}<)RJ$7J#nWUg6+lAqT0~Tak;5IfReMG`PPxvrF{3&4dqL0 zmR;fyR*z@3Pl{%_X&K~^C@ND(T?O~|*k>Yr45!pde=P$ta~^%mj4w$6hBEFomtZB= z>5rDT8qi>Gi%$cxA$K`KK*4f2+vRn>uGq2eO_LLHInY{M6$lEbKcyaOggHEr9{>QtdiJ#4SFXvD`pIOS^Fxo>^sJPaHEiC2N4mm zl@VZk^U*!q5VwhPVeIWJ8saZHc{C!TDssY$E1Gfv`CPm%{KP6P6@5MR(Q@3&%YDv^ z+>{xQuTpn7Qf*^{C`d=EB(rAYvI*mUZ7qCNTuE>2TwU-UG}^k!UTBDY3-(=P*Hhkq zs9uRStvz+5hd0UYvOS;p(i$b-{V0LiXfGQ|MqQNbMLcQes{60+${TU3>ow-%_&BI3CTWm1E{_ws&SO5zg%m*R~-Kl z_mTGZ@84~}=PRggmOZhziH3pId!j|hLswXzcD22;6O$It@8Wi);c@k1rfKG_PHJ=- z)~1s^;|t;BOxTBqc|BL0s>c)StasCyN4p1T(B8IcV3+lF`Qx2X{bC&uW`g)a)W)lQ z-Q#_%cKwH^r3)?B>&)aIbe^|eEz$kzYc%GtuFudn9@FC^lr;MozeNN41&#LFh@cD6 zxOeuT$2#xoys4nbW*^EylgPxqz3Ga1VR7+yRX(EI%YkXD0~1@w?Y>5^$7hZ^kvvhZ z;Mhs%=z6WA-$i!9ip^C^&k3h??$g&>1joa++g+N2CvVSAVjy}d$!fHha$lEEb5JO3 ziOL}`HvML^Lb^hgHPW3dYA;_&+%B0HH|?>X|ItJKn_t1{TmT32D94+lpI`$F*_ur% zNIEw`#zQmjEw86{{sw~!F$~u9XiB3Fd^$!WARxW>C9VHyZ|n5Nd|=ZuWp|E*vuQ8m zu){zJ1Js!|kZyL)4%3jPrqt)!|4z z9*KJhW0&^conrVf=p)`1VC)yna^B;Mj8I~{kAVbeL#j+yJcpwf1e;6VGoWHbp~8vW zC0T|$0NKQx);q?PxvBBEdXA`a_aq0S_^_5{ue@4Goz$A~dx0%GM;&5OUsYv8RJJ)H z;Ndek&s^>?zRzE=r<7p%xUR<5X@CQJv})tCa(S{UL2SqeqmZ>u*mohwlOQ0p&6v7; zIjHyN*s{*P_^ixe@>kePC!@UXH^=o*q|{(xu@O{xpwg)J&Bd%sJVNj9B=eQintg@s zI)>^!SWx;E$v+>d<8~t9Co4oaV2&M>O=F^emrH)ssD*&)nCWanb9Ih>)njzOTu*KrooTf;Mc6x6FNRhS(pspz+s= zwa)jLgoV^B|9~s?zaj#cIIU_pPXN0P%s*@G-6r%=V z&A(EmHs}ruc2$J0&#Tn?5d1k(Y16n07~(J;`a6xDEIqLPbjEPNhTgbFrv?eb^-f`Imjn3VeP4% zHIdgqQmn$9xevps<>f?@ zl9KzqN7AvM_f1SpE_3JHL&3^_(|VH$@<9j$SE8 z&YPSol9#vBH72e>P@P^r`ORNRdT}w8pAJuU1ikk1*bAvR-nV6g%7bR?oN-d4)=d}3 zin3Iq-s#^|^zewc2(&j>okr3G8;hM}{U&D5({t^bFIxOAwUAt!X6_Nm_tsH^L z;$l;KoV$=AR&cH2klz!wmkiL#SJD?o=Re(NMzX)do!TZp0?h`9v7bDVXgG4+Q;GIt z2ScKO`_H#mVl)-h()RXN1r-#ouaZXjAt6P$`B1^on!DmK`U|rW{Z=LI-R!6e6s}^) z>{GedzVod=YCSz0Jf}&TzdOqkm{pmNu-nU1Eus+Aa=w$N@O%;a87Dmp(LtKOGW`@} z(-A7N$c)h%qqwkt4s((uz3Ymv-fhwECroi4<_Vr@haZTxd*OE%^3?EsieT)T)RROL z!KtpuuK7q5K^#33Y8)fpp#v*$1?raPNw;~0@c`+KLh3I!@4w(S$8)PAcHAy5c78Yp z_wx5>jGb4`zp*iL_mMS!(c0VjAu>#I-yZ$gha@dGV9WLt9(i4$ zb=Q3QGK-)P{3`6wtvB&l9%g7b9GdBNd0d+>Tw!f?(F?j<@0an`7pvAqO8CZmc-eiY zxh1;kI||+w%d$F7Vm%28b%&<;Z8z)87`fhT&~{gpxGkP$tx)AMAS>8OBfOgr90I1c zyXi6lf{J;fBJL^@T(pO=vI#flzP8v4Rb$jY?G2VRMwk$s zv;$(l*8u)r57XBr?tPoEsAGPw6VaOUVP4>9*&>#ulduv#Gf?rn0_u|^e5zW?B z%qzaT08zlg4u(ZG3#5q+8Jrq)Q1eZ*`x*D7Iy5V%-7MID>rNP;!KhK9 z&Ox3bnY8JBp(aQnOYUc-(MYMA>=nppSV^IO@Sd+4~m_KEI?fRL5k`mj-TfAgeosaRo&Wu_${;8=nqkB-camsM*8gR!xYqGJ5WtSgW zl{R5n-MxGJ&Y)GsN20*X(ogEXlIf4G$okYdudrCUWn+;OT(bU8 zCv>_M8)*7dx#EViRqun-1ncl(%YrXECDkH5j3~`gnmhO6IBW#+y?m=~sgpf`+*g|p>*`8RQ%UWobjgky6)VQxUw$5eyA8qnzcppi(NPTpy@7V z#|wVGJPcO#Z7OzdEP2r;xR<@L=t;yB1yDh?pk_XHM|on$WfvUHhNgOgH-ESz0XteBaT^d9)%Pz z%qpzKWXfXa7mKajQREjiIFX@~(IR(r4aM5Td=?(I@l&|3c#8rx5UtQ~Zg<5Z*T1%<4^VdaE~%+y2s z+}j%NkSAy4KcDM*(=_atdV1d2*w`4XIgwt>yb=-``U;l({o+D^LjK-6;GVpD@08BQ zMzdGH7{AW8>o!^x%e1xLCr{}JtcE9WHPi5ITA6O*QcteV##lBc2}`%KL-qc#hzJI| znG@gS@&g0?lC=2V4dkwaH2)U`{|hCYu=DOSXSxE!BqZKaS(n?lvXZ}gM`LQ{#dJu8V6yYTep}3nFzRi#Re3Cw+c_S2}tOnlNvFjfi72beVV|FfaS|C?L$$ zKm25t8N}Yt+m6h5#Q{6gzaor&HoUFyJxgf~&x$E}$Bw=V62`_HnP)fpXRbJ@D3{$z z-KNBXpNkX<@@bNyva-PwMe%Sy+&AD2gas;f!8JK487-C0px4@0HSmeq4&UHK^U91;C}PUM=HkMBjT)B+Ga>eE(5xQu97O*rrIdOUinl`6AD zhe7FRfKv}w+PRE(K}9@+ca;rr?~mZbHzf{QjX6+tU5w6nHy04pSCthOnZ&Lvk||>! z)+v*ZT>EAB(OY(ZZt9z2vEg#bj5ylWDtHra?Upg?7)QmDJ56kTub@vg$X3q_ICN%q z!0d^Q=N}<_P#LT6(u*x8(zcW=`OWTEgNeC<@ra>(kY*Vp-R7n+2VscM>d>vOLLZ`| zb{*({ReQ46zned@;_Fuv{Zf{YSvzs{jB2658|PGpv2bMNq4+zCY&;Bk|4gEuR0(IS zJ~p-rce9DpJ6Pnr${Zz^C1n)sC9(bd&N9_33x{wCNR~MGvLb7qsd-pif5sYKoM(AX zC_zn^eo1b)9;OYxCeS=@Wj`zz+-}(t+Vsl-gkVGuOZ5t{i4x;kiX=8ODjmVQK10EK z&CHEbCaP|c2sEr+{GLoH;?P$^^`aQ=lH{?-_970JoS~K1D+;~=S3>qSQFpDX@~boL zNhXRl^wKqplT|UIx$f}|<||R)Zw$_>Sr?=};-{$F%hqG-8X>>#198FNv!5b*PL8z_ z@gJ{xdK)iIXYTwAbIe4YU;)*o&;Fy_S_q{6imOHpJh&UWFT!{-?f2eu@N*g-a@Z(=gMoGsB7&xU`n)IXihL}vZ?XCD&{2*dejUqqEl+|c1J&S!kW z$j3(p>h|{sg$9poG$ci(^IRDG#l%D8hfK5<^KSY2)+`F$kS)|2!;>|NrMU4k#d(@# zW#W`X{>GV<1{8#ZgyPai`(8w2N_r5PvVKU;Upvr?(rEEjnWZSC=X{<&6>=FT@LBII z^CzE3j}ICM5|e90^QhlJ{3$komhZ@1+~;C&l=;~PH(cr+qUBk2 z>$Z5A(U>`?F;Jk$W1Nmw=?^$*VxnZNdPB--F7Cb}`#YU%BcU)Y!^vt}B$TLriotI^ zcIn#oEaaC#6eoEWF7gb)ags74eNXcF@1CzDN55wXIkJtaX(4|OYeitBhPMu-ss9j= zlw2{k7cMFD<{1oWKE@Wh(rb_zxLEo;-vh*<0wze&N#t%krW-IV^dOfgVB$%*$Sz;* z)-#Bn;$0(46{`E@!O4od*ldH=Aah6%;^kn*v$^(PY*=l@Qp;ack2!jH7xI2w z=z@mqXdyfc)#7N+(-*)MON|064m@2sF3A#T8g@$k6kghwzxLB{X6#t8d#PA;;Cx?{${F)3c zGQ;nmz_#2qM$y2!GC>DX^R$3rG0i?+k5%5VY(N@C@7f)%I-gOl6J+PZxQ*5&nL{oC ze?)rP>mAzQ>oA6+EtepwNY*qKJ>Aa0OE-`+DjTq4dqK5^0OGXues3pc7{A7OaAKkor|X#bOB+N*%&ctJ!95P^k4I11xrZ>YFq8l6INCrM zzbET-AezmGLwx7alM}XwqJ=*g!TjKT<~)skaN!d?i5L17%R!UC6&Db0CgE;Ln&ddc z*|Nn9-p<)rG(p6h%fa0bLKmN9sFuHGyK7T~LD+kgO4e)O?L0$vlJ~0^Gz)EzPt*4# z4-CT(?#SGTwJsH%+SwZ`>$MVIwSAZn?{wnMAr)sH+H+rIKNWivmdTW+%27!M#q z%-6E{2U=Is0|^*okf#6Qs@X}&7v z{*JV`fK2G9K^X!WpS%9&sXZ-%5eD@r?o zGHc*ga*g`0bm8xxxt%517JHJ$yfj4Ha_bZe8hsO!s4YEGG2go$#F=cry&N)EpT73C zCfOWcp_)loIsK(#-7vpQ?dwOiEbPtSNc#b>M%E%Y;S8mL z3ujMrYJ<-%<}0dEW%UboKOs$L(QTZD2>@1=V}l2)m66=$6|2?H4;9Rl{GqalglC039_Aav!^IU3zal$C>;b+LFFDkik5?V@npbpWn0EH3crE}rE@XNHs@tpwevvhb zJo=d}%T+h7U;oaJYZ9fnm|>x72X#duQBmFI_mq^i{;ZdYpYG~!^=rC*V+{^al|c&} zfcgi8|ME)2kYbgVSz0)nmUg7VFmb9(sP3P@^!{E~=1nrT^*F z=h9X_k{jdU)-mQVc0_T~kyBvH5>kYbCGjU7#Y9R?5Ezl(BtX@I z+Z}uiLIlj~`;NLY`D>(d1Qd0VhH9P<4-*OxTOYlGiqZky0ZS+M`U++BF$OvA%`Iv7 z_w<~gLN)BvJdN0RNH2fiNB_1crJ;)!{jihBsmYm|pvyvPL18ol<$Dl3K+3l7xltS@ z>kg0oNT`#%U>PcBzqnZ>6Z#Upp%V3Z@+GH6`0LPy{$0$*bUp&h%!_4fW#b$=ZepR? zYf!*>f4|!D%U=4>4Iu%!3t^8Lc!qA)3rz*94qeDu9q>II@4ZPxMde0>Gwm{QyA-dL zs@|2*VEJ;GY8nX4I#X!YAb@bkYJ(VZSdNBNF|tb|zsimTe(YBo5j}ONl5z~V7}o79 z4>ntkrZ!eCgWIAD!}@)JCcM0hH_A27Q@mYDaC&PK;*QGwlQ3YoPa?nbefQkNJjkOo zbdJxabI=9t+@)5~Ab*?MZRp=I7zlnipq+g3^`>bXlxrhd*hLJ~@J5U;#0DIWw~+M} zoWhn2bprEf2TtXYTTg1)7IjgqGN$}iIltKplF<{qGVGF&I=%>}booVd`YdbnpCVO>WML{J&7o^W<=Bss^r-wvt^NQEjTyJ6ry**{l)`7*l>;uHn1 z3L@P>0it!SUU;_z(iabXBg4(ijNJYeP}gpxW50ql=oTZpq6deToSau*maTo$&JXdd zU;IKmG475OAjEnePg7KIXYI%Zc|tOSRO6xIt{X`Wa_Yx|0=an874h>kb(2*F`ivr{ z6+1rDEs8Bga?u6A*EsV)Il*-XEJQp zXK5p4whzNvGM1BNzG@4~+C8a~!UhK6Q-T<7!Doer?G4}F5ul=U@|B)n>dy;VlU*tW zMWQX9uPI+@m>b3o>w@4E$!2@Q<7A22XXK*65w4KRA{yO;HOVIu57e1TUar+ihk;!J zP5|nNE98HKoJQ|gA9bfo!NTQ%6SByfwUX42DppCjk^uT-u4mS6tO7hE@tI1{v1go* zyy!NO2kK;MyjFb()5+UMws!TZR*n?*U>n3vE9bIek9Y`0weH-tn%tCJxxB+hy8Ukz zHa*&L-t+1iS2Wp&80Cozd{ zC3Va|I4bQa5CoDU2TD8JjTW2~-}%Nqm5J~62a{z>*S$*--IY6D#flU!3aGGnvUBcu z149*J)!eL{9rWwjxAwX1$ortT%oAAQ1haoV$-NnI?q$Qd{hD=xI}b3qp3--ms_qs?!J-{N_k9R82+N8j56 z65!QyH%=md1b)x-ts37YGmT(YO8D$ZB@N4I0e>VNdL=JNcz z;}9smOH!rb;o&#zbwo$1T{&P-TN)z`fO>U!YciEJgtU?d2tH-KLr&2=M*rw&He*4y zXb`!^Ze<>PJV1b)s^4B@R>yEH!@WorCYJGel zmD}Sry)XRR6O8=WUN~+?Slw_bbLY=P!oQ2z6xj}7VGV2f`%}ZSFX=d>%Kf(!J=TZ* z_bL3RuUhv1`3?X7crO3%KXgw{N=k~b#$dO@+IWEVbYsT5zuCyXHFoXo?QpV@)dYsW zE&hFKle$hm|2)qgMxj7(fzAElRT>&BIReKrh{P3F(;HzM1yi29k{14u+C5|gf_l_T z=e@?~bxR4)zkeEeA54l4!cph7*gDLfLn^Mi)Ec(iI{`}T@9byxci(G*;-UdLy7}*$ z6>g2ckEifE%wU#;(qcxIg^`v>B}BNv75f*#PT4RaJ)jFINb|THs=D_f{9xl`rfD*B zCo_vXF07(xXFn&@y&Bj2_MwC;l!?ncRfu3MvA=GwqfuRJXqhqp{`5etVXuR`5O?>K`%--^ zz>V;!{#Z#HjQ`0>YW2)TPew8SX6Z7+b;6_AkVi>ckKn$ksXZoyc&WR(_aQIaI-_L} zol)&PJ&dgmA$KOUC{@!yM*%>6J?zdiSuj**>^$?`w6ZeJ$s-8e4LXkBs(Y?gPfISL zXz@Y5jOtwwFrF1IU^^>4xuJgIpRx1?hs5vrm{)@c9uex3mn-tLi_9b07m=5Gb zF@FEWq!jX67c;MtQSBYYAcdT?VVoi+Yt3hMEzk4~^@+(#RRf1keYt-aE1^MTg4

      <7tnl;@PZdFuJAd=W*dL;cHHe}ILox^bLq}e;~2EG z;LAmVM~l^m^uH?{dcN*7oXJa(;ZQXNzr;EyS$zuEgp_JAEWuv|W!0H$rl4K&3UZz%FkWs+mrXIdAtLFK|)O6qweS`Y;?MbM7{c-?v78MPRNU7va2r>pM?6c^n z)1-M{qGQe;p=UCv7d=^>hF1wujA*H5R!xm&_?^I&?|0@Fh8cP2@Ik9Ai0fsSTNx@O z@f_bEDEBOmhcZ?-4Ej+4D=4@}b8lQwzKbvR{wGwB?AG2`R_Q`D7SZdF+Ab7x5lKS_ zm#nz+SENuCtCe1J-cuGg^4m!yY7w5Q9DZL1MA{7v^`rk6bLSn8<^TSD5*kL5kc_Cv z9wD2oii~Ws$|xfl7qUlIRz7yJ%bwYn-6At_*{dYF5X!!c`#95Q{=VPexbORMKW=}d zWu4b~zTfZTcs*aQgD8topLjxcxPCoiouiS1=n*ZUy6(9M4NtYYlwf0)1j5MAGc$=r zEX-JC--eDWs;cX_SF7;zJ${@J3@~3%XaANtJw=5f%wB@ADWNc2J{|JPUALE8FxP)> zK^(8O=H7q=`;0V1Q^yowCz=y<->5Gt%9+K&@dpIfSvzta1Pb0fbrXtiZ!x1F`>MIJ zwwqRW-hTPb5pDi*&3~o`Z*@jW6(7v)WlA{?X#_Ep41P7I}#g{k_K4Xx$O2k& ztDo)7Ccjs^P?=T?+3rnqs~I&ldR*69?y!HWli+SNx6&Sj^^Tt|8(o-Yv3NpHv?5Wo zq8%v^zZI1Q;(y2}sFK<`0Bk(TFRu47Yy;5RK{%UTb94N%y1Z3&Z?-f1ZBGjS1LHfh zVE=CY`6;tY=Q1kiz&Z6(h%!u*>20M(|w@@1gHh2>_|%6U-e<>I__+^NvL1nfwNR zKu=4d51mCWZ+s3Aka+Sta&m^@u{;8rBUO8cL7t)!w2DDL3cjpqXc%5zez7A-m>lYi z9GEL>ytk!Opj&!*EC#s`J;EARs1t8G9JRi`(d!oWpdZgB9QwAdheK+04%ws63nCl?cXJ6Y z1Er|qVx!>C2>WZ#!qIDiPvJ@eJxP++Eo}Po1Am9UtZ;5Ak*F>_5==&TnQ^KE$ddWEn#hhtK*b*05`(9vVxGNU?7KGJC zau&5lZXP2D+{YX{HKVNh&s9W*?9h5vmZMJLo>E2}*~3?;kjh1Yb79HT=s-m#lcdh4 zGMjR5nx|DJ1AMk(Ace^QO_d<@MLUs7d7))^JqM*zrC!XJA-=GBK}|}1y)cf@e=f=` zJU}KX$5T%Y_k1wbZ9IIuxSq&5{_eW9rZ-J_rkjz8T99UEjn2rs*&Sk)a-tsSV<=U5 zyd9*0ongtk%FUQ}Y~#eDTssbhyuFf z!NG@WB!Qk~(a^BpTDj0!ThxCphVen8PW4gvE7a`<@TJf8lXB}!;$B=Uv}BVzrt9GF z;-s z{!V+UDk^WGjUM2^eWB#b7mJHRLZ7xbe_V3;cJuuJwXugUsGoq|!vm?fEphJK*H7a* zo()&I9XDU(kj?f|E*Vb1k6sFj3BuU{LDI_Ax7YbOZ}rxfCmOD^NmZ>K$prHs5q<2Q z7#_Sk@OF$L0D$BK7du7|_bWWx3$DrEp0N92S|%vM8_mexJf!GBuyfc?dBJH>B+il{ zd6Y3YdNl;lF`oX|OsK|gRv2-PYx)9~CkqA*Dvro&rKu4KtP@Y?n*t{9#Z!L6f#q;$w~ z3_Eo+o(~+Y>b9`?t(~3nFnJyg^P!;>@19rk=F^%2N|2_9=KwB6^)0%Fz7L~IiiPF;^7mKMIk>)3fgBq14~Yr327632BK27+ly)CKmMgmYM4NUT-`u?TIQ z2P44MqKTcWT-<^e+s!iy@EhjUBCe5tnT~CjiGu5U$zblyM^ys>&qLZo4^4PC_+Vp# zGfWTZXU0qFLC~rbhrTwPhJxYzg5Z4ffP|wQiC;QvEEPMvnXJwE0RXG1kx|X*_gf2$ zQnEHq2{)zeJQ&At`Q5_lCKDocNfI4Zk|&|7)$Rr);gzf9@78CO7ejxxvBPTm?h^(m zS}osO<3%`iK#1V*x}@Ap`?>3DrMJzw^qd%J}|6 zZD=&q?X2^Z^y+w*G774l>3cyBwf+li^*uG!5ohgn>pr1$62I_TiE9IP&>RDEM4G{u zCBio$UtPl!JSziW+ZbD}18alOH?bfkQk}>*(?_j(*I3nEdZ3dxp#D{+D>c95T(US#@M5ne7BGjWwxZXFbrsshchD!^7Cm)aggM7Ro9KID2+x<9pE=t|li2til z2S9bkCYhDwce>?E<_^VJ^IoQ*>4uvOsHkX9>8An|;^*3K;8LoMb!p!RE;9UVl6EOM zWRSvnvlKi>V-6I`@j`Np%Gp~3jAMZSI(^@fkI?th`B$|;K ziO^oefGC9{6ol#l_K0T&m3tfKK(Uero@5LcO=;sQ>`tSw650f}9GjLOgWLqg>Kr9i zVEn}4o!Vpo0fDjHTn$h=h~_?IWxU7+n|rmUP7po;5!RxO|Jv@yWmh$5yScxeIGQFn zate*ICROM~bZqY0#I=d{W@;M#Z;{~A+#(ffldR#!Jy`^=gY5Z6PDRq3N5R3;9v*eZ zOUX)x0RwNDfeHXf#8eaC*0#0Z6&%f%ov| zpHN!SA&aDp!wIP%@>43v%~cZkAkvZV++A5_b;tCpDi64KEd4rf10`_4OLfd8_`-F=bYp!(Z=VP#JX~*NoX)5s><0 zq}1pL`R|QN03aZ((iMvDofwsxI-`^2w)=W-4}=^uLpiaKyA&1ens7^?Z)>g-8%w-) zs|fGgNm>XBE;8;orPyZ=QP>Y%COoMj`ht;}rC6ngijk4044KqU5oJ`uv$Ky-n&5QS zTkxOEAH?FJpv)WHgYwDCm%}2_8yjn*ddp|G+)nMybkZZ#%KQ9w;G3Y{(o^Y1*L*&$ zK)&#t?&2o$98l~Okv-9;Kjzmw8T2F(zriG2Y-@N}oG=}Z=+T0tFAP6gC&`q49Q58k zj-@M3`{JiVg!j^9@;oTz-&`5$%7oK$EkVzV^iuRbUEk0zOZ}NxI{q%?t8e!h8pq=v z0WjJ7b`(p^ltTqxDvqr4ZEIIlN=)Ir&@0K-6|^RScp91s?9noU<>@v(jO9Bz<%Vpy zfDc0HWPayZ2cei1yGd;@qO5H2SEdrE2Ozh71IS;$D`HX@3sk2>ACG_%_SjD`z~ zR$_tr#()Pvj7zkyCpZekpMUMnGuaUwoV4Uc_)(8*wRxh-UQiN&nbRwQrL2#S&qJCisSYdoq)?LMo_)B>+7n}~LHtyEP&?3~})W;#pAWF~mu($h>R z|5EB1Ln=FwV9eqZ`TKoJ`Pyyf29-8%eRptz1{K3lG*Eu4?RNT740mWj$Gf`&ssjvip${xxfW&xU zcUZf0Jp=^>36r&{8f=~n=g28(PAPFR@On@4C9B} zGSPxM&g9s9UKdQ>9C?QwwW`Bm$(MQ z3Zcupr_*X&#eg&!Cev?d4)kphs@M+I(IUkl0NEr0Bs*WEQWU}b;&CWR%G(!xH3@nw z+mpVFw}DCxoDM}>Wv3@gSZ8rp7lP>nDN8dxH6mY<6M6#c?LpG3Rl^Dv`*yuNvP8(o ztUL+AkDU6lu{{`fp@Li7T{N5RniwMgZq^=;!l}~V) zmuCAI{#9lg`GfNnmOe%?pou4*R;K+?AZt-e*-QWuXI5`_?&`%)@0A%@vwAR(NEVBZ z5*=T-koD&1#VgOuHRJI;-L}jPk9BkfwVuwA7*}f}>u0E*(I1#uEd5m2PEQt;--7AD@fVfMN&&#ul- zODu2afKA~I9CFamlj=Lt7vD0*aL)h1fmrit(OXWWLUTO&7M|TjW-kr{+KF$w(9}Rd zai8lzi9BzzK92x6IIA;@NqhHxJmbDpmf4j_k-sQlEw(VzKQDeLeKdbTI0*WiM@~18 zL;<(XhjJnTJ+w)E$W2uU_mnV`NKN-#mZvI67{WwjTX3tq{q5Bn0%7#nA?m45_&I1oTHpFNW!>Wkg438x7@ z0=1U_!e;wQ#V@o|_W5&kPW=(HvT!G=eli&2HqV=2gohsv&G%fOaJ0LUOn$H6}Ss+F0M@!3Au?M@_@ z+897ZXCh_#uG-8v*OvYmb3xgf#S|XHBe)%WPYwD`($I@)&29hHe9ij{0_wZ|69JV7 z@g@5k0_xy1&iVe^ANc1jw<{=Vd9#qVrR%tj_ri9FJeJkWWr6TQP-Z+muBM!69gtw9 zgFCLFFy4BZ_8=u~2uSW^sc1TN$L7$_2a`@;bkcO)_WP|tIlW)_rLg&ru6a{e*vFVq z%M?m74!#HJwl9|LyY~ldSr5pjC!$@)H*`B|^+PULRSeaLUe?(pA*_v{G4vPHNW-^{ z=P|gQCT&K6$L1Hm&e(Y3`|`mf(hKY}rG=MkbV8fnj-~ds*@V9f5rRV1+PNbFy&iCR zWS73@n|ATh0hpPts9C<(_Yk|0MKeNq8?{tV&Bf)VVU+hTsm?*Wr#B9IYYp_J_q!7y(kD6H*OTr;gnP&piAebEzTkNfz1@FoP}v zh1~5zLd<(h_;qeMXJ9Ulf!S;p!Vg3-lsy%uJCvK}o?Noes7qwv z5_7)J;1NdCX~{T$X11BwJ6Nfq<1Ai@_g;_#w+qDyND)$`o?ri5S7XJ8ZsLnQ)T*Bt z-TP6)_L1ngz^)OBYEr3Z-bvKlZQ|prz)xLKxn37yfNH+Z=zIVp6(e*+PF$QQ$*6+s z0DaOiDyr$K@HKMMD6HED7V^0WM<9OC>ol>la>9W?nVZ77K|tX+awzRV<^N82-u^4$ z*^gJoc@Ykxe-fS~qyHd0Whh|ZPyj=U*u_iT3{(~m(5)gaBZyNmjkf9VTj(ISSc-dT zFc2YzAP_gUhs(GQT$iwR-p)v+tygR>m^WFq>-HMqKXjg7d_l@62>gTK0{pzm<|0Vr z#eG@JFaZMGA-QH)Ys#$zjS`pjZUX_fg=CZ1}CoF$HEcELf<{5*HrADE}9$>{tKrXmU0 z9uIP+=#=5x<~QqR5>=_}=mD`0T@YHLTS@ksZfdTd4+!nvItGmbnW)T)dV-2Z?UEmN z-nQX7hE;Gif@0+C9P3thUL60n`RwF{5Q^a0Awwf-$=s!K-1xeAnS)_<94M`Tc`gd4 z>9x%@Kt$H(I2j&m(9XUZFWOT&enJm_Ayr8wKO%AZ=aW8j+rcwgI2TDxZ?Iajj zFTHjmhE}`32mnE}fXylV4X-OqFARup0|f-Ck`22(3m7^&mWH)I5nmhL z0$;uBbh1^G3*rGs8Ro#@{?6UIzH_(c%7Q>niWSpuCwu)3=Z>0=urg#Cr(=A2)J^p~ zvvmVn^=UHGAVFGGLIMq7-ZVhK-r16_262FUaPiJi>ErB<6Fuv<7~BL~=k-s;#+}bT zfN8jVwUn*^mK+6ok$P;!*41@n_iRQ{`-1Zn?6ng+{=vgVum|~ODn?@C zbhNb6pFbyr4m5fi5wM~6`v3cWlk4W`O zR#PA=5kiw&@MaY5^!sd9BkzfD4NJP|l`v-O_egApC;sHLOCCxi7^*UUmNgAP!Jr2y zd!&JvnP1}0zlSyHT^%;~7w`O&)|{j+IeQkDrE#+^_wpJ`Pd79z-miw3nCGuj^d7P* zO9=7JQ(Mb_!G9;S~iFzy)|u#d|xJ3b8pteWJsfDN|3pI3Et(t?jkQ z)OY3?d#Z3sCviUfya75XhK%oTbcawi6G@pm&{Ou_&GRqDR$^!10RQIGb*c?02ZhBK zGbA%SGMxn}=YQ2$&_sk9hqX9Y!BfB704xMUf`e^M)nmeAE6~{KB|Xr%ts=N37x3=MdA%2@J$MRK(4nZ-|-8cSG zdHrCRHL^VmClBOj_}E0vf9HdjBMs29ujdwP&EIEIP^h_zUP=2Be_;^yQJ?Z1Te-jm zIKw05(9_r}9cCB7qBZ9JW+fkTD59qvp<8fCQ=eU+19ZggZaTZxbr5YK0;d1^6#I+R z+_HOc>;Q9Y^1buy7{r?(95J(B0{son+%SLMyEV3G)DzCvP;PY&uN6-W#G|W`;x?iq znxHHp;|`Uo&tT6+w10Kls(1rkQtaEPvNC=cegZ18>!fq-a_vMtb5)Q`ecx2j;%S?a z%IguNpx(XX)2y=F(qAahv{+l*JGMNr5%@7C&z4KzSaxqnq~z9>T`4Ika*&(|QoOB_ zptHI%H$a{lt+7-eLm^`fzd>d>w@-LylZMD4)=7aX-7L~O5m3|biR4#!hl7^V_eQbA zN>MPyORX^#Iz0|ED=mTb_e6Fs;wjU7OkMr(3)*J!FBo~1BN2aV^`(n#kI z>X%fvXdBhb&_}VaxBEbf4K}xW zTN3t}?K3od5p~Kp#E$f90JLf>h)PA7P6Qu1^&Up7b7XEkm6Ekq!}=cike!20|) ztB5`EJU!0#Vz9RBGwn5*e4JoLgRo#LlkP*FOvRgvNuPyo>A@ZFD$Fqb#@t2dpmTaK zkwM2Lh!W|(NVzb*o3ALGvKZtPiY&AE=?Ee1yeXSbdX6N8)S)j~)i%$sHL z1vCv8(A>1~i{~U`3tfO56}Ijm^$ED6^!q1lq-#ep$3B$5Vm8qO0SUTROpcC(u!fjE z;(33+ZPoxJWo4o%=e`G;dY-B3Beb6PFh6*|=n*r!tx3aGi(AC_9Xh~pf{wd5@mAs* z+C<@?QAC3BZ8K?rYoG0pK=S^n0RdX#zR$NNkl)-%-+-N)>BD4ePg4=fwo z;4>x7QpW)m5nRu_o^m5!kbR>`oU$D+kV(?3Q__B;3lC-zg&>ZTlzmR@yoRu(v@xu@$;X9a`29DhdAztM3~t=`@G)^VN6X3SVjv0a z@$Ve$ZF{>mXNQD6E7uyB;&KOYU=h>iD_j97W!XQfekZH&+NnUCe6TGx%$7K5UuPxpWz=>+A|JuE-S?0{4ILG@1&rwq!&BY1 z9#?dQ&z6$e%0EtJY21A=H&A zmdyONl~qJ$XEXHS)BQ_kJAIX&)3Nc>ILvqb7}10I-X%i(@b~&}Cj`0{pH^&ijg+MC zW#pG#f+!nx;)Mso?7g#tedZZ9ndZYnoozSgb>i+=E;FF^RhyU(UBBp3D3`ee991jpDscs9 zcC(BEiPW2FIu-MqpD(v}j7D=omjR=dY}L(5t^dtfyWe5$ax@6!=xSAVtik!ht-Xy+ zTmK>lQlaRIP354`px}mUuM<*+HcZ?_PDjKkGVDfubQv|gYBX+*-(nb&_7?}${e}VBlUtXUk=A9RaD+SIRSXaz7UvL=N;9#g2R%t)Se&tp@=u0TEbuOzTo`N5dt0cw&b!XO|wM z@DhsisK+^xc`Dbgy@YhT%inGfm*+wq{^GPCqq3&v35(9B0gU2Ho+Rr#exHHHNyibs z`(WPA$1kY0ZXFjXB{}-VOHt043%q?@0=TL{G1fEOOjT6A75W3hdGeH-Be$JJ*LK@aj!xc7=X z%kxxBRbg;8%KGlzyXw@=<&Y|Vd$igfdkfitkhcsTLr2Flbn6QS2{)&q#RkB8Vcnag zo@?`0sbAAVJS~koQBoZyd$O!P68{A=KVJ-kouT2HPLe#P$p zd}*TAM}mMEo`V3a{kMI-7{K2gO7Zfohv;C@!Jo|TPZW6gS=s;pxb8sHPcr%Ek0T=p zL3^Q`bI`Dg-}#mgl@5ZgAa6Nk4bcd<{p)S)z33d!(+Eqy@@>q(Q2F=kvGSab@76=O z1=Jd%=gKE9c~SfkqH3sa`IGs!s^9;V@T=$?aeng2)0WTqfB$&7 zf4=Y0p+^{Nr1HOwNhyOD>Bz0-G0#4Db%dXGZN*ysgAHE%oFMW$qy5MC0J#0Xp`8EU zlezz=Y&Q1guCDz7^2WXF$HpV25`fXl zMP;7E`vpDYY9L>8;XAB>fq4Kz@sPQo3ss} z?^Z=`JQplRV7I#r0c zkth{4w^;8|cb9%LUlDqACTf*E?wIeEUE7DnQ}TDN8zTDy6hL3wK)AU=hthfPNtkK- zs$AWr`KuGQAMi))nyDr=*Xjo5Hf8xVQGOMK0?~)Y4SOk!#fH@VDoB^`a{^ZV9D+QAtLe^PDneM_a5PH@vEcHO;y@4(yD5-;!;6hS#-49% zvA_Iz>V*+yfq4LKh*A~OvxEP$Jk@I%=nGM2{)<3WB&cQy;{y4&;3CO%l7Hke4b?-h zB^{>9`)d(qMhxyiq~8m0Oq?w*peCp?=NfHPqftoOGpIGgLQyEJRgP1NyMwnJzO#`7sKe<;3g3wK_B|Q9 zAN(hwr(RpHDRoOs8Yb4)k5Y5}hPwpOtOy`mIFMId96ud$+x`2y2k6T7pWUo*8`g?& zP4FeTalTBEs72BqqFSEavzxwonbK?>)HE0!pF2c=diIVl#MOMV^|5jEE!WO-2rEk- zaa8cgo?E)Y*CctYaW?>`-;g^_?Y1S6_;Csp%m?Q84=%9Ywv=$77JnEpb!$3*He3hO ziL7t4|6A;9l|`&Q#;w#lnIm{yvHdi5ukR!q2tiT0dPX*@p?C3)_V&FC?rk`5@=h^{a$^P zHY+v)+(ZhZJX74TI%v`B$wEl+9P$0TLsOauXe;ueDQ_Wp^|R|8xJSO#F2i{ZDAY-C zoH~GaoPVci?B6r6KK~U1i#TI{V$gaQ1O`iUyf)jjoqQjXOK!+Exk!E-Q7v)&B_<sA& zY?lexOOq4W4U!UdYB@pW`20;Y6yVTJ^E4{+`kfx?4Tu#+pgJ%;`#_@uR<&ti(i(~i zNi6v}xu&`yH@23-BAs@f5&7~}=tTZ-Z+uc;A>i$#;8gzy?Mi#vWG&RE=(RCV=~ z?XNGUv3ZYS?$tYE>)rK*lC+TJ`o6BGdI7rcGGz4F`}7Efd=0Dbk+_Faj$;&VvTaj8qH z>o!oRnyGd#!Mgc5e)AR%LAT;}uuQ&asRa{h0Kpn%h-u7rDawaZ!icVbJVl|KromRL8u3cXV+K72mKzSV4uD?0QK;EGxDF^TOo5 z#Es%o-aC{PJV&h>PvA7VYkP1N111an3tr(^a(`#d?xQ5w$9W>_R${dEdrcwzOi$GP z-SHdTuR?~iPy)2r7%nUa$1j?S z6`}Tglk-h``0TO#frASVdW!58XL<{6F5rg2C9t35dSCxwbvT2>@CTQ72;J;YOs)Wp zKhWvbS2t&_DB!)HApkiw0b7lU0F!n=3gDcK6&21DtW zzLY2gTLt&dTM*BY>}u#Xz66mMJU2`>!i0P5IwbR7K{=T(X3NZ;@EB)dc1GQ4WIPr7;4KDX1aFHh#c+c~2T1 zjXq(a_MJ!8L0b<<*JzLSMVc%N&O^UO*y!k=lKPa zYZ~+XZ>*{1WSR`x7D{js9qmNPIR8nTvImmWow~tG>#-<&q^OtZNdLe9Vr5b7N*c*Z z?0QW;!>XFX>5qT=)-B!#-_5|zuH5eeN68_DW}4W$)4G0qM@lsAcArCWM~QrER23^( zalQL~z&qI)Y$`;g5oOR(fbPFYY_%)dsUDuo+>VAT%#dFS2`@ys>1GdL{*ng##ZHK0-R5VK6}_h|x>19X&NF{B61XsE z6Y~GCg%!aS>*c9{fx!XOILH7(2>V&TjlQsa$bfwb+&h-8$YL>+WbxxVi{IapfF}s$ zPM|9d1smk7hV>!cA4WiYqP}E)P9RYf^%YVk!r(75+!NHR)Z06{+G2Q?na*OLaj`#rT_!j++ z{mPa;Ijt+x9Rb_sffOn9+?<0kLX1KR_RfKW6(HrCyy=r0Vu1hNK|^t)XRD^Q^g<`n2{44h!RUS2OR2x3uCsP6<6+D4KbGNLMLhf=@v;)CRG8}opvl7a) zpIH2o?t~?-<&)sLg@pIRlt1{t{pn0<$mf=urXPPPa{B z;rLD@Of{sxVp?O}*p}MfHWwDVIbryLzTKT_bUO4GZmV=eDl%JLLS%(8V+~<}l4^AOU z_!KgJ;%UGfd_D*Ve^Y)}gCODpSU8pplfNpDbb)-)0;#j{E!p%g+syTg9?t`LxSn|WcISYQq0q6w8f!Dxkg?x*A?)}P~ z1`U@bTb~x@F1x3}cr)SMx+xx{E+r<9J%H!+gRy(Aa;Val?i;N)4;0k`9(eY(V=x+F z-QDB{!8<<+U*AtUC*PL)~9)AtlGh40)Q^xIn-{ zQRI&-kUTti#ps3V^D0&H9S2}7Awy&(WIjW?kwI-g&r;{LTID1ms>DP+ha~t05QnUx z&&?7^0DrR78akLV)@nE2=sn%qAb1w$DUHk|kdr&vxI!MFZv^%TBwmSNJuRbz! zBzsmMqjNjcJZ9l8WK%gTO~3_(Zi+HJJ%X3>m&lok9B*b+p#552Kz69vWJ&g*Qn1Mh zc$rAkj>fVf^@~UX{};WW4rf+BCa@rFXZ29_xt+4Vlhr`kJ8LB$=rTY^5VF?6RnSAa zLPL7|E-l6!zL1w5^}(_qXZVS&B86jK_^$>5<4}1$$KM39N@1vnEZMOXXF(HKMNs&U zErw21^mS*%39(#ZvLHwXKLX-RUM1~3GvM;4xT{>YahEn(vCzan)i=01`cML`-DcTZz-UE?ZAW6m2`v-ERcOTQ?omY99)4uU#-xAw+K|cUGRKO@8 z-Iiu2?N}2Cmg4`=7*sttm^SrjZ*8%gSyGY#s*tOO7*iw+&}Q>UqjUdpjc|a^0s&ZN zW}T5Y%%G&0C6bP~(3P-!2|jv8Sn|R_jxq@#ka@pG1(m|b^p>_qT#E0LjOQ^{(9od# zhO;DBuIrPSoofi(yDf4_B`Mby;_{G$eSjSy$&^Gfpyh+3g(4kfshZw5a)<0ajxx_j z12E#}o%F9i7q~q z6{Jb5DfcCXWTHG0DbN73usAh(3+YuO1wbzSn~P}e;9Tbl9=>y9;hZrtC5McKp8pCB z?Yp@Ic@pP|N$IH=8q=QfXymMhFI^w119A@;Jb}#Qy7BlX6W~CdHv6uB)JVuA^_?v4 z6k$p2A4S@?wv=rx$|BxtNy;`Cu_z2ocAdB*Ju=Dhd@;qivgUWLkvf#6pd5W&H2_=+7w> z6OgwC<5V0xC>qu?o=wCnYZ0Wgv$kFUXbb1WHXvi>5g9`48cHn=rK1` zC8vzCaUNGA1UnGfazW~Jm8YUw_HR`CQSF1ykyl^2)FA|^PkwLQBO9;bhrEAH2c^yA zA93S^5*tzgIDkay=AGqwU-PW%KLbV&B*PWm9JK&G4tx-aw3;{@CkVaep(|D|sdFVB@Vu*U@XQA&zX&X9wL@@i-&>B$ZjB&36G(qft)3ylVS0OVULo-OvoWF} z$?#1eX>pbHBN2*AS;>)-#}-zSI2;}NF!+q;4=!jXL15WxyPD-Q@EpJ~QukXeI*Z7z zvHp7eTWvAJIT%#YHVt?BuPj`zMj9Z!U&72!K6u=(kElzWUp=$h_bxiHk@u<+?j$z` z^OXVJ_hR_k!3jd(Nejz;A6oR?=Ch)<<()xttl*>64f0coWVnKY51sLVPS?VZp=B1` z?^pQU)~`0zY1w7Y3=FTE^C2Qr#dWCA1gW2F^9w+{nJI+G^4G>tlojAx45i3@NmpeT zzjQ-A67FjL`!kfrJ`r0CDE;=WK#QkZMDnn!(0;WeUwl6)?yi|I{gruU)V2iVpbvZ zHh#lJ3Vy3HX9ic<)I>lvj-`Fmu~ptSD|*YBG%&!|zO387dM)^_YT;7^DlL=#Y+t3A z{#iG9qM<^r5vbM5>$LcU96POTmTLK#SPMB)hKqBI!`4P=4HmDjB{`ifn+dD*kQ{Nd zn`eW|2(jwxN^jHu1V`zN%ONYb>Yi7#y~ULGOJ4$FH7%`k**8~R#n~=gSf+D?-?&0E z9bcfH^z_A6o--kT%LLW5IAKB^456U0rDi`9L8~I($K8I{)pqf;|H*=odD>NoCt}<>eat<|xrb{W?V97LIJBEGv+H3jmv$E=1rOiGdx} zW-y=emAB1GA-GSOyv6Y*$Pb6TNIC@?GdQ;{3dL4a(2mn*60P45J{+>)`&*?X^q`C$ zWS?51e?`Z5(~z3|_qi3Wf>YQw`a*N!TkAXZXa~g#?qiGLI3x%^?v?Ipa|8pETr{KJWq@%*Q_6gBDlpwtX5T;0;`h%|5)_cB@ z8yrWNkF;TtW!<@p{OIzBy5)p5yS?xWq2Ad=5bDI7ag64=Y_3XdUaWzxKeOVT^n-f4 zVVQ+Ko8r1m#zXIaPtX|`o=$}tjkj&>Y*?+tk>bWhsL41SQUOLrphkPFP3F@_TrY)f zC;tMM_CC}5D_lxiHW_f)%KVx&t~c+rt`SOP`m_Nk0@7 zL-VGilj;Qme9nt|H1n8Ty|Q*ayV_MFU|umJH5?|G%~3YDY0t4_ed@K~qa@HupVu)r zKgJ1~Uwop{L9K?8`fL3$LJg6!C!CAI4cN>0Q=rL^)hBQyo6ddZ0Ebt<#5Y4-Xogrx0ialL>iqoo3 zDy-;%f@i0VkCbkbQ;c*st?iCS<;?gX#p{Hxz-+eN1vr!yPT1OAFQ@lSAbk5cY1p~p zhbR6mOWNtdjIgBV_F2;ZX5Q!N+qj=ZDQzg99EAyZPJXV_+3ZwT<&mIIU$+dEPt{LV zvW*Q8ww3!aFC@}3^fvT&Y;hgEjHgDdW? zcL&0NAOrI75CRg(Z_9Vqocc<-ASQ0cnq}UB%?tti+*B@2E{T{Yd z8x+*`F9FgO9A8i(RP|m?0|R_hm}uma3Jg4bxx%;WU3E%tKl&Gma_gIIQj=;2uT;bSp7Hh7 zBVMRYkzzUR0prCVABwvSDK8Gb-$%qfXy_nUaAGBQsX`BgvjI+@S6PWhs~~sUJM!#M zpP-(@l6aHa7wXzlGc$7(Ap4!|%y!8!!p2SSgj9pzXLjK_I>_u`^Hy z@hKjCc?u}cjHCRn+qHafXOba=Y)4t)g!;}*!LEbPlue-y*+C@M1llv_vI#H_31+*w z!td73!lQ*mAB?3%=w?}vv|ow13=L&uxZCN3jsC|*=nGib90`8|_;v^~umxldXfdoH zf`NzoO#ALem|_uS@1kBO{|R`-PKqDPrn_?Os*P=PQb0iO(+>a|Y}uhH^vZPOV>h7Fs6Q2;U56?Nx&n!sH!nlgwUpBFtod&;KVn1&>* zyJm#jzps3xFiA`eSp}+Kk0@vy@^P-oKQmeW3W*y>=mr?D^lm+rUvBAp@wdp{g{p>9 zkSy-4i1z+Vo3aU< zMyv5bRMn|2V9#D7*_2Bn<2r*F}c?cue{zI%D7lp7E zUr?P8DqlD5*RWLLO0Ymf5CXTt^XKo9JR#`+Te^x(re_n_US7izhiuJAu;`)$*!_^? z(UOm^%xkQ6%26lC?_-5Pq18={W?8@e8W5G{ZDUi65)a+(smq3ou(sL`YvM`EG$ZpH zCMyQ|KV?gKUf$(5+b0nH#_k18MXN5sSQkQ%#>?*+vWLl*Dmv3Y+^7j>voo{G6X))c z91gm-I!K60RVYVkGaitqJAd{(w(VH1_nS?M5lBZ>@0Tfzc5CQ})4NOELj+@*4%dW3 zns^*n(lXSv=GETJXg)$T*(3KDleHFJicN!xnF92c;TNCcXM0@^@iXkypdZZ!R!)AC z1XL@7PQ~#DCQK$B3$$5n0}dVcCoXv1f9&#^wkHr0)F_<=u+fpVWNRJX>xyg+eSuF+ zeS*z={0`Ep^X&V=O+!A-9rxKQsLyO~`& zy*E99Yy=z!;svCcx4zd{)$&7Vzoe1Rz^L&OP+8xFv$H2!h?FG>Z zW_R^5(olBuLeP3#)HX!Qz9~p7a~e4<>7l#JF0DMr&frzic#ro;SHdNGW~k&YRP_+~ z$o#M-TCk_xx%IjuM?Lei2xX)Ap*LU%q^q_4{dKbcRXugUoe?v^pkbZdX&dC=JW(!La})4z_J zDw`^7RA5C8c|{Aqf%!(h>(5qB;5N$+02PWs_P z!*lNQ87hcI0w^0XQ%0FVU#6 zZYZ-a)kV+X<9?53HDkK|XEbXgo+NxAawmnf9{(9w1juMcyTy}pzvH5r>M-UFdKfds z#QS;!{L04kKLAIC=d~b3QMZc^W}H^hLGQB#ip{8)m}et#e|*B>^U&xoND^B@x1C}| zq6g__hhT6Dq|g3(L!A+x2Y7b>d4?q6=@&5m#(`ZO!Aza5?}w%?EN%HYL7s2ZU9FJe zhrM}#_Kcq(OD_Bef>~?&bCkPiuWY_*PH0Z}y?fhX&Gu%Gz&oG*mss7uA(mn_bk6!( zKd;o^enER7iL(FU?f(u9>GUrk;S9RBQ~8fD@_l5*JXdt6e_ovmy}uK~fB()!h<@Uo z$p7pi-3LQ!T^1D<$Lld~ke<`eH)Avfi$YE)=h11g8kM6FQ`Gjq|4Sbgs-N2a9~aT9 zWcY5gy*B$FC~@D=PnPwcR4+=0`VVOM*9!^nJTb@(3U7wO+6yB2+{_tFCr8H=4dvvV zUVSYv&ULPY67cuS{4?V=@ei>0&rAJ(Cx!R_EuV@mkuVY}Fu zU4pwBhGrqP={wD)hU)ON|B4=iC+yfq)3H8Cb;SGgwxEbQ=}qxpFsUr<{gZ-=M8u_1YO5TQFr-rp_!Z+eO1=+wr>{UP;+Im^;!5G!1K(ra=LMZq`TVT8tK+4`d~f zFbZilfJ%nBj_2N3YGPBlq_q9yWK$WXT!3GVsT_nwH?0fN%{X`xAoiF`UNU{%LG_OBg zI6cU0J!t7CfR4BeJ3E`W13rj9T88p6POH{S5a9`<22V?ErqIK24Vk!2=OuXvdb@)_ z-8c+^iwkQYd#k^N`Bm-Qng;yyuSWD2YBQ>^A;|)M>DOu@-nfzckTf5V{E`%U_BLKBU7Sv+3cFarmlGO{+?ZkV6!~i_xgu zT-Ps&*`)q;KyErW;JBg7PX-Dqi=t#d=Bj70{%*7Eb37kpz~_q&pfF9|hP9Z}{vO6N zu|9qH@L^Z)Mai16BEtYU_4n9PB9qn-_gFhJ;=`obZ_{gHg6Dr6FPrK1h|dPkp>~H@ z^74%vzh#}RH}PcCP5iZMg4OLlpumWW67h)=k>41Byh7UR;n!jO&Bj~d28tCVb~Nkl z`TZEf7Pb+aafbK_e!(R}y2*lj9KpE2K^3zI%s5Z^AE}~x8S;8|-hFP7zu-zH|CmBE zG3~j`aaj!09h5}Ol=eXWG)%u7-a>kH^~R*)iye*mAw@36iIbNEhdo?<4&jOsywrV> zzE~`ajt}qhc3abIwLBedAq(>sJ9ZX0hgS4k?|v4SW?9`!+}aI~#$C0>!jPSy;WCgn zkX9)T^Mp`TYmAK#q4Ve^<0vPm4eJYxR`cCmyN{wG?1?RIhDBhhY6=B1)xZ-6TNpWl z5L?LfVB%FV{hXcc{q_+FxMdojz9nnOogdfdJqTvZa(CVdC}<0R1f{8J(inMV>l@Pl z1`Q<`-V_c@_Vf#wd%}gY0OAA*Li7Nm-mjO|Q77BK*K z2xbjpZ4TUy>zxo0tXnTiEo5Mgmq`m30hA;rt_1_gDn>?IZm)!}n)zrzI}##kOL9$E zCXXuTLnCEzK#Cvx5to<0fp#0bME-|m0D*GxSx@X3<#{DRTBn51^Ub_ zYYW~7Jep16J8csqaG&%gHhb_(J%Bj6zJURPh8+fWt~U^U+wOd0l88mjOrbd>2Zu8QR;*I(H!L&5q(I$3H1WV;|j4!eWvbqo0(brQq|*2Fu?A zHBCOkR5oaB%2d(g!8?4AaW4aB*ilH3Y=YI7ktEf+;YjF4u^{U>6 z^wR=WkS0kUJO9CQUnf$V=+W7$Y2_-2S{;P}*f17*@P>m*5syRPE#O!5c7aD~9le<@ z76Flsmu`HNfv<>cyMVf|z?Mzz%I()R;;wowL)$oHvKm%#PMA?ceHfwWVP@kr!RrdM z6KUpULrC)Ib;bjiOCk0^ya@cCOOOOIAkVAoPZ zd*`_a0u~#8mW|$2B>8fP`})b#ne+J2KyAG6>3d8rB_<62f%^)9gx?dckMMYZjp$?( zXac%;n}6=k$ORA|A?4d2t^>5dNWdEMzu0@rxGLAK-5Vv95>e?86j21ELjh6300D#U zZV*9`4nYtRQ91-cx?>WPR1lC5lu1oWq@=s+9T&LPz3%6J-siVJ?EPtPJ}l8S1Fm_U z<2=VP{^JS7eS?7TUbdTSy+KbzHsW*@ zO>E^+-CO8K0sA*%HU-VwIRjpg7x1ZPv5!o*YRxEq3OcWt-W@t`b2ucC8miUo+}yIA z6Y;DNSFZ}$4 z5@U+zHuS<=f@f0iy~kJ{BcZ;cxbBfXlhyL3UOM~GNH-&#Xr&wm(oJ2usl4^3lb4W; z_T#pPogJ_BTqnoqliOZeu=NB51#QfCknODPUp=*g8pm8PwX`IO7WoF@7OV>mnI9kG zoIKzXr#X)PEe$ai>fMn%;nC zx8u#Yfp>1L%bU~4)JtS--m0Qy-UlE1F?UU>N-!k(j;|=;P`&qF=)j4xbl%KogAo}; zFgUhEnAB}?Bef2x2OG)8`u_H z&~BU7X(@bIWuiRjqc02Z&JOzrRo$jCMVtx2j6J+rN)6Xl?FqPgwls4@(BQ%$>8E8j z)eDKveMO(K$vlcHlT!cN2;E{(7jbvss8|t&!=8OqP*Ktya>GM+#H-JNgQhJh9cZ} zeMQx)rDYTE)DcDcTHAtK&d=t1=hq%gZM%Xveyo}4E{PdVcUrvaCW%@ZBhBgS|K=AK+ z<6xU$DZ!MPQm$gLQh7r=zL;O#&>al(vJf721HTC0x$8jw2xZ*-%cf?rQ zkwR>+8=_ zG8mIX0u4e6mHTxxf!w*>bo@`~aiD{)nVB1c<=TcnI*B9*!}d@$$(ocy4AcVmSd}znwld;mM@?$ihdD&oFo`s^}x`N zavDW04~0Tx!g*R&+8gp~@RtJ3*&v;`EmU?jS-ZF;eg+-MYi_7w^LE-MY#Evuv0UYN zaBm*Lh+UJ`D2)OpmG=Kh5mS?Poe2q{P%ZjxcIx!$&9Gc3O(Oa1?$pIKP~-ena zt-oDqCGo+P7IRq`&NCx@Fq7^mDR98L|MaDeD*oe3OFXyzw=b>eW#hY^lEyd=SeCya zVo&s6#Nx$bOaQzLwWRhQ;#q z%@ZwyL1!?26~r^^^UKwA2&qaUHLhl1uYV_o>rdio5Sk*9>Al*m8zt%8d)V{oV6}G_JAageent`Jmj=cDs&SZD)*udAR`$%C>%~$f}&%EwfAS*&=m;U;_22 z3Mi=)6oWTQD#Hh;=zAz;gkGGz-`fq56#esvfXfFoqbCXf=_!F;LMAl_dLW-^?=_gL zWqp{tsqv!G)~%)%b@m@CI)7*q;)+GwY@(4-`GYZXjsacXS# zMxHqoCLHolMrS%9?!T!dPHMn_#dpot(7 ztZ7N`3bF2qS>Q_^2&SM5h4HOlfZJ{W9OlX;PEx>`rx*!Z&z(O%3>F&S^*S=mr;9`# zNtMS(e}b1F(#2ag17(rjqeEFm%>aSJWcu?Z0f9kZpfk7wztLJ z*g&1wFX_P&*PD6>F^`Z?Vz@}P_(8EbkZ9fuO5k>$`(OZ`i11F#B{YRC5;AJGFiH8D zz?wd8%{$Es+ex5f>~DS}}kZ+=Jfv ztQx#`XtZ=>NnkC>tG7o>qu$HVM^EAd;iwLyh<1;jfaMsXp_P9Ol(}TDWL=4wnfy+DMQp|<(qbVVIOAYhmUc_mCwKH!3 zL<64n)t2A*o9U}yhKD4Ih#RNcPSLAxNy>RG%zpslANL+z{2%$@x03E&O$BxgJZOTL zRVvQHDif8IXT%Sc3w$lPKagZ;m~AU=XP;)V)i{AWo8IIg7OC4keSKHcFp&~>8H?kP zWRVObm?U(IvfjP|(769f|^wP4o3Wu)^;Ohsy=U@i4)I!-#Xi5-+cyhZTH?r$nP`gEL?JJRT}xiktT5PErOnbCMG-F8sI7&Xoldvy%#Gy zEF_)zCN3-h7<8m5H}Z8p!3aS7A$wvlVu^s^$xexf#~Hw45f|C146=8jq0fz)RW?wC z;lRZrHyTK6?3ea9fKkDmm!$ag1ZUJ~1VjQ>)?F8OgNTenD_T9k?LXU)ERDz5)B{Z0 zEO_V6of|ST1cH`M1Nu2{F* z`SLZ{w+`b5VyXTMc3{@I;lmhKI`lkRr00;l+!)C9Pa9DM^78hpA3f1u!3Q2xwVi!X zL~ek4%--x!d|0y-4rq!2t~eWuNx@Ttj^L2J`vXq{spXz$qKB4im}$bvSEGhZu1rj1 zk%QK2qWeO@l1+N~mCa*E)zwFF5i6Vr3cGjK^Mo&P%6AJsNV(>xSNpT zGZhXV>1@G5HQC>n;y*xtUXq2a$??$HFMt?Rn={)b6wm*5&m`a(pM8wbK_X%cAPYOF z$+g0;XS&s8-I+5fB4TdEJf=@YGLPb0sPjN)85rmLwnnEXJwkerHVv}7HD{m5CYX@& zt;N)~!?>q6bJ??cC4Cg9-2`xxuIScWAJ_-x3l@eKaO58}jUg`%KT~~?yYr$<=PNVh zGlQghK)l#ypAvEMq-%T5wvh?ot@Ia<&g_z2OaH*2)tHwL{zj0!|A8PEeU-yD8y61y zQfcGyf7O!`tcFkfT^|frVP$2-jX5sZWRw9)5kiK*c0EC5X^Q+{FvRTRJsl3H7$`T( zDJVqj8Ul+rN-Y3`9=d=#K^lJl4cYAJF}?UC*6FE>p37+@Ppfo=9$s$CT=Ri?M=L6t z43*ima4%!1!U)cE1{;WhWjH9SZ`x!R#5mMQSBn41YYuR~GfAr((*1XnPhIymBAH4B zwCe*$LRNQ@Jiu?}7?)r$lH5KUTVlKYV2PNO;mQ?#naX4FqR)OTsGKk}8~U7#7S$>P zCSys39GVR?`@~OS&9148kEUgknoXn*0d0-6;GhYm3emlmf-TUc0DIJid`UD!oDf!7 z#AGDqUPG#QdpddIhoX3OWes@P-Hy!SFs$sWv<7_)7i^91CJbTlEi#@eExS{}AtC&x z)Tvit5>jB?C4SW%?=ItQnR)SJktI`BD?927++m1&bJ|E)Ij!Q84_~5^4PG`)wYt#1CJPFqj!UsLOkZeyt+T?Hv~C&|#*no) z+iRo2E9Ku}xgFg7Rr2m*aTws@7ayqDscA~u14E{q9ca2+3amj-ItH8AXpNc1lm&q1 zI=nCR!OFSTP1Q)bL3c`?cOl^4aOIAe{}xy7P>)$P3;XU+H$zK8tY*+6PW}tam!P0f z^Xu8^BNpbx5sJ7WxTvU%q^)e~EGB`{h?zjh>it4}+nZLgS@DGLW}3g5oUt5Vk`KT_Q<1 z<=0;w#h3OzxmsF;`LAxcF~bity}o6BFHH^;KV=^E`Hv$mGDmTDYqj?G=qXojBdPXo z_y+OMgze2-$?u1s6bmvVV~;u9Y+pOz&@xj3r_rnwR!n^d`PBNmSlyd*v3osv-JE=R zN89DI8UJ`?`h?c`KOG>~y&o^D%+N3pJ<`f~jiWoeUnvOqIQ1$j;QAJl%Bz6bYlF`E zjs{iYCY?jdagx`IDSaVwusML8f41CN(?Eutm7x_7Md$_wA9Or8zcoz?-h`4R;xKsq z-PTj+4VyCdtFzCBy4B=(P|1BE3SaK=q;7(*5NYV)@re+PfD;oSeLHO~>g?QUp$AV{ ziZ%1V|FCz-&!7F2^4^K_iEEGDRsAEzgBprFwr%9pcCH@o7QQv6w09gb9%ci?C~`$> zKIW-n4C#27<4X10?tk*jYUA0R=-O<<+a!tN7#--F;(PR(;xYR&EJq-GJ{pjWO(^6{+JiQ1UHs zXm83DL#fe7$#BhXfv5~B``Kv?uw@1sS`Jr4s-_;yX$zPF+yy}|%u&GO(8vxZ%4#?E zIjKeug9nHVK)l@O=`$ zshle-<5mV!qu&}hEJd4RQl-nmR6SD5C)+THLQ)!;QbNVN4z1zfI?9IFUQ)Wr_OWFg za?4z!*E4mkn9_zmCk#cV9~S+GVN%N3RDDY588K7teCqQ_JWDgTb*t=jHCloUF%I1> zKv1EOM-7it%i&gp-S7JPd+QlT3%&dF+49f`Maia9KF=EUaTIl&ih+VBgC;g6vy%{X$|>DorT z(BPZ-$D(nKO`2ITn^J}n4@~Y~;^uCE$PO@TAAK7Q(w|9b_5S4)p_9t=!V44x zq>NcHuM5jq()++7bz!e+*K^#hy~U)O&4UwC2tN`*xEl}`Wt-Bhq9GJZipuUh%EE`G zw>l%8$JKd6Js-;@CDm#)My|wSE;=DA&F;E3l*e36l1&ZaciM{bcsVrr++Ij2)|5`in{Wv?uKtslzWvrx7X@wcs?j!^g-?E1rNp6oX* z|AOa}FpD zV;8p^I?f1$DY^ZKpqG@JxK}WvaBq85lt(_kGr=eF8$-UWYa&F@rL?2@$l(`ZS*fJ9d9Uc&6TZvU;pl`AwX z`bTNVDa!}Wl~6RJr5t$yn!boY)9>pN7XyBubVHzNI^Uot+rQp*hyyh3n^ereia^t@ zP8BkaLH?oNCsK?Fc+jt-jO<$O1a_jDr$ECs-6$Dzrf@x%Wgddc5fDUB%JAs)x{vhdiTSD^{!-Bq)5_iB+n&nV-1QvGs4)Q ztwHF1E!Z>e)ovPakdJ;Utl7sZS1mAQfMfe%u3%31i^ENZ%T!*b`sLUyzXY>Koo+Zp zE|r4Q6UsffYD*`7CE5=O{i4;ipS`;CEZe%zevDCXVt5$}yiXq*n0#Zd-Nr%9{t%dm zqM`8ID|gJGpd7f}oicg%b&bPda5gbPW3fA|Mbb9bT;m)?ZC-8sJp$`@%r2mr?)eLzQ`mSsZ9;f!}{XCZ$SY=+-z&(xAx-pbd zQIWvQ>o;`K1j zOPxdhNk6K3BRIZ!3tlnOxP;Y?kT;fgfbRr_76(I)W|FBQJp;Gx*9sC}6x_ESFrWC8o2~Qhhb35(!|+`0@P^PremVr$6;#G5RFHeo$#Ocx z8@CK{udQ~f=uBGUNjK?!&zbI~(tV`O$R-!b+^pFAP=dSANEs`QnKlU)zf=OhR!_m0 zz|JqKV4Asj|68Z0Xw@`fFOlh+3D#pdUhLdP;}BA0G{)VYG=XEdyD~9#DUlBQ`McPm zOQoM*d#~n=Nlf~KLU%x*v3DxXr@2QY1Vdv8%B63F3RoGgCtOddB;!859&e?5MgDHj z^n%Q_T`~$3>FYa8@1HFbSMX;FwG9!W5Cl4w^Ym|nVC%JYMVA_PM)fq8py?oL!Wf>B z5R0Ylf{w|$g4Fj?d)R%lt)OyFwdyJyB0MJwrD?l|TYxKl8&;91!f)3!_;8I~8f<^N zw&ZhKb*zwyJr*h!pa_fLIUgFe?NUl^75iM3+G`8=SPy zOdM&yZOBs0oS*5g=$5Mu`5K2^i{$giWm-1BS z+o%!jTkKZz#%z354fp)r&?5x+F8xjp@r0XCoJ#^F9sU5Oi5AHy_jd-uT!#}jS}XHSv7 zL?~obj;u0OW?&kPwpwI57t2xM>`O}TYyl@u?27sP0fp*x{_CwNP+c~52SBGeK6#GF z2d+dmblDy;K|{zzz%`{`BjdfY*KcZCSY)pL1<10PXAh0SOaA>De}9Ae?>$+cf~6bs zsr~yGX6~ORr3hSg@P%dg2PgXXD=U?E3^#>ws9=0Kt=8uTsQHXvp(DX7(QmPFO5cG( zpq7J}uk+B~SH7#gJ%Otr>p|*0tF@9`@HDOp%#GyPK6 z(8xX{rQu(dEOyztm9(z^^&@kYo^ zbNKMTKZt{G%pL!Eqx}8qv;Qq~Pvj zx=o;})vi&Cy30veVpEq`&}9F4FQt)Q)!0X&8&4`|E&J4B6TQW(OTTUB??>@lM)pyC zS7P{2C^_C=XidJT8Qu(ed(4A-JF^ctjkCo9AVk*)q_qi!jC}&5T>jOK?9c&if5DS( zDI)5;(*&sZ#e+jniXRq%QEu0oXa)6ZXkqK>{;g>TvDk(wl-90?MVa;%8(3w}g_e^Y zd#vO?*-yRpHr%qdD)m7~*qKbk5LWmf_x*Q=W~Is6k5sSe2s}nD(@j^8tcF7zJ3HU@ z$Z2(AH*bFOAxYJk#uS?r=J@foQkrueQdXO^GizHslfEOi54Ye_>A{bW9AsTkooF2n za~-Mwq7vfg-$N7(dynMsxz z!-+Im*nevhER)tV#@b>xa~C#q2y8Q^3CU^wSEq>&uwz4#YQCAO&ww4*FIty<4NL6(aZi7hF+Bw*Un~kh< znbs#5Yqejfl+2=5U^95daFWo)GSs>(>BkFR6$ZxAq!{bX)z7o5NjG1RaY4XHf z)vxWZQWcNF)i5O8mUEKn=HV>q4o+m9;4zYNbU5w%y({-qpM>}e_ha90-7P+X183^G zOo{my2XXkD=~WzNIPq`4zZce5e40~@+e(M37mM>7YcO-dczBb||9WZwxy18ab8}4R zb=_APpr&mG}h@$b)<* z+?YE=QXYR%ts(w7eq+94)t!z28CwPg&8~1Z|Q7}<|xeMmjLuKWuK?TlQY;U*4iMqTRJy*UEI)@T8&7Z&H*c(dPc${YXiv zu1*iFz#U(5{qK=@o7nBGyI`6CU-k@-U3S@@be=W1PUQe_Y_%ucB9ecIV7K2V2adsv z;i*fh^6%-WY zmDy6BAUa@ny?p}>X^79j7&BmY8LzP)FuPjlr_#`fqgU9w&|^@I=`@=vnoQeTx(jpf zaS6uyECnxX?+BAIh@NY>#>dC!P#u(-lET8lK|FtY_HA>&b;+d7tTL=tq%hFid)Mgt z!06WpZ$KBH?HeLE>g5Xe!qT_)`d}vR=E7cRsU4w!KC=&C3qmxru4s1AxW!4T_#IXz zLucm~k5>B-F8K}-QBkGs)I$SXi;rL?gs|;?CWgPmHLT*{@VQth%k+iLW{)C2zoJT; zgOrqXVS88DagKg(G1%j|TbzUkqkA+BpZ`d>Wp@_C4QobiI>HeKYK0RnYs%-5XPsx`= z`>_)(<*9^KR}(nk5ST=Kt#5BpWW_(|b5GyMLd1+0wGcnqh+qArH})pQsv5tzQrCsE zT*vqGKhUFABZk+u@(rKhhs#%-P6jK@eLl0&%G5nT0C@R`Oe)*~)8^=&cW}zL zGk@IIk>{P8mqQ}Xnzb?WTr{9)5V67u2+B-R+&xPHPBNj&po+-C$w z_w(~(X!f1;_1OkUD{X%NOzr7W-8}cgzdc^eV%&j=naYfWx zWal+{AyG3xIicTaO{F~hR8P{KVz961__yGf7JiF^J95Wm2R-c`nifNyh`u`ezzo|amo9A;|s}gCdrs14eTy8 zu!$zUx0?!2@A#TdgL{1KH=#40fX3%(rr1t~7$sxR3&$0v*L-VmLQPX)cU7&Jrn26Dsi-?uaaU@fMEwj&j_j1c83L=sH6zK{2z`&K3F{U2 zSpn5@xpJMPt=a^J&Nh4khg;pQYX`Q#KLhHSqlb6Pr@~_>cI7K`UQBzK)0yY;$%`>{ z2w0_d5$olAH-5E+p01Gi{iO5$wmCYb%}nAZ%KeJ)d)scEFl+=ykg}Wc`x)c0%w4bs zw3s%xzijToH`SfUC{F=#RIB`@98>I>Bi5iaaTv270p)(b-dOJ6$llUd465{IypiOZrKR?SgrGmdtdsogpz1sc(x8HiC zt@V|9+b#c^f}$e+vKHgQvpi>yTxf3M*Es67wbHq(!vVYW*yP=8_3EmG+atpP$BuWxCPHzmclXJB-Ll0tFLHJ1 zki-C)OXu6?g0-EJ6T@k|KKY?if0TD!#T{81MTRgdUYvff;tX-ag{Jw}@OM~pk5rIZ z@mXaTBKfedAKx6Y?>kb{uFZp!+v(#n_zab;`W;fg@UD;;g9MkteV?N!83$ zaD`J}{pMO9*=q{sP|0c3T>v3&vBym%m;$GsH0a%YNrTMrr+HTms=D=#d57*@H_`E8 zRgm(OG#mx4=ijwYP1ybj#|0nkle(Imo?Wwzc{`Tlxn?RsHmYz%2c0eGKt!RYJ`HB3 zr$}h8Q4^B6e#|lNhMN99gUk9H>795vDabEYf@!2qMPbV8SyprMm-b7@sJ+i7x%;zj zKmA>d3`)%Yt7l)1R^dsR$|jkyH*f1*fgksy;Nh#g!rJy$pI9JhhHakX4x_16t8AMgd9qHIKb zf%UW{%UYU?(_UEj_1J%}hurTdo$TWL2!X3ALGJk$$Y2ahKD?_HY9&8CU_hXQP{5q?TAz=(Kgon z6rC3$VL5?>4@%$DJ;Ej2cW|R9wFf46NbRow+!)&GlgQ^&^vGutux0sCzz`;WtzxT` zYs9yBHfyds&FVNy;|U)4EVZgHI(C0(d6cR#PK5U*VA3flGOq8&C&rRFr$J3&oS3!v zFTUu^hF@fOD6{Q%Y2~I3x2C5L&*XOI&2b_=?W|Ja8MeEf3@m&^h&%AppASfmTM!DZ zyH0(HAtr2Wqw!ik?sbvti~Aki30eJ;m^W9?pHDoZndGiNMqgkj#yi#A%r^LvhC2-Z z5ZNsxa%Awb10G+^01o;2GeO+;9WiWm(t1CL8yw;@vFml~zJO3u;Z@;A^W~8R?&cO( zNp>k|nqZz>?cb!HDpXV}lc7`Ec2+MS<&*hh0Ah4Xw=}z(18hmZDd>Dba!9n@SDW!* zljqtVxZ1fSrrh^ME^S%erLxnQiMRROsT}UWy^C9Koi8i5-BqebDQaj05(^0Y?nvdH zgTx@#>JqGU^hH;3CZK2*eDc?EOk0Zm$QWpSzVm~7erB_E%B~PU4F;2t57z&hY3YEz zr<2id5Zx~6_l7z^v)$I(bZQ?P^yNU)faE7f@5W-b*SKDCW`yMQf0WM}f1j`S;zZ4; zHB(7XWo2he!*OQ3EvE0I+P6BN<#%lIZ$Ej$;Wd)q?4;cjmBuY=uKsgL&JbA7g(_C+_R_v^>UXZ(!tv4m)j$ zt@Ba_*v2`#C?I$Hre$yR%j*?RzqjjF+xsT(ANa#60unb^drLNgi*B8<7yA^-rbqd+ zehG{u^FE75z};ltj_OBsL$5xV`eahsh-T-=blW)m7|1QJUaAG*89w33sgywu3Z)L; z>fa; zebHtor#qK!DzUEAcAm#lU6F-iLZA8!?tzAMb5L^e!09H9DU?M$`e^v z$LlJw#|`Oi2~+eLcowD#uxJ9!G>bPKg;mOSXIKfIcH*z^PBoP1o91Tvc#{S8p45Fq zb3Lw@$V)c}!hQ5Lqqu`yEzX*@0yfD+og4hf$r`p|+qm^ho&1ZItBaXW65d>&XH-P{~i#Z$Gwr9JfxmN++94-aNQ*qx*G;{|bG9GZG5a z%<>`1-djUxUU6cMZi-b}l0Y>BsUZ!)MP;pLQ;xn+y&a-bE~xakNEXd=hjNMabu4>e zq;lzA>e>)QcF;h>dmW!EP8g)MefICPC~8W}1!JiQFN;aG-fpy%koL6x(IFHZY`Rf_ zSOq;rkHV)s2CEgyh2-g3D`T+N8paEVp5d5C-m2{X0R>sGZV7?Z#Md`wY(@j5WS{zo zI{q{m!Pd=5E{&&YMj2+=yF^RID4fun@qPTWJhkI|CHk_hI)LV?VG&eH#v);D6Sb5I z2SD8+!z+Z_o3~;QjPj%+^k7)i4}gJ+Zp80fS<6_jaD8 zNLoTUAOX^--2LU-4yRF)5nNg~+}yhRhi`aGhjEeW%@v$tp?^_GJqaPC%#F#U=A6sva zKz28uVN~wey9aQlPCJ&<_fyy(gN8!|1`S9tG1bmVC=`Y2Y;MQ>0mML_dsNa(wnj*Ki*XU#>Viqqds6NjK1at*j8uM5jlQkvmf4ApNKZl18S0-vL z)!&Kx(FsF!J`rAE<~b|r_^y=S<#u~(X|b4{ox5-4m;D#RG&Jzu`DS$KbroxzVbY2k zsREl8`IorK9ZBvs09V;)#GR`_b!x*nSt~_8=H<*xvRzEw^XCb4KWyEe`(tyF$dNd{ zJr!?ayY!CyiXp}cCR4$enk$R=N%Lns-{aa@1@DmgE6{vrINxCYncy4|0{W8(;~;sP zi0Uky#GaS3%P~*{^Qy$r*PKy%UFZ3%)Qc(eFk0YU|I6$*FqGY(e<_K#)Bw_zsM&iY z*a@mKl2kt*NwFYd{s)Z#X7(u1YcQm$VD`&xH(9_;ZKT-Fn{hXuG0rFD+(}@M4p`lg zP=*`{DTLK!0allC;26Z1uQN2M{SJ|W1?7jVt}~apS!(m~FPDjL)q8T4Dt3Ef(SH8Z zS1UYJqMkLepO7_L5i$2|COP?1I9{qIOZl}i_D%@JgUsSRUgh~Tvg3KEJF^#*znv{~ zPdlB#9bCq#Ot9&DskzCa4os!Gbc$NG-fKmTb3RlvJ5x{@Nt)#tFqhV>n#yoa=w!~m zB;WNM?O@c6_rYhyiTQ?ezGo=9iNS5^rjXjiEFwUc5)y7s#i!h6A+Y_X>5dNBBfrk& z``eYSoKR;YZ8~uJ9iSd}kuGNer(baDg_Vpz72=JgIFxL1?MALhIsNf3srFOZH$d>a z+^X#@G`M3RWe~4^z{L;Ag7CzJ)7pqEBOtl;w%1BJA91n?2%P4yQy~BpH`06s(W^=} z_TNOTS8!#<5xvJ{ZXh*jal%uJ8X~9ld6=!E=u(r}$ zR*M`*dDS?vparwyL#*C_0M#lqba}rT3z;omTffDtv`6`Lo80$@Hc8Yekk zY%A^ZgcqUv^U=`I1f%wknfRWFlJRWWtg!crew}}UeE}$6a`8>7prgU+c+r`ubH(*2 zb0~8BfI66A<&DlSvrlm$6dZW}28*rT1~vtp{<}qhsYnK z<`asudSQ?*{rVDI0@lCSJs#H$Tava$B6VYa-|VobG~w@a$`|8BtwfQeZfquW6`K^zHK7Hp~0)3v1C(oz2xh`BCs)uA<9`|Sq z2-Gzd-gY9sv5_*}$9Xz)*3PHAstA#OdzOXmP5KN7UK{-nxCuF>Wk_Xxx!Kt#V@{d5 zePJH`7AxsAZL=?hzFnMg>v=PYzVUX$1oByy#1V;l8&CauW84WRI;j?ucw6M{V=!h+O>gf!95ynKabC;%-}0d-L|9kAKx26Y(SR!8_+I z>YEbHW3@DTG3{xY{WcKiRx9&EIYQCr|k>T@fqi|L2&((zD(MZfH^!<-iNt^N}RZ@kQi5>6(n8@fOs8RHf8_7&*q|t zg~$~w97ghQ{>m$>^Wpl=aMKtcbz_GVD5AdUhCnZ~LdcCO_C9qwgcLxs3*|Q6y9Mxn zG8j}+M+I3K3EJ;{C&S70ui zpcb^G2J}KvQMpoa8gG>vL)Qa`ct3@BL&JVwNIcLn7f@L#CqFrw3s#5gC%63t+jgwB zK}f;NRgsYPRwttv5YE~I!M1hz3%CNW+0vp{Z`D_H+I(0pVcDiQuz*sRDJv(-S*G$S z=rm0Jq7V7dfh%x}gfWe6oo;RFX>t1WG-(L%b_)|7*Z;Tz!x=VKiJ&#x`0kY-eT)N% zpPsGtq$QY*wY1QHEpV))CtJCsFccpkF~*mFMtu(|wzvEPkDIrp5DBbi^)3dw8?P{O z78cZYR*P&~-SHy|iJGlhq!lr}C?0I*7&rWk;$rt^y{9}B9&(#o48t8pU^Rk(e48v* zFu7{2hkfU~3-fr8{FOsvVA(@s;55V-nA~G)TEf1=>Mzpv^Qz?8{#EveU<|z4bXm>V zP2I?zfv23H_C^=ca#H>27 zniqGcm@r^7`u%ERT%4#l)?{~U<;vVZvFV+)U*UN#B-ZtA-FY><`{>-O zspW;K5$bG_!JR}ty8*zKKxwdP-_3}EC%U^%R5!M?BY4$HNSF6ggu=Z~vtm|gxu3F^ zT*Iro1K5kkwZy9Q;1@njed)L>aGQ?F~%C7if z<7EF0qrGEcM@(9*@}0)q$U%4s-=676;?sUMFYZZL!x$T#peZYw z&TP|?TC)HzU>62$aLO3u_h;q268GyZ*aIUxZIQ~W9EIlyPaC&ikm41rjFKu>70JyeI^3C}-MCB6 zY3LGULy7KP2Mi#+2dNMP)J^c9*B>l_t`50TJxG=Bu2gAJO_Uc^($stfy_CGQv5;8p zSM8x)gMk-<${{*RL28Z9LFVJ3?(zwWLH5lkMyH>$aMb!7&Y63}Yj;;gJdNMg-{wEeVC=ch5Zu9Bt#-8l|Tw(;2f8PrDDt*I#5RH zddY5St94(#=+$^0p{Uk32%7)!$jr-f5X)?wFK3u^M(PT>F}4gUAv?CJB?&FXzjpPn zqUiCC*1qDsz*@Jbw@?L3Z%|G2)?i@TK2>wk>UU$NM}ND2Cd~pblUq>@Lhyfsq!xr6 zAgOcMJ$zeI_+>}ObKVF!vfS;4(=kR~QswTHPJgL$p>wI>ZwbA2viJ6SycRPmyWJZ{Xk6%5YOeArKpJ6jZ*gaKiVf8P!SOD zQxMSPQ10{fzm>OSKtLf7x17XsN_^W!^^MMR5PUN-59%*BYPTJwgL~LtX}CW;F!9}C zp#o0yJ1MnbEky)ez0 z@&r?C@Nu%*JtfVbd8EgfoTmT+z-ik4D0X-NsRa9GD!L6jy0Q{+cD!FuI+l|bN-KK?A zWXTND8X3DEFGlxq$++DX%gyGUZdR6d*4E~Tii%PVDZl?s@O%o>X|*nTGD5WdY{p%F z#3PmvQ7j*rkB{eE*Bdt0`WzBh{THbj@Z6gzm7?aeD_6d zmW#4bKsZh;WH8;8O?}Ojd5${#HJB&ruFZ&C_gAYWAg5(d-ND0AaX?v1m>Z)Mt(Y(C zgap<-$3r+%A3{P^m20#w&?>YYQ=@q`hiiJDcPi^T?=5gQ) z1c%-xTu%^pnny|vRGk}V+?3VKm{>C5;GHV7P9i1Medh%fN;H+IiVtSWw?y(x>EEp* zefyMb6ZFcKcp)l)HM<7v{l~B|1gRaz8dBqbU69zl=<0Q<3QNa<$1?gQLfA9G3ToPa z^n(IT2Q|c7H|0CXIBQu^)cj6)6(Uze&!FzfG$h!G#;KP6j8NVEJWmoIN~972p{bSMT^=phFF3riJ`qd}?Aw z#+`d3y*~u0tZ(e^?UH(oSl@-FFJ9ic`&5)l9C<_Zz7UfdNn&JZ>H_@LZ^pFI%UTih z#UQMo#+ggtG)jYjdWl^wcTgx)m@^9eaEm{J0OSs(uZ8CAlSa0ZpBROpKqa{sJ1BX? z6~Rc5FZ)M;3O3kk{>}F#5(UT+BH3-!32JKD!v{%WivP*FB*08oa!|x;tp{e zmr=@V$iBL#q#)vhos3b=YY0-aP)ID^D?n!qz($FvE6}SpbqS{iwgfmdB)CHFMP>{R z!PqGnxZxTP=|W4?{-y4rCvB=7qRfiHvB|xjlD#tXkDB8}mUV`gwPtOmwm$g~z!bov zS~Q^k($vnAl;_$OSw-^f+yjJkU<;mtcBAf;hDjf*J$P1S!&3}7awsNKonKFsd^tKy z>5^tKZFjU3>^WoYy3Yb1#S=$Ys|~tb&$|7kf*<;w@&UgI8h#!S&<7#!W#spoA`qN* z%No=L-uy(pEu_ABjtqp40Xw)vMmeI_Y-NQ8mZp87C=0%ly47WirTU_db#STkUF}|? zFNU05i&}V@7^KPWs-|P1U!Y{c;anAbo)3l*^9L1V}&2Xc`l0MSI;}j*5w8)R*awg9yIHB z>@^3pG}BoP-G^gXjLgu3K1}qkk3SKC!tZpVi#v~Pa?7I^z~W#Y3ES=* zg;F~qek&A(fH(PY*Zu-@{by#f!{jN_ob2jX$Vbs)6{KbaMR_DUF9;~n|7Kcl-IrC= zlVCI(wsB8OSX{~Y=Mm3%_uO(4mXBRy|COGk9?E!HmS-$qMe>k$WYNhMG+q!B@&8D! zNHH9GQjX&MOPck(uB#4+!I{gN=bBXy+gEG>o-LEJ6{i3F1I6JCtWHd;UjyTIa?U+S z#brAqbP_8n=&!I385bf|yT`xV&(b7B0Mkpnau;YTW#u!29N6;_Wdqh7HIf`~+(jHu zpq+lPeapUlT}*{sXHGsTw5$3dJYotWaW?tefHuyq1{k7k2$q z&L~%umXt>I-lyJ#^~_!kjpYw~iEBBngbk?f>wHO=^4Uew z?*1d#KPz(|eP)xGsSZwXOQ`kL2uv$-i`=UHExQk=WrXKm3e*Jfh*JiV+bqv;x--9RSIdzylj4$^GDn=hV4;C<* zy!6cX{|!N8{vQxTuVmW>GM^*o3wNc|i$xogi?vF3{mkiL8OIRo*C?Kd2Yy3?@6pF% z1+x+=H@TU%-~B(j%mC6CzT{0v-MRO%OYFxMi*40&b6Lq)m0y~ISc(6Sx$}U>y5Ijl zStTwk zTkmHVKJVBjd}XvFZQ;0|B|KX8`i5E9j@w0(GNWu7wtHT#MsvSvc>pIuwt{c8O6R-^LC%lgjq{WCY-wr750V zi64Mg1YPPA{6LJypbnORN;)(q#vhutJ1#%YK{4HF-c_U}bf-*%)AX)_!UXju;pq!3zJ}XW*CzVRJqNR%O@S5Gts|hcPQOw9d}X2~M~aq0@cA z%+zIeY;~qf1+buSF0lxPPs732dV2w!2*?H5m0=wUZc6rDGxg=X*X>kPRHGZ))(b;d zcE)MH^%!QvSBcz+Y^IKn5+2 znTJS#!m6}-Z#d4$Iw4DhmBe7}n7$9#8`-ntH36vlqo4`ae!7k?QETI?0vrpd>>FcQWB z+wg>w-P`j2QG0kq@1JWADfDeXzJo;%ywEb=3%E?k_$mw=+Xq^^W4P<>O;Ak~?XAns z;dN`x-N4WF%{PNOhA>+&i@Lk3@MX^~Re|(bPi;MmfS$Ej8wZ*u4ZBhU`tM>=4W_ko zLu7EbwQE@U_5uBK{ysB25CJj=x>V`GII&^zs}gEjf2|rX%=R*f^}e&(<>?;1fG7`n z)sA=!?1`zss)t^}-W>1ZI;(z!!eDSh=2k~Ib+Ek9I~#&SV5k9! zWnExolgAP20vF+J)hCC*P!IPdP@ywBk00;HslCq&2BXq8rFrMC+aH=9^Bx&NAE9YK z2}_lx*~(3~i%@tKtl`^KejP}7l|A<9o!stGvNnD(v^6drC9KxU+A1$XrLZ@R> zY=XQ*^j=)go{nuR7s^z^Mf_;rdF3Z%=f#}jbZX~z@|TAlS-N|BzluuZgPJe^{6f^6 zls;`!*I}UL%D#RYEvUa2tbBTC&n4mnUF=kAy76@BJ!7c2l_5X|Sr?*l^}rnW4A2JJ z%N#6KWky_gZ3h8CM#sp=cyUvPsK2+?n(k@O+^9PS%((brl19-%aqh?>A8u9`Hg0ck zFN^|kR}M&_w>$_rc-f6R&r%ALL461MqceOCUKxuZbIJ|+z;Q|OB&+F*ri_-KqQh(U z=0w_xLXsvil98-qy1U{#ZHzds+xs-Q+iK3siW(V}6ub{!fRwdpBmZMsZJkRy2nubY zx0!^Hix>2oAaNydyO-X~8v|lPsC!UNC#%h#^PsOhkQn5!FnVEe6^&wmNrF7}6-WGW zjVZRoAx#{kJ;S`^m*&VC9c~=43ya;145iJx#g)tB$TD}u95#}UbAm1sJ)q*7*q(nU z?+9!BUaX}wN|lBovH-ZsOlGsNFWUPpkggJmbcC*m%wN&fR+-!5-dsFF@2}C7Mb-Tk zti_=(D@Z~A#ZanK_65JKvFfD*!3`J@v22~if)Pk}r|cH7yuQLBRRD~&oAyWewU2rS zZk-998%!8H$gZLC+U^iiKnxVGzU@!C_&q*bhH=r-I*U1iTE$MfJ^72y?DGi6rIRwH8rym4{qsrXiuuEq$8(gO2;3L z23tH%eg$*nomJ~jcG~aeAWfvQqUdS6dR7GijgavCLGvf8eo04D{35j6Q>$_A8`H=FJw~2YZk(>pyO+3OAk2%O=t?a|kcgZE8{ z@mAg?4L5wgP0CNE=k9aZ-+Yn9LR+>7J}1)vFb$-RT)yOT7gnaQo=>{k=9+xcCx# z>@*i~raQ5BPcFm|p#&LDpne#yl`W|OJ0&$EL(F0U7ib8*=f>qQihdIimR5jOMWfK5 z+4QpG=wriliP+DGuPt3hhy)EB2#q0d0u)E=%mOrE zWjF6wQeGN-|G5D%4IyhP)2T@&n|EMDn^^Kw&4mlx7a1(3t5iPj&zmy3ZJx3H`qp!+ zjnq)+k+s`BS0Mkc8p@Yk&CD=HUt`-EgP=TxZ$M&L{wyST2Nx|097hfImFQqODxR+N zZQIov&#&tf->=Jw9!HB05m0lG{mgcT3M7@0&H0MSWfiU}~QFy%hd z*M*oEFr?|VWp@ceY8f3~zVKEmH!Qz%-ZQFB@P7FnvQ?UkMvI;;MqC-JUu@MhgR(|Y zubrdncEf2w@YLd%CZ)o+CUS({r1ZN=0X~xZcCo?KCePI6(H*QE+=M?`Z>8YkrDh z!}+GIkv^@4(JI9wlCK<3!M#u1Kpbn~G*4$|7v*ts7Q{?eX!cNA^PHca!XRQE9qu}2 z@=~ngkzm|{V@oGhdR&Tp*%Q=#)L!fQbus<3&!C_<_{id6656^U%EETOl*Fl4;-mXE z+?KVq9zls2vV-q6~6(E<#6J6f+Xt@2dcJss+W}W%EMX)$>Qb0F}-QtIQ7qhFH zL|l?`adn$q?T@oZ3=3?yyDs<#MybJG{GHPcJGsZ1N+!tJ8@+ZtQ_kff?A%L7ne%cp zG;RcDRU7V#H)kyNhfDD$H05%}XVQG`Q}AqTDdti1GRc0Ymhg$AI)gU4!1JUsDjEAU z#XHdJu=QgYJbkgA$9oXtocf;3U-j?;oN@6cUfUtfc*J*45=?uZxuNDTBH$C;xYv>8 zOWPD25^@7pQJ@|TuT)}S=ZfH!j5_*3A;sttsB3O$lpcMXXL9Ddsr|?0ROQ{Vj=M63G*8cXL(hUJAHR$g z(Z*rDIs&pY508pVOqafYyx@b#fRShP?vJ6ByU#1hJ~A>ox{bIFci|a=B`Y^CvJjC4 z@>f(^3cOX6Md4@Ede{bm2eRpOl^t=)AX z!8ZERb5klVt<|je#6Z&((gl89TYL-Y1nm4_&;m0<#_KUX+Pk(ns+p@F!7D&N`C*6DDlP{@L74c z*k_&?VJcBnpx+wo1n>#i=!+UR0JfaxDp7a_F>}w@)JYG+!Y<2#>(OPv_XJ|#2tI4h zM?|X6`lrDBbZfMZr0z(|yS%8F1$Xw93M zi;D!trr#-BX7`Zq;862$rIk-_4Mjd-{U$m2E8=T@_Uy#wBSDxopW?T@Srl}rflWd+ zvq3;)788>O|2?MK)_amt*)cDk(QkV=iq;!NU%pp;yX@}FeU=^sN1J=_mY3b_D?rF! zOY=`iSE;uI4)st49?)_@<&14$*aUSEbldv&j0}dV7%jO1el6GIlsBzjCz4TOltO(g zi-FFMa_%-}F`cEdlAt7g$4{sKx=5f@+;e5_oqR+}zzc92!aEnO6;0+h31INiYx0A6 zjH1#4ruI9Dag-G|nlt9C)+|4{#v-A{c{G>rd4h-&gbx!_@(Wp9*VyPM`9~;n(k9op z5ZER*86mh{SUX-4ff(IL*Ja*4LkZse6bm(%^7y@z4D(59?JnGDkA-Eg(C!*-X&Oy| zm_4tExeCMBRy@&y6Y1L*&{P{paO4SQa+V?-Kph?Jp}9vyeWy9*)56<&%!CJ-iIAh` z;uU3*d`p%NHqaLuDM$!c-xkWXAuuVpGaQ&&?P<7s-MRI6Pha3&M7de1n5tHG}_1SGQO76*wo7hEiymBxA9oqt)0K!_jF zCjr3z;K3AMD$`4EiPd7<2KH=) zYx$-O57A}sKB3}LRs~p105J<|Av?=ZL$e_1-JINV%}oRz3ceRB_nHrNe+R0L(>y1_Pi}=py?gg=S#tPhF?FpKf)<=* zdga*uY3%e{R~R-ofN9P%c`g6YTc6R?%q9Jhnwp&4R%0NA9;6%3EK1H@Y_$M~f2eIU zOKI%&q}&*j>JQ($(s{$fV-=J1BLrS}TL?Vkuv}B0 z-pOp=IErkV^;>@OH$i{2&QFEYWQx&6V3K0!yhO7r{8;%@1TL~SD{yDr?`{$DkT1NT z18<|hs~Wsx#^G*^;qaSkP&x)0G%j5s5XgP7`(hb|#ddL|tF6EoSu9{~9 z1rHdUB`mzD0tFbd!NR?C0O5Q<9=fXrZ8x~f0rxJ z@l_yZPR}aPP*Op`I57p$3}Pe4c;YpG$p%xNf?$g>=_|+ho7{N8!oD$aU}4BTrN9fW z_P5$?L|sYkQLs~NBg90h*vy&aq{{EJLvZ*SPagW7m3gOv=oh4tkPAdL9GO z(EwMtcdv*5b_hpeTd@y;A=F{rBGzHBS-vh5Jep`gCj5c)4gyQ{ldOt=7gg!zu!1)C`HT>okywlSEzh!uvy^&fgDM^ zL;w%<=Csg}IQJ+KeD~a|od_raIf#3;Vz38Kul*l(~86Iv0K7&ATqJ zVu|_mL!S6v6dzfa>#k5#`NRgw1lhFuSAE~p>|o%R9VNeP99;Vqc*v`OsmvUJE_4wKJ4HW5{&1^%L5Vhl_!ls@eu09R(i&r$uE5w<3x>Sjc9STu5= zIb_A}3(;=hQ{K8Q*^Q6pAM9w?U}<|VeT@sQcb9Jiv&j+RyvD~87Pw-ZTzRL;-n{`e zSJOLDb4~(|Z_`$n+uxX~)X=3t9oG1+78d&Sd=6M3CY<$%wqF=vB$4p7mYjD)JYjew zeiY|k5M{%=QCM3eC&!8l$p84(XRzw7k#!pTV3bTsvJz?P~)vtK|!&0};7dRIt*a1)}wbzDj$vtl8@05xLB z;VzY_dwUMqJowa%=?Sj^U0}nMemNl0F`}Qy0MzeahbL>X<^Kx4tb|agOy}X2UexN{7 zWk_(<9%Q2ps}wzLRYoHc+wzf=6|!L=?DL5R$^^urO><6XI%~5>a)`k{1A1{Jh-Co> zpPsYmfMGcSRsgTIJ?d|j-+3))*u^xZZEMv29hKt6r^bJyQoK(=mskj`U=5e0t9zv3 z+5uz9wt=dmb?-EN=_}uN1(aN;OU_raT!pgV8FgzSdv}pn;C!L03p&wJ?6ZlM zuLfr$MH*2fwos-U15j|_i`GSHy5#Nd#(0Vnm&34A3 z$m}7DQB3Pi)wH<&cWG(nL3fnzjDm(Daxj(ANqlS6>o|F%i|=YtjW<3QJ{}3Q$5xa6 z7F#_xeP@&$7F}gofl5Tdp^J%Rl1MI=gU_nX+U*8z|q35n*-L^N@=c@>l z*>ts$$nXxkxlunVaFKa(?)%Ox!;q?=5Nc{q&JN;^wK0&WOh*zO=rm`j%xd9D8EZ53 z^%6#Dy4Di(H}QYib~XL0*=rG3ugRCu`#(1TquU^0^H%S z8K5mD%c0f3f|qyzNQHP*i|zgLCRU+tTu#)HEcSwTd`EPRG+4XOcYYhxne!)&HQ6c(?IqJ){?6EwPpjbZa|yi z31h$6!gGnUp8P!Isw>hOo(wwNZ>Tzg=(;W2S&&fsG~p!yqdJ9 zvqKeS0lJKiX3pEi3<)FVu4+mqs)k*g@EQ>p;3Oo2x>4_ia=35mTC$aqx%r!WELSp3 z)R8wO6pE4iivZ#R4ks6yC-MN{<6ZN+R6bDg>d~AjRTj zKUi15SEu6t18(9Awn^B z9xxlbaZhVJ5Y-fuwtcWm4irvB_@Dm)lTvNbrx>WBvxi7ac#Pd@l^?Bv;Q6PI|4sa3 zN(~@4vr><%4=fCqaTvBx*m1xWfj=JFQ-`8A@m3)-d>e4^WX5D9B#3D0tAf&EV9rtt zZk7^77Q@|je|d68iW9E;ybWLunBcqeSI%Jvex?A(MC$&CBh4f`)sS-MP%i|}Jc~(Y z${qDT5H-t=2j?kJ{(34BdwbP{Y6}Vr)!6>}SAfAyDt&zL;QsK(v{M71TahQ!BIC;g z2~9CE9p+QR*Wt5mjq#s;5TeID{PMs2CI|oL-(;8m8G#88^nde(`#Zo@^UraYWJVJ< zMuImBGIOO^P%!`{{<=4$XXU($dTWYk%#nf^k=ZPzsRcSU`9b%BRt2{-7pCA3@-vDf zWbb~ea$qstqXgi)-*t_*b~;8r^L4O-p9?90L72Eyq*#Dxc;NC!>x&m0sTGc(WU@0x zEvYk>RS=n<-I98cKT$>h8$0v$>|nwB_xTeAPkpCj?F;uz?LyDJDm8r&w3~c#&Ke=7 z?6$o|xI(_csCWxeG0Z;*q3^@(^n8WY5c?*>eM#}!YDIG|n2VGPsf_i+Z6Kgcj?DjE$RGxG1k zV7s)MLI7t`nI03${ zBjGyEXG@D~S%=zkEofsBEpF@kx}3k3G#eEGdq~&~M{y>WmHK}$n(Z5%r;WQ_`NRko zp^t@KZU{_@fg0xE9tw^lYm`*Q*1Dl-faBtbL6wCZj4a zQ1ttql1Xij)QCLP;(E~c7we66#gjiV9phC+L~*A$S@P0O|KTH}Od`|J5B`ddk zA>l7r%mNXAaAYW|)Qm4_LzE$cGD1Y7z~&4AAB(q$?H{nHBTjw75cxUneKeRv>+{YL z3!%;E6CGFBbKC7-)zNcg)GB1|7{21|;ZcAd=t!u?R5s@8UKw%(7~h zJ^`@l=Xv`fn`RarEdW*l_p|}FT%b1#^e6-sqh~~#s!jo=N{>0#5?c6Y8L9NF)|Pb5 z2x!EY9bO{$Wlzp_|J*NN^hQX@V46J*h0P7m}3AXgsj28ExQ|7hZEZ+b?^b-8i94N+=EE)){8t40( z)JuLiQ(coxU^{M7NxH2ldMNVdcE{pp330I>0KOI?!EJTK$M~TuGtBUoIRm1xotAB5x(tD&GK1G z19r+ygbsnq1MRrmt@6_dlkr|J?IX2<=|e%xodtGvp9%?gWgR0)DhL{t&PPH0LcOf7TK_bhFV8j#6oUB z!ocLS@i;L2`}+BX&W^*|8k80(GBYXuC;z!bQxwzw%^S_u<@l%Xlvf0{$Dhv$`C0?9t!v#e)5;tJE*A^P}G(M{y!ZC6{w-GZ`-)-}s$Tdgq zgIXe*@xf#_=>+-AzM+ltZqzU2t8%a4x)EGK_ljuHkP8VEc;cX)jB=1AMCMzMfVk>l zPWC?vHqUXrDFsCq{r1$nz*=Aa4t-?C6mTFwkf zoD@V9jWD;MhnW}YoHarO&K1zweJBJPyMXw`d$2Nq>ojHSJVp+P?;C}&@>Yxbl5XbZ zC_%I9)sv2t)ua-VLNhnSLK&~_pf9|-OrCCEmSa+M{P=Rf_bL}44>E*w%vwvxb733C>wqPhqF8!#krkSdCR`bXw%ro46_6nF^(X*Lr*5y z3nIzx7`*f=AraS~&!-g$P#v@8LkKZ8yWpk+^buX8U+xxW?)58|Tn^Zd;&A3eC^utt@%5&7mjH5j0kaPYu35JxE1A0}z+`+q&0$@^_(0e{B-^ zDdg-ya5C|0gF-IuupTRM{qp&A>4pkCc`%t=viKBVwS@_$-pu2lD4*#*Uu*-lDMC*p zKMR>LoG>7RFQG$N8L*mz9rkyzG2@B0nV`-py61o>;J%FQUV2Ubu6xjf?L=<&%d03s zS-G4i$U>uht;kLHe*B)UkV)0`*9KQFxi~tmSr5m*`bmnUr^KXwpq`O65>_@V_w8*L z%L7c0ucBDGf96E;yAU-)T{*k;M@}TdZr2}ndeX>GmR0FZwS%ecNJAoGb+mf}z?-a_ z_H8Nm%1f*s@4O(soK4ioetun%>aq~>QVlUOmfF;Cpb&BtQy)Xp`vacll0tM=Tbhg7 zexK*u8m8uW-IUpz9jgYTH~5)0Zj%kr{?UKhOL3j@Lw7T; z=yuXdEeixj=cL^g0DYF1wk2)59<$r?G9_nVv1Z9{+Evmww^TAWXJG~8qio#!;;C2f zI7?sxNDNmuY;zIL85&hyCiH^!+T20N-5@vCcpqOHn}^3J156a;CMLG%hHqiuFWSjc z6z{P3CHDo~gk}n1$S0;LzPksQE)mE9 zOc)KWs?(@=8JcN#zP`noBdxE}+^TtIwyebJxmi*~qPYVX5@!RG%P4GJZ!VxJ0Wjp_ zl3r*~o5|>TRfn0*bD-1o-M=zfWw~E@T}R7Q*3~~?jl9M%I1ltTKyAJfUR+E_1wuI1 z2X2!<2Mz{J3NjgkArO+`w6iBAS*UX$t@GC|{22522c#b%P`@IYBZ>;97(HCrwjBoS zK@(R85s3rx9fwEK6eVmUx8*Ch5oeR$hNgf78uFjK9|5@nPUVWZCea8IujR0R`EU8N zK1cn7Ul5wK0R}^NBc!r_Na8=ui~ zI_-#mLPZuqj2aDchwzDsMnA+p(i4ahfjbU>Mfzp*?Y!XEvWChP+z;TX)51pkpgo!l z7NOxK#0Dm;*oJUdwgh&qZFiMZ;vXM3PiDa!SZQ$B3m8&?mjc`p&T^0ALGmSoh~*1! zz%&>jsIluJOAjHmU5}GR`}H57kBHn0mKo6U7(DfgDulH5?&z(Y-HY8N^Xpqnh$KaP zoWy_aKp9)ytmOKg(CNS$ z&{%FXA`06M@_b4s6MTjF%s&J|m0MGdfy1rNGjJGF(8rwwW_=Fj$w~1rRhdcH8rG78 zFfcOSaySJd%22Kx#2g3UXg%m?h_M>I7+eR*w+{jhChcZz=gS|7v+`Q(cwQ3>eW4F= zTAM%lj!4Kra(8{H?BQ<94>lIq0+)rH*IyVK_~&&l{LXODaG;yC^aKkOAi%g4r7rAIL9>b|WY?lKtQDB0yMjEF`!TR>5ZyDoU_X_mU z5uW||ZpZ1r(_9Ap%nmCNx--hb@vO{W;jWaM%!hDSoQL@vB8K_VH~tED6=?ao*F@O& zPzaQq$?36Mbm+u9nw#lz)XyLy;jc1E1@a%+GR|+mtR6E|?W_$;2*rGqmgWLBei#NA z^Us^4uIa`Itfdi{yA(7St#*4}#(pP#n5Qx6B;OmrwkPu?uwuE1sj+EC5I~!cl^#Ak zGblsBIbn|^HrUB>QZRxK&jh33We|!R2FKv`#Gwi4zfY2-*=^q^$f1|-mbVL8U#6kg zpnO0+Y%^7VbO`+w$Y@9pjr~_v=8E(|9JrHgVoP5&T%-I0Ous)ie& ze@q6&_(42&NMuC+0BTw(>V8dfG~)t&wu&|)6>5OdrXDfB#58{oKthl~{k3H36=8q!7-+7pT^_q}w|vw3 zAu~wSJnH?@e*A1=16S;7pBx|48h^h4J?$1KpX2pS26xlQkt!N)vhV_orhZo~Z8I~5 zzu^I)U@$m^^zD@nnW^6pW@_GQvQHH57vHPw;+sA(E$w5RiN_%phf_Umy(er@mmZg_ z|K$%p1gV$tQ7d2~j1=jw1H(2Pucc;Y;`{gV;o5-A6xrm!ve8znUSj2=&$xY=JCllj z)0lv>{dn8ey~J4iwf>Q77?>7#te(d#tbQ<~wUOpHBMG0AEJ@OZ2=EAMd>ty{!dY!*FZ-a#uW3*vu?|Bn0xPM8A=`qpr zZwfJU#r%wEX(7^r1JNIkl5v5l5wTFo%wJ6IC=it@NO$o|!?e^7#q+4c4HQju}OGBy~CXcw0u~1We&<< zdW&+|EtS7J7URHkqKnfc&#mA|p$!3$u_!b>)fH3G%^m2}lX!`)K#Oy>R{Wz>VxOm6 z!{<{d2VdTrQNGru9}bxVZy43mS?2Ap>W+J)oS*AT$zIq8pE)F+S3xewO;)h{Re@^- z-S_WnEpM2ZyiI-58;Q!4fUo|7fvq#KX}3=791N;&KUG+ z&R57sr?Xz9&X%VujL}rWoKx@UgmB$C#{}Q)PUy&L3|)IpxK)0Wx#c%)DGB{OxKzxx zHrR-H;?}rw@dLnK$>zEgwc`dFFAk&c+Fd`UX@Tlh4CC-V_vTAC0xzZC%EEt4In2V(GiP^9&o&v zw+||C2q371x4rjvPE$tkSSsZ_ruFc#ldInVohs|L>to@h$P)TeT5hoCX0hPKCuOI- zF5TZqxfeatk|CQOn8jcSej5r3zN@sg1vjLeO(q}kP`C3Q7d!nxof%GC%z1T#Ld${? zKBcph)HF#wyk-PzS3ljBOHi$#*O}b$yj8{>9&S3u$MTbxKb~Oncn}P336Sei${}ZG z&pf8Ds@jP6;3s`iiudcv4><(|k3UN;<4)Z;33@?`g#o35AamaB=%$NRtfWc8BG9Ut zL^4eyVdlYMTO|dUO!KTpT!Y41$Xf!5d>kFsVhMWbUzpf?hOF4Di>)5pt28Wm@F z<-v>1?P(zLEx*TiUrd=QRN=88*39Bj&55&ZCPxNOZ)ACV0Dfr^{fMe||GNZ#K*x_tRDHH`JdT*gzkJ#GhQY8fB;w zE!7(P)jOJgyR8x@2TK(ehFNiCF3iqZ0%~475?a@b7ft)WkJW@ixDl+PT4-nRWA+gm*FT z%#Cr|&V~j)Odk=QvgDb^VTM6{BK6A-?l9DyG_^x0Bep^J0hDnVfik+IWkN8{L8=*s z;$B*`8)lN3?1!j9-KD1O(;BH|%p3i{$u3`hk8`1|yP0uR_edA^0?f2}$+= zkYtQ{NdplVv+NqC!Di6d?0&(u`+kb7nb0m!c`%1jtg2QWQcLE@zYb6a%U66@JEv5P z)N|ZkJ#aBfpM8SFnMRL+miH^PHtc%!3~;spedQ<8qjaI-Yl7K4h1TIBq3H=iOx)kz znq3xv<4!U!a{BZFnQFB+AuVeW#^Xa?W9TiGK*VbRe5`~0!jbLfX6Mro4yO{a51x2U zPW(eyqxEf$+3=$|fbB-kx@6V%S_%s&@@%dtb>BJ_*)@Y_5&+)rF02#Zm|G*de4VbH z-r3t=Yns=QV_VxK-o!%$#tn~6j^gV;R=$+vmet#jW)sEneK3Bd*e&naH0)fe--wcE2z6DP%=rb%9jcbtZVlU(l_g)2%e*4PPZ%{*o z1v)s@P9XZL?r3l=bhp|fHsLD;Z)?Wbr8d&3UWK}c5QaB3J~XfAgqY&MF^3~DjDiqw zm+{bHJU>TQtqs~uAgL2a??cu&V#oo4` z2wnPce5GD@AbTI@dF0N$!^4djRO3wWox``B=fAe;+;IP$#kZqa%6Bc&H?IAG1W4pA|-p8S6kD{iCxH49yn zBfqbwvKjg>FC#o4m#0xTg8v$``M$+JvnoWF$M*-_CKFiypLT%h*8pW}lrHE+)Z@$lr2XYfSYyP@!72D$^)vO{J0 ziMmRjPx5fuM& zDZ2h66=vgEMxfQ-%{#BS-jK8P{_h!F96Vy)m*@R6X3bH{2S)h`(9=*;(|9QHGY5wj%?nNks>z zhyVf0{5Be94~@Ha`ERM@BJ*dBBB={7@CKR#L0OS+tO%C&JAKMrt}@`VqkU3{VKM%i@QCSg;-A;B>y(juIl!H&s^_*ZljTtdE(fu z%LF&Od12X4X_c`jeM5}z6_Oi1zw33vn}4zFppiNv6A}K=9K60P6ZvnCmM^X+6aikd zNN(PS=jt0%;4R3**)%Xv&pk^2GAllLu;&shs|3(HOYh!Sy7y{G;`K?H(n+!(VKqPT zkDB!*@Z!x4m+@Ux%56%;XE+1BMBM(KyJs$$~m>1fiplc7P%Ej`kKkc0Hp0(`@(|25uy*CKY)dSwZqva0I+UmAhS$%lly71p|tBUdr})djC6v+f3*1I2O0z!hg1sz;?Iz zC{Pg$VtS90vp#vLd=d>PHy`4PEE{}@8Dd<!3?4x5Te z{v@*p`|FGQ!AKH-Cx)>X`gGxMK+IB?oreutA7sdnOIr<(o|l>7f4CeL&l>{XUHf%~ z=!MJRszu^9&!*&SY_(a!E2f7elqI;Swzt?D=M9STdW>Q9haY#9%~;M zxLu)Uqt;W1=++P*`ThvxI|0Al5DgmANW24hiUEOZv7#7mgJiF-kNrV6i6)bNyZh{KlGTEH zKOYb@$7``e_>`w$Lfbv?Z%IUlbCCS^zx|NkuKNwM_m@Ze-%%jafI{9zT=R3M{o;ty(AtH( z|N2D^KPUcIV(nZ*uj?=qE46f$s%!&b}=i#s^7TTZyDM=|R<|9aMzz+m0 zxLc1Ny(I%BjBa+#aWupcKH{GQpSp|0GoXt?ve5w!1i?<4I0uU6KRl7$-Y+xv)im|} zQnG$j>zK;}^j2eP_g7@)bSeSlmy4nOMkBo$AX`hleSW|IloQC0M=@U5vwuqliXSmp z&yP}dPsKJaYuDe_jB(mgZn9t#qxKW*I>i!g=lL6;vvX};O-oB{S?wmgFPaarGElW~ z%$++-N}^|CQ63KSwXg!Q^{-bfaW(?9qJY@s!`o}@S0J|jen%a0=Ko>d`kmkN)|9@AH@@WY4v^C8+rae4gmoi%SzJ}gaI#5|%jWE$@T>2|q57jy_lPzo0`+(E#us;;TjSP(d?MY7VP$&xm29r>*_4-uyOlJJEFPB|pp95_Sh?p673-(F(ATYNL(o%R?##FmeNY27Az^w2@Kx-d)) z%Vs37OY>#2Olw~i4WOvVh zoSBa7FaEX6bf}(xCj99EPyuBkId4%9ocyV>MO{Y;Z;O&}C$%5UX$IWf-0|<`l$aqasu6~V-S>sW7j0_L8I_$0^_glLKogLpmWXG0 zHoIWzW=ctJT((>^z7F9qrQ-z3JfY!AhW(fMu@3&T55xf=NQwEbW z=7N_$T@;@WqS80)CX+BWALJrt)(uPkOn$S^G(XrkHS>UL*jT!iZ5mqnU4)tHIh~fX zmfNl2K%~s&4t(XC4eghzsVx0}9(!J$`Egx8Oh6lsE-*jXHFu|x^aP?~Ij>>}c*L-b z!IgswZoSA=MdFoWw=JrTb~|4Y&NSvPwp1{0)rC0`GU>g>6N#61AvJ$ZK16=5#!LV& zSe+)2V>__cc~RY(6o%W#QH&Z8VNnrqWq3v9((8plN6n5KZu{k%@nAd|upe8eerw*n z@z$Kx*Np0)3tOGb|3zWze>wMjWWsx65!VQNpl<*Au>wnxRhPWQ@>7#k*_!u%Y0q+? zD*!PKVjFWxvtyLYWutPLihjvpQqe7#crUVsrl{XZej}oo?EL{{0hdXP?DNgKh6X(# zA$N^`2k6Y*M3HyclYQNOx(Yf0FiF{51QO38zkWZ-44TWtrRk|`h^2DOM_*UMye^2 z@BL>aV1U;+$)t+{jK|>S_?AiKQG-nH5D5}N21?7)d7{SBv|ZLu6z$^VuQjQUe%@Yq zoMjUiIjg{;ASzV`B!E4%YRvH_V57=3IaS zgf)EOB+V7t?pF}xTelz^w9iYI*vLKqwxbCN((uG+>HJh^2TNDo@p_@V@6T{2nFsut zH~Jh~%y!uLU*wIFEa^Jsf{I`wUk7dkbuRna)b`)-M3D?_zKRQQo9V#kpCIQk9Bda9 z5rQ$K=HsWlE5bifqoclmM2!M>+C!sqTagX8U9f}55OklDgSo)BlVQz)=zuL94eSf4 ziQ_ZeBC=uDmwYT@2(#<)@8DHuwVFKif+G1+IWUI?tGgIH21HN`A?(KorN`U=(|A7d z6LM}n#G14r+Anh3Is(cDo89tv0=A0)l_dt~#n<5%BJOL)?iM7ek-y+NTX%jW4t@

      QN5yosNUOx4_`uv8+WnTFZh~3(R@NzUF+aU6|yzu23nxt^v{M-0MIk$H| zk@Q>TuPMyBfG}8j9;h#qFb`Nl35G0epX>fXo~0R>Ut7?AX+tHnph5|Bqp(Kz1Xb$S zSI+g`QWNiQ7pAxjRF-0+yAsuQ1H#n< z18Pun=S%7|Kq5Q#R;D=OZ9XSgLDqG-M@|Qws>V<+D z^~b(C4qo+Bd7;`+m#emeNdGRMWF=dB!vwI&!*}>9%d@ThIXJ$%{B8QUcI)8ZDov2w^= z*Yl~J8CZU|omCi6Tv+^x&#CqH!_$xBLUn!3%dw%6 z&#umi;*nUb0A+qpc#5kE#hSp9O9J+TItqPf;=bE<+L}_tX~%t2HNei$dgr~ev6=D3{|-T!pbMk(~@vmK11&x=!1WY zN*3$J3>~g6AeMO05MYd|m6TSW1u9|NXWCIWEjJnn=jax=67Q1T(S@mdNjB*MdTmfE z;xjdt?b)4TZtWFF8(VU;m9?gr@56<929ABj&bNx$K>e9542C${Ml%Qc z%M6u`2K>W`YO)Ljt@(DkRGOI(ert!JoG7popi#}(kztbkpGH1hjHg73;L%od0b*CD0kC;-Nu-WvFr(bUtsU3Di2>iRCxQno zU*{MsDjYd(vQEwPOYlv}QI}KvUTE{BC7-eIJpsN})SEZ!&Rm95TB-INT_^fPxg^XV z{vHE<_y4f>)=^QeZ`&|#Ya75;1VqXploX^9P!SOjkZ#yW$AEMR*la;SN$IW`V5DOR z73q?i0fvx{p-+b8XRW>0a+tfW`;6l}&bWxkHsF5OB?0;V zyAAk(cJLP-ok1Q`V7Q?Q@AueLEvSnL&KOWyfnrG^->0{kAZec4wtP+C%9VvjMzsf> zoJe^LO!wE;DftA=W4TR6480xt5GXT>9vnfG57|i`+Pd7#lAkcqJU?3*2RRCJ3%^=9 z%g(~?rT^aV+p9;U8c$AdGOTnxMJAJV{kJb0OK6_oEIC*{iA?@<*VnRMGGV5bF7Md; z7&Wv_f%F^i{P|+DQg<4C#{1`&S=W0mAk}vmNfy8s=ExQ= z&=NAXq;_p}9)tZkA)DbGvw7-wpoV~JPUbw)`y2xW*ht!OQiEaax3bNpfmdKhen{0L z#qjb>7c!K67XBF?Y7z7A@K7(at5*+Um@pUN%vGa&&*hiL&j|Y*fl;3ahYQ0Vo)`Lv z4Xcu`KixaSzF{nMD#asRE=T=-*Y*0Bi?pBBA}o*GzjOQ;EjjDz^{bbT-_`V%&rniG zf6c*rCFS)o^?v)!{Z|W>k^^jvzh5~u+Ud4xAE+3;;I{Vt)Z##q!Qp~Tvbf9i{P5NYAy-veD-x|$VmiSQ zo%sB^L22%T;7bW+b(lfNaPqp{V0u9alXU!?)%?8Q$6@M*W{r`)9#u-$euoL^=Gl|i zpTFdlRNXyN?&L(@G2fIZqgiW2ZFY`=g2LfNGMDtASWQ0auiCb-Nx}IYd4`Qm^Xhjr z?t*s>sEoAt(Q+3w`{d=ShiKgeuhiYg#pO&T$R%*h4F67A`Oq+OBDea!UV!hjWW5`1 z3B@vXlTq*A>pi{qs`j=e<6xJ>`+V+P*~P)yT-j429fduz_dgaVh8^6#fSnL%E{%)A zvj~4vVM|w1tc)zgRpaA6v^E}_omr&s^_(=0hT93(>b%UbW6>zr$G1H7xHI-57cM2} zqz9j)C_xx+%CP8j*mBBi>SD|M?ePVs_&7n*BD+Lh*@M0NlUEbpXpRu-@Zr{e9|nA? z&NVFmvBz@4QCKIWHm<}ZU*2J{wa}s!{d(D7>ZX2Qu3qcd^2*9nx%>CCb+CJ=p7#lk zx(opqg*QLp%N%9o9>|I3PDGnTWve7epbg6Mhr_4ZPF6SRda$|KV%7IpiVDxwC%nd0{rCZSZDLG9 z=Xuc%iQM_R64LzK7Y@Ced-KQU=KC;w?2UTfp)>OS|K5lJeN`Vt;l$bP%Gq6Rzd7^0?zy*KAg z*~v!|{T+1 zz@?V@`oVioEua9_V0k7&Wm3lLgR@-!_!=SaQvt2p2iF z6w{OCw$LvSU_oYG`Lwu9ve+Msq^ZMb=jiw0EpwBSifkG>dn5ND;b&?P(p?ETqBI5{^@J%9N%l5?M8=+oqP?p^osbuO(Mw5@0rQTHqb#dE`_JQ50O1v)+CHdoch zr%m4)iQ^)_jr{37J*x`)nk*zXgEOh+cxuzqPpn=VkC1ulYh&f zwTApU9dF9?KVFs7EO=7yy2TTG%E6%YR|aG_#ath$mD=kyxAPh~4}Gi)xV32N03spb zGW{Oa)c5-JG1N$vUV?;&Q+D)+56M?#Pgo817~~C>&@#|YJssthkkGFWqAlX}AFg!M z+w`-H7*6N0diN6Vlhv?g(OI5U)Vf_Ubxday7wOySzKMmYpcv?t94vH;o5$yoy4@?+ z^sZWIWEzn-N(qNfSwmD%s4Ue1M7%}6^MHnIjdG+5!1JTUzd7 z#KeG1*6wQe<*o2YE0jf#UvO{y-IDHo3YCyR(y{FwvmrXBxdiuHH=Jq}i;q z6hU?C8kE@!XgfXRaf#gjkRW@4T98iCBI&xdui`hqXS-lWiJuD=i6wo_G>1|QJ^o+J z^l|Q}N>iykg%>@UD(z1nYFO$BP6{g%wfuSthTNYsQea%` z>|YO!EE-A7mB4eSU`4;rI;*2m3Bs*j^CU_E31^W3kzRdm8~1zW4uyWCvi4xf3wM<)>uKM4=&SMST|s0H^j*>r;EK`xoth{0B#&eyNjB zuI$0!))ULc`YVzo;X)3SC0_P>v|TE*_jDnLRt?yB;-)^0<;dRDqs+Qvl~+Mb2Dj;5 z`ZKLLrHnUh_0_HTV>UWcHA-#pn=;8L24ZmQg8lN~XC*4sm&DauPIB5(udcsZ@5le; zd1LWnnN_ac?GePDJ0F}v1g58RxKau~B}v3GG|yjjCO@0Z<;7Cs(%Vmtqh>U%P=l4D zg%Y9Wu2k+BginPwb;_Z8s}ZvIy5Emp)5?Dxu(&E1Zz?j*CAf4it%}= zIJ@fZ=lyGw2?xl2p%6_sme-fto+B~*K0{-CZ9{rkScC* zca(BtO3fqsR-*^}Dp>Lp&o~N`_NDgJqQ2GDk?UuYNUM!WAD|2ewy!FFHc;rwETqfY zk|=0VxLETO{Bf}hfzN>2<tqqZ8HZ*6vG z7_IG=eg*UpF>KAU^FXl9r>vvAaI^^bNT;+%w{gJgUHlk{gppjXx<$mEXOBO8D{@+q z)K2uX_9O|J@qfalC`6x-Y6M)Bg! zaqV%UlFZ{mxA6Dxl3EXLyc0;1pPS1%VY{j0V&D8)3w_}6Ef?@psr_&!f>G`RO*Lrl?Ccb&Li_T+@KOkh;zcDD?YBzjoTG>c23KlWyHcw? z|LSXk@K5q#&TXz#PL<)PO@rqslFnw|C7gA})mvkv^EO-1m|3#m&XT zzc8ha#z7O$HZ&=T%CC!}AC+cJ5^EST@g8(a9us$CHh#IVzXEIU61|;$uUV4G`}Sv* zTbmc%!8t4Y=Ego~+aqlD`e7u4a!kpG`K^YFyjO1B)q3W-8P;stpGumt_d%|4HF2rb zVtGgOt2W-P+mCWt?dw>Bj%A=HUH4}eS|)G3Y!mX}L2F>qzPR(jyGI10lu71!!`jy< zANjUD9Sv4Y)ZFcc5xU&PCQpqUxK=9X?z-wx`Wu#Kaq`0!P3I1g?00@473n-o$Jw|jl2pB3E4ILOZ-V<4yN%0JD zx$iE%H}qcWm6&9xMQ`|o)LnL_%~k-2eOYoh3@U{6dc6;dYI0jC(c@{2#GQeWw4(jk zkGUaNtQu>J);|{c3N8{J?h7rb1c+GKA2s4!)Tu@jT5f?kaHn!FH5Q)}o{sTp9SrMT zAPtN@b;oaJ?q9MY9=!MV5vNOtnEPDUIb@(cTJ_jq!tb_4+-N0i%~@FFCTX{o|GT2n zy=Pz@N{{L4L??CmLxH)&U0J-p%yB@QC$ z!7MaPT$XIKcK~QtI=of1tXt=Oc$0_ckz5e15~1P^o7Dcst{+92MJ34SF5ev-jWaB9e$$gU9q-0s>Kn`;rKpH&+*&MKr@eH^mSmW!94At`XN4aj zW-2GdIxuW*iKSh=#*C+7pv_3~H@5d-jafX3Q3%hX2n;-{rkkuDG2#P|48Z?Y{Q(Jrw8c09lBp1@?|dzOr*?CZ!iAcvF+AlnX9 zl1kYufPetI{vSF*`>z;Ev(CV%tmvhH#Qox{a)H)OAHL4{{WYL^>i{L}vl&e# z6TdJjuT5&d{%T~P=CfeU==)4Pi{fE0BM*p{wNf3M*zUym&q;}0g@UmT=0jL*yog$^ zwScg7|K*;}hMN8D?QJomvLf=uEb+L`%4Ze@CJPqDOccir9yHdJ#BC3lw5tJzq6J)@ zm2_$Lj~^5t3g+xOE^!XLJ}glmRrw`Dx%1~cu2H>F-LpfbZ-)&!#7uVe`s|t;D!ZgU^I*o#l+*_$gg(r%6!}-pcqWalEyN4**dnR9(m_|EKX5M~2 zL=O=xjh{qDXcGGCYMipy6jS_1fio)EmU>vm1D0=#2ud~H+cc>bP1b+=F3Rg2S$Y7X z4kwK#tz%d0&Okjs)enC9NJi8i@52Di8K+^;B_IP-V~)-#I>}0nH3K5<4r9V zaZj{4lAzFn46un*<}rbt-{^mOege$qT0!2qRSBQwh^4p1ZsoVFs->n%`}X)UNbjib z9IOmayP%Cmf+j@c*1E;}W8nD*eSaxdCZ2w=Fz7s6SodMYYZ&CpZMuztcr#HPbx^jh z3BxCECtT!IP*YR09Vm=+5`1p>xU@U~qJBrxK#v~vIK>CXwJCZNJdr4k2P`{>!|&ra{gp(AuSCgmW$F6L62l6eo7a z3OU3(Fn4%Y-YVoENd0=8M7q@7$B**VN~`hR%Xv~CSc=jIWAHZgqG_)CFf1ax!&qSw zjY47Hsk19Opu%gv>VJD4$1NtN%dMU3>dp7N3gi6Xz#oGY`Kr$2v_`jm)N6gk)#@ap zJUoM!jAgT^j2JDC!FqcU!PIULuOGU;=Y9=1sycY|kr@`iy*|89HVTm=5((*PK9%*I?b{C%oA~6AnCb}ANe_b-Qb&SZSWc)--ARn78mFhr7+h? zWYwlEGkzd@c!YvtQaFYZbNY+;Tdm{IhZw(IDVvI1Y-u*tT8{<2vEEtIC5}R%LTCqY%I{Wxz z58*pQ`v1PezQy1EIn0@xL*5xqUh(sV-nj;aa+UgU)sIX8XFoEXG-qvgqWIwRqI@Vy zrwq2KLOxA-pP1^<{~r6#R}`n2{@=F&NB+;x^WOp{#s23P6n9=sSQhB=G`tf>k>~s7 z`wP;X1Su%Wf=^n?UE~~-pjDO5zy=&=PSyYK zPmdhyU{^u=S1ZcP4foHPo+AcI-ZSbxo z`w0nInlAr+W0%XGIBzhW{O6qMHZZ}2ODEqxo<{*~SWzhZ2eJeC+Q9YdJzo)?=1sfR=DG&C z;R|+kd^u2~5?Es{NH;8GMi>8h;-e3_H%q>FVwSeVhuaW-pb+*=g=4m+c@NmyuVMzJ zNZa{>{9HBLD%=$qC~VX7`m(QZc2w2v zq4!!8cdq`|eLa^-{L5oWdm$Q(4MNZ&mn4Q7cOmEhbeuCi?z2=`YIMN+@)ME=OWfV~E1xavQjl{S*)N13IhuDKZaJka z>HUS*?nfz_806E!fx(rPyN%7LMvPv=s+$|2a5F86vj2YBlLkOZURe8jB}?=WIs4*d zPSsU#?3sL0X^zI(dBGDTuFqj*1*e}Iu1v*RpLfdFFqS?kZz6bO@|Emq$(TQtT3Wc8 zQEe}2Y`3(<6jFB{Z?K0~s){E!T!X%e_wPI#zT@}__pJu_oDl|s#V;F)FyG6Cr2{C? z{PTJ3Vu{1Bgc)sfvoiv(=AJ=>c}Z+V!N4n;FX7hEi40UD#C~j?t?nXNryb~c$a($x zFhs!23l4>_uiKOXu!ikGs#g@LC2(Kbejv310$S!4z;#ofsjP@kI=2skm)l$XD)dlg ztJM-j6$_V`O}K^L3?(a~m9>SvNrSWaPOhMLZMnb|KP}-R?Qr{AmQ9SU;RT8z?f(ez z2ULf{MFU4^Mn{p+N24g|tPZlTR_W`2x(#sY5=@cl#>z?(k2?9m|4dF#XBO6DtFb_# zZ}cVW$M!}u8a$;$aoBZqm?3mvv9n|DZpjTZo_lm_yW-o?%=B8gs%Qw99)<;a({@j> z6@|!gGGG*KP^O)=bK$o+$a!ca)FkV^B3Ugg&UpL$-rm;Rh_)f%$R(uV-Pm1S;owhO zj`;_c6)gB;7>K9S%C|ku3L>I@M*#FMA!1JRwG9UA}z zm!xdd{eIb`91Qs1DU#mNOp^~TW;bAGV?$6bg1k@_%9lj(cG&89p}89z91mKfc{L7? zgx zKRbm(cjDBC%QG!N2Yd_*yBgk{?mX3!1OMsOz*e%H;mvF?N#8Kys8w~aUj>H*n1%5@ z&_(-GjSZFB4aY3(t`__0~N-*5hZ zdgA{tqe?;X_~(cJ@+bdZ>iX0FD9Qi5o&SSZ=U)`}j|?;=oo}OKR({mC%2pJJ!{xj! z!*Ti0hQ$?(^R8&mDkyYsf8c7k`mel*z7w|Gc2q|PRw@avKW#ervW+x=Y49*6;lNHZP=Aimi*#IiAfepG5Ap`dKnra`noiz(HwM_6SP*`_m zicIypOJ%!Z=i2%6=Y^jB3trmc;LC~HcK2oGXF!mdm zfuxECT&CeYiv>?5AHk(+^if0S709CT8VC`-yinx=TiY@%-DI~+4L3}fA^Brxe`J_v zWPa)~zTtjYyXm1As8;DIyr&hX*5H{|q^s>-8bi{#Xpyy# zJn)yrS&~0LvHomN;~5Q&HbsGq3)`Pe^En!gYM$x!WGQQ8g>0dX9~&J%v5j%VM8%4@ zp~J%0b?8!s8NNziG%L_8Hfwa3THQ9Y#TUPWs8fqSJDx0>&3rSCgEJ?;ur5& zI|M?46Wl+-t2A64I@a9W?7i4`&U^CXAHI8wx6PdL#hoWVzdg&4i_g;^4B5&zlCW!! z?Q1}b8o7sTE%cVO1p7Kjg`9r!ZDwJ>gzM&)(XqaAHCeLP%H8$^NqN|pu0b!pCAbr@ zvOB8V85n&h3FDm13t3pfCA#C=7u3-=Sy;OL^X`Bv7&NJ$!ARj9EBe za$29~dRD%PTf%Asv3+NK#?2p_c>3%L;YSK~a_4o&OC}t0;^!}?_1jjQD|JoZ3e>%# zKV#o^lMpu15ig$B$ikS+U;FFcOlOkLo71$K70wpW=zfFeHjk>|c3it9ufZmc#dq=? zYN-6HZu||9IBabq=7p+s&LXj_wY61A3$6JPi^am&yktlKP4I{sHHWcl6`Ct(VYH1# zMn=NYVXyW%Aj;>PIaxd&imY=RXakj^5qwG5wUODQpO@V%F)@+Lq~@h!G#_tmpBe}FR zGaoS|Nc-wHhO&xk*UlBXR7qmuBHwTBu=@W>fn9L5*K2kfQl#U#)zkk%Yv!Z^0?5Aq z?mX1>C6D-Q8M)1SVzqfp5-qT&7<`dfq`Z3HZ!N4%2YbnwgLt@1Uhmyb?k=sRHhJ`; zU>nm=pZvVV?(a8I?pN*Ru(7K}U~sG&UKlQtmk(u$WLq4p&^R1<`APjjBP*PZ;Ox%>ap}asE_7S zt15Sjit8Aaxr1zDla=Jl!OF_2(4C`^wE;&#se^MiBNJ0@9dWthdD-jR8B=v$h|RHL@Ev~+22mvOKXg?stxRdBti5lrr% z?$}X;?VP%l_^Wf3;|_lyx8bmVV!!z5M=tGL>-ee6){fPsTnBBz!I|3qO3gS?RJWGK z*I!|6HVG1L-SBh!MT?$knO>;O0Lh!nD;w#p@%0HV5^I`ufpz<`xHuGvDNIkFtvM~X z;VmVT5vy*lAYkNkT8Lea&IQdAwz#aR5y;1ub&>wnZ(P{=$wC^{@m(^$qKl+sWL355 z{zO?3HxVLvK@*z@X0h0UL}ykK$CoyNm@bMBwFycOwL!_i~jE^Jkeb9|RoO#8UHs&f*$sXcgB6W-^T@{?1oFJNw zj}@`GDk>_f5Ed5~H&|?w)}S1F(dx(tRpiNrcGh7<%HivYKYmt|@^QU+L|-cMi}%~R zyS5vj1m@ii_o3mdr)+(C${R}wH`jDHejZD{pfl2HbcDS+!d5WH-n6;)Q-C@))?A@F zYT-|jm%_)#miJvZ#L(Vj@p}jvVvB4~OL?#1%iO{4Z$5w+^%N^jer zcM?iS$LE_q)?Km}^a`xp`gwms7hh#_OU@&9yT;7z+BX{Bap7_X8jmI5g-H zLriipC|)q;QLLm#h`x|xKD-k0m!s7szI*Ng5_%=!@7dVcX8n_Vr$5UqgdVrs6ZEUW zxi4vkHw16oS>AJ79hbYY*xdE?Rie(GJIZaN=^U=)7eOW9EDM{$V5LP6NOLZqkp%JW z%5AUl*C0V?OXaxoDt=l2?Ypq7$O^M_auPEe>+9#bW_Z|;o%R(rB);_V!tm#=!N8x_Jw6v{$#125c2h3DatmR3ngNr@>P z&K=Zn5Ah)FwEFq`?M%_Di-daYRnqet_x`-wnMLF;w4>SIBWr>6sgo|_GlP<(uyh-Z zEJWh2JviGb*@#P@XbdF|$`)lRZ!AUJn0tHJp51P~kzghgSMqE?kUT#yQR{V&1>ek5 zLljg8-$M5K99mUfjof`g&^xE?_nV8u7-?#0YspeU+dVyjIG89>HfoP5P>#cq_g@}& z-V|}1_WEAAZ->vtdyKXtGD_@twYPO>R)%1>r;);*8NHendTgLvm0CAa-tnTFo{{yF zTX}hZxS`6m!qIfqQUPLB-efctQ~&bQYMbSa91RKI-D0Q0$!}F&S}F~bhWk=UPK%t9&~^=lQPiqTuR ziHkR?9rRBmmN^pQ9IKpoIX*ii$W{qR7P{=mf>b8?ALs%3URq+Xw;vXbHSsvyFM~q5 zjHo<)v_elNT4P3KaiH2j{;WWG+xXr5@7D$GL}Qr!MXwgQReCd7mHf?=-I-SJVTllK zI6JBm#K6UCX&p>I()P(z+o>duIlQ%GvYchu=lac?kL5#{w3qjMY{rR>#Pik*d4?70 zowwJEpL8T>ERRrUTXiNP#Xlz~y^a0%$DCu`5*OZA(v&29&^P$BCf8 zYS8ZNM0Opemd=J!LB%k{I)C`^$FSavN?mL`tVjIr7VBk&-9L9-rMB-l<{1@n48QRP z5i|B)J?=~Hvlq7hap%gFD==OrWV-WEJMBTR>%)rzpnEq>tDxi)DJIMTJb?htYN=He zV)0?po%e1|Rz6Y=2yFf%!BBpeKDF7a-+4WRhB zOD4I3X)JLZHHMG7lFP7T?S3X~hJsd@;5dEil-fi?aEZ%|3MKPyAm7E`KAoZG?IqH1 zWGjSc0t>3HsTt7_!jJ~2O~K|!$va2YACn5YzsIt@*#FQ^ zYQ3#zcP@){3Nl-8rY3X2Igq6@llx?XiQ=P2n&#%|fJm$cdfWo(={SmuG<-6UbOxOLD_Lp$Fya|NdBtJEIs zVs^=k(R>3PX!5WJ1}GN9s?TW<5*?z`>&~4E{7WqTK`>+M=;){^3#P5(s6nZ{8YU`_ zO~Ge#si36JcW;x6gF_!i-2SLNJmAhaJ^@w8nA5ae*_Q44RHVm)f80bUCB$$g`Rzh7 z)V(Y9&6yrwz5yFmJ?3TljwC|z-B-odUH6WkIKc&_5O>M*7N0Im&#x}c&E>F2`LqlV z8<7ZDm+gB4RrRjks^ z_Yb#*iq^^}sN81%-~rJ<(D>F!LTW^Wo$Nykyrtl7$Ie_MD|sGs&2{YCaq_}|hLq2y zruviA@$rdZEhFt5b@oU;BYnUt5>{K%e2tBE-(IhZpLb0XU1kivv=f_}n%bLcp;Thu zr4CQ_4xi`p=t*1Ndecmjf4*bQf&SuPsaCyWr0dET0I#<=hG%|<@Z!*3Ix6?j!1L=^ z$(VJadVZ|Aii$RRfTub20`AZx&TnzcQPH`ut+~0o4}&)B?J3`8^0+Rjw)#$w^QNJS zAotbo9XAJ+J@*k&Z;v%L-ff4Pf`>Dm2|XliXcwcIJZb#RnTGL4GwrRw(DN0IuG0m{ z-ICtEv;63p!JDDszN}8!`R)u%M?#RAy87;A%Ll7$Rst2IcMRsP`-9*a+kfVC=((ui#y*hl0MJ{;4$Bm6)mK> z4x5{Je z&zhr_)^JI3)2%OCPa~|i%)~#KQRXg+SaK_$PxdH_&m$8*aRXsHyypG;uVL5PzW_AO ze5g8qY4=sB<7ocYh`&jZrEjX!1Sdcg{}gbeFgD?r#^LJ#;yecj2ioEB2ftsdoXWAc zQdMLtvjl=G#ku_Eg`?!)F$7KSek&(HNxcdWZDdE zpF(O2ddr>6n5CTWpQL7X&GzA&j`!PN^iWO^QI>gqkPRcUo6QAnzP?;WKrLY2InXD( z5`S$j@`jKlmfAa#!?(-+IxT#=*ve*!eZFXgfJ_D zUf#R+(tTkl#d)f=)m-q#ZJtMAuFyf5Amgv194DkK+7_6Vm32az907KfUjeOFl-UsC zYa|;$89teLLxY2)ZlC*>iaC?@o`_|e0aSC@pWlVS6Nc`~7KK1G^ZVuRvS!Y0%XvOuX$(=97x-F?^Q ztS*WAy{y@_4S|uLrUq}T7nqjGB+I*)Fr*Y_)3& z>QDkF?C|Rtd2ao2qWDNCt7PUWnh|`wxC^ie+?i_@@lSL>@BN&n0k@vIPDv^^gz`iLB6WGYGXq6jIhnx1>ddV-}-Vi z8t48ou)1s+`aFl#>byvue&U3RQB`WS)kH+BefL~H_aF@|r%R!N)f1Xx$@wt#aAiTx zxQ!nPe$Fnp_@t~dGW9p+tNh9SCQR)@cllOr(Z-*AA6=Vf*0HtSwfi1dKS0iQ%M!cc z^wV|Z_JZa2Nx?m-q)(r+Uj)AG_%GK1$XKIIzTkTJ{u84Hx?d?)~LRh%lfoo83d5B4Y~%#@lE7zVEM9p2!t)U#HBWebDGYtHZ(%S_Y$9 zV;GCo7{c7s85BJWc^UgOl(~+3z6nqeDX>p5T03uW*K73&=v{m1q2l(gZ8LxEEZ{J& zwO#ULb2y*?9Vie-yC+D5nG-u?4u8q6+BBo|>R$;4sg-v-04cPvwmNfK2d|g@@FP#? zL~m~|PxM4?JCZ*BveSE?MuKBQfXIqdvUMG=H`8wY#KfM;nU089TRdv14Y+X<$iEAz&R zB9toxf#e~V&KA&25fQwNs8@d5*7E8Ef^+73bJDC5eYN2+Mfj%QR#a5v$hAi8+KgRQ zj^7S}1X31wdh0LG50D=Nq97BJ{NX${+n-HK7XhHAh@h(6SN)rpQb$1Pd|4LEh>h*@}|9;O(@laneJWV;wE?0s0hb%B=lhKI+NtCXw}wZFf=ui4hD!ADRnh_*~ujdXlyHc=yoIP;ZWl6=3u}sFrdC$AcOySK|m*V11O7 zU-{w)5;YHhp=eL?=RHcc-_Q$~G6LvK4d}H0WeF?^B(Jtw;kgil4%JdceJZ)g8f=Z? z5KEYq-78|9Oa?p?k<@SpJ#Cd)5>{n;{fGJhr#bb<(cD;V{s0 zGzFIww!@NZtdn&6c9(F$MGyHBPX^NS^Z6g*>{X99HZ;s9tvn_B{X7C*M;-hl@bj*d zvuaROoNa{Lob!HItb@@;`AQy2f*$1Bz357lC;N9wVF2AKs+SIGXgB)2JI}5O%`V7> z=E%ZAs1()h?Omk?_Dy|nbCDJp2PvC6ZQUe1Xy_ZX7SoXTF(yD3_q1I#hjVwHC8nV9x>5XWRcdWpR1vcBr8wy`h0$j(Wx< z>mNTiTp+>t#UCgE3&9w-KJ%JQ$3VTD9J&~+aisVSJ(;BgoooKYw1`Rb{i>PQ4}Mh| z0I=D$7*(L$pK{D#W5n~yxvY7 z0?eTb_zg}p=5b0KlW(}t&w@r_=Z%XA&vQmvJ&zW zBoj98MKgogfN|d425i*Uqk5xU*2j0FD?nYJe{8d`(of21+=N-e^D)rVWt75~fIixT za*sE_*b8i?_K*m1=Oo)^cl+!`Fpjk~mB0=%&09rd2-vXVDJ(DIZx#v~k#LN-k?c)& z-5T~FecM^z^&#ZP`Rz+UZlbjF`)(m?a9vC=qv$OB$#wvpfe4%e+9)ez9vFd>R7{`i zH3|byTF|AHkGQ*BGt{$!eLkWZ3%FaG=THc=eEy3|xNrOqexaCLfjT>>Mm@8))9L2C zg+UB_!yf9`{wHr)M1?Is=^65hK5?#yWwO#rdqCO#X(vT`Z*+#sxT@UmaNh&s?;G{@ zQ3Lkc(90!k*3jmPg+iOwo?E{3e)(-yD#}{U&V`DRe7ug1juTg%VQa)_mW3Yq+WneG zKv@!CMT8wkL=_bjK8g!#K?32D^ppFQi}3nZ*Ex9>)j@Uwu{x0B5pfu__OUJ1MBZLTP=R+;?pGy+!Oy1E zJaj?44}otEAo-mZWoMUjRK1AJO7d1@6v>UQ^?z>cxhmI}Z$#A93Y&};x&IvIQbgZg zTKT-65cVXD4FcMtIq5itTb5kqbz~{BZ70~D`k?5ipQh)g*r`M9h^7U)g#*AUyp*CbVP^zJo zE%qvr1NKplfbT;F5Y$$djy->#2Bn(K2nV2HocLgoPbh@WW=g#+JOwS0>vw<=>w~xl zQEb3>jUg;rZ51xI#LPToxzglAu5$^h1HTgvn5bvpesXCk-v_3kpP}E+ojFMfJHmz4 zBudJ|cB%umNHhyJ2QL}Ufq~*@{X+8s@6Fkik*zKD{u2|_Eph()5u)87>xhKjrB za@%IE8_JP5GS?~Rt9me}H5e_t`-C;133(WHS5xlo|A?c(ARjtfsj1oh|jzN;~9 zIf?>V#(Sddz5htuUD3Ci6IcS|%ehPy1^9N$VVmCGI+9I1p{0a6mA7|CtrIULhhwR2ac z9>GM*uuOypA?jrgTQ-LW`yP@1npkpHyI2trIApfC{|q27C{}j}vm`uI z+U6oLi}Z$1Qaj%;2bQgyVA2^Gs(Mapvwxxz>*HZ2-28^5V;7&{zBuT;HN4gBD~%2H z9UdFw!2DwpN&thQO|Uhx!=y1J=Qr-z;F$#Jg{7+X!OzL7(G!lq{3N(7X+C`TR~-hB zDwW#;3~jOlCmxpGdAKEGFs{=|*IweW%)-vWVY?GJ6?SGdx$VgX0@1m`zn;^19U*^Zz*>-+1K2&xf|3URI#NQ1Lb&2q!HP$3oc9X`Nq{;8SI`z zZZk%6rA02$d|Wzw6JOqageR(W!>M8jxqVwQzmj2wzAa2C_TDEKC_a36Q@gVizR7vE zb9%4_6-Nc&S_-$74V67;^{L%LIYuG-?BwLj2#yM%X2ox!h!>zi^u*gN=_0e`L@E7B z*PNI0eHwt%=N8}5^x?LSawU9y{7Hw;#C=;5+5)4Wm`xdHf5;1dsJ?T0s>fF(0q3gL zu3y45UCROxr1>pd>}-*h8-S7udMD1LFS3-ow|5mVyv)TX1$VM*K%tV>8rG_ z>&C2F@FgilHMNfo=mG88yGM^7JH`bT1GYNpMFL*1EvKJeK@|FF6(iZ-{+=ZkIDAU6?h;+L|sUMsBa27^wkY7V^fVILa_ zwidTyfv=Bn=x}pYu1sMBJP*zkZEUUz%me>(4VJwNk-_OPu zZ2CD=`{~vCB|si87nG3^Q^~`}r()8c$O{=g-`gY_-|a4W@AqJ#52ZIUZl zti$$Sl@+KPv^WT&$KObxyY;AMUdZ@USUiu6sz*tlwqn}Lqe2<-b%vn~)1~o2y5^=G zIwo^4fRW1V3yb(O0Q2Y8z?()#XQ8$7xMXBxP@|=gN_Hsjg9epB*heh{G6Zp!osl~b zR-pmXA%r%<;1)eo7fxfz6Lf|W6Npov1$i;fPY<3$6t4WyHegMO#F zHVjGZF0`m69=O-9PBcbFM6iKd=);cQaje>jf{4qU@v6|Rs9wzs%K~c1kY+;}@odw_ zYr9@u_dpRy5HER%ulzX_fF%D(cn{L{>V$sPwiUCKHxgu)r)2%&14kzypf+M`T*{+n zhjX@E9Zy2-Nr6L`d3%stUM_b0`0-`}L5GsjnDN__uO4Sykrsz%umQ7vjeQKn38=Y#5}&xS(clz{GFv<|x8nKzNg5TVjh& z6uEC%?Mf3=@=7A z)haC&>*ID%qd5_gV3;DC#O02Ic&ET}xH6S9SnkYGjs$-zclzdHT_?mV?SLx~Y1 zVWHw==w~c8QU>Im|F=4nzaw;8`?xP_BXuKbmdeq@_tlet+xM1h0S6P#Cohxof%j6d zA%+=27fJUI9b-Hg@!m=|yEm_IKgkWd))K{wLF^M&=1|kq^Al{9&9$1dy(fh-%@|W+H z#XoNE)F?{AW_%J0$Gm1Brn>VqoJ-JY7JR@ zf?22xAG}!_&I4g>)y9je&Kx*_qdpBJ9S~F?kMSA(y1WNFR?r1%;=%8#-Q3(-*~5cS<+aW<&S$!}IR~kP#{-2HQ>=eno+=;_$RxrXBze4N#{x>6`)u=cD_S=7 z*IL#4@)(i4rrn{;q4_21z(9#OoA=}1gTdU5CYFUo9c>{K3p{@_#10-cBX1VQ-w+P= z`7QhL0+!ph)ce9$c`f@%_=dAC8u{#va`&0Kk5(@ehVu+^lx9>aw-Wz^%jy8Rr~@j7 zfz}(uyCiy!D?k>Cl2t?#sdjd9tj>{#wCU#*tog-aCyN?rt(j|nq1p_F3klPa+NZWz zHSf84dUAIVKT;(I0KRmL)DY^UbnPv*4h)KLa#Mjb`ii+^Lc%)JXZe(NbVovOK8o?p z+qY=I$lhX;=Rk9yTIl58WDdx4AI6Fr$tfdem{Cb6Zsyyb4HUN1#uyOzF5U8uXs9M< zo}gw)2QSQ>?eGCu3`kpNNL7#kXv1a@b31oC?IxQDzytaL+Ts)Q1V6sNNpwUbtVOZ4 zP44t%j4#v+)6;Sr8@kl&D%Jl9hGFHU##!>|bQ?6oWN-4)@B2H%w-sVkAhj%eO}-`*0m$&Q5a;B*P?cgw7wky=PMb*ybvU z&9c-|>0iFw3D`M7^-R4kfHD&D8u09?>Nd?Pz_dly9vVqJ{rMaQ-1QY&aQ{;nRqaiQ z8Yxz&sbSZ`sW8{+GwHpG!gv0OED3pDOKN?=g%DCkok{xmA%NUK!V))kj1CUGf4$=r zq!huUwUl7Ad{-&7g{^#f!Sgqpd!6@GuHUO&BwGzo%=(NsQo3>E#fx1~{Ybz?4{Y9{ zI?@3FjeSe%Eo~n@z4T+my-GD&d-r^X4$|!Nh}sT9X7xx9-2j>V%i_M9JSi zd>t&Z3WYA@kEUOwA&Jj6Je(PfaHXyMN|TEdX&roLQw+IL4}17)whggWzrv({JKw?DdG(A4~ZYQap-uN@~NkDP?yIVR_Es;hJw>ANe zG=wr{A+lT!^+r&lBIGnq1f>MhB`>(IN3X;-a#5-TMUH~M-YEiGN2wkxu6S9**@GI*8tHxZ6EuD*>xw$fkC@BSW8cP zE+KccZsKeY|HFI}hsi*+#ceYA!yp&*an;D3CXud`XqB9O=TtFf*)SQ8?9`Izv&ldd zM9MBIT&9r-*Y?xh-wd=@+0qso&PLRe?V#IT3lbNI3$AZy$Rt&B-72d6)jhUb0xCUN zd&s&o>J|;6AoT3})9Te-(xvT58VS#pWG8osISA07Wc%ai6@UPr>-GNDArL9wJ!!PH zY^RMjfkv_zw%)}uOB}-}$CXk!Mbn#j-c`N5TFzJBFyH**s1|n~;h@TS-y5n(P`b6o zEG#V0sw+Z=@mw88$cIN9;ZeLMnJfMW%{N&z0VO{&yO3WRx4`1x!sc$KpzLOo&@v98 z2l4OvavP|aE&o|&fUQ3p{ibn_h@vMi;?I=MdGT6)GJx`{e4o%nTL4XLbHL(4I!b#{ z!fm4=&T;+~!!1Cd*8rkPtxkr=t}Xc>QMSANXg-jFuzQNitAMIM&sbipkT3x!w6RYu zlPwoShm?ZS@f+tdOO|2)*f^^)RxV}Go2WzZ;s!1<&j|OxvdB)gRV&|650RS^+rA6T z%z5FQs)}Ki9?SX5{@Y*a7P55?N*q>R{ivL`1YZrT5|yIvrtgwWHYp@2QwI*5m`+LjXJwI()QT5v!js;(z`L zjAE>)W4?NZA_GRO$(B_=0R15yDywoJ5O;U6YO@#N2GWgFHLa@Y>TmwS+?+V=?=#4c2h?Uq*DIy*kNrBcJ?Aj3@p9GKfzu0^0s4Baz zeG~&sFi?;-K}iAWGEll>(@0BqmkmlO-6-8#xa;OnNaxL*SgKd`3Rrv)K*Ko@fP!iCQ#XciIz1Y<)+t!VlL zhW7XOyHl<8VCj|ezqS$meq*jLBMcD!e8ZpQUKF%kHsx^wu05kp0lcot@SIzER)-)a z`?>Gizj?FR*~6r+Sn1|0<%|N^xf#{l5aKTmJknWgQ zY0(%zB4ERS?mQ_mk^a^#CByXsPX#8Dh@Xf1=I)b^L&OI^gQ}+k^~xkoKFze^!T1y+ z!!tq%4n0}RJDw|GPeE+`LE=WBS-qH zJgZ=s?f15<2`RUNp;Vpv!k;n!j!JFPYaRvsRrkAkZ|f@$-U6zbJnVTW1@sApr%yjk z{fNn+i*@P7JN5g0uz(75jy;-W_`J;^|v*Q zx%vbSg2fi`*E! zeC^C?*1x=_}^S7~k_T8%L8f{V?%{VO| zGHP$}z^DPwPSjvBYmLS{57CE2IEUG^GuaQJApxYpPIBz_{XZ8#Y3P3X-r_r%JRYS` zMIU*EPM4s(P5Q7v7p8uD9|RBgPYBa=f&buaA)1JUNM_PFR!5JjEQk1K&iF^e^Sy?V z$htcCk}1;DYV&Z>@+KQPy+P@vu{!F-UT_$<4^^ShO^|NRA}EC(2Od6N10P(vm92*O zJ=4`}AGVYO(k5fgvheHiL6?Y)Y*Kd>)rGvOEZ-D8lrfoY@u_c=#+u2?k3Y&Lv^_Zy z+SVqEWF~O(kJ7_$mkDWDAIb>ww5cH6S71!HHd(UPsK1!to_G&LOyk*(Bm~Q@_a#G+ zNV0zoJ@DqMfedHT-<5`h{-E{}D5N!uvjf=~f z3B5u4yLJJs!fig*5)Co`U5f*L{Nr6p3H5%UcK!XjUx@{QMSqo$#{Q0wA>+TR)0(6u znNe?*1l;E?J@_k)zQpZE&ef79kar>IkNWrigW#BOjqLx_r+tX}UqxfiygV(sA3Y9t z;}4eC6HImu!%L<5(K(=;Kb#c?)#{%Y&-3uV!r#;H`J*TuIqKp`rzty!8!m3>V%F5K zPd-(;=lHvDFeTwUc@ma6l;F3fC=Zme>um5Xu(8|y@z;7n4-Qv$TbIgQ~YT0=PF{OjMFAXG%GqJ8q zav&@)>qOe+5C?d>{wlvMQ2*^dxW!y@AE{OxHj|n6)6ngDDFsQT?YLo8#X4Rwi65dq zyxHHyF|e|NIZHJ(IVs;d!NH}b$&;Ip?%$-Por`fCYTw&l$F}e-bN}!JqFu$#Tt?xx zmeVLc0C~Mks<3^9X6?b-8g11749N3n2L@f6P3xS@F~j%24HOU= z=*o0B;7;_PYy5x;8YdFDWn6FhamVT@VOB43M)vXohR;XZv=`HGng4)>%163q_gH$` zhbU|5>7C8R4A^liwx^;BN5TPc@$(p{WE(-omqL7Mk0hOxTnKuap?4&Znt}@?dg&1#i6D57(aWMH{Z6KiHZD$ zPCs2%cI8cwV!GlTDoUUDQ_ij&PwTiid;l3M@Bk1hkvPTJwX0X}LqGltQ-XGt zN1-!<=0aO(W@EOq&^YkY`ST-p6>EVkaT%--PSCiuab}rfvWe`;In7dGAViJljl0uB zBxJh(u2Y^-<=P3D;J}4Q0yB~RWP~vXXnq^~aFed)OHZ1D2w)tufs4Ej3(tJ!-~F@B zIwsO4ieDLB#IF4scR_n{Y@_yA!j;mxs7%!IQX_j9)0>i(t-|T}Ksgo<_3Ss24|$tA z4hMVAn&nP%%N4lTn)8HZj>`_=!ydQahH1HoLF3r*c32|ZOYZ?f&wq=>zy57?b_1$QQSu$uxS*apjuzrk^L;w4EAgf6Mr=d^)%yK|=vb$7Ps6hSEUPxF*}5 zl1KiWz{ZElt+6x6bVHtuPUGL}Ik3*qvjMY2j2DeZI5Vx$;;MNM(4Kf~leGY89au?$ zO8xDvzw5JQ^4*^S+and>xR&^y9CKTjvGNW~7bKU2))mqmfxa5TmdJ?=-prpp*x&8W zQs)|wJ(In%xfu#7H1lW5f4=%Ey11LQ1a1+LZvYk@48PHn_Y2@>EX-A&vtE&xb$@4j zcz9o$h#Re0eh4P#oKse&IMl6=r(6ZP-7IiF3af~Ti3`A`NeQi`nIs+}4chqs8GWZK%z2rSh0b|6EV8l7+n_QsmLA z<|ZN{bAiUbRwKVg5UlkpgNx8hyP9;~N0NU%Fq%MSoiTJ$vBBk*Z;E||H`SK-tpEx6$boK1w8HESaB$p&LJREuq7#@1Gptd$6>vPb%|KwJ0_m7?46yBP8)Frv ze}?MAO)gN1vr7LkUasO(Mf+2lM}zGt@|tjU=GYARmmf>9Ty}lsnsDoXw_CxRxcT25 zE5JO4=syJI|7Vsg|2snP32_^Zq^1xgJ*fX@`c-biPw9#!xz;wZ_x~ANd^rbQoBu0m z$=~Vv=f3f-a!odUN&ox9-+xWe{y%n`|FewrpQi@Pm{a<1U_0##{b_Q#L7RVe9N7;g z7ZK?NH;VJGp#Qt&n#lqK+T!mVwo1_Ob7#%`yC?s>*Z*l^_@6o0|3^Int{wwm5p*4h z)+y)Y_s(Z!-_g(hI`!aLaE^VzTjOm}xIe}HwPnD^f}Ld024Nim5fJecQ3+=H>p%jalqwjE)sOKvy0B@2NVifbjeI~w z+C5uUwa6h046qVg1^2sDUPq-~Ezta>_2(Ma;`gp#;CYkXAbMB6;IhP#Ffz&?B9J{4 zR2e(o>=Y-!(wOFYu)P`?rkD7%Ox2vNmF{1XYb&c0h+qpORn^s0`L@$Udfib?AVL`$ z5(J!-i-gCjAU4GHnj`STnn6mgVpn4`_u8pU448yKM7Rl5ab=h7$uN$mU!Q|}78M}f zi@jewRfTX--SxTroP)mnM=&Wv`iW3CUe7RG(v!EsVy?dQSnt;I}3Va zP>>+bAO9xp-od&n(#b^MRrc~(GaW#}nZ*gf_T;CfsSsHn$mT2=TZlpC-ktl{)~i?) z)Z-=xd)u&guqi{0QIxhv=@pG#Z9r6r`xP#8kjTNn>Okk>A9?)a68h#{RMB(nld4s% z*!|{yqC8hL8NP%EpUmXDaV82}VxFtpVCL>Z)1&Dhd$d(lHz3K06!NSrb(qZr5gu|G z0MyNa$@rCwDTZxUqM($Zad_g`re+r7mT2?@D%lr8?4^qr<0Cmt=vi5D4$lBa!*+gq zjA(EXL{kg_aIy2dsZ;LjQpwodwchan)A>Sk09ivjh^7Jr_hgUl;F{YRMT=>H|L?xD z@$n{LjELq546%1cy=XSJfK=`zF95Vf*mC@WZ2iDU3HAhiz9;bAc1AILx9H3n>56U4 z2u_?pKH6nrwZSiMoc24~92E#VdpvA!&Q4CxfY5?q{W(oiK{2)#(CST=cGm_4US~Za zg(A=t5s8pQShl#Nc*i6|m|xyRBp^`pFHX3aj@J{`$MdrY6=}j#8gcjnBov^Hrdf@C z+gZeDYkGVWq=RnjtRF@jBf(Oc3VcI7YhFko6<`kSY&eU8x&xUF9OJLfX?UD$RxJn7 z?xnNaJVazPG|)BNdjv3QPmW$gzCEaVL!#(eYU4EhCd+IN=aj7g%`XGu>wrR*T7eyI zvnh!#KdP!6Jjn#V*~WS?{vX= zAet|e{``osamzvX$>`v?vAa+kGBcXRAt0*=jk_Yk?*|6|GtdD3(=!NPgxFeoPsW? zZysV|yR+IrgFH9bkYhndYTod@c$K)TP?JxufHEj7;OBsnhj|$=3lL#7fLxtz7*=yr3W*eK>c2fU9+XMX)G!VYXi>oXll#SchgL$*2l#> zYXht{W5b?^R}+HS3NdLU7STy}!O;8`rFb45)X#0pd%Ulin4REm<>QC;w~l796>BGr zGcaAqS>1}sxlB?Kt?UGG0Kz6HT>I<)_&J z7lL?#=1&Xvf#d|y0tSSz8P*AJ3oVGkn05s;NmBZv(-FNe$3;BvqSFVA?{@!|PItm?|b6Y0QQjZKCW=Ax-QXUknM*Sq28a$jBvbWd* z3$ImsZSeMG{(457ukUkjbf+O_{u|%7l7KuJJL!igGAF; z$qagPp)Bf#yMj5fT#k#sj5G8WO&lOL7aF(J%e2nzHuJXTrzzYL1Ecb$HK$h7e{BKK zSOqChnNrmQcj&^-_jB~1C8);m5tnEXb*f8#2JLQvS>Lj1=p7$!AYjgSRcflo@LN9w zj*VO=t)F=g4+^CCh>lQPv^XAEBcS0lUi!sTIA2rmM{WWQTi!4Sg&PS@aTTC*=*t#* z#g~ss_M@O`I)Zn9C`5bw11!bnP?jL5M1bv-NkB+3(^_@V0o-k>IRg^9)=b8{D=yLv zae1XI5$%=@3$<&SC7!p+aOPA~+3+xtc5q-&5Ym8>f?laPAENqpOp(mlCn~6-DfifS zK}5YrJKvTM!qzaJo?GW6(|=G|{g&`BE2H(*xw)B-H-J9jnmjKAmL#!mW7Y$%`G@;H z<#bgsDH;MpY-LM%mgB&xYhH0-NLYV$7MIA*XE~Uu;ZNhSr3I7Aq~7mO2? zm4in55SqGOp#JQNceWkCi5U*NLZ8oGNh<(ZkHrY*90C|3$4B;Y7<(~CT>%jB#=1|b zQgMILPIv;EKg&u)OHi@b;loRDc~aI9uw9UdcCC!wn3z|W2Q^R+l<+sj5Yg`wKR0A9 zayYMDBBT*~2z@x|B0({id`oSFpBtDMTj63{?;CM?X@pxp2^uWWN=XBl%Zs((@DxZw zJ5&Cpyo`m1Y1-3&wN zhtRg*nAWRkQ=sMpRnIKiOwTo!e&P(y&Q z4jY5$%OnE=w8+(IQKII150mAt zDQF%E-pX2Ur!~e)R0E~sc$3(Tu6HM!tAia&ql%fHCg=(MfkPICeBQN3T5U*;-2qt+ zX!Yt6dD@+= zAYwoFD-GI)NC__A&(Y?^ZUpU0%Py$(kzWOmxXzMr+lbJ{H%{`<0IHV>{{-T|jK2ih zd(YaQ!ahP?*uewwr#A5>{LnPeECJCL7~ij`iJXPm4S#gG50(K}XVPVP@D8x+RqJ6k%>d7rHVxsng}3(8?r?+M+>1B2M*`S z=<>Lo4GmQ5+H83bqWjz%e|Yd2(uFQJ?K8kd+zFyH?)r{FI1H?M4JKPF7w9#59|8Xn z$y$L%P0pt8oh%iX4Q-9tdGxdi(DZm1r-2FXzA@^BTny4+22`%QwrE({t=zPN+DHUQ zg@Vz}=5Q4Qa$ZDKT|n!*=ds5v(3=tfbb7kM9UM3qKws=3kd-3&o!@J@Y#YGw7-HZQ zV6**#cp`hxA=YNnsd=unwaKNTJI!|54x=6sL*uIuc zHCVd|9J)tPw_vI zf}4efMJi$~8#zV>5qyE;$J~LIz~w^AxU3e$F-LddF|-7e%_-*rqZ9)&BSIakS#uF; zQy;GnKph@Awoy-EDH_N`%ndv?nB#WZxZN(0Sz~GL-iQ8|waZEukPx9q5PB0@!7+$5 zz@#VLATxOfOOXo8yT9By54LrE@RtIKJ!sK@Z1K~tTPa=`4%i)jkklM32iC#hI{Kx* z&@=_ajH#{x)bGIoB{qK%iD(WBy2} z1nGbxqRdVP^jW1MV5Dz^=d59w(zHVl0+&R5HTXIG;9iniG)q%~V{OBrD9Tr8iHZ|+ z?^>+fz1iPx-pI=@18`PXzOe!#S^~(n)asyIIlDNtm{IJbQOgWeMc~m~fTX~PqV}B7 zo~S`naAW=gAgMbCyZ8uvT)aAtkiNmwS`?q4r+dwyd2(uMY9o4na&q!Z%x}Io6g@CK zc=SFVo9BJ?^5w=hsdl{a2J}l}5U}Ax2+$j$fqWUEZSCzJL$pubma^K&x_}-+V*Y$-jn@rDcsN-1d^E4) zY$1WD7eo@iTdhJJ3?)%T$B{sK2##!+tCj z={>>8#MB|V08A@ECe>VFCbj%FuHhdF!ykmLft} zv>%L)>J(Bt+)M**(9YBPv)IJ}neloVSuk7xN$;IHVUdBkiAz9@so=Cpgcd;xWLffX zD@ZX1q_Ip05Au5TzV<3rU>;ZQJe+EmCcopj!dOf}ra0GD8PkK-wk*>&``JAM zIxE5L4R-8Ip8{NDcbiU)-NbhtuOXb~t+YJkSoF(GVRI!2%`!Ksr|to4?Nh>(xO!uxgEfcyQ;Lc@g1L`+l>dA z>a`u*;y=SwETjpyu&^*0ibt4Ja7=gbVk;gOl!t#Rc2&d@!p+^?uR9t@az%)7AJ_?* z@9ve_EhU1OA4n*?du>HweK`?8S(GuYKhX))7020-&ozor{=kBt`y+o1^Su9@KKa%* zc*`q-Vhzg9pvBqu$gJ0?c@nwajhgFE%BzeNP=ELCosF$+b3PnUkbv-kAs#4k-TfNM z4g4o+P2Y-eodJjX=4J)peW?nr8fY3>tq2e`i~x0zUi;~2zbWh_m% z@VMF7&>(WTDGVtSFS3*IF1v)RuICM^BeKzQ_i}_Q4i4jC(V0R(3e(ZiLBh*GzRqoA zVs0NEq`=^5ikBT8{gwK|zi2@N7s99{4wzcdLUs{+J?v(-8+%V#Qfzn-;cSJ73?`yjzf+$^g==C^7Uzyg?lWpYHy8P*%U^e)JCeDi_Z5E zM&fI1$EDC9B1#KTzi7n!IQymZ9*(dwQTBb=_o&lWQ<}x z#DUG9y1O)=?KteJO+4(}pz<@#$M}&^Ftd^xiO;PD!DAXiFp&gso~@<;NgzPSlK|>* zn}C-+#H|x|6gu2JU=JS2#|gW(`2X~Esed03fC0O*&tOmtW+pu(8YxtRvC7#hpU=Qn z(^>Cl0;*}mmMcNT5tO;l4i7x@xw6!sf~Fkwd+`qhFAuN9A61;)X^Ds^ATcXu-j;?|R;H z1;x+K?=rsweUa(3G^DeAqlwDpPNxP(XVaj$(FFY~AS=t++2uoXgBBDmUSWt8{2H4c zTf_ux8Yifo?n`*6ro$P6ilBc)si@S~2$#ltfD!!3lU>PvQ5yr6RcT-ibNa5Y@#1ON zIR|Z*E8hE6q}B&U!c{3~!nW=p8>cskI; z%)xRR@HnMOdL@8zgY@Dac;s4-KLICs+d?{FSh18YD+3UDp&BA9<5|lFMmK`9LTQfl z2WzHL&}sF;8H9A_L_|i;$!Z(Z^(oAZ%>J{DVZDue>c7S3kuz+|1t$9V{O^5px zRM~xV-Dotj)&M64%?PkS5hGA7ck{$haBxD-hfI?2MCAPJjAbBMk$QLRo=KM|q&RKJ zCJ$g#Uu>x~9PI@hX~oaFk1KZiMeUb59z!5%xl00FEDLStJ47WQkVd46FgG2x1bXsN zEQsM2c!J5>+1Vu{37HMs+t`rIB?-gLGB$8s&{2)Bo;(P_R`xZ%|zFB zbwqU2y$ZeG*e?}W&I0ITr<<^K^XZsYA-1ELCl5=c~$ zDP*&z1a84deF8-7HjsK!RwCI!A|h()&Y**X1ux?k`ph%N=e!LdR1ZFjeewtSES9jg zCg0dQoCR7x!msDh-Le8$Q2P`rJ5{}C7ZLp;%K@|wh|Sw)u;OcPy3DY#4X3aDVOESL6AWB)N`$%RDtQCROyDVrz9r-ZmbT;#oA~*AYFBf8C9u*XN7`k zjGO^s-dFlKhR;zBczb@`W>DWvf*u1Qfr3l|Ni=xldL-mzWd%TU_zcnowv^=3Uxd?u z!5~*_j^@#JzvYN~h}<=cMCh}|z`97*@nic}$W5Y^0`oygK}fw(PQtt=_UeQH8W87H z^8p7iG7C(k+&#M%1e}+7D3Q9swdgY}NL5CX0n$SR^FwP332aXU)%UF>0w|FVL%d_q zcoF$556x1=Go%NJpC4(rzc|*?K;}5vdk+{fA%go8#0XcIUM({m*&IR`l%K)o0R5y= zrU8IlQ2k3o0|A+F{Jy zmQ@Gopcl9f8H^HI?nY;>Nq5HlkUtd+9H+p3*L^09tsvxrK=Xoudr4w!DcOX$ac|-c zDI%a^+MgsXFdcXzBZU1ee*u%a#|SvMxqK+XVbY@*KrH}0JLv&lq1_DyM80!Nd@J2@ z7#v}26;5euBZf^-J49}69)EMN^6Kqb>UiSA15=FxiKY-HI@r0Pegiy6sFL2>IO!L9a0{wvsB6g z2z68J$dMNa`wsa-<7!~Pgn(G@CH^o}I^umzc3JXC?*Yxo9<6yhyLf7Ra(X%i{5Jo1 z9?7ebtm*{_B!`Dz`MEW6>=vETUP9_4t1tZg{K2|xY4Be;y)QtegjCW9E!&5LxeFnr zynBM&9gbQ+pDiM{n{XP;%aNnmT+JbWC8Xd)1Pfh|QElw><{;(A$hAkldE$Yw&^m)m zzJrgL&IC}Qx%IY3u*{0gRO5KCWD}1iLK)>Cvik-B0FiV{A{3dGK;$bDaL&`MJ56}y z?)@_)j8?qbT8L^Hmm=Ny=$uey)!~6Ux?(duSu&PU!XzD_RJ}~*5+}3%GH6f;?(2s_ zwvDWA7kiM=fY=MP31J+oG4CLIWNBNRQT{$}j)P9`Z4M44I0??P)S@b@Ml_DsUL3Tv zvJq?^011KNRKh)%joU~^p{Z;c{BjHP(6Ah_Bq=(Q-uPF7nyQwrW-U<_hjKrsU4- zlzpu1UUT`|RIl3K$v~F(l7I^@za~@JsP4CK-!4&;Bm*hSWOIQ9+r+>EO4;qXzPzv@ zr*$U4DD+iemCVXhegYK`0&9u~-~J3mI0HW;V~uIy4<~5w!2w?g`OXrW62_g$h&kd5 z`+453W@)6kJ7MVzQysdwAfW7;-M~TZzm{6=fncV#lcg*S zsxdUtjV;a$P=RIQxTI(mLd6`EF|IB7VM@#*4+KdkuzKJyNe({oBKEhgJwP@VM9)zK z6uQF$MMSFvu{a2Db6Tm$%#>IcwZnyBa1?e`5@JzHL~0xvs4kK^`sKji2OOkS5K(Za zj9_~l=#C*cW`I<(zB@Un4;P!U8nMviV||6o$6Y9ls}Vdfz&uoBTwlWrX$V69s6A6P zE>&uvuwHi}7s^WPY^Ml7*~(CuGHaG50tdffGVcMk$iQQd$H;@fuN92a)Bbbd)Ee(! z3X3xkzuFTWX-)dpCK0%HuB-8|(P*2h;rn8BcP}b-iHFD^u+n^!Zu;&_C5aczb~W#! z5I+>)!O3s0O(I^y`@lztmi)-l=I~Lw9RdE4*Dtf$Yey#Rqf^#G^NbQUFriF{aS*fw zbs6iKzOo*5-JlFRS6g3i0+Md*G>zvoSoJPO9XIXg9pZBSo&{y`qMUrUDdYF7#k>E& z3M3?1>SfAE(n3rpJ%a?f{T)KzZoFSNftNPJ!%TBGLQ?I^(-)fyeHj=niZtK}gP!2u zURT33z-R1mci0H*|J!$$Wp1$&eNPbeZ$1G|Zuz=(;^u>eQURNb3{WEI{XMkd&#zAe zLY86D++(g*z+$^@Q_q6I}m|8hAJAC!A4b3+tL^v+h5bbN^HF-~TJAoaRvxljvIFSed_99kC?78bVCge2B&Z?)me zz~UCHB=8pMl6qJ_!VLu9|9F*JXfTr=>`e>Jhwg8;dcJL*>|i=``PI1h|MHqC-R_J# zI9@c6r9S0QwwfZeFIL2;c-H^Me|+Ng>+$nrAbtA=J91YY-g9=NmJ#?-p7exYwKZJa zf4uB8DS7QgH4}-SRS5n2hpm0i8ox+F8Y|rHQC2$lR>8u0jL%s_$8j#@_O&^}NfJ6k ze$zKe)k)d$6wi~Y-<;^7I_0$Q6!Xs8JC((@L_;NiM&vd#vpnieVoKAs>%#y6CNOuL z${(U3Xuv*?B|qt!PI*0^!mnoZt2^%J!NJJr7u_b^S*@x; zOc)>12D#ri89#LGXq|kn$z;Z_F-5NR#*UG1++V1WyMNQgk ztPZC38n(yNR8N*(G|R~5ayhUpQ2WS>jeXv*MklN3HwOo6erBlgR?998C^V-dD6XXU z#7KTu4O;BhqA%F@&CYQ-=--sXq_JS5(>yN>x07iav3ihYol$CuTzI}8<89#v?eKai zo7^i6TVu19F6Il;P&#H2bd8N&N1xLW=E_Y@ruC)dxp<7=?APZ{V$Ytb zT_rfeDO_QWTPkXkUEcptUR-<<;Qrd(6GUU3H$+y)>0-a8D=}0Yq-w@Qypsu_3_-&l zJl8`Ey|xP%0T~yIzvfFC=!z67qi)enm`n7evBd;`)=Cv0~C6>$PX zlL^Nh=CCsi%8Vjz8kB+pHkW9WFnD+e>q4VzXgvW z=J~DJj|shHMUt_4SF5`Uva$%FL*}hfRr2XPLnzC7x|j0f$M`+^MxzCo!>c&epqQjH z{66n}0~;=5xMcBUKba;IDi0KxhL!d=1CM>Bq3G~tt5ik(oW1-&gFc(ie9v&R{a67n zJF$X-0;~O;BKAYqxyi{ac1luj@16JXi0Q2E-#RU&r*{M4(rZ+@kpVzc587K0L>tb$ z9ELthz{{6M?{RWAnO7d}FDIm>iJ?g3EOXVedSNKSBO}w*m#nzIK$WO(g#PGR+Y)zp z8+Pz7t~mAQ(*e1(QBp-TzaR7kEVZp2_knX$2wq{D-U+=ms*l|Eg^!A2E|hip5f?fn z`uoVEM%!|fec$=4oQ_POh=Zk@>V5ZS-PDh8yDJXKlDFg3$qy9s~DTUPR?9e0n#>U2?5)wfM zH*ej#CLjPdW{V-s3l4mhX2u^6iIncz`}z6R0U|ZA17)hNi3vS4r0;|omuN7X4Q#S` z?9~zj|LrLMbYN_(Kh>>)Ne7{=(Q}j5dU|@SmP7pa`pg7_N{*Kr;>oJ*oW>j3KX#&` z(vfwoGfpt=%uTnI>gA)c^QT_TAIAg4{Rup!^z`%zHl}t*Ha2QZ0RvWs-N=Iis7bx~ z)~`z6d%Jv$bXTO{XE~ar?KFyEds-SFe-sQH*^WeTnx=C0mK7I^hFw#<$wWM0f_b-= zpQAB%Aj=k!P9}j4p}5ZNe~eykCRsA#rKS74`r0rV8QB$HyW21*NAR+;vYfyyFb90W zfN0rlj)#Qpz}*X2+OXy~dwbeC+wbG93NlL*KrOv^1VkLc4Rg?+-#ZbuDYiO z{~vgL?gfhmT?D!`1#ad7el3r)669!U3#4kh3UyBpzGR~y^6Ys#+p1!R?Fx+<({mXt z^q08J)9Z`h>2=*k7L)L-V8|q*fBn3@EE)^JTz@y!+_;N~zCE;uomsQ0U3#9ufBzew zlnuR(wSToVOQ!h%S*zOWoOYx=rbnA*6;nCqaVK&{47&8 z4OgT_`?8q!z&|4t-P5QYr_@Z?b=brt{i8+TWwI^lhm!q#lt2MSld7T1_R_qq`25F` z{dcZ^oVI4+^BDWftshqftL}ASnhhYFcXM!D;V`*JNpu1Vx_9=@^Q&pJrV9mD zkB&FI;r*n1d%Xx(YnMhT`_9{C$n&7V);qwbbAL^O+kP$)L!%*k;ACcM`Un;o9Nd{vq-1+W%2njSbo<} z5Y~noB;>d$Q_>D!c=xLHmR@siyEo;%^PvQ!w0?JIlQEjR{bZU~&*63T4YcXSdog zzi|FlfbWjz-NlT-oqz^NKLG*?CIL$K1Uz-()kHXS9ka4f~3c! zqA76tSk*_X0drAF$>6+ius)v@N$Km~gnihJK=U0-Z^5)Rc(W@~@xCrgN!;4=;8g4{ zCBMVujt`p`TXSTSMbWWi1a_J%eh{e>a&j)1oA0!SuDE&am4#`YzVr19*A@K7>GmWT z8N$HhdG&+&fMl&eTDL;+^q9=~G>7yl$b;JS^E8$CMZP?Es7tSF{=D@ien8`nT9$IA z+BW+o%f9psigBJ)7Vt=}lkwb1+;h~`y-q6`J%c@nh>c}_HTFi`vf^??giIr=+RrPc z`i=6MS2xdjY(3H>8;-S)bJLc6l~gx<#N0utY|vl*#JMLnHa3{u@yX`3{Z+L}8K=WH z{UZ2$pGZhaXQwO=H@?duyN~Oz>-S}k1FQQ<2Uq#{D1eHM)COr^j-zD+X6pwY&!14R1gYeeyHD|8;^N;7 zPpDa)IHsvO{aK%a*T52YTI+j^&^HF|%L#z%_*h%r>@%3-A!^3eKLc|8lR`YAcU3)6?vA zrs>3|7b+Zd)P?J$veS3egKxc5!W)?$uA&NBE?!Iea@({!+R53!u|^7+dnJCMoTib3 zv-L%*)+>c%l0mA?-k<>xID&iK}CX(`066q ze%i2t6*uC$%g8Ej@#$O@d=c^i|Yqvk%cw)>RGeR*=P~$M<2OB12 z*$?3ozj*d3`G;Ge$`-o%h<D@-hGYb-k^*+tYCOr)%Lv$)ed|?ID9jgQo(Gr$#>@1IY@f;z z(hDn$XwXuur(M4+4|8vo-8k5yl?pO!Rzx18tSv<>Qvv%YJGv*F7q-}6;Jt= zLmyP%eHQkVtl(6zwWvf{3=c15#&oSKmZ5s7@p!twKxh5AP-KZd7OoJH^z2iQD0c`p zYgpJ_#znMeLf%EOwvMKM+B9i1I-3%=)+Aa8b9$TVMLRC<^O_RM+$J=LPTI-9s#!D4 zD@)yzremAuo1g4U{O2dhf6DES|MYNAmO%Y{B*)edfNB&=aNFC8$+-2oRjT0>vZ2)3MrjTkCO$zNx9%Ua5F1t%rN9PS|dg zH6)pOP+s1?efukz{!QG=5Uxmq!9?oG_0~iBM4?N^Kxy!;v>e-8VoTSc^k-pOMDjX( z`9Ygx*#45v`+@#$gtO5-`QX{xeha&`?<{>O7A_yx3syDj`tpEn<=a6Lg*EG_lbIT$ zbZ@`GNZ9v#bVr}~vUU6{XICT8?2ECet^4&-SnBC1{s)5AtVLg!7W!LIs%n)@Y!@%H z%936&JnZoM{@_@}QMDiKqs69)VgwWdPPp^=g^o?1Djqecv2Oc|!h~;hAqnoYQ@Cho zA;i>tCduF7XK-L=T#l1L<9c0ugo(T)ahd_{IOqH4f=r8DAMp)1OZeHYpM`18W;%4o zm5)S{CjHF$4#TS(7*xS@i0<9TlOyQYjh|?B;4Vr(G2oRxz3DWk-xa3N@c45<1u;x| zL3G}Qf`F4R`Z3<^Joq=l_e%$4Uf(yr`0TyR;=P#uN+Kc5@duQ+;0h{NqBsl{-*_D{ zTaEUb6*024`;y8y8Az1Dinxeth9uL5#+=XRQ{788^)>~+9TNp@^LYP9EA2u*;hx>L zbI+=D=X%b*T`Z>{V~K5}a%~-5x1sRF_;|atLMmC2{A}?KBxFF-!bLt*1Q>#eIO@vJ z>%?a>y5Dc)TV4}nW`2s-U$wu>E-EVe6$-nwjH7EPOn&}7vgf!(RUG!aBxnC|yj!>U zzC5kgLxnt;H@QSgs8%OGwLd<1Ua=|ieMvMWbgabqTJZ^E^Tigw7c=GWVP zV$7a9lnvg!p$D7HMT;_~3EyzF!BZDI4AU?5o#&dEZuYRabX>R#1)n(@#h!eF&(%-z z2M07>1{c!bxn|_%UWC$p1Wme{XKo>yQq(KaEex(^8>D<94~T7C_3s8UAf%8B3} zJ!iR?=pH4Qr@zBBG3nB% zO{%Ii@h57C%WY^Lr`&oRh`KAQeOYo>OJZ=5?sFT#U{7Y;%{-a+SJ{zic}KzZ8*=5i zz{0AD7Md5YV$*ySa!m|AXvpA%SedfaNIzay$ZyA0ZYn`>bn&ie3o2@}usGa`C+5p$ z2%qQc(mNNnM@?Pi?0Ivas$?ls3VHmRzVxZ`_^z)9KvH+1>47#L03?%yY3D+u8D}tR zPqk=BpAF_aD)!mK_6J-vRL@=_`P;HE&Gwx(ZVQj(6nVe*gn2|(%pI@zpMEm)bH z{$_f20k|KUN(5O;9n$t`1o+>clEiJV(>xCPImNMPsi{dtE_C?I=+jNCXLSofZ;%U{ z=rh{~pP7j#Q$+l=Iv4zetIsPWp<903qs(&+6g@u0GU|8Is=#gS6kHV?&3c2AlLQ1o zj|bBfp0g=&@y8u2wAimeebTg?+pl`0}sU_f)wxi2GhJKRjU`+1q24L;-o z2Dg=eCgCk%VDldS>up}6to!zt9ym4|)xEhF^Eowx_f|qE`ng~`X@2LObYX%*h@U=_6oaqkqQ`{tT&+rA!UC89EYtSEft`i*aRc!lelsze0~(nUW+ zrzGw!x-!`p#ihDo_wUzkItTc#ko8W^M_%1Kh{-bb3J5T=4lQc{hfy;bi7KYt5clF)<1QWk$n-Gm7w)&|_JH+YhR~ zbss-v{EDY8d{?Va%bq=6uwjP%Wz}r>lE}QTDqOX_=YA*4C^*#dtk7rmLu|oF4W1 z#}>L#ux0r9P7)nQTxiYceS0aXHkz0D+@ItBYj-D9 z#~Gf+p}Pd>2`6*;l1|m%$uirFWLAhVxd+>HO?-|03kMSlB`V7!{Ma`6X8HN!t%^mk zdpmhJCY;SCK4R3mY|$lUJBLOSbU=NZtDP3M2#pF|*eJD*xTl|3rhb_x&E>IOPgWus z-SBeu(S_NFY#YdqdsiHS7Azf7C@6+3I)e2X!#68JVIx<3;$8(cvzF7eI1Puca`MVO z6Ojbd>pM?AjVJs2AlSG#L)j9QlmF^BKFx-xVw9> zJ4reZXlY$QoYOZ;+M?mTDSXX`AyO1vc#(_<_zvmf6=hS@rW$~#`&D3EG%!3<<{iz^ zXCvMPRxLlGxMac>kmL_w9ky3-JNs|BJdDeVMVa(7_a57H@fL8Rf4j|;$ zU=wE!mv&2OSvLAU5ka_u_RQ+QpZ8`p04JVY86OWJgQiPWxDuAn$4{AmZw(tyYv135 z{ago=tyxNTwtF`?6|GWYQeaU!-_z4$LASL=cjwM2BwhaDKB0p&evocKoexPy)HT4B zi?KcG_SI{;5j&M%j60vGT5_}z;W;e*dI$LZd2NsFTX-YQELF8&S>p}twe+aBwY%sr zis$GfN^WhC(WW!BysPn2jgw6OyK4AM-9Ei2FIiyLQ!uULoFOeI6 zgN#wMF}-fXh;ggFxVkj$0C1a+RaS{hdsTuKUo1{H!sfB6?Nb(ulk%*82^V7KR(488 zz-dyX{D83n*Drbr**Y6w*wc*wbcyI==;b|Fc;V#c)_<${ z+5F5#B(p8Dy#IhbUy8q&niK(EWWOk2EQ~3*;3nlB6-${_MnExa@vTOoDt&;qBk0y$ zkMB&SX3oP`xUL{KX+D~PCb$Uq_apKW(*T|AuJHs5CD~oRNGSBw!~A**qQZ|Vm7)8G zNiN6M&he~zzhBWVg1b0YxLnW^B*7Ijl&ei=N%)JFvm20>D zO$exfY(z>x6jW5YQA(6BkPs1RRJub#T2KTjkp?BDg+(pEMJt^mB_Q41UEh2}-R^VV z_dDnRjr0G;*<v`^b&TIaz>t>|!KU2v)rq|%PdU@<~%zTn|dt6@MIh0h) zH2D-vxAY)M;zD0GxlwiwGPk^3uXv$Wh=qbM4xePs<~-_Z^F%*$&-7{nzYz7nhx^PW zmmgyso!K=m8(~U9L8FnlS$hm-D`aF$KGo0|a+q}UY&!Oj*51uOBif(l)0VPcGw)_{ z=MH8#S@{bNT8zV*mxSg#F7A2!P4x-@u94Y>vZ+Sjm7t)R*Q-!Qeap7?W?7!Qcu_c_ zn2pM&kdBy`7-L1oPC7w=1!tuO)Q7TYJRf3JE#7*VOue1#LY9M_YS}sZ5X9sn_6jHZ zhM-y~h`+ANa~?ZHb9SY4e^fKmq^EwV0PD%HvWm({KFSl1DwlM!KY+P`VYkmA_>E_V zs5NGqDSC$*DWe=Uxt=DnD)uLR{ra^?H}8awmxU7u*BFx!7Uk4P@?`?iomeGmc+mvz ztt$08xIaithksdRkzN1-^go)0F96c2sfhm(8wO-0AJ}FL;Bc(ZVB~GD6eFd-;)7oS zgHq#~=ISxGYwC>Nqe#i6T~Hc=@y~==9=InTWDanGP>mb)Y#GvLmvAF)Ei@~{R z3gTyy(m+FF4eW7NsOWNUZ?bJ;K{b>S%vA;_-?Z8}m*4p8<0Z}?wTf1Rpw_dcE*r1tvl;5&FOwn*={|I}3}f1}eRg4pp;CxC};0 zKY#k<=DgNE{s%R%m0hwmGi~2luY~pHaKtt&7tT2(z51573Y{OMHHzDEV@SKpmHKB) zV8|<`N6Cnh&(tJaRfjp2MpvEvo6$SgfG^fwBV6 zU#3-d-HyBNooJjaL6tf)$k$d6PGS-n+?h_J;68=95SOdx7BLJg`9*i!b|aGgxgxHl zGmU1{PcJ{Sz*+!Bg9aDjBTOxKj9&c4Bre=wz|yvvBZbA6;anO;&oKeHOr8J*oi{uz zS7_n(e(iMjVELKkt>kF&Mcx-5z4Wkm4u|@;yOp|704@N!AUm9!dQe)yf0bfUBHL4G zt3OtEv)yBVyi32Id~*LobK2jpb1^*;6 zem#vi=a>HqGhfGZI!>CjCf~n&_#tdi8EdKX7svEZ&TPx z<~F2%Kgd=p7}4wZ`@#KS`Yr&t?YeyuLPEl=@bA2YeuRl!zaNG_0BYGU;TN$6p}lXJ|96R zYdnNC;+eISmVtRnn*E)Rm0qxUHQ05$B9TQuv>3c;9jNi=Q+xyMAM)iBv-xRhriPvI z>OQAv$AjSH0=Z~t4`6D0w6HZj12g89a@)39G%S0YuthSiS`~NMucK&vaZ7K!>FJxmSc#Nm zTaSS>#9A*21B=FW>-Z}oo_t6Vx;7&HdRHIjXGNQXlv8tJWaV;5TcMeko16v>?+qQD zb0Vo33N9a8%~z&GJ@RQ5~w+qklI-<{#CP({~>zF>hO+3HAY336Tn5!xz?C=^%N%88x4qOAt1;*P`myX7;`;$B}MaP{phDW6ZYY1S)ntyZ=q6qeE`j1%WA10WBCjf)_Q2scmYX~S5!O~ zdW6CoPu`t?k&~13eBcovow?QDol?#G%QxD^4}-Z<7UKv-Q$s_NoVq$I?g~8KlV{FQ z;@yyytp+i7l&i3Jj@z7riXn^{dPkztR8}X7W{|zNLyNHADdD91K*iQv;n*s++<}!4L&`lg|l_jHjVp6 zdvq{j@$);T28ph$x2pA3HV@XqsgM+EQ}4ANo%;xO@-T(}SVhyt^w1tBruhpRySKSZ z0&VZ25a0yX(n0-?p76nXd*%Ee z8&ANQ+3WHF>NkZ3ST5uYF6fzr?fKw&6Uq*~D}DDFT0Z?Nw%G7Ej8N1-O*!{0dF|nc zwZYVu#frU0ALVVBc$fWS8ppo&5>!v|I7nBFpc-)j1!vO7(qoRSKqI9E4O>^m&Kt^ zhGr);EIm=JfGTX+Gn8b_l6Fvw-})Rw*FKHoe&xM>Msc@{g41ctIu*4rTM^9$C(U!K2F@Dec||Vi^9s*RPUZ zb*w1GE$&Zy+yKhcnmvjyZcdMfuRP{XJKxLl)t0>IZj$!h_QmqKC&P^-rDf2QdSJ)) zHh!Rl>jRb+N8M*+*rwo$C#0ex!1{^#Fo1^fliYcq=&YXK2*W&>ao0*~AMiav(+G)n z?i?N*a8%krVcmjnkGBLmqcof-hNlabL9H^ZZ?k*-p^ApW*Uz|>L9o;)7u;1KExv`! ztDJKjhC%a_{gxft1aHT9?!k74our}&;S(oR^Y==6W@C?+yCVa9Or7`P4z*14Sj?*} zSap9vL8uRYl5GYt4v#SR(9)W%M~w2}&1*C8aELQ~vOG02^So!a>Z8^8!g}ex@W3== z2bdT3PRz{Q^Zt61N9r`&7zOQ>j!U7lFy-r5lll0earyCU`KZ%-fKebD0$1Ve-q9gC&uO$n00Av9v3Fh(rg->0!%p z|EmCpAh-wYIA!o{4>1W2(f*j}?o+k6W~@CY#(JLn%}5J(UUcP{ zMTnGa6{fz%a92?s|Cb0<}carjI#|)zOgq}=R1jz zNU(Kl^u7iv=yO!1=apR$?}x>_w`Qbu{W^o_c0AuVLg*z-2AgM3mYc zje56uG#lF$6xZpkJMW6=n2cvJIux>UZ^QgLJy8y-hsV6h3Yoxk5-r{eFqqdJmrCh4CFceys+Ig+|dVRw4HO^z7t(zR{avZ|}@|qfeQD_(0UF#fg z6G<AX&U;qCU@W;s`m&Mu+xP-}5SUt33q2S~F%CwWgIWu_Si?5x*xbP|ZnvwLP?ysloZ ze-aFV9XbpOId8m(3=O|Lfbo@zs>%~=B(7_Z=16|82Y7sxn_#(k(jzV@$#CXOIrE0h zUtJx!&s4zbC*B@=y}$uTKUYc@AYKiq)RKr#{DIGLY*cyH;0S;WL`_5m>k}XhlZo-) z<+IiESQ!d+e}mi8>E?xwfW_ zeW>lY^KeJrnmEEZFYPFcwE(TYkrAQ5?vlrj<5h0n1@PsvJXi?(fC6zMHCXieVn{j$ zL+zUa(U<-MA;ZSzx>@yzV1{E$ zXXhze)gPsI=w}R)C|bvn~ta!&ahvD85Ar5pE$h30<^X?ImT&csAATRV1+qKz0aTJT3cRYp$xwCHz*+^jb)rg9QdOA)* z^i#!=;l*aF5_cG1KLpV;;%?!T2;7+nYXEbNKBHIPVN~#FzK^Rbqde#-FX+KAPnpD- z1I!&h&ognL9wm3-BNDL`pnZTgJeS=$Qe$90ImVdCxW-$Y`WroZA9+du?%&eZBLv6c zmPe}K&3RZwq{9SSm}}Nx4*j*4{n0Hw(!Vg^tQgxJAjl^1PVr7NGPHjp6dU=nhIT!C z+r|7!jS@%rFqT$ZrkIk5rqiS(EV8E}DZF8-yt)2tBkR@fZGL#ih&G;nnR~(rHNYk= zr3=1`#Qw+Xna#qxjvnOA>bcEg8T|dxJU^5(WP_eaOdxiiIAZuTfb=0UHc-$L#FG7T zYqTZA75j)AszKC{kMcPH42N8(bl$g48Ikx&Q0G|r*9`c9#IKzvNE#z2r_23z=otPg z&!ZM;O4bDpWz}fY~~Nj z#$A0W=a-h}3(wtnycgs87D{qd!`*Az;#6>XXb;r?Kz>S(6Sa;pMaG5Lvm4@VSJqy1 zC>-1ky~1`BctNnq5Pd8GuCOX|!W^phA#U&JkQVDUU=ORKK95_QL@o{;L9r-ER_va| z(M4PGD1^QO>;-zX%*EOBD6Af>l-;vo4mC=mZA+b@dVSQa?mIidC2(iPz1JoHCQUn!!wyF}m%1OCSU8Aaj#nb>b`nsVWD^#ig*ZG6#NaAT_ zbU^ezv-*8O(h2-K=hHya4v1P~1&Jjgm+e_y(Md$A*{=EgAT+;^d0-9{YzgpyWcNZy z64Hj6^k`J|@9)_P?XD<<@tbMnqu5tT5Y%WT6+w--A;b3oHJS`U(;j=-5c70B=)~vK z8ZP0NB>3uyH#aSdA_X1_0a~8e^YX$8IPkmzk}x=Wc>f|n<2yI*MRTYXn4i%a6SyE+ zAP5j*prkm%)8|KEp8=)GQG|W+PRei`QFPV{d1uDC-zBG~BjA^x;616mxVM8>yIHq` zOW&nt8bVP0$o>ZD_cIy{+IGmvqNZEmD6Ux-DZM975S%n?hH~g8?9A)=;y1 z65H%P;2f4yqO;7ldxxzR#O=9)oyR!-wN5Avx^6*o|5bN+rc$s{4RU(mW2SPy-!MdELCgsv4Jw4tMIm9d&0>9`1z!Cvvksz zaC}8}7On$h{hshr1YAe@`ub(xrB00n1@VV#B`M9`gzIZ#%xAKuNrN%z`a3XAnNkEb z;=RB~2SuN{oLb*^F%_Gnp6Qp@p?cO(&a3plhXc)#TBjb%vz2!dfBh1VTkga+ z^&RWkB-993LJV?Hqkc{qJfs=!;;3VFWVM`AD10&(>L82zn_mmrg$4MeUJ?kak9>7# z{1(WKefVLW5GZ*5vV}#7LPX-)Tz7kN1b6NTPfzbih;nyJ)hhvv=fYdf+keszpkOgg zTz#$_x+@)S(18GWF}j+ZlTXt}8GCfhI}qyV&j$J=zX2Xs(~eGBIzMPRs-fQXs6HHm zx`H34n@d(vFw8#D2n868%Wk2m{Vi7OqxaG3zK5pVuf;6ZXkJE2Xk*Qit=u|&+C^S` z+yx8;gG1=RwDVt&o0A{9yPig+9X73l7K-1=N*0fS;C8xR=Ja>W}jJT#4|sNUzO-2XH-d(qtu!Q$M?Fz*7BV224EjkDX$vM8Y`|94-EpQQn6?2wcdIeU!GDJm$j}yVJ zl2bhuE2)2?LP@geX=&Go$D?gm(SLby>RapTetG=-v|nVzmNj+ePj1K*awr(CT)Dzw zD}6jf`t9)rUNd7Z_3ZO9|ILm5vpuo0B=q zsfjsgy*endoOfjcO^>#eEDSujElr)2PQo+W4Rbv9qIgZpqwz**d0y;*fv*|LLaT_{ zOJM#SQW+RNvC;w`ps4M#=aqad|{W^SCXkOKI*+}ng?#xLlYm$1d?aWohB+9NZePfqF%53lh zZH&_Bjc~Q>Q%cic!u@#}`BY`44zs$BpX$7u zuQ+cDw-!8;jXmLgExTR`C-F_m*{Rzx4i~;H)+Doss=iGY>Sn0E7cauv&H6=P$cV@p zWOS5~yh;~Kl9R{z0)507gDqF;oOA@5#L-obDTlau{T}glcxBEJL|X6W@Z&i&J*&cU zSp!0Fo3?X$Eh@cKe~W>Fb^0OWDzo=&oo=Ap7N}(QQJ|cGFceRtMbs zB|z!Dbz2i#sJgy+pB((Rr7ZhUA#5y?0ic}Fy47f=@kJ-OJJ$jis|HIDjGiC;g=VZ$ zzy5^KH#bY)JhP9J87lg4KTSy$VbY#Fdk)i)Ed3V$0n3jA<^l_m{Y9tqUy2pCEx#N; zIn#~4jXz3GNm*;4;C_*t$}k+L<<2|dsY~rjkOWt}MNZ1onzpx!Qp8N&sVvSjY`@jJ z@(F&-Czwy}^o^HL>BO?II#rshv?IGbM#(~LmInoz7d<3NCqy2N$MjI_147S!m6MUVe|;j(ztaac=?Hfk8ZY4lbtGZxp>HUNB|Z z%Lv6WWH_?^>_{&ikt3fHB@zisl!bymTr1xN61lUa{z+@B6|;`lavQhxmo{16i-r7!OSZpc=B z-Z+zAV^Wa~p5f0v>almHwO1;=4q%=tcoNxtkLuJ-5E03Qeskb~x2ezJ;1+8K?P1RE zY1E89Rh*jPw5@^h*0b4AE(-~*rdbvrrXU}Vw)3(K{Lu{GkBXNs+&VsSiVL&vTg4d9 z*Y%TvLX;v7!S%y)v@PhqPJtmaBEBnZSPfAhqK{cZ*Qwp$DFL9>lO7XgJ{1j;_>%m= z+4IW#ZrM4QQJ9o?z*DqdTQj;cYo0m&A_{VphxZ^nCQ#IGvXDat(k z5M`CQel2r5rH9(LR3;$e+CnXdOxaTTVKld!!B+oi92hJvp}iZ!cNZ4oLtvq!{{c5^g$= z@Ub5~U>b|+_VHF@aCagVIzqX@d~z6Qo-jU>lQ6G3s-K;2kTiV)g@8d?{Hh9pa{`7G zJT4}uM>6WK!#*|_^~MeUN<7dsk^GbsO~~1^OH^_1B-9lH0s=OA`u7ska#Yw?cbH_T z{K@M>9|Ac25dVW#9Z_(vX=rP-Vf{Opq7tpRi)n%f{sn+Sh2#z5`~;lEsh4ckPbI#8 zUsG~+Zd;3s2+;Z4ol=zonPB9;*V$Gx3f5(h*3`XumrY7=WM>PpVf8vig@kxO>Gc5Y zEi6WW2i_=M*GM=UH&9Vgq4mAM;!LSeVm2Q`_IJbRNKYL}7jI|cv$abvT zwI1N1`;=?BkZb%92%f1&zqKM74Na#th|NWo?0rl^lU}Ck1#xAyk@krc z%dMlZ70QObty(6O#3!e+6aMZw>>k$511_G=T4`xIXq7BD4o*&PqsNp$Pn{6TR9B`l z1edth+7m4(D2UQtq`1V)ytu#DzyBFdr}sjfdixvx`}$N=loS*cD>AL@MaCj?Td2ckTLHDv%ISIy#f>#5tZ)VZ z0bi4u3{IKEj?pir3zkw{NY>lhFiKz!oH_nM?c;HfNH~dn2+6tsMk>@_{J=um(wMlb zSI;4X%zFN&0X>q6diFY)sbzuv6&9OfoDGl;#t`NqouqkiynjA|;#LvmweY(|h4zB( zQf6DDG||I_nludkO!cfyuC1y_sD=D|J-idplaH3hGkmh&-Sm(jE70P!`kSJWXFvXo z803Z1u;#)dOymPWDOj%1@F3>T5>aWFDx4KLt?$0351t5cX$YO^@p$$l9>wYU+zu%y z@i$A3?J%VD3-v?4`1=Y<`=S)>wAya}d(HpzC;tATJU{2ZL~;Ii@FsE2dSJK+Wltk? zfEfO54mi>E$6Ng4>9-K00D9^M9tb(@lI_5s4Zl8S4#E;YupL!-@ZiCh=8-?xrYGcE zQ*d>vu>XFMpu@73|8nh!-=8qm@7edi znm-b0ew61E9-aTZgjV$s{KpR?+g^#yN*nzArH8*f<+{M%>j}ftf}85S%n)3Flmf8x z8r$t0J28hIw3YoHYf6!unVA_A?ewoMM0pbZxea=2c{$oyHf#A(;EB%c`}=-d3*;17 z@IEVDG|N17zWCK2Fxgo&p#DRj0xxu%DJk`~Wk?kQGm9|CfXZzw+@nGAfI!>$Lb!S{ zUtsZFQGBLg?^LQ0TNvgEI9)Fmmi}dOcB`Qs)RcuX3}YtGN;A9RR@!gENJAD-z~7lN z!ij~QS%ur`?4U72m=MCgWPF_@+4b=B%%FqF3kh#$@J%pSE8ehArHzXW24n(kjantV zv{-*#)<2!cLX&RVVf4q9D9+CUui7#n9rw8dS}^?G&UsJML(7k(241u%Tyt*p zrHiGI5O)3JZ9Tyi&+bzh+B_B7SUeeArwcSTuGN!Hls_K4UZ7~$EzF(4jPf7VEKO~C z*Gw>ag7ybn^k4Ht5W7HTy=G&rP}WKbWfYz38$i|JjREiG4rbO61kS-Sc98aHiPa=L z_Ii1%3Dl=cOE>lK{`7dUQC(LqM)v#+rz_`s6bkJ^&@S`2#rS9E>(O? ze~_itX#@RG3s3+ycYAJ-ONXln-pU&Wx57Qj+mLpHS>A+S4GGin@TYnPGU-FEr&TpI z7nG}ka1pn@<4bf85|)w34~@|eO$`Y1A`P9~7Vz-E=ue|P9G zQgnG~0?7i9T~@)uS(rr6uDUbK>V1Uj23c<)C~*e1u@j3 z?(t2B94QpN@)B%9p5BuV1@#E=&x9bcL*NFB zOHIASMs|SdOM;+`sF03JdYCK1aD{-okQPu5SFugNksv7{7K2g2pGZhZn8ewIKn6sl zUawoL(*ZeJZ$OLV008rvnc?M%G2Ppd3V8k66+}@Sp=XYF_#(5DT&%_#0!AUH2QDu^ zcpkZEG?K#FqzK>- z;X?Q$C`IRYP)f9|)YCn`i`{0`f25*-+2mLc312)~eV;KF-hGgm5COC8L-g}if8VR% zs_5mz`T{;H!)bNo7KV1HYNnPGi5&@TDV?$-1Zf6YNg$#D2f4k$3WBJb@NFKGAx1PA zHYWa(zpDU#qFHti37d0^)BS&E1ZBbn*tgkp`Hz5}w;9sgMh|D%gVCizd{?4uFgftd zKF`P)j?s%n&ZZQWrc$)dc)|LPIPV05G(T?($|UQgDJ-S@2|Y=L&&jIE&T`G(3oz_B zhxYdxrtVcO*CvgJ8f1w*QI?i<8%aMc}<6a52X@Dr%HwBrzL7{d2iB76C^|fZ{vV=@LSqT z=x9!+bNlEg>DJY(*<-L-c&vMPqg#_!N-*!0NQ}B}i?nY>F+IqL-=iH4K|gRE(I)VR zbMySSuJm7(3}=KmhP5fiSUFTm_js<;*?T~4LS|Zn9)$qu09Y7vV{l&E%sUez?pc`q zOifLF+1MPvac37}8rcH=YPTpzLV>`#i=EX!@`;Yhy!)zWPilSS9Mu$bxnXbK#MLh# zg9O;Z^S50z@29L1y{LSIjRmgUdL6ji7A-6Uo(?_Ny{!e2uNW62;4zO0G#VrWZHyy> zHmrc~BCTa_yQxVQapDet>%EnGa*^_`bgPKvB>;2YY3JJN^*lZ43u7 z4QKT($Cn!nqgafL=EaR1m;loJ0|#4r$vie;j(|-d7d`h;21H;-ndW|@SE$QA;?YK2 zUVMOXhRx-a*qx8xEz|-&1+=C%J!h6bsqLk^a=M>kmZ?>vIYS(v zlp+B{$Q_2eZ*&;`{3^&cBe^<{40+^FVO@UL^^;+84p-0Z&)9xpiNxw?GBP|6Yuv$Y z##IiOO%W_j%>z4VQSvdP@jkX`hmOgr!R8g^%a&W;P^p!n^Knh^b-z&w>m}^fe}ge? z@@~Sg05MCl3Fv)29Qa)n^r#O`vp#d!b}+sVYQM5*+H?p!A3^{YAVuGkT7wfTcaS|^ zU_*@yhOo}=cu1gD>$%l$7-Jp;|3c{SJltcbfx}4u+>08lv}n8fLarX3>(AJx62osc z<)=E6O~5gN48*!#BC${ig~0Jm8!Ye`X9Yd8YPb_j!z;;7FeMK24o&w_ymG6#q_uts zZLl4fT&Q0yH*NHHwVQ4FdB-u}cycLdtSpy=yxOgXbm)d3eOg4RVt}3UecYYGIsLCO zCYF0c0=!Y%jIfy1I6M)*pSfQd;qOB>E_c7>h%7R78#FFQ;sS zF5@5p5VK0T{eFO81vp(*<0ch4S9fdRjJenOa$?_ zHCRh>cR_Pw!7 zBWB)lMEFW*t@07EHZv~Nz;A0-@$(h6b z5^O>Yfkt@o27o}RgnCIg-a5~foFeuZK_N{HTJXYBj?rzIo&9b@bDWG!=Q5bMTTI9x z(GvDJ)PSIvwkp{;HrD?k=5&E8(;(?@#OafjZ}@L^>t@c+TJpRPWxso0ym=)0^8bpFFKeM@NU9q=@G#{~5owG!39Ipo{#f z6V*3kU#=||9Iz8BTk^4WKj4Xwm~35=y<1^(W-`EQBcxuPPmzsmSrnh^oc;7(lJKw2 znPDm)0c*-lhQyNA2xsLQqiEx|A8mtTf*YYpk)|mJlJFn+l5FIg*^6zOinwJ6yTj+4 z$yPA`JG3Yz!GAZk8|Hd&qZljMb?Zv29YXy40Oi8Qu7h!*&qKlfa{s-kf4Sz7Krv=FzE%pM+09*tJ+V{F2PsBv%va@@A>(42p5{ysBgne~r#4Ln!x5ba0^aO+GLqQj8>nI~%(;(I@_q_dAd4!_{a@|#PwHXO(u>kbY$SnU` ze96S&wK87Ci9pf)z2Lo!yvNC_kP`-}9>$OZJ>{J5R&D`BxewzM7114+ za1=E`XrB>M#4Pp4&8NR}D9jLAE&h}|@3l_29cl_moyxYpQH}$*B0VjU92*z;#v<-+ zBbILv%>b$)G1YsPjC!b`u&1dh5!iDYSJ;|Pv3yRi&1TBU=m}l!?8JPrO7L&Cq|P~e zo{R}0%~Wmb`b?>kscHag(s8-l!}$P=crbvnY}f3@=VsFv6GN ziD*(y5(nRG;TKD3hNL?Wg92pIP`jxrK|kVKx=mnS6Fw_*h~z|2m!phmQb((&1h>=M zFi9omOOImMsBYvYg;B^BapgyM%qDTA*29$Cykjy%j9jH81Nf_C;eNTgV{P=;E@yP} zt+DrJzO!Y7lpsvrV(`NYKhueZ2Y;m#xvm7?k-uF`iFRweG{77qK|@4l=#=C~=Y!-b zymP3~qY!0{pH8-}>+=(S**x9NhddOKU5V%R%|i`_qxy+KC#X5mh(m0+=Z*$;UisZ^ zpm1NKoRddU?9E6T)A9y0bC^YiKG9mcX0GF^Ff37UbG?}-->X9m*KmOb0Q3ZD9TKk- zQ85yv=BzlG5*+VT*fkNtq4NeA#a`zTb#q-=btwR5$J1tW*V9qcr=Krrn1ED+HA= zC;S5>ze?G6=R+<~@K?;COF7W_-{GU#o9&O5w|ds z>%*d0neXQ9=VEniF~xg)R~{OzZ=DI)pgnaX?(z@@e;n_tt>Lx5yRCHKospEFw?obS zl=FMY%-;c{?5xO|`0_;Ss8?vs@pFkzJAIucuV5tVh@Zdl2JC-O8(QAF%IRy$QE{)Z zJ2Z@INtXi2rpah40a#y-KN!wK`~@)0OD>rQHayW;bUgBv?Aa;dGi_Uv_KC)Q&;Xh_ zZ{UHt;C}SYvXpdnvJ>5g#N9H!ZlF}5(D`D*gmXPM9AgIzf1`$a#R+uxjGAyP>iczo z!s9tNRKO^FO-3mKL^;AYIS$#pTZG~i*sctAn_sdzUN={3Vi{_F^y?+Bb3ku=wSiK5 z^PJJrVX_j=3}!)H+2ZvV*LwDZTjt9B2#YI?`53Q^-NKiA_@lv4{SjkCOCqwN{;|QB z4>y$E0WUsT!6%ivb*$Ot1hn0AR6h+Kb;h^d4(}OecgaCOYOno)H3K!NT)C3ay#&cd z91ts>1=Bz<(@*BjADOzB{i&9W2_hpp8O1c9wP_aJXTBPka7%j`u|IuO2QU5C*4C_e z?LxINZPU;i3^ieT>TJZ9Vn7f?@DK2tTyb z@wo|cS&#*)V{?%aAd`){Yh+WX)WKTmr1p+Jubf+_l{L2%(U-3XO-wQ%yD&t3y6UEW zx(c32kP??7mN;Gm;tYk=TzgdSpxKnN<~aLSc#8;x#2vf0pLRKeFYRuoxJT08DMm%7 zK#Tmm&2SI8bSfRcg$VoOQ4ZWttN@RCm4DjkATH}MTxp*lAF5ZP!ekKe{gcWgU#!hoB17OX`* zv-H|B#jd{YR6L|I#!j0OX~_Le>qE-p!o)om5XZ~2LSC1AgD_gT`wpji_N@`a%e9XQ zX~nzf()%&f6Sq0GHw^`6ou;R+B)dIDd7Nh++>?Eaq;fzjT4ymBXy2(=x~^_k?n797 zGjjFDZDMmlNFe2es4aE#mtDsA_(Tgw{RE+7?*E`^Xv4`#KAx}Fo7B^E;Hq@yE{1c= z@!=|F+YakBtxkt?Q;B=}cTqjIIbAdS$zP32xMm$PE2wg>aC1*^Ui*S? z^~$vuF5T2fQfpO5MAZ|(GIoVG&0gTq`zM{~IfW^mqZaD}*43o%% zXp=YLW0b!VKnj*FBY~bfokJOm4zSgNq5lzFes)vk15>!oi_KRGvscqx#?{UE=a^)E zUw0T&pTyXENw?ZBUC60D{fw_U*S*_d0Fr#_P+^L{rVddT_Z@ZiIP2EV9@OUyq*b{;WUyeo{@@+zEi?@x04AcIK4wknlZWY(Hgk! zV8;34iCXaC?zTNQ`iN{~lBymWe*2K3NNJ&bhti=q;nKnuv#M0BLy?LDP>~NnB(Y|R zg(Mr{5NW+!U}?Q(LYf_IKRQWOKigHeGmIPdKl3nKIr&S~}@sV&{oAllJXi z=sS$0giBnSMX5Aw<>}>14ycNwHbPue^^nVZ$v>}#vmN+-8^Rx#HT^rjwrQ21`+W5V z(Ssl9ksjp{!aF@v{`b67Ybe~GNVVm>-KUH=aAHcokvVB~yr(+b3qdWACD&WrrqC&m z;QA&>efg4|Vh+6!wnjs$`FbyQijbPe015<1pBfllr{kJv@jQG%i2StNvi(sWwiP~D zWI+~RgmBz9t>!<2uaG!R*tJ1*T`SsV0~e}XJ}S&vF|s%1XM)k^w?O0XJFO~y^apGT zOvk-E84TN9!2OTfEF5~5o0qFKn%a&TRY6vLL<@%6xy-5v30Gg+U9Vq)ycTbIQHYDa zePG*`q+f;9ewnrn3)=kPAVbEmC z@J{_p{wW3FpM1>9gQ$s2!rf|g_3ruE&kbEk5i@7FQLAZwu9p^wLzi8nU{iYq3lyZ3 z-sLYgM`E6SW-3W4U$}i+lk@F;>+8-XZ|B;R>5-h`Z*VYy>8%IoeX-SB?fctNNCM?(LQfhD50}k?tFeR?r5O%aAHm#hby7%hoPoSyyx<>gB#)V^rS@9U7V?3$=({9~_p8I)4d2Kwp=BhM z@j%Q%)GCAvTBT5!Gwk7P+cMm)fyu>_$KuI889fjTG^o)?^^nJJvu-2|Qjm;7Apvc0 zFhw(XS|T%QSmR&QRQ`G2MkNn7mtyBw)NYdIfsI|<; zJu_BIsz_ZPXSP^iYprSTK6!n6o|o~lBnvBJpP?1L z;^1(j^_aJ-4%&a~E8r}!5NZ)z4(muh7GyC9g&ZUeS$Bm)0dGV_q?6zC5Urxq)vbgi zF_6V5-Oa{DW@!qpGLd}5@Q8RkT|MBuaR`Rd!*UioAE&u@$>K2 zPm!d6)`0u>?>|}|!|8nrnza0>>$y3}X_vUTj=OC4^gpq_Kb;V@|Ff<(X1l=C;0mL+ z-cfeKs4nBGkaX1%&iSY}kHSbf+I*baO1&l(6(QS;148-xa)wGsbn8ac3vDL1N~s8d zmGqs8IQg*%jcy0(aDSJ5-wh^AA=P*>h0U!1e;phi5~zcu2~V!~r3HyUv04n)*_HgS zXaB+W$e6vj&z|G|Gk`?ed!wQ)5x7tqd{uQ;2z^C2i@3Xe>esL~zi)O4NewD@ zg$_Xb14P;(8F)Jo?zNdO2gb@gI?&P$9+lDaK2g#e4`%6$J&NSIbSd?36aJm3Q**U_ zkpgTs#i#0CO)mLl3#%LLjw-c_^T#8Z+UMEa*3CS(zET+@A^PCnb8EtpYSX-@s2H1- z)ncC75S0lAq$)qUo+R91tTNpkB+%^#i}m%d=wY;Sqk|yFoXVsB#MT7cuWFAKl#JN# z!rcDgpJdTL5FCa$kgL!3;ITRRYYdgWZ!O8I})h3zb z|6bJ2zo9|?l>L9Nt^Y0rr|G}q*Wi455h7|Xadqim?cI~!J5fT)>L(6JklH`kqlrr^ z?RuI{XpLXrDh@g(mBqB%=Ued9CC<}*8 zA7ml@%{~pT{_|Db?V?$&&WfK?u(r5LD0OZycJOgqrEnA62XNTK;*MJY7>4dDt-pc{ z2_(4zIuM#urMNE~Og4JSY?CALSXo$DCiFBL{zX7k8*YT)o|O8D6HJ+mP_UEF#qI0f7?%3MwQk*PH+# za)j6lh;YSBMGz*k^#TZAH^(kc<0WFn3v#It%t%>?cbB~*_EJ&n>u(DQGec-y_xWY0Echj*kDY`E$J+snP=_X zhQ$X-3M$q-WUfx)^pq%1us00Yd8L>RbeV{?1gvZ@azZ9g2M9{>HhT2uWDADa?=z;B z!D$J^E{yG8Vvb_TL9{FIvh_+55-%`EwB%&qWB;x=hvx$q7zU`N@He5l1Is^jZc zVs$w<7tB&KbsF&5dGfGFzm5hwD&FJq$8lxpf*$hfxoyiz&3C?p(A+9Uo1`b4>g>-_ zgn*WH@QG)Bzd9SQK@iWCyidBTL?;+CDJ%H{7Wh(F=DV`WxQJv$zG)wu?d%68{ z!K0N2pc1Zb{p3v`C>}$_9Ts2c?8NdPqJp**t>+v?E+h?PHXqUjuRhS9LG4l1@vR=I z2#+CxKMz7WB+r~i05kIJ1BnPZ41{<;-8y~y9+Zm+0x8v$!w;Y|Bis3+PWPdK+LL;M z^Hq=!j7gOxdnWTg5d}2yFQb6;|2ISdF)~mYK)H>%6#-^4qirxck_28{5I~OJ(obGL z)<@hX0wbr}6zoV`K7uPDOb^&AckoH>?!O7mZ<=;KgXvN)vLiLkrvXCe^K5?qsRdqu zb_#k;f2Pe`ph3y!X{{1a!wdkb;^3}HR^W7a8Pd$49)^UO6X3B?4)s;i9(P)0Z{*sZ zhgGK7c_+3}<}IjnV2W)4C-sN0_SUm=m3jz668}*QQy=b@~(7CE_V+I3p)(`9^^=d zXUO=oKJct+7L|gq1TDFeKTZj=N4Tl0r7+P0iy&fXwG8hyU8feHA_9X7sKpHbIbi6t z=6^F_2*xEKc_2rFEq=L9l9GlDCau}OltIoI*lpm*u~gHi9J4u4(SUF_ibm2q4^Bo4 z#8%*c7S3Jj3sX(w?gBA&i6;uvGcy%0{0IeX=V&7$BZ)O#%=QX*_Ss7|aA0ou?~_%e z9s9^dj{h^P<8<6zdVt>9?~lqZo3$Yz^79506OtqhT!QPE zlzVHHrg8^J$B;q<=NKXhY6!drEXOE`6140O_P-q#mr&c3HUu#jVzeMkL&N$09T;Ij z6h*zsa{#A%^_&)^CAXPA<*QMrXfol1B=c1BaN3aQ!d4%wCg_04O$qVn9WBdCy$Q}dNx0Em4~W`9Xkxn~9zdQ5F)jcyvXBv1HC9_JZdJ92;4=$UIRmjJFLD z8cs^0T-yKU3F$@S1ou>tN4l|8^i$EgrgVdb-csSjS z(y?%#j0p+E*3h$?W422~ov2P({7w(6npj^vV-Zg54(Ak8`S3P4!Rdl# z%@~peZPm|zgbDGt?uqhHx3$G&!3qF+<^)diy_d&!`QZc>VmNy%o0c~QQ9~ejOrzY^ zttRh$6K<5Wf#SiSF&ys_Q>#mu8of1SF7TzJgTj1Ehm$<(o9V4vM=4nBr1^yx{uw0%TcbE| zt0GqWBr*h>Qxg-11=25J`JCjtv8S#B2Lgf3U5JmB0$5`Js4&gLFg%A-^1e)SC;#GX zxM=^$**xlJQg>1KCXDUSjfI(JEs)*&-3UKX2#1Iu{CqEhcl5MIi*;pWAAmZ3qUpE~ zGRf8D`XPlin~KWk^;$0=*7)fT1Su5ZD8ckVo_qQER+=G}T|zcB98cAOxBmYy_ttS$ z{oT4K1{ffSsDPBB2ug!=E1@DK(y?d}q`L*Aqzt+wM3C+d5v5bQOS(aF5ob*G=g+<0 zcklPT``mla;h)84!J2cfIlnQ+GoJB0`+Mj@q%E`JeBSqLl-$1*4H`POhO9+9ykKY~ zDBB7n0+=}8rkEF)IB}MT10p0^&|?kpHYX{B&Lu-QI@O4 z32$z!I~}Mg!H*Qrt`}w4R-xcg|G27vt5v5v52`i~5AGhP02khW&;bJS z%wIY{M~D8o4v=W>Px=hrjoheT=3=+OF=Po~O{JUeYJNx6?cM6eldwkg2e_a!645^A z75LS$f;4TuopwAy!eRUg)VbLbt-G9t%j^(U3Phx~=X^1soo8;!Mj>W6O07R+O~KB1 zi`e!Nf$$ZQQ{DcuO<*CqrxTA}Yh>(__&`C>vA7$d-er&9S~)#K)8_Ro-i^jT1C)JtEA*+1G=*H|EZKuY&fC~)q^pe|Nm zz08R1sD}57OWL6#E{H5y;JLYKz7cToGT-BOHLzvgIA*RW$p7sJw%wF+-R)Kv2AfNs>%dCh9n}X#I9a%!mHdgr zZ~C`tH8Ne8WG8n)-N3bhwPY(#J2}&^PtCP|1ogID3Cy5Z8$=7h7Fvx75nFYSah5|o zn?d;s>B^7!KTDunV0*BG z0{mA7>#hN)F>6e>L?iF)7xheYt)0|N&3*moEDzgHGY=Tp@sY@L0tDoqUKn)R1 zv@;tUEEYeAQieSY5QSj>MB2`jIKg<*5#RzN3F7m$qeYS8SskgH@1R`}5nMxD(uoO@ z-oHO=W!>v58->`b!U#dV#mcLYiDrLJtM{0tWRVukM#gm#fT3*G0y5**;j?=6{*VN2P zY?7}kNOZ#xz=(K)KAQc*+N;s9p;}PblOmt5w0fj7x1t60oi)KJ&oP)R`9Q%!6;#GS zp78v4wrAH_2jaBpp`YsX3;Z59x3Mki`OUDjqX|v;o*ixE+}$rA01*~_eq<;u^JJ3} zKW)njQPrAUtzf60wHuMm9%ebTHP}vMy7WjaCsXC*o-!!CbgJ`&hv3AkN^=k(4C*U( z+;|e)j;N$yjatzQUu3Q7*}q&918egUA$0|O{cy0QF`jFWIW2tA>LJ>jv0^ufv42a< zr6;|#GskauPf6Xx7tN>$Nn}(mJmm zwu*}zO-q01NiXbOv>sj4&AiNJq{p*3|A%v1`Rko@5(MNaRj5pebPrSCDD?0E@5Gml z&3d_G-#`4)_|4?Mgu{%L-qM6)?|1gInXGIj!!c`M4x}23b{eg&t`c#XUqc8lh1Vr; zw4Y$+WsJLHB|_Fq4zKk8q)ZW9lEF*=+#hlg?8`B zIwjpVKk+Cye@SbACV7AZ%^L(jgKAHA>eQw}*LY70v?hdZU_Sd{;&nR@;kG`Q`0#JY z{M6MYs*U_|+S;Hmhf&ov-co0bkV0iBh`H!0B^PWj~!BV3))p zSPFM*<-+-dBKuJ*cVyWypdELf#lk1HVcLeHVfTe#9=zI1v=XIguDC zZu}u5v{E^95!`obq?c5qXnUA>k4e~C^i}X|DhpZm;J1wLy<- zk(GC=8lkNqym5x)xt`@)5Xuylk&8M>eJ3-DOa>Nh9OzbMxL_GVCRoCb&QHSoFg@#= z`2+I7vD|mRuz*&%>{`>NQHy_dF3jt4zd-N72*t1dKSZfM%Co~De;is&5ps(rOE@Uy z{AK%9;`HTvYX5>HjNIgm53h))U7D^<(!0IniNaWNB<(}$-)cOMmU2m;ec=R;Y}*C+c^9E>w8kBs_@j$r6Ki>@9+ zMAJ68Jnd@tinOPEhgR0DGOT?*?*1U1C>sqDYV&LFp z4TO`;@T&fi)vo=|*%`rY2SAoNSBXXHOg^+?VkQavZq z5vd;9DG;h$0cBe&JUdL^z$O8sBP{FQDCraHsdJDeB4X3OAX4C%I64h#JgAtsulKTI zGu0qr7cr(Wmky&tLjzB-F(9gGF$96%btX0+iu`Px06mO5Az-ehfX3A7i~*73eR3XH zFF=%4xtrscca06jM$bw-#Rt5p|B+ZvklaUrCxAjS0T-cU!aSK#Kz1iRvmg-B#NZHp z-Y`?b2Mtk6U4HnY6JePT0w8TGvF-y2B=VSDxnlL>L_VuhWx|MaHRPbQt?kKbPNyvK zh=&eELDo4EbjwZwn>%UV!hiyC*0BkgQC>DAUFES!9h9QKl%MfuJ>*z0>hx=;(NQ}IUXpA3_Dtc^5Xq(iSlUH5ohJ$Qt;EYBI-ZRxm%dDVVgU%l?TEx zVxTX*q>8A*D#(GRVl~Jz+qJ$x^M~DdgSb_cCVl?zGbR z`IB+`m*mi!@QK~m^BbuKprv9RR{S9F=RYM=|0&!dL(w(jA}8?+r0S$#`diPYU2X<> z1P0}Q9oajK>n~2r@3(-#5&5Se#&5Li|FrGY4-dEBSHn>T!a#-~jY7ntR=4#en;t?o`(%`#MCyJOCGyi5<+VuXqRFWh`BQ84le{qToxz z&g*>Q^j7~$DfN;x2lh`fpo%{S;yVx~MHF73ls%Uc*}tJ53M3d{dxov1U7(0DsD@y) z?ne3v`#63$C{o+DPEt{`YQ~feU5asG(%mAA_ZNO!dFXWl~vk9SE8agkycwTH>RZsYpP z#jW?8eBit739utRNTZ-k!n9hDnH>53<{x$}?PtJ(=Tn(PEsnc@`ThCwil|DN-yT)K zJfZu8c|rsv72sST-wnRvS|XMyBCrJ<8=%@0H=&p!3mn&+rREnGuEFhqs>=ivUw)8X zc0G0Sm6@SyWXzPaQx4-9c`7tG*f%z+R*v6yKBT6A~fe7*~2Tl&$+EJoMJ!W4-8_|Z(D zCH9{jtTJb(Z~bwzWa@x+gvf@#zEH0#T6L^^@o#yVWAasSCr_#HfNZC?@s9te9`^|d z);cA8aI*hWM5hR;OhF0d3eaJpB4))?Btd_umsF9oQScL<2dgUoL$>6T zS%@0&c21%QA`v2rWQgEpfOK{t+AJU{Y{iQ4@mF^wf{=mC`!5{q8OTQG-!<$YfHF4pi?GY9;qF}*lsB_Sgk_)(5 zWyvSNH!B-71BdL>3kukkVmJ#g(1y(SGr%(kwUa(c1CkG$%OhR_75mh7j`=YFAa`|1 z<@F(Iwcr?QaM$#wp=)DI^lBjH$fym^7a47l8UPNE&F-xaY`_;N-en=tIfKk@UCp^GAZPZm_}* zPL*$DL3p?zoC37cdR@0KT0)(pRd*jecwVpb>5bIE1BE1bD8iu0n*jY$Of)0lI1l3Z zj}#OdG0Ne1YOyHDaDcI~3dvA$lW`#$hZM*2(1%0!|MJzi)wvDkiVd@{g8V z7Tp(`mr2~{a{nt6s$>7ugbD~iI3(;ig(ILc)dQaLqt>Nn;7yfJLzZx360+UQrdk86 z1<=EF3i)O~A^4P;&FODG5HZ;L-OSwpjUV&kuulizD5_2zJn+*9Q0c$q1QGmUK3Vs2 zGcLI<;~Kf?zeV^Ee1v9_N1Jxd*lM|C57Lyr$!y~7e=0Qu66TV*3VDZVs!3Mq6r?92 z;-yt6Hb}oPJEnV8*`+FBIH_IDUOqM-FxpjlOS>jlUX3StGG*H2bNkm|pOpr-6_+Jx z^6eiAEWT;p75xltX8Za6C7JzGw*y!_5`MZ)k>)$yFD;+Z9=8?Ul4n9iCGX!$cSzpw zn08+632-aQ{9OLj(ve8DP;erwfb3_Q&Uz8lfpeuk>?@WAD%)6*Soz^kKB=X4*%#(3 zP`-#$bJfbvLnt!YNl6-=$Qffl4d4NPW04G~N+Es_ZM3lBGpz$E9V2587fql{X(AILo=fw+Q5bLL5WZY_)(-)3D zD5QQbF4y>-Z8F=MC&58HTCa$DPLv}P(N~`-dIm=JamB@bD;rx=m5qmos|`m zxfGxDc}4Iv&gmKZE3G_IgVeV8vyI|>cp8S7x2`w^B*ti;yp*-s-j-1I=wyw%{0$M0 zlkaXD_}qV?DY`9m`E{F4SeyrQ{VmOtJNvJce9Lfya^Wus)+ zyreso{RFuCEgsq`pp&u7gwsrdC?U=zO^xFB#st)dypsT zB@xAqWfW&(<!m%RuF!VbYws)f5T;8u1>4!Hg9Sz#)AqvUkgH zuL?7g^2;U)JTQB;-Hi4xsXb0GS3b~$PHcCGXzz_wioBC9)m?PAER^GPpZ54GzU$<2 zv>nWcYk9QX-U=(>2@VG{t- z6Ul>>6gGj)Cy7?hHTe+Ko^hYgb9JMqr$;Os;yti$V~r5uD`7lt3cKQdgy7scChZy= zHLiwcs>p9d;hN`rlP=sejKa^CNb2xW(dKb?$``sbH(xlgNTVwAEK&UJ8j1Ma&O=$* z)s9+nY$bIz7p0ht=c|uTq_oYLs>*15fH+ND+&3dAOJ-+MPDJF{`&%o$emG4L8{P|< z&<#6I?c!=R&oQ&Bm-qf$xY^hz%&4uH+Cx6gJ5}vBs|PH^@akL+m!6+d&*acCRkeIO zyxm==xN{XZi80~exlCw5eqKRBaX#6ESk1@T&G8|rLmw*HH#+i<4OOqn^Rt{~mI>v5 z(>KQlGYtEpl*H?|U0<;jvmAHH)|hWUc=UY9i)q~C`eMGTn%7{F;mgDUo!6U(-|zjM z9+xjLud)<1Un2COaNK8ibj+(~9Pm|wr)Y(eJ{&)|CTOwx{dw*MpVe1uluzZAqXu27 znp~Yx?^DC=o?oOIkS!t%I5O)0f;Eikraa-`RwKo*E3-SJQ+v-41L?pVU$R+VgPDiP zQ(+~+1i?UxLk9uyu|lqE16i_SXCL=tU_0+E@AlxM^G_0AyMp*wal{Dh)l}9yiEPdK zD-ob~Fi#qM5f;&arEt>r-I=V*k00Lt$VC(2waL})WUsy2d5yCrS}grKTDHi@cPBQw zQfuK;A7fCq*=~;E2MhgA$%+fy-zZ2!*+06?@RyJ6rC2lx_uXGCAV?ax-IAa&UC_rU zS>R-SaesnxwUI(SVtJ0!a{!ez;HzG4U;mLG?sH6A(_^{hosz}eT)2lKHsk`lac{@W znAb$V5I?vV*yBG*u!Xurm|eixVz)o#pFZr4tXBTooS*o-nli*hEx2guap9IuMzKb8 zj4OsIiFL9OMeMN1=Hj+g*1muzuy&}mME};=D}xU-Vf2@P8#b+=4$h%70qw}43ECxL z;b{pKjB%I_!coK(%i7G(M4lN81(=?3VNXn&M)kRt=E|6_b~+S>Z;9vLPH)!hNs9F8 zm=$(%;yaD45c^JtwSv>}IK|?S*D*OcXIJrfoVg;i3CjU@{3@CLhdzmkCb8y+&dmwj zMhtz=7tl)`x~?5J85wI+;^VVe8b9!o;~_~3Oul*bTHtT#X8Fo|6jwN_wAVRGvdBr8 zM)TS8Ol4?h>%^)?OVnEp%Lbagzz-wUb6t#D!(}@W@;qpMn0by4Uxoc7i6<2(ZQ$MB z;@l=v)kSNbkjcrpqf2?h#6zYzHN^R|mfV_!1EAtE-z$6YxO(&|P+q?Hz7-zM*~>b* zn*11l()(Dj!i8`gg-mA|1#{ckuSsqp1h`Znz9De9L$G!TD~3?ROuI7(z3{F)TOvJA z6)hq-Gxb^`Y&C(Ro{O&G3Pp0t+}Dlg#^j5Oi{L<49XjkX_O4z9e(G{kFqraOD0aeI zc7h3E=-cYtK59UkzP5a9Rr>-w8R4zjbhMw*=h;n4<^%An3f0i6ycmZT3fV4wxF>NX zqf|fBUDbqRI!WZO+8O2PIrE&!;|T?XWEWgv8Rax9IkSS9{)qGm3tju;&or!fM|B)d zPk+ijdBD_gH>nF|k1u-;Hg2Q21;N|w`UO5pn)sq7O~s3NSo^oMI)YjWbS?9>;_c_% zTtC}h4CT_PWHC?8w(Ph!wEjrciMYQKPqMUJ|H;N7l~e2lVp@eV;WYA!z#CgoAR~cq z03-F)y1Bpc)6S>Lw=EwX*NUgqsi`Jtk#CCVl_JC-ra?@r7!1Pq$G<(#?ONF*5n#b; zPG8i2VuV*(IU)Kv-bM8qT;7SM@g!YK(tJry6;~C1xMK zk`qr&T%?pYG5L;7#3CL|t=AGKxGqiGs~Y3@I0|PCyE`P@>a+eC+*_!;qs@FU*_JNp zyjs3c)qkHvqbjVby$%k^=pJzyh%2#Qrn-GgEZWUleCeeEzB{PWxb`aq(mH0QCnVg# z@-@gmeuK=HslNj&nxs91rkRPRIVFRze``s@V$Pf>x}!gztBv%^Wk!>56nhT6O2Ld9 z7eC#=lajrZmmsD2`gJp>v>a8gM-`z)eDn5ox2(={>9-GZc_V^0^!i_`L z7cao!BA=kjqD?2Kq2BJiQuv7Lkg4d^ZFG>?&s~hO61ZGv|(J*PBigO;SCUo zJ!e!ig5ZSG=o#jlWxwiLu}F>7^=(WlHL0;pj(&w4J2B_e!~5Ug*43r6U${ot^y!9= zvv%oL&xb3u`U8(2GxIXv-{Qn4IxXQ-?;(4Rt#$6&{Z0ecNGp#eb6gK)F~9Cn!w(u$ zf=br%XEx1ubJ#9nQq~G@bO&3=L*UBhOaUk7z8E z`N44)Hf~a6RU6s|zw3KGKF*U$B0CR_(4Z>GqMxcE61TLfCPYs~OPcvX=%JQYn;>s4 zNXUYH73MEt7p`^9oua0u2RgdCnilofizO22#ffQ%B!b%6NX`Vxvv_=UuY)*ajsqCHe~zsxa~@|)4n$mWFOfSsy7UNo2F-m`Dg(I>jB z=!pbaL=X0@>b7h`Hof=*ETVhJ@}i70NASF0-E{upVs)EX%fBR}NAdP7Ki?n3C(-oW z3jr3>`z)-wiC;7!fM+QUdLrG%-?xK#ai~h9Os>_4?fOqoo|Ly|Z<{AvZ<^s!cJ0UQI;8E(+~~fW zm#22i2`9F`so+qb;M~MjO@H5@+Jx>t16%dyjZK8qchY4%b@jI>j6@$iIv$@u`K)mv zla1lr@}&PK7+0QXCR%BVJ3o|MhE84lu9vzs8ZC7YM{AOj7@{Fp+jTdYi{`mJM;URb}d=k_4vL%JT{0#!!U^Au$Quw(*-ltovX}h z4Gr9|9?8ke$H&D9g{WQ-QXGjk&s;Kt7~A(EJx;`|QSZu_z9r}Asw($;$s~fpnwo~q z#>U3#AKEO0em}KYDj4XkqN)?gIat?1C*#`3K9(*UpShGKtD@rT2~N!#>;mc1Mp%)w zFj(taS~jt-+s`iwXn^soExf8C4pzg$c3mUsO77pj=@btc`=u-Ttpxa4Xw5#!4Nc+D#oOo~f$;aS4`CekPwNK!@Skul^O>Zi-E{1Gi#n|H zfW>}oeWdNcX=PW8fmC4VI_ui|Gg%rC&!zPb(+Cg(tqy)kHZ&RZR>YC=`!u)czm{77 z3zxq`GiHe>I_E*?0?)BpuFSDO;!NtpKP{_nGu^!NAp`_m7%b{uo6=Y0xc4)zqU;a9 zdML{|KOvjS;9?Lzz-(yJ4qCj&Wmz(32^S z&MNK;nJ0xE;1zZ1vnlM(I{iaVX8ns_ES95Q4}9Kx%a;8X2M0R|In@wp+rvN~VoIKb zx^Gw`hIX_2;+bFc$x?Z{k8ih_(QjnW?JWIB3UQHeo0#0Doua*>y$I{v94SjFIdStO zA3Mj*fLrx!UHX!~X4v@w$CceFV%l1l6@%oXUg^FaewVNhAT5pVq9%WCo9$C(Uc#+Mq)LwX~O{;(^@b?fEM zcQk(nLmTR8nX=8f)Et~7NSh2ZD_%rJiD_mlg2_|Xggf3!U0Pqs^ouoww*o6AvRSh> z+3}L^RdS33wPp`2Du#rn(jq=o{v;fd{J0gdZ>HW~=PkDNF)ju7mJzW#caGf`AHi@$ z)84c{(zi84J#d)yl-hZ>SKC=>HqRM75Nb)BqOMwg8sV*gw##=fava5!TWo9>5FKKf zc5D`Dsqgp77)pnhI4)+E@1`)kWO7j=pK97U1)(u8XplpEo6u}y+}NnL!6`5vy6L{w zovuPFp8aAizklt$>%z#PLiJj3kstf9=3qXD&FyAdO8tgZ=e2u@8D$?hdoD6MKU7dJ zN}j>=BjaJ8u_O1Ex!CaaD+f+vO2*BbuP4>NIOk8-+awM8rmGar-T#y_%`d|Vy%0?L zZI>V16|c4VTKl|A0)B}Va<>#ptU{8d56ko=tu9)TyVaR);m6E+E@MO3cJ*rEC5vv- z+SecMdHa-nFJ^|7bFXKxWnFWem0jnXy!OVXC@)*Hs>|rW;gdpz1Ev(7*%GO`-&vz& z2N4G)k}$neGgZXO@BxpNMpD>;yPanDX9@|VbCz)+9A#b&Z!v#($Y$eR=IzkG7))qD z&97ZuC|c8C9;;k{5pJgpG4Hug#imig7ro;9+_NBjg_9!}H$qD63u&Y-)+|gl|J^sQ zRQzZ7@pBddj`-%(hv}8AWAJ*G#pzf6_jGXnwNVn@0%@hRUk$5`g<6{vH2_z#Ung{2 zLXEk7;Mi{bV&$WZQ?Hb-GYuAWU@1!Tx_B?;hsu>slHMvsU7fRFHBXgM>mjy$e62rp zl?m?J8nc!PB&wP<8KxhcSa!!hL%MYa+jDIF4SAo5jJX0&z}Th&j~Ij~?^LdS(zP5U zS9UtTrQdxr!HQ1$dTm-B=TK4F@UZuZ+M(;qghzz5_6a!JjUnANzfM)xqkk*I^*Ohf zUyDn^MxFix0J}Z|05mrh#eD*v&qRxB^wtSwF}L(8Q8ebW1?FAzm+Q;fl#d@CHCNAQ z=aWHPFjuxAX_na7|4PSdn9I#k%@t^$0?|Yojj9hs2Q-aJ88oUlSZVs6vVZnmuOk|mEj&?@?jvQ7e#exo|j;M~= z=V0<=WM~rKqz4f4{rl|NjUn_z(JZF{r1|*#6akaTu%qCcatW0T*}+FmY<8^MRWEK|qq;u6lue9$1dt-z$zZLadHdBbUFH;8Q6eb0_V)H47E|-N{V>-8 zC5b&mun9+l$JsoIv!W!E=;TrYyiPU{G=)588+gyH0I8+c(C(Sg9}ZJ8>T+^f@n^MJ zS-z>Bn=TK>afc|pt63%+7nX`sxR2!O7n_@#J$2;{r(O0=up2w7EfGFj;%#ke`b_)9 zFiU^zXkYjE7b(j57>A$`?y4XbOof15otQ;P& zwI+H6^8aN<@pdO?|4m(ui-8@^xP&=h$5+&cX{rs0sx~wEr55IuXS?8w#ThRclv*!- z`d0s@tNHhY<0xCQUra6ij^t9#1r_WXSt^{uD!JD;*Rgf_wJiWQ4W~W*e)cph`)Yz% z_(Pme0oX)u-YDa>IoUeGWEINB`4WInoP1HWRkZZws{TUQp)Bj~@d_A9e;h3~MWT+9 zwekU+3LAB@_`D~QEeW1g@(K;ch1xrrF+!^mBg7#S3kQAid*eJJH~jRZu!oUIFesO`Vbd~wk^9?bqp+AThbPC) z77bgi^T@>|vGsbxw(X88*w($da8sewDZWt-j5)wuTd5{D6+t8LuZmjEf8@jfb|8_! zLFAksNr%H@D9UnBz~*!%~rLmWlmk-Rrw|YcWp19}HPpsY=tov{E<%VZoKjXHgs8JmAi+ zRUMi6>-p*#mi^|D4C$B5=VvbU|7~fsxoK_n=E=|d`6prLH{)c3^Urhsg)qdEd;MX< z@_XcTPB8s5e<*v>KT7Mrk1P}T&-G)>{wdLi@1IMg)c&h+Y}k{bHUnM9CE-M=_4otHO)^JH@4k=z(r&p3sD=K7Ms3K|>%U<>y zoMRZNY~MRqd;Mymav?az*fRvyx^r1LyIIY5r`UKTruN50)`l0je29EtmamR(b?3t|3?jp15o>P~YF<)aH>Bz{ z*|99x)nK`?WZVjC>+T)APm|^!Y>r^S%Ie#GBjHhJOVR{?Nz1WqgA;httyNqE5$)XX zCoLUh2uw`3Lqz>V_iX10sN7 zGIw4|9JZ3{B98EY-nOU zgWAtarx7P;xDd3n&PD<$c30Qi`Q3N?3Py*y$ADUOxL)}-*a$@9C?S>Us{z#T2$CnDvYNq6 zY^8nJY0ZqsCgjSMD?(dg8psm|6ta#T$v_m#w(nKO=1_@;HaIz&ZJ&g$=*&`7YGR^D z0k!%-ya=|Hb|^f4e_St8YAZiKZ;f|QX_`}W);4(GEWM5q@r(x}XJ|k8?PbVTRxoRt zBY95Ho>mz5trkO03%SyTTedIlLq2`F;5?1p-fS%TNwDnJ)2F?Kv!{ACS^JvZ{@6M! z@4#4vx{cOe9nl8Ef>?it;lWI5@fORt*7#BRwR($zpo#xV|OKo4j9^Kw_ zh)p@o#TD3K_OSM@oVt1dlu)+ym-%^DJ|3GJa@KxvwzjE>7vmXZYcGSsyxlH%L_9|2 z6zdS=M4k{oTouVT3RR7ISYQS+rBaRPyo?Qx32Ca+`TH`cgkG^& zwB|}l7u_@0fLFFl`?RP-nTq>9vUFD(t|tc=90Dld;nBh zi1Zh3FLLzuCb!Dfs=~_Lkxv_tWF1-X=$*CX6AH$uu->=r#ky0z1XlbXobU=OSE3oK zYGlq%2Xlt{Z{oR6Tr?o-2)F}FNYDb0JCqo<@i0+?eC-<`-Km-6gW}$6tKXlccdO zJXF|!5vTjAmA^+-Sh9tZ^mJnHTl+!(m`pt}f`L3V+nfMSjSL?H)65;usovBHo$q@M z+R;L{pg=NLK!U%nIKa5Uc7i)#t|-~!=7>hR39OM@Hv%3fZ=4dUk@zkW#X9b66sg7A zyfp3LA*LZPd8#+&>{I@J*aI_1nQ)!^+{RhFmcYWA*d;6s1%wf(*_7)(9S5jkN<%aq(-e`{+Y}PA!RkC&ZefOmrARh*(WWVFv22E0KunJ zcBzX`lCho4TACWd+Ee@5n3tKkU9sf*jfKA4T1Jp=$;Yu&2ojeYzzNEiMsp^- zuBO9#p!T7>96_Kb;GZ}xru@bhDIOnOIoxk`IUqnhV@ymGBEJH(d|PXezSkvB$#}r3 z&VQ=gx;XvImiF0KaW+8cKneuCz-EAq%+_J`?$dr7C}!=p)I1oqJ zEc`J4Wliq1jM}si?9*u|CLAc-uI}6mTv}J3%)TCF?ZCXaR6!HQbryIrR{$qKj=O>F zS!Ldse@3CSz~Of`5KnU3Ec_T0E$+a97V4y`KtCw)!egDCd?-XP>zUr#)fr~78ZT>|!x{nbLcA!=Z>PeaV{5vnaL-lIRGl83{UruSWj z))8E?zJhi8qfM0~(0>px6}#mgh5oBn#t6QXjU(KN*bnuM%e`|9IQZf69qbY`{C%JQ z3=-pQ56&XInu^CAqny(l*y?Qtybk1`@uCS(1adR|1MzBW${DILaIRG5N!nDQ7R1g3 zoGLT|Vh~>v{d}E7HRcj=HDTl?#S+mdhUw`72HGWO-dG|;_t85^IxwK z8-F~{leCrV)4t>Ni)yovZK$^@>-ZLaG2o|^7Bgf7}JQZ ze{SN^(c@!@Xat&)YgDM=-cgc#3qc3E+v!)OyEXI!Jgh6BP|ypA@RA+O$!q{X&2hc8 z!4BhJl5Hd?Ldj0FYW7?y97F*kGt_SYA&ph zU77%XR0Q8(k+QOK+hFJOxI12B!wyNu&rGe@@+K!IzdRxd)qt6sk_Ekf zmpgBSB+gt)O-~oGkbT4O@j<@JA?lSQdJ$=zcq(=#`9(m0DA4;fFB9JC>&|mkrj{fX zn>^Sra(F8G@mZ*bWEAHTp)?kiU>fK*ojG$xG0#+}?x)-f6f8mR1;8M^rm#3#vEpK# zH>3%Tx|?BD-*`>Aql?%ISi=-aZoR8;&UXSD&hD-~BJ=VuNjG#mB*}X@G$LvAT)c+e zS92<%66gDN53@UcBz8WsJ>tGjjR!WN>97O&;nwprm}03oCaq+Amk;+#3D|ARhhJ8i zK~Rg3pv*q?o!;ih?&4Ht*6d6)qK8Viu~F^zD`wM@a@(yA7p?lvYvEme00AP4#DmVn z)@s<7kp=pT?3-_ozvdmeNC)%{N58WK7vj)Y{I(ra_Z^GpUy|6I$+3)l@O6rR2XT`A z@zX9rh2RsoWF?!{kv^)pMEb62>`~ooXH? zy_G~piPC`|ygQgOTp26=%`2a2kl^hXxeG%OV|%r7s{``@vbh=c*1S^m(FkWKsEpPg zX1I`LqkLcfG+}a_*r_(ziyTw{DpDAf6Hw1$<)In|TqEfKfJzYf@_3Z{xUK$Mf}tc1 zpd7hP4BB<>2Cy+C7%@}ittGM3y!PBDAdWu^{~v|23J9lB z`7mTXZmCjdcYa}z9sQ-gptS`d6gclxi?6GZ0g(>e#@kaB7>Roy`}=+-h}cOx&4wxj zjt<<;nU)DJ>hG+)45GuyobESfS4*-T#}C9OD7!C0t!JbxyUXE6Nx}?AtZ4dWAE2uY zj}yOKfm@BaGj~lr<)@wSU?wsv$lyYspAx+kNza6 z+L$!~5-bWQn}+h<606j`%GwDbD0^(rrDg_oCsPyrpxopSEJA#ZA^-2vZYI4%HtQg& zXPOWbcunOg!u1UzXSI@;w&n!b*I@(S{)%Rdx@Bi*Xo#&Oe*pu^qgM|vnmSL4XgOXZ z4}baWl33~Q(Kw!Tx}d?#(PTkFhY_ZmkGq>8R;P zL?xzHW*+!>Jh(9({zfg0Y|e@9e%|Xp444e>i@fj)QwAU=+uk7o^(X;v?< z0#5_y@U(8T3DZd~d%1>3x2NAK7l2UKc zs+BD-xsIORI8+T-a@FOhY>;dZHk|#OuQIJv|H!MUjHh#F2o=|BD|2}2sVSIjkE_or z_X5W^^~H;C#jM=A=P%N$#ya52a5AVCVPy9Bq7N>(o``VpDjVwA9pPrJRa-f9P@v*R z1632ERN~oV39s1O+`^JiLP~ukGgMUq2%bdh+OrH9LwC>qwN>C_0ubj`UMU$&bY`$QBWaCgESACp2Fe_SQHmXT)G{&Znw zd&TQ!h)Gv~pe`(God4l+v4(K5=%UebrtF=7c37{qY_)=x%qW@8M|}MPafm@o*S(8lAV%#$Z-0u?Cq8URVM45z8&bi9_f;4iGaNZ4;yvB=v^ zmiD>v#Le5o-TOuYErrpw9-D1oyM=cbx64jit;Y?f{9gfm6TT|h1}v|-Zz!l zCIMHL_2&*_L={bz$`ICYrXPQ8m4sajcfMnia(YA?VfhQ*SiI!dvG`@0n$MXE?+!k( zbLVOqY1RE!Ec<<}7-Bv#TIqqfT^A~J{_v$6;%6hMSaKHy`kw<`OL2m7ay8ki;8G0X z7|Z&XdTGNTP2zrFj^PtraGgm$Im&{jJ!)}L^4_gMFD2Jqq8AbEl4s{7vtl_Q4_J0w z!&BqBN1uN@l{-W9cC*lxPW$s|(ZEz@;Zca?N@r0PJDOgFu@~S`r$c?5o8ognE08ij zelxq^8Uk6+Yy*dl+~u5^H{4=JPu)r?xgBd(+TDqS$Ytk5Co)@3SvhY!>Q56>Hh4C0 zu4IaE6d7w7t$<5k62d`VS4+}J)E2W`mmNub49pdZikwa%C*C4Gk$~l%FX4!6^MUz2Ui$!CrIwyLr z+M8j(V-p+LFoCnxvdkvmdtVk3U;PSU?C>Kcx$PW*%7a(f&FO@b(*tq)=+TWpRZiy; z3B6qj$P6GRRLn1zab~bCDMxbSo3f}_%%3cqK-y?$(pi771hs~V(c))SR8K0*Uld2qf8#y3{uF4Hz))XSYEC4#>3RJ{yXE{oJSu_>qEu&)}0gG4DW59p3vsZxChr;*X+$->mrIKxC zg2)oW-0{2t-|1m4szRR~0YfbTVxo(ZE?d2WC0wzI87=7G%!b{w}P%OYs8nP6=jbu61(hSR>gXlrez5``R$2J?bKYD4oi~ zLU`dL*)-{#R~z}OZTR;_=LIRdN>ci< zm-m@CTHJMtc0C>;t5&5yc$+MV_JY9~HXaK9WJB@?ewE=nU9zAs@$DP$iyn0+xsb8E zfkoTJE`?XHZ2>#*Z(LesOI7BFPf=MJ>4}sS9ZxPOgdA>7MXqr{cGS3LZl$X#vYBf( zQBz-AMQHgIl0#}j#&)Bg2v}?pto6w($ukod5fR4A=nAwB8lcn9QWOqNjI`0+CNAjL z40pPGQx%Rp!@&YgBxG?tA|Cu6sISmTMsw3%2y4!V-=_yWSoUki^A%8CnCGS#8>^$Z z1YBz;T!B@C9Kw+oXE(9Jc{`vAKyY2@VW1&eB`V%wwrI*TiU>d9N}l_;m7FUR*tYyT z-w29FpoB9nC@0r8A;lL;let?@9bB^Zeq2=rKyx*_vG{mGChLXX*lD}VKWvLenCMbV zfbSaOZ~@&FVz<8(6`Kc$f+mgFsFAL!pqFeee8Io^> zK^6xMPa<1)c(Nt-#}r`q0=hpY&`n+e{{-5dv>^-pEIcdTbNJtLWlk;sX>2qSI`TJD z=2_-A%L(AdSh6#*~2+5}7!F1Af7-K)9*l5UbH@8Wj&0DuLuL;Q*n}lt?{)iUyX79m={&lP)~s zdD^Xs)rUwk1>~w(W|`sz(fnB!d$*Y{wGK9032j9K?gU*7Z}!znX0N@_!#ll8y5UwC zCT8IC)pS6TL_=tG?@CFJy8L2@MH_TTCAT)$rHfjrJ#LGBrH`tqepgXgSL2?-vwp^x0BGFobVQ!O*3qdHsaIP>8Y&h^ceeH482g_LZ8vk!-;fzhP`c{Zoh=wn zn)`L!aw5mx;VL<)O=KDBxbKS%sX^gVh)e3igD#^IesR*c5BZcr_m{ygyKR2hlB+ev%V)o zo510zg3Md_@w{#*SqnKqAduesmSF44QDZ&Y{2?PgVBquPr`}5hW?h?vKW1R_X|@Bs zX$7g^@Nl0C9<}o1 zaIOaQNIbjlFpv^YS;_tfSEggebacq3u;G7IcjkdmuW$di6qV8eJ9 z*}@cth&YVhphYT6N_J5WO~}3uMwYUZJv&*mhKzN1u1`+oe9t-GXFJdHdw%|!rZns4 zzVGXOz25JuZST#UccI&GUP+~_+gK3!O=KH`!w0@?{?ntxA?Y&FM}!3Ej?Ls0kyP8v zvW&*YS>fqCV&HuXCzO&p&p7(A(APCJl=A|xIHXyVs0{d<>OF|LUAJIJ#Z*>ftzwY2 z7Qhf?;A#>JDRaIRZ-QWLn2{hIYG~4IfkkGJI6RClO;1>#lUbu=5+U#|(4296Znkl} z1{uifrsd41F|0*J~sZ9SgsbkPBo z*3Z>|^SMkJpJ#xNkF}(>gywrc?~P~~mt+8OfNfPx zcm14=WG%l{kou*CDZXHmgs}+7BNW%z{(x4rWAY7G#*#@tPPdz$p0D+v)lrXwZi3mCu0MW{UT@!@w@_21N${li;g0gVrlFa|Xn z=ITF7rTJS(p8vV`=I_9d)KdIGqr(_$cV<~K9#emwWW8yO5~j`4s5{H(`&UY;T>?{{ znn$F;*qzU~AOFdVytJj(pl-uGJhPf4d!7lUF-_nie(chLZ4m5GsbdYrIvGt~Z7fVl z(lr}o((mGDzQZ&)n#da~A^6Ju+KGzY%^XnAb1rLA3QJ2fyLv=DY{>CYb+6ERx9OYu zM6ZJvAtvCGdfkK3%x4)$FCSI_PV*S4%3obQ69s<=8jE@f2JWFkHwOM~yn%c5Z!)M`=FeTkPr#y}~!8$m$eOg5sCvCNu$=}p6;Yb zYd)9xv90580?9nVIGKhm=AXZ&y=#-YHtKB(|KoP!vXzU4%v06uuY>?>#835C4hMog-6!DWH56=`O@P<~>44Kf5sF*8^hXyxI zp3|KdlZ2|mh4J2p?zTRw=%{y~>jT(LMh5ObV_=tnFgy&HQJ~-na&X)mI@m;XthHR> zw>#3xcffm8x_jDEX2VOmSg3Ava%^S9Pi@OdRgY0wx0dE#0ndO48#pkudvPJ$34+N0 z0XbGmMg{^18x#PDHx88O-&}Cy2t%X&unnban7lK4)=5$))0_>o6w`cY8GrfOq<)Y} zFYhYv#9|+%h4fn%DC45(Te?#?9GuK+Pk_XE+7($IBYs|XbV z0q}jXg)4&t4pTgGNCLV*agu%x0|<$MR;ypr%2SsG!)uBp{B&jOkMOC%y7ujT$g(+KCloDyW&#rG(8IxykfD{ z3MbPwivZ9-u0XgpX8^!0V)Zi@TpbQ+z4kf&sX5fbP;DR>U2ZrpvJBuyuBvuVYo7X1 zoCj_P+zdKAzN`mhd+veI0tUCSaQB1i@=^iN3{y z!BFU0>@KB?O0WNAc|Ae zVdB91fc0bWDFO$5SjK%q;MaHu^vCL&8u=?%7~rHq;pTM%8huW`%aGivHjB?idI%9Q6C8Jt`|4PsrSG2qCCaV zEhwnTI2y8HbOg;<)7nlviky%+Ugvz+K+aTOFCxl!P=!wMc$ea}=6|>}>#c z)wsPJKEs+&0ZKnw#kWVK1>!r}6r|b)D|^qu(8ggSu2#F#ARPcuHMM~(io86Pi5?@}Rc2TRfi1*e!#pMT~c6L^~Z z7uFpZ;QNK3KhU^%;M-*ZG$p2pp>^$&?nqe+GKC<@cz2DB@_%SbEHl-N2& zEIQ&l{v~njzXt8JeJLi=S$DE?Uyn(n$?8QJ$4YA-wqr9o(a-sf*$Il>%0?wpL#Hiw=2P6|=UJQ$6bS%-p-53AfhnP98 zndKm&q_6bV_`h-l}*lWqQ&-< z3w9{2?nt;T$8}6+*2|Tz3ea_e9!yLA*&WST;b>|9&NI?74?8{mu}}gc;@lAKvDyZ@0P!r0d;bV!U7+LUfAN$g!^^bDI*J zawnKI8=!XuI(DDE>$iX#a2d_s=LW?&$<5@*^_RT&d^hD)c&x)_hJu`!LF2oydcoKv zTUCV>UE4M`5x`zP3(Ev=K7=lv;I%`-SP;Sl44|Tu#Fv?$e0f@OAutBISMLEwNriJt z*Lv^Dbub1$S?;+F<{u>NM)yWY`tbe`47zjAKgKr!HAb9}E^{>6^4EWyN3%p6>uefY zP3VAQApkQv(j?mU-X?24=<|ntmaCXX!%zv??f+hU&5F+WruFsn!v-jQbgrB2h7R`Z|{EiJnc2f8c2<8iS$t^FgM9 z@x+VaL}&~Ee1tfzCXC_g0Q-p`j7t)aKY2kH0&(mt^LZB?7T82!iMzyNwphnaR-rV` ztZ7R(V$)wrS;~dEaaz45QVtE;O!p%cdhak`+9q@|YLkF3@=0a(E zcOX)mz<0M4M*`cZQ^Md;hLzy~Xl)=VNfO@uNz^Yw#RBBoZND%>>`k@p73JD+v1G7R zU567?AUqJ@N+EU~=W+Gh(LE74Y+lL{?#=98PL6(L*@afYiFzU12x#jD_;|Z<%$HkuP zlo8p?Ll9u`i*F78jtL1v%{$-%tin>!d=!+}oe5$o9Hd%2y&l&baEq1-SZ5KPi20bZMrkl z%gd_!gl%8U4aBNq4?5LUfjqagaCQ09B;&$y@^B-DXq#+y0qILrbS81{DoKnr%%hCC z`}hR|o=l#A-HP%p6TKP#waXCdKOG`dKxs^6wA|R-T8q`Pf?%fi4P52)gtWb;MG(|S+HbjxdGt@ zCcTc)yfl$l0MoxhPj8^{HV8`9CUu#ikieUujh_1Wj!sek z)oswi<2S2QNA%FO^5*Gl^J9zx;5t-IjB<|_Fs33%-CzewW|lip0`8sY(nX6V|JEHL zcl=#m&uCxu-wUlhu}^1)V4REuEwiX+ zOQKQpGiF2l*Vi#acjYbsmWv!cSJxl2$vr;hl46kninaf8Tch)l|HCuux#uHAyQvm$UjZxk!C))F zeWTZ50_-artk%ifGQOu8Z(wqav^Gc0_=>ZK#v@TP3A7tgGnxMsHDez~0jApjF!r*` z;&<3f{BPJxG1pJ*C5hsA4hZQKqSVApuNSC8!lpFDn*Wwp>WTz6XzbsAIkjL<)Y!pD_-ZEHdGmi z4WRkQ#g#GJd(&AMd;7ObS|hHSxcRp#mAYFFDr@10ndIaAoI*?!I#+2iR*hJ-ZNeVg zVSMdyh~G`Hyy8**yQ>|-d5gG?9zBZWFCq3)7?rdY8I=TOGP8t3P0Hz4k3swg>3ycP z(_`C#i}Vk>trZa-B`6d}b4GABdVTyLWG)$ZX3HcvV#1o6FN0C{vq+sDgoiK*ud*N& zxzvz{0+3qxBnNgU+HjRCU{qk|o|8!JoK&)O8E<{_4!rDT2scCSi2Pc;%sK@a8%#V0 zhdxkI2gAjfq#JMmy}To*nQxwl{lm$N&RVaUZiF7R1+T?<0*RPfeZukvrRcv*ltFMV z!xYAGne{DvtT;F%dZg|%OliA3EIM;==|@NiRRe)_nmJ)^6uU}IhQx$OeTxa{Re+kd zh;`qC`u-PCz#6pm6+8^rUer0VY zVCq2tEQW*97XV{Ex*6TRyTd2%O3CD{%oLM3I7bw$e3pSOpcU77-cZ1|N$(y0goH^C z*hIo~{R(lK7t|gIM2p)oyTKGB5(i_rK3|pPc7&iCXU(%&wU1b33#?EmfR^2A z7bH}q!Hs08KxZt35-i=>zJV}Egv7eb{CeUW!q9JqB6KXC2>J1CNzT(V<7OVITQNmf zDLpEMqQE|`^D=-iTdIirr&1F7t5sgLGY`2f8nDdH|AvMkBT#+EW`@b`#z7Q$4y=&6+I#8-SU$M3rSNsS$NIOl>lMH z?*~PWv!q27EN16&YfR`5Sooddk;`8<7X(3h&tZDVi51EW+g z{&S$r_TLA}guVTJpv;GKBv58)_-CL@uDZQ(wJXu9Sl z%db6dzvaqA{2^CHRs+eEL6g4smGZ`BoGxl;culM2X)lNZPXHSuRqa>M%xq4JGvgW8eGu zjwfYrYOZIW1g{2g!xbuXKO!$0&9<+lHtP*hF=({~ zE#NxGXNF2#xSM74Y+Fb3+HKbGY;x43^()>#gvRKW*o4(`@q^wBr88nut+cwnRu7SH zF!tzwor;k)_-iW0OnXNQ)^7Y42Du zu__uy`a;h%<8msgdP;$+v$}fA-q&Z2jJgpIN`F_T!S- zUjpPAQp!N)+boUs%n%0LP+%6s^QE$q94J7=lSNuy(oMQB_Gp+kkWmkEf@igBAnvdq z92po!=dJplHIgUE)1|gUXs0+tXaMww$mDRvBHc2A*eM36@Tzt;!o_9P91U`&{KA9B zRvy?!j_GP3Lm(XU@iVlfVFJ>x3 zktifQSvER$?T}#&$9#!fuGOnusWD)4>bB%dbf^|HcPLV59zhRYiNz-ij@F&eve!KSxEnEK!MitDaPQLm=iO=cFu=y+PDu z)Vo=NQU)N2MmA%ixJ(jK*K~@m6?SRI2$$A=RFsO~OiAF<(eMF#_%DP9b3H1RgGeyb zaN&Oqj1dVrquYAxbfGx>H2WD?K}<#{GNk5bOon&c2A`1yTS$Ft8x@R3x^HgTT871X zsQ``$ZdSW<#itFf1=PNwsW|eI=|1c#X1&t)LPlu&mzd(G(y6GQ80p=A(Td~7vhEnP z$nkgsdLlXDNPglQZkgkcpO+*ABO!Js=xaVNx;Ca}nYtIwc+^EVXR0rM)Jk?(kq=2sPu~Z9rgUF3 z?ar&|+aXDDwAIU&3?|y~gRk{lPR_4v(&d&J2aNtO6zPm(A+g0^xkXd3Op>eF6~rW8rL<@@?2MZW3p47|R@?+^jY`0Z!Y*ro4x`S|c|o_X-& zZe00h1^dV2{ZA&9G$qDDBx?7^7KAXVe0n_bCt+gk)IHw;->m!(Ik$|ykwM>{Q3FN< zU31`j?o6e?&&-(79rnLRDdZt9ckEbG$##EZU9F#=?e|;%XYiZ912OrFgqy$kK-Xos XlY>SC9x1eu!Ow+rYVyfvQMdmM!ihY5 literal 0 HcmV?d00001 From fcae8f36231fea4360c370dc5a5fdb2e66a929ca Mon Sep 17 00:00:00 2001 From: v-shukore Date: Thu, 9 Oct 2025 16:01:31 +0530 Subject: [PATCH 6/8] solution packaged --- ...ion_GDPR Compliance And Data Security.json | 2 +- .../Package/3.0.0.zip | Bin 0 -> 55887 bytes .../Package/createUiDefinition.json | 103 +++++++ .../Package/mainTemplate.json | 280 ++++++++++++++++++ .../Package/testParameters.json | 32 ++ .../ReleaseNotes.md | 3 + 6 files changed, 419 insertions(+), 1 deletion(-) create mode 100644 Solutions/GDPR Compliance & Data Security/Package/3.0.0.zip create mode 100644 Solutions/GDPR Compliance & Data Security/Package/createUiDefinition.json create mode 100644 Solutions/GDPR Compliance & Data Security/Package/mainTemplate.json create mode 100644 Solutions/GDPR Compliance & Data Security/Package/testParameters.json create mode 100644 Solutions/GDPR Compliance & Data Security/ReleaseNotes.md diff --git a/Solutions/GDPR Compliance & Data Security/Data/Solution_GDPR Compliance And Data Security.json b/Solutions/GDPR Compliance & Data Security/Data/Solution_GDPR Compliance And Data Security.json index 43e17607e73..22bd83cc223 100644 --- a/Solutions/GDPR Compliance & Data Security/Data/Solution_GDPR Compliance And Data Security.json +++ b/Solutions/GDPR Compliance & Data Security/Data/Solution_GDPR Compliance And Data Security.json @@ -1,5 +1,5 @@ { - "Name": "GDPR Compliance And Data Security", + "Name": "GDPR Compliance & Data Security", "Author": "Microsoft - support@microsoft.com", "Logo": "", "Description": "This workbook helps you track, visualize and monitor GDPR related requirements across your enterprise. It consolidates data from Defender XDR, Microsoft Purview, Azure SQL Databases, Microsoft 365, UEBA and Entra ID solution.", diff --git a/Solutions/GDPR Compliance & Data Security/Package/3.0.0.zip b/Solutions/GDPR Compliance & Data Security/Package/3.0.0.zip new file mode 100644 index 0000000000000000000000000000000000000000..776d0b4e5acdc98c0a2b7e4b5c215a05843a5c30 GIT binary patch literal 55887 zcmY(pL$EMP&$hd4+qP}nwr$(CZQHhO+v{1j?X%y1@Kv2jQt3ekovOZ)zM~)w41xjx z0003n;VY>fjo7)u0|o#9jtl^R{@4cW>mFzDk)(3Czs-Erv7-mfC!t)2aFq<|R$ z%bWr*WdZ1r3}j)N&YWQsb17m6%ScEAxtd+dge_gSf$h)Bc)r7B)CSVfF$(ndT59KW zwMsM#`}VMlpjbAJ4wn&%WuR@ol=e17Qt>-|Yz^u0oonFC85;lHGvJwJUj3z|K*>&;_~ z%(R59tcJ>|O2g(M!86&NjtV@ofc--2(y-~_^ec5)6&#dYeYUE}@>x0CXNG|C#R{Eq zkD^sp`6x_AODh3qpr4dNv$^SPuVYxNdD;4GIwnVw*c%<@1_DOR=tY>OsjmRY6_+e% zp9!t$5bsd%l=#)0aXDwQl_d|^(dpIrZnMddsLd^>Qi&O%o4$cKn>>#f8@P7xe z>?5VQza>v)g_rw}`BV2+fGZ0Yc0iL#*s1K|Tzmfd(Oh-d?j2U}%RAvEaF#xu51EtirmYTp0q5#1_#zQ5h+-gjYU+Y@= zGrLNweFB{2q5D)t_#$k>1UO*nw8(A>g@vvJniSn)z3Sm-wkBSf#i36a)R@eV*|Qhm zi1I^v#n^b;0{jgzZ_-!|>{xMOKL_qV2Xgcs&uhJQ?+es)_#Xk_RI;ftV_K%httqs& zgJl#opI$5`L8BcCM3fkFncnyYv1}d?ppj~tMsGVw(11gI-AP4&kzhnK{2?KPvmGSO zeU1#C<05ftm$FJ}AD{$3MZDj7-GE+#F1D+}6fZy<-iGaIyUkr)Gw)L5874KRHiR$9@H4c)t9@=-1l zmUb$pwhlJ`Vdwv$=DJtY8AmdU;FXT~2OM9e8lZ$JAZBJFTDb!Ao&v3Hk|@hSbrwso zkcWr|X)gw59x5IrL)OX0#-=2k6?;;R*^GGBqSk%(RZ!k*t=UiN5Aa1^QX^i`AVa_y3=Dl}V_+xqyL)=4Tj6@3V9>0u{ z^L|6a_bB`(jkiTBZnX*CmkDwcW~-OrNHPN1>E3&;sNOBh2q<0@GBPP&Vumu>0Pm{+ z^sl@xUNXoxX8>w%2p;0*pQY2Jk;P|<7vm9)L_+Ah3zMPa@=FNb>-ANW1$CzS$sDhVIsX^Qz%s)JWVrI;ov92*_86Wg zPVs35Rs72VR1+y}Y8VL#aowQ!KCF0JCleoKBQHU5x$kho+rW~5xsOfd9?chST zuHi!}Vg_VQF;B?zBrvukORq zt>5Q_I~~iy;8qn}aYU^YE-c9QKcpvDQ`9tT^ zgyGDriT(`kg|q5alk$wd)q{Xi1oHkG_WY|a&PT)DQk$#(Dy3*K`R|?`R6jU5VtMg& z2>#`%PkUrcYPveXp0y*A?D`zpNbpyq?6+ax=dv+Mau`PHT^-Ic9w_nMtE z)}ns7NM8=G@d0`&HT$~WVv&cvs_`*9z1kBG@79u}Il-TekWt{hLxvrbD7(X@Gn-bc z(I{ii*i63H#n5UX={xIWZV06BtQ~ZmU3;hZ&23aafoG8UBgiU-b9Zzdf3@iZU>a^$ zPU)cv>kj&zsJzC`30U^=!C3YRjgn__Y1`>()P|VtoIon&>`rI6-V|@Te*Y`Niu;RPg!_c#TXK}{U;S>vFe?#eANs`3^9y3omd27BodOm(bOa$mt?{?(VWmFFqLqF0Hqoa31FlTQgOfM zdygfHq(MUa8TaL2{@o5YxMtb_L-?!Ul~1{6 zpD;4h=^6K%ULP+ygKwX+{RYo^{Jqbao?*cLFIL{AX)cLL4qOVYT5OvV{YH$%gTfSz zxiULwPBe1I7DRYasa6iG_31n*%lm&xl02lc&ba&KBzcgDB{iY5ii`V2!Kg=>OysE( zem*>X{P22(2Z#x@|E!Uk_mSxZcQiI4>D5RA5Ekg8B~mQ3h}-=8oI!`yd%cySLPPtI zp#Snd`6B)LNEVS#d+BWdiMC0`#;(Ypac_z}mn+7Qr-xH+CA~ok=iRy3jN7;F4mf!U zZ#!`TwmB@|YWdagU%K}MazosI%zd41w}4-KjNlt>4+Y1WbN=XUW4VF#t-1yaBDj3V z?PEq@u63(F3C((6)Aow<;l?|{NDStp#`imL9yTl@9!kRCY<+xu%oT11;}6Nt4pDr` zq8O!zEHJ(mR;Iv@h>J&n4eI?i15~$11HAs&AxHic0EFjUmt*r2O9~Yu4oqx6;rdP1 ztup*~Ng~T{+Cd>Zvu;~AbPw8U^|tLa<)OCIw!{41BbMNRx7&X9!P&B<2v1tw()Fy` zC0!%ged=hydhX^*Z$X{q{3ZY{X}V_^{bYnElXx%L6LvT3i;fs+{`Re}FAPW2k7hs` z_*h{sGRW_I@F2)#AyY>TEC4n4&VYSOFMwO4EQbv0pb)ep9QLvbKJr(-V z2w%%7{k;+Ni!reZZ{-2ZLH?!G#C)jf{P7Qs(Z~TFL|%TOdUT7}W=m-2{L@)`>fTyb zP>^xO!8uA#2_kDKBVxRthB9Ky2;?+*xIt8of8RV!G*{m|T>SBVWQF5nAShP_=C&*b zmfrD_B1Sk{#IE-#l64e=eu z^J}Me(l~%KPW6BBc*j_RmP_ei5Be-p7*;GIkROC*IAJTAat26nPzWG5ioI&&^I>P&8SP_ysGU z6wC|Jb&jZ~jOy4k^=ep<)@k27=Kmt|ATI^Qv82PX}>$RUE&)CGJc<4BB?{ z8$?B`BexlOoZe6JspNpYehKPZw$|P?M9_%ix6lsG+iue85a*e{a&cVW3s`&m<+9$L~Nuo|B1ynMv5Foh&;vgv?OyJzjTR0xoBx3KR=K2(IXeB}GXJw|M2j$?3vUm=O zRSM%J&q$qvoJDkNxKo~lw&;7wOqq3hWP%f(?3_DLM&=?Dl7AH&oYN_zTz~D(h+T%R z|3}h3v4U}}>Zsj5r+o4c*%T)&6t7{@Mz!Rz{O`(NEOzYe8f(B+t0XKIEGdBSFQu6f z4ROSX#f(vKkMu#W`x^FOg0v7vtg;IPxVRJ8DYTfx7k(?|x{-s-XNU-2B7+CLMI25H zd^X0L6YaP)6Y=jql2BIMy~3|BQ7bm>PUnl6L&i-J#$Gq}fbs_0dBO4L=1U*dC>m&$b8#?K;)pNpdXu zi{E8q&*^fw2WHB#Xa~P~eNoqm#S@2jesqnjlM7_Y8#{rbM2K3{_g^~U@p1NkV4*+& z?H*a!H(c&iWsfwo>k5Nch&qh7;)J`@2u>5K^&dTZ*)Fx&j&BC2m*GrI$rI#I zok-1TFz=rpj1IUd!Q5Bc3;d)QKMEm{45{FMjFGa>yOXek^srycQOb{|V`voTJ7hE| z@C-t}IPH(z1rbH*L#E3)r|Le7bNa)4=k`=gfu60UHZ`hFBdNFEeh1-(f%a%kA(das zG;X-wvC0?lFJjXHV(*bk^6O z1H%P({E^FV-pNaE8tXNuZuQkRzUA|`VEx7}g!sQI{)hlVybo;$XK4!nUsh?~93Z%B z|Ch&|J53mjcKQV@Pm~K|`^K*OhU&5XRuy~Zn%wJzjN7lhey?Z2uKkFc1A=Dh?jy|@ zUdLMEd*Bkh@634qCUK2SjeSa*X^`Bj)^zjK*=IfQ#>KZhoHo0~W*V^f+(F`VtpNX7 zYnSjLymw8^z#z&np918VWU|}$1KZJtAl|P?omk|8K8pLQU8_xaYvgfT*M>7MoVK0+ zp0<7c()Dw=&OUfvHICakM-BW9h}r=hcN(*;@dRn7F)VJ^39Mw310nMT)9I_G@G zQ8T{AqYo9F2A*qc@);TouPADYZU7jkui5*7`%?QUHN)7S?`fb@+K4iJ=GaIJ^$D*$ zg*Xk~0R&HODK$t&6cE^++>i`OuKqi(bA-DAJrY@<`?;Z6j_BQrx%6N9kL2^gG;$X;>1HPI{~0Fj3cB+h?BGL^M4Uou*)rk zrydfW_mqiwNK4SBVGL&=F^*eb4JozU0@kMb87~}0ru+gH4B6SesAc+wF3F~{3$3n=n z)KPg)9^bF1V-ZJz^2*_deOnP)#?y1!vtn7)PvKr)eFK{i`xSIgI5a*NGXO%;^ugDe zLz@eeC$dBhpk#Iv(i|QnE1$g2WM2d;Mw}6B_h3z6jNfb3=!votZBW~4^tECh;za{e ziS~!1#1jeB=Ixbuo}VuMjsHc-JwtzD;YNqfbHn{G8R8!HE=AxM%vhSu$+avpwsH#j z4`6~<@-i`tpN2E2f7<_%J_RaFM2Qu9THic(F~|5+KGue@ z!v;#Gw0{gLaO3pV_8i<8o3jw$KTvsIXdV89V*MUbN9!b+AsfWu@s1ct9$-eZ!bt{L zk6(nZlkhf&;o*GINCs>U*MHn>vBXSY+rkEw@Rj}<@;wReW-Tr3^{IMFz2|gaGt;BOvk2dJR+P9SEfyiGx=@ zc)bkjV}s1A#*OofA+iJO+Vv0VJHcO|IO@dv-@3v8K1uZOJw40@@5}waXMcZxKl=*B zj!bCmSfpw4NONqdG-fateI4t47WO5yKV8IhLk5@?~$alvBhG(AZ* zJ}^xXQgn_)8pbOY#~j8-dB42bMGqoa)nD6g{k>o%8n|NJ!7lTz7aJow_+yg#li=IM8gI;vsv5cbM`a=%%;*Ng+z_ z^rkn*RW{A>pS8LV+U1Ar0jUZFX37h(UkYrGs^kUige-?PviiWe>Lx?AAq zBOK@aKlFdyK3a!zB#FOl+&Fs{EQ#pI9bhp;PPQ_|I6r=w?mqq3<;iYv3-QSbhWd|Y zEGuw3iULQBpQ89T^aQ*^(U_7Ch`=_16=BAANWEmu!AU!mMHVU}Ox@{-<#!qEC#wK6 zL`lpo0 z=uTV$saD1gZ$a90J^R5-u>8T#k`^qXH-8s*zm|FwqEU(LMSGUS)yr2}ls^mT31?&| zB*HKt?0GQy)~7YwWIIB4!4WFE*!KiCz$&mdhj`!W2QJmQsVMY7q_d zB}Vdmf)U}8MiVH>4|JHXwk#s#hr&`g8fgD`Nt>liXjpiii~W`Wmm?@UA?}cZphEzB zaAS?Grwb_maR^<`A_P9&i=f~bErS4kI$c$doyUen&YGe`dZGv2mb47PfFw7`4r=;i zg6YC=Y7bW;bIQh{0--d)jXB!|WOIR|dha2hUkWO=8dOM!++LemT+kiiKXmtHy&xn` z`l%lli8>`M*`UkmSwS~7pW)>Nd!Amk!MG%QgIOEosvPZFO!R<4<6$?bu8@xssMDJ$ zEAQ$DCY6BcGCQ7fN~EX^c`}4+pgF{u;!vsq(+j)3IS7ftv>Z6V1KA_u2X(Ss4_gPL@Wt45wLUgbCON@X z6`QG#^PSw{ga4doJH6K*1b)Q7G{O+TxAt1?-UHDP2m6ZlxK&}IT{_0fr&Z||I7*%= zt+19$fZssk{MSsPx1SG_YF(?kLDZx^EeOY@{%%3Y*&ey;o)P{tB_~mI@VMzng zeanJPYEY*BPO?s`-XOrk(*{I+ZP$#K6kli${P*Y z03nuXC$9ZldHv^^#F0ap9TTCi8#7y$=);0kx`PvY5-X_vFNbM{S3Eaia@G7_UH zvP{UZvgL0%0vU-gKVk*(YZ?K60Da@l*a@-%59T2$XXIbz0MN}{VjZFR3=o5Kv&s$t zFAP6ZFo;IEdq7&aOOT_hKPXE{o@p^*mX1QQ{7Cd(6<-ttqo2hMcE!{$wJ{b>yn-!=Rvs%&zzo}WHqh3R^i&*$LfH# zgs;l;bjZu2&0xb^%NsDn271NFPUtoHqhf&Rh>X7CLme4RUDhGP>{XIZke2EsJ-~~N z%%G}dXZ1a)hz~8K5MB)F-Oy5YdjsEc{}jb_tVFeKJ@AR|g<1mFm&6~guzwa8|1$~esmFEm91idrCORi9cWTN>g4=}CuE38M^q z<@GR`HiTo88kLjv9Ii%L&`szv!mdMbiUE|KWTn5x!>e=<78Bw`qsiEE$i|Q84`i9Q0*!$ZM*j%9HoO1 zu-f;PZjfYynSUyrIPnUg?5&4vs@GZ5tKQh78v~+XCu?(*g=}lk);Ug0O-nR}m_stq zS18{PZINd!WNLlP9|bknqPq~Srkr&I&e6}tXm}S!*hsyp#c$Jz#{pN4GOR=;-;4Fi zIDH14BHWcv?VU;H>H~WT)+9S=_S^fO%>zH9kbKKA)l}VQJq&+*a1P}s?`c;Yz|#-j zd93$cajV!#b+KQz<`L|Xv>tRk2c5R=QH-FPKsm$0&mc1QtFKmrr)AfQR);ABXh|TM zXur&>7ZAEUWRjP(4ei|X=mzS7HTMP*$jxPVs0ksgChH`7%ltQgrPm40$&0rLN7M<; zu)px1U(FElmEd$1hnZ!PMxv8|yC?x8Gapp`yaD;qxG}4OL>kS1h{szSfd0sdal-U{ z99CVKzKM;-;J^I2qL&rRl6@a+wnW-Ect!h2Op~04D4zNrQplBs%X1TLX3fzuTkM80P?ws7S4fjaavBp{0%I+lXLy(AF@q9)&vT~ zHuqy_q0=;RZ=VsI6Sqb-QsvDE*(xStm`Cg%x7rgiO}HT3F5Y(Y_T6Z=AHoxf3(a7` zZT2tQw)H2lzUAAyBy(K6NN0A$8?g!1uZT>JF0c3WmMJ(8W-&1UtB=!`2ms({@pNPF zvwO%h$>lTXTy!36vMU?lpmBIF;TIdEjht>_{h(U>51k*XhG;L8`32f-bBM_>%Y=cK zCb|SI~GYbNo=DX}z${O@S(=BL*n0OxLUmPd%1?Q$=7{CZ?x4gM zZ`vc5E#YecF=1%NG23bl`(tYb>vylfd-WIwZn7OvcIQ=0syn0P6RR0YO{Ly3CDA0; zS;>{0iQ1(hF~maR*N-pmMDqP z#y!e{FeR~o#!|zvqG9njjk@BID>x~j3Y;w=jO-xXSPV;{Qlj&-@<2}oyvH4#0=RB` zBdV=gbQ)6iiXuoe*;}oa1oeyKh_@t{jRrSJvR&V{z6`!x2(1F;N0&zTRG`pW$s8tr zU8Q>05e`UgA`HyrX8kJ%VU#|mw?vnU=);PRAYY*j?V7+AK0KebnS^IT%Vp|I`a>{{ zsbq3H0}{SVO$tj=aq3_saz|1|SpaELYBj-BKtcuh6eGlDEjw(cC&xUP5({nQ<@I>{ zL*n#%-aiNJ|N8&L!`~)1%Mf_SkS~BiqX!;fNJqL;R3{aKju0u&0u+<^&_~k?+2Z0( zmFW;V7X&$%GYk^zghbyLsgVM6n-n(16c(vCCRKGsp>q;lCSV?%AHv3LP4Y4U(5wzL zFAQMuj1QGhu(Gg(ORrD`hI}2kLVc)^zy@vVe8>y=;mi|c#YMo*X>dDG=xgW@lw3wU zgnk^#U>cYF<#r?`o@xw5{Ht3NL2XkdquY%=2XD6CuOlF8CCC#&Ci)oC5d^?C# zVIae&CTQZ33U2<^`M%cr-cDvvEN6GCs*SJpz-64Dz zTDD)pi|G_@B2vgdwKAn3XhRCV$30cG$Y+MTk^8~!SrDZO9i+4k03J%wn0=&fwNf~ z0wm`Klxdss>R|6mhVF?|JC+8C(h?TIq?@p(@p-s}IItvd={Gi-6(+JdWx~GLn;ogPSZQAIkR=J9`AHX25BrPi zRNfPwf4dx^Ak=0|RBeMz&Cu?i@35@vH7%hcIBQLF_XAUuR%DaBvm%0aq#r1a8u;q) zbPCQEUT;LFhJRl4H!npd#HNeY>qA5;KL0VoiORo!NNUw9VZrzPsGZjRoMUtmG_7EC zjV-hX6aqF%bk=vqF!})a>?RftsNpWB(a8NXUz8)NFom$JL-2aj=v43x?mt;f-$;$B zN$5v;Q17DjcsGdA+0e?-hg^pIyM|I>A0(7idDy}X^awW>O7n$_@(f&cI$1H<+=!36 zhLQy76ERWWzTg+-_O*4cx4q3ze#@^MT)e-V7D5oOZGsa2x6)2|(>q?c^60&AkIkPn z;crjnJ@WYyqNE(nv>Q=)J^Q2i4>usHl(464QnML_U0J<;+F`&6FR}!gexsN@4}r4H zo?UO7t3S{|l}cUTj2CRR20VlMgB02~@5iT4co2^!p84mO15M7C9z7i=b3$M}=4y$Y zTs&D1^o-kH`)+^hPLv_H#ztu)!H=AMCwyE;5yhl576v7PjY_lVTQyBQL zPu5`T^FZJR&uP8w9$~!x%w8B|%8tmoHegOIY3LMSg~})cQjy>rBIqmkoETf47|Op{ z(3=$5`EqK#GCE0~hbs(9S{Cs|bbR^2y)kCOPeL3;r~S6I*`A03&j*DdG2nB@lYW#R zC$6HPeh%M`49o#4o>PliC z`U8`kCG#`t6#CJ@Da(GaXfcUwKpn%HN(N9rUc5L%B0N1v0WS$L^1FO!yvWG&@alUH z0sRL+Pw7{J=oI%2d4eTEpqW^RAN{usip~&4H@gbGMdPh8Rmxq7gzg!A|-|#kBbcsimb=?Z((* z)xff7A*W~~+iKGUX{;H9T)D3>$kv%1+*7sHs#dLbwW_tVs`WNa#Ts{V;lDtu^)<6< z&5BjCmh1~h$17$$gY#%E8Y`hzWiQg{e1L4L1hyEOkJxl+H+7Lskyf(3mb)1g6X%{W z#rVp`h(xDmrP?_gx$~?a|I>|Q#tGCs#vDhtw$4E z>{IS!sW_nBPvd32cM-l7f7+-5`0Q100?3CFfGhDFW6Y@RPS59a-wceYqS3!oj_% z&0Id4qQ+OS$gwJgIj)aU7fX+zkd5HD<*b7E+4V*vVdfK!HNhH1Lp#M>To*x9>WMAP zqY3=w$rztq-?XMyD*|tthlLuad7C2R>)=Zk`{F5ANo@>Wy#xsH z$wRrW*jqIQ)5VY6d5f)!kZIgsZZYCSZVE#>W5Yh*zQkLow#ZK9f${jeLN8}-*|yW7 zUu@h=$vWku@I<1?g*BGM70hEK($p{;vkNII=A}vYB-3o59Wtb(p)}<DJHJ22)NB3@zdQ6AiikBX`^#$grC^ zS&pPVpEwfKBf0V-v1-B@(6_i-+?V#}IW$JLD16pUI6`$baxdjR7H`cLrvr9nH_QtCcl58JZs-9|=(<#V z$VYhi#r(hj^akorISe+$Y$3<6hYZmH4KbP~o(iUeKrU4($B_W1&h0X{|xjeWR@XLL4Dh$h1_Bb$UrE7 zR$;un6gL47V01$M`Qb0L%`Ew*$@ zTU5ajR24^H3Dgorb43V*8`GH(^(3$lhB!^9%^PjBhGKyD(5GWZ?MJ@W5upGUB4;v=%V95<31t#(%O%02-oHPie$?sXr54q{l$&*062y~ zZTZ3lfkwN<^XY>2Ot6gX{odg1_cnce=A`g3e~yxiEZ%PFgR zP59jDF@NHtq24l{_0iegV*r;ju5v`x{1oMwFN$-JWmmU(vZSC>*z1QHb4l)4$@QHd z+b1X0%gHIT&6b|5qHZLk;l7F6gIrWli;7xM%|xSV=uDS&8mv7ie8_-C&Pd5@4nK2) z_Cfo(u{9A;8O^cpU2f+-@xy0y*#YT$KIOf@K|@|B?M>y(lCY%%S|#+NkKL6?>YZ~| zh`eZv_C*nSGspVnFi$K24t3bC<^`qdePyiim%ERQwGN~?|DLD1qC@Sf@P-Kw@C3b4 zr2^qEhrO=kYN%4JD-kUM_R{?P`u`Af^xy2xf2_LN{BGl_zZNX)8-eeBZP%oxl)UGv z(^VEiRVjO^if#IISl7$*>0Xkj9=Xk}UH$gyiNZyn)-Kuk%>txVQO`QJin~+hO=LwI z663Ccadgra%_8#(TZ6I=e%h9a=$Fb@D}(tb&@NX7TeWKE;Ga&8!xs^?u&<^^09uP` z)KXTXnzR(#TtziUA!`e{t5Hqy6&2fPKJJ4?hND+CTc_8`>!+(yvA31&eDr?3ThpGR zmz>tBI<;8Ut52;~b!xM!Rh?U{?5?Uf-(H1h)h2?H#z+FC-z;Iop|?<6LSR5c{`Ugo z2p?*Dj*6DbICcaJZEL$8FccL)O>69z8^@-Ux61g0kK}Ll7pM7Hp-SBBD?%r>B6zB| zDg4iCLMKk9>tSh;!}JE)Y!16CwAC~xtC*8l%Iqb+(ngdZdnre@pb6h0$m>TJwqj`g zpYi%H!T$wapo}eSj%pbks|v}S$mZH!Agn}!In-{mSv=iw5;1WJ2V{A)1q(GCQ;_Pg zDcOFW0L7xMUvH85)0CPUj>x>rO86t7CC03amJ!Gu!(>#qrg8l5TyWE3yc5{Rr8N|+ zAOA_-k9BuSYh$uI>ee6qX@CFE@P8t%J^IuBt^c3d2h~5thWgy($kUkYx+?hoPd{6P z$y>jq2E10*m>MQ8_e>2I0CRSQ<8KJ*i0SqFZ^M;jl_%z(ekF;RPnJP16957&3Fa!b zGjae5y_eq$Dn`#AB4sOR&=PW)%jaQ|(@5z(^ko1w)agz2a}Po+5}C|qY#6%H94H)O z?O+V;%nAz@AzDEsLbwA3U&+BD#H9&476de)qE=P>A46=UMOu}rLixHVNmmhL^Z<=t zfE?2Ca)yT_hp-P9AYxkaIJ|s*ab%3yf8(4bb}WKE_%Z`g4!dH2CCy*j2*)8ZPVz)H z>!=CUGLRbgHg{Yy@XBuZsH2PQ5W+9}|8@pt3}A6UY5r4qWq8oOjG8281hB$!fvb9v z6o0KsZM$5hpFHarrZerzG*WFPlX(Lyhz=% zFx*|`+1nPPF}&+zuL%3N3`m29T^a}S{u5udl^G77K+uR#RWC*(RflmPfyIF>3fW}7 zZTiY-iXfv=6?7s?Zi{FEiZv=4k!Cn0J>35IV1bZ;tIJnmtF*bkhcm(mA2(e=qEnM2 z6i09XVIiR=Q6W#v>Kr6e+d<`~xF0Cr2s#bhvLPdfGdqV|4vpso7lD`$WgM)(WkQ_NId2_oQGiHG^068QvJk0({sNM_{W;G;uHQO92e_SKveL6JY=q?{4c@hpX z65W$NM(Bj)kOSr7M4KB)hl*3WMT?g#P6#ji1^^BK7)hpwAhV!>L=A5b9K?|0cyb64 z?0_?S=2!{&Ml_olwwd991As+ka$q@VLY5^0s6J>cg`Z5z^~+VhVd=ewkXnS0>kJy< z*%vV86-ERm%ec7{YeAnf&Z1WM7_~m;WjOBgZNv}9t9tA^H1+}Qtdy%^%_9JIm?a;r`WCx13v;8 z=Oao$2D*iIDZ;f??Jp_by6Vdr|zmJ(8*gw~8 zbmdC&NrdzQs@I)YN8D+$c&~beCQtCsJA}|$q6l{eRjKyj=YTm71*9V7b7C}*0GkC2 zIpBzlpDUw#GopGwB$HAtQ0k2dIjzVP8f+wylXV3=2SkqK0x*uCJ+Zq1;Ef)_%$hKT zav{uvra{oSwkU2tI1YR_Ui%%>bwBTPYytRMX zu&POIDOgPe#ctR%J20U5t7F(86Uvtt2AMiPzEaIh`f(k_=tFc3B*nW=gORpUbN>pX zF}u;?UfD?8|E@v^Eo|Dp=DuMU`BzYD!nuCkE115eWKkF4@_-gxbMa@f8qH9 z3qawW3i^+-cT063+^J#}nCaUVD5a=HVGOJfg35u!S?t8I(Xw8qP{EF6yPQEVttRWU zx{6hQQ*xH_QE?LJ`Sc-@MpgAks*K1@j|d;~8r-da_sR>G`n&}!?I0xM$`;Ug5A_`_*Qv;Fbk(0?qqF*4m4;l0}N{t*IsZ!}RX1*j^D@EPHu}2Q5R`ZDJn8+cVp|?KTp$ z7rne_4qAgG6|H_IgAnV7cIzlPfy_HPJb4rSBwzDa)R++SQnv@<$SW#Y9Zr$gF*1M} zz8D+fA(Ulj!(z?oK@1w2!miCJHaE?h|+# z4PeTe`Bm(R(JBNM0rg~Gd7pf7KApsCsArvQP*+9<1Xgo6_nd7aa^BBi@~Ltoc4r;@ zL9;3;W_y*QGiCVQSSdel`Qj}sw~!UX1w8EtHu7Xk(BNQj0bVQb%3b1*Y-LJT563N0goB`QEO!U`hD@CsWT&Wp_Wt0vjF=*tEF#5g=>0yxZ@OvNu=t@ zNt$&Bc?MJha47J2r&8|@g*<(hXM+L;?%o3@ObXOf1u%ORIT}t$J460GSFeguuuNF? zOp_^*=a5I{s%C~>9~IdbJv~*f{Q@X3!Bhhg*Hqj@j{0)3zbw%|WMDi{mJqM4MI8;( zSq;GcmPEDg;+oy_X9_F?h%MHqP#JW$MG)vDA`8asi8b~hJGH!6&hP?a5+iw2y*^71>)5r!kY;NJQJ$&TOvoD(Wjm)Ljm;BsIc8y=T$$$N|RMT~2eGV(y>0m5s1py2vuvvy4onzbtaVxi;lr%bo#167(XU#-~* zbd^Rf4|2&{^-P!JDr>otGncB%UtJ@o&YD}7zJYf8264Jk*9dm2H}B+Ck{qKAoQ^Cw zyMZGYe&%qcMryWd$6*`WqQ7n6P{jd#YuAdE&s+|&_1i%9z#Y_1J<4Km<--(}7qn-| z>bMmRe9!jQ>>_jd(mHg{xuVA?Doz1u`5~{u|K-u2i=Usr-|vNgs$2Rf4jLE@mTA>S zjWxM6p6G=7-KD48e}})N6taCYY{|koV}eKrWd{#R+@uN8D=)~e#6gZVTcH_}?52m> zMrgWSHy;GJdLQqZHoOHFdONso^|HNZpzTYz-UBMaBJwO_vL84eO zl3xLuHmFw5>fkKBRy~zEm9Wz(@q|v5yx2T)l4JxgG3ABlOFq_DgZI46R%mtDHV_IO zy{;)%C5ui<78)jzXucHC#VWBTv1o@>M`igo%S|1zg|>vF%6HmoziF%8h8jm?GQXpS zSARFn;8p9ei;bP|=`n+G64@U`2Reu6M0w&gX*4zdL8O#TBLQ3B`ULXnv;=e_*WFab z-|f`-=yP7>HD5`^ztG-Qr~kIsOU2)CW2(cC*9vRZU(%sSUgqbgB_rs76Jf8m{CxR# z3S0aZT0jWR%04z?mCma5T)n&EKcAlvy`?kMYlZWsOT3>DD@k6xLqMa~g) zPLOsvg4`S(qd-k+U)9wR>%@6rImG8iSAO~dhbf=5DbL|UaQ+3I%MEQ*t|tF%!bDJ- zBg?hDCe(HfDVNt^(Gqb|#qk82Q6HtqW;9IoQ4yN6t}|9^B-uWju&He{(Up%SuEuPV zPbsX%jlMP)+Uk5D?nbA>AOEps8M=02WC%Mi2|x*RC!b7m@*9APBsmZ2Do0teS8z^^ zT~b^gOEBM|!}S2|32%aq+NhsPd!pu4YoEZ|+kl+hZ>!qeoB|cesnd-r>tSUt z?vVs1by#`I=&G63N6n;0OYMu+l++ktrDpbEw6X|czMDhq_hI4w@420(@kA6q5FnlU zfqhlO#BWwLu7C7Ll}1)t6PgEO##Y_3jatmsj2CSpk$?I45jcNdXpqibn5Js)M9JSR zwC;bOACM?%RK*?7?LEh&{FzD`noX=vfkXc)l)|Qk+qry?>Y_4jELj}fI8kU zD4#|_G5JsO0XfQfgUq2&$j++Gc4Rjv`;o*R`THU+EI>kA9{H=W)Gj9FI!@Th0&2-wC78uQnpD ziXW?^s44Kv&eMLAy52)~M@-Z{D2U2;o-i2dzH>(5p*NiDasQd4*hjViK`5cDP12uA zEGt^8=DXs5OEk1BU{mdx;49JEv>!a?RWVvBz7-tA!Eq|S6bPwRWT^n^k~UQ22pU~e z+MS2@)WC6RJTI-N(fA719@bPnP|==R|BQiO^!f};HD{G7Qzwm^U%XJ873y~u7Yb?a zl8r`Px1?)_#8{_B5S8X@S|MrWI)ZAx2+>4?Q6y+oB3{raMwG65=lW!7`sDbLx9gYZ zOMs|frxn9lKLJ)XTrJIJ#;tUrj7G_Ft6oax)S`TRDM0N>PqZE1oGA{&dZ}Cg@Gp6m zG|D)~nc~6q9jz&U^s0xk7P1zB}a!zheUmf0K)6iy_+v-b#cqvTN=JW64 zbhCslGE^S^cm!iC zBk^E^p<{gXuy!klq06mJ+$h<2;;fd+Ryh$WOgbzU}J6F z9DT*vY&b9vx9SehRDBKn6b8(psaL$@l&Gfu$7Z`H$)?J|xb|{o$zkwiB3uB4Hj1|X zuC4iu}bWqFepu_FPb-N3I$7xR*{v#WdI*fjG!aW8#Lc#64CQ$yVQ zMp3O2(}SqSs|K=I;8rA(FLk@$YYhdTefJ@vM2sB;!zGI?ao-~0q#ZJTa;9mlch17y4E#7)lnKwdfNuEh=| zcUa$>T%57CKtq9+#7g$gGQcWX!Wd`Yz4_ogw;)jX8swgXUEqn&k}OQR2`d|v>;a=) zcFE;oL#9WW>%DrjNtKDc))dy)*%S5H;!61n1_r(fUTc4w@sF)Uu3@W_YOw0ObQ&S7=3uQ}RYNP|8_!FT` z88j(vZ*exgmn)c|?wypV^;@<>oYs9r_R%&-KB&zL4G5x#5H0=S?F>NYW=XB_D9Vpr z2hK4rV=3pBA+Obyr3{GL^gHFWyXy^kW3x%YOY?d22iCQp>xOSf>4JiJ19Hvs*nX2$ z(P`-`C#q7Yv`qfJNG5BW+cBH@zH~7*Hdag81mek*=?yLQOe#yq<85Z#8fn>Mbt#`wkde#>ogOQzNB@#TOD?UlfCvZt&dr!da+yc-~p%4)?ru7|l5iL^~n5?Oa z&KU;^RX9{+sDkze$Er5FwAMNY7JS5wb}a(LeE;l9)PMdYL&jInhiTGe;h3k#6>E|;`FG;3{kfXEylUBcT7^=HU(5 z6#f|jMUS*HGc9<+t9~+j))!!iBrOD)8FhsUMBV6r)Cs`m2Q}n5H)?{4`LSKgmy5;L zoK8#b^dT!m#jH5H6|*rk5`CskXe$O20A&WV`FOdef#Zo)%8#KSS@b94FxmGY4`i93 zVRD0b&^E3j_P+~_>~fmb)Uwye6N-U%F!xTNM?7fFDzO%-u^ZaXORi^FIYZQ#-kQOU z^K79Xmt1dr#qAxY>bG&hI|Oe+mW{Y7dNCz^KA1*3`G${`fN6I=36cSA3aqByF9B(Q z$neMtIrvu%R1L8U>l5@nFLEAV4QBLxZGwW+f2o5`nyCp(+F=^WDo$(6N{`lDM@b1Q z2qO*zu9T;Ge`rNCDqR_NFDPOF&IQ}W614^$^!GHgVP9xUm&sQ8 z&fzPuns`jZI%!%%NtoIuIu@oYfRp2C97^*5^Z&IQ`TmpQ#*iHh`b!mC{$)I&LI*8N zA0;a|_Ekh^kO7+6(8LVUraDq2#W&>(1J|w*hfrHujkv`3S8c3DqD$=S>-h9@1*H7- z!A<{wdpE{=I_L5x{e!5J7+OY_-mk0rkbVlgKtVaoA$eg2_4aXI(1FvJGCiY|-ske` zWLfljxWnbk9QknkIR87C65lsslH!no;5#z0mRmDC+jIY-%$?N%P!%8wK($@Eiv)`gYbo7 zao;L!FR<*kW_ul@-nNADs7PM06Z5=|yB)-0%ynn1d1n2U2d@mNB znufx~>SFKm@p?L`z<&GqAu$@Yy@Rl#K;^go(GkQ_(o~j z6-MaXnIt?LePgL_ODZc)Be`IXd2Kj<@zLami8nikFo8GB%RGk#(#y&rtvG8>S`=Fd3e_3M zLtE!dAe=l9lXJipoImBuIgjKHM$z2O3jp+CQEpgTx9 z4u(y^>I&)RIyID<+WtN+c!Zs=U;-Wx`vcSr%KRviO^oc$^tk6JGjTUI2LAt48Ti$89(}dBtL^aEhTkq@`!w~1$`l88L|JC=z=T2sbNor5h=MD2i` z_Ck0m?N!15E7hcI?SbFtmnYb5LX|yf>x*~ER338m_c_?%IUm`skAf(L#TXgR&_uAbX3Ev7Zd_A^tetn_%D2;9C6j{R>JY zF1cYQ==w0N)(6$9lB>_EZG$ZD<(yEs9W$ZRANHlOb~!!es&$ID?Y3U8ws6JhxCf;b z5WArB%=*U(S~wg`PpvKYV?ewH$}))-)Mb&?j5%|$jgz%}A9j5ZV;#Rg*OHa8-Ev2d zu2EwR=c%&_fxXZTF>|rXZfTqa>Zm2oBg?YGh(-|81Q~2xXayc!e7IazC2FjE`&pC6 zXyvLkYwNj!kKUHDi1}2Vj|6WyXXzPp{Q|Dj>WZX9dda?8W`&~UlCkj>bg>^XgjP-= zXCA^jDt^AlB3i+qu*}p=ge*K+yswPy+)Re`Fp(ZqYtA0&e|J8@nk<%L9uV}0M zF0_Pxu88=D&hAKeZ=86sI5L-{N8ncJu3|q?S*d7stVYy@6s(PEtcJ_!n%5krI%f5e z27I$6_}bsLS-aNsFh)#ks~w^tQR3Co=yjZcs{>@!oq$B%L4XX6TT?Fj*n--W_lu?o zs66_mdA^5rV^#EX!_3!G^wXdvl)8FQ0nTImx>^RSvH{G5&O!fzKl_CQ4XtZC3;xm` z8Otb+zOMnffqoeZ*?z3|wWgb$=h z35qhpZQWCa#EE~r{ECV+2MVs4$;_jrER8bq#sZ3zkq&y#y1B}TC5Dr@7VU&DGd^iJE0zf#NWmz5H0h1(!imaWgis-|)ScFk7 z=noZ4{vAu)H9o5GU3Ld0Y)-oAMkAk+cG%L+#M2>|w!83?@LoIF_{n;1_LpXpwBL`i z6uW=Q=n-QL2j)_` ze7i%wy5ig18r_kQqkyGParbZk`sK9Kx+gxvI#u4;>vo{kes8Gx1X>wpdySEAlRS>D|r zbaa8quusoUN{md?euUChnTRh8??n!41)*`bAXOYVSfIejtpsFh^bWhr_natq zK;yh&HO9bwhl99hjMXT2bZl+!%vI+&kychSel7|Yg({_kX*&>H@T}Dl{BYkt8o>`X zx8%FsnDx{-+W}`7Tmh*dm1FU*fLKxhQcl>v?Wy;4EFIcU$wGu$Z?kA#J~c+`vA=V` zWQxOsb*wE{B`g3x@dU2PBI+?p{2t0yAyxXUq8wxb6mS`b$lQAB%R}Z0XX9+xQ**^`e^h7}i|BQ(G-6ybmv2)ZuRF<*v9^}iSi z6*N`m8SFka&igksX$ISatRKmEBfrZjROy^|&u{XMU@uUus`tTzsBYh)vZ{u=%dyF@ zVcKp%Q?}P)Z_*?+|0UOxCs-bFoCgRAqllU?M4d&nXSIFr(ze8TUonXNW*4E1L4zkSK${Vn!?Y`vQssCEol-Xd{ZCyfbsF9eHF7FphF=p75UM zyX`Xj7P>R6X5Cd8A3R$<=l<42{_MKQ`B`OqX7a3ACb#^4&`BfoCQsfL>PapfXT? znKqLl3(=|oo_4CJwY=pUPFP&EYyH*MEP@y6D`yRr-qpYaQ-QtmvWjW+dJ&tmQMmnU z?$UqFGv*GTZh1b*&y~!2&ox~WFLly(dvB-&-F*&Q-+co*dYadHt2eM&Ie2e3C$$R4 zc;#Nnl1(NF3+WWmIY=^y%*Vu{NK@}Dkzb7RbPbwkh>w3mBq{_LUFG8+{yY(^%Z4yf zM9$gvsd(eF5X^>;8vG1}7JrErxpKGp1&%cU8xcEG_)3GP;zmoB#$^xB$t`&M_J*g>O{ST+ z9~S7T3RWO~Cj0iD@Azuz*A}yWPDA7F8R`eOcGPX%+oO{8-JC9Jra#-Ax*1=_Q?gR| z9(-W1EQXR~IYzIp3lA`e>##l{%m|1*?5ej~;a5v?zkH?H9fDVDE%l18w1gl1lt`9` zyGnQQ5#EC(xTuD;E?RinRBpF!6dm&8B=@l3^VW-3?&7ssmr5dQc46GN*a~;CG|a)> zL16JjPJnQQn!w(KrjgCo%My&XU4c_hy9aSK8sH~wP$FhYy#t0DqVnnWr1fq#Z1Sud z`+95iu(|`e^)XW>1Td0}{ptU3(xdgx5X-c&R^~W(B9Ms9ECU2ZRfp>{? z?0_?tb_)0*mIez@n9X};z5yc%)B8~H<&Qq1OlP$agwJw?>BNKjd%ynpw}tcnqlzx( zG!~^`A-&fhJ7kCyEe#q9_?F05hQfI?)0JMc7*IiK$*A)V3963cek=UQe)Sym*}YV! zVKh^ZIn;;ptWG(G{m|Ze&~7bl%FaY+neiHMaeKorfmkvWnpGEn<2l;@Gk+g6lqCW` z68p=NXUL-pNf|3PrO9}`l_eKz8Qp}aU}peM7vPRFM%Xur0mpZ9nGhfl`7NVO`cr{t z4n0ML7zulE*dWaV?El#(?%%OQBnoo~TTgQskav)1$EIp0Hpz6Cq=|{41;i;pDEVc@ z%%Cx57g@3GOELuRX*n|2{``8-;k6KE;!0r^_WcHh;%J}CaX$?)<#WOexa)MX!iJ;m zgTz4g>4no|!&1W@GvnN(IJTHWiLITWF_!#3WDQPa^W(WtzFd*IdFV)gt>!_;JLNd5T8oxecYD~pVYmY z)phF|57={PZC|r>mr7#}o?b(kE}d0KtF(ev$##bbZ1SjnVnxRc5^pEoRqUJeu`I`HI|(#b*q>lF0H2> zH+rq@TvyK@)jhinoYy;Z4j$tw5e~^J@z$;7_$|g128_n)IqVizvs;DkZa-vW z(53YH-Jj*Ei7RCh)(h&h$a>w!a&1%~l%3aKLW0Y#W3462X16tq6_$GI;<+04{tDog zv*y%EABxr<+t!cf>afp297_{;^j3Y%`ZbHd9HtH?P8y77bL6J);i`Ym!9$LIo1kUc zviTa;GO#q0p=94qkd5zwr$FlN0iaK!P6TeL@tELztqz3V3D zK711P&OEb{)|JW*73M|C4z`ubPy@~QS_HT|C<1F3ZZvSO9V(lnLX-Dd{=uQztAuU0 zE)4eFGPk6(LNYXeRs-z*xA+lFm8J=6TuWDmVW@zoByO&Ary7~V}uKEV{fUpbh5sfVX zS+KVp@>iJhfAR5h`f>YN-ud5%%v|?>_?lg#BcbRH7q|{{5@N*MAfuZ>U`$l)L5Lw+ zK++wcy(CPN%1ml%vvs~cxauj+KDgPrVs!kwGsTJQkZEk7$$XJkwsQk z6Y;oFf%0+|*ZzXx<>dR(Axk~649LbW`B{Knq%s8k?HXE(^t5krZP+`&wvbTbg!DCI zhB7-K%pl3U0)N+WBZ5xA&xi$niMwhZu~@tuUa={dbMY-QF?N&1F|lYcvK{6SBojbx zBJo(*%=Q1K?96Z3Fb$5QLo@(W&f}E>Z*)BIGTNA&BnBX!jPC!4Q9^Nq5)dRmp+K05 zbDRH0Y0ZfxnkVc+4M0Rt_<943-|RE`{73b^J32?v0#0*oxNIlO zQ2%4+`$sMk6GlHZ{*`DpSGHR+h$BN(Q9LupB&5`ke4LYzTFFfrr(NeXdF*sx85wT) zx=-Vajb$&t6e8^aBuNbiZoeFU`*PqFh~0TsJXJhw&tmYOMb;?SX=f z{)u^D@hAaM`6*tu9gR^9qzc-gdz2dSg%dpq#2>`%QEIQq02K%u_{PuG2Vhf2iI8}B zn!hG4c%!o5&DD0^5Q{%o*KTk7=2A*BYm3@=Ag!Gvy%8FpR0=JBJH_a3e63 zO_K{t?y;BwvH|o?)2W|1Hi4Tpg)3l`hPU~%zrf955S+<_urL$jf@jqysm+rge$S;N ziUxthCq*eS<75D_z@3Rpq+(YSY{1u-i8M@QBuDM(;C2I^?}K_ijS%gF$K$uk9hpUu zRV+a~KOXBYFmh~o$WfOo!eq5ya0Xrk2xCkc@#Wsi$^NT0_wmJs$^@07g9{vA^brT* zhA}oTNs}@FQcb_Uz#QEJAq7v22z|`{AFT)fbrRCN_)EzshuV5vUB`fe^xHe%bFp|0 zRkmpyxiHO7p}^w}GOA@9yQZwA(Fl@h@dV6qN*ul6(!DWDI42HC*v`%Ttsm7!ur3n| zZWiQ}$<-=+pADCX3rpUlT+7eOy_!Kn+UO<~MlxEN&Nun5A*9a=Rb6uVq1VAY1MKjU z>MSTvmDv+VifOR0&MzGD+61d*a6Y+tpJNtW~}^5`f%xUr%P@e#2D+fXI!tLuS` z5f4}x@ngP}PCzJ?D7vSy(9TV`b#cS*ND*nWL$kZ`h#$xLJa4SNN+i;0Nk&{j!$ah? z6_y>&Y_;bl7gp9<3)AQ&s1+9Z6{r=wO6sZ01DO*lBh5fL(DJp-?PaPeeancuXvFv4 zIu6_Ab--0*E607`GFJ!oV_FS6q<_PX6nCbwG`cP$RsePsl52A|R@UpkT_~??w8y7Q zv=*9>=Vy(lj3Szn6T8!=UmtD+_~IcLKXj^$l3e&gGmb%`m^vhZdPe|DmqMNOOR8xJ+hexKL^Ym9%d4B<*XbbJ@g7{}8 zTobGa=wEQV5B-jKY_x-Z2PtgG6Kc{50#0G#2Tp6%V|M$I5Yl%q>fr-f-+5=}O{vX{ zL~4*imI(7H+tdeEsk*;lpgrJ`eT@LhfECEn78ZT_ridxGpyawUMcb6#NqJ|=Ox>pG zG`vNOM>IiZ)aCx-*^KH;cm~bwc@!WcWt*dTe$4bKdAw>jXa>?`zz(FrfD2fS9_ObL zCC*P3LY#+Uh&UG^0CDzG@Vn|mm<_l6w(0%0G5)q?{I*H+Q-P7?p%fy`MeIYE9lr$) z3LS@~Z(INE>XRpVR1^?XJ~n2)Or+bqrx_q>S;aN$^=ka3Dd8F(6Z%521$Gqf0^2Vl z>;U?El!Y0>M&*aetY|_E`Ug(#$t{EBm7cbUlLq#(r|ZJFZ|nJCHK?IzfH4|hqk+g! zEh6**;*3=fS5%>1)zaIk-4d)*TdN-IHwi=CuL6;ygW>SlLt>wqi49?pLPpXcVfmib zOwJ-aAaICy4@zCNM;WkY-vK|-j}W1P z?n5`jX-M~TCa}42L-cbjzlOsRg(ooy>#;jZ?J?N%ZbqTAw)!9@P;DpL`S|H=i&tQ4 zAvRbtE1V&z84Q&`u!l7A6IUQqq7uA__g6nPsCH3WG5=sk;S5Z|%WP94ntR#-VJQG7 zsUHQ(Mr3EJ)>FXHXhdIjJBOg2Rh5wp{+?h#zyL~z2e10vUR#Enp_w~kw89urBiFLj zl1J1Wq|7Y)Ub75Y_I%}PJk^dlv$&w&k|4r<3z0<&JFn;>ayVB1?A{AIDC9JCEK6~Dr?V0VJrWvZ@by0RavmaFf z{&lw`M^XEjF-lE9hQJ?AKU>^U9{XH@ms5h|jVY_~NCUr~pgI^1KE{s&RzZ#s07BB| zd^SKL@bIR8w+fNTA0;=yjatxs3Mcz|d^p50MWAq1PL}4tiC)IxUoJY-Dr^N34mamY z#ns|AcyxUFbIA7%xg)nk9LXp5$niIVkq60Sufz^$S>okv8_Qz z;}T89L$r7l**~zuos5a91BD`cWq`2h<_GfG@=6k%klsAvpA=wIN8IQ|KUu`^DrPZo z2!TmMkgan1(0cMg6sPC`_{#V;6EOBC{cpsW^I`A^Z{TNoQgzUGOB6z~gcj7o^wQZg z+*7V3Gwdjvc?im1C`d$yRL`IZPe7{!UK|{C39cETfSW8pUDhCFL?Fg~dm*gv!6@CT zqai3B#XloEoi?q}hS34F0T++i^+!Y+Ny6I;#aS)~N~yA3;bblqGaBXCbYURIEffmU z3NBi@%0Fp%j{r*sqpV?KIpm~t0npLB0VwVyDxMDL}Kpv`RY0>r(9W29pM ztxG>qL%0yqOo9(INe?4TO@jsSq*^W6GCQ`aWR16pb8)3k+i5U)O_D>U(l zhE@G3uUns0|I#1QDkf64tS*S@|Ezdawgb{+SJ-hZSZ!c_{=L9%|%7QOx6sUcPg`Q`=e@Jy&d8ubrZv^a%@q=_<_;iu<_;7=>5j#&bBn4H@Y>7QG# zlPP#UO2PEMPD;D{v;aWrV>)hexHEdZ5q=ErV%bL3AR`ncB&*C0VK@OC z(YM3mTuu2Uf5g!C$OCuB<6BUN;rYS+2w}q_xaNRFdy3ot>HVpAzGB`JM(_Y=#cu*f zL#hg&QYBy<9VH8ZSqiAGW)|J%CZe@%X2pvW9l}j}AmdZA9{F&dQnT!KNSCKwPgJ%! zruh_|vbSupMr(<-8gI2W3)Ir&;M1Tw{letHBR@O#V~!I!v<07jR+)W>&u{Vi-bk4x znbO82fA#NpF~}HY93C8DE>d90VLftQEWtWorZNORr+n_pM})uR;eJgGG}E<+{)qM+ zW%ChvP-xf8Rz++TDc2OevIIMZI!}Jk?|Gff)T=!^^YedTJ@~8hvCrtu?hYS0V9tk5 zYpD8AZ}|J0LRGFq4v|iKwUI}T^8G61UHqV4Ub3iQOdVn`5aj4J42ko(`z@nL9v=lq zWkS_1;3kNgR3I%b?91|8;KL4LM>qqklqt9fFi#ICFen&rhf03Y{zlWDa;~Z`Gp`5I zf7G!A*#Hi}Ca56DkZ%W&_6XLlWv?9sErHuz^a!f~qOEr*%nYdkTF+MA26n!rm#{~+ zaw1&gE6-i2`ENF-21-jrH6_uFN;8U(WwuOpQ^1f_^@1rLs6y&K(Cl>NC-v8$a9}Rj zKW6;hW;9|ka``$8_WGe!$yLx+6%y=QVzlPkha(la>DGStp%b*6Ld0{0fe+NhtE>x5 zV)rk-C<(-meVj-ILeQndf6*#gr%*BFz{908!dQ=#Y$lOfZts-mQ;VB3fh8$fhR>eg z=%$%OhRlN}T46@w4OX2n1@l)HGJGsEW?5aR7rbqfG!9`{B%a=Z^Ffi^9KH^TQ|DMN zWGK8J;9ZbZOJ(SYA4?R5Ov7X}DJ5mv`OrjVFq#el8LQzEcKUcmOt75Uf+hNb4nz}p zVE5P<>{cy*z#lYICr9hrCz8vt83PRvC**L^ujdUpgWh7sWwEb?teE?nj2>*a$ORT2 zxkz3JXICaZ3!W)ZPR0_u+qoh959Kt^n?*o(fNJ+a?{IP{HH%n`5}!;|SS2jUrQ3>H zJL0Q|GLP|!DzS9k%nKLOYVUl5bo$&P&Cx$Ryt@;uJ{-|48L*m2@8VUd7wvL-5xm%M z(!>6Sq#`+v6v?UdG>K;kvr5;6k3^L&BY<_auu_thlPnb)S#V&aah~p2r-iM1F!=I{ zyH>3)OmKXl!D+sADm2#d81p=;C>w^8F&Beeo)Tw2veojs#|22JfKee zyobzrno9~8sxWuoWi6z5aZq96;^ii>Dy^2W?!so8uLF_7j;eCbn;}58P{4f9S-95> z9nw5+izl&&P$m0@r9Ose%z*?Je2$O|9azUh(Q^yhL?+_?!^lr5O(rs2-@PU371`MV zr9LP-Wv{CpG!qQ;oDIGn5`^HbSwsjGt{j(*?&vh%HoP!XR;+7X%9g0qb@OmG!c6Lx zr5czxh7kL}r(2-?1czVw`xHG0BmT3c=lK_Z;wOYg_7v!5*M^Msu_vGA%VRTPGvnYT z$x42iHQ8F(1$OcXW~T8EN1$Z$h5pKm=r*P|RZ&$QuU=^P4HC0v_cxCa=uG z7h;2Gc-B431B^I8ig*|nkn~Fuq^fy052&whszN>C*=Hv6l4oRBklw{ScVt`6?P8<| zwQCMpF>Fi>_^SlCSgj&;II<+b!rcw@4IVM-MWzXF2Rrs5{a>A}$ZG#7mLENC=2zb- zH9O~NGse=$N~>X2ZJ&=pa(Ai(AZK^h(yu3_(%_0k!Q_%)N@=t_(@@Il2E~}NTM9Vj ztOF#>?J8+tWht;e0SIsn-HR-r10L%Ng!ma3=6W+ zats6^&7269I}qdu-p;sKbFRHB5`RSuvmO9B75_k~2?BB{@h98k_T(fTss-n2;Ahi` zhh}%d%5H#e0~FA?R8yQybkWZ#<&?mSxNBzxw`zU~LV5-}a`9{bdu z*xLqm-%KNTD#$bviXq(ae;O{mkHyuD;#9#Fh-+C{ni0JG2PB=5UG!)P<*%1jCeA92 zw_Fbq;hl!PohpX0R1YT*nje74u zmEp7-dO2PfP4f|AYMw`6!s>J#zF7BAp2dIb9{O;PDN#QBnx2kfx{r8uxn#@+CMpk0 zy}ZNmnn(qq57g~*0~e3kvmetj8l7z@yt(S(8zS;2;Pl9 zHwUzwO!d@feTN4}ts4*uXaFlz^b_6q7NG4+?PWqf`?uT{jK85IUHC#>j~Km1c7;sg zEg+7#Xf-GZw<__&$vJr3MP=r*@!LoHF1Zyj!}S0o=fG=&rG?pX`&R9`!qz3ww_D@W zK`3nET{e1PZxiOo-wnj$<1y*7KOyKO~xCT%SB2?igW-*oH-v&rg0TcJ?#|DJRO zp>1UWZpWh135g>f%rMK6l~qF4c?XAeu)mt9PN6oCc_lw*1Q8* z96Js@22nFNhIv=29Q>|}fGb;>P%fLB-z#B`g*HyTl&)_==+pOwl8Cs0fEejSxt5+G6 za}jK3Xwln1fk?=Z9Gp3OKa!>C@b#3@neA5SLm|Fb0w@l01>9E6YGCgj5XnlR?%pTf zrHy{>-FzhmHMcZWb-X}pzL@p@PC_~!MvnOaN_MHu%u|5>x|%AZkR z7m1YU#J!fEC5iUzTcP?+&0(6!pge_OFaX79g+M&NJGp^LJ5!=fa`ea;bsG!`1(}?2 zKJ@@fFyGIThOo)?*r5wOO$0l@I#3~HuG^fxIzZN^>Gv7{aS>H&FJOu8jVI161w$?9 znnh2-hF#njmoQOTmIF4$!!8|^wuqE4oAjX7k@7=r>Tp2YSfV#pHhBnzR+(kz9HTOD z(l`Kowdpv_Q9FB#bL?Jdf&$Xrpiw(v*#$kM+^?q?Klj~(wGisE1r{r?X~}#EN^1>n zXdv>xQ=rmmu|7D)Tk~3fW~D9H%2w*38D0Aq`SiVsA8Mx z!*X2lBR|On~s4W|Lutb_c?s*0sRGtY9WLh^{M=NEWQcz%|9 zC<(F4gFrfM3@Ryd!z9S;SQom&odMrRK^gxLw7$8hmH`Lsj)T;>dLc7P2opkr+&@jE zhe0XAe_2vT-b{v3_*-f3Gm#oOR`WejZmqtHmH0e?CE<{B_g;%AJPhZMHjwH>W2|dO zW1Ow*!wyGe{xA2Zq5#RengS`&7RWL_r@P$L)RII>N6{{@>II!<3M1pb{3zN zOlt+p1*MUAGaJ<`LWMOXIF(s-PksmVK(f#GkHS)U@}14`^bSL&d#hfavKi&8IG@TL z-rI1AXO7_?7CUQ){8f2zJ6u#r;D0it!g51a!|or+xBQw#JK;UwT4L`$3a^&dg0q#! z0S4g3@ksDe%q^PjIZUn)>slf4Mg7ynkhe8&nQDcLf(Zq{81lSs87WCEn`@y`73A`` zd)_|!V;s?am&zIKX8?XJM`G|Eei3m{N_>K*zr!IU0Wnul@i2RX9?|$gkP$XC2v^|? z3v4sOghs#U(Txqo#l-Fn4ZYgFjje-!H%S4*AQT#HL@C&J$X&x2pQX%AONzn<8P%6vF42ymCY54O%3Z$oJwoH zRNCf+iw}WvtV#nh1Gi5`#|y8M@C5W|NVXQ^xZ!3%)K_>ddD^S-QDrawrW5Ve9!Kn< z3iL2t3j@rz3d6!<=_Nq7~F~C^sAq_$s>o}GO#!O6lG7)N=3?zE?f;R z8Yi6@^`2f)*+E+_Rojck1H5pB5jG|)RH}^*$5mRUd{tYi(V&gZoQ-j|KHeXh*ABym zUDw))!CcN~QE&`K0t;BN>CQUnJx6 zFqn8oX2Ya`52gv8mH)&H>yi1)?lujE%?%d>v!rm_o1|Fd0AbuCE9ry8pz@Ov_>+o- zGMKy3ZqN%5N?!q9l~UZcHT^o}NnfDS5%HZ-r4cQ5`E9D~dcp?U(F_G;VoP6x7?wDd z6{lZiYW$P&nJz%}8d$&=znf&F4&Zsd5^ofkqi1lLzevh&aMsPZ^9MoJ{-k0-bj4z4$Ps|AM6ggsG{u$+azctH1!z@^?APHczJ3e$+oC}UMU7jwzt%n~}>RQ%>S zT*>13S)MaJE_BGr97D8@D?MwKzN=YOX_aNv74CJKjVU({S6xuONV>6Xw0S8PJ+}H%;XZstyVVv`sg>E&dY+}4kf}u!*AmOfTsBKd_k5G%oxBG&z#D@| zHKfPp^;$Q=C04gUtD#znIfj#&Z1lVx_nAh_bXGphWaEhUYCTP%>3WJjM|O`uXJI`9 zE{qsa=JSXl8mVx(<#R{3zy3yvp_C>fem)!N z4Kdq>BTjR!(396u(ecYTm^XdDn;ve56(`tS=SiNWMhwH%I?kX2^(K0>lm&De6HX?u z;~r<7(6)W+YBSC%`fCTz;6+D_0L}^vXAB3fLhC4XXn$VSrH1zgL)G^jLlvzvj0J4S zh~GL+Dy)a%=EWdl$yCD?0!x{Y_Mm~bMHIEE-kiCsUUWJ~0S^1R74wwRR@qYX~94pHzLVs7ttLLvRo2@(jy--1?D zttKs&;qIVTGoX{{uCY>U{H3w-^U&~}CGf=Y zCkf(W;8yWqC-&$cK>1^S!S`yMN+FMUW%J%M45SW#rUUlq4s{yQ{I1T8$Eem`nGSU# z2nJ|+Xf5jaufhC3fdL@z|n`s4UpN}nze(z{2O2p$lN!;Qd zhQZXVIO>g5YK?c^o}Ised1Q3gLZLSIG7xck`a#^T>pLLN$fU zb^o1^C?BZ@BGFY+3r2UmlWpAPMXLC*FzwHCx9}54)kRbt{gbv1O?^>Yj^{jq6=nC;%J)?>_DB9k(p#e z@E@pn$4z769j%`Zpj87fd2bus)zzk~WDoz>=cmZB>br=L3=3*ieV)sCE+VRtqGunc z_ayrBM~gnk%Nn|CRZYJr>ZQwB-KJqTPMzLuJR^H8F9|hdnXlC*bR28D694vR`kf~wo)Z#}A<3*6Dxj6AEgP$Do z1e#UdTz%~DD!`K9O8eEpQh&IM=J4;An8Ak)Re$HPS#G*}HahEarX=NoF?|Fn#rF|M zsdMde#i7#dv}qoac3q)e`(w#sy8UTOxPF04W(u*~^$>2c=rf<=d21<(78ouwyHp<3DS9jQ+o%Pp*^ zXrJ0c%oHXZti_o=268O9R>|#}X)vxiteV@J^J$_yHowbQQ)+RIi3Q7pN0D&2_4JRV z8w2TZi@!<{Zn=mgm}*Y+xKg2_rdJyw#)0LH=Q7d#PDfGIJ7)9_F7aNXu}|ChgK`Ch zt4oii`=yO`C1)TE=+7tx{djK8t*(Hr2G#F#A1|qRFQrbOpF*3=+x>m$a+YRl+52k% zKj4F`p^Gt=9YU+uS9YJHvd=G<%fVL|ZTp~{NMkBpUI``5ya^vGg^zbJBKIthU%d%W zOz+E3JKd<=%d?3rkmX$rvJk;@fSE7rb%s&t=a?&fIGBa@qpX}b7O^Ent5@qYgYsi; z!N$fW8o}|&b5AHnt*QQE*2=dgkZ0!#D_=MW1{vucre_Z2o38p6t0nSAt zT8>7x6O~ijwEVG+jcL36o%t3}Gmi#=96|FXB4uPr8^m4mDTZ6}G`K8)in*xXq_-Ph z<8wRmO{^G7XXyx92%g$_zus@U zVt8<|ce_7(oyIK=iR9roezp?(jQ#L%a70C!{?+pE>JhbOb)Ln`Z310xN>mJ}Ti8(| z1u2`QjN|1*oQtt;G~CO`mDmD&BoW6lp56AlPEq-r*_bM`O;P81%#0&1OGY@2r?4*W zj97dss+nC;MVaWe2{G_Ud(y_PBgVpk=mVi$nhs<}KK68K3jdNufuR@){!ejI@EZXQ zs+Sr>S!WLUFSgDpNV0b8)@9qaZJS-TZKKQTvTfV8ZL7<+ZR6D5-#+{NC*r?&$HmHs zyvfWJxt=-3n7Kui>C?m$bADPHJGnT#=2a)(4irN0fdyB0!7b&hB`WtV}=FO zcA~Q-L2!G+d!aS)G2i{qK*uJntvw=H__p zwB7 zg{vz_?vB*V#TQ=I`$FLH;g?|U8F7otvf(r&c+p6}pBzI;l{rq~eV?c(T=|k^te^>M zfUeS~`7c~#`S{kI6J@5yMv|;3ZxmUPm6-)O)4vl_2}Z6SC%0zVCIw6E)b)iK@MOfr zYGx|CE#Sm#LoRzkG^levOY?<-ohX#V)B*C$GSR{?wR1T|c#Yt0yL{s)?+3Uiw;k~6 z)}e=ih6*ZjW6_vgI$)oJL|Y~$lDvO&BPZu}=yml%Uhh>FGzMYS-5;*AgVQ?Lf5G|S z^nB;s>`%Qjzuewko=3l|qVjw0m5_Qr4bAwyaH8;w?;T@!XJ_dd@|zu}tjw&wl0G@Q zc!zyv{;!v!AA1Y9F(7?Z*qn=&Gj*Gk>Eo{KtLv-V2>3rbqywuh<8iSMf({w`QsdjA zAE887v8Lq5;LEVG)($Q~g)FCt0k=_S4bC$=E$7z8Q#HTJd!ct*d}`k>@(2sO!c8uM zQfe!nw!{F4zfPnUG7-7OHh^OQ(9e?wD za}DHWLfMnD3vZQ`gBK+N(yZqu66>@HT2!6EjyosL&!Rc|Qpf5|EiZXh4G;5@b~hhK z;cq}-@?`&srJ z^cOd(*Z0aWn??j=4VYF{Ao2VgfW@SwkL3eIvp%5dk6ti1s0u+TVAhz}n!q!hscZk< zAhbQ48W9C8#*KS+hs$j_9Q=q1ihGcp&Z~q2Dk+ZWVdRpmPVU$lse}jqOhQnxTbZ?@ z{Jk9Y;*V+El3^na3_)|uiV>QXu!RRC> z28HBFcELPR0)^VqHW|<1Zc?qkdn3RM4p{gXw zL5IsNw6&F)3S5~EyQ^G?O^Nka1G6flD)`FRV$1H+Q&D*XUM`GiPo;rVO?`1L4D5Z| z6s&-cy8|beP(?Pp%PX+h+_bz=+)Ka069y!IetZ%sv}pi1sZ`jTX%ub!=IF(0 zH@c2V;@nNJ3Q;XmF%bam*VYg#2;I^f>NaZ-Ys)TJw0caJp+h^2bTPJk9)E>U zQaBrt)(X2LAPAW5k+YWH^%NBL)U;?Gt>{&tnw1NJqGXU-cu$g(d4opgFF}WtN&YRR zfZSBBrdIHYb(vz=RucGhxmC)4={yW}E?W}J>X0gUxw~+p`3YE55XZVndetCJuSTdS zh&KLnbLe1jFjOY%N>`eRxtE|3FqEh`{6Mcx>#&Di(ZW2V- zr7$UUyfCAtuI+itYG|W@M1R8bJ^?9#KsNZq`(7-MMVFe-)baEsaa(R8$&!A6!-^-B z8$LP6qLPWO;UOAEr=rq7l-6qzdPpL9_8DVhKj7LHS!+NP>lPpA5Fyogsa-W;g;WM9 z2GlNczM3MW_ePzGhEsR}%=vP^V{el}FLd0!qL=5?Fg?h!C3e`Q>a*02KJ#iKCE1WZ z+Cj9fI8bUlU13?1Dy7okJiaCQX`bZb2tU51qLWhLA>qwxm{i7WV_Kz94}7zyqqsp7 zrM(ZNo>3*FU^PTW5yKZw`35OfdMxF8ykSS({DZqQ}<1vdShl;KIv(1tmpWU+g zj#-+62ZXg_Af!qq0$NRt*AXcDZMp~fm!S+S3ZaU*F?QTqRgsL^ zZ4mZ3{u-ixB8|{?gQK*`Uxh}Zr~zRV(o>!p3!DMJhn+YK{2MbUH!t{)lnGZf@m<%V zwzlt?YH2Z1dQW542gDb>jF&a*x6aB+3Qwf1ClgFFoz;j`Cz<0OJ+AG`8WQhw6oOgp zd0(fy4}cSbx-%cb@9pn3 z*tYC0-&Y%M7$8$}G0m|P*tg&TZ8Q!V%daObeT-qd9?+goH0^$2D;T*(1A!xh9a007 zgaKi%1yE)tktW?t{b&oJS8EsjmQo zEsc{dKgSUrPdsPmln&dn%EMzFH!uKkDj1nmfYA8{s76h_ALT)|6k-4eZ)8gUTe&N) zbkznA4=AF~-!1Hx2064#*d2=ZL?4e!pORKJKCn$=E;LRnJFZ=nAQK2UeR!leLKKCL zD28mZN1O>esCy=pxVNx2;9LKhLpn-tI#S{=Q1{~j!mABIn z<*qe=#EDm*+jH4ggj?>VU_o`NusYuC1*~u?7lF1uxlN=~Yv2Sk__{O57!lOpMnafD z6j{;_IQT=aTePBc@F(99Q=y5+2ew{DsQ|KgP6i|%F0_ zW@_Za;bSLeFdkD`e#|eiaGZJ1Q`TIoqDKRiu!D(%Hneb{YRZ=a5n95wyppnme}=KO zE&$LYqa_$$_hm3JFyyj+HK;}QWC~Jb)%%MNgbH+^E4ZOk)6xTUWtZEGofqY}K?Csa zF_eMlY#~e1b?P5Ej)i>?nu034?>q@OcY2oGb2@?$?gOqG!ZC8zsO6+~N#F2dE_)); z?YdSba5@UAxv`9bGVMGcz^6K6$pP*r+Ztl=1EGch*e;Aoy&KV|7Rf6V%NX?&Vz$3J zf9K&KkYJeYMnXVt0WuUNf^DPPub6>|dJB;AN2p~!1sPL%7byVfy+p)j!lH+aah4dT z#K*_+2gX!hNkd~01cM)8I@X5@;W(iClOyxq`^;GMdKLbnYVpksb&JdGhUdieJL#iS zY7He+HX||RYcRN`Po7_i=7HH+Br1cM+gqmJQ&u?u;@!*t@Q0tIj5YS&JHMer5cAB~ zorzGodqT&Zcw91HV=-AGt{W?r&jmUgU54T3$~kcuk)Hk{K}&$AG$pPVR6);|}c>&R@N=6AZJVp3k8M zC5+f%JUhBK}oJ@+H^mOmvPbuFl-ybv6IRqY# zl&n3$7dt%ZCN#jiJir^vE)}~aU9~6`UZl`x4J5ndR#2)8Lh39y}$FWd}?1*-1uK}bVfOr|uS z;;)M8ruUM+^}|@%Q`chq0CcDi+#VQSB>3#Sq#zq z^3|Be;rL;ZkwI{H*C3&;BwO*kpx%)OHH%_Fr*lYTSNxsi@#yT=wIhXUNZ-@_$M8~| zp8E96s1mO;=Bqht(}CBcfY*f#F>L4ti&ls2dZaG?4e#MGh70A z4 zvSmwEOPPPFw5r_i(#dPw?`ozJxb+gr<@N*gRENMvUOI_rl%~zxP=)m%wz8t{f-rp^ zkPgvHQlI1BnZRZFuA=SJEl{i+8{92KBAf3!0~|s!472HXvtUSe_-Y&M_-S8(9ZmG85#z!DQrT~tTh{hE%-i!Bb=(|2?pw^MgGY1rpz-XXtB-H9w&}stIya_w|JRy zf9S*tnXwo44n$xMVtMoXw?~GLnP{x8n>21H%YJ_Zi!GXFHI05IieAka6*kZd7uQgG zo`T#_j`cS|s7B~FK|Jw>>UVwqoEl<3UK(NK7#8e+iC9=^F;hUEb<+AHcusJt zG(9B-2g1#Ri8c&G8AMFT*~d$RqT%A$2R0!4U_Nx!3rDy&1gIoVU_E2y@8sp`H8tJ2 zv@g8zyNQlEd$Dz(X=5Batn!M`G%fQEJrOkD-Vrt5wv%QR50I&~SC>gA09N%kxn;(r zCh$N@qeKXQmeB(CBfMUuzn9c8wzIUPnKzdi7yn{vcZ&xDT_5e1hyQwXHxAk~6k9+V zm^UD_3d>8zu>41Mu@f-B-s3Rb*qa7#Y$RcNYxLc!lj|Qey|qjKdab z`78A6q-feSd)>Hj%xLu&fW-bIUPeH}_WVG@uEvek#;*IgVdl*kVC>FJoX}~$4LXrw(ODW z$I@)OT8k zT9qbbi_xImuiAd)ni8%^+DQkPSr5>sKv~*V{yP;y*tK2Jj*t2j2ZOt z??2w8AIOXE!@!T%#qTpOsa4pJv|&XTYGC;`ddXEVpAbe9uVYS@t`&;Ny;kJ#aT^V| z)n;-{jPEaU){9zsC^d>SRnSs{j6qfuT)C*-4FV%z6A!L~Xgpgdf{)A_$o>s+lX;Mz zsFqe&ym^fAr8KW~6#^@tTA8&PK?Yn<~aCsdSyE^^@ddb`fg?~Ddd&&_C>d(G)N6LvSj)nwN?I}gf%%p}2 zSQ-+HcVkw_T@qbX?U2QD*6E*1lu-#39rE+6V^;lNu!%$vPNTO>esx z`V>j?txrwn``nll$PGv4(u)ma8nJfKl5(!$WAsd$Et_eb-;-z!+-5YE1k-N?<8XBF zd)Hf6;3ahFNxrf?t^SW>w>m9v#yBm1Mo%6%!t;8RUaH9PjIs&`v0qI0YRmR^c52Py@zWw(II+6ewM41&EE4pr+cN2y~*avY4I~$mrHm;I@j!Gl-pkiOITH z{s%xuz-PsX_w<%2cKAtN11HKqw4_SQr*7BFLGNIrbA@6@5O+)ReL-(SXQu4#eK93+ zSE{*<;Lsbo+@%jOW-;nkrKOmm8%DdQh7YF@UI5i3R1leD{)3=LEiCj0l%Zq~`}<4G zI9G-s2$O$)q6os&eiKA?o}S-xCub_YfRSO>hMLoCWm zgyFA8V?=euxI@s(`z3q;8r1~b?tiu?X#u#S+AlkO8MHXw-L6&_SUbq_RclKLUe~U# z?>{YtF5J&kN8UQm*?&`x3pHwp&%esf$1V1s7@>=ut8+EkYeJW7``NeWWE%hca!(F~ zQQt)}z;^lvfM!FuX_1(B9FH8)d?}N!K_jKp@V5}zBN;lkL5=+4f0yfDQfxu4+x&_H z8H>++Fd?utJ99p{Qlq!;@8CG6u*vHb$LsWZKgtz_o8I1y*?;~<_U?4|0pr*0{f-p~1L>WUyJygQdYZm2=YPF4aqIWg+b+zr zP*cvQp0+4eqxsgH{x2l`MIqw-;=0PLuaa=Fk{d0Amq1oYw_K;2_re#NNAbg?qsW@Z z)}aFzu%MN@saJ`!jAb-4iV)wyJ7y}?nZraN58Zc3FV6lPw1krt4TbbFttfY*9}6e) zQCJYHvRUnjg%o_KxLpEjJg0u-3g^4Dj|q-(U!h+55^`_CcKCzu_m8lUc4$huT^zc0 ztSDFx&dw>+XG43FeyrIzU`jG0)Fb@X8pGkB3O(|e`oYlNp|S&7ViaNMlVE63F|+Zq zd6-w|sJk}22q=Lh%hGv-XD3JtZy!0wGCrJ%N<*4sQ?ah)f*J&88*<&^6G#n25* zls|S60dI$PU7&kkLLaCt|QMl)7Mz!R^e$w9i%H9I?g6{HN&_1$pV`4OH=vI5|w@s zj2@+|dYqWcYYT2iB=~EDB*)Z~>=(wz)DKdKNX+HK#iK<8j0#g&smvM5>{Fg9S92?* zXX_l6p0iHa3XS(BEzoeD&A%tHI1u-zmISY;FY%B)Co+|G5FUW;*BcY658fN+@%E~*QSv;i0n;?x z1~(;7!d>RTkM(WCg|2WPk?cxvl;{@A?L`eK?9t`|qTHl&5)4k1ofrsV8M6LHT4k{~ z&^>CP(>&PuHCp>(wTsxJ-gI9#cJ5#W^XERi;+2rM`1AuRnc4nu=m)s>ib`-oR-^0@ zvKJK1gyJ%ype7(BuFqn4gQk%JwW-0SnNlJ-*V38~{1>{T#6;tg8~&z=k{GYzX|5fA z?Nnv5c%H(AF?6Z-c&%-C9CL9YBvq>~qDHw(CT?#Qbk=?DYD?i6_557KiIf=R46wIu z!gw=2h-ad#urJ1&@xL-hDI~wRk61Jqgtwqo;va6%!tPyQa-lWyfoF2@;b(IBRuF5G zVK7G)l{0WVN>>VrL%631s*ZF%uMJ#f*q_V?&aXFYq9(DI>|J-kHWav3Q*t&QF99Zg zXGyPv_@k@i%hg@HyI}zJmx*APHX^$IZ*|wIvu*2eJNg&zaO2@^=T;EkJ~j1V8B!%* zO$lEjRXG46N+o5!|0&=8TwmH|AH_-lI*H0uo^0BT`GiW+A3&MSR?sv7H>EQlqb|nhvB{J+KUcbm&d>%IwP^K^4Hyk<$aH^7b6yO zb^)zZ7+!oU+IlwJxmFLJw_dy~?dn3j4DG5{K>U>VTtk>`cf_)=#bQ!h96q<>?GE5~ z=E~`IyqZ-DWIKV<|A6(`kkRNynRx9^oq_*?_2HUH+LSzCd-5Z*Cp4K|(glTwuToWO z)K@@$F@C5YXX8wG4wO&48LZ>moIiy$HLC|RM4ZPq-N~r;h`UVyjuzAkFtJ6Ld+&p~ zHenQ0l}utZjO5iUHp{TjFMp2M;Tgug*gW9eZ3eb*$#$v}H`OPvX7doF3^t&x} zJC2&H{*m{v`?dG6B=YuGhZ=~HXyLEEtLy&Ju)n_Gm$Zhn2cVG#vC3tIautVr7rM+o zyS3_&&r+o`M5NyIVJWx$4Snp?)J~^SNbwf3pI$*jP3U^WB{Widpjl= zD3Sx9N|TAzT|SEM!4)n+yGSw)fI;|DnkO`!^A-%S{A07S9)E`H71F`SGVN*?>oP?o zy1wgRY+vY7Adzcq`-IK@P3mcI+9+{rBnlsKp=hNdwI3B%NnATIJDOf zBWBy^pVTNeE14OiS`^%C7IT`ef+kE?D6)=(}-Bm789m_16r+cgC z$g0Nkt$%tHE86MUe-fUHp(@3zZcH&7@wfmpwefps76(}9y=&H};hNNJf{cwS{k>VW zAeDy~~CcHMOh$BPF!el2RW!hl>mO-_XUGkmzQ*FqVIG z42kumjVD&99t8!v!B9oH4nmC*h4o2{BU2S7`Qj_c7hcutBsHZ?{3`dQhf#6O`8ZzT z6pK*=5lOZDnXLl)3KFFD>+@z@cJ!$RfkgCWvOL z6E4|(7%xX76dEJGWoOMpqTK%-B~N<@yVpLYj&kk)GOGN}+_z z{V0+Yr*8dPz$S!Or^0Z}(8{3E|A^O_(1G_{^0+q}G7(~yHLDK2_a^p35rprfX!<>@ z8C;~G?U_HUM9@r+_^tz>GZP|uope#;`#(OrS_7)nACq0;U;XG1%&)lwa(4j6ezz!u zEGB_;mM&cJcz>nnsNx$tipq|MJ*X{|}E{DE$G{L>ANhhdrm%v{+a0)+B$+e#`Tya)FhL zm<4(^{Z?$|jZA8%)}G}{J0G-?Ua)8fb<8c-V6xgzJGSRkFkHjiK(~P_nD79Wv)Hit z0xPVkYw)LRO!}sUYltUrW%qLKI&?n(@hCuv6ExW5PmhF z?JCi5AoD%7CnR%bA>)RLm8e}9SrR}(ppOZ_DPgxDnePvy?@5lR0!9}Mt~%=VGX?FO zRk>Hqf&oPpd8|oV2D84bW;8(~)Svl_7`GxvG=W~&D}YH%dF$AU?YhauM@L{MX~$X> z;GdUUQvc@KrDs)voun5xT}HmGv!1B0M>Aa5uIpDIaskh?wAjq9HVfKGQ8u30RV|^3 z?Vy@E4){ob{7HAw*Y^(~#ogMJMrHq2vAQ4d6Yxrv7Z!*Cj%KlU`RfojDDy(I<9bsU zb~`RrOpsQJGk0jvzL*cm$>AG2rJ*7IjU1UeSYM%;kuTW*1E7mAI#iMUeA8$!NOPwy zEkCZ-duD$cBOMBPKEH3*rof@r;F8<^DF?Bbi&EeFnlK2dg>vtCz)p+)-i4J6)>Ys! zFDtrJ%X3P5o`|eL+K3gub9V#YW~7GXx0}Nblg-0*RzkBVa*F14XfrBD(t^OVaw9%w z=xFw~v+`Uwc>~nSvl=o0oQ=copnIZ3d%poI z=XCj*a+ld^;W`F)f;HH*#ZLV*&O+KV%kS^y1I;>)Y{&xUmG8`O40cWxit=DkQ`ffINtb zZ;4=Ve#|5U3r7YWB`|9ND!7CBH`js}L8Gp2!1l-buZfeLT4=HR+bIZi(NZVmx`P)a zkyns9G+uHmvS>KwmULakE${^`UF70+;yNSFI%fJXtM;0uOC zb=w0cRgdPUwCZj!p@OmjT4$bc>0-SPc^#lpMxo$y{`@=&gfNk!gGaiPdvoLBlFO#c zAJ>BfDa(-=+8l%t0Re%vayNTBprNS9XtM;IetgjlNx0p@RC!E$GHV zs$meccm5MNuO31ulz$k}my9*mo-#Es<<7Hc_9yY^^isIyqCJ8%aI|VJt>aSk!Me)m zng$Oq1>HyH3D_-E?d*YMq%vqB!qeRRvNE%eF@TyB#r90l?da319^mU(B_U~=SBXX- zgA>NII#4)*oq6Q4X~$*LKRyG8Tn-?^b1uDY1GLIONxoz2(^vtkAWy167Can48rgB- zt8{D39x$6=BH(C@tl@%#Po1U!&pG#_&o2Z7-YaaJp%{Ujgphod-;u~}ytww8viV86ne zuVZBpGhzejplM;hyzKR_woeGsf+Ig8pX}wJ#7d@K>4i5#Na=Ok9;sK4fK*p zj*BVD@aM~+fTmSlqSaFJ&MP$C+ETeg?_cd;KS^M@99{=lIKX6UYxM&Z==wCo3;^P# zQ&wniYb{3P4sr68q_xQ_(}UXfV_qTblQ=jrfXtE#6P1i|l*%|*D!1m8?{R+rlz;h_ zpRW6jRzLY~g(dP>~ zTAW#LWb(y0CoW+&ukYXy1_X3F*lg)es#PjtNvGujDM_)BfDg?8-c7A%n#ht#@gl!_ z7ru03qC_q9Y6ia=XFbmKFmV{Z=MH#Eq?XRO{u=(ehcw-8EG~(z>HX3;-!@j4!1#>h zF)+&N8+ffn^px@7NAY5hgOgW3g?s(82Z!PqG)2a6#vry7;2wcE1H*{SAoOAcA2q2& zgfmX`+T_lrv)%KdhNE1r>3Q_~^2qt`Je(H7Q zF5tzeSW!_{J8d2Gp_G<}dYbduhHU_*O9j990iwD@@~)6lW;|wV{60AXSQ8qjskcsd zM}16}pVZxG4HrJEFBa>``~+)B{{myaTLO0E(gpm-0*>qATK88Ixtmx_)Q^si2MF}u ztgdqKOoUcfIE+} zJ>TuzO=ARP5$ooTR%_kC|BZH#noi#epK&GHEn3!7xFy&PIlMn1E;F?#SX^$DF50bi z{a#~FM7N#YNeX7^&3T?EmPQQCKn;z=Wi*^PJcm}jN!G*UaQw=r?Ca(q=wMaN{e=-^ zMhqEt?5n%fB`1gV);(iF^m3u!S9cF2Br(Erqzjg6=R6j7~{)LwZw9`ZkVePHbo{@8A9vM)!V{ z3i$E@?=%TM#L8xF(x8L-M7YlR2Q3|g((I1P{=t1mcp%MtL=u(~R5kV<1&4K5?(n10 z7jAl%z`Favq8}ut%4*B6!xZH`dX+W;pnt3Lfsz~;`gs*}rxOat(7dBWh$=)^6u3$Z zu$mLK1BV6jHjL7Vuo^gkk_`|<;>V|qmZBQC(UOb2^X+d!ylcQ#v2viqb3MizV|xpa z86ZdmroQXwZFxt7Ke=ZpxNGge5n2%cSbD8H_C;k5jm@6quLjsjhZ#2In}`b5w~+HnvIcRG{VAdRIuJq61-Rt&3G35HoS7l!FIVK zYt|mYy%au*Tw2W41LO>r8r}OC3Unq6komKYWyOCXoJ9B!{uh|*9+w2#?N9D9-&LHM zzD-xQFI%zqW)$w&hUMny8w=f+3h1cim_=57p*vTf z{^~7ly-udM%?-ma^1v8OAnn-W^)Y5^9MDY@JoQs_2D! zgb0m>Sl=R3s<5wl@NN@9reoNri6wwMPLGP^U-?EOfc)Iae4w_L^@Bh9A&$Q=`_tgq zN_1m6aYzUu1%)w~b7dOj?_zo~^#Ino9&vsdQIaHMqus1^np*BqKL;GwJ!>#XRbw+s zRfkUmM4cV2CoO-@zEaGLpXWqN41P5|5Cv0*S?mo}kKh>p{c|>@gl(8gl1;rMHvZ1q za;gRZD0LtsLpY!(-(PA8dSs?4Xx2kris_e*xPnf6Ln_>?9OqJE_GlC00^1;-W>9xK znp^O-f{{AeSe(3$9S(4@9`{rx2Mm|MW8?Euh6PK5{Po`85W|1Z_v9EcssH1m!Sy~p zIm`M0KtRIK`a-`09N6|t+;T%DK_o39pNfGUL*&fE#W$%1Pz@!b9?U6%5r1oMA_k*0 zH#EWn(?tT}o^2ig(0-3p2U)TD|14zw7we>qiWhF5uwdIZxVwc`{n)_LK+&*72&F;54x2nTk9Kzv-Lw1yelZ~YV#Y&8 z8#HHz`fC35Z4gJO?*;*RBj3#-DX_mkx z^fqH2C1!|9hGf>h zv6e+21($Aei$Iv}7XMu6LFVBuK=`N}R40dkb8!0=U@!XzK-Z;oC+`Uh&peI}Yut!t zcaayZWo}g_MIm$WWa)9@6}#F86i0>_PXe$ zcN0S%eg`bv>Am;!Fqvac#wB%=1c)&UMBYoZKNIG+SB-f&8~T3Oz!Jy-*f*MsN8&O# zJORmfHjLF}7bl`ZbmROyJ$OsH$FN(w#6K9}2%1oREzcbSE{tUqQ`1a56GR5$T zy}%zcD$bI=9@|ExxdrE3VoXe=nkOqG7m?lq;u4&X<%jxo_+gzGn2cQtqh{ZEXhR37 z_$`fm_B#wXawsLN$IgL%5}B|bnT8OET*)7Hv$8Iq;Bmf4F<%y}yT&Cd?tm*1BPJAO zDt2(L!dRw#mGFOgUKay(qx(ie+$ZUyo`raa$Lb&xrPJuZvQelJ-Ax@4uHWBMe#)_M(!vRyu)%$U~SQ~vOg z>~MbpVIVcK{0r`gb9yAvOAapS-+ue(7cY%u7m0RDg*z#0(%_QB5&5w9v4fTT@Z!V8a9r*nfcCFWbTKdG{fpt%&8nq1h#C)EKd{UO%CwByz9?%ZzZ z)O2j`^;SI+<1QG}pioq@O+cmHOo?|gUzJTF7n*Oe6GdZbl|iM2#+<8{<3ZojO7RH{ z#+~1=T4TYZaI7e_SdJuf5FWffmJH_Re#puZmWFRT1~Dhn@;Lq0ni{~)BZrp|Ts=^ECN2?SNfivw4c4o&3>`ZI&=Uj2go?mh4 zrs1p!50?Ei)j_LtLoWI}?PB`gX*OB}$Apn+xoqz~4VF>1<%mv|VzvhnZQsv2(01<8 z+zkq{?eZlYW|_|mF_h!E5lZ&FMZ?d(4}S(p*4(M#P%L*$Wolz_Qiswp1R(k<2zaHL zW((9Xc;2xqc=$9)mGZ_jsD@g-n@6hzzMCCR_S{7YkFMk3z5Cw2=i7@SfPD)-fc?u9 zqmv8M==b=B6zeraS*`1mDtuB>G5j_}iW+r1UIG!NYaz5RO%4!Fl@j(c4Efnilv_Mh zv?X$JARRK?(ns%l9c4vow93c$5)5Q+kxW`VlX@~U$qH+Eg$zPyr z!H$<9m;9v;UYV|S;g_1f-am)E*XIxqlpKn@i7nfDO&lW+ki?9!-VJt+yNo(9Pm9;1 zs%iK`>?PSwirYDQcvY*O%8FuiSrZy-i5^`~vqx#k3XS*muYeh*8_x??YrgUTL^KEd zSiy~I6VyS5qTj{!sZ?R|W)hQKYF=}WYmiqwiZ+jlNf=hMN`;J?k8~pAx9(v7TpzAjC zxjM5uYr?Y*gZt*^&$$jBt59-SrflnJOWfeU73g9}BheHxju844WM*Mvh`<$v%~3$+ zE<0Jk_v-UK^Bqwu*WBZjI@tl+Ep)3l25SU;;|yoC8^s^d&mGE&q$jRxA3)ezs8zkc z`x%mu7)81)k)1&IhFoey8s`cvNTls!K`vFD|4{+45GPu)Q`5}oLE;G*YfLYeSpY*! zK)aNHZHgF-c#$^8-Y#V%d52;)5*QyUNTI0DsrfUfY~7UQAQwCtY7#7;*0#sqrm26~?$D#I5qe5LW+;OD` z3(gd)MgWn^DzQbSYGeQ^jTxzQm{8I8CgOPa{*|+kz2Klk%Wgx+{`f@9{@6|42FWuI zK1fi~NBhVN&M5*zi7#d>xc@>Ii4)m(7zSmaPeTMo*z?02EDluW*r%!`U>w}1Fy;0F zY2e_H`uY4`b0aCofv`w4D|P`ec}cxXg^Q&iOmjgHRj?mCR|M|p_<}h}rjY`g#jODq zB^WO>io%K};X`T_kmu8MXyvjv7kZu;lWq#wan;e)%1o~;kE;JGSGNqVOWvv6=MhY< z2)m^`T3*Qoi1&p_hhZVLIF`Xr@hs2ALhYJFBysJy4(z$Z@a|%1wSFHZ`8LC?92Qwe z#G~WIYf8CUL7`Eln3^m}Zp2Bf;RY4;<%bFtjbWW#1jzN{KfC@GMwgMrNK6=&?dL37 zsdyKK(ds0tZQmOag8r^}v|OUOL+`GSS+A*9-MiaUO6>n>udIut1}P z61AjO$v0Pb+k#fm1fbM8oaziVRbSosC=4X8L%iZ~gxpcfrmH@x8b5lu@`|dj*Fqpi zYRugE^rDvz7Dx@#L3y6jA2L9%`41Uznt22_CQ{(v0#PZuS=U=|^GxL8`O>Q%T5I*y zVCRWXM(>!|_UXw1I8L4_NP?9|2?+8XbA=gHh_bc}40H#F{%8>&n}Rh9;iPZ&fIee%n0mb`{fa6ADs zKpRNc*Sb44#a17nR@$R3l2A=gyENa)@%K-r9u6@*NpnqTey7a~d|E#w@F6h)Q1XSF zbUxQSM{A9wMb%`&Z$!Ig8$Re8{?L#zMK~kLMovBb!0+S6?x&wF-E6>W-!}&ybMAUZLlRZ6#FY+?38o}=e#0Wtv*N>Cy)Yh zgMB<%*B=S$`CtTSQgCT91(Ot(9EwkwWZlp{t-cI3@1r4P47q{we3pK>2xSJ^T-l*0 z&7V+@QBONxhGI2tE+`rQU+dW%F4kycr_DJA|`ooX(-TtKKtRLDG zgCplJ==~`S=v=7ostfe7jE?AQp$`r4lStGZc=CEfCCt|+LMI0xXo$_Ea>Ty=G`o`H zonRG94RR)2K1D~|6!jkLu1)l13f8%`w{fU=Blt`{9F2!jM;L!8t7j^`O&I84inejz0lYu zw)Z}B@={6_-e$5FLJY1Ad!v>WY?9$z<`RNjz!k0*{l-~~;0pYS!2tB@lG1U-RAXbDW)Zn*; zDAsM@@W(a@NuoVk;}2d7Kjv*arri4?L{5_!1fcesmXp!V0d8njm*>d9f!ixJ<~{3B ztM7qY>mQaW+ED>O(-Rfc&d^1)Lmj3lw=VvlFyRkh*4&!AH=xX%*lU;7<6riCzH(IL zCd0kkD~YPqQdDFu3bLmJP`RJ40xELJvD!@`1Rqszycpmkp^`1JKICl6f)1(CHQxv9 zLCZOb#^B7_W#|^}ROf*QCuof!V;C`aW=qUZ2rBa1N*jP1g`tPH%@KSMZT^BxHPDDZIR=lkJ@%+$>yjNX4`o7nK>DIrPJ zsR45!_Eo92EB22xy&!r zMeUQfv(FmxZ!7{^bGJwkL|DkyS$IMc^g|%SR;}BK8nY`qm!+;yTAXZnW7}U$Co$IJ z8+nYlwSESi#U_y*N~Y2w)$1*ne_M_2Ol*FJytgN*JRfm^PJW)pWqAbVCHAF9@XQw;<{-M)M)rB2U#SK z1WOw~%+crwU_fYD+~$MZw-^46Bqd^*V+NGhh0unB>}o(bfnXOVjZjWTq3oZ*0}50NT5LmUmBBKw-f z(A>P!?G7uvnKfZF;n5}SYQ&$6Ie)8eJUbTJ$%xIEO{j5Nfx;)m5x@|IaSLYPa9$W+ z3sD(q*dysKgvWBxp4RA^dok9>fdOmwg5Uk-$>#e5hLT)?R{w30MR4iX-G3fvX$`v9* zwm}WLNCN@oviFnu?}ykvS}dvQf4H{`Ypb5u5Eh@a6TKCK{8!z}xG!+$?K)-WUKUqd z_BJE;&wnwi8*^LrPC~=wJjJlB`MtS}fkmD+ePo`lq0_cbDeBvgp+6TP4M@+(G(J;% zsng?eUZPP*B;TMd!Wj#}+_#Px`25$0a(uAd(`GzEk*;vIl*o54eQR=R0RFqK=e)*;BN)8Rlvk>}h&js*& z&P!B&ZOsizWx7+R0icdQ2~vp5)1UqwflkPVdq9T*tU*OAiBLQ|f)Tgdne6@AonJ$R|?DF?U;#ib-Vrdf4W`By^zVSlUuR6t7r1hY3Fe( z(N>lqA6~&TYbg8c@mOt^F|nPvTwts?Tp}%Mw%IqbnVWDNd054l=!hy+X#1Pj106}{ z66j=K0^lWI_03V3u~wIN&@v#)*e~z~|F%lXPF>CHP5(7nYE=%Lf-*7{-_b7l)u@k* zR{Vduy2_w9fF`@R6P67g+?FJ`yDb(xxO;%$4#5^*+!EYfgA;yjsPU1>#}@P#M+W;<%!l_kg!9J7FF)a#Zly&R3!BV!E)UOJ?LTyTQaM{bY-s zyY0Uj-~1vAXzMXul;xXRgT8+SqOu2RJ1rRf>lUO7*BO$Fkap?i{$*beRM_{a35ewZ zqxBYG6(xcOB_>{Fg30o+deR+Y7|Lwh#b0~+zg)d9ZV~#5xxG_0vAhlgdJ!=ky58i|N7o*N_hJY8+F8L$I4r|Cly} zg6|@XlT`&~-+9`bVy!HBjGp>Nynd&^b~H5vbYYzlNA0xVwvR1gX&P8=nKKR@t?2HV zF?a}3y>}k3uJ1i4=E%Uv48bArNhe7={(#T$6R|W|+k|0OPG8TSiRL8pr7WoIu>#$6 z`PSy}Z7yRX-dXgm?IDp5Wv#Map!;xwU_as%0ARyd{vYj2<2AxlvH%p#_0Fwd&KxsA zwGjz>TB{$U?Gl3gS%dsLPoEyId`4ElEeves%lX~ITWKA}{F6KC0EvEgPv^){5SYHu zVcy{PVYUnLu^J*f`*|sX?u(4-dG@q7;TmQqHS|#!eXDUMMPVsZV<{Jk<*_NcKCL>` z%eXB%8Ma+wYhcu4TDfccbzHi5OF5#>Nw9)*A1A7-vjMwYzPSH8?zd2zwAoIl0S3;2 z7Dt|*zZubOQ8Y?Kf-!_R6n`u{gFX%&!aT6xPtN`VSlzJ9fMHt3NS9!@Ln?udvN82x z0GtbV{aInmauo{!US(mP>q-_-HI-x!`bOo2_YZs2;Oup z)4)Es!OX*|{RFgBxqZQ?`T+$k%}djO1=+AxBWRTsCZiBF!E>^4UWCWb_lY5z@Iz~q z;VqRyjKJn3&7s`S@x*(3hG8W-N;UHg;$WL6^{rx3QD2)oCc%V*)F7ANIX5^FS%*S= z9R+4&;6$^Fe;2H9oS7LF%uvd~ume)tyI08|f9YuwYbkoQ90jJVaN7-7hSz$Jfs^wW zza+^UJ*p!QE>l<@P|Grc26sw3ZQ7<(gjG;7P29iF^m0eMj>;GP zba>oK4Dx7*H`z$3@YIyo(u5airli&L;UC7P&})(2$VGeO7Ca%_2wBA=DVB71e_7Di z+g_(CW-HeaX!x|Z@ji1SQSAWx@uo!bBwz#kfwqT~{Y%t?+BC7E-R#lrK;|jzG;fNe z(kXXd#REye4OfN!qdI;91#)0f@5Z<+b3j@yoAId0IFNdvOIYq!TLju`j`;>Z3&Ibj zV)|8sP79;zrG+rgaZw4!^ll>!A!ZeQV`x`A-&a$Uo@X?NzO@0-yP2@+^-hc$Rl}M_ zpf0cNu0R1deD>@W#4)F?M0w=Wgg`tKW1YNKV)V|j$xYKT(V#`PymJ@0%pWU@PFwLDXZQ%O#7$|REWI$wi>}&&2 z|D>C(7W$Y$v;4BQ+HlI_the!kaDf}O7=0XIpLAj{z}u^{XKFs(bW;Sbb|<36v8c%+ zQ3|CMlyDDdm-Ht>d9d;g6p?VkWpzoGZnU-W7?6!>=%s!$)YIc4;@l3J>TC#et@NVy zCsq8dY^l_W8OYxN2lXF&lg4)_BhO=`eMXI=*u+gPYYIYFvS%V$6iXYZ3MZ!z$9J-0 zuoo*od<;hF^0U328DgE`0DuUkJ4<#KSjad;fJLa*+r)9lG9anq&@i(yQ(vFE%Rh9a zx60Q0>Kux=oxjQ&gJNYPlmd3a8C=4F9RU(CH3EO~*(a2`+~Fh1|4 zsunQo0N@Tx=uKx*5UizR;4xvAv_Di=8oqPV;Q$UE!q*>h_#2qAX1ch9`%Bpu9w(D? z{B#IF_WRt)hS+?p7|OkF?61>+kS|pYUh*fAul}ee5W9C91^hE+Fs@v{y8;}#!-?ZV zr>ifz+lbdr3VUYJ!vWN(0f>41pM}4Hy=y;d(q;`Boi$jPKdIN)VRNTC{-&DyYCqKI ztcK52J7-@ zSzD?9rC)p736{e40!#-dC%bi;En-^jj|u;f#hU3-^WgT!&pz#y#sS8S(7m%?Oh|aQ ze`j6kg-dz-e(zX9+r|MtJLPX+sCzU9^k<0+>3qLEIcoAI%;2f+SHhSFO_R9UL0So9h-<7nf_6jBtJ(-#~8~vmJc77oB*d zZ^ck~A9T#)FgzJUL*!N>|8#%02f3AeZ{aG}{Hwqa`SC*a+gs5`DRa_zpc_{&c;>0w z{-5K-mvD4;o-5~ft^@)G_*i;2Gl6(1QoVJ>ctZQcBpWJ9q3(E!>M??j zfo`AO=)HVuGZEA{XnzbGOzNP@aF!v&{ORJf6^&6qNr8ZI}H67;l{chp* zUFu4H&*B@WW!_HI7rwnC48J=J`>vfUvv#s3IBLr_VT5jGzOsior>#bJEC`W z^l{f+%ZXFAl+bagD@5|}jkQ+0$BL9y-;NfZ;{Ay`Spu&9T@|o7@51u~`aO;d7^+v& z*JwW4V}+8(Qzi->T&%SnFcYDB-(W$iWz=4rw?QTyVgV$(PQ~7U8TIJpNh;B78oxbJ z3Qs}q6#FoEJ5X#%Y*P~#*zlvN#v)`8Mhk#q(FtQnUlx(ny1$hsuU*jlRY6$uF?aRf zxKPfg>zcQ+Hae*>!}v=!&)04vfq<|F(?Bm~I`oa^2q|0%iD2f=)$)=tdNI^Wpd@jX z4S+!c^9<<;E3JU76OI=vu!C)kNYKhYZoe+&HJE`vF~mY>lW0a7kXv057kvGz`~BlZYAdDhKb{5aAT83tdHBw&=O@i?Wq%59LnlW>bRXOe)<^rCJP` zDeWGOwmmR|DH6g(fpL^F3m^DRtHn9i0(_J4W5dHcm)Q=0i8wEG1X{}c01@pE&&)YJ zcW02S3f-hY%llq8wz=q&v}nRzbG8s5)KG@n!);HgFc3sm6x-Dd^%yozxr1rXo}@@7 zmjKT8+-+r;=OujjT?QKfl>PgNFzOE?*~kcVT&O@Vuo@_yjI=i1R!X_WRz^;$M09fl zPos?>DC;bXv4|i*QxbDGz{!Z)&1u7*Q$v9M8ovo7WX?oz20KwgY0a>HoV*8O3G;tW zLRr*n^)asayHq$O)0vusTLEg|+X&y>2`70q53?Psm*OKGDra{c^nghUp9ZCMQvp(o zMr{4ji7KC>NJ5!m^%%q(BYCoRA3!NNr6FjB=A-VVs?0F}UXJUp{8?I+H{=UMs)Ntv zlBT2FI*+rl66qQ5s;Uy7f5PG9)*~-};T=o%9kjd2?wE$%--6FYG;FlvXsscNfkdrr z1RWGlF|Az4E1(uKB4IX~Fd%;$6`}7-nfpEgI)d`-W3^b@c?Bco0+Ol_EnQ`pa85zEum1%ZIx-DZ^Lscivwb6J8onWbX2caC-Gs zncHU}xggp31lF@@HK-Zh3XT_1i(v5Ne-wn*%vw8Od3S1ekVZ1=PVjbTd7Jx#sS z`I*$en#^^J35ibDvnP*Vw#tTA+bW*Qxu4x$i=H;pD(DF9)2%bqGHzpO8mJslmL6Xy zr3qutKX}ft%E&*ocV&2FOWP{@9rAA*#Oj!LXWi1{Y^hH`lvU#{m6Y-Ne*phF%l^CMvjjsAO{cqZRWBRg&qh0l6WUk%kWQ28p z#DR4vdCkw&s9h;Vg;AjdW5`D0A}y}F}8Y$e}BZn?SrkrfjBC zffD2AVo>S-f{9_3|10t?1TppRgP1=OeC$}NTn`jtkh%>Z3h5+T-+6LHIFCj4s;p}C zi+a@|Jm1Wu-{=#>TJKAk@&Y=gvdPjDYH~dg^hq}_)-SUsi-=G8{Rjm>XXj?HI&F|? zp^!h7k^Pi?jtatLqLVX^S|3T3QDuL>BsLna1hd;^gF&;XD4|z?JVD3%oTCMrJQFR= z@Ee@=V_DpTTcVASH7j2@$z5c`}*B!q|w&F9<}Idkg6_>P}Hqwm1I#eZTIicM=-SD0mg zm}~baW&oxu&9(PD~KJ@`R2*H`ZrwKE{^$j-qvMpu>#in>^ZJ?!6|6*R^--FNK`CA5@3Rb;n#`MU099Du=DR z9g0vV>iH4lo2Mcg>oiq?)rQ7+7*lp|Fk&82u!4%h1As8K1v^8W+UwVO!B$F4+(!D- z^<9P3C?sxL4t;u&W**5IzNdxUjB);5HfhPHeTAmO=Wz`9sbpv_eEk&JEJD~8>*jQ7N(#)tk9mK?YV&0759c~hS+wLoji5f=@Oa@HVEsrj}hSEdm!F2?av zGG9d8$5KOoLB;lRtoM8-Z;)4y+oX;Xd-Q{6f{QS`Bno0pHpM{5+7gVu_sKuvP&Os$ zSl=%-Ybc?3MB!GivSG@6FMEvCr~-#W|Gc_hMpr!_m0m)1J#t7cIGcqk>JzD|0V!+^ zk>yvIS3>DOt76J7`F>7C>EBgZv};yoS(^vGX1*(W{Ut^v#q&WEuGejLBfd zTln^7uQ{$VOGNlpmSIA^nOM+xN>dUedU@TGQEY&U=?1++#sV7Q8yqNy>Ia5JeC$1> z$cP{hczFxyl&oaKy^l9{FViPL&Bvh#k@k;{m%ClmL!zJwM(70QeFDP!V2v&*PZ`20pOsD)L6@zn<{A^HDY2@E?i~4Pm7ZZ{;x&QJmhPvm36>5N zjbh$Pa!~d2qxE3skYf^bA&{ScK{(5R>ib`1Cg15p3&JU16<+4znULQ8WV98YrM60m z$;u7q@L)nEWS)gtsn0zs5h3(4j8(dIn^!1YT>0Wy!I#m-9FD2P(`@nV{NxK?XP7ax zen48}I{$?Y_E>p{^3B|%Q12bvXDFV{6gEO>4}drXv1}wxb32~=CSo#k$UffOypM z*-$8B;-Ss*d2ixDn0UtWIg4WUl%x+=oK!cQh!x=r7l9=48g-4qG0Hbsd1+|Jf=l zD%O=5>ynXB<=y;jQ5XC>@><=13)e_h@M?$I#~Y9gzBt0LJR&dEEKKzcdlOm4`#@^5 zP~mHp)W)=?SdX_5NWhag9E)2Ry=1vc0NjXs$8}vDd}AlWV$wvO_x`=n*w@#|11){m z%RMwjXDk^Xv@xQkE(b-9qUySm4%`p+FFWH>B#6RW@umd*j4YU6+ zvAcPZ=d-1rjos2{*Y2gA%*neCG^BnMU{4cn$c6UVV8Xt?ZMe}20SU5wb>QDPG|}Yc zq!#i3-0ZD zjOA(y_om(ZzcuE{3K_&`+Vah);=_%CX1&!;3nQr6kS@CJ@wS(zy4!638-Epf1jM(1 zw*UYD9WdxCrxywQJtKq)0HA>Y0HRm)|1L9U3lmoh4Qq(S7i)WKS8E4*mai@j_Wz#* ym!x!vU>X3RL_q@p{||%HE47`8wY|E9ouln5)&HcUyuttg;_D86JsTGO6a5zmS>Cb$ literal 0 HcmV?d00001 diff --git a/Solutions/GDPR Compliance & Data Security/Package/createUiDefinition.json b/Solutions/GDPR Compliance & Data Security/Package/createUiDefinition.json new file mode 100644 index 00000000000..5b384f60d5a --- /dev/null +++ b/Solutions/GDPR Compliance & Data Security/Package/createUiDefinition.json @@ -0,0 +1,103 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#", + "handler": "Microsoft.Azure.CreateUIDef", + "version": "0.1.2-preview", + "parameters": { + "config": { + "isWizard": false, + "basics": { + "description": "\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/GDPR%20Compliance%20%26%20Data%20Security/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThis workbook helps you track, visualize and monitor GDPR related requirements across your enterprise. It consolidates data from Defender XDR, Microsoft Purview, Azure SQL Databases, Microsoft 365, UEBA and Entra ID solution.\n\n**Workbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", + "subscription": { + "resourceProviders": [ + "Microsoft.OperationsManagement/solutions", + "Microsoft.OperationalInsights/workspaces/providers/alertRules", + "Microsoft.Insights/workbooks", + "Microsoft.Logic/workflows" + ] + }, + "location": { + "metadata": { + "hidden": "Hiding location, we get it from the log analytics workspace" + }, + "visible": false + }, + "resourceGroup": { + "allowExisting": true + } + } + }, + "basics": [ + { + "name": "getLAWorkspace", + "type": "Microsoft.Solutions.ArmApiControl", + "toolTip": "This filters by workspaces that exist in the Resource Group selected", + "condition": "[greater(length(resourceGroup().name),0)]", + "request": { + "method": "GET", + "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]" + } + }, + { + "name": "workspace", + "type": "Microsoft.Common.DropDown", + "label": "Workspace", + "placeholder": "Select a workspace", + "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected", + "constraints": { + "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]", + "required": true + }, + "visible": true + } + ], + "steps": [ + { + "name": "workbooks", + "label": "Workbooks", + "subLabel": { + "preValidation": "Configure the workbooks", + "postValidation": "Done" + }, + "bladeTitle": "Workbooks", + "elements": [ + { + "name": "workbooks-text", + "type": "Microsoft.Common.TextBlock", + "options": { + "text": "This solution installs workbook(s) to help you gain insights into the telemetry collected in Microsoft Sentinel. After installing the solution, start using the workbook in Manage solution view." + } + }, + { + "name": "workbooks-link", + "type": "Microsoft.Common.TextBlock", + "options": { + "link": { + "label": "Learn more", + "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-monitor-your-data" + } + } + }, + { + "name": "workbook1", + "type": "Microsoft.Common.Section", + "label": "GDPR Compliance And Data Security", + "elements": [ + { + "name": "workbook1-text", + "type": "Microsoft.Common.TextBlock", + "options": { + "text": "This workbook helps you track, visualize and monitor GDPR related requirements across your enterprise. It consolidates data from Defender XDR, Microsoft Purview, Azure SQL Databases, Microsoft 365, UEBA and Entra ID solution." + } + } + ] + } + ] + } + ], + "outputs": { + "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]", + "location": "[location()]", + "workspace": "[basics('workspace')]" + } + } +} diff --git a/Solutions/GDPR Compliance & Data Security/Package/mainTemplate.json b/Solutions/GDPR Compliance & Data Security/Package/mainTemplate.json new file mode 100644 index 00000000000..b0a952f2556 --- /dev/null +++ b/Solutions/GDPR Compliance & Data Security/Package/mainTemplate.json @@ -0,0 +1,280 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "author": "Microsoft - support@microsoft.com", + "comments": "Solution template for GDPR Compliance & Data Security" + }, + "parameters": { + "location": { + "type": "string", + "minLength": 1, + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`. We instead use the `workspace-location` which is derived from the LA workspace" + } + }, + "workspace-location": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]" + } + }, + "workspace": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup" + } + }, + "workbook1-name": { + "type": "string", + "defaultValue": "GDPR Compliance And Data Security", + "minLength": 1, + "metadata": { + "description": "Name for the workbook" + } + } + }, + "variables": { + "email": "support@microsoft.com", + "_email": "[variables('email')]", + "_solutionName": "GDPR Compliance & Data Security", + "_solutionVersion": "3.0.0", + "solutionId": "azuresentinel.gdpr-compliance-and-data-security", + "_solutionId": "[variables('solutionId')]", + "workbookVersion1": "1.0.0", + "workbookContentId1": "GDPRComplianceAndDataSecurity", + "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]", + "workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))))]", + "_workbookContentId1": "[variables('workbookContentId1')]", + "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]", + "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]", + "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]" + }, + "resources": [ + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('workbookTemplateSpecName1')]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "GDPRComplianceAndDataSecurity Workbook with template version 3.0.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('workbookVersion1')]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Insights/workbooks", + "name": "[variables('workbookContentId1')]", + "location": "[parameters('workspace-location')]", + "kind": "shared", + "apiVersion": "2021-08-01", + "metadata": { + "description": "This workbook helps you track, visualize and monitor GDPR related requirements across your enterprise. It consolidates data from Defender XDR, Microsoft Purview, Azure SQL Databases, Microsoft 365, UEBA and Entra ID solution." + }, + "properties": { + "displayName": "[parameters('workbook1-name')]", + "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"version\":\"KqlParameterItem/1.0\",\"name\":\"DefaultSubscription_Internal\",\"type\":1,\"isRequired\":true,\"query\":\"where type =~ 'microsoft.operationalinsights/workspaces'\\r\\n| take 1\\r\\n| project subscriptionId\",\"crossComponentResources\":[\"value::selected\"],\"isHiddenWhenLocked\":true,\"queryType\":1,\"resourceType\":\"microsoft.resourcegraph/resources\",\"id\":\"314d02bf-4691-43fa-af59-d67073c8b8fa\"},{\"id\":\"e6ded9a1-a83c-4762-938d-5bf8ff3d3d38\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Subscription\",\"type\":6,\"isRequired\":true,\"query\":\"summarize by subscriptionId\\r\\n| project value = strcat(\\\"/subscriptions/\\\", subscriptionId), label = subscriptionId, selected = iff(subscriptionId =~ '{DefaultSubscription_Internal}', true, false)\",\"typeSettings\":{\"showDefault\":false},\"queryType\":1,\"resourceType\":\"microsoft.resourcegraph/resources\"},{\"id\":\"e3225ed0-6210-40a1-b2d0-66e42ffa71d6\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Workspace\",\"type\":5,\"isRequired\":true,\"query\":\"resources\\r\\n| where type =~ 'microsoft.operationalinsights/workspaces'\\r\\n| order by name asc\\r\\n| summarize Selected = makelist(id, 10), All = makelist(id, 1000)\\r\\n| mvexpand All limit 100\\r\\n| project value = tostring(All), label = tostring(All), selected = iff(Selected contains All, true, false)\",\"crossComponentResources\":[\"{Subscription}\"],\"typeSettings\":{\"showDefault\":false},\"queryType\":1,\"resourceType\":\"microsoft.resourcegraph/resources\"},{\"id\":\"15b2c181-7397-43c1-900a-28e175ae8a6f\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"typeSettings\":{\"selectableValues\":[{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":259200000},{\"durationMs\":604800000},{\"durationMs\":1209600000},{\"durationMs\":2592000000},{\"durationMs\":5184000000},{\"durationMs\":7776000000}],\"allowCustom\":true},\"value\":{\"durationMs\":1209600000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"Parameter Selectors\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# [GDPR Compliance & Data Security Workbook for Microsoft Sentinel](https://learn.microsoft.com/en-us/compliance/regulatory/gdpr)\\n---\\n\\nWelcome to the **GDPR(General Data Protection Regulation) Compliance & Data Security Workbook for Microsoft Sentinel**. \\nThis workbook helps you **track, visualize and monitor GDPR related requirements** across your enterprise. \\nIt consolidates data from **Defender XDR, Microsoft Purview, Azure SQL Databases, Microsoft 365, UEBA and Entra ID solution.**\\n\\nUse this workbook to:\\n- 🔍 Monitor **GDPR and data-theft related alerts and incidents** across Microsoft Defender XDR \\n- 🗂 Gain visibility into **data classification and sensitivity labeling coverage** with Microsoft Purview\\n- 🗄 Detect **sensitive data queries, anomalous database activity, and unusual access patterns** in Azure SQL Databases\\n- ⚠ Investigate **identity risks, anomalous sign-ins, and insider behaviors** with Entra ID and UEBA \\n- 📝 Provide **clear audit evidence and compliance reports** across Microsoft 365 and related services\"},\"name\":\"text - 2\"}]},\"customWidth\":\"78\",\"name\":\"group - 5\"},{\"type\":1,\"content\":{\"json\":\"![Image Name](https://azure.microsoft.com/svghandler/azure-sentinel?width=600&height=315) \"},\"customWidth\":\"21\",\"name\":\"Microsoft Sentinel Logo\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"ac6f7462-59ff-4d82-86b0-0a6eccc35a51\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"UserPrincipalName\",\"label\":\"🔀 User Selector\",\"type\":2,\"description\":\"This filter applies to metrics derived from Microsoft 365, UEBA, and Entra ID data sources.\",\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"SigninLogs\\r\\n| summarize by UserPrincipalName \",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"showDefault\":false},\"timeContext\":{\"durationMs\":2592000000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"User Selector Parameter - Copy\"},{\"type\":1,\"content\":{\"json\":\"✅ **How to use this workbook** \\r\\n\\r\\nSelect one or more checkboxes below to display the GDPR relevant metrics for the corresponding source (e.g., Security Alerts, Purview, SQL, Microsoft 365).\\r\\n\"},\"name\":\"text - 16\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"[\\\\r\\\\n\\\\t{ \\\\\\\"Data Sources\\\\\\\": \\\\\\\"Getting Started\\\\\\\", \\\\\\\"tab\\\\\\\": \\\\\\\"Help\\\\\\\" },\\\\r\\\\n\\\\t{ \\\\\\\"Data Sources\\\\\\\": \\\\\\\"Security Alerts and Incidents (6)\\\\\\\", \\\\\\\"tab\\\\\\\": \\\\\\\"SecurityAlerts\\\\\\\" },\\\\r\\\\n\\\\t{ \\\\\\\"Data Sources\\\\\\\": \\\\\\\"Data Loss Prevention (7)\\\\\\\", \\\\\\\"tab\\\\\\\": \\\\\\\"DLP\\\\\\\" },\\\\r\\\\n\\\\t{ \\\\\\\"Data Sources\\\\\\\": \\\\\\\"Purview Logs (8)\\\\\\\", \\\\\\\"tab\\\\\\\": \\\\\\\"PurviewLogs\\\\\\\" },\\\\r\\\\n\\\\t{ \\\\\\\"Data Sources\\\\\\\": \\\\\\\"Azure SQL Databases (9)\\\\\\\", \\\\\\\"tab\\\\\\\":\\\\\\\"AzureSQLDatabases\\\\\\\"},\\\\r\\\\n\\\\t{ \\\\\\\"Data Sources\\\\\\\": \\\\\\\"Microsoft 365 Activity (20)\\\\\\\", \\\\\\\"tab\\\\\\\": \\\\\\\"M365Activity\\\\\\\" },\\\\r\\\\n\\\\t{ \\\\\\\"Data Sources\\\\\\\": \\\\\\\"User & Entity Behavior Analytics (12)\\\\\\\", \\\\\\\"tab\\\\\\\": \\\\\\\"UEBA\\\\\\\" },\\\\r\\\\n\\\\t{ \\\\\\\"Data Sources\\\\\\\": \\\\\\\"Sign-Ins (12)\\\\\\\", \\\\\\\"tab\\\\\\\": \\\\\\\"SignIns\\\\\\\" },\\\\r\\\\n\\\\t{ \\\\\\\"Data Sources\\\\\\\": \\\\\\\"Audit Logs (5)\\\\\\\", \\\\\\\"tab\\\\\\\": \\\\\\\"AuditLogs\\\\\\\" }\\\\r\\\\n]\\\"}\\r\\n\",\"size\":3,\"exportMultipleValues\":true,\"exportedParameters\":[{\"fieldName\":\"tab\",\"parameterName\":\"tab2\"}],\"queryType\":8,\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"tab\",\"formatter\":5}]}},\"customWidth\":\"40\",\"name\":\"Control Family \",\"styleSettings\":{\"showBorder\":true}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"cbb7a53e-ea3b-44e3-804e-734662e21144\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"isHelpVisible\",\"type\":1,\"isHiddenWhenLocked\":true,\"criteriaData\":[{\"criteriaContext\":{\"leftOperand\":\"tab2\",\"operator\":\"contains\",\"rightValType\":\"static\",\"rightVal\":\"Help\",\"resultValType\":\"static\",\"resultVal\":\"true\"}},{\"criteriaContext\":{\"operator\":\"Default\",\"rightValType\":\"param\",\"resultValType\":\"static\",\"resultVal\":\"false\"}}],\"timeContext\":{\"durationMs\":86400000}},{\"version\":\"KqlParameterItem/1.0\",\"name\":\"isSecurityAlertsVisible\",\"type\":1,\"isHiddenWhenLocked\":true,\"criteriaData\":[{\"criteriaContext\":{\"leftOperand\":\"tab2\",\"operator\":\"contains\",\"rightValType\":\"static\",\"rightVal\":\"SecurityAlerts\",\"resultValType\":\"static\",\"resultVal\":\"true\"}},{\"criteriaContext\":{\"operator\":\"Default\",\"rightValType\":\"param\",\"resultValType\":\"static\",\"resultVal\":\"false\"}}],\"timeContext\":{\"durationMs\":86400000},\"id\":\"9ade41e9-0382-49a7-847a-472bfb7e284b\"},{\"id\":\"17988544-c3d6-46c0-9645-2d1ce07d8655\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"isDLPVisible\",\"type\":1,\"isHiddenWhenLocked\":true,\"criteriaData\":[{\"criteriaContext\":{\"leftOperand\":\"tab2\",\"operator\":\"contains\",\"rightValType\":\"static\",\"rightVal\":\"DLP\",\"resultValType\":\"static\",\"resultVal\":\"true\"}},{\"criteriaContext\":{\"operator\":\"Default\",\"resultValType\":\"static\",\"resultVal\":\"false\"}}],\"timeContext\":{\"durationMs\":86400000}},{\"id\":\"0299a507-8d53-4e80-bc8c-e3aa12522bab\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"isPurviewLogsVisible\",\"type\":1,\"isHiddenWhenLocked\":true,\"criteriaData\":[{\"criteriaContext\":{\"leftOperand\":\"tab2\",\"operator\":\"contains\",\"rightValType\":\"static\",\"rightVal\":\"PurviewLogs\",\"resultValType\":\"static\",\"resultVal\":\"true\"}},{\"criteriaContext\":{\"operator\":\"Default\",\"resultValType\":\"static\",\"resultVal\":\"false\"}}]},{\"id\":\"553d4aff-e76d-418b-9edf-7fdcdacb6e0f\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"isAzureSQLDatabasesVisible\",\"type\":1,\"isHiddenWhenLocked\":true,\"criteriaData\":[{\"criteriaContext\":{\"leftOperand\":\"tab2\",\"operator\":\"contains\",\"rightValType\":\"static\",\"rightVal\":\"AzureSQLDatabases\",\"resultValType\":\"static\",\"resultVal\":\"true\"}},{\"criteriaContext\":{\"operator\":\"Default\",\"resultValType\":\"static\",\"resultVal\":\"false\"}}],\"timeContext\":{\"durationMs\":86400000}},{\"id\":\"f145d46a-1e01-49ff-99e7-87f6059ed960\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"isM365ActivityVisible\",\"type\":1,\"isHiddenWhenLocked\":true,\"criteriaData\":[{\"criteriaContext\":{\"leftOperand\":\"tab2\",\"operator\":\"contains\",\"rightValType\":\"static\",\"rightVal\":\"M365Activity\",\"resultValType\":\"static\",\"resultVal\":\"true\"}},{\"criteriaContext\":{\"operator\":\"Default\",\"resultValType\":\"static\",\"resultVal\":\"false\"}}]},{\"version\":\"KqlParameterItem/1.0\",\"name\":\"isUEBAVisible\",\"type\":1,\"isHiddenWhenLocked\":true,\"criteriaData\":[{\"criteriaContext\":{\"leftOperand\":\"tab2\",\"operator\":\"contains\",\"rightValType\":\"static\",\"rightVal\":\"UEBA\",\"resultValType\":\"static\",\"resultVal\":\"true\"}},{\"criteriaContext\":{\"operator\":\"Default\",\"rightValType\":\"param\",\"resultValType\":\"static\",\"resultVal\":\"false\"}}],\"timeContext\":{\"durationMs\":86400000},\"id\":\"70014e2e-d25a-4cca-b78d-b6063795d138\"},{\"id\":\"14403a6f-fb83-492a-bea3-941048e30bb7\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"isSignInsVisible\",\"type\":1,\"isHiddenWhenLocked\":true,\"criteriaData\":[{\"criteriaContext\":{\"leftOperand\":\"tab2\",\"operator\":\"contains\",\"rightValType\":\"static\",\"rightVal\":\"SignIns\",\"resultValType\":\"static\",\"resultVal\":\"true\"}},{\"criteriaContext\":{\"operator\":\"Default\",\"resultValType\":\"static\",\"resultVal\":\"false\"}}]},{\"id\":\"af09b9c4-3218-40de-8a1f-26f4a1c38a19\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"isAuditLogsVisible\",\"type\":1,\"isHiddenWhenLocked\":true,\"criteriaData\":[{\"criteriaContext\":{\"leftOperand\":\"tab2\",\"operator\":\"contains\",\"rightValType\":\"static\",\"rightVal\":\"AuditLogs\",\"resultValType\":\"static\",\"resultVal\":\"true\"}},{\"criteriaContext\":{\"operator\":\"Default\",\"resultValType\":\"static\",\"resultVal\":\"false\"}}]}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"10\",\"name\":\"Hidden Parameters Selectors\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## 📂 Workbook Structure\\r\\n\\r\\nThis workbook is organized into the following sections:\\r\\n\\r\\n| Section | Description |\\r\\n|---------|-------------|\\r\\n| 🚨 **Security Alerts & Incidents** | Investigate security Alerts & incidents from hosts and resources hosting personal data. |\\r\\n| 🛡 **Data Loss Prevention (DLP)** | Monitor sensitive data access, leaks, and geolocation-based usage. |\\r\\n| 🔍 **Purview Logs** | Discover and classify assets, monitor sensitivity labeling, and track data governance. |\\r\\n| 🗄 **Azure SQL Databases** | Detect anomalies and monitor classified data queries. |\\r\\n| 📂 **Microsoft 365 Activity** | Monitor sensitive document/email activity. |\\r\\n| 📊 **UEBA** | Analyze anomalous user & entity behaviors. |\\r\\n| 👤 **Sign-Ins (Entra ID)** | Track risky sign-ins and monitor identity compliance. |\\r\\n| 📝 **Audit Logs** | Provide accountability and traceability of administrative activities. |\\r\\n\"},\"customWidth\":\"40\",\"name\":\"text - 2\"},{\"type\":1,\"content\":{\"json\":\"\"},\"customWidth\":\"10\",\"name\":\"text - 12\"},{\"type\":1,\"content\":{\"json\":\"## 🔗 Data Sources & Permissions\\r\\n\\r\\nEnsure the following data connectors are enabled and ingested into Microsoft Sentinel:\\r\\n\\r\\n### 📂 Data Governance\\r\\n- ✅ **Microsoft Purview** (data classification & sensitivity logs. PurviewDataSensitivityLogs table) \\r\\n- ✅ **Microsoft Purview Information Protection** (DLP, labels, document access. MicrosoftPurviewInformationProtection table) \\r\\n- ✅ **Azure SQL Databases** (classification & anomaly scores. AzureDiagnostics table)\\r\\n\\r\\n\\r\\n### 👤 Identity & Access\\r\\n- ✅ **Microsoft Entra ID** (Sign-ins. SigninLogs table) \\r\\n- ✅ **BehaviorAnalytics** (UEBA. BehaviorAnalytics table) \\r\\n\\r\\n### 🛡 Security Monitoring\\r\\n- ✅ **Microsoft 365** (Microsoft 365 activity. OfficeActivity table) \\r\\n- ✅ **SecurityAlert / SecurityIncident** (Microsoft Defender XDR. SecurityAlert and SecurityIncident tables) \\r\\n- ✅ **AuditLogs** (Entra ID administrative traceability. AuditLogs table) \\r\\n\\r\\n📘 [How to configure data connectors in Microsoft Sentinel](https://learn.microsoft.com/azure/sentinel/connect-data-sources)\\r\\n\"},\"customWidth\":\"40\",\"name\":\"text - 3\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n\\r\\n### 1. Security Alerts and Incidents\\r\\n\\r\\nFrom the Azure portal, install the **[Microsoft Defender XDR](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/dontDiscardJourney~/true/id/azuresentinel.azure-sentinel-solution-microsoft365defender)** solution via **Content Hub**. \\r\\nThen, enable the **Microsoft Defender XDR** data connector to stream security alerts and incidents from Defender products into Microsoft Sentinel. \\r\\nThese records populate the **`SecurityAlert`** and **`SecurityIncident`** tables. \\r\\n\\r\\n⚠️ **Important:** \\r\\nAll workbook metrics in this section use a **watchlist** to filter only alerts and incidents involving servers that host **personal data**. \\r\\nYou must configure this watchlist in Sentinel and populate it with the names of your personal data hosting servers.\\r\\n\\r\\n#### 📂 Sample Watchlist (GDPR_PersonalData_Assets)\\r\\n\\r\\n| HostName |\\r\\n|------------------------|\\r\\n| server1 |\\r\\n| server2 |\\r\\n| server3 |\\r\\n| server4 |\\r\\n\\r\\n1. Save the watchlist as a CSV or TXT file. \\r\\n2. In Sentinel → **Configuration > Watchlists**, create a new watchlist (e.g., `GDPR_PersonalData_Assets`). \\r\\n3. Upload the file and confirm `HostName` is recognized as the search key.\\r\\n\\r\\nThis allows you to: \\r\\n- Focus alerts and incidents on GDPR-relevant systems \\r\\n- Monitor attack tactics and timelines against personal data servers \\r\\n- Provide auditors with clear evidence of incident detection and response for regulated data \\r\\n\\r\\nAll **Security Alerts & Incidents** visuals in this workbook will only display events related to servers listed in this watchlist.\\r\\n\\r\\n📘 [Setup guide – Microsoft Defender XDR connector](https://learn.microsoft.com/azure/sentinel/connect-microsoft-365-defender) \\r\\n📘 [How to create and use watchlists](https://learn.microsoft.com/azure/sentinel/watchlists)\\r\\n\"},\"customWidth\":\"40\",\"name\":\"text - 6\"},{\"type\":1,\"content\":{\"json\":\"\"},\"customWidth\":\"10\",\"name\":\"text - 5\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n\\r\\n### 2. Data Loss Prevention (Microsoft Purview Information Protection)\\r\\nFrom the Azure portal, install the **[Microsoft Purview Information Protection](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/dontDiscardJourney~/true/id/azuresentinel.azure-sentinel-solution-mip)** solution via **Content Hub**. \\r\\nThen, enable the **Microsoft Purview Information Protection** data connector to ingest **sensitivity labeling and protection events** into the **`MicrosoftPurviewInformationProtection`** table. \\r\\nWith this configuration, you can: \\r\\n- Track **sensitivity label adoption and usage trends** \\r\\n- Monitor **labeled/protected documents and emails** across Microsoft 365 \\r\\n- Detect **label changes, downgrades, and policy enforcement outcomes** \\r\\n- Provide auditors with **evidence of applied protections on personal and sensitive data** \\r\\n\\r\\n📘 [Setup guide – Microsoft Purview Information Protection connector](https://learn.microsoft.com/azure/sentinel/connect-microsoft-purview)\\r\\n\\r\\n---\"},\"customWidth\":\"40\",\"name\":\"text - 4\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n\\r\\n### 3. Microsoft Purview (Data Classification & Sensitivity Logs)\\r\\nFrom the Azure portal, install the **[Microsoft Purview](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/dontDiscardJourney~/true/id/azuresentinel.azure-sentinel-solution-azurepurview)** solution via **Content Hub**. \\r\\nThen, configure the **Microsoft Purview** data connector to stream **Data Classification and Sensitivity scan events** into the **`PurviewDataSensitivityLogs`** table. \\r\\n\\r\\nWith this configuration, you can: \\r\\n- Discover **where personal and sensitive data resides** across your cloud resources \\r\\n- Monitor **assets with classifications and sensitivity labels** over time \\r\\n- Track **data types and categories** detected by Purview scans \\r\\n- Provide auditors with **an inventory of sensitive data processing** \\r\\n\\r\\n📘 [Setup guide – Microsoft Purview solution](https://learn.microsoft.com/azure/sentinel/purview-solution)\\r\\n\\r\\n---\"},\"customWidth\":\"40\",\"name\":\"text - 3\"},{\"type\":1,\"content\":{\"json\":\"\"},\"customWidth\":\"10\",\"name\":\"text - 10\"},{\"type\":1,\"content\":{\"json\":\"\\r\\n### 4. Azure SQL Databases\\r\\nFrom the Azure portal, install the **[Azure SQL Database](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/dontDiscardJourney~/true/id/sentinel4sql.sentinel4sql)** solution via **Content Hub**. \\r\\nThen, connect the **Azure SQL Databases** data connector to stream **audit and diagnostic logs** into Microsoft Sentinel. \\r\\nThese logs populate the **`AzureDiagnostics`** table (and SQL-specific audit tables if enabled). \\r\\n\\r\\nWith this configuration, you can: \\r\\n- Monitor **sensitive queries by label, information type, and principal** \\r\\n- Detect **anomalous activity and anomaly scores** across databases \\r\\n- Track **application and IP access to classified data** \\r\\n- Provide auditors with **evidence of monitoring structured personal data in SQL systems** \\r\\n\\r\\n📘 [Setup guide – Configure Azure SQL logging to Sentinel](https://learn.microsoft.com/azure/azure-sql/database/metrics-diagnostic-telemetry-logging-streaming-export-configure?view=azuresql&tabs=azure-portal)\\r\\n\\r\\n---\"},\"customWidth\":\"40\",\"name\":\"text - 8\"},{\"type\":1,\"content\":{\"json\":\"### 5. Microsoft 365 Activity\\r\\n\\r\\nFrom the Azure portal, install the **[Microsoft 365](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/dontDiscardJourney~/true/id/azuresentinel.azure-sentinel-solution-office365)** solution via **Content Hub**. \\r\\nThen, enable the **Microsoft 365 (formerly Office 365)** data connector to stream **unified audit logs** into Microsoft Sentinel. \\r\\nThese logs populate the **`OfficeActivity`** table. \\r\\n\\r\\nWith this configuration, you can: \\r\\n- Monitor **user and administrator activity** across Exchange, SharePoint, OneDrive, and Teams \\r\\n- Detect **risky file sharing, mailbox access by non-owners, and suspicious admin operations** \\r\\n- Identify **unusual Teams or SharePoint activity** (e.g., mass deletions, uploads from unseen devices) \\r\\n- Provide auditors with a **comprehensive audit trail of data activity** in Microsoft 365 services\\r\\n\\r\\n---\"},\"customWidth\":\"40\",\"name\":\"text - 9\"},{\"type\":1,\"content\":{\"json\":\"\"},\"customWidth\":\"10\",\"name\":\"text - 10\"},{\"type\":1,\"content\":{\"json\":\"### 6. User & Entity Behavior Analytics (UEBA)\\r\\n\\r\\nFrom the Azure portal, enable **User and Entity Behavior Analytics (UEBA)** in Microsoft Sentinel settings. \\r\\nUEBA builds baselines of user and entity activities and writes enriched risk insights into the **`BehaviorAnalytics`** table.\\r\\n\\r\\nThis enables you to: \\r\\n- Detect anomalous behaviors across users and entities \\r\\n- Correlate activities across multiple data sources \\r\\n- Identify potential insider threats and compromised accounts \\r\\n\\r\\n📘 [Setup guide](https://learn.microsoft.com/azure/sentinel/enable-entity-behavior-analytics?tabs=azure)\\r\\n\\r\\n---\"},\"customWidth\":\"40\",\"name\":\"text - 11\"},{\"type\":1,\"content\":{\"json\":\"### 7. Sign-ins and Audit (Microsoft Entra ID)\\r\\n\\r\\nFrom the Azure portal, install the **[Microsoft Entra ID](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/dontDiscardJourney~/true/id/azuresentinel.azure-sentinel-solution-azureactivedirectory)** solution via **Content Hub**. \\r\\nThen, enable the **Microsoft Entra ID (Sign-in, Audit Logs)** data connector to stream authentication events into Microsoft Sentinel. \\r\\n\\r\\nThese logs populate the **`SigninLogs`** and **`AuditLogs`** table and allow you to: \\r\\n- Monitor successful vs. failed sign-ins \\r\\n- Detect risky logins, brute-force attempts, and unusual geolocations \\r\\n- Investigate access patterns to applications and resources handling personal data\\r\\n- Monitor changes to users, groups, and applications \\r\\n- Track administrative actions such as role assignments, policy changes, and resource access grants \\r\\n- Provide a traceable record of identity-related activities for GDPR accountability \\r\\n\\r\\n📘 [Setup guide](https://learn.microsoft.com/azure/sentinel/connect-azure-active-directory)\\r\\n\\r\\n---\"},\"customWidth\":\"40\",\"name\":\"text - 12\"}]},\"conditionalVisibility\":{\"parameterName\":\"isHelpVisible\",\"comparison\":\"isEqualTo\",\"value\":\"true\"},\"name\":\"Overview Group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"7afa304d-b448-4d6c-8c54-69e51a7249a9\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results113\",\"type\":1,\"query\":\"// Load personal data servers from Sentinel watchlist\\r\\nlet PersonalDataServers = _GetWatchlist('GDPR_PersonalData_Assets')\\r\\n | project HostName = tolower(HostName);\\r\\nSecurityAlert\\r\\n| mv-expand Entity = todynamic(Entities)\\r\\n| extend EntityType = tostring(Entity.Type)\\r\\n| extend HostName = iff(EntityType == \\\"host\\\",tolower(tostring(Entity.HostName)), \\\"\\\")\\r\\n| where HostName <> \\\"\\\"\\r\\n// Keep only alerts where HostName is in the watchlist\\r\\n| join kind=inner (PersonalDataServers) on HostName\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"33\",\"name\":\"Results113\",\"styleSettings\":{\"maxWidth\":\"33\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"9b6b6d2b-a6d9-46c6-882d-722c0c9d455f\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results114\",\"type\":1,\"query\":\"// Load personal data servers from Sentinel watchlist\\r\\nlet PersonalDataServers = _GetWatchlist('GDPR_PersonalData_Assets')\\r\\n| project HostName = tolower(HostName);\\r\\nSecurityIncident\\r\\n | summarize hint.strategy = shuffle arg_max(LastModifiedTime, *) by IncidentNumber\\r\\n | mv-expand AlertIds\\r\\n | extend AlertId = tostring(AlertIds)\\r\\n | join kind= innerunique ( \\r\\n SecurityAlert \\r\\n )\\r\\n on $left.AlertId == $right.SystemAlertId\\r\\n | summarize hint.strategy = shuffle arg_max(TimeGenerated, *), NumberOfUpdates = count() by SystemAlertId\\r\\n | mv-expand todynamic(Entities)\\r\\n | where Entities[\\\"Type\\\"] =~ \\\"host\\\"\\r\\n | extend HostName = tolower(tostring(Entities.HostName))\\r\\n | where Entities[\\\"HostName\\\"] <> \\\"\\\"\\r\\n // Keep only alerts where HostName is in the watchlist\\r\\n | join kind=inner (PersonalDataServers) on HostName\\r\\n | extend Href_ = tostring(parse_json(ExtendedLinks)[0].Href)\\r\\n | summarize DeviceNames = make_set(HostName,10), arg_max(TimeGenerated, *) by IncidentNumber\\r\\n | parse IncidentUrl with * '/#asset/Microsoft_Azure_Security_Insights/Incident' IncidentBlade\\r\\n | distinct Title, Severity, IncidentBlade, tostring(DeviceNames), TimeGenerated, IncidentNumber\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"33\",\"name\":\"Results114\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"572e4329-8e88-4492-972a-86267f66f8a2\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results115\",\"type\":1,\"query\":\"// Load personal data servers from Sentinel watchlist\\r\\nlet PersonalDataServers = _GetWatchlist('GDPR_PersonalData_Assets')\\r\\n | project HostName = tolower(HostName);\\r\\nSecurityIncident\\r\\n | summarize hint.strategy = shuffle arg_max(LastModifiedTime, *) by IncidentNumber\\r\\n | mv-expand AlertIds\\r\\n | extend AlertId = tostring(AlertIds)\\r\\n | join kind= innerunique ( \\r\\n SecurityAlert \\r\\n )\\r\\n on $left.AlertId == $right.SystemAlertId\\r\\n | summarize hint.strategy = shuffle arg_max(TimeGenerated, *), NumberOfUpdates = count() by SystemAlertId\\r\\n | extend EntitiesSet = todynamic(Entities)\\r\\n | mv-expand todynamic(Entities)\\r\\n | where Entities[\\\"Type\\\"] =~ \\\"host\\\"\\r\\n | extend HostName = tolower(tostring(Entities.HostName))\\r\\n | where Entities[\\\"HostName\\\"] <> \\\"\\\"\\r\\n // Keep only alerts where HostName is in the watchlist\\r\\n | join kind=inner (PersonalDataServers) on HostName\\r\\n | extend Href_ = tostring(parse_json(ExtendedLinks)[0].Href)\\r\\n | summarize DeviceNames = make_set(HostName,10), arg_max(TimeGenerated, *) by IncidentNumber\\r\\n | parse IncidentUrl with * '/#asset/Microsoft_Azure_Security_Insights/Incident' IncidentBlade\\r\\n | mv-expand todynamic(EntitiesSet)\\r\\n | extend Name = tostring(tolower(EntitiesSet[\\\"Name\\\"])), UPNSuffix = tostring(EntitiesSet[\\\"UPNSuffix\\\"])\\r\\n | extend UPN = iff(Name != \\\"\\\" and UPNSuffix != \\\"\\\", strcat(Name, \\\"@\\\", UPNSuffix), \\\"\\\")\\r\\n | where UPN <> \\\"\\\"\\r\\n | summarize count() by UPN\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"33\",\"name\":\"Results115\"},{\"type\":1,\"content\":{\"json\":\"# 🚨 [Security Alerts and Incidents](https://docs.microsoft.com/azure/sentinel/create-incidents-from-alerts)\\n---\\n\\nThis section consolidates security alerts and incidents that may involve systems storing or processing personal data. It supports GDPR obligations for **security of processing (Art. 32)**, **breach notification (Art. 33 & 34)**, and **accountability (Art. 5(2))** by ensuring that organizations can quickly detect, investigate, and respond to threats that impact personal data. \\n\\nKey objectives of this section: \\n- Track **security alerts involving personal data servers** to prioritize investigations of GDPR-relevant risks \\n- Monitor **alerts mapped to MITRE ATT&CK® tactics** to understand adversary techniques targeting personal data \\n- Review **incident counts and timelines** to measure responsiveness and compliance with breach notification requirements \\n- Provide auditors with documented evidence of **security monitoring, incident management, and remediation activities** \\n\\nBy analyzing these metrics, analysts can ensure that **personal data risks are rapidly identified and addressed**, and that the organization maintains the ability to **demonstrate incident response readiness** in alignment with GDPR.\"},\"customWidth\":\"40\",\"name\":\"text - 2\"},{\"type\":1,\"content\":{\"json\":\"\"},\"customWidth\":\"10\",\"name\":\"text - 15\"},{\"type\":1,\"content\":{\"json\":\"| Security Alerts And Incidents | | |\\r\\n|:--| - | - |\\r\\n| Alerts Over Time for Personal Data Hosting Systems | Alerts Details | Alerts by MITRE ATT&CK® Tactics|\\r\\n| Security Incidents Over Time for Personal Data Hosting Systems | Security Incidents By Users |Security Incidents Details|\\r\\n\\r\\nPanels in this section are dynamically rendered based on the selected Subscription, Workspace, and Time range. Only panels with data are shown.\\r\\n\"},\"customWidth\":\"40\",\"name\":\"SI OV\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"// Load personal data servers from Sentinel watchlist\\r\\nlet PersonalDataServers = _GetWatchlist('GDPR_PersonalData_Assets')\\r\\n | project HostName = tolower(HostName);\\r\\nSecurityAlert\\r\\n| mv-expand Entity = todynamic(Entities)\\r\\n| extend EntityType = tostring(Entity.Type)\\r\\n| extend HostName = iff(EntityType == \\\"host\\\",tolower(tostring(Entity.HostName)), \\\"\\\")\\r\\n| where HostName <> \\\"\\\"\\r\\n// Keep only alerts where HostName is in the watchlist\\r\\n| join kind=inner (PersonalDataServers) on HostName\\r\\n| extend DeviceName = HostName, AlertId = SystemAlertId\\r\\n| summarize by AlertId, AlertName, TimeGenerated\\r\\n| make-series Alerts = count() on TimeGenerated step 1d by AlertName\",\"size\":0,\"title\":\"Alerts Over Time for Personal Data Hosting Systems\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\"},\"conditionalVisibility\":{\"parameterName\":\"Results113\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"query - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"// Load personal data servers from Sentinel watchlist\\r\\nlet PersonalDataServers = _GetWatchlist('GDPR_PersonalData_Assets')\\r\\n | project HostName = tolower(HostName);\\r\\nSecurityAlert\\r\\n| mv-expand Entity = todynamic(Entities)\\r\\n| extend EntityType = tostring(Entity.Type)\\r\\n| extend HostName = iff(EntityType == \\\"host\\\",tolower(tostring(Entity.HostName)), \\\"\\\")\\r\\n| where HostName <> \\\"\\\"\\r\\n// Keep only alerts where HostName is in the watchlist\\r\\n| join kind=inner (PersonalDataServers) on HostName\\r\\n| summarize \\r\\n AlertName = any(AlertName),\\r\\n AlertSeverity = any(AlertSeverity),\\r\\n DeviceNames = make_set(HostName,10),\\r\\n TimeGenerated = any(TimeGenerated)\\r\\n by AlertId = SystemAlertId, AlertLink\\r\\n | project-reorder AlertName, AlertSeverity, AlertLink, DeviceNames, TimeGenerated, AlertId\\r\\n| order by TimeGenerated desc\\r\\n| take 100\",\"size\":0,\"title\":\"Alerts Details\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"AlertLink\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"Url\",\"linkLabel\":\"Alert >>\"}}]}},\"conditionalVisibility\":{\"parameterName\":\"Results113\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"query - 2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"// Load personal data servers from Sentinel watchlist\\r\\nlet PersonalDataServers = _GetWatchlist('GDPR_PersonalData_Assets')\\r\\n | project HostName = tolower(HostName);\\r\\nSecurityAlert\\r\\n| mv-expand Entity = todynamic(Entities)\\r\\n| extend EntityType = tostring(Entity.Type)\\r\\n| extend HostName = iff(EntityType == \\\"host\\\",tolower(tostring(Entity.HostName)), \\\"\\\")\\r\\n| where HostName <> \\\"\\\"\\r\\n// Keep only alerts where HostName is in the watchlist\\r\\n| join kind=inner (PersonalDataServers) on HostName\\r\\n| summarize by Tactics, SystemAlertId\\r\\n| summarize Count=count() by Tactics\\r\\n| sort by Count desc\",\"size\":0,\"title\":\"Alerts by MITRE ATT&CK® Tactics\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Tactics\"},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"yellowOrangeRed\"}},\"showBorder\":false}},\"conditionalVisibility\":{\"parameterName\":\"Results113\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"query - 3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"// Load personal data servers from Sentinel watchlist\\r\\nlet PersonalDataServers = _GetWatchlist('GDPR_PersonalData_Assets')\\r\\n | project HostName = tolower(HostName);\\r\\nSecurityIncident\\r\\n | summarize hint.strategy = shuffle arg_max(LastModifiedTime, *) by IncidentNumber\\r\\n | mv-expand AlertIds\\r\\n | extend AlertId = tostring(AlertIds)\\r\\n | join kind= innerunique ( \\r\\n SecurityAlert \\r\\n )\\r\\n on $left.AlertId == $right.SystemAlertId\\r\\n | summarize hint.strategy = shuffle arg_max(TimeGenerated, *), NumberOfUpdates = count() by SystemAlertId\\r\\n | mv-expand todynamic(Entities)\\r\\n | where Entities[\\\"Type\\\"] =~ \\\"host\\\"\\r\\n | extend HostName = tolower(tostring(Entities.HostName))\\r\\n | where Entities[\\\"HostName\\\"] <> \\\"\\\"\\r\\n // Keep only alerts where HostName is in the watchlist\\r\\n | join kind=inner (PersonalDataServers) on HostName\\r\\n | extend Href_ = tostring(parse_json(ExtendedLinks)[0].Href)\\r\\n | summarize DeviceNames = make_set(HostName,10), arg_max(TimeGenerated, *) by IncidentNumber\\r\\n | parse IncidentUrl with * '/#asset/Microsoft_Azure_Security_Insights/Incident' IncidentBlade\\r\\n | distinct Title, Severity, IncidentBlade, tostring(DeviceNames), TimeGenerated, IncidentNumber\\r\\n| make-series count() default=0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step 1d by Title\\r\\n| render timechart\\r\\n\\r\\n\\r\\n\\r\\n\",\"size\":0,\"showAnalytics\":true,\"title\":\"Security Incidents Over Time for Personal Data Hosting Systems\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"Severity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"redBright\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"city_\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"state_\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\",\"text\":\"{0}{1}\"}]}}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"UserPrincipalName\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"redBright\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results114\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results114e\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"// Load personal data servers from Sentinel watchlist\\r\\nlet PersonalDataServers = _GetWatchlist('GDPR_PersonalData_Assets')\\r\\n | project HostName = tolower(HostName);\\r\\nSecurityIncident\\r\\n | summarize hint.strategy = shuffle arg_max(LastModifiedTime, *) by IncidentNumber\\r\\n | mv-expand AlertIds\\r\\n | extend AlertId = tostring(AlertIds)\\r\\n | join kind= innerunique ( \\r\\n SecurityAlert \\r\\n )\\r\\n on $left.AlertId == $right.SystemAlertId\\r\\n | summarize hint.strategy = shuffle arg_max(TimeGenerated, *), NumberOfUpdates = count() by SystemAlertId\\r\\n | extend EntitiesSet = todynamic(Entities)\\r\\n | mv-expand todynamic(Entities)\\r\\n | where Entities[\\\"Type\\\"] =~ \\\"host\\\"\\r\\n | extend HostName = tolower(tostring(Entities.HostName))\\r\\n | where Entities[\\\"HostName\\\"] <> \\\"\\\"\\r\\n // Keep only alerts where HostName is in the watchlist\\r\\n | join kind=inner (PersonalDataServers) on HostName\\r\\n | extend Href_ = tostring(parse_json(ExtendedLinks)[0].Href)\\r\\n | summarize DeviceNames = make_set(HostName,10), arg_max(TimeGenerated, *) by IncidentNumber\\r\\n | parse IncidentUrl with * '/#asset/Microsoft_Azure_Security_Insights/Incident' IncidentBlade\\r\\n | mv-expand todynamic(EntitiesSet)\\r\\n | extend Name = tostring(tolower(EntitiesSet[\\\"Name\\\"])), UPNSuffix = tostring(EntitiesSet[\\\"UPNSuffix\\\"])\\r\\n | extend UPN = iff(Name != \\\"\\\" and UPNSuffix != \\\"\\\", strcat(Name, \\\"@\\\", UPNSuffix), \\\"\\\")\\r\\n | where UPN <> \\\"\\\"\\r\\n | summarize count() by UPN\\r\\n | render piechart\",\"size\":0,\"showAnalytics\":true,\"title\":\"Security Incidents by Users\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UPN\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"Severity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"redBright\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"AlertName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"3\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ProductName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"uninitialized\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"yellowOrangeRed\"}},{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"city_\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"state_\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\",\"text\":\"{0}{1}\"}]}}],\"filter\":true},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results115\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results113h\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"// Load personal data servers from Sentinel watchlist\\r\\nlet PersonalDataServers = _GetWatchlist('GDPR_PersonalData_Assets')\\r\\n | project HostName = tolower(HostName);\\r\\nSecurityIncident\\r\\n | summarize hint.strategy = shuffle arg_max(LastModifiedTime, *) by IncidentNumber\\r\\n | mv-expand AlertIds\\r\\n | extend AlertId = tostring(AlertIds)\\r\\n | join kind= innerunique ( \\r\\n SecurityAlert \\r\\n )\\r\\n on $left.AlertId == $right.SystemAlertId\\r\\n | summarize hint.strategy = shuffle arg_max(TimeGenerated, *), NumberOfUpdates = count() by SystemAlertId\\r\\n | mv-expand todynamic(Entities)\\r\\n | where Entities[\\\"Type\\\"] =~ \\\"host\\\"\\r\\n | extend HostName = tolower(tostring(Entities.HostName))\\r\\n | where Entities[\\\"HostName\\\"] <> \\\"\\\"\\r\\n // Keep only alerts where HostName is in the watchlist\\r\\n | join kind=inner (PersonalDataServers) on HostName\\r\\n | extend Href_ = tostring(parse_json(ExtendedLinks)[0].Href)\\r\\n | summarize DeviceNames = make_set(HostName,10), arg_max(TimeGenerated, *) by IncidentNumber\\r\\n | parse IncidentUrl with * '/#asset/Microsoft_Azure_Security_Insights/Incident' IncidentBlade\\r\\n | distinct Title, Severity, IncidentBlade, tostring(DeviceNames), TimeGenerated, IncidentNumber \\r\\n | sort by TimeGenerated desc\\r\\n | limit 100\",\"size\":0,\"showAnalytics\":true,\"title\":\"Security Incidents Details\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"Title\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Alert\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"Severity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"Sev0\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"Sev1\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"Sev2\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"Sev3\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"IncidentBlade\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"OpenBlade\",\"linkLabel\":\"Incident >>\",\"bladeOpenContext\":{\"bladeName\":\"CaseBlade\",\"extensionName\":\"Microsoft_Azure_Security_Insights\",\"bladeParameters\":[{\"name\":\"id\",\"source\":\"column\",\"value\":\"IncidentBlade\"}]}}},{\"columnMatch\":\"UPN\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ProductName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"uninitialized\",\"text\":\"{0}{1}\"}]}}],\"filter\":true,\"sortBy\":[{\"itemKey\":\"IncidentNumber\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"IncidentNumber\",\"sortOrder\":2}],\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"conditionalVisibility\":{\"parameterName\":\"Results114\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results153\"}]},\"conditionalVisibility\":{\"parameterName\":\"isSecurityAlertsVisible\",\"comparison\":\"isEqualTo\",\"value\":\"true\"},\"name\":\"Security Alerts Group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# 🛡 [Data Loss Prevention](https://docs.microsoft.com/microsoft-365/solutions/information-protection-deploy)\\n---\\n\\nThis section helps you monitor and control the **movement of sensitive and personal data**, directly supporting GDPR principles of **data protection by design (Art. 25)** and **security of processing (Art. 32)**. \\n\\nKey objectives of this section: \\n- Track **where sensitive data is accessed** and from which geolocations \\n- Detect and investigate **potential leaks or unauthorized transfers** of personal data \\n- Measure **label-based access patterns** (sensitivity labels applied through Microsoft Information Protection) \\n- Provide evidence of **preventive and detective controls** for GDPR audits \\n\\nBy monitoring these metrics, you can quickly identify risky behaviors such as **unusual data access locations**, **exfiltration attempts**, or **leak alerts**, and take corrective actions to protect personal data.\\n\"},\"customWidth\":\"40\",\"name\":\"text - 2\"},{\"type\":1,\"content\":{\"json\":\"\"},\"customWidth\":\"10\",\"name\":\"text - 12\"},{\"type\":1,\"content\":{\"json\":\"| Data Loss Prevention | | |\\r\\n|:--| - | - |\\r\\n| Sensitive Label Access by Geolocations | Sensitive Label Access by Geolocation Details | Sensitive Data Alerts over Time|\\r\\n| Sensitive Data Alert Details | Data Access by Sensitivity Labels Over Time | Data Access by Sensitivity Label |\\r\\n|Sensitive Data Access Details|\\r\\n\\r\\nPanels in this section are dynamically rendered based on the selected Subscription, Workspace, and Time range. Only panels with data are shown. \\r\\n\"},\"customWidth\":\"50\",\"name\":\"text - 13\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"7afa304d-b448-4d6c-8c54-69e51a7249a9\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results305\",\"type\":1,\"query\":\"SecurityAlert\\r\\n | summarize hint.strategy = shuffle arg_max(TimeGenerated, *), NumberOfUpdates = count() by SystemAlertId\\r\\n | mv-expand todynamic(Entities)\\r\\n | where Entities[\\\"Type\\\"] =~ \\\"account\\\"\\r\\n | extend Name = tostring(tolower(Entities[\\\"Name\\\"])), NTDomain = tostring(Entities[\\\"NTDomain\\\"]), UPNSuffix = tostring(Entities[\\\"UPNSuffix\\\"]), AadUserId = tostring(Entities[\\\"AadUserId\\\"]), AadTenantId = tostring(Entities[\\\"AadTenantId\\\"]), \\r\\n Sid = tostring(Entities[\\\"Sid\\\"]), IsDomainJoined = tobool(Entities[\\\"IsDomainJoined\\\"]), Host = tostring(Entities[\\\"Host\\\"])\\r\\n | extend UPN = iff(Name != \\\"\\\" and UPNSuffix != \\\"\\\", strcat(Name, \\\"@\\\", UPNSuffix), \\\"\\\")\\r\\n| extend Href_ = tostring(parse_json(ExtendedLinks)[0].Href)\\r\\n| extend UserPrincipalName = UPN\\r\\n| distinct AlertName, ProductName, Status, AlertLink, UserPrincipalName, Tactics, TimeGenerated\\r\\n| where AlertName contains \\\"sensitive\\\" or AlertName contains \\\"data\\\" or AlertName contains \\\"leak\\\" or Tactics contains \\\"exfil\\\" or AlertName contains \\\"theft\\\" or AlertName contains \\\"steal\\\" or AlertName contains \\\"PII\\\" or AlertName contains \\\"intellectual\\\" or AlertName contains \\\"confidential\\\" or AlertName contains \\\"spill\\\"\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"10\",\"name\":\"Results305\",\"styleSettings\":{\"maxWidth\":\"10\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"04a06f0b-7190-4af9-9d04-473d54a3f923\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results306\",\"type\":1,\"query\":\"MicrosoftPurviewInformationProtection\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"10\",\"name\":\"Results306\",\"styleSettings\":{\"maxWidth\":\"10\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"84d1a90a-923f-4fe1-88a0-b5603f0530b6\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results307\",\"type\":1,\"query\":\"MicrosoftPurviewInformationProtection\\r\\n| extend UserPrincipalName = UserId\\r\\n| where LabelName <> \\\"\\\"\\r\\n| join (SigninLogs) on UserPrincipalName\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"Results307\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"MicrosoftPurviewInformationProtection\\r\\n| extend UserPrincipalName = UserId\\r\\n| where LabelName <> \\\"\\\"\\r\\n// 🔎 Filter out common or non-critical labels here (example excludes \\\"General\\\").\\r\\n// Update the list inside !in(...) and uncomment below line to exclude labels that are considered low-sensitivity in your org.\\r\\n// | where LabelName !in (\\\"General\\\")\\r\\n| join (SigninLogs) on UserPrincipalName\\r\\n| extend City = tostring(LocationDetails.city)\\r\\n| extend State = tostring(LocationDetails.state)\\r\\n| extend Country_Region = tostring(LocationDetails.countryOrRegion)\\r\\n| project Location\",\"size\":3,\"showAnalytics\":true,\"title\":\"Sensitive Label Access by Geolocations\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"visualization\":\"map\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"warning\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"UncommonActionVolume\",\"formatter\":4,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"UncommonAction\",\"formatter\":4,\"formatOptions\":{\"palette\":\"green\"}},{\"columnMatch\":\"FirstTimeUserAction\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"FirstTimeDeviceLogon\",\"formatter\":4,\"formatOptions\":{\"palette\":\"yellow\"}},{\"columnMatch\":\"IncidentCount\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"AlertCount\",\"formatter\":8,\"formatOptions\":{\"palette\":\"orange\"}},{\"columnMatch\":\"AnomalyCount\",\"formatter\":8,\"formatOptions\":{\"palette\":\"yellow\"}}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"latitude_\",\"longitude\":\"longitude_\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"labelSettings\":\"city_\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"yellow\"}]}}},\"customWidth\":\"60\",\"conditionalVisibility\":{\"parameterName\":\"Results307\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"query - 12\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"MicrosoftPurviewInformationProtection\\r\\n| extend UserPrincipalName = UserId\\r\\n| where LabelName <> \\\"\\\"\\r\\n// 🔎 Filter out common or non-critical labels here (example excludes \\\"General\\\").\\r\\n// Update the list inside !in(...) and uncomment below line to exclude labels that are considered low-sensitivity in your org.\\r\\n// | where LabelName !in (\\\"General\\\")\\r\\n| join (SigninLogs) on UserPrincipalName\\r\\n| extend City = tostring(LocationDetails.city)\\r\\n| extend State = tostring(LocationDetails.state)\\r\\n| extend Country_Region = tostring(LocationDetails.countryOrRegion)\\r\\n| summarize count() by UserPrincipalName, LabelName, City, State, Country_Region\\r\\n| sort by count_ desc\\r\\n| limit 100\\r\\n\",\"size\":0,\"showAnalytics\":true,\"title\":\"Sensitive Label Access by Geolocation Details\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"LabelName_s\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Sev2\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"City\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Globe\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"State\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Globe\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"Country_Region\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Globe\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":4,\"formatOptions\":{\"palette\":\"yellow\"}},{\"columnMatch\":\"UncommonActionVolume\",\"formatter\":4,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"UncommonAction\",\"formatter\":4,\"formatOptions\":{\"palette\":\"green\"}},{\"columnMatch\":\"FirstTimeUserAction\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"FirstTimeDeviceLogon\",\"formatter\":4,\"formatOptions\":{\"palette\":\"yellow\"}},{\"columnMatch\":\"IncidentCount\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"AlertCount\",\"formatter\":8,\"formatOptions\":{\"palette\":\"orange\"}},{\"columnMatch\":\"AnomalyCount\",\"formatter\":8,\"formatOptions\":{\"palette\":\"yellow\"}}],\"filter\":true},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"latitude_\",\"longitude\":\"longitude_\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"labelSettings\":\"city_\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"turquoise\"}]}}},\"customWidth\":\"40\",\"conditionalVisibility\":{\"parameterName\":\"Results307\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"query - 12\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\r\\n | summarize hint.strategy = shuffle arg_max(TimeGenerated, *), NumberOfUpdates = count() by SystemAlertId\\r\\n | mv-expand todynamic(Entities)\\r\\n | where Entities[\\\"Type\\\"] =~ \\\"account\\\"\\r\\n | extend Name = tostring(tolower(Entities[\\\"Name\\\"])), NTDomain = tostring(Entities[\\\"NTDomain\\\"]), UPNSuffix = tostring(Entities[\\\"UPNSuffix\\\"]), AadUserId = tostring(Entities[\\\"AadUserId\\\"]), AadTenantId = tostring(Entities[\\\"AadTenantId\\\"]), \\r\\n Sid = tostring(Entities[\\\"Sid\\\"]), IsDomainJoined = tobool(Entities[\\\"IsDomainJoined\\\"]), Host = tostring(Entities[\\\"Host\\\"]), UserPrincipalName = tostring(Entities[\\\"UserPrincipalName\\\"])\\r\\n | extend UPN = coalesce (UserPrincipalName, iff(Name != \\\"\\\" and UPNSuffix != \\\"\\\", strcat(Name, \\\"@\\\", UPNSuffix), \\\"\\\"))\\r\\n| extend Href_ = tostring(parse_json(ExtendedLinks)[0].Href)\\r\\n| extend UserPrincipalName = UPN\\r\\n| where UserPrincipalName in ({UserPrincipalName})\\r\\n| distinct AlertName, ProductName, Status, AlertLink, UserPrincipalName, Tactics, TimeGenerated\\r\\n| where (AlertName contains \\\"sensitive\\\" or AlertName contains \\\"leak\\\" or AlertName contains \\\"theft\\\" or AlertName contains \\\"steal\\\" or AlertName contains \\\"PII\\\" or AlertName contains \\\"intellectual\\\" or AlertName contains \\\"confidential\\\" or AlertName contains \\\"spill\\\") or (Tactics contains \\\"exfil\\\")\\r\\n| make-series count() default=0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step 1d by AlertName\\r\\n| render timechart\",\"size\":0,\"title\":\"Sensitive Data Alerts over Time\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"AlertName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"3\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"Severity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ProductName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"uninitialized\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"AlertLink\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"Url\",\"linkLabel\":\"Go to Alert >\"}},{\"columnMatch\":\"UPN\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"2\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"IncidentUrl\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"Url\",\"linkLabel\":\"Go to Incident >\"},\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"city_\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"state_\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\",\"text\":\"{0}{1}\"}]}}],\"filter\":true},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"conditionalVisibility\":{\"parameterName\":\"Results305\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"305\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\r\\n | summarize hint.strategy = shuffle arg_max(TimeGenerated, *), NumberOfUpdates = count() by SystemAlertId\\r\\n | mv-expand todynamic(Entities)\\r\\n | where Entities[\\\"Type\\\"] =~ \\\"account\\\"\\r\\n | extend Name = tostring(tolower(Entities[\\\"Name\\\"])), NTDomain = tostring(Entities[\\\"NTDomain\\\"]), UPNSuffix = tostring(Entities[\\\"UPNSuffix\\\"]), AadUserId = tostring(Entities[\\\"AadUserId\\\"]), AadTenantId = tostring(Entities[\\\"AadTenantId\\\"]), \\r\\n Sid = tostring(Entities[\\\"Sid\\\"]), IsDomainJoined = tobool(Entities[\\\"IsDomainJoined\\\"]), Host = tostring(Entities[\\\"Host\\\"]), UserPrincipalName = tostring(Entities[\\\"UserPrincipalName\\\"])\\r\\n | extend UPN = coalesce (UserPrincipalName, iff(Name != \\\"\\\" and UPNSuffix != \\\"\\\", strcat(Name, \\\"@\\\", UPNSuffix), \\\"\\\"))\\r\\n| extend Href_ = tostring(parse_json(ExtendedLinks)[0].Href)\\r\\n| extend UserPrincipalName = UPN\\r\\n| where UserPrincipalName in ({UserPrincipalName})\\r\\n| distinct UserPrincipalName, AlertName, ProductName, Status, AlertLink, Tactics, TimeGenerated\\r\\n| where (AlertName contains \\\"sensitive\\\" or AlertName contains \\\"leak\\\" or AlertName contains \\\"theft\\\" or AlertName contains \\\"steal\\\" or AlertName contains \\\"PII\\\" or AlertName contains \\\"intellectual\\\" or AlertName contains \\\"confidential\\\" or AlertName contains \\\"spill\\\") or (Tactics contains \\\"exfil\\\")\\r\\n| sort by TimeGenerated desc\\r\\n| limit 100\",\"size\":0,\"title\":\"Sensitive Data Alert Details\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"AlertName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"3\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ProductName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"uninitialized\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"AlertLink\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"Url\",\"linkLabel\":\"Go to Alert >\"}},{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"Severity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"UPN\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"2\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"IncidentUrl\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"Url\",\"linkLabel\":\"Go to Incident >\"},\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"city_\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"state_\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\",\"text\":\"{0}{1}\"}]}}],\"filter\":true},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"conditionalVisibility\":{\"parameterName\":\"Results305\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"305b\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"MicrosoftPurviewInformationProtection\\r\\n| where LabelName <> \\\"\\\"\\r\\n| extend CommonProperties = parse_json(Common)\\r\\n| extend ApplicationName = tostring(CommonProperties.ApplicationName)\\r\\n| make-series count() default=0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step 1d by LabelName, ApplicationName\\r\\n| render timechart\",\"size\":0,\"title\":\"Data Access by Sensitivity Labels Over Time\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"AlertName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"3\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"Severity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ProductName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"uninitialized\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"AlertLink\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"Url\",\"linkLabel\":\"Go to Alert >\"}},{\"columnMatch\":\"UPN\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"2\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"IncidentUrl\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"Url\",\"linkLabel\":\"Go to Incident >\"},\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"city_\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"state_\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\",\"text\":\"{0}{1}\"}]}}],\"filter\":true},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results306\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"306a\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"MicrosoftPurviewInformationProtection\\r\\n| where LabelName <> \\\"\\\"\\r\\n// 🔎 Filter out common or non-critical labels here (example excludes \\\"General\\\").\\r\\n// Update the list inside !in(...) and uncomment below line to exclude labels that are considered low-sensitivity in your org.\\r\\n// | where LabelName !in (\\\"General\\\")\\r\\n| summarize count() by LabelName\\r\\n| render piechart\",\"size\":0,\"title\":\"Data Access by Sensitivity Label\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"AlertName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"3\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"Severity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ProductName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"uninitialized\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"AlertLink\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"Url\",\"linkLabel\":\"Go to Alert >\"}},{\"columnMatch\":\"UPN\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"2\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"IncidentUrl\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"Url\",\"linkLabel\":\"Go to Incident >\"},\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"city_\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"state_\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\",\"text\":\"{0}{1}\"}]}}],\"filter\":true},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results306\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"306b\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"MicrosoftPurviewInformationProtection\\r\\n| where LabelName <> \\\"\\\"\\r\\n| extend CommonProperties = parse_json(Common)\\r\\n| extend ApplicationName = tostring(CommonProperties.ApplicationName)\\r\\n| extend properties = parse_json(ProtectionEventData)\\r\\n| extend ProtectionOwner = tostring(properties.ProtectionOwner)\\r\\n| extend IsProtected = tostring(properties.IsProtected)\\r\\n| distinct UserId, LabelName, ApplicationName, Operation, IsProtected, Platform, ProtectionOwner, TimeGenerated\\r\\n| sort by TimeGenerated desc\\r\\n| limit 100\\r\\n\\r\\n\",\"size\":0,\"showAnalytics\":true,\"title\":\"Sensitive Data Access Details\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserId_s\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"AlertName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"3\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"Severity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ProductName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"uninitialized\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"AlertLink\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"Url\",\"linkLabel\":\"Go to Alert >\"}},{\"columnMatch\":\"UPN\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"2\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"IncidentUrl\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"Url\",\"linkLabel\":\"Go to Incident >\"},\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\"}}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"city_\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"state_\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\",\"text\":\"{0}{1}\"}]}}],\"filter\":true},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"conditionalVisibility\":{\"parameterName\":\"Results306\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results306c\"}]},\"conditionalVisibility\":{\"parameterName\":\"isDLPVisible\",\"comparison\":\"isEqualTo\",\"value\":\"true\"},\"name\":\"DLP\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## 🔍 Purview Logs\\r\\n\\r\\nThis section provides visibility into the **classification and labeling of personal and sensitive data** across your Azure and Microsoft 365 environment. It directly supports GDPR principles of **lawfulness, fairness, transparency, and accountability (Art. 5)** as well as requirements for **records of processing activities (Art. 30)** and **data protection by design and by default (Art. 25)**. \\r\\n\\r\\nKey objectives of this section: \\r\\n- Track **classified Azure sources by region** to understand where personal data is stored and processed \\r\\n- Monitor the **volume and types of classified assets** across different resource types \\r\\n- Drill down to the **asset and file level** to validate that personal data is discovered and properly classified \\r\\n- Assess the application of **sensitivity labels** to ensure data is protected according to organizational policy \\r\\n- Provide auditors with clear evidence of **data inventory and classification coverage** \\r\\n\\r\\nBy reviewing these metrics, analysts can verify that **data discovery, classification, and labeling controls** are functioning as required, and quickly spot gaps where sensitive data may not be properly governed.\\r\\n\"},\"customWidth\":\"40\",\"name\":\"text - 12\"},{\"type\":1,\"content\":{\"json\":\"\"},\"customWidth\":\"10\",\"name\":\"text - 13\"},{\"type\":1,\"content\":{\"json\":\"| Purview Logs | | |\\r\\n|:--| - | - |\\r\\n| Classified Azure Sources by Region | Total Classified Assets by Resource Type | Select 'Data Source' below to view Assets Drilldown |\\r\\n| Assets Drilldown | Classifications by Asset Count and File Size |Classifications Drilldown- Asset Level|\\r\\n|Sensitivity Labels by Asset Count and File Size|Sensitivity Labels Drilldown- Asset Level|\\r\\n\\r\\nPanels in this section are dynamically rendered based on the selected Subscription, Workspace, Time range, Purview Account, Source Collectiona and Resource Type. Only panels with data are shown.\\r\\n\"},\"customWidth\":\"40\",\"name\":\"text - 14\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"a5b9cb0c-6219-4782-a10d-1370a8a6edb4\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"PurviewAccount\",\"label\":\"Purview Account\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"PurviewDataSensitivityLogs\\r\\n|distinct PurviewAccountName\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"timeContext\":{\"durationMs\":2592000000},\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"ea62a59c-3799-400d-a7af-f0ad14cc46c7\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Collection\",\"label\":\"Source Collection\",\"type\":2,\"isRequired\":true,\"isGlobal\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"PurviewDataSensitivityLogs\\r\\n| where ActivityType == \\\"Classification\\\"\\r\\n| distinct SourceCollectionName \\r\\n| extend Collection = iff(SourceCollectionName == \\\"\\\",\\\"No Collection\\\", SourceCollectionName)\\r\\n| project Collection\",\"crossComponentResources\":[\"{Workspace}\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"showDefault\":false},\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"817265c3-f308-44e0-a24c-33dac7ee2c91\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"DataSource\",\"label\":\"Resource Type\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\",\"delimiter\":\",\",\"query\":\"PurviewDataSensitivityLogs\\r\\n| where ActivityType == \\\"Classification\\\"\\r\\n| distinct SourceType \",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"showDefault\":false},\"timeContext\":{\"durationMs\":2592000000},\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 0\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"7afa304d-b448-4d6c-8c54-69e51a7249a9\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results200\",\"type\":1,\"query\":\"let NumberofSourcesByRegion = PurviewDataSensitivityLogs\\r\\n| where ActivityType == \\\"Classification\\\" \\r\\n| where SourceType contains \\\"Azure\\\"\\r\\n// GDPR filter: keep only sources with classification or sensitivity label\\r\\n| where array_length(todynamic(Classification)) > 0 or array_length(todynamic(SensitivityLabel)) > 0\\r\\n| where \\\"{PurviewAccount:label}\\\" == \\\"All\\\" or PurviewAccountName in~ (split(\\\"{PurviewAccount:label}\\\", \\\", \\\"))\\r\\n| where \\\"{DataSource:label}\\\" == \\\"All\\\" or SourceType in~ (split(\\\"{DataSource:label}\\\", \\\", \\\"))\\r\\n| extend CollectionName = iff(SourceCollectionName == \\\"\\\",\\\"No Collection\\\",SourceCollectionName)\\r\\n| where \\\"{Collection:label}\\\" == \\\"All\\\" or CollectionName in~ (split(\\\"{Collection:label}\\\", \\\", \\\"));\\r\\nNumberofSourcesByRegion\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results305\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"34376939-8858-4c9e-b1ff-a89df0cbd3e7\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results201\",\"type\":1,\"query\":\"let MostRecentScanLogs = PurviewDataSensitivityLogs\\r\\n | where ActivityType == \\\"Classification\\\" \\r\\n | where \\\"{PurviewAccount:label}\\\" == \\\"All\\\" or PurviewAccountName in~ (split(\\\"{PurviewAccount:label}\\\", \\\", \\\"))\\r\\n | where SourceType in~ (split(\\\"{DataSource}\\\", \\\",\\\"))\\r\\n | extend CollectionName = iff(SourceCollectionName == \\\"\\\", \\\"No Collection\\\", SourceCollectionName)\\r\\n | where \\\"{Collection:label}\\\" == \\\"All\\\" or CollectionName in~ (split(\\\"{Collection:label}\\\", \\\", \\\"))\\r\\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType ;\\r\\nlet AllAssets = MostRecentScanLogs\\r\\n | summarize AssetCount = count() by SourceType;\\r\\nlet ClassifiedAssets = MostRecentScanLogs\\r\\n | where Classification != \\\"[]\\\"\\r\\n | summarize AssetClassifiedCount = count() by SourceType;\\r\\nlet ClassifiedAssetsByResourceType = AllAssets\\r\\n | join kind= leftouter ClassifiedAssets on SourceType\\r\\n | extend AssetCount = strcat(AssetCount, \\\" assets found in total\\\")\\r\\n | project SourceType, AssetCount, AssetClassifiedCount;\\r\\nClassifiedAssetsByResourceType\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results305 - Copy\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"84a173b6-3660-49aa-8949-729ed6cdbacb\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results202\",\"type\":1,\"query\":\"let MostRecentScanLogs = PurviewDataSensitivityLogs\\r\\n | where ActivityType == \\\"Classification\\\"\\r\\n | where \\\"{PurviewAccount:label}\\\" == \\\"All\\\" or PurviewAccountName in~ (split(\\\"{PurviewAccount:label}\\\", \\\", \\\"))\\r\\n | where SourceType in~ (split(\\\"{DataSource}\\\", \\\",\\\"))\\r\\n | extend CollectionName = iff(SourceCollectionName == \\\"\\\", \\\"No Collection\\\", SourceCollectionName)\\r\\n | where \\\"{Collection:label}\\\" == \\\"All\\\" or CollectionName in~ (split(\\\"{Collection:label}\\\", \\\", \\\"))\\r\\n | extend CollectionName = iff(SourceCollectionName == \\\"\\\", \\\"No Collection\\\", SourceCollectionName) \\r\\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType ;\\r\\nlet AllAssets = MostRecentScanLogs\\r\\n| summarize AssetCount = count() by DataSource = SourcePath, SourceRegion, SourceType;\\r\\nlet ClassifiedAssets = MostRecentScanLogs\\r\\n| where Classification != \\\"[]\\\"\\r\\n| summarize AssetClassifiedCount = count() by DataSource = SourcePath, SourceRegion, SourceType;\\r\\nlet AssetsDrilldown = AllAssets\\r\\n| join kind= leftouter ClassifiedAssets on DataSource, SourceType\\r\\n| extend PathName = substring(DataSource, 1)\\r\\n| extend ClassifiedPercentage = round((100.0 * AssetClassifiedCount / AssetCount),1)\\r\\n| project DataSource, SourceRegion, SourceType, ClassifiedPercentage, AssetClassifiedCount, AssetCount, PathName;\\r\\nAssetsDrilldown\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results202\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"5b145cf1-1b6e-41be-8266-b7e3f928bae8\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results203\",\"type\":1,\"query\":\"let MostRecentScanLogs = PurviewDataSensitivityLogs\\r\\n | where \\\"{PurviewAccount:label}\\\" == \\\"All\\\" or PurviewAccountName in~ (split(\\\"{PurviewAccount:label}\\\", \\\", \\\"))\\r\\n | where SourceType in~ (split(\\\"{DataSource}\\\", \\\",\\\"))\\r\\n | extend CollectionName = iff(SourceCollectionName == \\\"\\\", \\\"No Collection\\\", SourceCollectionName)\\r\\n | where \\\"{Collection:label}\\\" == \\\"All\\\" or CollectionName in~ (split(\\\"{Collection:label}\\\", \\\", \\\"))\\r\\n | extend CollectionName = iff(SourceCollectionName == \\\"\\\", \\\"No Collection\\\", SourceCollectionName)\\r\\n | where ActivityType == \\\"Classification\\\" \\r\\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType;\\r\\nlet Classifications = MostRecentScanLogs\\r\\n| summarize arg_max(TimeGenerated, Classification, FileSize, AssetType) by AssetPath \\r\\n| extend classifications = split(Classification, ',')\\r\\n| mv-expand classifications\\r\\n| extend Classification = trim(@\\\"[^\\\\w]+\\\", tostring(classifications))\\r\\n| where Classification != \\\"\\\"\\r\\n| summarize FileSize = round(sum(FileSize)/1000000,2), AssetCount = count() by Classification\\r\\n| project Classification, AssetCount, FileSize;\\r\\nClassifications\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results203\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"0d1bdef8-7287-4e24-a185-070cf1179d38\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results204\",\"type\":1,\"query\":\"let SensitivityLabels = PurviewDataSensitivityLogs\\r\\n | where \\\"{PurviewAccount:label}\\\" == \\\"All\\\" or PurviewAccountName in~ (split(\\\"{PurviewAccount:label}\\\", \\\", \\\"))\\r\\n | where SourceType in~ (split(\\\"{DataSource}\\\", \\\",\\\"))\\r\\n | extend CollectionName = iff(SourceCollectionName == \\\"\\\", \\\"No Collection\\\", SourceCollectionName)\\r\\n | where \\\"{Collection:label}\\\" == \\\"All\\\" or CollectionName in~ (split(\\\"{Collection:label}\\\", \\\", \\\"))\\r\\n | extend CollectionName = iff(SourceCollectionName == \\\"\\\", \\\"No Collection\\\", SourceCollectionName)\\r\\n | where ActivityType == \\\"Labeling\\\" \\r\\n | extend SensitivityLabel = iff(SensitivityLabel[0] == \\\"\\\", \\\"No Label\\\", SensitivityLabel[0])\\r\\n | extend Label = replace(@\\\"\\\\\\\\\\\", \\\"/\\\", SensitivityLabel)\\r\\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType\\r\\n | summarize FileSize = round(sum(FileSize)/1000000,2), AssetCount = count() by SensitivityLabel, Label\\r\\n | project SensitivityLabel, FileSize, AssetCount, Label\\r\\n | sort by AssetCount;\\r\\nSensitivityLabels\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results204\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let NumberofSourcesByRegion = PurviewDataSensitivityLogs\\r\\n| where ActivityType == \\\"Classification\\\" \\r\\n| where SourceType contains \\\"Azure\\\"\\r\\n// GDPR filter: keep only sources with classification or sensitivity label\\r\\n| where array_length(todynamic(Classification)) > 0 or array_length(todynamic(SensitivityLabel)) > 0\\r\\n| where \\\"{PurviewAccount:label}\\\" == \\\"All\\\" or PurviewAccountName in~ (split(\\\"{PurviewAccount:label}\\\", \\\", \\\"))\\r\\n| where \\\"{DataSource:label}\\\" == \\\"All\\\" or SourceType in~ (split(\\\"{DataSource:label}\\\", \\\", \\\"))\\r\\n| extend CollectionName = iff(SourceCollectionName == \\\"\\\",\\\"No Collection\\\",SourceCollectionName)\\r\\n| where \\\"{Collection:label}\\\" == \\\"All\\\" or CollectionName in~ (split(\\\"{Collection:label}\\\", \\\", \\\"))\\r\\n| distinct SourcePath, SourceRegion\\r\\n| summarize AssetCount = count() by SourceRegion;\\r\\nNumberofSourcesByRegion\",\"size\":0,\"title\":\"Classified Azure Sources by Region\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"map\",\"mapSettings\":{\"locInfo\":\"AzureLoc\",\"locInfoColumn\":\"SourceRegion\",\"sizeSettings\":\"AssetCount\",\"sizeAggregation\":\"Sum\",\"legendMetric\":\"AssetCount\",\"legendAggregation\":\"Sum\",\"itemColorSettings\":{\"nodeColorField\":\"AssetCount\",\"colorAggregation\":\"Sum\",\"type\":\"heatmap\",\"heatmapPalette\":\"greenRed\"}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results200\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"query - 2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let MostRecentScanLogs = PurviewDataSensitivityLogs\\r\\n | where ActivityType == \\\"Classification\\\" \\r\\n | where \\\"{PurviewAccount:label}\\\" == \\\"All\\\" or PurviewAccountName in~ (split(\\\"{PurviewAccount:label}\\\", \\\", \\\"))\\r\\n | where SourceType in~ (split(\\\"{DataSource}\\\", \\\",\\\"))\\r\\n | extend CollectionName = iff(SourceCollectionName == \\\"\\\", \\\"No Collection\\\", SourceCollectionName)\\r\\n | where \\\"{Collection:label}\\\" == \\\"All\\\" or CollectionName in~ (split(\\\"{Collection:label}\\\", \\\", \\\"))\\r\\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType ;\\r\\nlet AllAssets = MostRecentScanLogs\\r\\n | summarize AssetCount = count() by SourceType;\\r\\nlet ClassifiedAssets = MostRecentScanLogs\\r\\n | where Classification != \\\"[]\\\"\\r\\n | summarize AssetClassifiedCount = count() by SourceType;\\r\\nlet ClassifiedAssetsByResourceType = AllAssets\\r\\n | join kind= leftouter ClassifiedAssets on SourceType\\r\\n | extend AssetCount = strcat(AssetCount, \\\" assets found in total\\\")\\r\\n | project SourceType, AssetCount, AssetClassifiedCount;\\r\\nClassifiedAssetsByResourceType\",\"size\":0,\"title\":\"Total Classified Assets by Resource Type\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SourceType\",\"formatter\":16,\"formatOptions\":{\"showIcon\":true}},\"leftContent\":{\"columnMatch\":\"AssetClassifiedCount\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3},\"emptyValCustomText\":\"0\"}},\"secondaryContent\":{\"columnMatch\":\"AssetCount\"},\"showBorder\":true},\"mapSettings\":{\"locInfo\":\"LatLong\",\"sizeSettings\":\"AssetClassifiedCount\",\"sizeAggregation\":\"Sum\",\"legendMetric\":\"AssetClassifiedCount\",\"legendAggregation\":\"Sum\",\"itemColorSettings\":{\"type\":\"heatmap\",\"colorAggregation\":\"Sum\",\"nodeColorField\":\"AssetClassifiedCount\",\"heatmapPalette\":\"greenRed\"}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results201\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"query - 25\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let MostRecentScanLogs = PurviewDataSensitivityLogs\\r\\n | where ActivityType == \\\"Classification\\\"\\r\\n | where \\\"{PurviewAccount:label}\\\" == \\\"All\\\" or PurviewAccountName in~ (split(\\\"{PurviewAccount:label}\\\", \\\", \\\"))\\r\\n | where SourceType in~ (split(\\\"{DataSource}\\\", \\\",\\\"))\\r\\n | extend CollectionName = iff(SourceCollectionName == \\\"\\\", \\\"No Collection\\\", SourceCollectionName)\\r\\n | where \\\"{Collection:label}\\\" == \\\"All\\\" or CollectionName in~ (split(\\\"{Collection:label}\\\", \\\", \\\"))\\r\\n | extend CollectionName = iff(SourceCollectionName == \\\"\\\", \\\"No Collection\\\", SourceCollectionName) \\r\\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType ;\\r\\nlet AllAssets = MostRecentScanLogs\\r\\n| summarize AssetCount = count() by DataSource = SourcePath, SourceRegion, SourceType;\\r\\nlet ClassifiedAssets = MostRecentScanLogs\\r\\n| where Classification != \\\"[]\\\"\\r\\n| summarize AssetClassifiedCount = count() by DataSource = SourcePath, SourceRegion, SourceType;\\r\\nlet AssetsDrilldown = AllAssets\\r\\n| join kind= leftouter ClassifiedAssets on DataSource, SourceType\\r\\n| extend PathName = substring(DataSource, 1)\\r\\n| extend ClassifiedPercentage = round((100.0 * AssetClassifiedCount / AssetCount),1)\\r\\n| project DataSource, SourceRegion, SourceType, ClassifiedPercentage, AssetClassifiedCount, AssetCount, PathName;\\r\\nAssetsDrilldown\",\"size\":0,\"showAnalytics\":true,\"title\":\"Select 'Data Source' below to view Assets Drilldown\",\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"exportFieldName\":\"PathName\",\"exportParameterName\":\"UserSelectedDataSource\",\"exportDefaultValue\":\"All\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DataSource\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"25ch\"}},{\"columnMatch\":\"ClassifiedPercentage\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"20ch\"},\"numberFormat\":{\"unit\":1,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":1}}},{\"columnMatch\":\"AssetClassifiedCount\",\"formatter\":2,\"formatOptions\":{\"customColumnWidthSetting\":\"20ch\"},\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\"},\"emptyValCustomText\":\"0\"}},{\"columnMatch\":\"AssetCount\",\"formatter\":2,\"formatOptions\":{\"customColumnWidthSetting\":\"20ch\"}},{\"columnMatch\":\"PathName\",\"formatter\":5}],\"filter\":true,\"sortBy\":[{\"itemKey\":\"SourceType\",\"sortOrder\":2}],\"labelSettings\":[{\"columnId\":\"DataSource\",\"label\":\"Data Source\"},{\"columnId\":\"SourceRegion\",\"label\":\"Source Region\"},{\"columnId\":\"SourceType\",\"label\":\"Source Type\"},{\"columnId\":\"ClassifiedPercentage\",\"label\":\"% Classified\"},{\"columnId\":\"AssetClassifiedCount\",\"label\":\"Classified Assets\"},{\"columnId\":\"AssetCount\",\"label\":\"Total Assets\"},{\"columnId\":\"PathName\",\"label\":\"Source Path\"}]},\"sortBy\":[{\"itemKey\":\"SourceType\",\"sortOrder\":2}]},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results202\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"query - 8\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let MostRecentScanLogs = PurviewDataSensitivityLogs\\r\\n | where \\\"{PurviewAccount:label}\\\" == \\\"All\\\" or PurviewAccountName in~ (split(\\\"{PurviewAccount:label}\\\", \\\", \\\"))\\r\\n | where SourceType in~ (split(\\\"{DataSource}\\\", \\\",\\\"))\\r\\n | extend CollectionName = iff(SourceCollectionName == \\\"\\\", \\\"No Collection\\\", SourceCollectionName)\\r\\n | where \\\"{Collection:label}\\\" == \\\"All\\\" or CollectionName in~ (split(\\\"{Collection:label}\\\", \\\", \\\"))\\r\\n | where \\\"{UserSelectedDataSource:label}\\\" == \\\"All\\\" or (SourcePath contains \\\"{UserSelectedDataSource:label}\\\")\\r\\n | extend CollectionName = iff(SourceCollectionName == \\\"\\\", \\\"No Collection\\\", SourceCollectionName)\\r\\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType ;\\r\\nlet ClassificationCounts = MostRecentScanLogs\\r\\n | where ActivityType == \\\"Classification\\\"\\r\\n | mv-expand Classification\\r\\n | summarize ClassificationCount= count(todynamic(Classification)) by AssetPath\\r\\n | project ClassificationCount, AssetPath;\\r\\nlet ClassifiedAssetsWithCounts = MostRecentScanLogs\\r\\n | where ActivityType == \\\"Classification\\\"\\r\\n | join kind= leftouter ClassificationCounts on AssetPath\\r\\n | summarize arg_max(TimeGenerated, PurviewTenantId, PurviewAccountName, PurviewRegion, SourceName, SourceType, SourcePath, SourceSubscriptionId, SourceRegion, SourceCollectionName, AssetName, AssetPath, AssetType, AssetCreationTime, AssetModifiedTime, AssetLastScanTime, FileExtension, FileSize, ActivityType, Classification, ClassificationCount, ClassificationTrigger, ClassificationDetails, SourceScanId) by AssetPath ;\\r\\nlet LabeledAssets = MostRecentScanLogs\\r\\n | where ActivityType == \\\"Labeling\\\" \\r\\n | mv-expand SensitivityLabel to typeof(string)\\r\\n | where SensitivityLabel != int(null)\\r\\n | mv-expand SensitivityLabelDetails\\r\\n | summarize arg_max(SensitivityLabel, SourceType, SensitivityLabelTrigger, SensitivityLabelDetails) by AssetPath\\r\\n | project AssetPath, SensitivityLabel, SensitivityLabelTrigger, SensitivityLabelDetails;\\r\\nlet ClassificationCountWithSensitivityInformation = ClassifiedAssetsWithCounts\\r\\n | join kind= leftouter LabeledAssets on AssetPath\\r\\n | project\\r\\n TimeGenerated,\\r\\n PurviewTenantId,\\r\\n PurviewAccountName,\\r\\n PurviewRegion,\\r\\n AssetName,\\r\\n AssetPath,\\r\\n AssetType,\\r\\n AssetCreationTime,\\r\\n AssetModifiedTime,\\r\\n AssetLastScanTime,\\r\\n FileExtension,\\r\\n FileSize,\\r\\n ActivityType,\\r\\n ClassificationTrigger,\\r\\n Classification,\\r\\n ClassificationCount,\\r\\n ClassificationDetails,\\r\\n SensitivityLabelTrigger,\\r\\n SensitivityLabel,\\r\\n SensitivityLabelDetails,\\r\\n SourceName,\\r\\n SourceType,\\r\\n SourcePath,\\r\\n SourceSubscriptionId,\\r\\n SourceRegion,\\r\\n SourceCollectionName,\\r\\n SourceScanId\\r\\n | sort by ClassificationCount;\\r\\nClassificationCountWithSensitivityInformation\",\"size\":0,\"showAnalytics\":true,\"title\":\"Assets Drilldown\",\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":5},{\"columnMatch\":\"PurviewTenantId\",\"formatter\":5},{\"columnMatch\":\"PurviewAccountName\",\"formatter\":5},{\"columnMatch\":\"PurviewRegion\",\"formatter\":5},{\"columnMatch\":\"AssetName\",\"formatter\":5},{\"columnMatch\":\"AssetPath\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"GenericDetails\",\"linkIsContextBlade\":true,\"customColumnWidthSetting\":\"60ch\"}},{\"columnMatch\":\"AssetType\",\"formatter\":5},{\"columnMatch\":\"AssetCreationTime\",\"formatter\":5},{\"columnMatch\":\"AssetModifiedTime\",\"formatter\":5},{\"columnMatch\":\"AssetLastScanTime\",\"formatter\":5},{\"columnMatch\":\"FileExtension\",\"formatter\":5},{\"columnMatch\":\"FileSize\",\"formatter\":5},{\"columnMatch\":\"ActivityType\",\"formatter\":5},{\"columnMatch\":\"Classification\",\"formatter\":5},{\"columnMatch\":\"ClassificationCount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\"},\"emptyValCustomText\":\"0\"}},{\"columnMatch\":\"ClassificationDetails\",\"formatter\":5},{\"columnMatch\":\"SensitivityLabelTrigger\",\"formatter\":5},{\"columnMatch\":\"SensitivityLabel\",\"formatter\":0,\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\"},\"emptyValCustomText\":\"No Label\"}},{\"columnMatch\":\"SensitivityLabelDetails\",\"formatter\":5},{\"columnMatch\":\"SourceName\",\"formatter\":5},{\"columnMatch\":\"SourceType\",\"formatter\":5},{\"columnMatch\":\"SourcePath\",\"formatter\":13,\"formatOptions\":{\"linkTarget\":\"Resource\",\"showIcon\":true}},{\"columnMatch\":\"SourceSubscriptionId\",\"formatter\":5},{\"columnMatch\":\"SourceRegion\",\"formatter\":5},{\"columnMatch\":\"SourceCollectionName\",\"formatter\":5},{\"columnMatch\":\"SourceScanId\",\"formatter\":5},{\"columnMatch\":\"PurviewSubscriptionId\",\"formatter\":5},{\"columnMatch\":\"SourceOwner\",\"formatter\":5},{\"columnMatch\":\"AssetOwner\",\"formatter\":5},{\"columnMatch\":\"ClassificationActivityTrigger\",\"formatter\":5},{\"columnMatch\":\"SensitivityLabelActivityTrigger\",\"formatter\":5},{\"columnMatch\":\"SensitivityLabelGuid\",\"formatter\":5},{\"columnMatch\":\"UserId\",\"formatter\":5},{\"columnMatch\":\"ActivityTrigger\",\"formatter\":5},{\"columnMatch\":\"SensitivityLabelName\",\"formatter\":5,\"formatOptions\":{\"customColumnWidthSetting\":\"25ch\"}}],\"rowLimit\":1000,\"filter\":true,\"labelSettings\":[{\"columnId\":\"AssetPath\",\"label\":\"Asset Path\"},{\"columnId\":\"ClassificationCount\",\"label\":\"Classifications\"},{\"columnId\":\"SensitivityLabel\",\"label\":\"Sensitivity Label\"},{\"columnId\":\"SourcePath\",\"label\":\"Data Source\"}]}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results202\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"query - 9\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let MostRecentScanLogs = PurviewDataSensitivityLogs\\r\\n | where \\\"{PurviewAccount:label}\\\" == \\\"All\\\" or PurviewAccountName in~ (split(\\\"{PurviewAccount:label}\\\", \\\", \\\"))\\r\\n | where SourceType in~ (split(\\\"{DataSource}\\\", \\\",\\\"))\\r\\n | extend CollectionName = iff(SourceCollectionName == \\\"\\\", \\\"No Collection\\\", SourceCollectionName)\\r\\n | where \\\"{Collection:label}\\\" == \\\"All\\\" or CollectionName in~ (split(\\\"{Collection:label}\\\", \\\", \\\"))\\r\\n | extend CollectionName = iff(SourceCollectionName == \\\"\\\", \\\"No Collection\\\", SourceCollectionName)\\r\\n | where ActivityType == \\\"Classification\\\" \\r\\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType;\\r\\nlet Classifications = MostRecentScanLogs\\r\\n| summarize arg_max(TimeGenerated, Classification, FileSize, AssetType) by AssetPath \\r\\n| extend classifications = split(Classification, ',')\\r\\n| mv-expand classifications\\r\\n| extend Classification = trim(@\\\"[^\\\\w]+\\\", tostring(classifications))\\r\\n| where Classification != \\\"\\\"\\r\\n| summarize FileSize = round(sum(FileSize)/1000000,2), AssetCount = count() by Classification\\r\\n| project Classification, AssetCount, FileSize;\\r\\nClassifications\\r\\n\",\"size\":0,\"showAnalytics\":true,\"title\":\"Select 'Classification' below to view Classification Drilldown\",\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"exportFieldName\":\"Classification\",\"exportParameterName\":\"UserSelectedClassification\",\"exportDefaultValue\":\"All\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Classification\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50ch\"},\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\"},\"emptyValCustomText\":\"No Classifications\"}},{\"columnMatch\":\"AssetCount\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\",\"customColumnWidthSetting\":\"25ch\"}},{\"columnMatch\":\"FileSize\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\",\"customColumnWidthSetting\":\"25ch\"}}],\"filter\":true,\"sortBy\":[{\"itemKey\":\"$gen_bar_AssetCount_1\",\"sortOrder\":2}],\"labelSettings\":[{\"columnId\":\"AssetCount\",\"label\":\"Classified Asset Count\"},{\"columnId\":\"FileSize\",\"label\":\"Total Size of Files (MB)\"}]},\"sortBy\":[{\"itemKey\":\"$gen_bar_AssetCount_1\",\"sortOrder\":2}],\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"Classification\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Size\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results203\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"query - 4 - Copy\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let MostRecentScanLogs = PurviewDataSensitivityLogs\\r\\n | where \\\"{PurviewAccount:label}\\\" == \\\"All\\\" or PurviewAccountName in~ (split(\\\"{PurviewAccount:label}\\\", \\\", \\\"))\\r\\n | where SourceType in~ (split(\\\"{DataSource}\\\", \\\",\\\"))\\r\\n | extend CollectionName = iff(SourceCollectionName == \\\"\\\", \\\"No Collection\\\", SourceCollectionName)\\r\\n | where \\\"{Collection:label}\\\" == \\\"All\\\" or CollectionName in~ (split(\\\"{Collection:label}\\\", \\\", \\\"))\\r\\n | extend CollectionName = iff(SourceCollectionName == \\\"\\\", \\\"No Collection\\\", SourceCollectionName)\\r\\n | where ActivityType == \\\"Classification\\\" \\r\\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType;\\r\\nlet ClassificationsDrilldown = MostRecentScanLogs\\r\\n| extend classifications = split(Classification, ',')\\r\\n| mv-expand classifications\\r\\n| extend SelectedClassification = trim(@\\\"[^\\\\w]+\\\", tostring(classifications))\\r\\n| where SelectedClassification != \\\"\\\"\\r\\n| where \\\"{UserSelectedClassification:label}\\\" == \\\"All\\\" or (split(\\\"{UserSelectedClassification:label}\\\", \\\", \\\") contains SelectedClassification)\\r\\n| summarize arg_max(TimeGenerated, PurviewTenantId, PurviewAccountName, PurviewRegion, SourceName, SourceType, SourcePath, SourceSubscriptionId, SourceRegion, SourceCollectionName, AssetName, AssetPath, AssetType, AssetCreationTime, AssetModifiedTime, AssetLastScanTime, FileExtension, FileSize, ActivityType, ClassificationTrigger, Classification, ClassificationDetails, SourceScanId) by AssetPath \\r\\n| project TimeGenerated, PurviewTenantId, PurviewAccountName, PurviewRegion, AssetName, AssetPath, AssetType, AssetCreationTime, AssetModifiedTime, AssetLastScanTime, FileExtension, FileSize, ActivityType, ClassificationTrigger, Classification, ClassificationDetails, SourceName, SourceType, SourcePath, SourceSubscriptionId, SourceRegion, SourceCollectionName, SourceScanId;\\r\\nClassificationsDrilldown\\r\\n| take 100\",\"size\":0,\"showAnalytics\":true,\"title\":\"Classifications Drilldown- Asset Level\",\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":5},{\"columnMatch\":\"PurviewTenantId\",\"formatter\":5},{\"columnMatch\":\"PurviewAccountName\",\"formatter\":5},{\"columnMatch\":\"PurviewRegion\",\"formatter\":5},{\"columnMatch\":\"AssetName\",\"formatter\":5},{\"columnMatch\":\"AssetPath\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"GenericDetails\",\"linkIsContextBlade\":true,\"customColumnWidthSetting\":\"70ch\"}},{\"columnMatch\":\"AssetType\",\"formatter\":5},{\"columnMatch\":\"AssetCreationTime\",\"formatter\":5},{\"columnMatch\":\"AssetModifiedTime\",\"formatter\":5},{\"columnMatch\":\"AssetLastScanTime\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"30ch\"}},{\"columnMatch\":\"FileExtension\",\"formatter\":5},{\"columnMatch\":\"FileSize\",\"formatter\":5},{\"columnMatch\":\"ActivityType\",\"formatter\":5},{\"columnMatch\":\"Classification\",\"formatter\":5},{\"columnMatch\":\"SourceName\",\"formatter\":5},{\"columnMatch\":\"SourceType\",\"formatter\":5},{\"columnMatch\":\"SourcePath\",\"formatter\":13,\"formatOptions\":{\"linkTarget\":\"Resource\",\"showIcon\":true}},{\"columnMatch\":\"SourceSubscriptionId\",\"formatter\":5},{\"columnMatch\":\"SourceRegion\",\"formatter\":5},{\"columnMatch\":\"SourceCollectionName\",\"formatter\":5},{\"columnMatch\":\"SourceScanId\",\"formatter\":5},{\"columnMatch\":\"PurviewSubscriptionId\",\"formatter\":5},{\"columnMatch\":\"SourceOwner\",\"formatter\":5},{\"columnMatch\":\"AssetOwner\",\"formatter\":5},{\"columnMatch\":\"ActivityTrigger\",\"formatter\":5},{\"columnMatch\":\"SensitivityLabelGuid\",\"formatter\":5},{\"columnMatch\":\"SensitivityLabelName\",\"formatter\":5},{\"columnMatch\":\"UserId\",\"formatter\":5}],\"filter\":true,\"labelSettings\":[{\"columnId\":\"AssetPath\",\"label\":\"Asset Path\"},{\"columnId\":\"AssetLastScanTime\",\"label\":\"Asset Last Scan Time\"},{\"columnId\":\"SourcePath\",\"label\":\"Data Source\"}]}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results203\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"query - 10\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let SensitivityLabels = PurviewDataSensitivityLogs\\r\\n | where \\\"{PurviewAccount:label}\\\" == \\\"All\\\" or PurviewAccountName in~ (split(\\\"{PurviewAccount:label}\\\", \\\", \\\"))\\r\\n | where SourceType in~ (split(\\\"{DataSource}\\\", \\\",\\\"))\\r\\n | extend CollectionName = iff(SourceCollectionName == \\\"\\\", \\\"No Collection\\\", SourceCollectionName)\\r\\n | where \\\"{Collection:label}\\\" == \\\"All\\\" or CollectionName in~ (split(\\\"{Collection:label}\\\", \\\", \\\"))\\r\\n | extend CollectionName = iff(SourceCollectionName == \\\"\\\", \\\"No Collection\\\", SourceCollectionName)\\r\\n | where ActivityType == \\\"Labeling\\\" \\r\\n | extend SensitivityLabel = iff(SensitivityLabel[0] == \\\"\\\", \\\"No Label\\\", SensitivityLabel[0])\\r\\n | extend Label = replace(@\\\"\\\\\\\\\\\", \\\"/\\\", SensitivityLabel)\\r\\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType\\r\\n | summarize FileSize = round(sum(FileSize)/1000000,2), AssetCount = count() by SensitivityLabel, Label\\r\\n | project SensitivityLabel, FileSize, AssetCount, Label\\r\\n | sort by AssetCount;\\r\\nSensitivityLabels\",\"size\":0,\"showAnalytics\":true,\"title\":\"Select 'Sensitivity Label' below to view Sensitivity Labels Drilldown\",\"showRefreshButton\":true,\"exportFieldName\":\"Label\",\"exportParameterName\":\"UserSelectedLabel\",\"exportDefaultValue\":\"All\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"SensitivityLabel\",\"formatter\":1},{\"columnMatch\":\"FileSize\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\",\"customColumnWidthSetting\":\"20ch\"}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\",\"customColumnWidthSetting\":\"20ch\"}},{\"columnMatch\":\"Label\",\"formatter\":5},{\"columnMatch\":\"SensitivityLabelName\",\"formatter\":1,\"formatOptions\":{\"customColumnWidthSetting\":\"60ch\"},\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\"}}}],\"filter\":true,\"labelSettings\":[{\"columnId\":\"SensitivityLabel\",\"label\":\"Sensitivity Label\"},{\"columnId\":\"FileSize\",\"label\":\"File Size\"},{\"columnId\":\"AssetCount\",\"label\":\"Asset Count\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"SensitivityLabelName\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"LabelCount\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results204\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"query - 14 - Copy\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let MostRecentScanLogs = PurviewDataSensitivityLogs\\r\\n | where \\\"{PurviewAccount:label}\\\" == \\\"All\\\" or PurviewAccountName in~ (split(\\\"{PurviewAccount:label}\\\", \\\", \\\"))\\r\\n | where SourceType in~ (split(\\\"{DataSource}\\\", \\\",\\\"))\\r\\n | extend CollectionName = iff(SourceCollectionName == \\\"\\\", \\\"No Collection\\\", SourceCollectionName)\\r\\n | where \\\"{Collection:label}\\\" == \\\"All\\\" or CollectionName in~ (split(\\\"{Collection:label}\\\", \\\", \\\"))\\r\\n | extend CollectionName = iff(SourceCollectionName == \\\"\\\", \\\"No Collection\\\", SourceCollectionName)\\r\\n | where ActivityType == \\\"Labeling\\\" \\r\\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType;\\r\\nlet LabelDrilldown = MostRecentScanLogs \\r\\n| extend SensitivityLabel = iff(SensitivityLabel[0] == \\\"\\\", \\\"No Label\\\", SensitivityLabel[0])\\r\\n| extend Label = replace(@\\\"\\\\\\\\\\\", \\\"/\\\", SensitivityLabel)\\r\\n| where \\\"{UserSelectedLabel:label}\\\" == \\\"All\\\" or \\\"{UserSelectedLabel:label}\\\" == Label\\r\\n| summarize arg_max(TimeGenerated, PurviewTenantId, PurviewAccountName, PurviewRegion, SourceName, SourceType, SourcePath, SourceSubscriptionId, SourceRegion, SourceCollectionName, AssetName, AssetPath, AssetType, AssetCreationTime, AssetModifiedTime, AssetLastScanTime, FileExtension, FileSize, ActivityType, SensitivityLabelTrigger, SensitivityLabel, SensitivityLabelDetails, SourceScanId) by AssetPath \\r\\n| project TimeGenerated, PurviewTenantId, PurviewAccountName, PurviewRegion, AssetName, AssetPath, AssetType, AssetCreationTime, AssetModifiedTime, AssetLastScanTime, FileExtension, FileSize, ActivityType, SensitivityLabelTrigger, SensitivityLabel, SensitivityLabelDetails, SourceName, SourceType, SourcePath, SourceSubscriptionId, SourceRegion, SourceCollectionName, SourceScanId;\\r\\nLabelDrilldown\\r\\n| take 100\",\"size\":0,\"showAnalytics\":true,\"title\":\"Sensitivity Labels Drilldown- Asset Level\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":5},{\"columnMatch\":\"PurviewTenantId\",\"formatter\":5},{\"columnMatch\":\"PurviewAccountName\",\"formatter\":5},{\"columnMatch\":\"PurviewRegion\",\"formatter\":5},{\"columnMatch\":\"AssetName\",\"formatter\":5},{\"columnMatch\":\"AssetPath\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"GenericDetails\",\"linkIsContextBlade\":true,\"customColumnWidthSetting\":\"70ch\"}},{\"columnMatch\":\"AssetType\",\"formatter\":5},{\"columnMatch\":\"AssetCreationTime\",\"formatter\":5},{\"columnMatch\":\"AssetModifiedTime\",\"formatter\":5},{\"columnMatch\":\"FileExtension\",\"formatter\":5},{\"columnMatch\":\"FileSize\",\"formatter\":5},{\"columnMatch\":\"ActivityType\",\"formatter\":5},{\"columnMatch\":\"SensitivityLabelTrigger\",\"formatter\":5,\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\"},\"emptyValCustomText\":\"No Label\"}},{\"columnMatch\":\"SensitivityLabel\",\"formatter\":0,\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\"},\"emptyValCustomText\":\"No Label\"}},{\"columnMatch\":\"SensitivityLabelDetails\",\"formatter\":5,\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\"},\"emptyValCustomText\":\"No Label\"}},{\"columnMatch\":\"SourceName\",\"formatter\":5},{\"columnMatch\":\"SourceType\",\"formatter\":5},{\"columnMatch\":\"SourcePath\",\"formatter\":13,\"formatOptions\":{\"linkTarget\":\"Resource\",\"showIcon\":true}},{\"columnMatch\":\"SourceSubscriptionId\",\"formatter\":5},{\"columnMatch\":\"SourceRegion\",\"formatter\":5},{\"columnMatch\":\"SourceCollectionName\",\"formatter\":5},{\"columnMatch\":\"SourceScanId\",\"formatter\":5},{\"columnMatch\":\"SensitivityLabelName\",\"formatter\":0,\"numberFormat\":{\"unit\":0,\"options\":{\"style\":\"decimal\"},\"emptyValCustomText\":\"No Label\"}},{\"columnMatch\":\"PurviewSubscriptionId\",\"formatter\":5},{\"columnMatch\":\"SourceOwner\",\"formatter\":5},{\"columnMatch\":\"AssetOwner\",\"formatter\":5},{\"columnMatch\":\"ActivityTrigger\",\"formatter\":5},{\"columnMatch\":\"Classification\",\"formatter\":5},{\"columnMatch\":\"ClassificationCount\",\"formatter\":5},{\"columnMatch\":\"SensitivityLabelGuid\",\"formatter\":5},{\"columnMatch\":\"UserId\",\"formatter\":5}],\"filter\":true,\"labelSettings\":[{\"columnId\":\"AssetPath\",\"label\":\"Asset Path\"},{\"columnId\":\"AssetLastScanTime\",\"label\":\"Asset Last Scan Time\"},{\"columnId\":\"SensitivityLabel\",\"label\":\"Sensitivity Label\"},{\"columnId\":\"SourcePath\",\"label\":\"Source Path\"}]}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results204\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"query - 13\",\"styleSettings\":{\"showBorder\":true}}]},\"conditionalVisibility\":{\"parameterName\":\"isPurviewLogsVisible\",\"comparison\":\"isEqualTo\",\"value\":\"true\"},\"name\":\"Purview Logs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## 🗄 Azure SQL Databases\\r\\n\\r\\nThis section helps you monitor **access to classified and sensitive data stored in Azure SQL databases**. It supports GDPR requirements for **security of processing (Art. 32)** and **data protection by design and by default (Art. 25)** by detecting anomalies, tracking access patterns, and providing evidence of safeguards around personal data. \\r\\n\\r\\nKey objectives of this section: \\r\\n- Identify **daily anomaly scores** to highlight unusual database activity that may indicate misuse or data exfiltration \\r\\n- Monitor **queries by sensitivity labels and information types** to ensure personal data is accessed only for legitimate purposes \\r\\n- Track **application and IP access** to classified data for accountability and traceability \\r\\n- Detect potential **privilege misuse or unauthorized access attempts** by reviewing query and principal activity over time \\r\\n- Provide auditors with proof of **continuous monitoring of database activity** against sensitive data assets \\r\\n\\r\\nBy analyzing these metrics, analysts can confirm that **personal data stored in databases is accessed appropriately**, and that monitoring controls are in place to detect and respond to suspicious or non-compliant activity.\\r\\n\"},\"customWidth\":\"40\",\"name\":\"text - 4\"},{\"type\":1,\"content\":{\"json\":\"\"},\"customWidth\":\"10\",\"name\":\"text - 5\"},{\"type\":1,\"content\":{\"json\":\"| Azure SQL Databases | | |\\r\\n|:--| - | - |\\r\\n| Daily anomaly scores, by database | Anomaly score over time for the selected database (from the list above) | Daily activity over time for the selected database (from the list above) |\\r\\n| Number of queries, by sensitivity label | Number of queries, by information type | Number of queries, by principal |\\r\\n|Number of queries, Details|Application access to classified data (by information type)|IP access to classified data (by information type)|\\r\\n\\r\\nPanels in this section are dynamically rendered based on the selected Subscription, Workspace, Time range, Servers and Databases. Only panels with data are shown. \\r\\n\"},\"customWidth\":\"40\",\"name\":\"text - 6\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"value::selected\"],\"parameters\":[{\"id\":\"332be9fd-33ad-407e-843e-5f2c49a50b6a\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Servers\",\"type\":5,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"query\":\"where type == \\\"microsoft.sql/servers\\\"\\r\\n| project id=tolower(id)\",\"crossComponentResources\":[\"{Subscription}\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":1,\"resourceType\":\"microsoft.resourcegraph/resources\",\"value\":[\"value::all\"]},{\"id\":\"b4cc825f-166b-4929-916a-21b8073748c2\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Databases\",\"type\":5,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"where type == \\\"microsoft.sql/servers/databases\\\"\\r\\n| project id=tolower(id)\\r\\n| extend serverName = split(id,'/databases/')[0]\\r\\n| where serverName in ({Servers})\\r\\n| project id\",\"crossComponentResources\":[\"value::selected\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":1,\"resourceType\":\"microsoft.resourcegraph/resources\",\"value\":[\"value::all\"]}],\"style\":\"pills\",\"queryType\":1,\"resourceType\":\"microsoft.resourcegraph/resources\"},\"name\":\"parameters - 1\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"7afa304d-b448-4d6c-8c54-69e51a7249a9\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results205\",\"type\":1,\"query\":\"AzureDiagnostics\\r\\n| where TimeGenerated > {TimeRange:start}\\r\\n| where ResourceType == \\\"SERVERS/DATABASES\\\"\\r\\n| where Category == \\\"SQLSecurityAuditEvents\\\"\\r\\n| where tolower(ResourceId) in ({Databases})\\r\\n| extend Database = strcat(LogicalServerName_s, '/', database_name_s)\\r\\n| summarize DailyCount = count() by ResourceId, Database, bin_at(TimeGenerated, 1d, now())\\r\\n| make-series metric = sum(DailyCount) on TimeGenerated in range({TimeRange:start}, now()-1d, 1d) by ResourceId, Database\\r\\n| extend series_decompose_anomalies(metric) // Anomaly detection\\r\\n| project ResourceId, Database, day = (TimeGenerated), DailyCounts = metric, AnomalyScore = series_decompose_anomalies_metric_ad_score\\r\\n| extend MaxAnomalyScore = AnomalyScore, MinAnomalyScore = AnomalyScore, AnomlyScoreTrend = AnomalyScore\\r\\n| mv-apply MaxAnomalyScore to typeof(real) on (top 1 by MaxAnomalyScore desc)\\r\\n| mv-apply MinAnomalyScore to typeof(real) on (top 1 by MinAnomalyScore asc)\\r\\n| mv-expand with_itemindex=Index AnomalyScore\\r\\n| where Index == array_length(DailyCounts)-1\\r\\n| project-away day, Index\\r\\n| extend AnomalyScoreAbs = abs(toreal(AnomalyScore))\\r\\n| extend WasAnomalous = iif(MaxAnomalyScore > 3 or MinAnomalyScore < -3, true, false)\\r\\n| extend Anomalous = iif(AnomalyScoreAbs > 3, true, false)\\r\\n| order by AnomalyScoreAbs desc\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":2592000000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results205\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"c303d4f8-4af1-4516-945e-66798123d9d9\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results206\",\"type\":1,\"query\":\"AzureDiagnostics \\r\\n| where tolower(ResourceId) in ({Databases})\\r\\n| where data_sensitivity_information_s != \\\"\\\" \\r\\n| extend parsed=parse_xml(data_sensitivity_information_s).sensitivity_attributes.sensitivity_attribute \\r\\n| mvexpand parsed \\r\\n| extend label = tostring(parsed[\\\"@label\\\"]) \\r\\n| where label != \\\"\\\" \\r\\n| summarize dcount = dcount(sequence_group_id_g) by label\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results206\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"3ce1ba31-e991-4012-a9f9-b1196c54f4e5\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results207\",\"type\":1,\"query\":\"AzureDiagnostics \\r\\n| where tolower(ResourceId) in ({Databases})\\r\\n| where data_sensitivity_information_s != \\\"\\\" \\r\\n| extend parsed=parse_xml(data_sensitivity_information_s).sensitivity_attributes.sensitivity_attribute \\r\\n| mvexpand parsed \\r\\n| extend info_type = tostring(parsed[\\\"@information_type\\\"]) \\r\\n| where info_type != \\\"\\\" \\r\\n| summarize dcount = dcount(sequence_group_id_g) by info_type\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results207\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"a13bcd2c-8f8b-4087-94fe-862c41b78c56\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results208\",\"type\":1,\"query\":\"AzureDiagnostics \\r\\n| where tolower(ResourceId) in ({Databases})\\r\\n| where data_sensitivity_information_s != \\\"\\\" \\r\\n| extend parsed=parse_xml(data_sensitivity_information_s).sensitivity_attributes.sensitivity_attribute \\r\\n| mvexpand parsed \\r\\n| extend Principal = server_principal_name_s\\r\\n| summarize dcount = dcount(sequence_group_id_g) by Principal\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results208\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"3cc27864-9c39-42e8-9cd6-25e1dfb9bcca\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results210\",\"type\":1,\"query\":\"AzureDiagnostics \\r\\n| where tolower(ResourceId) in ({Databases})\\r\\n| where data_sensitivity_information_s != \\\"\\\" \\r\\n| extend parsed=parse_xml(data_sensitivity_information_s).sensitivity_attributes.sensitivity_attribute \\r\\n| mvexpand parsed \\r\\n| extend label = tostring(parsed[\\\"@label\\\"]) \\r\\n| where label != \\\"\\\" \\r\\n| summarize dcount = dcount(sequence_group_id_g) by label_and_app = strcat(label, \\\" | \\\", application_name_s)\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results210\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"59b17e09-3c6d-4a11-a18d-2bc61a3ceba3\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results211\",\"type\":1,\"query\":\"AzureDiagnostics \\r\\n| where tolower(ResourceId) in ({Databases})\\r\\n| where data_sensitivity_information_s != \\\"\\\" \\r\\n| extend parsed=parse_xml(data_sensitivity_information_s).sensitivity_attributes.sensitivity_attribute \\r\\n| mvexpand parsed \\r\\n| extend label = tostring(parsed[\\\"@label\\\"]) \\r\\n| where label != \\\"\\\" \\r\\n| summarize dcount = dcount(sequence_group_id_g) by label_and_ip = strcat(label, \\\" | \\\", client_ip_s) \\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results211\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"AzureDiagnostics\\r\\n| where TimeGenerated > {TimeRange:start}\\r\\n| where ResourceType == \\\"SERVERS/DATABASES\\\"\\r\\n| where Category == \\\"SQLSecurityAuditEvents\\\"\\r\\n| where tolower(ResourceId) in ({Databases})\\r\\n| extend Database = strcat(LogicalServerName_s, '/', database_name_s)\\r\\n| summarize DailyCount = count() by ResourceId, Database, bin_at(TimeGenerated, 1d, now())\\r\\n| make-series metric = sum(DailyCount) on TimeGenerated in range({TimeRange:start}, now()-1d, 1d) by ResourceId, Database\\r\\n| extend series_decompose_anomalies(metric) // Anomaly detection\\r\\n| project ResourceId, Database, day = (TimeGenerated), DailyCounts = metric, AnomalyScore = series_decompose_anomalies_metric_ad_score\\r\\n| extend MaxAnomalyScore = AnomalyScore, MinAnomalyScore = AnomalyScore, AnomlyScoreTrend = AnomalyScore\\r\\n| mv-apply MaxAnomalyScore to typeof(real) on (top 1 by MaxAnomalyScore desc)\\r\\n| mv-apply MinAnomalyScore to typeof(real) on (top 1 by MinAnomalyScore asc)\\r\\n| mv-expand with_itemindex=Index AnomalyScore\\r\\n| where Index == array_length(DailyCounts)-1\\r\\n| project-away day, Index\\r\\n| extend AnomalyScoreAbs = abs(toreal(AnomalyScore))\\r\\n| extend WasAnomalous = iif(MaxAnomalyScore > 3 or MinAnomalyScore < -3, true, false)\\r\\n| extend Anomalous = iif(AnomalyScoreAbs > 3, true, false)\\r\\n| order by AnomalyScoreAbs desc\\r\\n\",\"size\":0,\"title\":\"Daily anomaly scores, by database\",\"timeContextFromParameter\":\"TimeRange\",\"exportFieldName\":\"ResourceId\",\"exportParameterName\":\"SelectedResource\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DailyCounts\",\"formatter\":9,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"AnomalyScore\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"startsWith\",\"thresholdValue\":\"-\",\"representation\":\"trenddown\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"right\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"trendup\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"MaxAnomalyScore\",\"formatter\":1},{\"columnMatch\":\"MinAnomalyScore\",\"formatter\":5},{\"columnMatch\":\"AnomlyScoreTrend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"orange\"}},{\"columnMatch\":\"AnomalyScoreAbs\",\"formatter\":5},{\"columnMatch\":\"WasAnomalous\",\"formatter\":1},{\"columnMatch\":\"Anomalous\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}}]}},\"conditionalVisibility\":{\"parameterName\":\"Results205\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"query - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"AzureDiagnostics\\r\\n| where TimeGenerated > {TimeRange:start}\\r\\n| where ResourceType == \\\"SERVERS/DATABASES\\\"\\r\\n| where Category == \\\"SQLSecurityAuditEvents\\\"\\r\\n| where tolower(ResourceId) == tolower('{SelectedResource}')\\r\\n| summarize DailyCount = count() by ResourceId, bin_at(TimeGenerated, 1d, now())\\r\\n| make-series metric = sum(DailyCount) on TimeGenerated in range({TimeRange:start}, now()-1d, 1d) by ResourceId\\r\\n| extend series_decompose_anomalies(metric) // Anomaly detection\\r\\n| project ResourceId, day = (TimeGenerated), DailyCounts = metric, AnomalyScore = series_decompose_anomalies_metric_ad_score\\r\\n\",\"size\":0,\"title\":\"Anomaly score over time for the selected database (from the list above)\",\"color\":\"orange\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"visualization\":\"timechart\",\"chartSettings\":{\"yAxis\":[\"AnomalyScore\"],\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true}}}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results205\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"query - 2 - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"AzureDiagnostics\\r\\n| where TimeGenerated > {TimeRange:start}\\r\\n| where ResourceType == \\\"SERVERS/DATABASES\\\"\\r\\n| where Category == \\\"SQLSecurityAuditEvents\\\"\\r\\n| where tolower(ResourceId) == tolower('{SelectedResource}')\\r\\n| summarize DailyCount = count() by ResourceId, bin_at(TimeGenerated, 1d, now())\\r\\n| make-series metric = sum(DailyCount) on TimeGenerated in range({TimeRange:start}, now()-1d, 1d) by ResourceId\\r\\n| extend series_decompose_anomalies(metric) // Anomaly detection\\r\\n| project ResourceId, day = (TimeGenerated), DailyCounts = metric, AnomalyScore = series_decompose_anomalies_metric_ad_score\\r\\n\",\"size\":0,\"title\":\"Daily activity over time for the selected database (from the list above)\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"visualization\":\"timechart\",\"chartSettings\":{\"yAxis\":[\"DailyCounts\"],\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true}}}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results205\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"query - 2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"AzureDiagnostics \\r\\n| where tolower(ResourceId) in ({Databases})\\r\\n| where data_sensitivity_information_s != \\\"\\\" \\r\\n| extend parsed=parse_xml(data_sensitivity_information_s).sensitivity_attributes.sensitivity_attribute \\r\\n| mvexpand parsed \\r\\n| extend label = tostring(parsed[\\\"@label\\\"]) \\r\\n| where label != \\\"\\\" \\r\\n| summarize dcount = dcount(sequence_group_id_g) by label\",\"size\":0,\"title\":\"Number of queries, by sensitivity label\",\"timeContextFromParameter\":\"TimeRange\",\"exportMultipleValues\":true,\"exportedParameters\":[{\"fieldName\":\"label\",\"parameterName\":\"SelectedLabel\",\"parameterType\":1}],\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"label\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"showBorder\":false}},\"customWidth\":\"33\",\"conditionalVisibility\":{\"parameterName\":\"Results206\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"query - 3 - Copy\",\"styleSettings\":{\"margin\":\"0\",\"padding\":\"0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"AzureDiagnostics \\r\\n| where tolower(ResourceId) in ({Databases})\\r\\n| where data_sensitivity_information_s != \\\"\\\" \\r\\n| extend parsed=parse_xml(data_sensitivity_information_s).sensitivity_attributes.sensitivity_attribute \\r\\n| mvexpand parsed \\r\\n| extend info_type = tostring(parsed[\\\"@information_type\\\"]) \\r\\n| where info_type != \\\"\\\" \\r\\n| summarize dcount = dcount(sequence_group_id_g) by info_type\",\"size\":0,\"title\":\"Number of queries, by information type\",\"timeContextFromParameter\":\"TimeRange\",\"exportMultipleValues\":true,\"exportedParameters\":[{\"fieldName\":\"info_type\",\"parameterName\":\"SelectedInformationType\",\"parameterType\":1}],\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"visualization\":\"tiles\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"info_type\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"createOtherGroup\":10}},\"customWidth\":\"33\",\"conditionalVisibility\":{\"parameterName\":\"Results207\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"query - 3 - Copy - Copy\",\"styleSettings\":{\"margin\":\"0\",\"padding\":\"0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"AzureDiagnostics \\r\\n| where tolower(ResourceId) in ({Databases})\\r\\n| where data_sensitivity_information_s != \\\"\\\" \\r\\n| extend parsed=parse_xml(data_sensitivity_information_s).sensitivity_attributes.sensitivity_attribute \\r\\n| mvexpand parsed \\r\\n| extend Principal = server_principal_name_s\\r\\n| summarize dcount = dcount(sequence_group_id_g) by Principal\",\"size\":0,\"title\":\"Number of queries, by principal\",\"timeContextFromParameter\":\"TimeRange\",\"exportMultipleValues\":true,\"exportedParameters\":[{\"fieldName\":\"Principal\",\"parameterName\":\"SelectedPrincipal\",\"parameterType\":1}],\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Principal\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}},\"showBorder\":false},\"chartSettings\":{\"createOtherGroup\":10}},\"customWidth\":\"33\",\"conditionalVisibility\":{\"parameterName\":\"Results208\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"query - 3 - Copy - Copy - Copy\",\"styleSettings\":{\"margin\":\"0\",\"padding\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"387f6bac-5c95-41e3-9556-641188130759\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results209\",\"type\":1,\"query\":\"AzureDiagnostics\\r\\n| where tolower(ResourceId) in ({Databases})\\r\\n| where isempty(data_sensitivity_information_s) == false\\r\\n| extend parsed=parse_xml(data_sensitivity_information_s).sensitivity_attributes.sensitivity_attribute \\r\\n//| evaluate bag_unpack(parsed, columnsConflict='keep_source')\\r\\n| mvexpand parsed \\r\\n| project TimeGenerated, ResourceId, Label = tostring(parsed.['@label']), InformationType = tostring(parsed.['@information_type'])\\r\\n , Succeeded = succeeded_s, Principal = server_principal_name_s, ClientIP = client_ip_s, Application = application_name_s, Statement = statement_s, Rows = response_rows_d, Action = action_name_s\\r\\n| where Label != \\\"\\\" or InformationType != \\\"\\\"\\r\\n| where isempty('{SelectedLabel}') or (strcat('\\\"',Label,'\\\"') in (split('{SelectedLabel}',',')))\\r\\n| where isempty('{SelectedInformationType}') or (strcat('\\\"',InformationType,'\\\"') in (split('{SelectedInformationType}',',')))\\r\\n| where isempty('{SelectedPrincipal}') or (strcat('\\\"',Principal,'\\\"') in (split('{SelectedPrincipal}',',')))\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results208\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"AzureDiagnostics\\r\\n| where tolower(ResourceId) in ({Databases})\\r\\n| where isempty(data_sensitivity_information_s) == false\\r\\n| extend parsed=parse_xml(data_sensitivity_information_s).sensitivity_attributes.sensitivity_attribute \\r\\n//| evaluate bag_unpack(parsed, columnsConflict='keep_source')\\r\\n| mvexpand parsed \\r\\n| project TimeGenerated, ResourceId, Label = tostring(parsed.['@label']), InformationType = tostring(parsed.['@information_type'])\\r\\n , Succeeded = succeeded_s, Principal = server_principal_name_s, ClientIP = client_ip_s, Application = application_name_s, Statement = statement_s, Rows = response_rows_d, Action = action_name_s\\r\\n| where Label != \\\"\\\" or InformationType != \\\"\\\"\\r\\n| where isempty('{SelectedLabel}') or (strcat('\\\"',Label,'\\\"') in (split('{SelectedLabel}',',')))\\r\\n| where isempty('{SelectedInformationType}') or (strcat('\\\"',InformationType,'\\\"') in (split('{SelectedInformationType}',',')))\\r\\n| where isempty('{SelectedPrincipal}') or (strcat('\\\"',Principal,'\\\"') in (split('{SelectedPrincipal}',',')))\",\"size\":0,\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"]},\"conditionalVisibility\":{\"parameterName\":\"Results209\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"query - 15\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"AzureDiagnostics \\r\\n| where tolower(ResourceId) in ({Databases})\\r\\n| where data_sensitivity_information_s != \\\"\\\" \\r\\n| extend parsed=parse_xml(data_sensitivity_information_s).sensitivity_attributes.sensitivity_attribute \\r\\n| mvexpand parsed \\r\\n| extend label = tostring(parsed[\\\"@label\\\"]) \\r\\n| where label != \\\"\\\" \\r\\n| summarize dcount = dcount(sequence_group_id_g) by label_and_app = strcat(label, \\\" | \\\", application_name_s)\\r\\n| order by label_and_app asc, dcount desc\",\"size\":0,\"title\":\"Application access to classified data (by sensitivity label)\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"visualization\":\"piechart\"},\"customWidth\":\"40\",\"conditionalVisibility\":{\"parameterName\":\"Results210\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"query - 3 - Copy - Copy\",\"styleSettings\":{\"margin\":\"0\",\"padding\":\"0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"AzureDiagnostics \\r\\n| where tolower(ResourceId) in ({Databases})\\r\\n| where data_sensitivity_information_s != \\\"\\\" \\r\\n| extend parsed=parse_xml(data_sensitivity_information_s).sensitivity_attributes.sensitivity_attribute \\r\\n| mvexpand parsed \\r\\n| extend label = tostring(parsed[\\\"@label\\\"]) \\r\\n| where label != \\\"\\\" \\r\\n| summarize dcount = dcount(sequence_group_id_g) by label_and_ip = strcat(label, \\\" | \\\", client_ip_s) \\r\\n| order by label_and_ip asc, dcount desc\",\"size\":0,\"title\":\"IP access to classified data (by sensitivity label)\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"visualization\":\"piechart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"action_name_s\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"graphSettings\":{\"type\":0,\"topContent\":{\"columnMatch\":\"action_name_s\",\"formatter\":1},\"centerContent\":{\"columnMatch\":\"count_\",\"formatter\":1,\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"40\",\"conditionalVisibility\":{\"parameterName\":\"Results211\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"query - 3\",\"styleSettings\":{\"margin\":\"0\",\"padding\":\"0\"}}]},\"conditionalVisibility\":{\"parameterName\":\"isAzureSQLDatabasesVisible\",\"comparison\":\"isEqualTo\",\"value\":\"true\"},\"name\":\"Azure SQL Databases\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"7afa304d-b448-4d6c-8c54-69e51a7249a9\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results46\",\"type\":1,\"query\":\"let AnomalySignIns = BehaviorAnalytics\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| extend FirstTimeDeviceLogon = tostring(ActivityInsights.FirstTimeUserLoggedOnToDevice)\\r\\n| extend FirstTimeUserAction = tostring(ActivityInsights.FirstTimeUserPerformedAction)\\r\\n| extend UncommonAction = tostring(ActivityInsights.ActionUncommonlyPerformedByUser)\\r\\n| extend UncommonVolumeOfActions = tostring(ActivityInsights.UncommonHighVolumeOfActions)\\r\\n| where FirstTimeDeviceLogon == \\\"True\\\" or FirstTimeUserAction == \\\"True\\\" or UncommonAction == \\\"True\\\" or UncommonVolumeOfActions == \\\"True\\\";\\r\\nAnomalySignIns | join (SigninLogs) on UserPrincipalName\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results205\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"1ba464d7-3754-40c5-9518-7fa597d2e910\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results47\",\"type\":1,\"query\":\"let AnomalySignIns = BehaviorAnalytics\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| extend FirstTimeDeviceLogon = tostring(ActivityInsights.FirstTimeUserLoggedOnToDevice)\\r\\n| extend FirstTimeUserAction = tostring(ActivityInsights.FirstTimeUserPerformedAction)\\r\\n| extend UncommonAction = tostring(ActivityInsights.ActionUncommonlyPerformedByUser)\\r\\n| extend UncommonVolumeOfActions = tostring(ActivityInsights.UncommonHighVolumeOfActions)\\r\\n| where FirstTimeDeviceLogon == \\\"True\\\" or FirstTimeUserAction == \\\"True\\\" or UncommonAction == \\\"True\\\" or UncommonVolumeOfActions == \\\"True\\\";\\r\\nAnomalySignIns | join (SigninLogs) on UserPrincipalName\\r\\n| where SourceIPLocation <> \\\"\\\"\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results47\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"65c2cb9f-754e-4a6e-9f49-f8d6b656a4f0\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results48\",\"type\":1,\"query\":\"let UncommonActionVolume = BehaviorAnalytics\\r\\n| extend UncommonActionVolume = tostring(ActivityInsights.UncommonHighVolumeOfActions)\\r\\n| where UncommonActionVolume == \\\"True\\\"\\r\\n| summarize count() by UserPrincipalName\\r\\n| project-rename UncommonActionVolume = count_;\\r\\nlet UncommonAction = BehaviorAnalytics\\r\\n| extend UncommonAction = tostring(ActivityInsights.ActionUncommonlyPerformedByUser)\\r\\n| where UncommonAction == \\\"True\\\"\\r\\n| summarize count() by UserPrincipalName\\r\\n| project-rename UncommonAction = count_;\\r\\nlet Uncommon = UncommonActionVolume | join(UncommonAction) on UserPrincipalName;\\r\\nlet FirstTimeDeviceLogon = BehaviorAnalytics\\r\\n| extend FirstTimeDeviceLogon = tostring(ActivityInsights.FirstTimeUserLoggedOnToDevice)\\r\\n| where FirstTimeDeviceLogon == \\\"True\\\"\\r\\n| summarize count() by UserPrincipalName\\r\\n| project-rename FirstTimeDeviceLogon = count_;\\r\\nlet FirstTimeUserAction = BehaviorAnalytics\\r\\n| extend FirstTimeUserAction = tostring(ActivityInsights.FirstTimeUserPerformedAction)\\r\\n| where FirstTimeUserAction == \\\"True\\\"\\r\\n| summarize count() by UserPrincipalName\\r\\n| project-rename FirstTimeUserAction = count_;\\r\\nlet FirstTime = FirstTimeUserAction | join(FirstTimeDeviceLogon) on UserPrincipalName;\\r\\nUncommon | join kind=fullouter(FirstTime) on UserPrincipalName\\r\\n| where UserPrincipalName <> \\\"\\\"\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| project UserPrincipalName, UncommonActionVolume, UncommonAction, FirstTimeUserAction, FirstTimeDeviceLogon\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results48\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"802544a8-295d-49ac-ac30-7669812ffc07\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results49\",\"type\":1,\"query\":\"AADUserRiskEvents\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results49\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"292eaf4d-ee6f-4b78-acf1-2f625846dfdb\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results50\",\"type\":1,\"query\":\"BehaviorAnalytics\\r\\n| where ActionType == \\\"Reset user password\\\"\\r\\n| where ActivityInsights has \\\"True\\\"\\r\\n| join (\\r\\n AuditLogs\\r\\n )\\r\\n on $left.SourceRecordId == $right._ItemId\\r\\n| mv-expand TargetResources\\r\\n| extend Target = iff(tostring(TargetResources.userPrincipalName) has \\\"#EXT#\\\", replace(\\\"_\\\", \\\"@\\\", tostring(split(TargetResources.userPrincipalName, \\\"#\\\")[0])), TargetResources.userPrincipalName), tostring(TargetResources.userPrincipalName)\\r\\n| extend UserPrincipalName = iff(UserPrincipalName has \\\"#EXT#\\\", replace(\\\"_\\\", \\\"@\\\", tostring(split(UserPrincipalName, \\\"#\\\")[0])), UserPrincipalName),\\r\\n UserName = iff(UserName has \\\"#EXT#\\\", replace(\\\"_\\\", \\\"@\\\", tostring(split(UserPrincipalName, \\\"#\\\")[0])), UserName)\\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\\\"TargetUser\\\"]=Target, ActivityInsights, SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results50\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"402cb027-2e34-4a17-8ede-e0778b245e49\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results51\",\"type\":1,\"query\":\"BehaviorAnalytics\\r\\n| where ActivityType == \\\"LogOn\\\"\\r\\n| where UsersInsights.BlastRadius == \\\"High\\\"\\r\\n| join (\\r\\nSigninLogs | where Status.errorCode == 50126\\r\\n) on $left.SourceRecordId == $right._ItemId\\r\\n| extend UserPrincipalName = iff(UserPrincipalName contains \\\"#EXT#\\\",replace(\\\"_\\\",\\\"@\\\",tostring(split(UserPrincipalName, \\\"#\\\")[0])),UserPrincipalName),\\r\\nUserName = iff(UserName contains \\\"#EXT#\\\",replace(\\\"_\\\",\\\"@\\\",tostring(split(UserPrincipalName, \\\"#\\\")[0])),UserName)\\r\\n| project TimeGenerated, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType,[\\\"Evidence\\\"]=ActivityInsights, ResourceDisplayName,AppDisplayName ,SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results51\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"d6c529ca-65d1-49fc-87a0-5013578dcecf\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results52\",\"type\":1,\"query\":\"BehaviorAnalytics\\r\\n| where ActionType == \\\"Sign-in\\\"\\r\\n| where ActivityInsights.FirstTimeConnectionFromCountryObservedInTenant == True and ActivityInsights.CountryUncommonlyConnectedFromAmongPeers == True\\r\\n | join (\\r\\nSigninLogs\\r\\n) on $left.SourceRecordId == $right._ItemId\\r\\n| extend UserPrincipalName = iff(UserPrincipalName contains \\\"#EXT#\\\",replace(\\\"_\\\",\\\"@\\\",tostring(split(UserPrincipalName, \\\"#\\\")[0])),UserPrincipalName),\\r\\nUserName = iff(UserName contains \\\"#EXT#\\\",replace(\\\"_\\\",\\\"@\\\",tostring(split(UserPrincipalName, \\\"#\\\")[0])),UserName)\\r\\n| project TimeGenerated, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType,[\\\"Evidence\\\"]=ActivityInsights, ResourceDisplayName,AppDisplayName ,SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results52\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"776977c6-0e80-44ca-ac00-b875a0dbb650\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results53\",\"type\":1,\"query\":\"//Critical Roles: can impersonate any user or app, can update passwords for users or service principals (if the role can let a user update passwords for privileged users, if an attacker compromises this user then attacker can update passwords for privileged users hence gaining more privileges so users with this role are equally critical)\\r\\n//High Roles: Administrators that can manage all aspects or permissions of important products but can't update credentials and impersonate another user/app\\r\\nlet critical = dynamic(['9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3','c4e39bd9-1100-46d3-8c65-fb160da0071f','158c047a-c907-4556-b7ef-446551a6b5f7','62e90394-69f5-4237-9190-012177145e10','d29b2b05-8046-44ba-8758-1e26182fcf32','729827e3-9c14-49f7-bb1b-9608f156bbb8','966707d0-3269-4727-9be2-8c3a10f19b9d','194ae4cb-b126-40b2-bd5b-6091b380977d','fe930be7-5e62-47db-91af-98c3a49a38b1']);\\r\\nlet high = dynamic(['cf1c38e5-3621-4004-a7cb-879624dced7c','7495fdc4-34c4-4d15-a289-98788ce399fd','aaf43236-0c0d-4d5f-883a-6955382ac081','3edaf663-341e-4475-9f94-5c398ef6c070','7698a772-787b-4ac8-901f-60d6b08affd2','b1be1c3e-b65d-4f19-8427-f6fa0d97feb9','9f06204d-73c1-4d4c-880a-6edb90606fd8','29232cdf-9323-42fd-ade2-1d097af3e4de','be2f45a1-457d-42af-a067-6ec1fa63bc45','7be44c8a-adaf-4e2a-84d6-ab2649e08a13','e8611ab8-c189-46e8-94e1-60213ab1f814']);\\r\\nAuditLogs\\r\\n| where OperationName == \\\"Update user\\\"\\r\\n| mv-expand AdditionalDetails\\r\\n| mv-expand TargetResources\\r\\n| where AdditionalDetails.key == \\\"UserPrincipalName\\\"\\r\\n| mv-expand TargetResources\\r\\n| extend RoleId = tostring(TargetResources.modifiedProperties[0].newValue)\\r\\n| extend RoleName = tostring(TargetResources.modifiedProperties[1].newValue)\\r\\n| where RoleId in (critical,high)\\r\\n| where isnotempty(RoleId) or isnotempty(RoleName)\\r\\n| extend TargetId = tostring(TargetResources.id)\\r\\n| extend Target = iff(tostring(TargetResources.userPrincipalName) has \\\"#EXT#\\\",replace(\\\"_\\\",\\\"@\\\",tostring(split(TargetResources.userPrincipalName, \\\"#\\\")[0])),TargetResources.userPrincipalName),tostring(TargetResources.userPrincipalName)\\r\\n| join kind=inner ( BehaviorAnalytics\\r\\n) on $left._ItemId == $right.SourceRecordId\\r\\n| where UsersInsights.BlastRadius == \\\"High\\\" or ActivityInsights has \\\"True\\\"\\r\\n| extend UserPrincipalName = iff(UserPrincipalName has \\\"#EXT#\\\",replace(\\\"_\\\",\\\"@\\\",tostring(split(UserPrincipalName, \\\"#\\\")[0])),UserPrincipalName),\\r\\nUserName = iff(UserName has \\\"#EXT#\\\",replace(\\\"_\\\",\\\"@\\\",tostring(split(UserPrincipalName, \\\"#\\\")[0])),UserName) \\r\\n| project TimeGenerated, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\\\"TargetUser\\\"]=Target,RoleName,ActivityInsights ,SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| summarize count() by UserPrincipalName\\r\\n| sort by count_ desc\\r\\n| limit 100\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results53\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"48c0ca65-2da9-4c48-a95b-ea7b5aebc36b\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results54\",\"type\":1,\"query\":\"//Critical Roles: can impersonate any user or app, can update passwords for users or service principals (if the role can let a user update passwords for privileged users, if an attacker compromises this user then attacker can update passwords for privileged users hence gaining more privileges so users with this role are equally critical)\\r\\n//High Roles: Administrators that can manage all aspects or permissions of important products but can't update credentials and impersonate another user/app\\r\\nlet critical = dynamic(['9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3','c4e39bd9-1100-46d3-8c65-fb160da0071f','158c047a-c907-4556-b7ef-446551a6b5f7','62e90394-69f5-4237-9190-012177145e10','d29b2b05-8046-44ba-8758-1e26182fcf32','729827e3-9c14-49f7-bb1b-9608f156bbb8','966707d0-3269-4727-9be2-8c3a10f19b9d','194ae4cb-b126-40b2-bd5b-6091b380977d','fe930be7-5e62-47db-91af-98c3a49a38b1']);\\r\\nlet high = dynamic(['cf1c38e5-3621-4004-a7cb-879624dced7c','7495fdc4-34c4-4d15-a289-98788ce399fd','aaf43236-0c0d-4d5f-883a-6955382ac081','3edaf663-341e-4475-9f94-5c398ef6c070','7698a772-787b-4ac8-901f-60d6b08affd2','b1be1c3e-b65d-4f19-8427-f6fa0d97feb9','9f06204d-73c1-4d4c-880a-6edb90606fd8','29232cdf-9323-42fd-ade2-1d097af3e4de','be2f45a1-457d-42af-a067-6ec1fa63bc45','7be44c8a-adaf-4e2a-84d6-ab2649e08a13','e8611ab8-c189-46e8-94e1-60213ab1f814']);\\r\\nAuditLogs\\r\\n| where OperationName == \\\"Add user\\\"\\r\\n| mv-expand AdditionalDetails\\r\\n| mv-expand TargetResources\\r\\n| where AdditionalDetails.key == \\\"UserPrincipalName\\\"\\r\\n| mv-expand TargetResources\\r\\n| extend RoleId = tostring(TargetResources.modifiedProperties[0].newValue)\\r\\n| extend RoleName = tostring(TargetResources.modifiedProperties[1].newValue)\\r\\n| where RoleId in (critical,high)\\r\\n| where isnotempty(RoleId) or isnotempty(RoleName)\\r\\n| extend TargetId = tostring(TargetResources.id)\\r\\n| extend Target = iff(tostring(TargetResources.userPrincipalName) has \\\"#EXT#\\\",replace(\\\"_\\\",\\\"@\\\",tostring(split(TargetResources.userPrincipalName, \\\"#\\\")[0])),TargetResources.userPrincipalName),tostring(TargetResources.userPrincipalName)\\r\\n| join kind=inner ( BehaviorAnalytics\\r\\n) on $left._ItemId == $right.SourceRecordId\\r\\n| where UsersInsights.BlastRadius == \\\"High\\\" or ActivityInsights has \\\"True\\\"\\r\\n| extend UserPrincipalName = iff(UserPrincipalName has \\\"#EXT#\\\",replace(\\\"_\\\",\\\"@\\\",tostring(split(UserPrincipalName, \\\"#\\\")[0])),UserPrincipalName),\\r\\nUserName = iff(UserName has \\\"#EXT#\\\",replace(\\\"_\\\",\\\"@\\\",tostring(split(UserPrincipalName, \\\"#\\\")[0])),UserName) \\r\\n| project TimeGenerated, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\\\"TargetUser\\\"]=Target,RoleName,ActivityInsights ,SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results54\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"ef5b3c8e-c859-4e9a-8b73-c60f23732867\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results55\",\"type\":1,\"query\":\"let critical = dynamic(['9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3','c4e39bd9-1100-46d3-8c65-fb160da0071f','158c047a-c907-4556-b7ef-446551a6b5f7','62e90394-69f5-4237-9190-012177145e10','d29b2b05-8046-44ba-8758-1e26182fcf32','729827e3-9c14-49f7-bb1b-9608f156bbb8','966707d0-3269-4727-9be2-8c3a10f19b9d','194ae4cb-b126-40b2-bd5b-6091b380977d','fe930be7-5e62-47db-91af-98c3a49a38b1']);\\r\\nlet high = dynamic(['cf1c38e5-3621-4004-a7cb-879624dced7c','7495fdc4-34c4-4d15-a289-98788ce399fd','aaf43236-0c0d-4d5f-883a-6955382ac081','3edaf663-341e-4475-9f94-5c398ef6c070','7698a772-787b-4ac8-901f-60d6b08affd2','b1be1c3e-b65d-4f19-8427-f6fa0d97feb9','9f06204d-73c1-4d4c-880a-6edb90606fd8','29232cdf-9323-42fd-ade2-1d097af3e4de','be2f45a1-457d-42af-a067-6ec1fa63bc45','7be44c8a-adaf-4e2a-84d6-ab2649e08a13','e8611ab8-c189-46e8-94e1-60213ab1f814']);\\r\\nAuditLogs\\r\\n| where OperationName == \\\"Add member to role\\\"\\r\\n| mv-expand TargetResources\\r\\n| extend RoleId = tostring(TargetResources.modifiedProperties[0].newValue)\\r\\n| extend RoleName = tostring(TargetResources.modifiedProperties[1].newValue)\\r\\n| where RoleId in (critical,high)\\r\\n| extend TargetId = tostring(TargetResources.id)\\r\\n| extend Target = tostring(TargetResources.userPrincipalName)\\r\\n| where isnotempty(RoleId) or isnotempty(RoleName)\\r\\n| join kind=inner ( BehaviorAnalytics\\r\\n) on $left._ItemId == $right.SourceRecordId\\r\\n| where UsersInsights.BlasrRadius == \\\"High\\\" or ActivityInsights has \\\"True\\\"\\r\\n| project TimeGenerated, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\\\"TargetUser\\\"]=Target,RoleName,ActivityInsights ,SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results55\"},{\"type\":1,\"content\":{\"json\":\"# 📊 [User & Entity Behavior Analytics (UEBA)](https://docs.microsoft.com/azure/sentinel/identify-threats-with-entity-behavior-analytics)\\n---\\n\\nThis section focuses on detecting **anomalous behaviors by users and entities** that may indicate insider threats, compromised accounts, or attempts to exfiltrate personal data. It supports GDPR obligations around **security of processing (Art. 32)** and **accountability (Art. 5(2))** by helping organizations proactively identify suspicious activity that could put personal data at risk. \\n\\nKey objectives of this section: \\n- Highlight **user anomalies** such as unusual access times, geolocations, or activity volumes \\n- Detect **high-risk behaviors** flagged by Microsoft’s identity protection and analytics models \\n- Monitor **entity risk scores** to prioritize investigations of potentially compromised accounts or devices \\n- Correlate **web session anomalies** to identify potential data exfiltration attempts \\n- Provide auditors with evidence of **continuous monitoring of user activity and proactive risk detection** \\n\\nBy reviewing these metrics, analysts can ensure that **unusual or risky behaviors are identified early**, reducing the likelihood of personal data misuse or unauthorized disclosure, and demonstrating effective monitoring controls under GDPR.\\n\"},\"customWidth\":\"40\",\"name\":\"text - 2\"},{\"type\":1,\"content\":{\"json\":\"\"},\"customWidth\":\"10\",\"name\":\"text - 14\"},{\"type\":1,\"content\":{\"json\":\"| User & Entity Behavior Analytics (UEBA) | - | - |\\r\\n|:--| :--| :--| \\r\\n| Anomalous Activity by Geolocation | Anomalous Activity by User & GeoLocation | Entity Behavior Analytics Alerts |\\r\\n| User Anomalies | User Sign-in Risk Details |ASim WebSession: Detect potential data exfilteration using timeseries anomaly|\\r\\n| Anomalous Password Reset | Anomalous Failed Logon |Anomalous Geolocation Logon|\\r\\n| Anomalous AAD Account Manipulation | Anomalous Account Creation |Anomalous Role Assignment|\\r\\n\\r\\nPanels in this section are dynamically rendered based on the selected Subscription, Workspace, Time range and User.\"},\"customWidth\":\"40\",\"name\":\"text - 14\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let AnomalySignIns = BehaviorAnalytics\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| extend FirstTimeDeviceLogon = tostring(ActivityInsights.FirstTimeUserLoggedOnToDevice)\\r\\n| extend FirstTimeUserAction = tostring(ActivityInsights.FirstTimeUserPerformedAction)\\r\\n| extend UncommonAction = tostring(ActivityInsights.ActionUncommonlyPerformedByUser)\\r\\n| extend UncommonVolumeOfActions = tostring(ActivityInsights.UncommonHighVolumeOfActions)\\r\\n| where FirstTimeDeviceLogon == \\\"True\\\" or FirstTimeUserAction == \\\"True\\\" or UncommonAction == \\\"True\\\" or UncommonVolumeOfActions == \\\"True\\\";\\r\\nAnomalySignIns | join (SigninLogs) on UserPrincipalName\",\"size\":3,\"showAnalytics\":true,\"title\":\"Anomalous Activity by Geolocation\",\"noDataMessage\":\"There are no results within the selected thresholds (time, workspace, subscription). See Enable User and Entity Behavior Analytics (UEBA) in Microsoft Sentinel for respective UEBA configurations (https://docs.microsoft.com/azure/sentinel/enable-entity-behavior-analytics)\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"visualization\":\"map\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"warning\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"UncommonActionVolume\",\"formatter\":4,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"UncommonAction\",\"formatter\":4,\"formatOptions\":{\"palette\":\"green\"}},{\"columnMatch\":\"FirstTimeUserAction\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"FirstTimeDeviceLogon\",\"formatter\":4,\"formatOptions\":{\"palette\":\"yellow\"}},{\"columnMatch\":\"IncidentCount\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"AlertCount\",\"formatter\":8,\"formatOptions\":{\"palette\":\"orange\"}},{\"columnMatch\":\"AnomalyCount\",\"formatter\":8,\"formatOptions\":{\"palette\":\"yellow\"}}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"latitude_\",\"longitude\":\"longitude_\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"labelSettings\":\"city_\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"redBright\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results46\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results46\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let AnomalySignIns = BehaviorAnalytics\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| extend FirstTimeDeviceLogon = tostring(ActivityInsights.FirstTimeUserLoggedOnToDevice)\\r\\n| extend FirstTimeUserAction = tostring(ActivityInsights.FirstTimeUserPerformedAction)\\r\\n| extend UncommonAction = tostring(ActivityInsights.ActionUncommonlyPerformedByUser)\\r\\n| extend UncommonVolumeOfActions = tostring(ActivityInsights.UncommonHighVolumeOfActions)\\r\\n| where FirstTimeDeviceLogon == \\\"True\\\" or FirstTimeUserAction == \\\"True\\\" or UncommonAction == \\\"True\\\" or UncommonVolumeOfActions == \\\"True\\\";\\r\\nAnomalySignIns | join (SigninLogs) on UserPrincipalName\\r\\n| where SourceIPLocation <> \\\"\\\"\\r\\n| summarize count() by UserPrincipalName, SourceIPLocation\\r\\n| sort by count_ desc\\r\\n| limit 100\",\"size\":0,\"showAnalytics\":true,\"title\":\"Anomalous Activity by User & GeoLocation\",\"noDataMessage\":\"There are no results within the selected thresholds (time, workspace, subscription). See Enable User and Entity Behavior Analytics (UEBA) in Microsoft Sentinel for respective UEBA configurations (https://docs.microsoft.com/azure/sentinel/enable-entity-behavior-analytics)\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"Location\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Globe\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"SourceIPLocation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Globe\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":4,\"formatOptions\":{\"palette\":\"redBright\"}}],\"filter\":true}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results47\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"query - 14\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let AnomalousSigninActivity = BehaviorAnalytics\\r\\n | where ActionType == \\\"Sign-in\\\"\\r\\n | where (UsersInsights.NewAccount == True or UsersInsights.DormantAccount == True) and (\\r\\n ActivityInsights.FirstTimeUserAccessedResource == True and ActivityInsights.ResourceUncommonlyAccessedAmongPeers == True\\r\\n or ActivityInsights.FirstTimeUserUsedApp == True and ActivityInsights.AppUncommonlyUsedAmongPeers == False)\\r\\n | join (\\r\\n SigninLogs | where Status.errorCode == 0 or Status.errorCode == 0 and RiskDetail != \\\"none\\\"\\r\\n )\\r\\n on $left.SourceRecordId == $right._ItemId\\r\\n | extend UserPrincipalName = iff(UserPrincipalName contains \\\"#EXT#\\\", replace(\\\"_\\\", \\\"@\\\", tostring(split(UserPrincipalName, \\\"#\\\")[0])), UserPrincipalName),\\r\\n UserName = iff(UserName contains \\\"#EXT#\\\", replace(\\\"_\\\", \\\"@\\\", tostring(split(UserPrincipalName, \\\"#\\\")[0])), UserName)\\r\\n | extend AnomalyName = \\\"Anomalous Successful Logon\\\",\\r\\n Tactic = \\\"Persistence\\\",\\r\\n Technique = \\\"Valid Accounts\\\",\\r\\n SubTechnique = \\\"\\\",\\r\\n Description = \\\"Successful Sign-in with one or more of the following indications: sign by new or recently dormant accounts and sign in with resource for the first time (while none of their peers did) or to an app for the first time (while none of their peers did) or performed by a user with Risk indication from AAD\\\"\\r\\n | project TimeGenerated, AnomalyName, Tactic, Technique, SubTechnique, Description, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\\\"Evidence\\\"]=ActivityInsights, ResourceDisplayName, AppDisplayName, SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights, [\\\"Anomaly Score\\\"]=InvestigationPriority; \\r\\nlet critical = dynamic(['9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3', 'c4e39bd9-1100-46d3-8c65-fb160da0071f', '158c047a-c907-4556-b7ef-446551a6b5f7', '62e90394-69f5-4237-9190-012177145e10', 'd29b2b05-8046-44ba-8758-1e26182fcf32', '729827e3-9c14-49f7-bb1b-9608f156bbb8', '966707d0-3269-4727-9be2-8c3a10f19b9d', '194ae4cb-b126-40b2-bd5b-6091b380977d', 'fe930be7-5e62-47db-91af-98c3a49a38b1']);\\r\\nlet high = dynamic(['cf1c38e5-3621-4004-a7cb-879624dced7c', '7495fdc4-34c4-4d15-a289-98788ce399fd', 'aaf43236-0c0d-4d5f-883a-6955382ac081', '3edaf663-341e-4475-9f94-5c398ef6c070', '7698a772-787b-4ac8-901f-60d6b08affd2', 'b1be1c3e-b65d-4f19-8427-f6fa0d97feb9', '9f06204d-73c1-4d4c-880a-6edb90606fd8', '29232cdf-9323-42fd-ade2-1d097af3e4de', 'be2f45a1-457d-42af-a067-6ec1fa63bc45', '7be44c8a-adaf-4e2a-84d6-ab2649e08a13', 'e8611ab8-c189-46e8-94e1-60213ab1f814']);//insider\\r\\nlet AnomalousRoleAssignment = AuditLogs\\r\\n | where TimeGenerated > ago(28d)\\r\\n | where OperationName == \\\"Add member to role\\\"\\r\\n | mv-expand TargetResources\\r\\n | extend RoleId = tostring(TargetResources.modifiedProperties[0].newValue)\\r\\n | where isnotempty(RoleId) and RoleId in (critical, high)\\r\\n | extend RoleName = tostring(TargetResources.modifiedProperties[1].newValue)\\r\\n | where isnotempty(RoleName)\\r\\n | extend TargetId = tostring(TargetResources.id)\\r\\n | extend Target = tostring(TargetResources.userPrincipalName)\\r\\n | join kind=inner (\\r\\n BehaviorAnalytics\\r\\n | where ActionType == \\\"Add member to role\\\"\\r\\n | where UsersInsights.BlasrRadius == \\\"High\\\" or ActivityInsights.FirstTimeUserPerformedAction == true\\r\\n )\\r\\n on $left._ItemId == $right.SourceRecordId\\r\\n | extend AnomalyName = \\\"Anomalous Role Assignment\\\",\\r\\n Tactic = \\\"Persistence\\\",\\r\\n Technique = \\\"Account Manipulation\\\",\\r\\n SubTechnique = \\\"\\\",\\r\\n Description = \\\"Adversaries may manipulate accounts to maintain access to victim systems. These actions include adding new accounts to high privileged groups. Dragonfly 2.0, for example, added newly created accounts to the administrators group to maintain elevated access. The query below generates an output of all high Blast Radius users performing Add member to privileged role, or ones that add users for the first time.\\\"\\r\\n | project TimeGenerated, AnomalyName, Tactic, Technique, SubTechnique, Description, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\\\"TargetUser\\\"]=Target, RoleName, [\\\"Evidence\\\"]=ActivityInsights, SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights, [\\\"Anomaly Score\\\"]=InvestigationPriority; let LogOns=materialize(\\r\\n BehaviorAnalytics\\r\\n | where ActivityType == \\\"LogOn\\\");\\r\\nlet AnomalousResourceAccess = LogOns\\r\\n | where ActionType == \\\"ResourceAccess\\\"\\r\\n | where ActivityInsights.FirstTimeUserLoggedOnToDevice == true\\r\\n | extend AnomalyName = \\\"Anomalous Resource Access\\\",\\r\\n Tactic = \\\"Lateral Movement\\\",\\r\\n Technique = \\\"\\\",\\r\\n SubTechnique = \\\"\\\",\\r\\n Description = \\\"Adversary may be trying to move through the environment. APT29 and APT32, for example, has used PtH & PtT techniques to lateral move around the network. The query below generates an output of all users performing an resource access (4624:3) to devices for the first time.\\\"\\r\\n | project TimeGenerated, AnomalyName, Tactic, Technique, SubTechnique, Description, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\\\"Evidence\\\"]=ActivityInsights, SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights, [\\\"Anomaly Score\\\"]=InvestigationPriority; \\r\\nlet AnomalousRDPActivity = LogOns\\r\\n | where ActionType == \\\"RemoteInteractiveLogon\\\"\\r\\n | where ActivityInsights.FirstTimeUserLoggedOnToDevice == true\\r\\n | extend AnomalyName = \\\"Anomalous RDP Activity\\\",\\r\\n Tactic = \\\"Lateral Movement\\\",\\r\\n Technique = \\\"\\\",\\r\\n SubTechnique = \\\"\\\",\\r\\n Description = \\\"Adversaries may use Valid Accounts to log into a computer using the Remote Desktop Protocol (RDP). The adversary may then perform actions as the logged-on user. FIN10, for example, has used RDP to move laterally to systems in the victim environment. The query below generates an output of all users performing a remote interactive logon (4624:10) to a device for the first time.\\\"\\r\\n | project TimeGenerated, AnomalyName, Tactic, Technique, SubTechnique, Description, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\\\"Evidence\\\"]=ActivityInsights, SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights, [\\\"Anomaly Score\\\"]=InvestigationPriority; \\r\\nlet AnomalousLogintoDevices = LogOns\\r\\n | where ActionType == \\\"InteractiveLogon\\\"\\r\\n | where ActivityInsights.FirstTimeUserLoggedOnToDevice == true\\r\\n | where UsersInsights.DormantAccount == true or DevicesInsights.LocalAdmin == true\\r\\n | extend AnomalyName = \\\"Anomalous Login To Devices\\\",\\r\\n Tactic = \\\"Privilege Escalation\\\",\\r\\n Technique = \\\"Valid Accounts\\\",\\r\\n SubTechnique = \\\"\\\",\\r\\n Description = \\\"Adversaries may steal the credentials of a specific user or service account using Credential Access techniques or capture credentials earlier in their reconnaissance process through social engineering for means of gaining Initial Access. APT33, for example, has used valid accounts for initial access and privilege escalation. The query below generates an output of all administrator users performing an interactive logon (4624:2) to a device for the first time.\\\"\\r\\n | project TimeGenerated, AnomalyName, Tactic, Technique, SubTechnique, Description, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\\\"Evidence\\\"]=ActivityInsights, SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights, [\\\"Anomaly Score\\\"]=InvestigationPriority; \\r\\nlet AnomalousPasswordReset = BehaviorAnalytics\\r\\n | where ActionType == \\\"Reset user password\\\"\\r\\n | where ActivityInsights.FirstTimeUserPerformedAction == \\\"True\\\"\\r\\n | join (\\r\\n AuditLogs\\r\\n | where OperationName == \\\"Reset user password\\\"\\r\\n )\\r\\n on $left.SourceRecordId == $right._ItemId\\r\\n | mv-expand TargetResources\\r\\n | extend Target = iff(tostring(TargetResources.userPrincipalName) contains \\\"#EXT#\\\", replace(\\\"_\\\", \\\"@\\\", tostring(split(TargetResources.userPrincipalName, \\\"#\\\")[0])), TargetResources.userPrincipalName), tostring(TargetResources.userPrincipalName)\\r\\n | extend UserPrincipalName = iff(UserPrincipalName contains \\\"#EXT#\\\", replace(\\\"_\\\", \\\"@\\\", tostring(split(UserPrincipalName, \\\"#\\\")[0])), UserPrincipalName),\\r\\n UserName = iff(UserName contains \\\"#EXT#\\\", replace(\\\"_\\\", \\\"@\\\", tostring(split(UserPrincipalName, \\\"#\\\")[0])), UserName)\\r\\n | extend AnomalyName = \\\"Anomalous Password Reset\\\",\\r\\n Tactic = \\\"Impact\\\",\\r\\n Technique = \\\"Account Access Removal\\\",\\r\\n SubTechnique = \\\"\\\",\\r\\n Description = \\\"Adversaries may interrupt availability of system and network resources by inhibiting access to accounts utilized by legitimate users. Accounts may be deleted, locked, or manipulated (ex: changed credentials) to remove access to accounts. LockerGoga, for example, has been observed changing account passwords and logging off current users. The query below generates an output of all users performing Reset user password for the first time.\\\"\\r\\n | project TimeGenerated, AnomalyName, Tactic, Technique, SubTechnique, Description, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\\\"TargetUser\\\"]=Target, [\\\"Evidence\\\"]=ActivityInsights, SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights, [\\\"Anomaly Score\\\"]=InvestigationPriority\\r\\n | sort by TimeGenerated desc;\\r\\nlet AnomalousGeoLocationLogon = BehaviorAnalytics\\r\\n | where ActionType == \\\"Sign-in\\\"\\r\\n | where ActivityInsights.FirstTimeUserConnectedFromCountry == True and (ActivityInsights.FirstTimeConnectionFromCountryObservedInTenant == True or ActivityInsights.CountryUncommonlyConnectedFromAmongPeers == True)\\r\\n | join (\\r\\n SigninLogs\\r\\n )\\r\\n on $left.SourceRecordId == $right._ItemId\\r\\n | extend UserPrincipalName = iff(UserPrincipalName contains \\\"#EXT#\\\", replace(\\\"_\\\", \\\"@\\\", tostring(split(UserPrincipalName, \\\"#\\\")[0])), UserPrincipalName),\\r\\n UserName = iff(UserName contains \\\"#EXT#\\\", replace(\\\"_\\\", \\\"@\\\", tostring(split(UserPrincipalName, \\\"#\\\")[0])), UserName)\\r\\n | extend AnomalyName = \\\"Anomalous Successful Logon\\\",\\r\\n Tactic = \\\"Initial Access\\\",\\r\\n Technique = \\\"Valid Accounts\\\",\\r\\n SubTechnique = \\\"\\\",\\r\\n Description = \\\"Adversaries may steal the credentials of a specific user or service account using Credential Access techniques or capture credentials earlier in their reconnaissance process through social engineering for means of gaining Initial Access. APT33, for example, has used valid accounts for initial access. The query below generates an output of successful Sign-in performed by a user from a new geo location he has never connected from before, and none of his peers as well.\\\"\\r\\n | project TimeGenerated, AnomalyName, Tactic, Technique, SubTechnique, Description, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\\\"Evidence\\\"]=ActivityInsights, ResourceDisplayName, AppDisplayName, SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights, [\\\"Anomaly Score\\\"]=InvestigationPriority; \\r\\nlet AnomalousFailedLogon = BehaviorAnalytics\\r\\n | where ActivityType == \\\"LogOn\\\"\\r\\n | where UsersInsights.BlastRadius == \\\"High\\\"\\r\\n | join (\\r\\n SigninLogs \\r\\n | where Status.errorCode == 50126\\r\\n )\\r\\n on $left.SourceRecordId == $right._ItemId\\r\\n | extend UserPrincipalName = iff(UserPrincipalName contains \\\"#EXT#\\\", replace(\\\"_\\\", \\\"@\\\", tostring(split(UserPrincipalName, \\\"#\\\")[0])), UserPrincipalName),\\r\\n UserName = iff(UserName contains \\\"#EXT#\\\", replace(\\\"_\\\", \\\"@\\\", tostring(split(UserPrincipalName, \\\"#\\\")[0])), UserName)\\r\\n | extend AnomalyName = \\\"Anomalous Failed Logon\\\",\\r\\n Tactic = \\\"Credential Access\\\",\\r\\n Technique = \\\"Brute Force\\\",\\r\\n SubTechnique = \\\"Password Guessing\\\",\\r\\n Description = \\\"Adversaries with no prior knowledge of legitimate credentials within the system or environment may guess passwords to attempt access to accounts. Emotet, for example, has been observed using a hard coded list of passwords to brute force user accounts. The query below generates an output of all users with 'High' BlastRadius that perform failed Sign-in:Invalid username or password.\\\"\\r\\n | project TimeGenerated, AnomalyName, Tactic, Technique, SubTechnique, Description, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\\\"Evidence\\\"]=ActivityInsights, ResourceDisplayName, AppDisplayName, SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights, [\\\"Anomaly Score\\\"]=InvestigationPriority; \\r\\nlet AnomalousAADAccountManipulation = AuditLogs\\r\\n | where OperationName == \\\"Update user\\\"\\r\\n | mv-expand AdditionalDetails\\r\\n | where AdditionalDetails.key == \\\"UserPrincipalName\\\"\\r\\n | mv-expand TargetResources\\r\\n | extend RoleId = tostring(TargetResources.modifiedProperties[0].newValue)\\r\\n | where isnotempty(RoleId) and RoleId in (critical, high)\\r\\n | extend RoleName = tostring(TargetResources.modifiedProperties[1].newValue)\\r\\n | where isnotempty(RoleName)\\r\\n | extend TargetId = tostring(TargetResources.id)\\r\\n | extend Target = iff(tostring(TargetResources.userPrincipalName) contains \\\"#EXT#\\\", replace(\\\"_\\\", \\\"@\\\", tostring(split(TargetResources.userPrincipalName, \\\"#\\\")[0])), TargetResources.userPrincipalName), tostring(TargetResources.userPrincipalName)\\r\\n | join kind=inner ( \\r\\n BehaviorAnalytics\\r\\n | where ActionType == \\\"Update user\\\"\\r\\n | where UsersInsights.BlasrRadius == \\\"High\\\" or ActivityInsights.FirstTimeUserPerformedAction == true\\r\\n )\\r\\n on $left._ItemId == $right.SourceRecordId\\r\\n | extend UserPrincipalName = iff(UserPrincipalName contains \\\"#EXT#\\\", replace(\\\"_\\\", \\\"@\\\", tostring(split(UserPrincipalName, \\\"#\\\")[0])), UserPrincipalName),\\r\\n UserName = iff(UserName contains \\\"#EXT#\\\", replace(\\\"_\\\", \\\"@\\\", tostring(split(UserPrincipalName, \\\"#\\\")[0])), UserName) \\r\\n | extend AnomalyName = \\\"Anomalous Account Manipulation\\\",\\r\\n Tactic = \\\"Persistence\\\",\\r\\n Technique = \\\"Account Manipulation\\\",\\r\\n SubTechnique = \\\"\\\",\\r\\n Description = \\\"Adversaries may manipulate accounts to maintain access to victim systems. These actions include adding new accounts to high privileged groups. Dragonfly 2.0, for example, added newly created accounts to the administrators group to maintain elevated access. The query below generates an output of all high Blast Radius users performing 'Update user' (name change) to privileged role, or ones that changed users for the first time.\\\"\\r\\n | project TimeGenerated, AnomalyName, Tactic, Technique, SubTechnique, Description, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\\\"TargetUser\\\"]=Target, RoleName, [\\\"Evidence\\\"]=ActivityInsights, SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights, [\\\"Anomaly Score\\\"]=InvestigationPriority; let AnomalousAADAccountCreation = BehaviorAnalytics\\r\\n | where ActionType == \\\"Add user\\\"\\r\\n | where ActivityInsights.FirstTimeUserPerformedAction == True or ActivityInsights.FirstTimeActionPerformedInTenant == True or ActivityInsights.ActionUncommonlyPerformedAmongPeers == true\\r\\n | join(\\r\\n AuditLogs\\r\\n | where OperationName == \\\"Add user\\\"\\r\\n )\\r\\n on $left.SourceRecordId == $right._ItemId\\r\\n | mv-expand TargetResources\\r\\n | extend Target = iff(tostring(TargetResources.userPrincipalName) contains \\\"#EXT#\\\", replace(\\\"_\\\", \\\"@\\\", tostring(split(TargetResources.userPrincipalName, \\\"#\\\")[0])), TargetResources.userPrincipalName), tostring(TargetResources.userPrincipalName)\\r\\n | extend DisplayName = tostring(UsersInsights.AccountDisplayName),\\r\\n UserPrincipalName = iff(UserPrincipalName contains \\\"#EXT#\\\", replace(\\\"_\\\", \\\"@\\\", tostring(split(UserPrincipalName, \\\"#\\\")[0])), UserPrincipalName),\\r\\n UserName = iff(UserName contains \\\"#EXT#\\\", replace(\\\"_\\\", \\\"@\\\", tostring(split(UserPrincipalName, \\\"#\\\")[0])), UserName)\\r\\n | extend AnomalyName = \\\"Anomalous Account Creation\\\",\\r\\n Tactic = \\\"Persistence\\\",\\r\\n Technique = \\\"Create Account\\\",\\r\\n SubTechnique = \\\"Cloud Account\\\",\\r\\n Description = \\\"Adversaries may create a cloud account to maintain access to victim systems. With a sufficient level of access, such accounts may be used to establish secondary credentialed access that does not require persistent remote access tools to be deployed on the system. The query below generates an output of all the users performing user creation for the first time and the target users that were created.\\\"\\t\\r\\n | project TimeGenerated, AnomalyName, Tactic, Technique, SubTechnique, Description, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\\\"TargetUser\\\"]=Target, [\\\"Evidence\\\"]=ActivityInsights, SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights, [\\\"Anomaly Score\\\"]=InvestigationPriority\\r\\n | sort by TimeGenerated desc;\\r\\nlet AnomalyTable = union kind=outer AnomalousSigninActivity, AnomalousRoleAssignment, AnomalousResourceAccess, AnomalousRDPActivity, AnomalousPasswordReset, AnomalousLogintoDevices, AnomalousGeoLocationLogon, AnomalousAADAccountManipulation, AnomalousAADAccountCreation, AnomalousFailedLogon;\\r\\nlet TopUsersByAnomalies = AnomalyTable\\r\\n | summarize hint.strategy = shuffle AnomalyCount=count() by UserName, UserPrincipalName, tostring(UsersInsights.OnPremSid), tostring(UsersInsights.AccountObjectId)\\r\\n | project Name=tolower(UserName), UPN=tolower(UserPrincipalName), AadUserId=UsersInsights_AccountObjectId, Sid=UsersInsights_OnPremSid, AnomalyCount\\r\\n | sort by AnomalyCount desc;\\r\\nlet TopUsersByIncidents = SecurityIncident\\r\\n | summarize hint.strategy = shuffle arg_max(LastModifiedTime, *) by IncidentNumber\\r\\n | where Status == \\\"New\\\" or Status == \\\"Active\\\"\\r\\n | mv-expand AlertIds\\r\\n | extend AlertId = tostring(AlertIds)\\r\\n | join kind= innerunique ( \\r\\n SecurityAlert \\r\\n )\\r\\n on $left.AlertId == $right.SystemAlertId\\r\\n | summarize hint.strategy = shuffle arg_max(TimeGenerated, *), NumberOfUpdates = count() by SystemAlertId\\r\\n | mv-expand todynamic(Entities)\\r\\n | where Entities[\\\"Type\\\"] =~ \\\"account\\\"\\r\\n | extend Name = tostring(tolower(Entities[\\\"Name\\\"])), NTDomain = tostring(Entities[\\\"NTDomain\\\"]), UPNSuffix = tostring(Entities[\\\"UPNSuffix\\\"]), AadUserId = tostring(Entities[\\\"AadUserId\\\"]), AadTenantId = tostring(Entities[\\\"AadTenantId\\\"]), \\r\\n Sid = tostring(Entities[\\\"Sid\\\"]), IsDomainJoined = tobool(Entities[\\\"IsDomainJoined\\\"]), Host = tostring(Entities[\\\"Host\\\"])\\r\\n | extend UPN = iff(Name != \\\"\\\" and UPNSuffix != \\\"\\\", strcat(Name, \\\"@\\\", UPNSuffix), \\\"\\\")\\r\\n | union TopUsersByAnomalies\\r\\n | extend \\r\\n AadPivot = iff(isempty(AadUserId), iff(isempty(Sid), Name, Sid), AadUserId),\\r\\n SidPivot = iff(isempty(Sid), iff(isempty(AadUserId), Name, AadUserId), Sid),\\r\\n UPNExists = iff(isempty(UPN), false, true),\\r\\n NameExists = iff(isempty(Name), false, true),\\r\\n SidExists = iff(isempty(Sid), false, true),\\r\\n AADExists = iff(isempty(AadUserId), false, true)\\r\\n | summarize hint.strategy = shuffle IncidentCount=dcount(IncidentNumber, 4), AlertCount=dcountif(AlertId, isnotempty(AlertId), 4), AnomalyCount=sum(AnomalyCount), any(Title, Severity, Status, StartTime, IncidentNumber, IncidentUrl, Owner), UPNAnchor=anyif(UPN, UPNExists == true), NameAnchor=anyif(Name, NameExists == true), AadAnchor=anyif(AadUserId, AADExists == true), SidAnchor=anyif(Sid, SidExists == true), any(SidPivot) by AadPivot\\r\\n | summarize hint.strategy = shuffle IncidentCount=sum(IncidentCount), AlertCount=sum(AlertCount), AnomalyCount=sum(AnomalyCount), UPNAnchor=anyif(UPNAnchor, isempty(UPNAnchor) == false), NameAnchor=anyif(NameAnchor, isempty(NameAnchor) == false), AadAnchor=anyif(AadAnchor, isempty(AadAnchor) == false), SidAnchor=anyif(SidAnchor, isempty(SidAnchor) == false), any(any_Title, any_Severity, any_StartTime, any_IncidentNumber, any_IncidentUrl) by any_SidPivot\\r\\n | summarize hint.strategy = shuffle IncidentCount=sum(IncidentCount), AlertCount=sum(AlertCount), AnomalyCount=sum(AnomalyCount), UPNAnchor=anyif(UPNAnchor, isempty(UPNAnchor) == false), AadAnchor=anyif(AadAnchor, isempty(AadAnchor) == false), SidAnchor=anyif(SidAnchor, isempty(SidAnchor) == false), any(any_any_Title, any_any_Severity, any_any_StartTime, any_any_IncidentNumber, any_any_IncidentUrl) by NameAnchor\\r\\n | project [\\\"UserName\\\"]=NameAnchor, IncidentCount, AlertCount, AnomalyCount, [\\\"AadUserId\\\"]=AadAnchor, [\\\"OnPremSid\\\"]=SidAnchor, [\\\"UserPrincipalName\\\"]=UPNAnchor;\\r\\nTopUsersByIncidents\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| project UserPrincipalName, IncidentCount, AlertCount, AnomalyCount\\r\\n| sort by AlertCount desc\\r\\n| limit 100\",\"size\":0,\"showAnalytics\":true,\"title\":\"Entity Behavior Analytics Alerts\",\"noDataMessage\":\"No results, Confirm Sentinel Entity Behavior is Enabled\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"IncidentCount\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"AlertCount\",\"formatter\":8,\"formatOptions\":{\"palette\":\"orange\"}},{\"columnMatch\":\"AnomalyCount\",\"formatter\":8,\"formatOptions\":{\"palette\":\"yellow\"}}],\"rowLimit\":2500,\"filter\":true,\"sortBy\":[{\"itemKey\":\"$gen_heatmap_AlertCount_2\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"$gen_heatmap_AlertCount_2\",\"sortOrder\":2}],\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"name\":\"query - 1\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let UncommonActionVolume = BehaviorAnalytics\\r\\n| extend UncommonActionVolume = tostring(ActivityInsights.UncommonHighVolumeOfActions)\\r\\n| where UncommonActionVolume == \\\"True\\\"\\r\\n| summarize count() by UserPrincipalName\\r\\n| project-rename UncommonActionVolume = count_;\\r\\nlet UncommonAction = BehaviorAnalytics\\r\\n| extend UncommonAction = tostring(ActivityInsights.ActionUncommonlyPerformedByUser)\\r\\n| where UncommonAction == \\\"True\\\"\\r\\n| summarize count() by UserPrincipalName\\r\\n| project-rename UncommonAction = count_;\\r\\nlet Uncommon = UncommonActionVolume | join(UncommonAction) on UserPrincipalName;\\r\\nlet FirstTimeDeviceLogon = BehaviorAnalytics\\r\\n| extend FirstTimeDeviceLogon = tostring(ActivityInsights.FirstTimeUserLoggedOnToDevice)\\r\\n| where FirstTimeDeviceLogon == \\\"True\\\"\\r\\n| summarize count() by UserPrincipalName\\r\\n| project-rename FirstTimeDeviceLogon = count_;\\r\\nlet FirstTimeUserAction = BehaviorAnalytics\\r\\n| extend FirstTimeUserAction = tostring(ActivityInsights.FirstTimeUserPerformedAction)\\r\\n| where FirstTimeUserAction == \\\"True\\\"\\r\\n| summarize count() by UserPrincipalName\\r\\n| project-rename FirstTimeUserAction = count_;\\r\\nlet FirstTime = FirstTimeUserAction | join(FirstTimeDeviceLogon) on UserPrincipalName;\\r\\nUncommon | join kind=fullouter(FirstTime) on UserPrincipalName\\r\\n| where UserPrincipalName <> \\\"\\\"\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| project UserPrincipalName, UncommonActionVolume, UncommonAction, FirstTimeUserAction, FirstTimeDeviceLogon\\r\\n| sort by UncommonActionVolume desc \\r\\n| limit 100\",\"size\":0,\"showAnalytics\":true,\"title\":\"User Anomalies\",\"noDataMessage\":\"There are no results within the selected thresholds (time, workspace, subscription). See Enable User and Entity Behavior Analytics (UEBA) in Microsoft Sentinel for respective UEBA configurations (https://docs.microsoft.com/azure/sentinel/enable-entity-behavior-analytics)\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"UncommonActionVolume\",\"formatter\":4,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"UncommonAction\",\"formatter\":4,\"formatOptions\":{\"palette\":\"green\"}},{\"columnMatch\":\"FirstTimeUserAction\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"FirstTimeDeviceLogon\",\"formatter\":4,\"formatOptions\":{\"palette\":\"yellow\"}},{\"columnMatch\":\"IncidentCount\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"AlertCount\",\"formatter\":8,\"formatOptions\":{\"palette\":\"orange\"}},{\"columnMatch\":\"AnomalyCount\",\"formatter\":8,\"formatOptions\":{\"palette\":\"yellow\"}}],\"filter\":true,\"sortBy\":[{\"itemKey\":\"$gen_bar_FirstTimeDeviceLogon_4\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"$gen_bar_FirstTimeDeviceLogon_4\",\"sortOrder\":2}],\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results48\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"query - 4\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"AADUserRiskEvents\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| extend UserProfile = strcat(\\\"#blade/Microsoft_AAD_IAM/UserDetailsMenuBlade/Profile/userId/\\\",UserId)\\r\\n| extend countryOrRegion_ = tostring(Location.countryOrRegion)\\r\\n| extend city_ = tostring(Location.city)\\r\\n| extend state_ = tostring(Location.state)\\r\\n| extend latitude_ = tostring(parse_json(tostring(Location.geoCoordinates)).latitude)\\r\\n| extend longitude_ = tostring(parse_json(tostring(Location.geoCoordinates)).longitude)\\r\\n| distinct UserPrincipalName, UserProfile, RiskLevel, RiskEventType, city_, state_, countryOrRegion_, UserId\\r\\n| limit 100\",\"size\":0,\"showAnalytics\":true,\"title\":\"User Sign-in Risk Details\",\"noDataMessage\":\"There are no results within the selected thresholds (time, workspace, subscription). See How To: Configure and enable Microsoft Entra ID: Identity Protection risk policies (https://docs.microsoft.com/azure/active-directory/identity-protection/howto-identity-protection-configure-risk-policies)\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"UserProfile\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"OpenBlade\",\"linkLabel\":\"EntraID User Profile >>\",\"bladeOpenContext\":{\"bladeName\":\"UserDetailsMenuBlade\",\"extensionName\":\"Microsoft_AAD_IAM\",\"bladeParameters\":[{\"name\":\"userId\",\"source\":\"column\",\"value\":\"UserId\"}]}}},{\"columnMatch\":\"RiskLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"high\",\"representation\":\"Sev0\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"medium\",\"representation\":\"Sev1\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"low\",\"representation\":\"Sev2\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"Sev3\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"UserId\",\"formatter\":5}],\"filter\":true}},\"conditionalVisibility\":{\"parameterName\":\"Results49\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"query - 14\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let start = {TimeRange:grain};\\r\\nlet end = 1d;\\r\\nlet timeframe = 1h;\\r\\nlet scorethreshold = 5;\\r\\nlet bytessentperhourthreshold = 10;\\r\\nlet TimeSeriesData = _Im_WebSession(starttime=start, endtime=now())\\r\\n | where isnotempty(DstIpAddr)\\r\\n and not(ipv4_is_private(DstIpAddr))\\r\\n | summarize SrcBytesSum=tolong(sum(SrcBytes)) by EventProduct, bin(TimeGenerated, 1h)\\r\\n | extend EventTime = TimeGenerated\\r\\n | make-series TotalBytesSent = sum(SrcBytesSum) on EventTime from startofday(ago(start)) to startofday(now()) step timeframe by EventProduct;\\r\\n// TimeSeriesData block ends here\\r\\n//Take only anomalies in TimeSeriesData\\r\\nlet TimeSeriesAnomalies = materialize(TimeSeriesData\\r\\n | extend (anomalies, score, baseline) = series_decompose_anomalies(TotalBytesSent, scorethreshold, -1, 'linefit')\\r\\n | mv-expand\\r\\n TotalBytesSent to typeof(long),\\r\\n EventTime to typeof(datetime),\\r\\n anomalies to typeof(double),\\r\\n score to typeof(double),\\r\\n baseline to typeof(long)\\r\\n | where anomalies > 0 and baseline > 0\\r\\n | extend AnomalyHour = EventTime\\r\\n | extend\\r\\n TotalBytesSentinMBperHour = round(((TotalBytesSent / 1024) / 1024), 2),\\r\\n BaselineBytesSentinMBperHour = round(((baseline / 1024) / 1024), 2),\\r\\n score = round(score, 2)\\r\\n | project\\r\\n EventProduct,\\r\\n AnomalyHour,\\r\\n TotalBytesSentinMBperHour,\\r\\n BaselineBytesSentinMBperHour,\\r\\n anomalies,\\r\\n score\\r\\n //| where AnomalyHour between (startofday(ago(end)) .. startofday(now())) // Get TimeSeriesAnomalies in previous day\\r\\n );\\r\\n let AnomalyHours = materialize (TimeSeriesAnomalies\\r\\n | project AnomalyHour);\\r\\n //Previous day aggregated per hour\\r\\n let Last14DayLogs = \\r\\n _Im_WebSession(starttime=start, endtime=now())\\r\\n | extend DateHour = bin(TimeGenerated, timeframe) // create a new column and round to hour\\r\\n | where DateHour in (AnomalyHours) // Filter dataset to include only anomaly AnomalyHours\\r\\n | where isnotempty(DstIpAddr) and isnotempty(SrcIpAddr) and isnotempty(SrcBytes)\\r\\n | where not(ipv4_is_private(DstIpAddr))\\r\\n | project\\r\\n TimeGenerated,\\r\\n DateHour,\\r\\n DstIpAddr,\\r\\n SrcIpAddr,\\r\\n SrcBytes,\\r\\n DstBytes,\\r\\n DstPortNumber,\\r\\n EventProduct\\r\\n | summarize\\r\\n HourlyCount = count(),\\r\\n TimeGeneratedMax = arg_max(TimeGenerated, *),\\r\\n DestinationIPList = make_set(DstIpAddr, 100),\\r\\n DestinationPortList = make_set(DstPortNumber, 100),\\r\\n TotalSentBytes = tolong(sum(SrcBytes)),\\r\\n TotalReceivedBytes = tolong(sum(DstBytes))\\r\\n by SrcIpAddr, EventProduct, TimeGeneratedHour = bin(TimeGenerated, timeframe)\\r\\n | extend\\r\\n SentBytesinMB = ((TotalSentBytes / 1024) / 1024),\\r\\n ReceivedBytesinMB = ((TotalReceivedBytes / 1024) / 1024)\\r\\n | where SentBytesinMB > bytessentperhourthreshold\\r\\n | sort by TimeGeneratedHour asc, SentBytesinMB desc\\r\\n | extend Rank=row_number(1, prev(TimeGeneratedHour) != TimeGeneratedHour) // Ranking the dataset per Hourly Partition\\r\\n | where Rank <= 10 // Selecting Top 10 records with Highest BytesSent in each Hour\\r\\n | project\\r\\n EventProduct,\\r\\n TimeGeneratedHour,\\r\\n TimeGeneratedMax,\\r\\n SrcIpAddr,\\r\\n DestinationIPList,\\r\\n DestinationPortList,\\r\\n SentBytesinMB,\\r\\n ReceivedBytesinMB,\\r\\n Rank,\\r\\n HourlyCount;\\r\\n Last14DayLogs\",\"size\":0,\"showAnalytics\":true,\"title\":\"ASim WebSession: Detect potential data exfilteration using timeseries anomaly\",\"noDataMessage\":\"There are no results within the selected thresholds.\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"UserProfile\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"OpenBlade\",\"linkLabel\":\"EntraID User Profile >>\",\"bladeOpenContext\":{\"bladeName\":\"UserDetailsMenuBlade\",\"extensionName\":\"Microsoft_AAD_IAM\",\"bladeParameters\":[{\"name\":\"userId\",\"source\":\"column\",\"value\":\"UserId\"}]}}},{\"columnMatch\":\"RiskLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"high\",\"representation\":\"Sev0\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"medium\",\"representation\":\"Sev1\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"low\",\"representation\":\"Sev2\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"Sev3\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"UserId\",\"formatter\":5}],\"filter\":true}},\"name\":\"query - 14\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BehaviorAnalytics\\r\\n| where ActionType == \\\"Reset user password\\\"\\r\\n| where ActivityInsights has \\\"True\\\"\\r\\n| join (\\r\\n AuditLogs\\r\\n )\\r\\n on $left.SourceRecordId == $right._ItemId\\r\\n| mv-expand TargetResources\\r\\n| extend Target = iff(tostring(TargetResources.userPrincipalName) has \\\"#EXT#\\\", replace(\\\"_\\\", \\\"@\\\", tostring(split(TargetResources.userPrincipalName, \\\"#\\\")[0])), TargetResources.userPrincipalName), tostring(TargetResources.userPrincipalName)\\r\\n| extend UserPrincipalName = iff(UserPrincipalName has \\\"#EXT#\\\", replace(\\\"_\\\", \\\"@\\\", tostring(split(UserPrincipalName, \\\"#\\\")[0])), UserPrincipalName),\\r\\n UserName = iff(UserName has \\\"#EXT#\\\", replace(\\\"_\\\", \\\"@\\\", tostring(split(UserPrincipalName, \\\"#\\\")[0])), UserName)\\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\\\"TargetUser\\\"]=Target, ActivityInsights, SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| summarize count() by UserPrincipalName\\r\\n| sort by count_ desc\\r\\n| limit 100\",\"size\":0,\"showAnalytics\":true,\"title\":\"Anomalous Password Reset\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"IPAddress\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"uninitialized\",\"text\":\"{0}{1}\"}]}}],\"filter\":true},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results50\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results50\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BehaviorAnalytics\\r\\n| where ActivityType == \\\"LogOn\\\"\\r\\n| where UsersInsights.BlastRadius == \\\"High\\\"\\r\\n| join (\\r\\nSigninLogs | where Status.errorCode == 50126\\r\\n) on $left.SourceRecordId == $right._ItemId\\r\\n| extend UserPrincipalName = iff(UserPrincipalName contains \\\"#EXT#\\\",replace(\\\"_\\\",\\\"@\\\",tostring(split(UserPrincipalName, \\\"#\\\")[0])),UserPrincipalName),\\r\\nUserName = iff(UserName contains \\\"#EXT#\\\",replace(\\\"_\\\",\\\"@\\\",tostring(split(UserPrincipalName, \\\"#\\\")[0])),UserName)\\r\\n| project TimeGenerated, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType,[\\\"Evidence\\\"]=ActivityInsights, ResourceDisplayName,AppDisplayName ,SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| summarize count() by UserPrincipalName\\r\\n| sort by count_ desc\\r\\n| limit 100\",\"size\":0,\"showAnalytics\":true,\"title\":\"Anomalous Failed Logon\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"IPAddress\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"uninitialized\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}}]},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results51\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results51\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BehaviorAnalytics\\r\\n| where ActionType == \\\"Sign-in\\\"\\r\\n| where ActivityInsights.FirstTimeConnectionFromCountryObservedInTenant == True and ActivityInsights.CountryUncommonlyConnectedFromAmongPeers == True\\r\\n | join (\\r\\nSigninLogs\\r\\n) on $left.SourceRecordId == $right._ItemId\\r\\n| extend UserPrincipalName = iff(UserPrincipalName contains \\\"#EXT#\\\",replace(\\\"_\\\",\\\"@\\\",tostring(split(UserPrincipalName, \\\"#\\\")[0])),UserPrincipalName),\\r\\nUserName = iff(UserName contains \\\"#EXT#\\\",replace(\\\"_\\\",\\\"@\\\",tostring(split(UserPrincipalName, \\\"#\\\")[0])),UserName)\\r\\n| project TimeGenerated, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType,[\\\"Evidence\\\"]=ActivityInsights, ResourceDisplayName,AppDisplayName ,SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| summarize count() by UserPrincipalName\\r\\n| sort by count_ desc\\r\\n| limit 100\",\"size\":0,\"showAnalytics\":true,\"title\":\"Anomalous Geolocation Logon\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"IPAddress\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"uninitialized\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}}]},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results52\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results52\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"//Critical Roles: can impersonate any user or app, can update passwords for users or service principals (if the role can let a user update passwords for privileged users, if an attacker compromises this user then attacker can update passwords for privileged users hence gaining more privileges so users with this role are equally critical)\\r\\n//High Roles: Administrators that can manage all aspects or permissions of important products but can't update credentials and impersonate another user/app\\r\\nlet critical = dynamic(['9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3','c4e39bd9-1100-46d3-8c65-fb160da0071f','158c047a-c907-4556-b7ef-446551a6b5f7','62e90394-69f5-4237-9190-012177145e10','d29b2b05-8046-44ba-8758-1e26182fcf32','729827e3-9c14-49f7-bb1b-9608f156bbb8','966707d0-3269-4727-9be2-8c3a10f19b9d','194ae4cb-b126-40b2-bd5b-6091b380977d','fe930be7-5e62-47db-91af-98c3a49a38b1']);\\r\\nlet high = dynamic(['cf1c38e5-3621-4004-a7cb-879624dced7c','7495fdc4-34c4-4d15-a289-98788ce399fd','aaf43236-0c0d-4d5f-883a-6955382ac081','3edaf663-341e-4475-9f94-5c398ef6c070','7698a772-787b-4ac8-901f-60d6b08affd2','b1be1c3e-b65d-4f19-8427-f6fa0d97feb9','9f06204d-73c1-4d4c-880a-6edb90606fd8','29232cdf-9323-42fd-ade2-1d097af3e4de','be2f45a1-457d-42af-a067-6ec1fa63bc45','7be44c8a-adaf-4e2a-84d6-ab2649e08a13','e8611ab8-c189-46e8-94e1-60213ab1f814']);\\r\\nAuditLogs\\r\\n| where OperationName == \\\"Update user\\\"\\r\\n| mv-expand AdditionalDetails\\r\\n| mv-expand TargetResources\\r\\n| where AdditionalDetails.key == \\\"UserPrincipalName\\\"\\r\\n| mv-expand TargetResources\\r\\n| extend RoleId = tostring(TargetResources.modifiedProperties[0].newValue)\\r\\n| extend RoleName = tostring(TargetResources.modifiedProperties[1].newValue)\\r\\n| where RoleId in (critical,high)\\r\\n| where isnotempty(RoleId) or isnotempty(RoleName)\\r\\n| extend TargetId = tostring(TargetResources.id)\\r\\n| extend Target = iff(tostring(TargetResources.userPrincipalName) has \\\"#EXT#\\\",replace(\\\"_\\\",\\\"@\\\",tostring(split(TargetResources.userPrincipalName, \\\"#\\\")[0])),TargetResources.userPrincipalName),tostring(TargetResources.userPrincipalName)\\r\\n| join kind=inner ( BehaviorAnalytics\\r\\n) on $left._ItemId == $right.SourceRecordId\\r\\n| where UsersInsights.BlastRadius == \\\"High\\\" or ActivityInsights has \\\"True\\\"\\r\\n| extend UserPrincipalName = iff(UserPrincipalName has \\\"#EXT#\\\",replace(\\\"_\\\",\\\"@\\\",tostring(split(UserPrincipalName, \\\"#\\\")[0])),UserPrincipalName),\\r\\nUserName = iff(UserName has \\\"#EXT#\\\",replace(\\\"_\\\",\\\"@\\\",tostring(split(UserPrincipalName, \\\"#\\\")[0])),UserName) \\r\\n| project TimeGenerated, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\\\"TargetUser\\\"]=Target,RoleName,ActivityInsights ,SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| summarize count() by UserPrincipalName\\r\\n| sort by count_ desc\\r\\n| limit 100\",\"size\":0,\"showAnalytics\":true,\"title\":\"Anomalous AAD Account Manipulation\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"IPAddress\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"uninitialized\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}}]},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results53\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results53\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"//Critical Roles: can impersonate any user or app, can update passwords for users or service principals (if the role can let a user update passwords for privileged users, if an attacker compromises this user then attacker can update passwords for privileged users hence gaining more privileges so users with this role are equally critical)\\r\\n//High Roles: Administrators that can manage all aspects or permissions of important products but can't update credentials and impersonate another user/app\\r\\nlet critical = dynamic(['9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3','c4e39bd9-1100-46d3-8c65-fb160da0071f','158c047a-c907-4556-b7ef-446551a6b5f7','62e90394-69f5-4237-9190-012177145e10','d29b2b05-8046-44ba-8758-1e26182fcf32','729827e3-9c14-49f7-bb1b-9608f156bbb8','966707d0-3269-4727-9be2-8c3a10f19b9d','194ae4cb-b126-40b2-bd5b-6091b380977d','fe930be7-5e62-47db-91af-98c3a49a38b1']);\\r\\nlet high = dynamic(['cf1c38e5-3621-4004-a7cb-879624dced7c','7495fdc4-34c4-4d15-a289-98788ce399fd','aaf43236-0c0d-4d5f-883a-6955382ac081','3edaf663-341e-4475-9f94-5c398ef6c070','7698a772-787b-4ac8-901f-60d6b08affd2','b1be1c3e-b65d-4f19-8427-f6fa0d97feb9','9f06204d-73c1-4d4c-880a-6edb90606fd8','29232cdf-9323-42fd-ade2-1d097af3e4de','be2f45a1-457d-42af-a067-6ec1fa63bc45','7be44c8a-adaf-4e2a-84d6-ab2649e08a13','e8611ab8-c189-46e8-94e1-60213ab1f814']);\\r\\nAuditLogs\\r\\n| where OperationName == \\\"Add user\\\"\\r\\n| mv-expand AdditionalDetails\\r\\n| mv-expand TargetResources\\r\\n| where AdditionalDetails.key == \\\"UserPrincipalName\\\"\\r\\n| mv-expand TargetResources\\r\\n| extend RoleId = tostring(TargetResources.modifiedProperties[0].newValue)\\r\\n| extend RoleName = tostring(TargetResources.modifiedProperties[1].newValue)\\r\\n| where RoleId in (critical,high)\\r\\n| where isnotempty(RoleId) or isnotempty(RoleName)\\r\\n| extend TargetId = tostring(TargetResources.id)\\r\\n| extend Target = iff(tostring(TargetResources.userPrincipalName) has \\\"#EXT#\\\",replace(\\\"_\\\",\\\"@\\\",tostring(split(TargetResources.userPrincipalName, \\\"#\\\")[0])),TargetResources.userPrincipalName),tostring(TargetResources.userPrincipalName)\\r\\n| join kind=inner ( BehaviorAnalytics\\r\\n) on $left._ItemId == $right.SourceRecordId\\r\\n| where UsersInsights.BlastRadius == \\\"High\\\" or ActivityInsights has \\\"True\\\"\\r\\n| extend UserPrincipalName = iff(UserPrincipalName has \\\"#EXT#\\\",replace(\\\"_\\\",\\\"@\\\",tostring(split(UserPrincipalName, \\\"#\\\")[0])),UserPrincipalName),\\r\\nUserName = iff(UserName has \\\"#EXT#\\\",replace(\\\"_\\\",\\\"@\\\",tostring(split(UserPrincipalName, \\\"#\\\")[0])),UserName) \\r\\n| project TimeGenerated, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\\\"TargetUser\\\"]=Target,RoleName,ActivityInsights ,SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| summarize count() by UserPrincipalName\\r\\n| sort by count_ desc\\r\\n| limit 100\",\"size\":0,\"showAnalytics\":true,\"title\":\"Anomalous Account Creation\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"IPAddress\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"uninitialized\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}}]},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results54\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results54\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let critical = dynamic(['9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3','c4e39bd9-1100-46d3-8c65-fb160da0071f','158c047a-c907-4556-b7ef-446551a6b5f7','62e90394-69f5-4237-9190-012177145e10','d29b2b05-8046-44ba-8758-1e26182fcf32','729827e3-9c14-49f7-bb1b-9608f156bbb8','966707d0-3269-4727-9be2-8c3a10f19b9d','194ae4cb-b126-40b2-bd5b-6091b380977d','fe930be7-5e62-47db-91af-98c3a49a38b1']);\\r\\nlet high = dynamic(['cf1c38e5-3621-4004-a7cb-879624dced7c','7495fdc4-34c4-4d15-a289-98788ce399fd','aaf43236-0c0d-4d5f-883a-6955382ac081','3edaf663-341e-4475-9f94-5c398ef6c070','7698a772-787b-4ac8-901f-60d6b08affd2','b1be1c3e-b65d-4f19-8427-f6fa0d97feb9','9f06204d-73c1-4d4c-880a-6edb90606fd8','29232cdf-9323-42fd-ade2-1d097af3e4de','be2f45a1-457d-42af-a067-6ec1fa63bc45','7be44c8a-adaf-4e2a-84d6-ab2649e08a13','e8611ab8-c189-46e8-94e1-60213ab1f814']);\\r\\nAuditLogs\\r\\n| where OperationName == \\\"Add member to role\\\"\\r\\n| mv-expand TargetResources\\r\\n| extend RoleId = tostring(TargetResources.modifiedProperties[0].newValue)\\r\\n| extend RoleName = tostring(TargetResources.modifiedProperties[1].newValue)\\r\\n| where RoleId in (critical,high)\\r\\n| extend TargetId = tostring(TargetResources.id)\\r\\n| extend Target = tostring(TargetResources.userPrincipalName)\\r\\n| where isnotempty(RoleId) or isnotempty(RoleName)\\r\\n| join kind=inner ( BehaviorAnalytics\\r\\n) on $left._ItemId == $right.SourceRecordId\\r\\n| where UsersInsights.BlasrRadius == \\\"High\\\" or ActivityInsights has \\\"True\\\"\\r\\n| project TimeGenerated, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\\\"TargetUser\\\"]=Target,RoleName,ActivityInsights ,SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| summarize count() by UserPrincipalName\\r\\n| sort by count_ desc\\r\\n| limit 100\",\"size\":0,\"showAnalytics\":true,\"title\":\"Anomalous Role Assignment\",\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"IPAddress\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"uninitialized\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}}]},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results55\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results55\",\"styleSettings\":{\"maxWidth\":\"50\"}}]},\"conditionalVisibility\":{\"parameterName\":\"isUEBAVisible\",\"comparison\":\"isEqualTo\",\"value\":\"true\"},\"name\":\"Entity Insights\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"2a891328-fdea-48e1-9363-99fc0ac0468c\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results80\",\"type\":1,\"query\":\"OfficeActivity\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where Operation contains \\\"file\\\"\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"0\",\"name\":\"Results80\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"3a9f9b6b-8bd2-462a-840f-58d00dc9a937\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results81\",\"type\":1,\"query\":\"let startTime = {TimeRange:grain}; // Adjust as needed\\r\\nOfficeActivity\\r\\n| where TimeGenerated >= startTime\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where EventSource == \\\"SharePoint\\\" and OfficeWorkload has_any(\\\"SharePoint\\\", \\\"OneDrive\\\") and Operation has_any (\\\"FileDownloaded\\\", \\\"FileSyncDownloadedFull\\\", \\\"FileSyncUploadedFull\\\", \\\"FileUploaded\\\")\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"0\",\"name\":\"Results81\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"ebc6e154-835c-4dc9-9142-e84e21a723e3\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results83\",\"type\":1,\"query\":\"OfficeActivity\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where ExternalAccess <> \\\"True\\\"\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"0\",\"name\":\"Results83\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"0d5b45d1-3217-43e6-affd-56b73e7d3560\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results85\",\"type\":1,\"query\":\"let starttime = {TimeRange:grain};\\r\\nlet endtime = 1d;\\r\\nlet historicalActivity=\\r\\n OfficeActivity\\r\\n | where TimeGenerated between(ago(starttime)..ago(endtime))\\r\\n | where RecordType == \\\"ExchangeAdmin\\\" and UserType in (\\\"Admin\\\", \\\"DcAdmin\\\")\\r\\n | summarize historicalCount=count() by UserId;\\r\\nlet recentActivity = OfficeActivity\\r\\n | where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n | where TimeGenerated > ago(endtime)\\r\\n | where UserType in (\\\"Admin\\\", \\\"DcAdmin\\\")\\r\\n | summarize recentCount=count() by UserId;\\r\\nrecentActivity\\r\\n| join kind = leftanti (\\r\\n historicalActivity\\r\\n )\\r\\n on UserId\\r\\n| project UserId, recentCount\\r\\n| order by recentCount asc, UserId\\r\\n| join kind = rightsemi \\r\\n (OfficeActivity \\r\\n | where TimeGenerated >= ago(endtime) \\r\\n | where RecordType == \\\"ExchangeAdmin\\\"\\r\\n | where UserType in (\\\"Admin\\\", \\\"DcAdmin\\\")) \\r\\n on UserId\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"0\",\"name\":\"Results85\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"fd74a8c1-4044-49f4-82de-b2653dc51d7c\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results86\",\"type\":1,\"query\":\"let starttime = {TimeRange:grain};\\r\\nlet endtime = 1d;\\r\\nlet historicalActivity=\\r\\n OfficeActivity\\r\\n | where RecordType == \\\"SharePointFileOperation\\\"\\r\\n | where Operation in (\\\"FileDownloaded\\\", \\\"FileUploaded\\\")\\r\\n | where TimeGenerated between(ago(starttime)..ago(endtime))\\r\\n | summarize historicalCount=count() by ClientIP;\\r\\nlet recentActivity = OfficeActivity\\r\\n | where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n | where RecordType == \\\"SharePointFileOperation\\\"\\r\\n | where Operation in (\\\"FileDownloaded\\\", \\\"FileUploaded\\\")\\r\\n | where TimeGenerated > ago(endtime);\\r\\nrecentActivity\\r\\n| join kind= leftanti (\\r\\n historicalActivity \\r\\n )\\r\\n on ClientIP \\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"0\",\"name\":\"Results86\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"b5149369-531f-4db9-b16d-ae6af2af2ce6\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results87\",\"type\":1,\"query\":\"let starttime = {TimeRange:grain};\\r\\nlet endtime = 1d;\\r\\nlet historicalActivity=\\r\\n OfficeActivity\\r\\n | where RecordType == \\\"SharePointFileOperation\\\"\\r\\n | where Operation in (\\\"FileDownloaded\\\", \\\"FileUploaded\\\")\\r\\n | where TimeGenerated between(ago(starttime)..ago(endtime))\\r\\n | summarize historicalCount=count() by UserAgent, RecordType;\\r\\nlet recentActivity = OfficeActivity\\r\\n | where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n | where RecordType == \\\"SharePointFileOperation\\\"\\r\\n | where Operation in (\\\"FileDownloaded\\\", \\\"FileUploaded\\\")\\r\\n | where TimeGenerated > ago(endtime);\\r\\nrecentActivity\\r\\n| join kind = leftanti (\\r\\n historicalActivity \\r\\n )\\r\\n on UserAgent, RecordType\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"0\",\"name\":\"Results87\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"64a696b7-19fc-4cd6-a0fb-6b8d943868dc\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results88\",\"type\":1,\"query\":\"OfficeActivity\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where Operation == \\\"MailboxLogin\\\" and Logon_Type != \\\"Owner\\\" \\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"0\",\"name\":\"Results88\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"57c00f66-6a47-4179-be44-c07b1f0f7ff1\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results89\",\"type\":1,\"query\":\"OfficeActivity\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where Operation == \\\"MailboxLogin\\\"\\r\\n| where ClientInfoString == \\\"Client=Microsoft.Exchange.Powershell; Microsoft WinRM Client\\\"\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"0\",\"name\":\"Results89\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"a6eb5e71-9e0f-46f7-891c-11ac8b8f03cd\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results90\",\"type\":1,\"query\":\"// Adjust this value to change how many Teams should be deleted before including\\r\\nlet max_delete = 3;\\r\\nlet deleting_users = (\\r\\n OfficeActivity\\r\\n | where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n | where OfficeWorkload =~ \\\"MicrosoftTeams\\\"\\r\\n | where Operation =~ \\\"TeamDeleted\\\"\\r\\n | summarize count() by UserId\\r\\n | where count_ > max_delete\\r\\n | project UserId);\\r\\nOfficeActivity\\r\\n| where OfficeWorkload =~ \\\"MicrosoftTeams\\\"\\r\\n| where Operation =~ \\\"TeamDeleted\\\"\\r\\n| where UserId in (deleting_users)\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"0\",\"name\":\"Results90\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"c9283cec-012f-4e89-917b-4ebfea0d4c9c\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results91\",\"type\":1,\"query\":\"let threshold = 1m;\\r\\nOfficeActivity\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where OfficeWorkload =~ \\\"MicrosoftTeams\\\"\\r\\n| where Operation == \\\"MemberAdded\\\"\\r\\n| extend TeamName = iff(isempty(TeamName), Members[0].UPN, TeamName)\\r\\n| project TimeGenerated, UserId, UploaderID=UserId, TeamName\\r\\n| join (\\r\\n OfficeActivity\\r\\n | where RecordType == \\\"SharePointFileOperation\\\"\\r\\n | where SourceRelativeUrl has \\\"Microsoft Teams Chat Files\\\"\\r\\n | where Operation == \\\"FileUploaded\\\"\\r\\n | project UserId, UploadTime=TimeGenerated, UploaderID=UserId, FileLocation=OfficeObjectId, FileName=SourceFileName\\r\\n )\\r\\n on UploaderID\\r\\n| where UploadTime > TimeGenerated and UploadTime < TimeGenerated + threshold\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"0\",\"name\":\"Results91\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"045e5099-2b58-4af1-8525-5620752bed66\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results92\",\"type\":1,\"query\":\"let known_ext = dynamic([\\\"lnk\\\", \\\"log\\\", \\\"option\\\", \\\"config\\\", \\\"manifest\\\", \\\"partial\\\"]);\\r\\nlet excluded_users = dynamic([\\\"app@sharepoint\\\"]);\\r\\nOfficeActivity\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where RecordType =~ \\\"SharePointFileOperation\\\" and isnotempty(SourceFileName)\\r\\n| where OfficeObjectId has \\\".exe.\\\" and SourceFileExtension !in~ (known_ext)\\r\\n| extend Extension = extract(\\\"[^.]*.[^.]*$\\\", 0, OfficeObjectId)\\r\\n| join kind= leftouter ( \\r\\n OfficeActivity\\r\\n | where RecordType =~ \\\"SharePointFileOperation\\\" and (Operation =~ \\\"FileDownloaded\\\" or Operation =~ \\\"FileAccessed\\\") \\r\\n | where SourceFileExtension !in~ (known_ext)\\r\\n )\\r\\n on OfficeObjectId \\r\\n| where UserId1 !in~ (excluded_users)\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"0\",\"name\":\"Results92\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"fb33950d-7f2b-4304-b688-9cb0e103f6dc\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results93\",\"type\":1,\"query\":\"OfficeActivity\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where OfficeWorkload == \\\"Exchange\\\"\\r\\n| where Operation in~ (\\\"New-TransportRule\\\", \\\"Set-TransportRule\\\")\\r\\n| extend p = parse_json(Parameters)\\r\\n| extend RuleName = case(\\r\\n Operation =~ \\\"Set-TransportRule\\\", tostring(OfficeObjectId),\\r\\n Operation =~ \\\"New-TransportRule\\\", tostring(p[1].Value),\\r\\n \\\"Unknown\\\"\\r\\n ) \\r\\n| mvexpand p\\r\\n| where (p.Name =~ \\\"BlindCopyTo\\\" or p.Name =~ \\\"RedirectMessageTo\\\") and isnotempty(p.Value)\\r\\n| extend RedirectTo = p.Value\\r\\n| extend ClientIPOnly = case( \\r\\n ClientIP has \\\".\\\" and ClientIP has \\\":\\\", tostring(split(ClientIP, \\\":\\\")[0]), \\r\\n ClientIP has \\\".\\\" and ClientIP has \\\"-\\\", tostring(split(ClientIP, \\\"-\\\")[0]), \\r\\n ClientIP has \\\"[\\\", tostring(trim_start(@'[[]', tostring(split(ClientIP, \\\"]\\\")[0]))),\\r\\n ClientIP\\r\\n ) \\r\\n| extend Port = case(\\r\\n ClientIP has \\\".\\\" and ClientIP has \\\":\\\", (split(ClientIP, \\\":\\\")[1]),\\r\\n ClientIP has \\\".\\\" and ClientIP has \\\"-\\\", (split(ClientIP, \\\"-\\\")[1]),\\r\\n ClientIP has \\\"[\\\" and ClientIP has \\\":\\\", tostring(split(ClientIP, \\\"]:\\\")[1]),\\r\\n ClientIP has \\\"[\\\" and ClientIP has \\\"-\\\", tostring(split(ClientIP, \\\"]-\\\")[1]),\\r\\n ClientIP\\r\\n )\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"0\",\"name\":\"Results93\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"dc33037c-0615-4f66-98b8-35e450068f1e\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results94\",\"type\":1,\"query\":\"// a threshold can be enabled, see commented line below for PrevSeenCount\\r\\nlet threshold = 1;\\r\\n// Reserved FileNames/Extension for Windows\\r\\nlet Reserved = dynamic(['CON', 'PRN', 'AUX', 'NUL', 'COM1', 'COM2', 'COM3', 'COM4', 'COM5', 'COM6', 'COM7', 'COM8', 'COM9', 'LPT1', 'LPT2', 'LPT3', 'LPT4', 'LPT5', 'LPT6', 'LPT7', 'LPT8', 'LPT9']);\\r\\nlet starttime = {TimeRange:grain};\\r\\nlet endtime = 1d;\\r\\nOfficeActivity\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where TimeGenerated >= ago(endtime)\\r\\n| where isnotempty(SourceFileExtension)\\r\\n| where SourceFileName !~ SourceFileExtension\\r\\n| where SourceFileExtension in~ (Reserved) or SourceFileName in~ (Reserved)\\r\\n| where UserAgent !has \\\"Mac OS\\\" \\r\\n| project TimeGenerated, OfficeId, OfficeWorkload, RecordType, Operation, UserType, UserKey, UserId, ClientIP, UserAgent, Site_Url, SourceRelativeUrl, SourceFileName, SourceFileExtension \\r\\n| join kind= leftanti (\\r\\n OfficeActivity\\r\\n | where TimeGenerated between (ago(starttime)..ago(endtime))\\r\\n | where isnotempty(SourceFileExtension)\\r\\n | where SourceFileName !~ SourceFileExtension\\r\\n | where SourceFileExtension in~ (Reserved) or SourceFileName in~ (Reserved)\\r\\n | where UserAgent !has \\\"Mac OS\\\" \\r\\n | summarize SourceRelativeUrl = make_set(SourceRelativeUrl), UserId = make_set(UserId), SourceFileName = make_set(SourceFileName), PrevSeenCount = count() by SourceFileExtension\\r\\n // To exclude previous matches when only above a specific count, change threshold above and uncomment the line below\\r\\n //| where PrevSeenCount > threshold\\r\\n | mvexpand SourceRelativeUrl, UserId, SourceFileName\\r\\n | extend SourceRelativeUrl = tostring(SourceRelativeUrl), UserId = tostring(UserId), SourceFileName = tostring(SourceFileName)\\r\\n )\\r\\n on SourceFileExtension\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"0\",\"name\":\"Results94\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"3d9de6bf-6bf9-42dd-9ed5-9e03ee5e48af\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results95\",\"type\":1,\"query\":\"OfficeActivity\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where (Operation =~ \\\"Set-Mailbox\\\" and Parameters contains 'ForwardingSmtpAddress') \\r\\n or (Operation =~ 'New-InboxRule' and Parameters contains 'ForwardTo')\\r\\n| extend parsed=parse_json(Parameters)\\r\\n| extend fwdingDestination_initial = (iif(Operation =~ \\\"Set-Mailbox\\\", tostring(parsed[1].Value), tostring(parsed[2].Value)))\\r\\n| where isnotempty(fwdingDestination_initial)\\r\\n| extend fwdingDestination = iff(fwdingDestination_initial has \\\"smtp\\\", (split(fwdingDestination_initial, \\\":\\\")[1]), fwdingDestination_initial)\\r\\n| parse fwdingDestination with * '@' ForwardedtoDomain \\r\\n| parse UserId with *'@' UserDomain\\r\\n| extend subDomain = ((split(strcat(tostring(split(UserDomain, '.')[-2]), '.', tostring(split(UserDomain, '.')[-1])), '.')[0]))\\r\\n| where ForwardedtoDomain !contains subDomain\\r\\n| extend Result = iff(ForwardedtoDomain != UserDomain, \\\"Mailbox rule created to forward to External Domain\\\", \\\"Forward rule for Internal domain\\\")\\r\\n| extend ClientIPAddress = case(ClientIP has \\\".\\\", tostring(split(ClientIP, \\\":\\\")[0]), ClientIP has \\\"[\\\", tostring(trim_start(@'[[]', tostring(split(ClientIP, \\\"]\\\")[0]))), ClientIP)\\r\\n| extend Port = case(\\r\\n ClientIP has \\\".\\\", (split(ClientIP, \\\":\\\")[1]),\\r\\n ClientIP has \\\"[\\\", tostring(split(ClientIP, \\\"]:\\\")[1]),\\r\\n ClientIP\\r\\n )\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"0\",\"name\":\"Results95\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"e3a6793b-d24b-4e69-922a-6bce21138d10\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results98\",\"type\":1,\"query\":\"// Adjust this value to change how many teams a user is made owner of before detecting\\r\\nlet max_owner_count = 3;\\r\\n// Change this value to adjust how larger timeframe the query is run over.\\r\\nlet high_owner_count = (OfficeActivity\\r\\n | where OfficeWorkload =~ \\\"MicrosoftTeams\\\"\\r\\n | where Operation =~ \\\"MemberRoleChanged\\\"\\r\\n | extend Member = tostring(parse_json(Members)[0].UPN) \\r\\n | extend NewRole = toint(parse_json(Members)[0].Role) \\r\\n | where NewRole == 2\\r\\n | summarize dcount(TeamName) by Member\\r\\n | where dcount_TeamName > max_owner_count\\r\\n | project Member);\\r\\nOfficeActivity\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where OfficeWorkload =~ \\\"MicrosoftTeams\\\"\\r\\n| where Operation =~ \\\"MemberRoleChanged\\\"\\r\\n| extend Member = tostring(parse_json(Members)[0].UPN) \\r\\n| extend NewRole = toint(parse_json(Members)[0].Role) \\r\\n| where NewRole == 2\\r\\n| where Member in (high_owner_count)\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"0\",\"name\":\"Results98\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"982af542-16a2-429f-9414-2de706b1daf8\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results99\",\"type\":1,\"query\":\"OfficeActivity\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where UserType in~ (\\\"Admin\\\",\\\"DcAdmin\\\") \\r\\n// Only admin or global-admin can disable audit logging\\r\\n| where Operation =~ \\\"Set-AdminAuditLogConfig\\\" \\r\\n| extend AdminAuditLogEnabledValue = tostring(parse_json(tostring(parse_json(tostring(array_slice(parse_json(Parameters),3,3)))[0])).Value)\\r\\n| where AdminAuditLogEnabledValue =~ \\\"False\\\" \\r\\n| summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated), OperationCount = count() by Operation, UserType, UserId, ClientIP, ResultStatus, Parameters, AdminAuditLogEnabledValue\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"0\",\"name\":\"Results99\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"c385b319-e2bb-48de-ac7b-2456aa884b60\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results100\",\"type\":1,\"query\":\"//Add Keywords for Emails as needed\\r\\nlet Keywords = dynamic([\\\"helpdesk\\\", \\\" alert\\\", \\\" suspicious\\\", \\\"fake\\\", \\\"malicious\\\", \\\"phishing\\\", \\\"spam\\\", \\\"do not click\\\", \\\"do not open\\\", \\\"hijacked\\\", \\\"Fatal\\\"]);\\r\\nOfficeActivity\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where Operation =~ \\\"New-InboxRule\\\"\\r\\n| where Parameters has \\\"Deleted Items\\\" or Parameters has \\\"Junk Email\\\" \\r\\n| extend Events=todynamic(Parameters)\\r\\n| parse Events with * \\\"SubjectContainsWords\\\" SubjectContainsWords '}'*\\r\\n| parse Events with * \\\"BodyContainsWords\\\" BodyContainsWords '}'*\\r\\n| parse Events with * \\\"SubjectOrBodyContainsWords\\\" SubjectOrBodyContainsWords '}'*\\r\\n| where SubjectContainsWords has_any (Keywords)\\r\\n or BodyContainsWords has_any (Keywords)\\r\\n or SubjectOrBodyContainsWords has_any (Keywords)\\r\\n| extend ClientIPAddress = case( ClientIP has \\\".\\\", tostring(split(ClientIP,\\\":\\\")[0]), ClientIP has \\\"[\\\", tostring(trim_start(@'[[]',tostring(split(ClientIP,\\\"]\\\")[0]))), ClientIP )\\r\\n| extend Keyword = iff(isnotempty(SubjectContainsWords), SubjectContainsWords, (iff(isnotempty(BodyContainsWords),BodyContainsWords,SubjectOrBodyContainsWords )))\\r\\n| extend RuleDetail = case(OfficeObjectId contains '/' , tostring(split(OfficeObjectId, '/')[-1]) , tostring(split(OfficeObjectId, '\\\\\\\\')[-1]))\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"10\",\"name\":\"Results100\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"776847fb-789e-45e6-a314-7cfed84e4f03\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results101\",\"type\":1,\"query\":\"let opList = OfficeActivity \\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| summarize by Operation\\r\\n//| where Operation startswith \\\"Remove-\\\" or Operation startswith \\\"Disable-\\\"\\r\\n| where Operation has_any (\\\"Remove\\\", \\\"Disable\\\")\\r\\n| where Operation contains \\\"AntiPhish\\\" or Operation contains \\\"SafeAttachment\\\" or Operation contains \\\"SafeLinks\\\" or Operation contains \\\"Dlp\\\" or Operation contains \\\"Audit\\\"\\r\\n| summarize make_set(Operation);\\r\\nOfficeActivity\\r\\n// Only admin or global-admin can disable/remove policy\\r\\n| where RecordType =~ \\\"ExchangeAdmin\\\"\\r\\n| where UserType in~ (\\\"Admin\\\",\\\"DcAdmin\\\")\\r\\n// Pass in interesting Operation list\\r\\n| where Operation in~ (opList)\\r\\n| extend ClientIPOnly = case( \\r\\nClientIP has \\\".\\\", tostring(split(ClientIP,\\\":\\\")[0]), \\r\\nClientIP has \\\"[\\\", tostring(trim_start(@'[[]',tostring(split(ClientIP,\\\"]\\\")[0]))),\\r\\nClientIP\\r\\n) \\r\\n| extend Port = case(\\r\\nClientIP has \\\".\\\", (split(ClientIP,\\\":\\\")[1]),\\r\\nClientIP has \\\"[\\\", tostring(split(ClientIP,\\\"]:\\\")[1]),\\r\\nClientIP\\r\\n)\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"25\",\"name\":\"Results101\",\"styleSettings\":{\"maxWidth\":\"25\"}},{\"type\":1,\"content\":{\"json\":\"# 📂 [Microsoft 365 Activity](https://docs.microsoft.com/azure/sentinel/connect-microsoft-365-defender)\\n---\\n\\nThis section monitors **user and administrator activities across Microsoft 365 services** such as Exchange, SharePoint, OneDrive, and Teams. It supports GDPR obligations for **integrity and confidentiality of personal data (Art. 5(1)(f))**, **records of processing activities (Art. 30)**, and **security of processing (Art. 32)** by ensuring that access and modifications to personal data are visible, traceable, and appropriately controlled. \\n\\nKey objectives of this section: \\n- Track **file activity actions** to identify how sensitive data is being accessed, shared, or modified \\n- Detect **risky behaviors** such as external sharing, non-owner mailbox access, or unusual PowerShell sign-ins \\n- Monitor for **policy tampering, malicious inbox rules, and Exchange audit log changes** that could undermine data protection \\n- Identify **unusual user behaviors in Teams and SharePoint**, including mass deletions, uploads, or operations from previously unseen devices or IPs \\n- Provide auditors with detailed evidence of **user actions, administrative changes, and protections applied to personal data** \\n\\nBy analyzing these metrics, analysts can validate that **personal data within Microsoft 365 is accessed and processed lawfully**, and that the organization maintains robust monitoring to detect misuse or unauthorized disclosures.\\n\"},\"customWidth\":\"40\",\"name\":\"text - 2\"},{\"type\":1,\"content\":{\"json\":\"\"},\"customWidth\":\"10\",\"name\":\"text - 56\"},{\"type\":1,\"content\":{\"json\":\"| Microsoft 365 Activity | - | - | \\r\\n|:--| :--| :--|\\r\\n| File Activity Actions | File Activity Actions over Time | Most Frequently Accessed Files |\\r\\n| File Transfer Activity by User Over Time | File activity by external users | Previously Unseen Exchange Admin Operations (Last 1 Day) |\\r\\n| SharePoint File Operations by Users from Previously Unseen IPs | SharePointFileOperation via Devices with Previously Unseen User Agents |Non-Owner Mailbox Login Activity |\\r\\n| PowerShell or Non-Browser Mailbox Sign-In Activity | Multiple Teams Deleted by a Single User | User Added to Team and Immediately Uploads File |\\r\\n|Executable with Double File Extension and Acces Summary |Mail Redirect via Exchange Transport Rules | Email Forwarding|\\r\\n| User Added as Owner of Multiple Teams | Exchange Audit Log Disabled | Malicious Inbox Rule: Removing Helpdesk/Security Warning Emails|\\r\\n|Office Policy Tampering |Windows Reserved Filenames Staged on Office File Services|\\r\\n\\r\\nPanels in this section are dynamically rendered based on the selected Subscription, Workspace, Time range and User. Only panels with data are shown.\\r\\n\"},\"customWidth\":\"40\",\"name\":\"SI OV\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"OfficeActivity\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where Operation contains \\\"file\\\"\\r\\n| extend Path = OfficeObjectId\\r\\n| summarize count() by UserId, Operation\\r\\n| sort by count_ desc\\r\\n| limit 100\",\"size\":0,\"showAnalytics\":true,\"title\":\"File Activity Actions\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"uninitialized\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"city_\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"state_\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\",\"text\":\"{0}{1}\"}]}}],\"filter\":true},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results80\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results80\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"OfficeActivity\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where Operation contains \\\"file\\\"\\r\\n| extend Path = OfficeObjectId\\r\\n| make-series count() default=0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step 1d by Operation\\r\\n| render timechart\\r\\n\",\"size\":0,\"showAnalytics\":true,\"title\":\"File Activity Actions over Time\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"city_\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"state_\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results80\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results80b\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"OfficeActivity\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where Operation contains \\\"file\\\"\\r\\n| summarize count() by UserId, SourceFileName, SourceFileExtension, OfficeObjectId \\r\\n| sort by count_ desc\\r\\n| limit 100\",\"size\":1,\"showAnalytics\":true,\"title\":\"Most Frequently Accessed Files\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"SourceFileName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"info\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeObjectId\",\"formatter\":7,\"formatOptions\":{\"linkTarget\":\"Url\"}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"city_\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"state_\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\",\"text\":\"{0}{1}\"}]}}],\"filter\":true},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results80\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results80d\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let startTime = {TimeRange:grain}; // Adjust as needed\\r\\nOfficeActivity\\r\\n| where TimeGenerated >= startTime\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where EventSource == \\\"SharePoint\\\" and OfficeWorkload has_any(\\\"SharePoint\\\", \\\"OneDrive\\\") and Operation has_any (\\\"FileDownloaded\\\", \\\"FileSyncDownloadedFull\\\", \\\"FileSyncUploadedFull\\\", \\\"FileUploaded\\\")\\r\\n| summarize UploadedFiles = count() by bin(TimeGenerated, 1h), UserId\\r\\n| order by TimeGenerated asc\\r\\n| render timechart\\r\\n\",\"size\":0,\"title\":\"File Transfer Activity by User Over Time\",\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results81\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"query - 47\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"OfficeActivity\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where ExternalAccess == \\\"True\\\"\\r\\n| summarize count() by UserId\\r\\n| sort by count_ desc\\r\\n| limit 100\",\"size\":0,\"showAnalytics\":true,\"title\":\"File activity by external users\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeWorkload\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}}],\"filter\":true},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results83\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results83\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:grain};\\r\\nlet endtime = 1d;\\r\\nlet historicalActivity=\\r\\n OfficeActivity\\r\\n | where TimeGenerated between(ago(starttime)..ago(endtime))\\r\\n | where RecordType == \\\"ExchangeAdmin\\\" \\r\\n | summarize historicalCount=count() by UserId;\\r\\nlet recentActivity = OfficeActivity\\r\\n | where UserId in ({UserPrincipalName})\\r\\n | where TimeGenerated > ago(endtime)\\r\\n | summarize recentCount=count() by UserId;\\r\\nrecentActivity\\r\\n| join kind = leftanti (\\r\\n historicalActivity\\r\\n )\\r\\n on UserId\\r\\n| project UserId, recentCount\\r\\n| order by recentCount asc, UserId\\r\\n| join kind = rightsemi \\r\\n (OfficeActivity \\r\\n | where TimeGenerated >= ago(endtime) \\r\\n | where RecordType == \\\"ExchangeAdmin\\\")\\r\\n on UserId\\r\\n| summarize StartTime = max(TimeGenerated), EndTime = min(TimeGenerated), count() by RecordType, Operation, UserType, UserId, OriginatingServer, ResultStatus\\r\\n| sort by count_ desc\\r\\n| take 100\",\"size\":0,\"showAnalytics\":true,\"title\":\"Previously Unseen Exchange Admin Operations (Last 1 Day)\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeWorkload\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}}],\"filter\":true},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results85\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results85\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:grain};\\r\\nlet endtime = 1d;\\r\\nlet historicalActivity=\\r\\n OfficeActivity\\r\\n | where RecordType == \\\"SharePointFileOperation\\\"\\r\\n | where Operation in (\\\"FileDownloaded\\\", \\\"FileUploaded\\\")\\r\\n | where TimeGenerated between(ago(starttime)..ago(endtime))\\r\\n | summarize historicalCount=count() by ClientIP;\\r\\nlet recentActivity = OfficeActivity\\r\\n | where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n | where RecordType == \\\"SharePointFileOperation\\\"\\r\\n | where Operation in (\\\"FileDownloaded\\\", \\\"FileUploaded\\\")\\r\\n | where TimeGenerated > ago(endtime);\\r\\nrecentActivity\\r\\n| join kind= leftanti (\\r\\n historicalActivity \\r\\n )\\r\\n on ClientIP \\r\\n| summarize count() by UserId, ClientIP\\r\\n| sort by count_ desc\\r\\n| take 100\",\"size\":0,\"showAnalytics\":true,\"title\":\"SharePoint File Operations by Users from Previously Unseen IPs\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeWorkload\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}}],\"filter\":true},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results86\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results86\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:grain};\\r\\nlet endtime = 1d;\\r\\nlet historicalActivity=\\r\\n OfficeActivity\\r\\n | where RecordType == \\\"SharePointFileOperation\\\"\\r\\n | where Operation in (\\\"FileDownloaded\\\", \\\"FileUploaded\\\")\\r\\n | where TimeGenerated between(ago(starttime)..ago(endtime))\\r\\n | summarize historicalCount=count() by UserAgent, RecordType;\\r\\nlet recentActivity = OfficeActivity\\r\\n | where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n | where RecordType == \\\"SharePointFileOperation\\\"\\r\\n | where Operation in (\\\"FileDownloaded\\\", \\\"FileUploaded\\\")\\r\\n | where TimeGenerated > ago(endtime);\\r\\nrecentActivity\\r\\n| join kind = leftanti (\\r\\n historicalActivity \\r\\n )\\r\\n on UserAgent, RecordType\\r\\n| summarize count() by UserId, UserAgent, RecordType\\r\\n| sort by count_ desc\\r\\n| take 100\",\"size\":0,\"showAnalytics\":true,\"title\":\"SharePointFileOperation via Devices with Previously Unseen User Agents\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeWorkload\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}}],\"filter\":true},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results87\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results87\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"OfficeActivity\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where Operation == \\\"MailboxLogin\\\" and Logon_Type != \\\"Owner\\\" \\r\\n| summarize count() by UserId\\r\\n| sort by count_ desc\\r\\n| take 100\",\"size\":0,\"showAnalytics\":true,\"title\":\"Non-Owner Mailbox Login Activity\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeWorkload\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results88\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results88\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"OfficeActivity\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where Operation == \\\"MailboxLogin\\\"\\r\\n| where ClientInfoString == \\\"Client=Microsoft.Exchange.Powershell; Microsoft WinRM Client\\\"\\r\\n| summarize count() by UserId\\r\\n| sort by count_ desc\\r\\n| take 100\",\"size\":0,\"showAnalytics\":true,\"title\":\"PowerShell or Non-Browser Mailbox Sign-In Activity\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeWorkload\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results89\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results89\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"// Adjust this value to change how many Teams should be deleted before including\\r\\nlet max_delete = 3;\\r\\nlet deleting_users = (\\r\\n OfficeActivity\\r\\n | where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n | where OfficeWorkload =~ \\\"MicrosoftTeams\\\"\\r\\n | where Operation =~ \\\"TeamDeleted\\\"\\r\\n | summarize count() by UserId\\r\\n | where count_ > max_delete\\r\\n | project UserId);\\r\\nOfficeActivity\\r\\n| where OfficeWorkload =~ \\\"MicrosoftTeams\\\"\\r\\n| where Operation =~ \\\"TeamDeleted\\\"\\r\\n| where UserId in (deleting_users)\\r\\n| summarize count() by UserId\\r\\n| sort by count_ desc\\r\\n| take 100\",\"size\":0,\"showAnalytics\":true,\"title\":\"Multiple Teams Deleted by a Single User\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeWorkload\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results90\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results90\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let threshold = 1m;\\r\\nOfficeActivity\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where OfficeWorkload =~ \\\"MicrosoftTeams\\\"\\r\\n| where Operation == \\\"MemberAdded\\\"\\r\\n| extend TeamName = iff(isempty(TeamName), Members[0].UPN, TeamName)\\r\\n| project TimeGenerated, UserId, UploaderID=UserId, TeamName\\r\\n| join (\\r\\n OfficeActivity\\r\\n | where RecordType == \\\"SharePointFileOperation\\\"\\r\\n | where SourceRelativeUrl has \\\"Microsoft Teams Chat Files\\\"\\r\\n | where Operation == \\\"FileUploaded\\\"\\r\\n | project UserId, UploadTime=TimeGenerated, UploaderID=UserId, FileLocation=OfficeObjectId, FileName=SourceFileName\\r\\n )\\r\\n on UploaderID\\r\\n| where UploadTime > TimeGenerated and UploadTime < TimeGenerated + threshold\\r\\n| summarize count() by UserId\\r\\n| sort by count_ desc\\r\\n| take 100\",\"size\":0,\"showAnalytics\":true,\"title\":\"User Added to Team and Immediately Uploads File\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeWorkload\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results91\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results91\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let known_ext = dynamic([\\\"lnk\\\", \\\"log\\\", \\\"option\\\", \\\"config\\\", \\\"manifest\\\", \\\"partial\\\"]);\\r\\nlet excluded_users = dynamic([\\\"app@sharepoint\\\"]);\\r\\nOfficeActivity\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where RecordType =~ \\\"SharePointFileOperation\\\" and isnotempty(SourceFileName)\\r\\n| where OfficeObjectId has \\\".exe.\\\" and SourceFileExtension !in~ (known_ext)\\r\\n| extend Extension = extract(\\\"[^.]*.[^.]*$\\\", 0, OfficeObjectId)\\r\\n| join kind= leftouter ( \\r\\n OfficeActivity\\r\\n | where RecordType =~ \\\"SharePointFileOperation\\\" and (Operation =~ \\\"FileDownloaded\\\" or Operation =~ \\\"FileAccessed\\\") \\r\\n | where SourceFileExtension !in~ (known_ext)\\r\\n )\\r\\n on OfficeObjectId \\r\\n| where UserId1 !in~ (excluded_users)\\r\\n| extend userBag = pack(UserId1, ClientIP1) \\r\\n| summarize makeset(UserId1), make_bag(userBag), Start=max(TimeGenerated), End=min(TimeGenerated) by UserId, OfficeObjectId, SourceFileName, Extension \\r\\n| extend NumberOfUsers = array_length(bag_keys(bag_userBag))\\r\\n| project UploadTime=Start, Uploader=UserId, FileLocation=OfficeObjectId, FileName=SourceFileName, AccessedBy=bag_userBag, Extension, NumberOfUsers\\r\\n| extend timestamp = UploadTime, Uploader\",\"size\":0,\"showAnalytics\":true,\"title\":\"Executable with Double File Extension and Acces Summary\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeWorkload\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results92\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results92\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"OfficeActivity\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where OfficeWorkload == \\\"Exchange\\\"\\r\\n| where Operation in~ (\\\"New-TransportRule\\\", \\\"Set-TransportRule\\\")\\r\\n| extend p = parse_json(Parameters)\\r\\n| extend RuleName = case(\\r\\n Operation =~ \\\"Set-TransportRule\\\", tostring(OfficeObjectId),\\r\\n Operation =~ \\\"New-TransportRule\\\", tostring(p[1].Value),\\r\\n \\\"Unknown\\\"\\r\\n ) \\r\\n| mvexpand p\\r\\n| where (p.Name =~ \\\"BlindCopyTo\\\" or p.Name =~ \\\"RedirectMessageTo\\\") and isnotempty(p.Value)\\r\\n| extend RedirectTo = p.Value\\r\\n| extend ClientIPOnly = case( \\r\\n ClientIP has \\\".\\\" and ClientIP has \\\":\\\", tostring(split(ClientIP, \\\":\\\")[0]), \\r\\n ClientIP has \\\".\\\" and ClientIP has \\\"-\\\", tostring(split(ClientIP, \\\"-\\\")[0]), \\r\\n ClientIP has \\\"[\\\", tostring(trim_start(@'[[]', tostring(split(ClientIP, \\\"]\\\")[0]))),\\r\\n ClientIP\\r\\n ) \\r\\n| extend Port = case(\\r\\n ClientIP has \\\".\\\" and ClientIP has \\\":\\\", (split(ClientIP, \\\":\\\")[1]),\\r\\n ClientIP has \\\".\\\" and ClientIP has \\\"-\\\", (split(ClientIP, \\\"-\\\")[1]),\\r\\n ClientIP has \\\"[\\\" and ClientIP has \\\":\\\", tostring(split(ClientIP, \\\"]:\\\")[1]),\\r\\n ClientIP has \\\"[\\\" and ClientIP has \\\"-\\\", tostring(split(ClientIP, \\\"]-\\\")[1]),\\r\\n ClientIP\\r\\n )\\r\\n| summarize count() by UserId\\r\\n| sort by count_ desc\\r\\n\",\"size\":0,\"showAnalytics\":true,\"title\":\"Mail Redirect via Exchange Transport Rules\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":4,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeWorkload\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}}],\"filter\":true},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results93\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results93\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"// a threshold can be enabled, see commented line below for PrevSeenCount\\r\\nlet threshold = 1;\\r\\n// Reserved FileNames/Extension for Windows\\r\\nlet Reserved = dynamic(['CON', 'PRN', 'AUX', 'NUL', 'COM1', 'COM2', 'COM3', 'COM4', 'COM5', 'COM6', 'COM7', 'COM8', 'COM9', 'LPT1', 'LPT2', 'LPT3', 'LPT4', 'LPT5', 'LPT6', 'LPT7', 'LPT8', 'LPT9']);\\r\\nlet starttime = {TimeRange:grain};\\r\\nlet endtime = 1d;\\r\\nOfficeActivity\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where TimeGenerated >= ago(endtime)\\r\\n| where isnotempty(SourceFileExtension)\\r\\n| where SourceFileName !~ SourceFileExtension\\r\\n| where SourceFileExtension in~ (Reserved) or SourceFileName in~ (Reserved)\\r\\n| where UserAgent !has \\\"Mac OS\\\" \\r\\n| project TimeGenerated, OfficeId, OfficeWorkload, RecordType, Operation, UserType, UserKey, UserId, ClientIP, UserAgent, Site_Url, SourceRelativeUrl, SourceFileName, SourceFileExtension \\r\\n| join kind= leftanti (\\r\\n OfficeActivity\\r\\n | where TimeGenerated between (ago(starttime)..ago(endtime))\\r\\n | where isnotempty(SourceFileExtension)\\r\\n | where SourceFileName !~ SourceFileExtension\\r\\n | where SourceFileExtension in~ (Reserved) or SourceFileName in~ (Reserved)\\r\\n | where UserAgent !has \\\"Mac OS\\\" \\r\\n | summarize SourceRelativeUrl = make_set(SourceRelativeUrl), UserId = make_set(UserId), SourceFileName = make_set(SourceFileName), PrevSeenCount = count() by SourceFileExtension\\r\\n // To exclude previous matches when only above a specific count, change threshold above and uncomment the line below\\r\\n //| where PrevSeenCount > threshold\\r\\n | mvexpand SourceRelativeUrl, UserId, SourceFileName\\r\\n | extend SourceRelativeUrl = tostring(SourceRelativeUrl), UserId = tostring(UserId), SourceFileName = tostring(SourceFileName)\\r\\n )\\r\\n on SourceFileExtension\\r\\n| extend SiteUrlUserFolder = tolower(split(Site_Url, '/')[-2])\\r\\n| extend UserIdUserFolderFormat = tolower(replace('@|\\\\\\\\.', '_', UserId))\\r\\n// identify when UserId is not a match to the specific site url personal folder reference\\r\\n| extend UserIdDiffThanUserFolder = iff(Site_Url has '/personal/' and SiteUrlUserFolder != UserIdUserFolderFormat, true, false) \\r\\n| summarize TimeGenerated = make_list(TimeGenerated), StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), Operations = make_list(Operation), UserAgents = make_list(UserAgent), \\r\\n OfficeIds = make_list(OfficeId), SourceRelativeUrls = make_list(SourceRelativeUrl), FileNames = make_list(SourceFileName)\\r\\n by OfficeWorkload, RecordType, UserType, UserKey, UserId, ClientIP, Site_Url, SourceFileExtension, SiteUrlUserFolder, UserIdUserFolderFormat, UserIdDiffThanUserFolder\",\"size\":0,\"showAnalytics\":true,\"title\":\"Windows Reserved Filenames Staged on Office File Services\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeWorkload\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results94\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results94\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"OfficeActivity\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where (Operation contains 'Forward') \\r\\n or (Parameters contains 'ForwardTo')\\r\\n| extend parsed=parse_json(Parameters)\\r\\n| extend fwdingDestination_initial = (iif(Operation =~ \\\"Set-Mailbox\\\", tostring(parsed[1].Value), tostring(parsed[2].Value)))\\r\\n| where isnotempty(fwdingDestination_initial)\\r\\n| extend fwdingDestination = iff(fwdingDestination_initial has \\\"smtp\\\", (split(fwdingDestination_initial, \\\":\\\")[1]), fwdingDestination_initial)\\r\\n| parse fwdingDestination with * '@' ForwardedtoDomain \\r\\n| parse UserId with *'@' UserDomain\\r\\n| extend subDomain = ((split(strcat(tostring(split(UserDomain, '.')[-2]), '.', tostring(split(UserDomain, '.')[-1])), '.')[0]))\\r\\n| where ForwardedtoDomain !contains subDomain\\r\\n| extend Result = iff(ForwardedtoDomain != UserDomain, \\\"Mailbox rule created to forward to External Domain\\\", \\\"Forward rule for Internal domain\\\")\\r\\n| extend ClientIPAddress = case(ClientIP has \\\".\\\", tostring(split(ClientIP, \\\":\\\")[0]), ClientIP has \\\"[\\\", tostring(trim_start(@'[[]', tostring(split(ClientIP, \\\"]\\\")[0]))), ClientIP)\\r\\n| extend Port = case(\\r\\n ClientIP has \\\".\\\", (split(ClientIP, \\\":\\\")[1]),\\r\\n ClientIP has \\\"[\\\", tostring(split(ClientIP, \\\"]:\\\")[1]),\\r\\n ClientIP\\r\\n )\\r\\n| summarize count() by UserId, fwdingDestination, TimeGenerated\\r\\n| sort by TimeGenerated desc\\r\\n| limit 100\",\"size\":0,\"showAnalytics\":true,\"title\":\"Email Forwarding\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"fwdingDestination\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"warning\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"orange\"}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeWorkload\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}}],\"filter\":true},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results95\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results95\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"// Adjust this value to change how many teams a user is made owner of before detecting\\r\\nlet max_owner_count = 3;\\r\\n// Change this value to adjust how larger timeframe the query is run over.\\r\\nlet high_owner_count = (OfficeActivity\\r\\n | where OfficeWorkload =~ \\\"MicrosoftTeams\\\"\\r\\n | where Operation =~ \\\"MemberRoleChanged\\\"\\r\\n | extend Member = tostring(parse_json(Members)[0].UPN) \\r\\n | extend NewRole = toint(parse_json(Members)[0].Role) \\r\\n | where NewRole == 2\\r\\n | summarize dcount(TeamName) by Member\\r\\n | where dcount_TeamName > max_owner_count\\r\\n | project Member);\\r\\nOfficeActivity\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where OfficeWorkload =~ \\\"MicrosoftTeams\\\"\\r\\n| where Operation =~ \\\"MemberRoleChanged\\\"\\r\\n| extend Member = tostring(parse_json(Members)[0].UPN) \\r\\n| extend NewRole = toint(parse_json(Members)[0].Role) \\r\\n| where NewRole == 2\\r\\n| where Member in (high_owner_count)\\r\\n| summarize count() by UserId\\r\\n| sort by count_ desc\",\"size\":0,\"showAnalytics\":true,\"title\":\"User Added as Owner of Multiple Teams\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeWorkload\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results98\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results98\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"OfficeActivity\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where UserType in~ (\\\"Admin\\\",\\\"DcAdmin\\\") \\r\\n// Only admin or global-admin can disable audit logging\\r\\n| where Operation =~ \\\"Set-AdminAuditLogConfig\\\" \\r\\n| extend AdminAuditLogEnabledValue = tostring(parse_json(tostring(parse_json(tostring(array_slice(parse_json(Parameters),3,3)))[0])).Value)\\r\\n| where AdminAuditLogEnabledValue =~ \\\"False\\\" \\r\\n| summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated), OperationCount = count() by Operation, UserType, UserId, ClientIP, ResultStatus, Parameters, AdminAuditLogEnabledValue\\r\\n| summarize count() by UserId\\r\\n| sort by count_ desc\",\"size\":0,\"showAnalytics\":true,\"title\":\"Exchange Audit Log Disabled\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeWorkload\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results99\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results99\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"//Add Keywords for Emails as needed\\r\\nlet Keywords = dynamic([\\\"helpdesk\\\", \\\" alert\\\", \\\" suspicious\\\", \\\"fake\\\", \\\"malicious\\\", \\\"phishing\\\", \\\"spam\\\", \\\"do not click\\\", \\\"do not open\\\", \\\"hijacked\\\", \\\"Fatal\\\"]);\\r\\nOfficeActivity\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| where Operation =~ \\\"New-InboxRule\\\"\\r\\n| where Parameters has \\\"Deleted Items\\\" or Parameters has \\\"Junk Email\\\" \\r\\n| extend Events=todynamic(Parameters)\\r\\n| parse Events with * \\\"SubjectContainsWords\\\" SubjectContainsWords '}'*\\r\\n| parse Events with * \\\"BodyContainsWords\\\" BodyContainsWords '}'*\\r\\n| parse Events with * \\\"SubjectOrBodyContainsWords\\\" SubjectOrBodyContainsWords '}'*\\r\\n| where SubjectContainsWords has_any (Keywords)\\r\\n or BodyContainsWords has_any (Keywords)\\r\\n or SubjectOrBodyContainsWords has_any (Keywords)\\r\\n| extend ClientIPAddress = case( ClientIP has \\\".\\\", tostring(split(ClientIP,\\\":\\\")[0]), ClientIP has \\\"[\\\", tostring(trim_start(@'[[]',tostring(split(ClientIP,\\\"]\\\")[0]))), ClientIP )\\r\\n| extend Keyword = iff(isnotempty(SubjectContainsWords), SubjectContainsWords, (iff(isnotempty(BodyContainsWords),BodyContainsWords,SubjectOrBodyContainsWords )))\\r\\n| extend RuleDetail = case(OfficeObjectId contains '/' , tostring(split(OfficeObjectId, '/')[-1]) , tostring(split(OfficeObjectId, '\\\\\\\\')[-1]))\\r\\n| summarize count() by UserId\\r\\n| sort by count_ desc\",\"size\":0,\"showAnalytics\":true,\"title\":\"Malicious Inbox Rule: Removing Helpdesk/Security Warning Emails\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeWorkload\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results100\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results100\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let opList = OfficeActivity \\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| summarize by Operation\\r\\n//| where Operation startswith \\\"Remove-\\\" or Operation startswith \\\"Disable-\\\"\\r\\n| where Operation has_any (\\\"Remove\\\", \\\"Disable\\\")\\r\\n| where Operation contains \\\"AntiPhish\\\" or Operation contains \\\"SafeAttachment\\\" or Operation contains \\\"SafeLinks\\\" or Operation contains \\\"Dlp\\\" or Operation contains \\\"Audit\\\"\\r\\n| summarize make_set(Operation);\\r\\nOfficeActivity\\r\\n// Only admin or global-admin can disable/remove policy\\r\\n| where RecordType =~ \\\"ExchangeAdmin\\\"\\r\\n| where UserType in~ (\\\"Admin\\\",\\\"DcAdmin\\\")\\r\\n// Pass in interesting Operation list\\r\\n| where Operation in~ (opList)\\r\\n| extend ClientIPOnly = case( \\r\\nClientIP has \\\".\\\", tostring(split(ClientIP,\\\":\\\")[0]), \\r\\nClientIP has \\\"[\\\", tostring(trim_start(@'[[]',tostring(split(ClientIP,\\\"]\\\")[0]))),\\r\\nClientIP\\r\\n) \\r\\n| extend Port = case(\\r\\nClientIP has \\\".\\\", (split(ClientIP,\\\":\\\")[1]),\\r\\nClientIP has \\\"[\\\", tostring(split(ClientIP,\\\"]:\\\")[1]),\\r\\nClientIP\\r\\n)\\r\\n| summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated), OperationCount = count() by Operation, UserType, UserId, ClientIP = ClientIPOnly, Port, ResultStatus, Parameters\\r\\n| summarize count() by UserId\\r\\n| sort by count_ desc\",\"size\":0,\"showAnalytics\":true,\"title\":\"Office Policy Tampering\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeWorkload\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results101\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results101\",\"styleSettings\":{\"maxWidth\":\"50\"}}]},\"conditionalVisibility\":{\"parameterName\":\"isM365ActivityVisible\",\"comparison\":\"isEqualTo\",\"value\":\"true\"},\"name\":\"Office Activity Group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"7afa304d-b448-4d6c-8c54-69e51a7249a9\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results46\",\"type\":1,\"query\":\"SigninLogs\\r\\n| where Location <> \\\"\\\"\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results46\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"e7de4575-c167-4818-8820-ec17513a02b2\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results47\",\"type\":1,\"query\":\"let nonInteractive = AADNonInteractiveUserSignInLogs\\r\\n| extend LocationDetails = parse_json(LocationDetails)\\r\\n| extend Status = parse_json(Status);\\r\\nlet data = \\r\\nunion SigninLogs,nonInteractive\\r\\n|extend errorCode = Status.errorCode\\r\\n|extend SigninStatus = case(errorCode == 0, \\\"Success\\\", errorCode == 50058, \\\"Pending user action\\\",errorCode == 50140, \\\"Pending user action\\\", errorCode == 51006, \\\"Pending user action\\\", errorCode == 50059, \\\"Pending user action\\\",errorCode == 65001, \\\"Pending user action\\\", errorCode == 52004, \\\"Pending user action\\\", errorCode == 50055, \\\"Pending user action\\\", errorCode == 50144, \\\"Pending user action\\\", errorCode == 50072, \\\"Pending user action\\\", errorCode == 50074, \\\"Pending user action\\\", errorCode == 16000, \\\"Pending user action\\\", errorCode == 16001, \\\"Pending user action\\\", errorCode == 16003, \\\"Pending user action\\\", errorCode == 50127, \\\"Pending user action\\\", errorCode == 50125, \\\"Pending user action\\\", errorCode == 50129, \\\"Pending user action\\\", errorCode == 50143, \\\"Pending user action\\\", errorCode == 81010, \\\"Pending user action\\\", errorCode == 81014, \\\"Pending user action\\\", errorCode == 81012 ,\\\"Pending user action\\\", \\\"Failure\\\");\\r\\ndata\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| where IsInteractive == true\\r\\n| summarize Count = count() by SigninStatus\\r\\n| join kind = fullouter (datatable(SigninStatus:string)['Success', 'Pending action (Interrupts)', 'Failure']) on SigninStatus\\r\\n| project SigninStatus = iff(SigninStatus == '', SigninStatus1, SigninStatus), Count = iff(SigninStatus == '', 0, Count)\\r\\n| join kind = inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by SigninStatus)\\r\\n on SigninStatus\\r\\n| project-away SigninStatus1, TimeGenerated\\r\\n| extend Status = SigninStatus\\r\\n| union (\\r\\n data \\r\\n | summarize Count = count()\\r\\n | extend jkey = 1\\r\\n | join kind=inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\\r\\n | extend jkey = 1) on jkey\\r\\n | extend SigninStatus = 'All Sign-ins', Status = '*' \\r\\n)\\r\\n| where SigninStatus <> \\\"All Sign-ins\\\"\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results47\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"e62c1567-e61e-4acd-9731-d6a2c59bf3a0\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results48\",\"type\":1,\"query\":\"SigninLogs\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| where ResultType == 0 and AppDisplayName != \\\"\\\"\\r\\n| summarize count() by AppDisplayName\\r\\n| join (\\r\\nSigninLogs\\r\\n| make-series TrendList = count() on TimeGenerated in range({TimeRange:start}, {TimeRange:end}, 4h) by AppDisplayName \\r\\n) on AppDisplayName\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results48\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"48559d4f-7025-4580-b316-2134c07b7ad7\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results49\",\"type\":1,\"query\":\"SigninLogs\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| where IsInteractive == true\\r\\n| extend city_ = tostring(LocationDetails.city)\\r\\n| extend state_ = tostring(LocationDetails.state)\\r\\n| where state_ <> \\\"\\\"\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results49\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"88a39c54-0e1f-4f7f-b7f7-a3e798a26b4e\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results51\",\"type\":1,\"query\":\"SigninLogs\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results51\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"08ed6d78-dbc0-4d10-84da-e37fae50ba4e\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results52\",\"type\":1,\"query\":\"SigninLogs\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| extend browser_ = tostring(DeviceDetail.browser)\\r\\n| extend operatingSystem_ = tostring(DeviceDetail.operatingSystem)\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results52\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"66899fa7-9a59-4fee-882c-3d182a726a49\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results53\",\"type\":1,\"query\":\"SigninLogs\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n// Forces Log Analytics to recognize that the query should be run over full time range\\r\\n| extend locationString= strcat(tostring(LocationDetails[\\\"countryOrRegion\\\"]), \\\"/\\\", \\r\\n tostring(LocationDetails[\\\"state\\\"]), \\\"/\\\", tostring(LocationDetails[\\\"city\\\"]), \\\";\\\") \\r\\n| project TimeGenerated, AppDisplayName, UserPrincipalName, locationString \\r\\n// Create time series \\r\\n| make-series dLocationCount = dcount(locationString)\\r\\n on TimeGenerated\\r\\n step 1d\\r\\n by UserPrincipalName, AppDisplayName \\r\\n// Compute best fit line for each entry \\r\\n| extend (RSquare, Slope, Variance, RVariance, Interception, LineFit) = series_fit_line(dLocationCount) \\r\\n// Chart the 3 most interesting lines \\r\\n// A 0-value slope corresponds to an account being completely stable over time for a given Azure Active Directory application\\r\\n| where UserPrincipalName in ({UserPrincipalName})\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results53\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"82dfffd6-7e78-4412-a69b-5d3d096a4e94\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results54\",\"type\":1,\"query\":\"SigninLogs\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n// 50126 - Invalid username or password, or invalid on-premises username or password.\\r\\n// 50020? - The user doesn't exist in the tenant.\\r\\n| where ResultType in (\\\"50126\\\", \\\"50020\\\")\\r\\n| extend OS = DeviceDetail.operatingSystem, Browser = DeviceDetail.browser\\r\\n| extend StatusCode = tostring(Status.errorCode), StatusDetails = tostring(Status.additionalDetails)\\r\\n| extend State = tostring(LocationDetails.state), City = tostring(LocationDetails.city)\\r\\n| summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), IPAddresses = makeset(IPAddress), DistinctIPCount = dcount(IPAddress), \\r\\n makeset(OS), makeset(Browser), makeset(City), AttemptCount = count() \\r\\n by UserDisplayName, UserPrincipalName, AppDisplayName, ResultType, ResultDescription, StatusCode, StatusDetails, Location, State\\r\\n| where UserPrincipalName in ({UserPrincipalName})\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results54\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"3b974333-5ea4-4a64-9067-0d206e3d91fd\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results55\",\"type\":1,\"query\":\"let failureCountThreshold = 5;\\r\\nlet successCountThreshold = 1;\\r\\nlet authenticationWindow = 20m;\\r\\nlet aadFunc = (tableName: string) {\\r\\n table(tableName)\\r\\n | where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n | extend DeviceDetail = todynamic(DeviceDetail), Status = todynamic(DeviceDetail), LocationDetails = todynamic(LocationDetails)\\r\\n | extend OS = DeviceDetail.operatingSystem, Browser = DeviceDetail.browser\\r\\n | extend StatusCode = tostring(Status.errorCode), StatusDetails = tostring(Status.additionalDetails)\\r\\n | extend State = tostring(LocationDetails.state), City = tostring(LocationDetails.city), Region = tostring(LocationDetails.countryOrRegion)\\r\\n // Split out failure versus non-failure types\\r\\n | extend FailureOrSuccess = iff(ResultType in (\\\"0\\\", \\\"50125\\\", \\\"50140\\\", \\\"70043\\\", \\\"70044\\\"), \\\"Success\\\", \\\"Failure\\\")\\r\\n | summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), IPAddress = make_set(IPAddress), make_set(OS), make_set(Browser), make_set(City),\\r\\n make_set(State), make_set(Region), make_set(ResultType), FailureCount = countif(FailureOrSuccess == \\\"Failure\\\"), SuccessCount = countif(FailureOrSuccess == \\\"Success\\\") \\r\\n by bin(TimeGenerated, authenticationWindow), UserDisplayName, UserPrincipalName, AppDisplayName, Type\\r\\n | where FailureCount >= failureCountThreshold and SuccessCount >= successCountThreshold\\r\\n | mvexpand IPAddress\\r\\n | extend IPAddress = tostring(IPAddress)\\r\\n };\\r\\nlet aadSignin = aadFunc(\\\"SigninLogs\\\");\\r\\nlet aadNonInt = aadFunc(\\\"AADNonInteractiveUserSignInLogs\\\");\\r\\nunion isfuzzy=true aadSignin, aadNonInt\\r\\n| where UserPrincipalName in ({UserPrincipalName})\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results55\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"6ae59cc4-9e9a-4392-b946-89e77025f3b3\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results56\",\"type\":1,\"query\":\"let timeFrame = {TimeRange:grain};\\r\\nlet logonDiff = 1m;\\r\\nlet Success = SigninLogs \\r\\n | where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n | where TimeGenerated >= timeFrame \\r\\n | where ResultType == \\\"0\\\" \\r\\n | where AppDisplayName !in (\\\"Office 365 Exchange Online\\\", \\\"Skype for Business Online\\\", \\\"Office 365 SharePoint Online\\\")\\r\\n | project SuccessLogonTime = TimeGenerated, UserPrincipalName, IPAddress, SuccessAppDisplayName = AppDisplayName;\\r\\nlet Fail = SigninLogs \\r\\n | where TimeGenerated >= timeFrame \\r\\n | where ResultType !in (\\\"0\\\", \\\"50140\\\") \\r\\n | where ResultDescription !~ \\\"Other\\\" \\r\\n | where AppDisplayName !in (\\\"Office 365 Exchange Online\\\", \\\"Skype for Business Online\\\", \\\"Office 365 SharePoint Online\\\")\\r\\n | project FailedLogonTime = TimeGenerated, UserPrincipalName, IPAddress, FailedAppDisplayName = AppDisplayName, ResultType, ResultDescription;\\r\\nlet InitialDataSet = \\r\\n Success\\r\\n | join kind= inner (\\r\\n Fail\\r\\n )\\r\\n on UserPrincipalName, IPAddress \\r\\n | where isnotempty(FailedAppDisplayName)\\r\\n | where SuccessLogonTime < FailedLogonTime and FailedLogonTime - SuccessLogonTime <= logonDiff and SuccessAppDisplayName != FailedAppDisplayName;\\r\\nlet InitialHits = \\r\\n InitialDataSet\\r\\n | summarize FailedLogonTime = min(FailedLogonTime), SuccessLogonTime = min(SuccessLogonTime) \\r\\n by UserPrincipalName, SuccessAppDisplayName, FailedAppDisplayName, IPAddress, ResultType, ResultDescription;\\r\\n// Only take hits where there is 5 or less distinct AppDisplayNames on the success side as this limits highly active applications where failures occur more regularly\\r\\nlet Distribution =\\r\\n InitialDataSet\\r\\n | summarize count(SuccessAppDisplayName) by SuccessAppDisplayName, ResultType\\r\\n | where count_SuccessAppDisplayName <= 5;\\r\\nInitialHits\\r\\n| join (\\r\\n Distribution \\r\\n )\\r\\n on SuccessAppDisplayName, ResultType\\r\\n| project UserPrincipalName, SuccessLogonTime, IPAddress, SuccessAppDisplayName, FailedLogonTime, FailedAppDisplayName, ResultType, ResultDescription \\r\\n| where UserPrincipalName in ({UserPrincipalName})\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"0\",\"name\":\"Results56\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"b297d67a-c87f-469d-b50a-df226179f729\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results57\",\"type\":1,\"query\":\"let signIns = SigninLogs\\r\\n | where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n | extend locationString= strcat(tostring(LocationDetails[\\\"countryOrRegion\\\"]), \\\"/\\\",\\r\\n tostring(LocationDetails[\\\"state\\\"]), \\\"/\\\", tostring(LocationDetails[\\\"city\\\"]))\\r\\n | where locationString != \\\"//\\\" \\r\\n // filter out signins associated with top 100 signin locations \\r\\n | join kind=anti (\\r\\n SigninLogs\\r\\n | extend locationString= strcat(tostring(LocationDetails[\\\"countryOrRegion\\\"]), \\\"/\\\", \\r\\n tostring(LocationDetails[\\\"state\\\"]), \\\"/\\\", tostring(LocationDetails[\\\"city\\\"]))\\r\\n | where locationString != \\\"//\\\"\\r\\n | summarize count() by locationString\\r\\n | order by count_ desc\\r\\n | take 100)\\r\\n on locationString; // TODO - make this threshold percentage-based\\r\\n// We will perform a time window join to identify signins from multiple locations within a 10-minute period\\r\\nlet lookupWindow = 10m;\\r\\nlet lookupBin = lookupWindow / 2.0; // lookup bin = equal to 1/2 of the lookup window\\r\\nsignIns \\r\\n| project-rename Start=TimeGenerated \\r\\n| extend TimeKey = bin(Start, lookupBin)\\r\\n| join kind = inner (\\r\\n signIns \\r\\n | project-rename End=TimeGenerated, EndLocationString=locationString \\r\\n // TimeKey on the right side of the join - emulates this authentication appearing several times\\r\\n | extend TimeKey = range(bin(End - lookupWindow, lookupBin),\\r\\n bin(End, lookupBin), lookupBin)\\r\\n | mvexpand TimeKey to typeof(datetime) // translate TimeKey arrange range to a column\\r\\n )\\r\\n on Identity, TimeKey\\r\\n| where End > Start\\r\\n| project timeSpan = End - Start, Identity, locationString, EndLocationString, tostring(Start), tostring(End), UserPrincipalName\\r\\n| where locationString != EndLocationString\\r\\n| summarize by timeSpan, Identity, locationString, EndLocationString, Start, End, UserPrincipalName\\r\\n| where UserPrincipalName in ({UserPrincipalName})\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results57\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"909d0019-23cb-43ad-8285-9f1dca1cd1be\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results58\",\"type\":1,\"query\":\"let IP_Data = (externaldata(network: string)\\r\\n [@\\\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/VPS_Networks.csv\\\"] with (format=\\\"csv\\\"));\\r\\nSigninLogs\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| where ResultType == 0\\r\\n| extend additionalDetails = tostring(Status.additionalDetails)\\r\\n| evaluate ipv4_lookup(IP_Data, IPAddress, network, return_unmatched = false)\\r\\n| summarize make_set(additionalDetails), min(TimeGenerated), max(TimeGenerated) by IPAddress, UserPrincipalName\\r\\n// Uncomment the remaining lines to only see logons from VPS providers with token only logons.\\r\\n//| where array_length(set_additionalDetails) == 2\\r\\n//| where (set_additionalDetails[1] == \\\"MFA requirement satisfied by claim in the token\\\" and set_additionalDetails[0] == \\\"MFA requirement satisfied by claim provided by external provider\\\") or (set_additionalDetails[0] == \\\"MFA requirement satisfied by claim in the token\\\" and set_additionalDetails[1] == \\\"MFA requirement satisfied by claim provided by external provider\\\")\\r\\n| where UserPrincipalName in ({UserPrincipalName})\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Results58\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"d345cda2-03ae-4e98-a859-60e04b4f3750\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"blankspace\",\"type\":1,\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"parameters - 27\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# [Sign-Ins (Entra ID)](https://docs.microsoft.com/azure/active-directory/reports-monitoring/concept-sign-ins)\\n---\\n\\nThis section provides visibility into **user authentication events and access patterns**, supporting GDPR requirements for **integrity and confidentiality of personal data (Art. 5(1)(f))** and **security of processing (Art. 32)**. Monitoring sign-ins helps ensure that only authorized individuals access systems processing personal data, and that suspicious authentication activity is detected quickly. \\n\\nKey objectives of this section: \\n- Track **sign-ins by geolocation and over time** to spot unusual or high-risk access locations \\n- Monitor **failed sign-in attempts and brute-force activity** to identify potential account compromise \\n- Detect **anomalous patterns** such as cross-application anomalies, sign-in bursts, or VPN-based logins \\n- Review **application and client usage trends** to confirm that personal data is accessed only through approved channels \\n- Provide auditors with evidence of **access control enforcement and monitoring** \\n\\nBy analyzing these metrics, analysts can verify that **access to personal data is properly secured**, and that the enterprise maintains the ability to **detect, investigate, and remediate suspicious sign-in activity** in line with GDPR obligations.\\n\\n\\n\\n\"},\"name\":\"text - 2\"}]},\"customWidth\":\"40\",\"name\":\"group - 32\"},{\"type\":1,\"content\":{\"json\":\"\"},\"customWidth\":\"10\",\"name\":\"text - 29\"},{\"type\":1,\"content\":{\"json\":\"| Sign-Ins (Entra ID) | - | - |\\r\\n|:--| :--| :--| \\r\\n| Sign-Ins by Geolocation | Authentication Details | Sign-In Locations Over Time |\\r\\n| Sign-Ins Count By Application Name | Applications Access Count By Users | Client Application Count by Users |\\r\\n| Anomalous Sign-in & App Access | Entra ID Failed Sign-in Attempts | Entra ID Brute Force Sign-in Attempts |\\r\\n|Cross-App Sign-in Anomaly (Success then Failure) | Sign-In Burst From Multiple Locations | Sign-in From VPN |\\r\\n\\r\\nPanels in this section are dynamically rendered based on the selected Subscription, Workspace, Time range and User. Only panels with data are shown.\"},\"customWidth\":\"40\",\"name\":\"SI OV\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SigninLogs\\r\\n| where Location <> \\\"\\\"\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| extend latitude_ = tostring(parse_json(tostring(LocationDetails.geoCoordinates)).latitude)\\r\\n| extend longitude_ = tostring(parse_json(tostring(LocationDetails.geoCoordinates)).longitude)\\r\\n| extend city_ = tostring(LocationDetails.city)\\r\\n| project latitude_,longitude_,city_\",\"size\":3,\"showAnalytics\":true,\"title\":\"Sign-Ins by Geolocation\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"visualization\":\"map\",\"mapSettings\":{\"locInfo\":\"LatLong\",\"locInfoColumn\":\"Location\",\"latitude\":\"latitude_\",\"longitude\":\"longitude_\",\"sizeSettings\":\"city_\",\"sizeAggregation\":\"Count\",\"labelSettings\":\"city_\",\"legendMetric\":\"city_\",\"numberOfMetrics\":100,\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"state_\",\"colorAggregation\":\"Count\",\"type\":\"heatmap\",\"heatmapPalette\":\"coldHot\"}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results46\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results46\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let nonInteractive = AADNonInteractiveUserSignInLogs\\r\\n| extend LocationDetails = parse_json(LocationDetails)\\r\\n| extend Status = parse_json(Status);\\r\\nlet data = \\r\\nunion SigninLogs,nonInteractive\\r\\n|extend errorCode = toint(Status.errorCode)\\r\\n| extend SigninStatus = case(\\r\\n errorCode == 0, \\\"Success\\\",\\r\\n errorCode in (50055,50058,50072,50074,50125,50127,50129,50140,50143,50144,51006,52004,65001,16000,16001,16003,81010,81012,81014), \\\"Pending user action\\\",\\r\\n \\\"Failure\\\"\\r\\n);\\r\\ndata\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| where IsInteractive == true\\r\\n| summarize Count = count() by SigninStatus\\r\\n| join kind = fullouter (datatable(SigninStatus:string)['Success', 'Pending action (Interrupts)', 'Failure']) on SigninStatus\\r\\n| project SigninStatus = iff(SigninStatus == '', SigninStatus1, SigninStatus), Count = iff(SigninStatus == '', 0, Count)\\r\\n| join kind = inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by SigninStatus)\\r\\n on SigninStatus\\r\\n| project-away SigninStatus1, TimeGenerated\\r\\n| extend Status = SigninStatus\\r\\n| union (\\r\\n data \\r\\n | summarize Count = count()\\r\\n | extend jkey = 1\\r\\n | join kind=inner (data\\r\\n | make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\\r\\n | extend jkey = 1) on jkey\\r\\n | extend SigninStatus = 'All Sign-ins', Status = '*' \\r\\n)\\r\\n| where SigninStatus <> \\\"All Sign-ins\\\"\\r\\n\",\"size\":0,\"showAnalytics\":true,\"title\":\"Authentication Details\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"visualization\":\"tiles\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"User\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"info\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"Activities\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"LatLong\",\"locInfoColumn\":\"Location\",\"latitude\":\"latitude_\",\"longitude\":\"longitude_\",\"sizeSettings\":\"city_\",\"sizeAggregation\":\"Count\",\"labelSettings\":\"city_\",\"legendMetric\":\"city_\",\"numberOfMetrics\":100,\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"state_\",\"colorAggregation\":\"Count\",\"type\":\"heatmap\",\"heatmapPalette\":\"coldHot\"}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results47\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results47\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SigninLogs\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| where IsInteractive == true\\r\\n| extend city_ = tostring(LocationDetails.city)\\r\\n| extend state_ = tostring(LocationDetails.state)\\r\\n| where state_ <> \\\"\\\"\\r\\n| make-series count() default=0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step 1d by state_\\r\\n| render timechart\",\"size\":0,\"showAnalytics\":true,\"title\":\"Sign-In Locations Over Time\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"city_\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"state_\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"SigninStatus\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"blue\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"secondaryContent\":{\"columnMatch\":\"Trend\",\"formatter\":9,\"formatOptions\":{\"palette\":\"green\"}},\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"conditionalVisibility\":{\"parameterName\":\"Results49\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results49\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SigninLogs\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| where ResultType == 0 and AppDisplayName != \\\"\\\"\\r\\n| summarize count() by AppDisplayName\\r\\n| join (\\r\\nSigninLogs\\r\\n| make-series TrendList = count() on TimeGenerated in range({TimeRange:start}, {TimeRange:end}, 4h) by AppDisplayName \\r\\n) on AppDisplayName\\r\\n| top 10 by count_ desc\",\"size\":4,\"showAnalytics\":true,\"title\":\"Sign-Ins Count By Application Name\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"visualization\":\"tiles\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"User\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"info\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"Activities\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"AppDisplayName\",\"formatter\":1,\"formatOptions\":{\"showIcon\":true}},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\",\"showIcon\":true},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}},\"secondaryContent\":{\"columnMatch\":\"TrendList\",\"formatter\":9,\"formatOptions\":{\"showIcon\":true}},\"showBorder\":false},\"graphSettings\":{\"type\":0,\"topContent\":{\"columnMatch\":\"AppDisplayName\",\"formatter\":1},\"centerContent\":{\"columnMatch\":\"count_\",\"formatter\":1,\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"mapSettings\":{\"locInfo\":\"LatLong\",\"locInfoColumn\":\"Location\",\"latitude\":\"latitude_\",\"longitude\":\"longitude_\",\"sizeSettings\":\"city_\",\"sizeAggregation\":\"Count\",\"labelSettings\":\"city_\",\"legendMetric\":\"city_\",\"numberOfMetrics\":100,\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"state_\",\"colorAggregation\":\"Count\",\"type\":\"heatmap\",\"heatmapPalette\":\"coldHot\"}}},\"conditionalVisibility\":{\"parameterName\":\"Results48\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results48\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SigninLogs\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| summarize Count=count() by UserPrincipalName, AppDisplayName\\r\\n| sort by Count desc\\r\\n| limit 250\",\"size\":0,\"showAnalytics\":true,\"title\":\"Applications Access Count By Users\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"AppDisplayName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"trendup\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"IPAddress\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"uninitialized\",\"text\":\"{0}{1}\"}]}}],\"filter\":true},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results51\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results51\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SigninLogs\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| extend Browser = tostring(DeviceDetail.browser)\\r\\n| extend OperatingSystem = tostring(DeviceDetail.operatingSystem)\\r\\n| summarize Count=count() by UserPrincipalName, Browser, OperatingSystem\\r\\n| sort by Count desc\\r\\n| limit 250\\r\\n\\r\\n\",\"size\":0,\"showAnalytics\":true,\"title\":\"Client Application Count by Users\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"UserAgent\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"1\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ClientAppUsed\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"trenddown\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"AppDisplayName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"trendup\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"IPAddress\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"uninitialized\",\"text\":\"{0}{1}\"}]}}],\"filter\":true},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results52\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results52\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SigninLogs\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n// Forces Log Analytics to recognize that the query should be run over full time range\\r\\n| extend locationString= strcat(tostring(LocationDetails[\\\"countryOrRegion\\\"]), \\\"/\\\", \\r\\n tostring(LocationDetails[\\\"state\\\"]), \\\"/\\\", tostring(LocationDetails[\\\"city\\\"]), \\\";\\\") \\r\\n| project TimeGenerated, AppDisplayName, UserPrincipalName, locationString \\r\\n// Create time series \\r\\n| make-series dLocationCount = dcount(locationString)\\r\\n on TimeGenerated\\r\\n step 1d\\r\\n by UserPrincipalName, AppDisplayName \\r\\n// Compute best fit line for each entry \\r\\n| extend (RSquare, Slope, Variance, RVariance, Interception, LineFit) = series_fit_line(dLocationCount) \\r\\n// Filter for truly anomalous patterns:\\r\\n// - abs(Slope) > 0.5 → exclude stable users; keeps those with growing/shrinking location diversity\\r\\n// - Variance > 2 → exclude trivial fluctuations; ensures location counts are inconsistent\\r\\n// - RSquare > 0.5 → exclude poor fits; ensures the slope represents a real trend, not random noise\\r\\n| where abs(Slope) > 0.5 and Variance > 2 and RSquare > 0.5\\r\\n| project UserPrincipalName, AppDisplayName, Slope, Variance, RSquare\\r\\n| order by abs(Slope) desc\\r\\n| limit 50\",\"size\":0,\"showAnalytics\":true,\"title\":\"Anomalous Sign-in Location by User Account and Authenticating Application\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"orange\"}},{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeWorkload\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}}],\"filter\":true},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results53\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results53\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SigninLogs\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n// 50126 - Invalid username or password, or invalid on-premises username or password.\\r\\n// 50020 - The user doesn't exist in the tenant.\\r\\n// 50076 → MFA required but not satisfied\\r\\n// 50053 → Account locked due to repeated sign-in attempts\\r\\n| where ResultType in (\\\"50126\\\", \\\"50020\\\", \\\"50076\\\", \\\"50053\\\")\\r\\n| summarize Count=count() by UserPrincipalName, AppDisplayName\\r\\n| sort by Count desc\\r\\n| limit 250\",\"size\":0,\"showAnalytics\":true,\"title\":\"Entra ID Failed Sign-in Attempts\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"orange\"}},{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeWorkload\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}}],\"filter\":true},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results54\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results54\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let failureCountThreshold = 5;\\r\\nlet successCountThreshold = 1;\\r\\nlet authenticationWindow = 20m;\\r\\nlet aadFunc = (tableName: string) {\\r\\n table(tableName)\\r\\n | where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n | extend DeviceDetail = todynamic(DeviceDetail), Status = todynamic(DeviceDetail), LocationDetails = todynamic(LocationDetails)\\r\\n | extend OS = DeviceDetail.operatingSystem, Browser = DeviceDetail.browser\\r\\n | extend StatusCode = tostring(Status.errorCode), StatusDetails = tostring(Status.additionalDetails)\\r\\n | extend State = tostring(LocationDetails.state), City = tostring(LocationDetails.city), Region = tostring(LocationDetails.countryOrRegion)\\r\\n // Split out failure versus non-failure types\\r\\n | extend FailureOrSuccess = iff(ResultType in (\\\"0\\\", \\\"50125\\\", \\\"50140\\\", \\\"70043\\\"), \\\"Success\\\", \\\"Failure\\\")\\r\\n | summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), IPAddress = make_set(IPAddress), make_set(OS), make_set(Browser), make_set(City),\\r\\n make_set(State), make_set(Region), make_set(ResultType), FailureCount = countif(FailureOrSuccess == \\\"Failure\\\"), SuccessCount = countif(FailureOrSuccess == \\\"Success\\\") \\r\\n by bin(TimeGenerated, authenticationWindow), UserDisplayName, UserPrincipalName, AppDisplayName, Type\\r\\n | where FailureCount >= failureCountThreshold and SuccessCount >= successCountThreshold\\r\\n | mvexpand IPAddress\\r\\n | extend IPAddress = tostring(IPAddress)\\r\\n };\\r\\nlet aadSignin = aadFunc(\\\"SigninLogs\\\");\\r\\nlet aadNonInt = aadFunc(\\\"AADNonInteractiveUserSignInLogs\\\");\\r\\nunion isfuzzy=true aadSignin, aadNonInt\\r\\n| summarize AttemptWindows = count(), TotalFailures = sum(FailureCount), TotalSuccesses = sum(SuccessCount) by UserPrincipalName, AppDisplayName\\r\\n| order by AttemptWindows desc\\r\\n| limit 250\",\"size\":0,\"showAnalytics\":true,\"title\":\"Entra ID Brute Force Sign-in Attempts\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"orange\"}},{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeWorkload\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}}],\"filter\":true},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results55\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results55\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let timeFrame = {TimeRange:grain};\\r\\nlet logonDiff = 1m;\\r\\nlet Success = SigninLogs \\r\\n | where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n | where TimeGenerated >= timeFrame \\r\\n | where ResultType == \\\"0\\\" \\r\\n | where AppDisplayName !in (\\\"Office 365 Exchange Online\\\", \\\"Skype for Business Online\\\", \\\"Office 365 SharePoint Online\\\")\\r\\n | project SuccessLogonTime = TimeGenerated, UserPrincipalName, IPAddress, SuccessAppDisplayName = AppDisplayName;\\r\\nlet Fail = SigninLogs \\r\\n | where TimeGenerated >= timeFrame \\r\\n | where ResultType !in (\\\"0\\\", \\\"50140\\\") \\r\\n | where ResultDescription !~ \\\"Other\\\" \\r\\n | where AppDisplayName !in (\\\"Office 365 Exchange Online\\\", \\\"Skype for Business Online\\\", \\\"Office 365 SharePoint Online\\\")\\r\\n | project FailedLogonTime = TimeGenerated, UserPrincipalName, IPAddress, FailedAppDisplayName = AppDisplayName, ResultType, ResultDescription;\\r\\nlet InitialDataSet = \\r\\n Success\\r\\n | join kind= inner (\\r\\n Fail\\r\\n )\\r\\n on UserPrincipalName, IPAddress \\r\\n | where isnotempty(FailedAppDisplayName)\\r\\n | where SuccessLogonTime < FailedLogonTime and FailedLogonTime - SuccessLogonTime <= logonDiff and SuccessAppDisplayName != FailedAppDisplayName;\\r\\nlet InitialHits = \\r\\n InitialDataSet\\r\\n | summarize FailedLogonTime = min(FailedLogonTime), SuccessLogonTime = min(SuccessLogonTime) \\r\\n by UserPrincipalName, SuccessAppDisplayName, FailedAppDisplayName, IPAddress, ResultType, ResultDescription;\\r\\n// Only take hits where there is 5 or less distinct AppDisplayNames on the success side as this limits highly active applications where failures occur more regularly\\r\\nlet Distribution =\\r\\n InitialDataSet\\r\\n | summarize count(SuccessAppDisplayName) by SuccessAppDisplayName, ResultType\\r\\n | where count_SuccessAppDisplayName <= 5;\\r\\nInitialHits\\r\\n| join (\\r\\n Distribution \\r\\n )\\r\\n on SuccessAppDisplayName, ResultType\\r\\n| project UserPrincipalName, SuccessLogonTime, IPAddress, SuccessAppDisplayName, FailedLogonTime, FailedAppDisplayName, ResultType, ResultDescription \\r\\n| where UserPrincipalName in ({UserPrincipalName})\\r\\n| summarize count() by UserPrincipalName, SuccessAppDisplayName, FailedAppDisplayName\\r\\n| sort by count_ desc\\r\\n| limit 250\\r\\n\",\"size\":0,\"showAnalytics\":true,\"title\":\"Cross-App Sign-in Anomaly (Success then Failure)\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"SuccessAppDisplayName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"success\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"FailedAppDisplayName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"failed\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"orange\"}},{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeWorkload\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}}],\"filter\":true},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results56\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results56\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let signIns = SigninLogs\\r\\n | where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n | extend locationString= strcat(tostring(LocationDetails[\\\"countryOrRegion\\\"]), \\\"/\\\",\\r\\n tostring(LocationDetails[\\\"state\\\"]), \\\"/\\\", tostring(LocationDetails[\\\"city\\\"]))\\r\\n | where locationString != \\\"//\\\" \\r\\n // filter out signins associated with top 100 signin locations \\r\\n | join kind=anti (\\r\\n SigninLogs\\r\\n | extend locationString= strcat(tostring(LocationDetails[\\\"countryOrRegion\\\"]), \\\"/\\\", \\r\\n tostring(LocationDetails[\\\"state\\\"]), \\\"/\\\", tostring(LocationDetails[\\\"city\\\"]))\\r\\n | where locationString != \\\"//\\\"\\r\\n | summarize count() by locationString\\r\\n | order by count_ desc\\r\\n | take 100)\\r\\n on locationString; // TODO - make this threshold percentage-based\\r\\n// We will perform a time window join to identify signins from multiple locations within a 10-minute period\\r\\nlet lookupWindow = 10m;\\r\\nlet lookupBin = lookupWindow / 2.0; // lookup bin = equal to 1/2 of the lookup window\\r\\nsignIns \\r\\n| project-rename Start=TimeGenerated \\r\\n| extend TimeKey = bin(Start, lookupBin)\\r\\n| join kind = inner (\\r\\n signIns \\r\\n | project-rename End=TimeGenerated, EndLocationString=locationString \\r\\n // TimeKey on the right side of the join - emulates this authentication appearing several times\\r\\n | extend TimeKey = range(bin(End - lookupWindow, lookupBin),\\r\\n bin(End, lookupBin), lookupBin)\\r\\n | mvexpand TimeKey to typeof(datetime) // translate TimeKey arrange range to a column\\r\\n )\\r\\n on Identity, TimeKey\\r\\n| where End > Start\\r\\n| project timeSpan = End - Start, Identity, locationString, EndLocationString, tostring(Start), tostring(End), UserPrincipalName\\r\\n| where locationString != EndLocationString\\r\\n| summarize by timeSpan, Identity, locationString, EndLocationString, Start, End, UserPrincipalName\\r\\n| where UserPrincipalName in ({UserPrincipalName})\\r\\n| summarize count() by UserPrincipalName, locationString, EndLocationString\\r\\n| sort by count_ desc\\r\\n| limit 250\\r\\n\",\"size\":0,\"showAnalytics\":true,\"title\":\"Sign-In Burst From Multiple Locations\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"orange\"}},{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeWorkload\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}}],\"filter\":true},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results57\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results57\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let IP_Data = (externaldata(network: string)\\r\\n [@\\\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/VPS_Networks.csv\\\"] with (format=\\\"csv\\\"));\\r\\nSigninLogs\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| where ResultType == 0\\r\\n| extend additionalDetails = tostring(Status.additionalDetails)\\r\\n| evaluate ipv4_lookup(IP_Data, IPAddress, network, return_unmatched = false)\\r\\n| summarize count() by UserPrincipalName, AppDisplayName, network\\r\\n| sort by count_ desc\\r\\n| limit 250\",\"size\":0,\"showAnalytics\":true,\"title\":\"Sign-Ins From VPNs\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"orange\"}},{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeWorkload\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}}],\"filter\":true},\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"Location\",\"latitude\":\"SourceIPLocation\",\"longitude\":\"SourceIPLocation\",\"sizeSettings\":\"Location\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"Location\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"Location\",\"colorAggregation\":\"Count\",\"type\":\"thresholds\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blueDark\"}]}}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results58\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results58\",\"styleSettings\":{\"maxWidth\":\"50\"}}]},\"conditionalVisibility\":{\"parameterName\":\"isSignInsVisible\",\"comparison\":\"isEqualTo\",\"value\":\"true\"},\"name\":\"Sign-Ins\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Audit Logs Group\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"658caef7-b6e6-4d04-92be-b7ff5cc8910e\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results103\",\"type\":1,\"query\":\"let action = dynamic([\\\"change \\\", \\\"changed \\\", \\\"reset \\\"]);\\r\\nlet pWord = dynamic([\\\"password \\\", \\\"credentials \\\"]);\\r\\n(union isfuzzy=true\\r\\n (SecurityEvent\\r\\n | where EventID in (4723, 4724)\\r\\n | summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated), ResultDescriptions = makeset(Activity), ActionCount = count() by Resource = Computer, OperationName = strcat(\\\"TargetAccount: \\\", TargetUserName), UserId = Account, Type\\r\\n ),\\r\\n (AuditLogs\\r\\n | where OperationName has_any (pWord) and OperationName has_any (action)\\r\\n | extend InitiatedBy = tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName) \\r\\n | extend TargetUserPrincipalName = tostring(TargetResources[0].userPrincipalName) \\r\\n | where ResultDescription != \\\"None\\\" \\r\\n | summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated), ResultDescriptions = makeset(ResultDescription), CorrelationIds = makeset(CorrelationId), ActionCount = count() by OperationName = strcat(Category, \\\" - \\\", OperationName, \\\" - \\\", Result), Resource, UserId = TargetUserPrincipalName, Type\\r\\n | extend ResultDescriptions = tostring(ResultDescriptions)\\r\\n ),\\r\\n (OfficeActivity\\r\\n | where (ExtendedProperties has_any (pWord) or ModifiedProperties has_any (pWord)) and (ExtendedProperties has_any (action) or ModifiedProperties has_any (action))\\r\\n | extend ResultDescriptions = case(\\r\\n OfficeWorkload =~ \\\"AzureActiveDirectory\\\", tostring(ExtendedProperties),\\r\\n OfficeWorkload has_any (\\\"Exchange\\\", \\\"OneDrive\\\"), OfficeObjectId,\\r\\n RecordType) \\r\\n | summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated), ResultDescriptions = makeset(ResultDescriptions), ActionCount = count() by Resource = OfficeWorkload, OperationName = strcat(Operation, \\\" - \\\", ResultStatus), IPAddress = ClientIP, UserId, Type\\r\\n ),\\r\\n (Syslog\\r\\n | where SyslogMessage has_any (pWord) and SyslogMessage has_any (action)\\r\\n | summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated), ResultDescriptions = makeset(SyslogMessage), ActionCount = count() by Resource = HostName, OperationName = Facility, IPAddress = HostIP, ProcessName, Type\\r\\n ),\\r\\n (SigninLogs\\r\\n | where OperationName =~ \\\"Sign-in activity\\\" and ResultType has_any (\\\"50125\\\", \\\"50133\\\")\\r\\n | summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated), ResultDescriptions = makeset(ResultDescription), CorrelationIds = makeset(CorrelationId), ActionCount = count() by Resource, OperationName = strcat(OperationName, \\\" - \\\", ResultType), IPAddress, UserId = UserPrincipalName, Type\\r\\n )\\r\\n)\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"0\",\"name\":\"Results103\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"e3a0cfd9-ab9d-479d-b355-f3db4d09b084\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results104\",\"type\":1,\"query\":\"// Extend this list with items to search for\\r\\nlet keywords = dynamic([\\\"password\\\", \\\"pwd\\\", \\\"creds\\\", \\\"credentials\\\", \\\"secret\\\"]);\\r\\n// To exclude key phrases or tables to exclude add to these lists\\r\\nlet table_exclusions = dynamic([\\\"AuditLogs\\\", \\\"SigninLogs\\\", \\\"LAQueryLogs\\\", \\\"SecurityEvent\\\"]);\\r\\nlet keyword_exclusion = dynamic([\\\"reset user password\\\", \\\"change user password\\\"]);\\r\\nLAQueryLogs\\r\\n| where RequestClientApp != 'Sentinel-General'\\r\\n| extend querytext_lower = tolower(QueryText)\\r\\n| where querytext_lower has_any(keywords)\\r\\n| project TimeGenerated, AADEmail, QueryText, RequestClientApp, RequestTarget, ResponseCode, ResponseRowCount, ResponseDurationMs, CorrelationId\\r\\n| extend timestamp = TimeGenerated, UserPrincipalName = AADEmail\\r\\n| join kind=leftanti (LAQueryLogs\\r\\n | where RequestClientApp != 'Sentinel-General'\\r\\n | extend querytext_lower = tolower(QueryText)\\r\\n | where QueryText has_any(table_exclusions) or querytext_lower has_any(keyword_exclusion))\\r\\n on CorrelationId\\r\\n | where UserPrincipalName in ({UserPrincipalName})\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"0\",\"name\":\"Results104\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"4d0cfde6-5b30-4824-97bb-37487f260b0b\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results105\",\"type\":1,\"query\":\"let recentWindow = 1d; // Accounts that logged in recently\\r\\nlet historyWindow = 30d; // Look back period for prior logins\\r\\nlet newAccountWindow = 7d; // Exclude accounts created in last 7 days\\r\\n// Step 1: Recent successful logins\\r\\nlet recentLogins = SigninLogs\\r\\n| where TimeGenerated >= ago(recentWindow)\\r\\n| where ResultType == 0\\r\\n| summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), loginCountRecent = count() \\r\\n by UserPrincipalName, Identity;\\r\\n// Step 2: Exclude accounts that had successful logins in the historical period\\r\\nlet historicalLogins = SigninLogs\\r\\n| where TimeGenerated between (ago(historyWindow) .. ago(recentWindow))\\r\\n| where ResultType == 0\\r\\n| summarize by UserPrincipalName, Identity;\\r\\nlet dormantLogins = recentLogins\\r\\n| join kind=leftanti (historicalLogins) on UserPrincipalName;\\r\\n// Step 3: Exclude newly created accounts\\r\\nlet newAccounts = AuditLogs\\r\\n| where TimeGenerated >= ago(newAccountWindow)\\r\\n| where OperationName == \\\"Add user\\\"\\r\\n| extend NewUserPrincipalName = tolower(extractjson(\\\"$.userPrincipalName\\\", tostring(TargetResources[0]), typeof(string)));\\r\\ndormantLogins\\r\\n| join kind=leftanti (newAccounts) on $left.UserPrincipalName == $right.NewUserPrincipalName\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"0\",\"name\":\"Results105\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"4f1e1636-66f4-42ab-ba63-f0046df90e09\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results107\",\"type\":1,\"query\":\"let current = 1d;\\r\\nlet auditLookback = {TimeRange:grain};\\r\\nlet propertyIgnoreList = dynamic([\\\"TargetId.UserType\\\", \\\"StsRefreshTokensValidFrom\\\", \\\"LastDirSyncTime\\\", \\\"DeviceOSVersion\\\", \\\"CloudDeviceOSVersion\\\", \\\"DeviceObjectVersion\\\"]);\\r\\nlet AuditTrail = AuditLogs\\r\\n | where TimeGenerated >= ago(auditLookback) and TimeGenerated < ago(current)\\r\\n | where isnotempty(tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName))\\r\\n | extend InitiatedByUser = tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName)\\r\\n | extend InitiatedByIPAddress = tostring(parse_json(tostring(InitiatedBy.user)).ipAddress)\\r\\n | extend ModProps = TargetResources.[0].modifiedProperties\\r\\n | extend TargetUserPrincipalName = tolower(tostring(TargetResources.[0].userPrincipalName))\\r\\n | extend TargetResourceName = tolower(tostring(TargetResources.[0].displayName))\\r\\n | mv-expand ModProps\\r\\n | extend PropertyName = tostring(ModProps.displayName), newValue = tostring(parse_json(tostring(ModProps.newValue))[0])\\r\\n | where PropertyName !in~ (propertyIgnoreList) and (PropertyName !~ \\\"Action Client Name\\\" and newValue !~ \\\"DirectorySync\\\") and (PropertyName !~ \\\"Included Updated Properties\\\" and newValue !~ \\\"LastDirSyncTime\\\")\\r\\n | summarize count() by OperationName, InitiatedByUser, InitiatedByIPAddress, TargetUserPrincipalName, PropertyName, TargetResourceName;\\r\\nlet AccountMods = AuditLogs \\r\\n | where TimeGenerated >= ago(current)\\r\\n | where isnotempty(tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName))\\r\\n | extend InitiatedByUser = tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName)\\r\\n | extend InitiatedByIPAddress = tostring(parse_json(tostring(InitiatedBy.user)).ipAddress)\\r\\n | extend ModProps = TargetResources.[0].modifiedProperties\\r\\n | extend TargetUserPrincipalName = tolower(tostring(TargetResources.[0].userPrincipalName))\\r\\n | extend TargetResourceName = tolower(tostring(TargetResources.[0].displayName))\\r\\n | mv-expand ModProps\\r\\n | extend PropertyName = tostring(ModProps.displayName), newValue = tostring(parse_json(tostring(ModProps.newValue))[0])\\r\\n | where PropertyName !in~ (propertyIgnoreList) and (PropertyName !~ \\\"Action Client Name\\\" and newValue !~ \\\"DirectorySync\\\") and (PropertyName !~ \\\"Included Updated Properties\\\" and newValue !~ \\\"LastDirSyncTime\\\")\\r\\n | extend ModifiedProps = pack(\\\"PropertyName\\\", PropertyName, \\\"newValue\\\", newValue, \\\"Id\\\", Id, \\\"CorrelationId\\\", CorrelationId) \\r\\n | summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated), Activity = make_bag(ModifiedProps) by Type, InitiatedByUser, InitiatedByIPAddress, TargetUserPrincipalName, Category, OperationName, PropertyName, TargetResourceName;\\r\\nlet RareAudits = AccountMods\\r\\n | join kind= leftanti (\\r\\n AuditTrail \\r\\n )\\r\\n on OperationName, InitiatedByUser, InitiatedByIPAddress;//, TargetUserPrincipalName, PropertyName; //uncomment if you want to see Rare Property changes to a given TargetUserPrincipalName.\\r\\nRareAudits \\r\\n| summarize StartTime = min(StartTimeUtc), EndTime = max(EndTimeUtc), make_set(Activity), make_set(PropertyName) by Type, InitiatedByUser, InitiatedByIPAddress, OperationName, TargetUserPrincipalName, TargetResourceName\\r\\n| extend timestamp = StartTime, UserPrincipalName = InitiatedByUser, HostName = iff(set_PropertyName has_any ('DeviceOSType', 'CloudDeviceOSType'), TargetResourceName, '')\\r\\n| where UserPrincipalName in ({UserPrincipalName})\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"0\",\"name\":\"Results107\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"75c81ac6-d658-48ee-85b0-8bce3559128a\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results108\",\"type\":1,\"query\":\"let auditLookback = {TimeRange:grain};\\r\\n// Setting threshold to 3 as a default, change as needed. Any operation that has been initiated by a user or app more than 3 times in the past 30 days will be exluded\\r\\nlet threshold = 3;\\r\\n// Helper function to extract relevant fields from AuditLog events\\r\\nlet auditLogEvents = view (startTimeSpan: timespan) {\\r\\n AuditLogs\\r\\n | where TimeGenerated >= ago(auditLookback)\\r\\n | extend ModProps = TargetResources.[0].modifiedProperties\\r\\n | extend IpAddress = iff(isnotempty(tostring(parse_json(tostring(InitiatedBy.user)).ipAddress)), \\r\\n tostring(parse_json(tostring(InitiatedBy.user)).ipAddress), tostring(parse_json(tostring(InitiatedBy.app)).ipAddress))\\r\\n | extend InitiatedBy = iff(isnotempty(tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName)), \\r\\n tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName), tostring(parse_json(tostring(InitiatedBy.app)).displayName))\\r\\n | extend TargetResourceName = tolower(tostring(TargetResources.[0].displayName))\\r\\n | mvexpand ModProps\\r\\n | extend PropertyName = tostring(ModProps.displayName), newValue = replace('\\\\\\\"', \\\"\\\", tostring(ModProps.newValue));\\r\\n};\\r\\n// Get just the InitiatedBy and CorrleationId so we can look at associated audit activity\\r\\n// 2 other operations that can be part of malicious activity in this situation are \\r\\n// \\\"Add OAuth2PermissionGrant\\\" and \\\"Add service principal\\\", replace the below if you are interested in those as starting points for OperationName\\r\\nlet HistoricalConsent = auditLogEvents(auditLookback) \\r\\n | where OperationName == \\\"Consent to application\\\"\\r\\n | summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated), OperationCount = count() \\r\\n by Type, InitiatedBy, IpAddress, TargetResourceName, Category, OperationName, PropertyName, newValue, CorrelationId, Id\\r\\n// Remove comment below to only include operations initiated by a user or app that is above the threshold for the last 30 days\\r\\n//| where OperationCount > threshold\\r\\n;\\r\\nlet Correlate = HistoricalConsent \\r\\n | summarize by InitiatedBy, CorrelationId;\\r\\n// 2 other operations that can be part of malicious activity in this situation are \\r\\n// \\\"Add OAuth2PermissionGrant\\\" and \\\"Add service principal\\\", replace the below if you changed the starting OperationName above\\r\\nlet allOtherEvents = auditLogEvents(auditLookback) \\r\\n | where OperationName != \\\"Consent to application\\\";\\r\\n// Gather associated activity based on audit activity for \\\"Consent to application\\\" and InitiatedBy and CorrleationId\\r\\nlet CorrelatedEvents = Correlate \\r\\n | join allOtherEvents on InitiatedBy, CorrelationId\\r\\n | summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated) \\r\\n by Type, InitiatedBy, IpAddress, TargetResourceName, Category, OperationName, PropertyName, newValue, CorrelationId, Id\\r\\n;\\r\\n// Union the results\\r\\nlet Results = union isfuzzy=true HistoricalConsent, CorrelatedEvents;\\r\\n// newValues that are simple semi-colon separated, make those dynamic for easy viewing and Aggregate into the PropertyUpdate set based on CorrelationId and Id(DirectoryId)\\r\\nResults\\r\\n| extend newValue = split(newValue, \\\";\\\")\\r\\n| extend PropertyUpdate = pack(PropertyName, newValue, \\\"Id\\\", Id)\\r\\n// Extract scope requested\\r\\n| extend perms = tostring(parse_json(tostring(PropertyUpdate.[\\\"ConsentAction.Permissions\\\"]))[0])\\r\\n| extend scope = extract('Scope:\\\\\\\\s*([^,\\\\\\\\]]*)', 1, perms)\\r\\n// Filter out some common openid, and low privilege request scopes - uncomment line below to filter out where no scope is requested\\r\\n//| where isnotempty(scope)\\r\\n| where scope !contains 'openid' and scope !in ('user_impersonation', 'User.Read')\\r\\n| summarize StartTime = min(StartTimeUtc), EndTime = max(EndTimeUtc), PropertyUpdateSet = make_bag(PropertyUpdate), make_set(scope)\\r\\n by InitiatedBy, IpAddress, TargetResourceName, OperationName, CorrelationId\\r\\n| extend timestamp = StartTime, UserPrincipalName = InitiatedBy\\r\\n| where UserPrincipalName in ({UserPrincipalName})\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"0\",\"name\":\"Results108\",\"styleSettings\":{\"maxWidth\":\"0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"crossComponentResources\":[\"{Workspace}\"],\"parameters\":[{\"id\":\"d0f5e554-de83-438a-9c4a-be05649f8d1f\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Results112\",\"type\":1,\"isRequired\":true,\"query\":\"(union isfuzzy=true\\r\\n(\\r\\nAuditLogs\\r\\n| extend UserPrincipalName = tostring(InitiatedBy.user.userPrincipalName)\\r\\n| where OperationName =~ \\\"Set federation settings on domain\\\"\\r\\n//| where Result =~ \\\"success\\\" // commenting out, as it may be interesting to capture failed attempts\\r\\n| mv-expand TargetResources\\r\\n| extend modifiedProperties = parse_json(TargetResources).modifiedProperties\\r\\n| mv-expand modifiedProperties\\r\\n| extend targetDisplayName = tostring(parse_json(modifiedProperties).displayName)\\r\\n| mv-expand AdditionalDetails\\r\\n),\\r\\n(\\r\\nAuditLogs\\r\\n| where OperationName =~ \\\"Set domain authentication\\\"\\r\\n//| where Result =~ \\\"success\\\" // commenting out, as it may be interesting to capture failed attempts\\r\\n| mv-expand TargetResources\\r\\n| extend modifiedProperties = parse_json(TargetResources).modifiedProperties\\r\\n| mv-expand modifiedProperties\\r\\n| extend targetDisplayName = tostring(parse_json(modifiedProperties).displayName), NewDomainValue=tostring(parse_json(modifiedProperties).newValue)\\r\\n| where NewDomainValue has \\\"Federated\\\"\\r\\n))\\r\\n| where UserPrincipalName in ({UserPrincipalName})\\r\\n| limit 1\\r\\n| summarize count()\\r\\n| extend Results = iff(count_ ==0, \\\"No\\\", \\\"Yes\\\")\\r\\n| project Results\",\"crossComponentResources\":[\"{Workspace}\"],\"isHiddenWhenLocked\":true,\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"Results112\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# 📝 [Audit Logs](https://docs.microsoft.com/azure/azure-monitor/reference/tables/auditlogs)\\n---\\n\\nThis section provides accountability and traceability for **administrative and user activities** across cloud services. It directly supports GDPR requirements for **records of processing activities (Art. 30)**, **security of processing (Art. 32)**, and **accountability (Art. 5(2))** by ensuring that all actions related to personal data can be tracked, reviewed, and evidenced. \\n\\nKey objectives of this section: \\n- Detect **risky administrative actions** such as password resets, consent grants, or policy changes \\n- Identify **suspicious logins** from inactive accounts or unusual sources that may indicate misuse of personal data \\n- Monitor for **rare or unexpected audit events** that could signal attempts to bypass controls \\n- Provide a reliable record of **who accessed what, when, and with what privileges** \\n- Supply auditors with verifiable evidence of **control enforcement, activity logging, and retention** \\n\\nBy reviewing these metrics, analysts can confirm that **all processing activities are logged and monitored**, supporting GDPR requirements for transparency, oversight, and demonstrable compliance.\\n\"},\"name\":\"text - 2\"}]},\"customWidth\":\"40\",\"name\":\"group - 27\"},{\"type\":1,\"content\":{\"json\":\"\"},\"customWidth\":\"10\",\"name\":\"text - 26\"},{\"type\":1,\"content\":{\"json\":\"| Audit Log (Entra ID)) | - | - |\\r\\n|:--| :--| :--|\\r\\n| Changing Passwords Across Multiple Cloud Accounts | Credential & Secret Search Activity by Users | Unexpected Logins From Inactive Accounts |\\r\\n| Rare Audit Activity Initiated |Suspicious Consent to Application Discovery |\\r\\n\\r\\nPanels in this section are dynamically rendered based on the selected Subscription, Workspace, Time range and User. Only panels with data are shown.\"},\"customWidth\":\"40\",\"name\":\"SI OV\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let action = dynamic([\\\"change \\\", \\\"changed \\\", \\\"reset \\\"]);\\r\\nlet pWord = dynamic([\\\"password \\\", \\\"credentials \\\"]);\\r\\n(union isfuzzy=true\\r\\n (SecurityEvent\\r\\n | where EventID in (4723, 4724)\\r\\n | summarize\\r\\n StartTimeUtc = min(TimeGenerated),\\r\\n EndTimeUtc = max(TimeGenerated),\\r\\n ResultDescriptions = makeset(Activity),\\r\\n ActionCount = count()\\r\\n by\\r\\n Resource = Computer,\\r\\n OperationName = strcat(\\\"TargetAccount: \\\", TargetUserName),\\r\\n UserId = Account,\\r\\n Type\\r\\n ),\\r\\n (AuditLogs\\r\\n | where OperationName has_any (pWord) and OperationName has_any (action)\\r\\n | extend InitiatedBy = tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName) \\r\\n | extend TargetUserPrincipalName = tostring(TargetResources[0].userPrincipalName) \\r\\n | where ResultDescription != \\\"None\\\" \\r\\n | summarize\\r\\n StartTimeUtc = min(TimeGenerated),\\r\\n EndTimeUtc = max(TimeGenerated),\\r\\n ResultDescriptions = makeset(ResultDescription),\\r\\n CorrelationIds = makeset(CorrelationId),\\r\\n ActionCount = count()\\r\\n by\\r\\n OperationName = strcat(Category, \\\" - \\\", OperationName, \\\" - \\\", Result),\\r\\n Resource,\\r\\n UserId = TargetUserPrincipalName,\\r\\n Type\\r\\n | extend ResultDescriptions = tostring(ResultDescriptions)\\r\\n ),\\r\\n (OfficeActivity\\r\\n | where (ExtendedProperties has_any (pWord) or ModifiedProperties has_any (pWord)) and (ExtendedProperties has_any (action) or ModifiedProperties has_any (action))\\r\\n | extend ResultDescriptions = case(\\r\\n OfficeWorkload =~ \\\"AzureActiveDirectory\\\",\\r\\n tostring(ExtendedProperties),\\r\\n OfficeWorkload has_any (\\\"Exchange\\\", \\\"OneDrive\\\"),\\r\\n OfficeObjectId,\\r\\n RecordType\\r\\n ) \\r\\n | summarize\\r\\n StartTimeUtc = min(TimeGenerated),\\r\\n EndTimeUtc = max(TimeGenerated),\\r\\n ResultDescriptions = makeset(ResultDescriptions),\\r\\n ActionCount = count()\\r\\n by\\r\\n Resource = OfficeWorkload,\\r\\n OperationName = strcat(Operation, \\\" - \\\", ResultStatus),\\r\\n IPAddress = ClientIP,\\r\\n UserId,\\r\\n Type\\r\\n ),\\r\\n (Syslog\\r\\n | where SyslogMessage has_any (pWord) and SyslogMessage has_any (action)\\r\\n | summarize\\r\\n StartTimeUtc = min(TimeGenerated),\\r\\n EndTimeUtc = max(TimeGenerated),\\r\\n ResultDescriptions = makeset(SyslogMessage),\\r\\n ActionCount = count()\\r\\n by\\r\\n Resource = HostName,\\r\\n OperationName = Facility,\\r\\n IPAddress = HostIP,\\r\\n ProcessName,\\r\\n Type\\r\\n ),\\r\\n (SigninLogs\\r\\n | where OperationName =~ \\\"Sign-in activity\\\" and ResultType has_any (\\\"50125\\\", \\\"50133\\\")\\r\\n | summarize\\r\\n StartTimeUtc = min(TimeGenerated),\\r\\n EndTimeUtc = max(TimeGenerated),\\r\\n ResultDescriptions = makeset(ResultDescription),\\r\\n CorrelationIds = makeset(CorrelationId),\\r\\n ActionCount = count()\\r\\n by\\r\\n Resource,\\r\\n OperationName = strcat(OperationName, \\\" - \\\", ResultType),\\r\\n IPAddress,\\r\\n UserId = UserPrincipalName,\\r\\n Type\\r\\n )\\r\\n)\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserId in ({UserPrincipalName})\\r\\n| summarize LogSource=make_set(Type), ActionCount=sum(ActionCount) by UserId\\r\\n| sort by ActionCount desc\\r\\n| limit 100\",\"size\":0,\"showAnalytics\":true,\"title\":\"Changing Passwords Across Multiple Cloud Accounts\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"orange\"}},{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeWorkload\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}}],\"filter\":true}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results103\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results103\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"// Extend this list with items to search for\\r\\nlet keywords = dynamic([\\\"password\\\", \\\"pwd\\\", \\\"creds\\\", \\\"credentials\\\", \\\"secret\\\"]);\\r\\n// To exclude key phrases or tables to exclude add to these lists\\r\\nlet table_exclusions = dynamic([\\\"AuditLogs\\\", \\\"SigninLogs\\\", \\\"LAQueryLogs\\\", \\\"SecurityEvent\\\"]);\\r\\nlet keyword_exclusion = dynamic([\\\"reset user password\\\", \\\"change user password\\\"]);\\r\\nLAQueryLogs\\r\\n| where RequestClientApp != 'Sentinel-General'\\r\\n| extend querytext_lower = tolower(QueryText)\\r\\n| where querytext_lower has_any(keywords)\\r\\n| project TimeGenerated, AADEmail, QueryText, RequestClientApp, RequestTarget, ResponseCode, ResponseRowCount, ResponseDurationMs, CorrelationId\\r\\n| extend timestamp = TimeGenerated, Username = AADEmail\\r\\n| join kind=leftanti (LAQueryLogs\\r\\n | where RequestClientApp != 'Sentinel-General'\\r\\n | extend querytext_lower = tolower(QueryText)\\r\\n | where QueryText has_any(table_exclusions) or querytext_lower has_any(keyword_exclusion))\\r\\n on CorrelationId\\r\\n| where isnotempty(Username) and ResponseRowCount > 0\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or Username in ({UserPrincipalName})\\r\\n| summarize count() by Username\\r\\n| sort by count_ desc\\r\\n| limit 100\",\"size\":0,\"showAnalytics\":true,\"title\":\"Credential & Secret Search Activity by Users\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Username\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"orange\"}},{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeWorkload\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}}],\"filter\":true}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results104\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results104\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let recentWindow = 1d; // Accounts that logged in recently\\r\\nlet historyWindow = 30d; // Look back period for prior logins\\r\\nlet newAccountWindow = 7d; // Exclude accounts created in last 7 days\\r\\n// Step 1: Recent successful logins\\r\\nlet recentLogins = SigninLogs\\r\\n| where TimeGenerated >= ago(recentWindow)\\r\\n| where ResultType == 0\\r\\n| summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), loginCountRecent = count() \\r\\n by UserPrincipalName, Identity;\\r\\n// Step 2: Exclude accounts that had successful logins in the historical period\\r\\nlet historicalLogins = SigninLogs\\r\\n| where TimeGenerated between (ago(historyWindow) .. ago(recentWindow))\\r\\n| where ResultType == 0\\r\\n| summarize by UserPrincipalName, Identity;\\r\\nlet dormantLogins = recentLogins\\r\\n| join kind=leftanti (historicalLogins) on UserPrincipalName;\\r\\n// Step 3: Exclude newly created accounts\\r\\nlet newAccounts = AuditLogs\\r\\n| where TimeGenerated >= ago(newAccountWindow)\\r\\n| where OperationName == \\\"Add user\\\"\\r\\n| extend NewUserPrincipalName = tolower(extractjson(\\\"$.userPrincipalName\\\", tostring(TargetResources[0]), typeof(string)));\\r\\ndormantLogins\\r\\n| join kind=leftanti (newAccounts) on $left.UserPrincipalName == $right.NewUserPrincipalName\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or UserPrincipalName in ({UserPrincipalName})\\r\\n| summarize count() by UserPrincipalName\\r\\n| sort by count_ desc\\r\\n| limit 100\",\"size\":0,\"showAnalytics\":true,\"title\":\"Unexpected Logins From Inactive Accounts\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserPrincipalName\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"Person\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"orange\"}},{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeWorkload\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}}],\"filter\":true}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results105\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results105\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let current = 1d;\\r\\nlet auditLookback = {TimeRange:grain};\\r\\nlet propertyIgnoreList = dynamic([\\\"TargetId.UserType\\\", \\\"StsRefreshTokensValidFrom\\\", \\\"LastDirSyncTime\\\", \\\"DeviceOSVersion\\\", \\\"CloudDeviceOSVersion\\\", \\\"DeviceObjectVersion\\\"]);\\r\\nlet AuditTrail = AuditLogs\\r\\n | where TimeGenerated >= ago(auditLookback) and TimeGenerated < ago(current)\\r\\n | where isnotempty(tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName))\\r\\n | extend InitiatedByUser = tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName)\\r\\n | extend InitiatedByIPAddress = tostring(parse_json(tostring(InitiatedBy.user)).ipAddress)\\r\\n | extend ModProps = TargetResources.[0].modifiedProperties\\r\\n | extend TargetUserPrincipalName = tolower(tostring(TargetResources.[0].userPrincipalName))\\r\\n | extend TargetResourceName = tolower(tostring(TargetResources.[0].displayName))\\r\\n | mv-expand ModProps\\r\\n | extend PropertyName = tostring(ModProps.displayName), newValue = tostring(parse_json(tostring(ModProps.newValue))[0])\\r\\n | where PropertyName !in~ (propertyIgnoreList) and (PropertyName !~ \\\"Action Client Name\\\" and newValue !~ \\\"DirectorySync\\\") and (PropertyName !~ \\\"Included Updated Properties\\\" and newValue !~ \\\"LastDirSyncTime\\\")\\r\\n | summarize count() by OperationName, InitiatedByUser, InitiatedByIPAddress, TargetUserPrincipalName, PropertyName, TargetResourceName;\\r\\nlet AccountMods = AuditLogs \\r\\n | where TimeGenerated >= ago(current)\\r\\n | where isnotempty(tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName))\\r\\n | extend InitiatedByUser = tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName)\\r\\n | extend InitiatedByIPAddress = tostring(parse_json(tostring(InitiatedBy.user)).ipAddress)\\r\\n | extend ModProps = TargetResources.[0].modifiedProperties\\r\\n | extend TargetUserPrincipalName = tolower(tostring(TargetResources.[0].userPrincipalName))\\r\\n | extend TargetResourceName = tolower(tostring(TargetResources.[0].displayName))\\r\\n | mv-expand ModProps\\r\\n | extend PropertyName = tostring(ModProps.displayName), newValue = tostring(parse_json(tostring(ModProps.newValue))[0])\\r\\n | where PropertyName !in~ (propertyIgnoreList) and (PropertyName !~ \\\"Action Client Name\\\" and newValue !~ \\\"DirectorySync\\\") and (PropertyName !~ \\\"Included Updated Properties\\\" and newValue !~ \\\"LastDirSyncTime\\\")\\r\\n | extend ModifiedProps = pack(\\\"PropertyName\\\", PropertyName, \\\"newValue\\\", newValue, \\\"Id\\\", Id, \\\"CorrelationId\\\", CorrelationId) \\r\\n | summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated), Activity = make_bag(ModifiedProps) by Type, InitiatedByUser, InitiatedByIPAddress, TargetUserPrincipalName, Category, OperationName, PropertyName, TargetResourceName;\\r\\nlet RareAudits = AccountMods\\r\\n | join kind= leftanti (\\r\\n AuditTrail \\r\\n )\\r\\n on OperationName, InitiatedByUser, InitiatedByIPAddress;//, TargetUserPrincipalName, PropertyName; //uncomment if you want to see Rare Property changes to a given TargetUserPrincipalName.\\r\\nRareAudits \\r\\n| summarize StartTime = min(StartTimeUtc), EndTime = max(EndTimeUtc), make_set(Activity), make_set(PropertyName) by Type, InitiatedByUser, InitiatedByIPAddress, OperationName, TargetUserPrincipalName, TargetResourceName\\r\\n| extend StartTime, InitiatedByUser, Hostname = iff(set_PropertyName has_any ('DeviceOSType', 'CloudDeviceOSType'), TargetResourceName, ''), InitiatedByIPAddress\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or InitiatedByUser in ({UserPrincipalName})\\r\\n| distinct InitiatedByUser, OperationName, StartTime\\r\\n| sort by StartTime desc\\r\\n| limit 100\",\"size\":0,\"showAnalytics\":true,\"title\":\"Rare Audit Activity Initiated\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"InitiatedByUser\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"pending\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeWorkload\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}}],\"filter\":true}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results107\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results107\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let auditLookback = {TimeRange:grain};\\r\\n// Setting threshold to 3 as a default, change as needed. Any operation that has been initiated by a user or app more than 3 times in the past 30 days will be exluded\\r\\nlet threshold = 3;\\r\\n// Helper function to extract relevant fields from AuditLog events\\r\\nlet auditLogEvents = view (startTimeSpan: timespan) {\\r\\n AuditLogs\\r\\n | where TimeGenerated >= ago(auditLookback)\\r\\n | extend ModProps = TargetResources.[0].modifiedProperties\\r\\n | extend IpAddress = iff(isnotempty(tostring(parse_json(tostring(InitiatedBy.user)).ipAddress)), \\r\\n tostring(parse_json(tostring(InitiatedBy.user)).ipAddress), tostring(parse_json(tostring(InitiatedBy.app)).ipAddress))\\r\\n | extend InitiatedBy = iff(isnotempty(tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName)), \\r\\n tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName), tostring(parse_json(tostring(InitiatedBy.app)).displayName))\\r\\n | extend TargetResourceName = tolower(tostring(TargetResources.[0].displayName))\\r\\n | mvexpand ModProps\\r\\n | extend PropertyName = tostring(ModProps.displayName), newValue = replace('\\\\\\\"', \\\"\\\", tostring(ModProps.newValue));\\r\\n};\\r\\n// Get just the InitiatedBy and CorrleationId so we can look at associated audit activity\\r\\n// 2 other operations that can be part of malicious activity in this situation are \\r\\n// \\\"Add OAuth2PermissionGrant\\\" and \\\"Add service principal\\\", replace the below if you are interested in those as starting points for OperationName\\r\\nlet HistoricalConsent = auditLogEvents(auditLookback) \\r\\n | where OperationName == \\\"Consent to application\\\"\\r\\n | summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated), OperationCount = count() \\r\\n by Type, InitiatedBy, IpAddress, TargetResourceName, Category, OperationName, PropertyName, newValue, CorrelationId, Id\\r\\n// Remove comment below to only include operations initiated by a user or app that is above the threshold for the last 30 days\\r\\n//| where OperationCount > threshold\\r\\n;\\r\\nlet Correlate = HistoricalConsent \\r\\n | summarize by InitiatedBy, CorrelationId;\\r\\n// 2 other operations that can be part of malicious activity in this situation are \\r\\n// \\\"Add OAuth2PermissionGrant\\\" and \\\"Add service principal\\\", replace the below if you changed the starting OperationName above\\r\\nlet allOtherEvents = auditLogEvents(auditLookback) \\r\\n | where OperationName != \\\"Consent to application\\\";\\r\\n// Gather associated activity based on audit activity for \\\"Consent to application\\\" and InitiatedBy and CorrleationId\\r\\nlet CorrelatedEvents = Correlate \\r\\n | join allOtherEvents on InitiatedBy, CorrelationId\\r\\n | summarize StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated) \\r\\n by Type, InitiatedBy, IpAddress, TargetResourceName, Category, OperationName, PropertyName, newValue, CorrelationId, Id\\r\\n;\\r\\n// Union the results\\r\\nlet Results = union isfuzzy=true HistoricalConsent, CorrelatedEvents;\\r\\n// newValues that are simple semi-colon separated, make those dynamic for easy viewing and Aggregate into the PropertyUpdate set based on CorrelationId and Id(DirectoryId)\\r\\nResults\\r\\n| extend newValue = split(newValue, \\\";\\\")\\r\\n| extend PropertyUpdate = pack(PropertyName, newValue, \\\"Id\\\", Id)\\r\\n// Extract scope requested\\r\\n| extend perms = tostring(parse_json(tostring(PropertyUpdate.[\\\"ConsentAction.Permissions\\\"]))[0])\\r\\n| extend scope = extract('Scope:\\\\\\\\s*([^,\\\\\\\\]]*)', 1, perms)\\r\\n// Filter out some common openid, and low privilege request scopes - uncomment line below to filter out where no scope is requested\\r\\n//| where isnotempty(scope)\\r\\n| where scope !contains 'openid' and scope !in ('user_impersonation', 'User.Read')\\r\\n| summarize StartTime = min(StartTimeUtc), EndTime = max(EndTimeUtc), PropertyUpdateSet = make_bag(PropertyUpdate), make_set(scope)\\r\\n by InitiatedBy, IpAddress, TargetResourceName, OperationName, CorrelationId\\r\\n| extend StartTime, InitiatedBy, IpAddress\\r\\n| where \\\"{UserPrincipalName:label}\\\" == \\\"All\\\" or InitiatedBy in ({UserPrincipalName})\\r\\n| summarize count() by InitiatedBy\\r\\n| sort by count_ desc\",\"size\":0,\"showAnalytics\":true,\"title\":\"Suspicious Consent to Application Discovery\",\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"crossComponentResources\":[\"{Workspace}\"],\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"UserId\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"Operation\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"OfficeWorkload\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"resource\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"count_\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}}]}},\"customWidth\":\"50\",\"conditionalVisibility\":{\"parameterName\":\"Results108\",\"comparison\":\"isEqualTo\",\"value\":\"Yes\"},\"name\":\"Results108\",\"styleSettings\":{\"maxWidth\":\"50\"}}]},\"conditionalVisibility\":{\"parameterName\":\"isAuditLogsVisible\",\"comparison\":\"isEqualTo\",\"value\":\"true\"},\"name\":\"Audit Logs Group\"}],\"fromTemplateId\":\"\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n", + "version": "1.0", + "sourceId": "[variables('workspaceResourceId')]", + "category": "sentinel" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId1'),'/'))))]", + "properties": { + "description": "@{workbookKey=GDPRComplianceAndDataSecurity; logoFileName=Azure_Sentinel.svg; description=This workbook helps you track, visualize and monitor GDPR related requirements across your enterprise. It consolidates data from Defender XDR, Microsoft Purview, Azure SQL Databases, Microsoft 365, UEBA and Entra ID solution.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=GDPR Compliance And Data Security; templateRelativePath=GDPRComplianceAndDataSecurity.json; subtitle=; provider=Microsoft}.description", + "parentId": "[variables('workbookId1')]", + "contentId": "[variables('_workbookContentId1')]", + "kind": "Workbook", + "version": "[variables('workbookVersion1')]", + "source": { + "kind": "Solution", + "name": "GDPR Compliance & Data Security", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "tier": "Microsoft", + "link": "https://support.microsoft.com" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "contentId": "SecurityAlert", + "kind": "DataType" + }, + { + "contentId": "SecurityIncident", + "kind": "DataType" + }, + { + "contentId": "PurviewDataSensitivityLogs", + "kind": "DataType" + }, + { + "contentId": "MicrosoftPurviewInformationProtection", + "kind": "DataType" + }, + { + "contentId": "AzureDiagnostics", + "kind": "DataType" + }, + { + "contentId": "BehaviorAnalytics", + "kind": "DataType" + }, + { + "contentId": "OfficeActivity", + "kind": "DataType" + }, + { + "contentId": "SigninLogs", + "kind": "DataType" + }, + { + "contentId": "AuditLogs", + "kind": "DataType" + }, + { + "contentId": "AADUserRiskEvents", + "kind": "DataType" + }, + { + "contentId": "MicrosoftThreatProtection", + "kind": "DataConnector" + }, + { + "contentId": "MicrosoftAzurePurview", + "kind": "DataConnector" + }, + { + "contentId": "MicrosoftPurviewInformationProtection", + "kind": "DataConnector" + }, + { + "contentId": "AzureSql", + "kind": "DataConnector" + }, + { + "contentId": "Office365", + "kind": "DataConnector" + }, + { + "contentId": "AzureActiveDirectory", + "kind": "DataConnector" + } + ] + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_workbookContentId1')]", + "contentKind": "Workbook", + "displayName": "[parameters('workbook1-name')]", + "contentProductId": "[variables('_workbookcontentProductId1')]", + "id": "[variables('_workbookcontentProductId1')]", + "version": "[variables('workbookVersion1')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages", + "apiVersion": "2023-04-01-preview", + "location": "[parameters('workspace-location')]", + "properties": { + "version": "3.0.0", + "kind": "Solution", + "contentSchemaVersion": "3.0.0", + "displayName": "GDPR Compliance & Data Security", + "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation", + "descriptionHtml": "

      Note: Please refer to the following before installing the solution:

      \n

      • Review the solution Release Notes

      \n

      • There may be known issues pertaining to this Solution, please refer to them before installing.

      \n

      This workbook helps you track, visualize and monitor GDPR related requirements across your enterprise. It consolidates data from Defender XDR, Microsoft Purview, Azure SQL Databases, Microsoft 365, UEBA and Entra ID solution.

      \n

      Workbooks: 1

      \n

      Learn more about Microsoft Sentinel | Learn more about Solutions

      \n", + "contentKind": "Solution", + "contentProductId": "[variables('_solutioncontentProductId')]", + "id": "[variables('_solutioncontentProductId')]", + "icon": "", + "contentId": "[variables('_solutionId')]", + "parentId": "[variables('_solutionId')]", + "source": { + "kind": "Solution", + "name": "GDPR Compliance & Data Security", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "tier": "Microsoft", + "link": "https://support.microsoft.com" + }, + "dependencies": { + "criteria": [ + { + "kind": "Workbook", + "contentId": "[variables('_workbookContentId1')]", + "version": "[variables('workbookVersion1')]" + }, + { + "kind": "Solution", + "contentId": "azuresentinel.azure-sentinel-solution-microsoft365defender" + }, + { + "kind": "Solution", + "contentId": "azuresentinel.azure-sentinel-solution-azurepurview" + }, + { + "kind": "Solution", + "contentId": "azuresentinel.azure-sentinel-solution-mip" + }, + { + "kind": "Solution", + "contentId": "azuresentinel.sentinel4sql" + }, + { + "kind": "Solution", + "contentId": "azuresentinel.azure-sentinel-solution-office365" + }, + { + "kind": "Solution", + "contentId": "azuresentinel.azure-sentinel-solution-azureactivedirectory" + } + ] + }, + "firstPublishDate": "2025-10-08", + "providers": [ + "Microsoft" + ], + "categories": { + "domains": [ + "Compliance" + ] + } + }, + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]" + } + ], + "outputs": {} +} diff --git a/Solutions/GDPR Compliance & Data Security/Package/testParameters.json b/Solutions/GDPR Compliance & Data Security/Package/testParameters.json new file mode 100644 index 00000000000..b4e186ad09c --- /dev/null +++ b/Solutions/GDPR Compliance & Data Security/Package/testParameters.json @@ -0,0 +1,32 @@ +{ + "location": { + "type": "string", + "minLength": 1, + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`. We instead use the `workspace-location` which is derived from the LA workspace" + } + }, + "workspace-location": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]" + } + }, + "workspace": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup" + } + }, + "workbook1-name": { + "type": "string", + "defaultValue": "GDPR Compliance And Data Security", + "minLength": 1, + "metadata": { + "description": "Name for the workbook" + } + } +} diff --git a/Solutions/GDPR Compliance & Data Security/ReleaseNotes.md b/Solutions/GDPR Compliance & Data Security/ReleaseNotes.md new file mode 100644 index 00000000000..ede3a944c62 --- /dev/null +++ b/Solutions/GDPR Compliance & Data Security/ReleaseNotes.md @@ -0,0 +1,3 @@ +| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | +|-------------|--------------------------------|----------------------------------------------------------------------------------------------------| +| 3.0.0 | 08-10-2025 | Initial Solution Release | \ No newline at end of file From 6e28d59f0b7571514b342aa64fbe81185019f219 Mon Sep 17 00:00:00 2001 From: v-shukore Date: Thu, 9 Oct 2025 16:15:15 +0530 Subject: [PATCH 7/8] packaged solution --- .../Package/3.0.0.zip | Bin 55887 -> 55887 bytes .../Package/mainTemplate.json | 2 +- .../SolutionMetadata.json | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Solutions/GDPR Compliance & Data Security/Package/3.0.0.zip b/Solutions/GDPR Compliance & Data Security/Package/3.0.0.zip index 776d0b4e5acdc98c0a2b7e4b5c215a05843a5c30..20eb1932b06c7714d318033c0bdb27c5b5059257 100644 GIT binary patch delta 4142 zcmV+}5Yg|?v;)ty0}N100|XQR000O8uYs`)Zw3vofk|7vFbl&K(*OWBvxo-L0)Hi9 zxAZ?P-P9WSli2do*)1IT7M!ca=gu#OH#eDmF?XuZTdmhlDMG2m14%hfd|Mw#b{@x( z59d)j4&7IEO3~|yzqgyh^}$KR>F6@yhq^i6Z6agkT$ zb44tqHfNyFl$P$?Loel?%Ov9ILbyr6gC9;}c13*>^Fwu9`YCdQM&JoGkYc;l?nsW+ zn#AOal53->B3hNtp!CX(*N|rmcV1RPbIRG|JNjfoBA-8tvJ(-%za(!G62Y>w7q(Z8 z#}=Q`g4fkVy9=<820`q-#(yI*&OAUcn44GG&L%ONkT{_xy{w|c3sE}K?+snkA<33+%q+2eiwV~!Cie5-h2`oG*!%z1HT znwVeM(sxoxE{wjLK9qET*EAB?kYD1M_!SLG58k#~1FL0MG_7V7=YIj}i%ZH=MiE_- zaKh1yO;HkK?{yPhQ9i{X{R2Tb^3j+@G|}>AOaM@P6q8@4G!{_C5r#7tBgBYA35h2$ z<>UaJB*nfcqnC=v#FZ`&cz8_ZGVJA(NZnWhBfo&5*qyT zoqI_G_4WaKi|0mq3qs0Dc!H_Ov42ZK=$QM^R7wfrqa#FvU@!k! zfYsYY0Q-KoiNtmAYMAq#d!p(4EkQ!=W;^Y6m-sEK z*S1@h)55mpw&9;W;G}ZeVj6Lns{(`;Vw|@oD882n=cB=#-F4fZJ+Q5QXV|x#j%QoLRtsD00kQjC zOa{0YYyfjF=$Jgm(I^LV&K#Jl*t|GrV7r9QOn*}?Zfc?zabX zKDE2U_MA_>mNT!H-EIwg%SNpD*0l%Dyl?$}Uk=%N4*-C}kX=8R@`R1m!N6?`V3kKQ zZ$Y9rPiCP!_z4X|NnlJ!X)T77#Sa(&#<<$_=GALuz(|PwY0BST#FuEsMwkIoz!|~6 z(tni^pNh+$$N1RA2|zp%J-ddL#hNyhkvH0 z`v>%p0Q{gvLk~pc;lt~vaF94+V;r)nyc9THggrSSeDu*YngS>w?0JN9G{Fh*MzCob zRo#u4`%nM+pV3KlMR-C-psQ#!#8JU6V#;6V=H+x0Su_&A!Krf4XCaqd;w#Ext~Z%p zEVL5Wt#+q-f+oMa-Gk9_r&1LizfnqLHaU7)H1p$wpYo+k-d zJQi|^p2cI~bblN@#ff*BnUW%8uT9#v?Km6o%9I0H`3ZzmrCiAwYv$WL zycpO{iUB_L4XB@TOkPNWM40L$-?-%F`Htj7c_YFXl{)}3Fl!?1u?OIhMnohcT(?!D#- z^e1}51uo+Yxa-UgIK)12Y%;W3ok81jhPZDHoIbXke%lS)K4}jex1hQ24+n#;<5*tD z?^#aIYkyh8p3}A3zU`4#-yih4-HmX>!zZVoC;$OpczaND3ur)Hb*nub;%=*N4g7A$ za>$@%x!%CDNC#uP-EFsBMgG>kYJ-{mM6cXr$M5#ln-|*cc6exZu7B_Juw|2$Z8@M99S%v~8uWu+t2-qA zu-DoM3`{ZX6NP}BBzd zy-t7F^=!b%wp@Zc*3hwA&VY1UuG`<}X)A5QCki@R7xD=_ zXn$?C3R**V=s8xWZ4WG`o%(F)|FXY{f9c+T{^P&? z->A_j8b7|yOdpK~dYAKG;H9>y_lGp}UNWxiCt0j4{05ttkeI{u3tR6&x=i%vKmOZ) z0SA~$W5>fMr~6_V+ApQxz#-i+nkXb#x>NXQM3{~nuz)Fscx5~yxf%cYA5o)WntwLL z91kfMJ|)sqLVBUh5ayhKF;08`RQaOFnT6AkT-ON3iNMbyH}Ajv18OuX%o%ce>7*iE zLcpAE`W$Je7~@TnOg*Y~Fh?%8cFuA>_PBWSJN`8g^2~IUt z`-?%fFAVlPHjNUj{EYN95&Z)T5cbD3qC5fobd~!3n1@@9o{AcB!yRTNL-cA$Pg`_X z9#$ZrfBqNc5T_pD*XWeQW6A*uD$fV`=c9-NH0JS*bi-m%B#|q^F+n5(e1GUG@1zmo ziN;lBFPR*k`buL&v7pE4!;oJsB<=Af=dDHq?NzyheVu=RY{URx5tt%#H-tqzd~&KBpLsKVFbeS;WSdt58RHmUi`A>BMg)7M4a>JSL)>FA zK&9ySkm6AUsMXV(G!NZ8`hWlUU(tzvL0_X|vG94vp-bM+3JPolq;{nR|g?CZxEhpvWi`Psc44--QQbT(b}%O!kg|;d($1N!Bp_SL@xUqAj!_E*i5(y=i$W8j=s`k!)yeMwsm8L7z?(*OV;vxo-L0)G!i z{v@`%bQTLoz6IxJ@wxNJVa&~BU(6lpb5-lIQ_Np#@jz0D6W`Vw&-Q&B`LOTOwsl|C zDMh0v{@!j1zXvA~r=!b+AL{0Ow~36EmscR(YjF}y*Ul!ygZr^f{9(TO^g-|LH+K)S zb?D`%>)CBC>up`T)^2ke(O;)TzJHuOW8oK-D>v6((V}>7Rb%8gFIMwBJ=)SqXCVJ< zLSljNaF}i~MK^Hjb2eJFV#P6>#>}63>B7~4CHOVTorDQ}&29^hZnwF6?e2=dAbEmk z@&wfwbGwVKKdWWP0hS%QoTcJaHQX2PMNe4VaLC2S1#|?27s%=7;LI^i$*pEx;3MAis92-I1KBHHpa;CD%q% zMVu<1LFttnuOZL=?Yyjn=9GiUcl61GL_U8OWhWwje@WgXB!XpUFKn+Gk1al>1+S}# zb{AkF4T9KvjYndfd4OOrF@LYJolRmkA#p-Yx>!YT7ov2e-y6E7$z{f}U&$*)IbtS> zJf@Mpto+2cAkU-|mF1e33$cI!67ukJGRFJ-#~i~^_*U`4^nbadnDgSwG%>%hrSGJY zTo`>feJJSwuW2N(A-}{i@hcjX9=vU}23E_iXj;t>&I8mJmz1XrA%D6g;e?|Zo1!Gf z-s>j1qI`-&`Uiq=y7X)K_OBMfIQMu-uK5)w~h%Ed ze=Jt`C`w|CP9CNb&3{4qiuHea*jo6ivqPhN65^TWR7-c9$pMx33oI##sW?c131E=7 z=R4}bpYPl|2U(WDFo*U*>wKqqzC#l-=I1;2UcNmSFnzvrZ`eH7kMMlwUSWXW{u-X@ zWt}8soDP&NR*kk&FW8J|@leVvXHz!?oQo5<+6afDrCOW~Yk%g?B{cZwJNJ@!N}A_8 zzfMU!6C+7k3!0;&zeNTs#WG}1E0F#9d3=5zy+gnwAY1=y60_eEFG1W`*oiMzB!Cdm zFN;W&Xj&t-f4*}C!q>ffQi_Fzz7h-np87tCe!e8p6Xv}xZQw<=NsW!vPv<+?M)apq zj3<|eDcX|v34cSL?{sX(Z?)aPa(YACaykLFaL^rEey`u^cf5f+2=MvN`{vuU2kH65 zA7b0WgN|o8{a)J|b_TxHb%Q|=bo`Fr8HgFyyI1o<&3o)Ey+=MBk8uo0!JQS4zi>I? zu+b6XNemp?`T66lUUz3w_ky{nKV$%OmR;uqzmVa-x_VqC1EAnOnSRWdObW9WYJ`V&Fri9AlFf;(H@N)sa()9t_ z#WdnDR|N-ER-(d}?=x?Kz)% zEoWXYyWJZ0mW^2Pt!odQdEff|z8tdk9smG`A-jGs-;=AKaYMUp~uDq6zia8Z8TtMdyh#(VjRj?=jzn3se}m;W z8VBh7JetSHHyWF9@{Pt^ULK~K&(Aj+n}2ciYq0ccg^|YGcf#($eV{-8@t^+@ zJym;@*C56cir(as1WCGS9FiCWm&ivn@~E#iuXmrV%G{PX1DNJt{vJKXG=kHmE)C(n zXp}J2XowT>Ld-c0sIr{EBpehV3B7`*f(FrOggkadVmu;^hExfZ4oy$@59lEQ_!-v;T;UICu#yDhCc`0zZ2zzou_~@f)GzCyV*z*YIXo3^qjbPI>s=6C7_n-dt zKckcAitvPvKv&Udh@*mC#FW3z&CBU1vS=iJgHz?8&q6M_#8;HXTyHYHSZF1#TkZ0n z{u4YC(1M{x!-H3e@YJUXBJdl$5r62By-5@kFh>|Ln}a3MT3%iofGsed>P?Dc}a z(`#GZVGvl3KWJNnp4+loxJNwC>vVC~-hk8ik(2l|hPOJwAsnapES{41{^vjb^WPz8 zl#(lxB>_@ps6Zs|0yrd~A&@vcnS_*ZK;dJO#9$)KS$Qk4lmzn>n#F5Wtk;1gXca8b zcp4^DF3{w~St2*ND?0i_aDTNV7QZz!DlY{%I*MrYgpE>$Jtvrz&I!#CcChbL$qQ({ z^_i5-a`G|`L&>?$;ZqYjCPGj4M#0WprYYC{W4Fx6V`L;1gvW zmW3X$$!t}m@~8jne@2bQ_v{+Lby}o`jRul{A^()KAr=wDVl-wkL4V#Q@m{;^4dKWo zp&Ul3x&#BGxdU>Aqa=L~+KlY6I3|3;A|FVYJQuV_4n_yfjC(m2;j8?6JHBJ%es~4nLirOXI9iK)@e*RQ>hk`MFq_IKlJtT|)(X zh4zL^mXhmy_PZwrXC^;vyqr9rbgbA!wAXH}dOA-#y{_(e^MB(JXz^>HrLc_qieog~ zb@uG`sw)H1eDf6nk+n{uwPuDsC($;bMR2_mUc0N#E;{9*HJkpG02hsKf#}gcXsk-! z02lof7?X*ihf%zV{7U@OBDWV%68b-+SR1=}rqKK%*y{pS9SCIr_47PQz~ZrxOY|%r z3#a4gDNel0+$d^ld& zbKO4fc8EoA$F&@XbgV(kAy&WR^m=X5wr$7RfLEp*$jVP3oGRr?&R8?w=HbP_c2W%R zsc%62lw`p09#g`aZqko@pn6gkj!3p(p-^A~NB8p!L zmriq)UGzsee+>Mcyr{|r=hl_7u~o|wSGDf^f*pnhyjsc_`=(Rnp;2v>Z)7q;ShIQeQV%%JC;KREz9)= zo<%ws+wE??eBVCOdw&uim`SZnxt*I0!7#@A;Nv4_s?V{J`o5zUO1l z?UB|dRyWE^GQlT$t!3Hfb9~o$h6AL)ygh+g)rqo`)^BKkzNL*Xnip!>(_G z&sB~)bDUNO_W~<$2OY~9wz1_B+_8p^-Esz`({kPZMo(L56FyPU(YlaN;6ZD%RnQu` zLx0b)I&FJkIW3=918fIYyB9dv_BsP>4>u##S~2s9US+0Oy5pBQ&zR%0A6W8yDh^m4 zb+wb{77RT_6_j0o2049Z_~Ccbx8^G_#{YfhfpV6_Q!kmu#I!5rJx?e{EFR$qJe{R0 z1el5f2HsA>OeCFO_&sxocVI6PCV_Y8VSi?vMeo#SOaGVsP5evu{_`LI_5VhVM$!23 zb!Pf#G|;=8{{k?+<*m4F~lX~5y{Q?&;N)T4b!wC=6FcC@P8?h zo)XdvWri^41dMUo`=`nmMb0dohUB_NFir%17P)!<VH6u1~4;X3}ICe{!rR+Wh%`N z%C9ALSjmm?AO9;rT51*0W`B9LFMq_bfkVtJ^@7RmJ$0JNyjSuo{7-PIsoGx*s(oRw z=do#&VC83|uZid%Sb(rUrV-@{;HRt9@5emcYV=gpkQ?qWD;c6!LweexyYjFC0sZs8 zD2F)p2){t*P9KK+Y9VQlFF9{D8fdS|9qjA;17st9pu5O$vGk)b0SPR=53XkmXG15E zG>X6!nY$q@;^C81<@n5->4Q;-=OEj>8ps&O@LH^1MKvPWD{WZ5wHe|bivcP{zlRi$ zB0#O4-lTcx=F$Jh|B6oZ3xE0=9gBs}I}ZIaVIAVV(ug0R%xPxMPPEZ6wK+n6z!?Xr zJu)*#=7%s>`fvXw^MO#vibkV(Ywh&9FipX2Ek$9^f`ED?HP2QrJf}=Yhw1d12IeO) zy%`TszAwCsVsAMqFJHW73Ss!nqc4w#Of+?X(k_+9_vb(U)Bk~9Du16Ak3|6;0caK9 zF^$%Cfw*O*juHc6RiY9vfzR@RSnBO};g-#^SIk zGM3;lR1U{4t8X|v7}?DT2mK13dKS2UAx6J=isRQLnS|IQhmUa>l6VGU%|nu48uI%g z_Q?-y;)jPmixOZqa3<{kJ2s6YGW**@V5twOf0$3akauRZv^TGnUQ(ym_0^hznx;8P zli?W10l1T@8B+qBE|dQm#{%3vlgJt}0`y6<{2EsS0+jKyRURq<0j-mOAFcuGvo9bw s0s^{)vuGl^0Rf=1BP5=+0?2)n!`VX($bCs$4jHM*71IC!ACnW>JTcZ6vH$=8 diff --git a/Solutions/GDPR Compliance & Data Security/Package/mainTemplate.json b/Solutions/GDPR Compliance & Data Security/Package/mainTemplate.json index b0a952f2556..7682c6f483e 100644 --- a/Solutions/GDPR Compliance & Data Security/Package/mainTemplate.json +++ b/Solutions/GDPR Compliance & Data Security/Package/mainTemplate.json @@ -42,7 +42,7 @@ "_email": "[variables('email')]", "_solutionName": "GDPR Compliance & Data Security", "_solutionVersion": "3.0.0", - "solutionId": "azuresentinel.gdpr-compliance-and-data-security", + "solutionId": "azuresentinel.azure-sentinel-solution-gdpr-compliance-and-data-security", "_solutionId": "[variables('solutionId')]", "workbookVersion1": "1.0.0", "workbookContentId1": "GDPRComplianceAndDataSecurity", diff --git a/Solutions/GDPR Compliance & Data Security/SolutionMetadata.json b/Solutions/GDPR Compliance & Data Security/SolutionMetadata.json index b01eff370fa..079fc306606 100644 --- a/Solutions/GDPR Compliance & Data Security/SolutionMetadata.json +++ b/Solutions/GDPR Compliance & Data Security/SolutionMetadata.json @@ -1,6 +1,6 @@ { "publisherId": "azuresentinel", - "offerId": "gdpr-compliance-and-data-security", + "offerId": "azure-sentinel-solution-gdpr-compliance-and-data-security", "firstPublishDate": "2025-10-08", "providers": [ "Microsoft" From e66cbd95cb5d44855bbed7ad3415e466cf4c05bf Mon Sep 17 00:00:00 2001 From: v-shukore Date: Thu, 9 Oct 2025 17:15:56 +0530 Subject: [PATCH 8/8] Update ReleaseNotes.md --- Solutions/VMWareESXi/ReleaseNotes.md | 1 + 1 file changed, 1 insertion(+) diff --git a/Solutions/VMWareESXi/ReleaseNotes.md b/Solutions/VMWareESXi/ReleaseNotes.md index b937486e135..50c18b01cee 100644 --- a/Solutions/VMWareESXi/ReleaseNotes.md +++ b/Solutions/VMWareESXi/ReleaseNotes.md @@ -1,5 +1,6 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|------------------------------------------------------------------------| +| 3.0.4 | 09-10-2025 | Added new **Analytic Rule** (VMware ESXi - SSH Enable on ESXi Host) | | 3.0.3 | 02-12-2024 | Removed Deprecated **Data connectors** | | 3.0.2 | 01-08-2024 | Update **Parser** as part of Syslog migration | | | | Deprecating data connectors |

    )2`=~GuV5yuwefsmINK32|*8=9IIt(BHr&4KBO-w=?<{O%Z z`BoLHY9RA_s3JR^jEhXvTTWIsJR#TGC%PNxuYf860i3KMS0e2^8-s9{x&nq#s4%6L zr|X0ddO&mA$fFdutDEeGfc@Iqa8MNh74?iWqDWyFq=+F~Yzr+2RdowoXFig3Vwb}^ zZf^0sNBsM(#Lxoy2C0TxZq!xL6m;8nBW0D^xwn^;*(lSR%Q(>BzEj>ck0`IfaWqwz z54n>~%);ha{Bvw6F*RXap)u){Gta8owyRPaRy5pmt4t{+^2eT@=V$QVMJ<|9Y6@0Z zdsseCcKM;xDXOx32?RWpoXSjnPx-V)Tc7%u#7I=rZc|{L!I6X2&D|4T;cj7De$Qe% zc*Sr}^K{plYy3?pVV!FC8QTU`U)RDn7dXnqPw<=I@;c}%`=qVd!UgsYPfln6_hr!I zDQiV~ezDCK)aR+(^@l@pE!m>O`*qXHJJv3!5AoFrn*F8+#6J=sBJBf_!zE?tw`Mv$ zc~Y+Xa;TumYH(?W)9JjHU9_sEsCMmYcs_KStcGiJ0aL@a{g(;o!Ao254ZB%kCrv4= zux5IV1(&9zQACpDfO*oF$;nLFjpU&tC{uYFdsh)U0LTC>`exCu`Y2Sf!^V#;dy!Hi zW^JNc39TaATo)1+7gl79^9(C1f%T%?uZ_N4iT-Ea8nU&(;_3U^s^=H%C<3a z+-T(p$|Yp!uPxa|ceBVW!|g=F&r{w7yd~aDfm+{h4+=cp^3j-y6Gm-!j(5+x@b~}b z0y1~FD~leB$3@SEPtJ`*z7P)m!2RUdmY@kROAjG2nVxv~eehHGXWA;)(iNu2p(E+R z!*GZJRgf4<&m{y2zL3i~SaPT|6L>BYpU1ZD!_$L?cayl}bKKb<7UTGhSw8TS313ZS zX)a#Zy)tY4B+E+M1%YaG4dqshc_ee_W)r*N!S`_aX6s*P9i>?0P-B=;;}7t>7T6{b zmi~Z)dBXowhUisU1)Vh_IzB)Bj2A&6aK~|`(|2feUuORFrR(iIU6VcXwg9n#j!lY= zqvhqA2ht4QD(E33NgLFaS*FbkA8`zi%T2LT4kuPJ%gJ6=n*6{88dR+549S!8qUXH7Y9=_-S%a9DtZKW z>YmNS$=;haQ|mg?8hi6Z>OzMh!)5D{!=WD;5e+YGSfwIL_~w75-3nOMY-kGi)wU{V zW6Igt`2n}@TQ?Im<3?CRmxof6VLI2`Ey?}gu!OkjgoH?Gt~=!p4AO^ ze=-W2diT6XU5-q{NYQ0;k5#V9Rb18Tpa%!bx{YQ-Eg^;XO_t4Sm7-OTr-!9~973o%zi8LnOEV2x>C(Ntn7&#JOGFRA06^HF)tPXCmu50f|WXcyJ8{r_gv z{{4|H>c{MSaEfELNBBXlbkQASxe0t%ruWE*`5=R96nfbupu4B17{VAs0j7|UB|NqK zeHh@dq2y!3TcY+un(;Z0*^n3ldV)ERbN+$Au1N!_gA137r5TrZiFdFN9wEaQ2ilE< z=^VfJ35>0zGvA8(1K*}0Gun>jg)qvHO7%T|a}H=*wKO+}1J?mF!)9Srk^u235K#RW z!rf4AIpYlNvJjZq71(ch9MD!*Sev{{*uEgf$|RWf?JCYr`EpqJMXMqavwim;awCT4 z>^I9Fofuqb5vb@f_-QxW6(^8yTruikn z-&SO$K2^qd{_=v_$-v%)-||KbV#A|p@q=p_oOJ8XRoCaTLi(zn^VJp|F8Z%oogQMi zjF+?C|G{3)&*q5E7;ktT>#ubBaO~k58LJNedeVZT^09Q{L^lK;bYz?T1Pb#Tn|%7L zd1b4c5OXemUf?im@C}!Ui~)o1c<33kPwk0cNJB)Hp}`!(#6ed2))ACKp;$a6Av$fe zDZ0Y!IuZ;o#a2gD>Xs%3?x}NF9D$gX(ffugf?>Z?|lwdXf&ag9fjv$l_sJ} zZw-tiI?vzvoUMw_byhznuhy5)g7b1Q+mn%~mI`G;+8tdGzA8Vn?au|^=V$hkw&7C* z>^uyicJlNL8IW~Ia5+L23&R$~!EoYg^><1^L5;_`U&S=_k=jr*h8Yw{)~@n_jh9S8ZFf>#t15s)Dzv^gcpT*xBIh z#=GPsezE47{-|oao_!?O1<3*7ulH;0q6;o>U-MMon)Ig@`f#^YBM~N9XT6FizQkcvh%q^ zfX95?eAr*IjN#IcDv?#CdtyX0n(=zc;g&%?1Sxi*Q_JsR#s|HGSg_RMAYxibb3qxlc#7j0C{pgV6;0w+bP-Td>T*UNjbvqah#CJrvz2E7) zMS>l#b+8CX;(LqV{xpttV-$dl5>InU$zY0p=Jf5AX3R8pJmj9o$o;9^;Cappp-Jfh09qNrHd`)1H4hQaZlD{N`t7tlAJwy8uo?=YmQ zM8;!%+aeX9J{jQlD;C=;mm+WnBZFVKhOJ=~mc(w^uy0?|^tz+YeI(9mZtJQWc}jzs zW@6$)jLK0$wP#RZa?5t(G2chIQ*o%j?UFbjJvwC~_Ta|N8{9gy(}^Q*#Td+O8WlaL zKT*7tlZ?oljZG+>Yt6c=e|_$3`^1`eprnuCwevU0n|{0`XuA09^)2!^Cc;ack1yv$ zr{0hv-Z=~&i@}Vlj^d<<-&E;aY-%Z}>H-9N1tYyI@6LPBPiIRKFnnw{>Icj z$0#O!`63aRa>4VAc2HBwS&i<%Z&2NK&l7o>zd832k6u`R zLu@WbNiO{(Vl?I`POsuHoS%rq)p6%PuI&? zWEJWNbhi2?za8;i9Cf;DDHqAUA9U*bsc_*2^SN{91a6Aid^~lIw9bC$S&5A}zwU>X znAc$^1n<$z&2XKKJ(V-h?N~FJmwA^tEm))N;>+jh>e-nhx$L3-=^Y}5bBhAH{sNXo z{w#EXIB zq%m`eo1=pquN!o86V~OZWh{ShvHp=oV}8N{8xT&{;#K)Tm7H@OC3BCRb)PyvT^7#k*6<5y$=KVlcwF-k0!hG+A+e=YYi!!>cheuaiLrTh8_A z{CE_ZVmsk{Qr04-BNJQUWZ8C2*CxgB=w0<RGbpPPieH1Vc?Pw!T?4f=+(H1CPtLbbto zt{29}H+gu-j94$fvh1Y)Jy32>u6MlJKiN*=Au_0-@|M9bGBNdq@`GP7 z9dnP@8lP)QzRNtTsI2@(DwI*{%$>8Uo<^=Mc|ZABpOp?95zy<3W@l%cqEL;8azVH+n(o;Kw$=pPI`#0u)S zGkxD*o!ESl@q>X%F-7goq|Af&kK!c#+w1z3^V*GKMEwlP9@f?2MY@;O&NKVdtxB}K zrm;IUY-quS9u#iV;Mb=rURTIE*Fe$3A^f6`C-e0QIW60*&__B#ihPz^p>RFykoY@gNx{KOaB;lZ7>9v>!;-)~VKuo-*%`-wMFd~fg;FLE$z+;~%f z3;@;^xzsx;_wM`Kzu{r0GP;} z(FNuAR>|D^^7Z@?y|$4Y`tLjD>Mash>t)D1PwzS}Tf0uK@7^&|xy+%pL2VORWxbAb z?X)|(pFGt=&^E40@N7}={&ksb#YTA^i~O=aP11!2{8oKs&%SRS_HG$HEPRmp9Zf%y zG_JiUpX}qK)i`Ik7oLfaDKZR+PQ<(5r=twqQu6ZcTi(fKZwuWz0U&YWM&Y|PL( zJ+m-EoL%Xr@ZY8;%FNlZTx_v!Vrk-5e)>8HhbwT%s!Ql<#K?5;~_;{j~M;(N>CbGxa z-k7>vC_5|se2H*e(OYk+i~E8w_1=Z2nQ`0_(emmN_Y`u9;cA}L7baXuo(;e4)qR`J zzir`>eE$b8gWX5v-Q5KGQwv^umO;`x9%w zc;ZnO!$(u3GzrE#m8aBIbe=zmN{(gMW#lT96LH1=4W}WDkY)LHZtmC{JUZ0IVAZAG zO2bI4QK9##_3LXD_cRE!EbUIl)|)K8pXgQcKCQZldy>w}{8oVOgtq)h=l-;fwy~9# zkpnHKAaVU8rsBcXhq12F9mN6khBIZ+Xm)R^E7V!-D#7NZH#@sr9U?9L$hUGxSOpWp z*NZg;NyJ}dbDupZ*!8wi_0F{-iRpQ_<0B(j#U7lGWE!rWXdjj%h>hh{uHJYJsZPqG!HxM)8KQ#n@ZG7>gZM!vgYW_I6Zf_v0XbE+V( z!Uo-W&Q#(s-8>}t^=mQ%6T`E74_eYiwdlJPwq<0p=WH^X+I+z>-;a|!z`pk6T%tSg zsFQtiR5L?VQ9XGji(1C_T(IKu_|_m3|E?PROwlFrmsDdOW=P4U-=b=#DE9Tpb$p*J`xf2#2tsx&3}XD-(z z{TI|XZ&oNCt_7{mbE#jwlJx)x0SAWa=PcYhK5=ptmkN#txHkINwZ~Q7IV6<=l_D`Q zno`>-iKX#cy3Nf^07;$HseK zDlFQy&c&*aTphSbe@iZJ=`Q%0pAnU`;!ZKTsKQ+xGF17Z;=ta8h{vb&)<~?#`Cb&{ zC<}W0=0Mkf(Oiz@yj9X;vN4s{!0kH=~qk`h*foR*9b<%P|ur0}xg*?OJ7FHu{54%Pa5hhENE zuKxy==x!uLP)tGIio=(!m^9|>woPGgc?c~frYWH5vPQopj(%F8UHXPgZy@ZM zymwZe{M*#pbthELl0BKxrTv+9C*s})VZ+Ax*L&b}V6azUmaXOwxH`Jymuzon&b54A z5k0qej`s>#^W>w3i2J z&RH~*X$h{`ICY6p_)TG@TJvh1=LHeXf{S1t7`;1BdNrodEk>Me)UKxDl)BaF@LNHn z-{zLY48_j(eba+l&k*cJn-23_gS?LKP_iT&F`GUn`@!L4+Y^uJ^Qj!ducxa-Ct`g0 za1H02$F%(!J8q=j8Msk8ZvR!6a9dSu+=<4Skv#YTPw+_`+=a81A9>i%0$B8+H|EN# z=R;?!wi+M!H)mICn9RL^RC2-2`IhnRr>f80evgcl4=AXl#>}-l83N+-{o>vrhX?BZ zMjHN&sQbk{PqkVLv2%pc!JL#`UA+9dBOgBG|7d7?*XC#y6}V@hcJ<7eA*C_O(FyAN zzbK%%Hp6wd>^A*PJU&`GIv;VjZ}Yoip20wf$5PFVcQmWSE@P7)kU(H-Xgqra3D6DLmxG#YZ*m*kCHJ~-RkZJ0A8iqDP#oUx zj--7!6jCxLTTC^FZGX=!>A9;QVkO1T?xD)=oz=^Q{m>&U=J@H$(3v8aj(Gu%@Ar5@ z)ev88zR$IhQ1i&~l1|o<3g1XHu085mv^i^MeQ+vPqf<{}MoQo1Z*^_<7If1V-Hkb) zr0J}a1UhDBU!&q`yU_T1aR=I873?JZ@rB1(s-_3~j%dXUoGT0>`CL$Sn3nrBV;TE8 zLVbCJbomL51osG<3T?{&UM}3K6Ym(1J}yhrb%TLR7rCbQt(F%34akeIw(AKl%mIQ22hGhs!zQxX$WzYmm%yAZ;^FFU{ ziNnc&8&WuKDE@km^b~!&r(Mj^rtdR~{2+-iFU?gAL?W2$&sj?O9Cm?z_2|0I+HE$r69*4fJ4CkctWfh` z!r^etE}5q!gJ|kOsq8^$?3A~rCgEawR#w<6lWJE%^spj#;E7Bk1L#zx=jKXwX^W@l z7;ahx8?7n_{lv~89si|Kl zKZG`E?RRaZWH#|IF;T(QnNTi~V~z-}^Y5x@@`+oMop{lrye%#qafM$W*ZXWSg3Z7a znSqki(g}$SwKlhelPJ@djJX%KHJ9t3Ck%Y_1Lq?+p~YCk5uw~qbX@J-wMq1_gyhXC zV!hYUq0{aGd!C%K+O*4gzwkoKH6IRDu}J1HTHP`ze+E5Xo42Yu>OxsFK&c@4dak;m zBB`+r|8{;KlhQF=F)HvCt$JY6*s3{Dg7)+9xeKE_ZVKxjGtQ%Szmwe27K)D`hKPG8ZMpt-rUUevlX+ACW8&kz#D-E676FPWGojOxZ#IeUFPJKo@Mj}>@Dc%LI zRTA-#$lC8mVQzb;Y6}j+i|O)3S)z__H~P?%Utu=@20#cgIZ^K zG2O=yJzq+z`4GC=I=9OARCk8jvXRGx&228wX-8ng{i`Fb4){^3fO)~;a(nd$p3mrE zaXv+E-#?mCKTeY|X}i=cHsJZBmuDcBog&XOCBeieed^}!Q}&;)%>Nk5B#rYbw~{Tc zrAvsVdNQkNT&o}&UasM_{J5u(#k#;Uq_l*`!@tBF3@2Ah-7C8J z2cE#y=@hEf70#IHN`%Ld4LjQyZ&UKYG;6Z=n%y_WUr2Dv#CEA#4i=oCJML)uLecOc zef>M5N#gboZ?Kql59~V#7%F*5N2}nH0{^)phfz+20A{yyDz|R>EWGZK_%}axYRej|2%Zywn?j!8}k+u?)0O>=Y07&rCZ5z zb^gc-QErRqrpn#CdD&AhJWZ~^p91&cTNCm~u)Av^>jGxxPezCQ;XBREe-Z;%V&=a) z!;Zd0N@2s>&!rGBFJPERNvimQ&KJ#~TdebE)sa7f-58saM1B5qasU2Dx-u-lzyI@J ze+!Ti;r{D?|Nhti%_pNP(O!#~oeuw~!aS?RtB051I{1QJ6WEoQNP~Sub6b>|khMf( za^>9Ej&(upHOA!ovLn`$gz}|!r27_56$=>3e}1kso7f?D>7Sousz>zyhi^!JFzm_y{W*!%{qHZWzm;p@!wzW!_D0-WA*O;?K4Mt zu*fz3Z$IMH+{oIKcA@!ZBP)BQ#IAfh(wA3(uQTfKe|(!(*zy14C(id@$KwC;NN)ym zJpRYe|L>lBg)oPBrGB8a@7{?}HWKlz>bS7VKz zi|x4>ALM|QybyKy9N2{94sDue9UeK?_{lMFtF?5G9hMfXte#brOm1@!qZizr-&?>h zkMfvUi4Dy;HG_FO+0H7lZR#z+`h3WhdU(HjRoc?-J$u>L*6pOxi=@TsPu=vV4yV9hga4Hj^T$9CNon}A@7my+kdv=!Shh=yYtOf z?`hV+2-aVCfoFl=e7tLW+kE_pGccRt%@@xDS$KBNo1Hb($%Z0jbrIs>SoU)+c2w}h z7hWpqUflh$#ZR;g5(s1Xu0x%oS6mQ+`VT89CmS*z+N@2D-WYD!{MqgV=`%rreF09B z!0WuYctrf|%*E52ceFMZeRg3SDHj{j!OX=&LwrR*O=eDQRTVX4MNj7-HZXjw7>uHU z)QE+Z^)ZU|3TSu=S8}ki;jHS@?`YwVGWQux`>Ev0#XTSA9sK}J#zdpH4R#o8`pi86 zIdkos_;V#5Zze5-0$AD3gB(^d+5HmZbKuG`?9yUg9N_tYic2MZ% znXr(M*P=&jK~H35#m&uGwwA|(z}YW&M4mXo`Y|*#fXAZ$I#jD08mM3ry!&Gv*AEpH zU#vSO>W^3HtG4};Uapcq&SyB5bF=@MS8)wF@0u@qommB5;{wOq9k8SFU$u*gYFvU) zF5sDx_b)V-Ce&ufc%*!=tFR$^U~wo#@HIT*WbDAlvmLH}IB}nI`E75F9cX(B_;vHr zo6-F4%{Z#Zn)+pG%GJ;d%#m8obG5|rWBlePVcIDH=D#0fpM=NBlGJZ4c!4!%QCPxEZgX z!Xzb;?#j<$XC(Zuy@L05!2VsBlzz%7kotCizV)$(&~6VC(H@y7L`lPNPa3MKO1P*N zaI9)M@=L?`Z@7vIRyH;$>V|Em_9@;a5!ty243XaEio|??c%dD=6lRL-?u6<{4S?!l ztiDbaX?eLlQQ&3t$jIAQ8r;(>d7>mt=Ty|i#Wt!h2R|qdw3(~SPkwd+2xIIVzHnhv z!`6#9aaoGd0ffh_oAtP5E9?e0_hscY36#z}gb^A=Hl%&kRdNxo(DX2^aFEj7sNfzN ze{xc=p`pQ`>zg=!I_6vQJHLswm(#Mg>04Co*7Ub;pBCM3=)g6LUHS42_wFT(J)1cm zhqAyuKE7MG^F=3)-&ljT+(4p@^pBmjGp)`U zm+bX0-$}k4QYRdk(7yTOeo@b$)Yj!rT(3>D)7l;{K*%;1MErLiY(yM4KM{1Vy4)(1 zkUcbGZvzpF%lQ^D!x`_21>t1Z$%x8?PT9*YY3iWtpjeW2jzoAPG3O~#RDr^XKMmj2yBeNQjlW`j z=RI~Nq|Oeq=$;d!WI60&va;tTU?@Wx1H%^I`JaV11(~Q|ulPXdjGZVMuinspS*<6u zGx6B#c(A%>L8XRbB!od`dJpcJ!Cbp;-th7hI|jm|hD<6!VSwaUR;j2qj__#w$_;&kH>#>(=LdW2<{ph@|~SE1`(8> zz>+(^EA`~b1ABXJEp2U_>cX}2Jh; z)-X@|3}ubC$HlF8H8ispBmAA8z;kRLGv4}N5e%=qyhv)b5!Ni$y z&U21q-?#n0Z3ifIh~fcDw0sNX_o^6ZQzWQ={wXzVhiX83Rg%f*ZM~hz^;vF@aOqsm zq&GP{pFY{JCQ%t0S__k~j9S;>2W2P7#mAhbD4*A8ag1vg)UI?v-sX4-N(~G;Uoe{Q zyub5%A9`RMC*;nYA&iWUcI=ax4cXjnP7&)l5ZBzR+@*hHYm2B(W7o|{t_xG5%KlbO z(Q{y9^zEAqy)ALI_wz!mZwqCL*CI=|&6Ww<$T;D>iB*>Cu;NA0W)QBhw%kc6U8C&t z7W@+X(iqvXnRY1dpIwl6DT)hnK_vNLC9O&Y`S<|gCU&!e{HNaIK>{b7rgLoJsh|B! z`n6zZziznAk9s0r>7PFF^oVQbQEt+8&n4Hp)poLslz5I_*`sG)e!2$RU9b1H|zMPB!#i7PRNs0=TS!pD+8r%yex%pT@zq0Ji(>gT^$WxhW8 zCHAt-2QOr7V=G27@zv?L-pIns||{yL~kD`*r^l~nt)fV8IS z?aTQ%ZLtiu5=VwG%^m#`bl*v5hKkW^dktU1H^;7w_&949m~GoGF0+7ypGzz*t8nxU z2IFF1NW1z*`11y9)fyhRKMav4v0(eA9FaTnv%==QE&u`#TZ1UGhI^$;h9N`g7C~-v zitqf`+wx1gdKNoc6+`nfNi*6deZUs1Jh_RBdpn(TBsE_dKCJk_9&~!BtE%E{`**)f zi@nZZy!_!f&H_e*J3D6avXrN%=qajGeDcRC4Ti9X#cJBxbfv8f?*h`(eJC?Pretxk zK{vpDPDM%mw>C-3YAwrbRUt_gr#MJgnV{ao<>>73m#8SxNkJU9Y`+gj`=Vc$g z;x6)3**q@v`DZuxh)2=Mm6QoXTC%)3Y}&sk$hh@%_FL$e-bcInT#*Koce>E{lB2 z=8K+d4Cyz`T?*^eli&B z%;xa%alnukEAM6!VIHne=k&?jALznoE$Df9m(;^S==2{j8mW*pU;0vP8EEw& zaM8N^-si}QipU9-&O!p0;IiD#pgHWSr5WF~v7bnYj@Q0-@~f*`8U-_;2Hn1U_g1ft z&BW1xRU>)L9Itj`6s#Xc6Nd-!*Nokowkn|lR8es_cWx!GqT+$ee(O=?_ZF+pq9ikE z5wlw1g^MI3&(QE+_*|9YDKAs<#jEg8R*Y+p*wWH6Qba(&;($u!$yqMl3>F~#q7O*d=xjmFR2ak`*Qk2O?E zIyci!T2GG2aR2bgNDuCFT<`2PpVx7wgfj3hQ=Ex=8h_X_Eo@l&n1FzhlGJ-5Jh_Mx zt%%x-44(aV`yCW(q)?Y3S}HtsD$FgR!lI5#tVg5hC>g({f68{L^T8Fm+IcSe&0J$Z z@vn;4-VOVvn5~S36SLQM9Ue5^q(yE601PORsh4ur+>ePLTS_(t0j-z2=lmX^hZpQg zlAZ&Gf!to(SWy^R_*e~IdCjR6bj3R`f{Xi_MY|`mgfeS}fm*IIy__>AiY@h#z~_SU z9Y!EwuQak|t1<{kpVlsY{Xs(FG3BX8m{_$`U^|p!`))4MvS43%$kymo;5!)F*=hqR z;1p5X$zmK9e^B)d?lH{a>n8`eW6{3^;k7u@LL(rlWYb&8uHp=0MyvoV87HXX(%~NL zEUV;y9X{>Z0n(Xd6U!^*I zyq2BF+Xj#m5fN`cj3-KoP)xp(7lrea`l0Q({d)Da zHQrP_DKdqr$+J51HUqv77^iA8y%hw{3% zIWHz$pwojZSVk(16{IU&70p1adROxZl8v}kxD_^h`9eWq*aKA&tPmK!KhxsY=`2~y z*3|*^)ZOV17GfwG80X5xobow05`Jl7IzYHp=`hobbnxpgDO_GB2^}K2k~Kfw_vg;B zor>1IQ!<>cvWF@xD*lj@!fT~_HsDR>wCBDS2?RTg?B zaaY*B+d{>%fGO7~npsb{jyA>KM6I~hp~msp zq=`}IBYYfl@ypUsG@?3jCDw9V(B~ZOHf*JZqJNZ(P1*5hSk1l~9c!Q&ZMtj5Sot#^3eie36%8p!%(>2QeS$kdIkDlO-> z0OyZal~&OHart+{!uQLdct6f|%(cAYU2`iG`EX1H(k_~rT@3g5_3Sl!0PaCW0SO9) z>ToaMdUteCxQzEofF|{=Z`G=Lkl-fZb9|zrjD%z!7w0EotwpqWq$}zREeiujm@!a4 zWru$?o*$->=bIwFiVYYqC@vi(tykr{`D{7@G*P&|orn%5Z^68Y*q(z9 zdy$8f!5pXUwo(3A1GJ5}lIP869nc(Fk<#XGfplw{IDz1H+@AFsit|8nVA8+;ph&MC zJ2=jrd}#<}*l%-m;gymeJ^%P03a>vDe}zzy&y}pwJ-!YWA?Ynf&iONk=wC_VWbW9f zRV26$!Mrr&1WA`Pw7IdHGo#%T1bowVa2FBp>Bn>m45&{&?+&?iAta0+@67&&7L1O^ z2B9qm;?7K>BpH4gB3L>7NQ*hnl4E7j+%BO?(&1*s1VAG`*G0TD<|i!^na0sF?mblo zDlXrwsqZ4}-T*v2$7g+MAwrx(9P){s@90O@4!%fLWf(TvB=+IAuM7*;T4m}60w|)Y zll)$7qSEkA@0@1!fwp0gHnQ}6oO`DxK`^|76%|~YG5D~Nf2(o`aK5xL$1SQA^~Iin z=>+kkyDqPXKLWn>rm`5ovsd4uJFd*vJSV?{pxKUD)w-S5x$ z=KZcA;&W@ossm%z{5B6+qVM0oKWX3k5C)@9Hs6{Z;$!qv??b}Wj^AN z?n$U>TtpU)=;&hxImymPd>%VnSMT{J!r&XZe;=Cas+xv%zAH12ozp)I5ciLtHJ874 z?^*lz=8&s(79(;aOsus@U*E$=$R5xNv>Sv%RR49=Ng?E=*qr)ZjkGZDKoRuF$pk#EK&gysz5{0%0SI#fJ zcN%BKxf)_4X$K~|c`p|cswh%xLm0?2JiCvNMjqB@yymXp?|;U?B>H--j!w`6FuJ&# zfj>HBSf6w)(AhqN+g#{D&h~jgY&}?{tgr7x2`Cuk^^OxJ^qL(kh>O~vui+3YUTTZJ zG=n4Ec7YZC-pO>nK*BtIIe+=4^1b7di=&Oq@@KDJ`($?JBOC(ugEXm^o(S|VU2baq zy#p(BX>EwW+4=X=$UE5I-#^QZZ4RJ7Qo)?&McfuNHKiJY6E8%x`$H-hVVzJU^x31{ z_O-T}w^0gPgv=g9`o$V985!YtcF($JUbLuaUl>2v6MpsTcx%Zi*Q?=@Zvt=%^YWti zxZXd|$W9XX7CYyzrKguvbm+D9#SYae3QaK-=4fHHcBepZ(dI*Y3cIA7xd4#B?7i7o zw?ALH6cJR=ci2mUGeAJg6`Zs7z;pfN_+FbbB5T=iGW#(fERzO3pUdP%lxBfa=7U+e znvFr7fe$!7aLUXX@!j5t{tpv6>P$_6QhF1xjUqd+-K_W8&`__HVb(VuN7+xjQ#7WM zmSP$gL`pJXCmGfWB;K2dl&X7FeiS4@lA&OutuA72*h9(U=Pzv-M3g*#+uZeK-?Q0< z%eS>kq@1naa9xhmnv|CFg5L68;BD2;N9WbAw*Dh_l@G))F5B1f8 zHYRgNS51QdSo6Y@pis9FL$p2cW1>&X^(t-OEk>fp`h)Vh!ph3K2JLvb8JLpcUnmcJE1t+SwIc6v`9+zmj_wrh~i(P1uFF|R| z=?*%V(Ni{ev(jiEugaa~?OSOZtO`wwXvigg8QSl_XSCsNhRQy`ykaC|d2NLPZ4fH8 zYE#8f=Tx~+M(WK*UwHMi39l*FUCutI`(zkH^XjJO9Hn4D_xs=><{o_6Dvg{qKd3>4 zFQTgb5YtYVcQ z@maY34~~~~?;EmSz$+*PM%Qo2yXIDmD#zDS-6f@W(Xi~`5sDFu%rj{9{SjBjyh}xX z@&z1@dFK+oN=%e8d*C14%xOF8X;H9G0YoY+bb+w5$ZsV?Ws#mEN0ChbZ={Em>7B!_ziE+?L@!9lZ(nP#6OjtP0e}*iWta~YMF}^cSPUviV+*U zqv%}@)%WE}3bzsdY>5Uyk>e0}^{VoC5j#WkNHIm1oypFsDeUl<{C-YPr{(2=VRx#(dv>GxEjbME27_S7N zE1a2S2)!~k{j??gxu*USVX?w3(z`(g&UT zQ6A+YwpNM&%b9?Vm~S6#~D~iB~`D@65v1J)mjoDP;L)| zW>&JkKQASt`01(|X}$sV4l<|(LVa-3mhab0*H1C4*FgV-bSyB6;lwY%r^;jdqVSih zjh>c{yvWxwuis-rMAgcZH&UP$)uZMmmDa^3J2N?dS#zfBb4nYJrg90UcwY*pgBI2me4~R$Hrszr%p^r?JI&LJCqib!RDe9q@E|iTOEM-o7oR$_J z0~!6pqm`j)ILwcdnwq`5IJf}=9=ym8mkM~Vu-{^kX9JzH1z-c3=-Bs%twgo3w|R&$ z>+g9m>*sCDcXV5Mj}oVJn_td&^`tj_#;5j&XChQ9fL#OrN?>saaX&f}&A3{YGKOzs zU*$eHZm084ZrF1UwEuS>zh35T3J_VZ<*!K$8Y%8Po_7L>5@p@GYZfN%JctRz;OxG9 zw%lax8YZW}y7n@)fM-f9YJtE4P>^jXYT-nTmjZaCq+yOV_ZPFT+pdflFDKWp>}d0B zCM%dg5zzGGN6Gba88@Pyu9ZhxT20qzgq-&tp?`jr5++;_cMS6d)^$g~3x!K8nql@oVl|)ghruS?0p<`wJ7wAOMe=*`+BGpd0+!xpXE$w z)X%;cO465Bgk>g2_7S@WNOm%#(=wWz3nOP1wFeO z()>>!X`a8DyGJ1vM?fqQ0^R-NZEFlgs5aK#$FiR8!~nrF<(Uk_`C#PsRW=>WQj?vb zEPu?y>2yEwfT{IuHsGR$zYy?Phct8*HYTQP&d7|kSTZ3%veyh|d4@_Uek0;H5#hp~ zB=N-49PdKq_TJE#<%EHxO&2R?h6n0J13f15A$!eyd`UN-!Z>Y3eOWewMg)NE{Fb4H z&~_}SQR6#1_W*v|#@m_8eLnWACr<-b zNO{lhw2i3qm?lgn`uNIZLv8uqrO9p$C5fHkQDEaU%@^^!>m?@=YRW@P>+&6pQwW&7uyJng!}vT2j)~N6p(Nrf|lrk`O|GB zrMMaVs93#3(y~-TeE2t+X%T;zjUx7pv{M7$ZdUGwCS4U-sND;E-$$kvYrou>(2%E|8<)_d3yz7OXY%Yj^&$|Bh~d`C^Ny_RCS{ygaS-vt zHeMbeezR6*z;GF=YFbNq zQBkrY;vbW7fZDp;IS*5N739k!a^ywSI{t;!$i#6QaT&wPFiFyjM zTWp{7UZefwJ=!Oy6cPRzJK_`TrcgjMKzZWDT0G6F$|8|koSOGCjL8nn3vU5w8qluy zQm$YkNB{HF-M?Bj;G1S|@TexMhK*F@R4XH&!IBt7%M|b1KM2tqa9Zz+zrAT_k6UlTJxFWVnKWSf zRQReBe{Y;K!l)<4{>`W>!xZhW5iH?(|B_WsVfcg&7B|MSbR{jzDk@gl=BPxSSvdHd zIPJKy6*FSptGTr*jBzS-nedd0qhW#XcAWV+1ykP3L*f7sE{rycTTsOAj_I8*p=h>+ zhtA0nG<@Yy0QKHYrU+X;7L|*o21_0;5_&Kw3gylzuBbQ-ECaF}0JgCID`MAt*Ya)u zL7-$xb3i(4OK-IBty)D6WE?wGY*3tUkg=QA@wMJv;O^b=HXw}c4ck+syf$OJo<>Kz zl)A@N;uKd=yK!Te-nQ}C*#Cm=zu(rnwkVtHG6KZjj$bF~TGGDINOJO!qmjXnxrhAi0 z%;%80jVoid`CNTLO=O@{Jxk|mw*SVHn}|{cTX6IDU&l#8a=BjA2)P|Tv%-B0en+7TmOVI!%V0;fW6i@uJ!rkx}sEy-8S zH~+zBU`)-DZk z$szF3;FE}@cc76XfVO{!$;!ajo!bU((nGXIpC=A|#4?zFUpk#Hn;vhRzk3W1Q%uiZ zW&Q}4w7sqP<8)+O4LC$Z;GH933VZs#*QrRE* zEg-_Ze>p2~HWEG6?bHh|jh?r>P|twxlgSzGN`()u-pJEA49vuIf@Tl**J&^un7nN( zDH(AisjeI0|6-+_wZuTlo$)=(S(+}X{Sz+(zelN>#?=!qk|htQhmKvBp3D+F`e3s= zFF1PB@eCk8qO+ z=XQJD53&%zKCNio5!2q1vj|N6mC-n@8ApYwo|1s~2e3%`=4;@M^shDDF4likg9r53=w6Zm9MpSqQA!^0blkq<~bJ&dHd z8xHmtebQpuw%Q!AZj+5$Jhd+TqhcftzwMbr_oBCMV2@zoa;<22m%moA$GWM()s7&@ zTUS6C@Ao`H#O(P;+eTIrj3ZzuBAdTs6(?_hp?vT`O&9%A!0Z>r}rvl0Ia8V z+wVexLTWeF`=C8Qha_tL1PAps_=JMDZ>5FPGYjgeD?$~S=(>*~1f4pk@PIJ-gN@}=&1QxQBx0*k`S@>D~arhA3k$!-~!2QOe{_BMTC09kWQ zJ-EykA((&OE0_R+c`##X0$wcdXnYP~Ws!f3foOnVj@@j&vJVTOK{$V zjHhS4Z9{C|T&t>*UT127*ozR0R60yu0f8lE!4Ll>v^p3CKm0t(sA~w8dri5pT!vTq zGba&e^yus*80YyM**sxIm#%D$is{WUSf7ViS)`ReIlNlIopG{vD@o;6@NKlp?n;&Q zuwTT{jPYg)r6(b@06p$MS_CUSg;L*|`$X#{2HEP5m^&hl&Ju`Ez<3mb3NR@rz8kgQ zxU0ZzB<20(GY4=q+;Q?`YIlCN@>IY!meutS9(H$}hyG%lHBD?+zvu`qyeb%JJ8JJg z5dhy-E5f5yb5dex`oCp#yjq@OU?9tQ*cfC>fON8OVvz8K+oXp$l|@W%2yh^#+9;B) z*X2#+;dvv%O44tf0bv9HICr#0c&)RIxy=`1O>mmv)Sx`#``6z|+`yLnQ9Y@b?Zykb zSn&{kD6aE@Dh(CVB*K@<3?(B6cse@5(R!upK`+ro zzma21iQqcB$~OE!Nf~%}{vU4*dihbX{~)HDH(H3NtI_6d_UZLAI3{;C4&EPh@YtSHlyGoP=k{9OO~AkrG<`as${_y* zCq3Uv75CmketvAoKN#mr(cM4(g)SC&dK&?w(Ux!j@eKe$D{!Av2J!iB?akj82DvtI zD{v@d?h8&;gt_*(_`5zp{@Z$L=Tko5AJ0Rz1wtysUtduk|B0%D__`mC$pF=;j^>9IF{@r1XnWCD;z-7eKi0V}YGX+XL+u^fT2#9M44h@{M+(`5R zq6pw1HpodC5z55ZX-J2-Sza~ zlmCaHpjgryf|r@~dv>On3F`E4>BPC9+h!T5 z^V#{;F0jNMXhGO? zX(y_h%XkC8@gcPI(*7j5+~1x^Yyo#WRt$9ps%ZP!9u}zA^UH&R8Xg0d45tf)L$R_0 z=@M_a1E7~in}S506Y|@wK^bKLgf4;T+s`}{EkJ&M^;OW5LA)*(xn&kd#ow3SFz#88 zXv__v=tWV8k9)Qp-*UR4x5Hrl7>$6~@E#M<^_cT@|8!!3>jC8{tGFe7Fm$q?m2}D) ze4_DNS?x8BbYX|+_DOa*!#;ZHWHk3#A*Pv21y>D zWYA_^4|QO9lq=jgGMRvey$DXIi5xvCqZ0_{$KZNqfbkJ+LlYw-kMTxL9A9*kiqXMn zWH?#|Py5GE-K7m3%v}mm5gI59c9w{`A@K0r;Y3B~zap@u5;rnJ8aAgiw6!hW(un!V z5!BlO!UTLa==FSRPh~jLV<>d5PQCv;dr@vog6=aLD|+}Qs6ue)$ul^4^i5Wl5pb|I z=AURV%t!wnGmXhCmX{Vd1#>PqMK=u&XP+G`r1x5Vk@Dw#kCK5K5xF1XwsahE>78@` zKf_F?b)CEd+bLek6J{W`5XKAHEBfnr@e4__fAAtyp_TGQVD?{jzP{?MRh=CEymfic z?PYm=f2bg1ePd8cO+OFCFWGa)o+35xtVNe;W?c5e9(0 z_X5mYPVW3}%GIfhWT7z7Er$6hj7(_>bWNd$++-dLCqG=r1>Wr;L>i%ab0^e>Qb4H0 zncSgHj+?JoRba%Sqoa#Da%#}E1riUs#XHpsNVbDL1nD?3?rko&zYzE2O^2Na#LS6_?@aAfm9WKYR(=xA7K ztfU@*uXBHP!%LTkpTgt(5KkhH>ufvxrr0wwax$em5RUXZ&(0pWfBwRS=9#r`@L$E| zIfWi82l5IpD_3%s^_(CKqTXeVbT|*x)aJN%zm4lYy{}uRQhgX5eNVIO$(^2a)#35Ns4KkJuOnAP)GRb(^4?piBS1KJ-@ z?N%*J45JAPA@7^#e8Pe{@{&K$){J}!0v#I5c`}V7#lKcgqzCRZzziRlKQmEE@0zkvHTswEP)>6vG70ORSQ1lyO6vhOmBx27DW7^m2e?k5dQ!~KIen<333 zXlg19Yuz-_KI_{}2Xhoy@tGk^ECK zSM~`&GM{!2`9b(oI!rI%xEM*j1hMTtLLjDTfL1arIV=-3y)>>#0u|UEy_Bdbp$};I zS&|;=hysF4^=w9+hmZClEeaW&A(h(-WW@<5eH8H5DKiPyH2|I)kZWRi#ydq-5{S2@ z=5Gi)FOb>m_K@5moQ#Zfh}Jj*aSV-KzXZJx{e4|`+^~?Pu0WB98lmS8i{oONSLHAATj_#ecnclIn(7{1axRBKllJ_1BKi|Oap)0zY;by-pQT*|Kvd>d!YxQgg^#cA)Fw3URp?QNVlA3 z6kHSMu>Y0shL(Kfw>-n;1n5x+3Bsb#VK(=3CrNHQf!u?TccSHlYiE#;?3Joh=j&nVnn@(aiSR{G( z?p+D#Lzi68h7s>C@`)D+dk0719Lv&Eg5FPX`gg3rqnF~8l=uRFbnXWa_SFOq07tVI zPP*B63e`hzSLX{0!9E-~PKX1Stqu~!w=v6Jgb~^EqJrQ$WyPKh9Y4MNCx`)oiH&y2 zq26$W*o)9{HfBUi3o2tzJz77rN@`!~0XY*(qz)UO9Z~Kh0v!nYU6&hvj@H5Y73XbP zy8)4a&m=VC3XJ1Qo-Z2yV!ySH?~bj#w4DeYk7tft6TwtXE|Z+v_yJuS(BueI4vhd} z4ExG(Kw5q>r(#-VOU1gyT5LZ_b>u)@MD|lSv`OSH(WT6u3C`?*teVFLh zq6kSDMZ69B7%D%3^1tBUCJ7X+zxox+9|c_Rue!XrnjRLsNPAFKVR~1mj2V={%tUhk z%{Q^4W2^6u+)t=S_-*S2Pn7j;KC~aZmDFCb(E}!0P`!RLC=yJSj8=^qv3h#4qU}K& zkGhqbM}pBdC_NrQW~~pF=~bqZHgQJoSO3Csvy zvsLu3MWrTp0@mADz5Q#+$2m8)P!wSXpr=zP&j>aw&u9;SMsgp|2l=GK@+SkX=g#i* zdi|>aFghOop}=o9aA~a-TAB6|=sn|wRTWlFy-78&a7>bm5eI5_*$15~uHXAOT>)zg zVl+3pte)X_9Dpw*&|bqc2Y`R*W6*;2u2ggcF|g1S>6Lx z^w_58%Rck2*~3N`10ii~j|tcGm}Pp1v}p`yeqYQ%{&c_2W1q)E%%DT!hCw|cV243- zab!3_cNm^S`WHZ+nu;NgWKA(}&swsuKfd8O0s>C& zlXYWY!+SiiB}*dO+T67rEC`0{ZAz3HLScb%SsVux3`DOBLU)T$<2TH z(ewx6K}UL$u6*#5qMQUC0hb z?Q}5`?k64KIqJvSebIpRP{rX+(44q#5#HHyqNd5Poq$F=aw4Y^@&tqz_1N1PU8$?4 zL2PgNTO^jS$^u93@OC&~C!4Z2iu)tp9E@GiX5b1Cr75x2QW zWP{OyMF7(p7$uYjH;7(s@EwMeFcd;R5`|YF`kp&5^oG&q=vib30JU<1&|d!i_gS;@ zPE*)n2t+GohLWX+WkdsX#(|VMuK@8X)!v+)S&WJ*XY%St{7gRK7(QX@bH4SQOgrk~ zah$2cIWL6$c76TrNDo&6GDD`F^Y$Af)R$?Wj2{h^2*WHaIA$U;W-UrZN38xkKCp7K z5|L?Dq!tk}Icr2DyuHE3lvfh(LWg)N`zHISkD!@<@<_T!k>x1W5OLx&&Pyu>cq5}9 zJiV6P5aAgnGvq`TevK`=3q>)oX?XQKey!auJ42fB-Sol4t&+{$vin_zjVvm%8}SJP zu9vzVmOGfu*ePd@i8LLJ-e11jAi5p?FpDv2LvFA3S!4OpX!rQ@uN0{x1>(q+f$cP^ z>dkNWP4))UM*Kti;5X+rP62q`@1>VNPo=tdfhE9BL7sRIL9?|@&Z_#yzYnJ;PUO<2 zUda5|QA4j^Ozpn45HqjhpZGVHy$gkSw4D|Gc*$&G)uB|S0pH6XqtT>zmxQ4q@v02g*JpE9s161%YvLdv)2ss9jEkPo6#` zybAyLiwhUeANO?Ccjv^fy!R(VgIHuX(hosFw6(RBzt=u3=JbMJ-6A_UfdjS4wCfGX z5k-8UF!2<+m&k?u7Ks%tCcxHs z{i>M8AK0-tV#@BlVMX)oK{nz07ce?UZOsFe9rRpYdX>#?_G8vK2eJxzq|%X$(;>k* z^xr+9)$921VGv)ht+mx~yv`L0!~%N%(b+7D!-oZoqJ445S?(_}qd8#NXO-D6orS>3 z!=InA)~wG<0s;t-$-vi=hv+#x0uqU8Tg)HD!sJ|k;?y_Go4cj9g0bby)u`moG?QJ@ zL6jmN%x7#T*2brN&Yda`6~x4F-qz5jL#jSt{|WXPm%(HC{mYR1bOn>>_Z}``MKTsQ z=v9xCEUH%@#37r?;e_Q`T$;LT#bkwe-jmXhI#nC^0gw*~r-|k={cpwe03nxTD@q_G zp+hh_{LF^U5fJUDJvL!qX(6y6Ov034dKGB5nyEF`yL0P9W~qLSV)Nv7v7=~Uorwv@ zNr(pf&|e%Wv#V}$%}X7pjj#MKBy?wM55H&~Dr7U&rZIi#-7xn{bm_AMp)?pVX}qcr zawNmqm!jD1Vjj8|G8e~G#)!XX1Ez3dST-W|OnI7QgPvE|OcrI^ z)207-50I#g?sQr86up z{)7UyZCR+pn|O)<#ZuS{hq*CCs1lwRas|&cn5>ygxY%G7dNwpa5EiedTykt~&W5%k zl!mbrkVz?+?JivJhN1h|+qWgdBjV>dXsv8)WaQfR z-Ix(Wo2m^yTBaRl9xdw^(z^PAQGJ-IE2sOlR-eEyq#J~-AE=JCaU)s@TPIJF_dmNA zay=<8^b>2|vikmrwyEgg$+%7dnC>q^pAnm!%$?EqdHnb+$;f))UjV}V`&s@@wEF$B zJ7g`F-%mQf)n#m8xvyIMDnZ=4!Iq{6K|P;*N0b9Fi=R8P<2&4idhs8L#N5=+X&S{& zN%`>e^M7=hYtzA(?E@RlT-Eg2&I;t~yx3EzK~sR-5!d;44Fg_d{UX9c`n9#0ZZ-32 zouzx=}Xfz;CpfCYP0V3LgUWE3kfCdBF+$TUaqdF5WkE#ZExQO9&ggSxW@m;p5 zjZ{kBhP5*%;xz?vh4=f|{Lz6hqIRy$Tuoi7aCLrg(f}+}z$pL1PHawPK5v9>V^>QE zftF#9{*1~2Hqj6+x~k2yn?thg*|>M#-$gLZ=A$XM!psH|)*=UWX<=o>#2ef+l<{7c zdu6FthjOG1J!@!Df5p3QLCWy6tLeU$YHDie+uOOS*?A#OCvCK~eyP8UZj*PCd~7N0 z`uOqVCVY*3gL{c|+!_7(W)&^QKYwzNkgOQkXWudT%!sm*7Wczkb!&T^Pt$=Y>2qL|NEbTzy$lh zpu;|u{|!3aG!QGhuF%Cp>Nc+crj!6*M@E(ao(B`}sE41>?MqSdGmM8Knb>&uKGpmz zXaoP{^oqaHC4P=pdz+C6n!y#bvx+~DN3rDo2_cSQ3}Wq*wsw@2@ab{6Jhu9rtQky> zP2h)tFuW5)hbJ_0LTSyA)B-Sk3~{mh@ukt~Z~0x6ia!^iGGMm<{3)dFpF|-++6GF^ zWvO5HwMaxxoh}gGyThVrV?Y4bpMV)vXbd5LjW~`T+XEe3|1hO-rRS?_9OmxcQbQs9 zeTv<{E>9HRHSr3CBsZ1trthc>PzA3k@Tc8t#r2NV0KMwT7RKcVUw(J`fPzt@`&>2L zS7;j~jX=<4sen6}fX`P`F`EiWy2k96iQ4!oW9_4ig6=Ku`irVY97oltvRq?n=F!X- zMIga8yOCp|ZT3m5otS0)-9lZ(^T!jwIU;lq4ANKRI=&EuKsh_|P+8_^2E1(wfzks6 z{lQ+_kW#G2V^m^%8PPP0j6u3D3o9+YQP$d%LQeh`Pl>dXXeS|2jDd@bEB4qxYrW3? zQxBxuv3k2a=FqBSL2OYs)=y-?D|b=BO_sp34avgFY3H-DcBlP-I7Z`l8jNQ;;~w4m zHQ)~0y|0+DS15;=odo})y=%S;;mdXyczhf8#@pZP0m+tcf=J1#o)EL&JhoCS;x%<2 zRf@yPW5Ae>M&e!%?+XO4=fmp zOrSLe+Js{|SX}^pi(l(eON})wxx1SZ^DKw+x`Qm}*P4{&y++gaIqDzJ(!5hUDqSfWQ zgAM=tNyfbFL7}Fb&EHK4(}~ufhbvv**L%uwh5K5nf(oSDQzdBepZsG?ts4v;4qx5f zr%nD}lEkmIu{@#wP7*V?4Hw+Y5A9+zn=#bv$THe=rOyZGD!vj!wfOvXc|?;eak(omhr^@qCU!nluQiI(hp4Dva!ebTWh z7UE^NX$`GX!Zz#QE?K8e#6||8E|S+%lf)hqC}yh)SVq6nWb40u;8{z~O=P+hcC@AB zn9z_wJY5HvF|_^`J$pEX5MPudUZ-WIp!o0D;TO}6C85cplEY1ytm#!tRD!TYLzbVA z^nx_5^UOK{Ydj1p?ceIIF8VA-832`0JinX~id>qDW5Q|U1cwhCU zU7MY{W`ha^5}kY?e|I4wKAr}{$06N%v_99@YqY{2=(d*GaE@gpcadukI@xK|y?Q1Xg&^+No>a*IUrRVi@xAy#pZHuB zLT9L0$Vy$vYjL&QpcOG7s~kY$kez4CpSmA?=AkFuPpE^O4%>MivS>KifjGKHbB6_q zKz6Dgp5{;NR)ZKCre}b33q74YbJXJur0{$IK}gEJJccJuy__hXa&!*7^k1h=k(ReS zlOh?&_?J9nTRMA+=e?zB^Q{VyYJYG74DIpuDqW5K|OR? z>nW8dHv$FdnOszuO1=JK{Wd&I`eT7vP9JJga8J(fOacn$^p4xA&!3*&!7< zPUt*jLn9?D6FGEABZ?)Qmtb0o87a34xQUB&V-vd4Kff-2j43f zZ3p6n-JzrGAxOL#*aHEOWnuY?75PZ11W?qsV97?9q$Qs!6R=vuBzhVw^rp#!`pJF#d3CP1^Y79am~G>AO% zaU;+ziwx&C@$NMRVO+RAB+i}xT{5!&|CEfJ)*c*63MQ-t$mX^)J+^ zdU_z_F!dCDMJjGztEjRiF60rbeEGR!Ei&&v{|>5{u_H9`I5R=rnLF<*e!KHh29KXL zGr>eH01V&fFMhDf{S#PflckJGb~b1|%$tUx5eouvZc!UOvHx`dmgs@PYycf_QRk7) ztJBC*on6{w0gayreo+Sp>OVOe^!COk&u9$xDkmDV==(6=f6dx{oosw!WoK<`zfQHo=*! zVKp^YNl5CWv`N_3EH~(cQZPK?4N@R52uq59A+eL>nTh>Ha^!YLpx=rMHjGY47Bb2zHe>my1>eRvUwKfH+Q3Qccm@njiJ-ArjX1_~sxw*C!bUkf=)LZzDd29rqF=4(!Q*8b|% zR?-KyZb6?;XzVB8=+v7#Ntsnu&W8jf6uirfy)3j$4o`HUXt&Oh7HZN;nTYgktEZgR zG-uUyz=p0dDhrWa{Yh-^Or6I1Luvn;MC3z4%9_i65|Q;+$%QU$_Wp4;&>kFyb;-%1 zPKi5QMv^&-KIht;LjurU#R&ag%lRewhgA{#TO))jENb-^$|HlOE0P*zZLUJ$Hr(*3 zEEQ@dQenO#0OTD7`wUTiZ0~b9QdDTa2OO5$HuTy_6&h!(1*p_N>K4^b8_AARp5_~A z*rmT8p#`HrU7Jm0T#0B(n9BQy7w=Phg@S@r;e=7fuWf`jHo&u^9?^iPD?HHEB)(^~5*-&&?0FTm>X5D8gN z_zby2re6tPz5L4TxwjcLKj;N@0wme`Gbyf)XGTBIQTOL=$IQNGd zH)ACbZU8$!KOLEXgy1cA4J{5mJwf$@Us^OVtpCAGZi`Lzh53&Ku!tN1IRrwljKeS4 zmIVheJ=qIR{U{yulJ?PcCt(m&UfRN{-k2-rl-btbJ=CB~?gRtZi{=slUtusS! zFlqTc;2x*kx0c%A6&jWgpy43+( zY`^=779$+`(V~J8^=f;3yx!emxqj=TV~zmIk~WorJ!28}eU%}Ny@)DK8nY``uJAxg zv~JxKN}QF$y=CLU0xhhOv_Q-cov^@c7FKkE2WrX+6>aKIFg}=OZjh7<8M+`$e0V&R zNRa$Ys$l+|uK=FkbC_MGch9zqoc?<11f&nQFtG*%p#zX19=1#BjooE>FN3Wlhd5tyJdm{ zE_OV~P(25L4nZ#RMC`yi!I?mWU`#TL{Qcb5GT^7E!Fna?+!r|^yT2h(j6}Q&gdQWA zw5NyvJIoS!*-`J~4VLb+t5E;2E;3CWAw>d{zx`j4Ev!PlF{9>+{Z01nChuWehp^{6 z2}tV-JH_^}|HknCj!;J4Vai@omT2-ebTsXCbHtdPq=0N&$k%$(-fTuh|DD*}?jOgF z4Qwli{^KH`fl2)je0J4BB9)H$`R~VsA5=6>e+V?vyQ9HH{m(xFXcnbG{hMz7t!Do7 zhv(m}{=~-ysE&PgQMn3F zhCKb3*abOwdW3R>7v!sWsoN#$peZz_tit7}uwZZRR)3VmbwRW)>`-m(#i zUngHhUi92;3=(;AIXY_4 z#HK7gl~j)UQx^)NT*w4Ad$N;4!te_~U6IfN*Jq7PZ7Y_`eYtASMoj!|-JaLp#x2++ z;b9t~_OW>8CrLjOtrbF9s@4>p$ljbu`^aL!h*>m7v<#S8!Jtd&MB2FEeRlMhO$V^0 zLEv!5;AQivVMR+g7IFa9$aCk67w}j5bk0a?OA>6>u96|FG$$XOV30E;fkG_|~J#pLi ziM|BLn-LwHUfLgELMgo3HUJ~u(WV5yi--5NY#Jw^pR9+T6?O1O7hjL(3&bz(lIJ54 z9fg_!)$(KxzqT!5fK?mDFi)3jXH2&&fiLLuNS4IQ>7XbET_4s2$Jc68r7_Cq@H8|@ zCWD*}EOrXb=g)!UI0ay|@R?co?fwe(98UdbV9iu%2sse5PIf-xYha`EmuU~eCjlzrx**JgQ>QxaxVB$?d!B);DZ9x-YaD3Be_J&Z;ORtm6V9`h3sC83 zZcm_b@N+tULQr%NGCmw!w`66%LfHKQK2ZaXGLnxS1a`)6X(kmEUT|=boHxMh+?E;w zdYhhJQdBtHxXdC^O_=Qx|1OIzed562vV@1z+0dUnK7|jF9T6h{GR&D;zpuGtxgC$d z!w?eqq=d%jnTxV49Py#@m9p*pRwP(@=F{{9bS%O!dkQvJeLCZrU>o-hx;3Hiw=jwB zX9R_vXc#1jkZ5uK!?t6_)vW+MQD~L~5_b33P}JYK{Zn8lh5cCo#r?AgxKpvt8ASmL zAOcN*FtAVOc7Z3!dGyB)1yY66U`8|VuuHlwMtx9w4f+keTx-43Y*=8@@9#7rE@DWt zGo;xNEGDn76^zo1-!fs`14f>z(NGju{);)J%^DJ&pph?&X9=lcC6_QF+E^G22FaV- zOfmt=YzKOR>p_$Iv!c+qVW)NDWwP5n9w>wnN9xsj#c4TgAK{-&Z*)LX27$%GEQvQ^8BJB8g51boO$8bUZ@;8;tmpExJ$@aehI(ny|n?Ka0^V2LSeorCWvS%6S4G)Ghs*_bN{EI!Jl&O)}EQTO4Z{2vc(J2 z`?w?lg01xi41&_l` zifri6dekcC4*lNlxnj@KBg9lR=PSDk)ogP(0 zB(&m)gchl|(Zt6!46rKK&#jvvJa2Yz(g+7sIX5f|J>`QqNpG71AQiiP2)7inBvhx# zAJz3K$R>~S*j-tma-GLjTIq_Q6241ua$zh>@0XuM9*>8*zUhhC|3WAmqhngFx9MN8 zV_u07pQo9G{TXjeBY@?6X!8p57yiM!A!AuUxTNL|(W&OGPTXNZ*Bw99>*%>%Ot=ON zi_u!@8Xif;X;)loi<1AJq_W!qd?C=WQ~Lj|mNm{0E2TfSTy?t6EOowdqT-22nAKb| z9K65{hB%uxdcWJP zq34C~h$>YXq^>k3(f55n;>Y{uerS!Ziu`yvX$&FG68-4gI6HZRbX}LyHn@Nsr99`y zQmZCJeP}^9>lo|7-aB40C{QvlrKg}PKQ9&y;p2OZJkl^u#rX$(5+s0b&1jM-NM9hF zFzD?*vOxK+8`>fD^ixEre^D=hM-Y|ohtRh4c&i4uO`I@@Ln`!^{B#IE$1bKq(O?dS zOGMPr2>AzEC>YAth_)V-n4r$j();mSaLub8iLjK@l{?0vDo!6p&{BT!el04OeaJZN zPn{`bD-7gFVJU0V!OJh?FPsZUYDjkzxm34DO=N{79E;5Y=xN8HUD z8*7(w*WH(8g~7jRS@$R)` zcS7mAqlDB8^Va7EQimjeY#JS`P$HQdkdbNS>(Z^Tq-9o8H_-$~Jb!+=z(?04vDXYb zux9OQdwHKaLcQtpeApn#aFUdtbpNe_!oI%wINN~0jO?eOWe9>xkb{Rw%GKa^Jcglf z8#_bUc-#=QG$%=1kUnwot&@n@6jFonL$I8%Eq0-B)|Ttc^3cU%km|!2(~Z(>|ArN- z-F-=>5J#8x8&>R`Z~)R@navqP$JjejP@JtFCxgjsw#|Zuu7ST%#XP|{#ADI+Te};+ zp|1ZOPH_YI|JR&i^CNoT!&(ra^-oZ7=cO)4RY>7|(s$~A$KzE-YprCXKyvc9>nIX_ zffpb~@zfBe7(;)o>NyV1;o1#ZDGh^E%u~|yPSS`$feZNyp)+N*eyAP~s7ZtA?MdqU z?|+taybp7o+n9boM>-K1^0B+!JgOC<31WZ+=ZQZp3P$h?@cP%ID>P1~Ya__$KcU5C zjMRKM2(>sNJjGATlnU3k!Uw~^YUp!~-eSu~d&$D~^l;|Np@eRY#f1BzQ6pCIsx_jQ z(Sj7J?evCWQhrE$LsKquEMM?EO zBn3k)bXg1SL%D;cyuAYXCH(aRZs#Db!#$Kh1utCO)QrzZB>SWOuU4-r4!Lt<3wq^a zJ2j6vH;I|i#w3ciqY**~gu~>Ul+$|-~^2qExQ!H z@z!b!udqa?uH?|4r8xRr{Z*vV!=@W!%%ursSva$Osj|q|@0{hcaBl5&$4;z!;2rsT zG-C7?P2ejpz2PN)Is4LeNq;Q4=EdI#;(0FRzYxS-wYT_~MaKZ&`N=pB@dpQoIt*EU z+Ajj}S?h3vn>SB@Dj&xeniXAMX&P8$IF@bRxxK4j>qQMRgg@Dx92`sm2S;(>jKDi_ zW zr|!8aTHlNcSwu>hXM?RdO?J#xh9C=sw@J0N^l)@SaEI@ol4FvkO1~G|U%K-7Sxc@` z&F&si=iCR|@fy8E3L#M2tB7x(L8vHitUqWDjIl!iiv1wl2{E2>Iv?ZG6?g_7!AV)L zkbyR|O=(0JsVs8ER`<0{*4Euh@Oh`zyuy@!Xft_L%=VrLa4w6UE|CCpTS z_bb&TU3Zy24>8{Kzb6cYUxxtNn`z_52Gg>Ltb0Rzk>ljdgkWo6s(AoX;6_>(MD|m` zjs`l*K3RczeX^c&JZ=9R7=qM;juO)`hncVIB_T1t`fIh(4(NX<>5$Umlrc(u2aeA` z2QJ9bz7*pwD^G3vF=(gk5Y}tVK3T%Glz3#vfc4yQ8}LS;Dkghtic#ZRMWDGz1>9~f z=n1J)ocjAX}QaL`WFg%?-?h#%<$S$KgWsz z$7AFbtu{XSl7K>D>t9u@#6`GB6CF^3AtOT+d1jCYTV_P_TqXCTLu)pEJy2Ty0rCBB zs8>rxvu{__F=bDmPc38jmpfzIk)afP@9vaX%4@&7JaIvmp1?3q(o6Kn1s>Elk7WGg z20YD=m^)r+iB`(=p)2P5PuT8f&E1zUI1Z{`|HeDkI^y7S?u5fD69=pZ{4qli!~-vG zbVV2BB>IJ?^ljzt@3;6~o3|6F$~$k=j!o|%VDytXMn;=&t03RDaJARgveltdhrz2W z=5L5^kqXD*tXGA8o^SmH9*ybUIKjCzg7ZgSm8A0QgWs&e?c2s>AO47=KbLSJ#4zvZ zS7)_8T-AioncdTzy4o<`PVxt6S-XS6eiMADB5IYTOv}lKxv^F8K)=kBydBqND%WtL zdSiEhn~O^Y&iF+>-b;+In*s?F>w8y!dTJ_WV;S?i)_bfD%vu!2Yth_RpJfqQp0k6@xci&+8ZPa~&b5)UP@FDP}c%*`qcs#)ry$0Ov_EI*HtJu&G2RttY1<1CsJ0N*5T1c$)gLU5eh0tKt${o>eakIqi9~iMg+QJGP!?O> zyO&BEtS>uEqeQ;Tb|*8+d;i-MP+|%td=A7wtI?m!dKx7y>s<2^>@UDM2WN8F=nuJ} z)rV~b2DM3kqZN}zA9mUC13aF|Jcg`dgy_}`ef3{e2V5&N$v~xMYOxFS4LYP>%ULLn zrxhS>aCFdr#gbu+!|6HaaQBb~973o7OA@uOaMa{6_HkjX91gyHTkr%U85Q%R>5>MU zuR)HOQ=@{%pm)wvq@&f0LWoSi8yu_~?`q#wRX$%B%e3@fHD6a7ZD_zkt(J($TFnT! zKd~p7X+#?9c(jEEG-srfbP!sMCJ)JgVq%VEr0qDOuPuG6X8x*Rod&7!$p*7fb>AdN z+0pC$d~)_oh>i;}z~G&OLuKG(cQG_x3Q-fTAPXd!j#*hE4J%u4_ZT*_4=x^GSjGT)O7Ao$17K6gCD??50x3 z(_akV91R$@%RMF43z)3C>ZQ}`s?rJhex*(k$x6=8@B1}9>v*LLm}tz$#|H^IWUwvJ zf5JfB6_evRG;suV04@zkbp^9~0-!MfDz&{loIF?~U%(4uFxN|X`koMfi!{N_!8V@K<@y(GXsDH5dtVrl4jj^?*A=~B~c>mQ78yggZ3R+ds( zNu7US%k`Tqnw?nMB=Gp$4tebE0N^tpK|&ka4wm{nyBrUMQoi@#v=a&97|)3cF>Z}t z3fDzb%jz5D20ACj3*6V|*51>(1r`<*Yg6Z55$2RTKI^v5m3+Fu<1!koD0`+h5I+l| zXdodXN_fuCOhf#+h-H&mYt-zKPXKL*p+^Bt7wASVcn4rZbPYOI>$_h3k;B;IW^3hd zvH@{x*Gml0qDXqGf6el1?Xx;`J3CPQ{_$hql0n&C@6uNU%X>17-K?_$dp7GV@88S+_<9+sv!L4kFr7Uq zL&$YKsBT$5`Zt&W6ZJiXaxO@!{uE3`W}@tt6GdUw_bKmRusSHp!dNRb@QrntD$ z<8K|nZv80q{vH7_DlpUDG(MC}<~5I=h1OzdAJ;FBC){~x?lwvkOMLecmHbtWGypHZ z8dn9FYPax~#|aSe{pd8IvQu>^z=SzhY2uxLUVNzP1<=0RfNZUSiwYmOp+k6khE3+d zhqYUzF{t(|31p(1v@lF@Qg1Zh7<;JM?P#JQLM zgy;Ul04+Z4bLfY+_y>In5@ugmq}REQ>cM%^--$i*`+p&EHEPZASP=TgT5?h6)U-=P zr7&6e*v8hYl16lT@}NQc8rrt)M?7 z3gK9lnBgyO^FJ_<-t#|67xWum@RZZo7V?N-C-Ev%wf#sx=G^?LBtLwT+ZL|Jp-IHC zLUUdLecv~5MxM3ker(M%dD*YRMd@drNX7-ZA08OFIS-yg2_S>nKmkH~Tj*d*#M`V!(e8=t0Teotj9Wp<*2mNMv?6p4f;h{ar|K-6|BCss`P1d~3>#{iZ3;}57 zubrp;vOFE0hVJlqMj-lTR9u8sC2XP^CKT!{IJ#rQ*NPG)tirbPNlPY1A*E zh1b{q%9sWv-=w=ePpnvg^TS@~l{fR?U`@F;z@a*iq`4~fadC}dSA-9w>=~uW=8*o4 zB?@0_82nHu<1*g5vGsAj!w19h>5gnm9JRQ|88LcNXh4@9omIz`@j6of<-t9Onx>wq zTbz>d{n6F}`d3X0f{~XQYAX@uZw(<*BJIyN;yR2*Y8Hr62I-1k5s{TmrW;fbA~{^< zayZO8;~EmYHynl3+yrUto$=U3#*~r1s|* zifF*r;MJ?PFW@g|EnIh_U*Q-Hz)!PDWj2 z_t5&A`3?P%C$QH6LmYpE>Ph2_(qs5+*8f1m-up2GPj1r*u708GbkGP4McNmw8I-68 z_tp@Z>hLK_m#~lIYiYzR_BeMg`s2(mI?np{vcnk|m=m)f^eLx8U#hM%`%CnVaWgj; zG6J6w1b3&PZ>i;LTDk3ThfRbmnWMv|*52xOmGka1*MC#xOa1lM-I|EhY^zrY;PVU$9FsY$WZKWS}B45&=ig+a?)3w^sWPh{EC z=l8B!doGhlecCXKJa&=gfn}Bd2NKOq!fv}~LsU4<#e=Bb%N;b^Okhh|O3kit# zGwtxMHLsTHh?c*b?xdf-FP2+17U<;LUCEVp=rCF|`$=4SB)kRV4zHR5ZW8{RxYna@ z?|WOA%W}KznXZNe>Y8t!)6!oi;0^rxK#p3p6*1fnrN9`)2$j~eVEnN%xEEf+ zKUuYk+Pw-|$x0HnPV>%%IWbhle3_|1OrK-sE+SzW8L0%YlV!9x=f#W1PAbHU^$&#+ zhWj-bHWq*8rz4b@uo|SXwHQ8RWQ9HT`%#{Padq3E1hB0z= zkL6%Z@t0B^3O0(AMCS-3L1=nqQfLZxVYlTcl!#Qdkw{{XY#F-fAGMp~;p}a9`g}mN zqOQFwXk9ITcXxMxv(J&0us}kebZCv|=C?7=#jE=Apx9yTe>)~7y*dhF(#CBQ>Mi?s z8o$W2IXOw|2AY~r5IT$9P{^l}>Uz++ixBcAXe$kkk0X*<#v*!&L?=#{A;)1+9PQ+F zwLtwwUiLN!1bI|B9(U9VBO*o&HIFLDH4(~X&`+7dyf>h)%_iV3`E|L{4$oOg9+duU z4rN%BUj$o6(-vubncvhyfIyM8SU8UM9s89={`F5Smn^<7^lOGA+O;V9yT4VU5M*?_ z`cn5v8v|i8C9d_CTy#cs?U#;n=QVsaWeHJ|s+o?D{rq=cD54CNl|6UQyYg0o>^PZ) z69-;j?MFZ|oRL7}m2w-&ceFoiw#p$VGvsjw-V^N(qJjIjhsfD~2<`s*UWPjS`G0-( z*9ZTzCu{zTI2%aJQZNL`D>rAEQK!)X2h~?pU`)b8urOcQD_6P5rmKD!^Rqbr-vOk* z1-(d6HhPMA8=$Z;JWdoa`FdM^{W$W^cx9Nx&h-S-7~t_Tsy-ua`tvPkumw&2x_$rT zv2umsAI(}${^c%@yevvC!s}B1E9X8(e|`;gtLY|x|E+(2`Tyc4%lXbd z+~wZLMcwt$=S$DZ#-2eWnixw~8|5gG>>g-NmIGoTBGjz8{qa1wK7-ZDQ5<0V7%!zH zz;RTyj-m{7NeJZ(to7iWfg<|{SQdl3j9Xo}m|}>WR1qK|$6%OY=64>zu|kIENP_C? z#T50H|6TW~EP?UHczC+D>(E4OY#TTN#T5?6AU8;cUiS_9j~m{LRbYRTOvK5(inbJ# zm7PCJKCYc$dP7lqw|1bfDa^HzA}SCO#6ST$Z-+Ar7^O;&f6chxBd&M$Pt7OYGOR@Z zrRKA#` zQV2t|PY1^r@{{207nukRj96yh1`mL(9^E&DBks$nsMc)|Qu1=(?M?jybo$#*!c3$N z+R_nP_#C9%)pT^I9rcne=L!%VtJnTEbWCWJlcW||X71)M#3dQnXEW<{#o5)6e2 zab~H`X}pSzJhxDep)Z~%lY0(6f6(sy9im?xBxZ&BfuBEDSyu4rZl#H|;~M0G*9BLa z$^dcR9Cxw^yfZ$4oc2zl?3tH4*KqKCDy${VecmI;WHK_ec8G|*oI=6S@^B2&Z0DBk zQm?((trYf~@UjK4eN>PA8Avea9kB#E4;&!Z`a)0GS9kkD%%upXvY4)rj(fV0PXbxP z7O=vyi!VLS^FF!oJLg9W2}c|pNWD7;KVW2ekb${0VNV2sP;U#uu>$ztr<0D>l2d0^6g?^Xjx`4uFpgla^Mh;41l(1M7Q|g zl~o>U{Rdg4msY}WheA;V6NxC{m}LBCKE3hQHt+!gDvs~8k(*)O>chd}LJ*!+hF-lt zFae>>kt5ju4#kww^5_4MVyfLL%(bYCzCV`(T`q`E2MXo;1Xaf2#9_=WE^e@i-r5y~ zPC0NFQ9{gGfhq*K2Y+1KULGfM{BMU!t%SR)4)3m^G+{LsB_q<{3sN4Ce-RZK8H@k) zSRBD2Ne>K!BmLuN{mMd)oXa`An>kj3P7J(+F1{8D13PUsFfcFOn3N*&{sGmQM5yUP zu{RL}ZV(i?RPb5My4KyTOxq5=mbNwWe+bt@+a>z12gAZCE#9kG0aeX=n4+v;Z zxVSd5vRdnk9SBN+KQT|kLX8mM!XpqTL-x2EkS%r|VKasmz}#`}d5nl@!JrW8UAY}8 zG#U_+AgQYNBsD7F7-KrUcR0AaIddt?%YM%XZ}xH5jq~9|?XuSizqUE32VM)5Me6ANAC&3?~Y=$7p?-@fDT?)B4$gtQTl z@YvCo*^e{%4I6qat2k7R-l=dPn;_|R6r%kky02Gg@`OF#%U;-JeuxBueK!lSiP8L? z+1~w){IUpa0|Djik)<*BY1{hY4f7u(q6EOwe{J#V6|c{FoDm+5qxO%K+FC#4@J;&ATx6Ou`?Z%k~kwsW4lS75qcMFOx&6V{wUDqum zQaf+XZ2eyGO^%3vbf$1*TDJCFszeDRZ*FXEfa3_(qtvUEL{5)1dhK!N?!B}h&6{tj zOo45GC`|!QHxMCVq;`!{C-5%AEn}-Iac0wEH~K2rtaNEyFSMkDzwNcSp250bp$Cdy zK9ttV!*50AGy?;dePm#u2SA3{GblLqkCqQV+bpwH*Cta72N%@OpFb~U8||Oa&NpnD z?MW}ZKfrnB%t&>^9=ab6PJ@(|^rL6mjJq)G8_Y*bWJzi#ms=r}d zb!~TjKmhC6CqVgrB7w0Z-6ckeFCjVh+4cE*CO-0s9JUG1wP~-7Gr3~>8s2i=_D?7;k08=)gb?Wo8 z?f(A$BV!ZA#u@9x{)Ej#<#p1WY%nN+@%FyygLTim* zKVD8@;VKb^y_)*K#Nb?Byl@KJJ(xO0uS>Z)r4wh|h~uj@^1^nO_2b=r-m=#XqK#KXOFEZa_BGIVo*2?c_#H`PS zM@PGNk|2 z%xdVhEQc_H9V$J>$j6ZBJuXqTe8E;yyqCLx#huG%uJA@Y&9!G3()RDqUz(St zJmB_Z$5(VCzDi?};?ZuYKeTzmBrX5*u}}Po2e)ev+d{?Ow|i(&zWLm0uCUfTm@z0s zewD_&zGp((RQgK%W^U8$=XBM1x}`$7rfs?k(&CRMOZ!hU*u0PSjXjJ#_|C9?T%*fT zqJX~p9!1i|ln!P;Lkh1Uk}f7ZDEZb{4@rU5a0eC~yI7)eGt;udocCFn?Jn5h1?(?GGHZ&47Me1ZHd|MT7pG5* z{ZurO>>KM;h})&rU);}6N_)bOWz~|9(aKYhM{ob^n2uOlx-S8uNQoqI%7=L%ij=iL zg^QS5pZsPHX2ZTh7LBjnj9d--YFTT!a)>z_cj+9q=T0Q9e)ihARbnXi^uSdtM~@S4 zSlK&EFE49+S+7K}zjad~EHAx-Z-g{>0E_HNy zsWaP2I*AbX)gPaBIx1a5ZO*fWJo;I3#7v#ekJMOkNOjV`Hx$wV;FoPMFO z9FXOQYeb_$5AN&7sWN_8IV8i>C-W0YcR9N$#bFWp$?R?@(~RYV)XKafzKk!z6w@yI zYKAiTy_(Rv6n7qDRS`CP87#d*hzy@b|G)juVBVan4^3vu6;&y zBnxg;i1`57=y>M1ckPV@);6A_H8>^ieD7RJ1ip=QjL&Wiz&f_=t>Q=YOrdK3x;kNs|Y=MN4~|3E;kB&WM}?zvDeV*N@fs!!uE@d^ld4EtcDAyoambxiVB#@ ziaQ-GHI)@q!j-~8j+22Z;TqoF4;Rv|E2>*LH(vVWxjXMVsXxBGeeBW|c4=$uQTNr9 z1fo5UbT-X70zWIYzLiq-qO3VtcX$TodoTX}v8=i}ftBgvl|yM;TaF_7Pb<6c-~ISz zlE~Y)%6f44i7mew6XDeXc*x1;m zuK^4u9r40}L6{AKuh3Rz>hjA!<}=Y6o>xI^s80%wsl?%pX~sM+X(MWOyFDykrO!ZB zEBeuOAWf}l6)`?-aD*Y~>w1dOYr;W)+dNUfKi&R}#}kE?%d+-W_m6WXW_6Jm_bzU6 zz!-jYSS})j=l78C>OI`*hve;f=M7%7aPcyo{fZaR>hh%AR*X{R-E00_KACG8@x&ke z8W?XX%$bcYBg@@2^-ea_tBR6CF2~&;n48XSBZTTjUo81l8-`z#D3rILQE=1X$bo*e zULvB)^}TJE&CF9jGyA=(QT5#+f~M`R+Vs>?GGw#}*7sG4RTRnjbZr=QyEOcyyg7VS zl(A1=`)MeJ;5%9w9DCn@>2Ehiivp!CgE;$6(9_P4BQ z-GVn%&N<@`IJjkPKN`=`{BZboh0*V)7zt`iZ~EO4Y#%Wo(Uy3VmPHki;k z_es5uEoA5QR&4=q1$*ABl)8-AEQys$3fX7X1W_kzL$h)5o0{C8(ih`INXGg`&t^NL z88xQW%+}HJw&~t>&pQ0d==Rat*&|myyV%5To@`TqAJncLOxH7~;jg}hOMpzPgEwWV znmp=GUG|o-3%iwUIr@|(o21FW6h$H*i`Qs;*dLn>Vn7))OD=mc4NLr^+#E^@KQql7 z2lKsG@4x@JYd#m}v`D)LoOA93GB(LN9M|-8qXC)0S@q8mo6fI0?SBLp7o+$rDgnU1 zv`555r%q0q9E{Ga4R{=2)YF$+btK`botESlbbGuhKjsT>kXCH#*z@Pl zz3f;v=0}lJV{dQOByR*(%PV<$^2fxokyt2%ij2@uIT&W%_|;+SD9vwjuAEMkk&*GMW*RC^UsWhkZEk6olJdrd71!oYZAP|BR6Q&71Emrlv5gNA~*0t!ZKg3m)M8bn(2Nh6Bmw`e>ee1(Vaa!uKr&M(hMn3{aTB zk2QPq>v8ssy$RmrFs#1wT4p)m;RY3)N$<%z@)j}7S3fi?_om~mk#ZPve1FhxC;N2f z$A#ApRj(ySp3cNVHKn(=*SI%B4KpRB9|%|5y;s_H{%UT6JlSr{96oSm!W zSkNJ0DFkDLE;rU#wwT>d7i*z*EADb5L$Q>Ct?|u*bri$+vyBfP7bGfs_^T2kyWM+F z@SmCu+fodg(Bzme31C)#qqVqX`M$$#i1ka~mD0pJ+r%;JG8{hW%1rEe>O0@_+1Uoj zQtub&_;mBmdD35O46ZAJ6UKdl!DoRJ7G%U6M}~VnVyyPCejOpnVbys=FNyoy`Ayc* z=CQ@l^EBB*M&Y!`)Qh3ue{X! zcuL$HSJ@V0L`gNM`7n>@by_htC48tB9iS4KC;H)8&oOJIXzsCqs=p{@S5?^0eTmCQPxJR z{Yo##3G!T{T65Abv-CK}6}qQaE~K|a+eD%@`ud%<%!~VK^%ps{1wn`n5yq_>H@eLd zip~`{*M$6_&d<*mL=PoFf+aLj=pk843vY!|!gq8>jgtc$ggi=y9VeTDsc+nsL}l}(LMqSGepmnqG-{Md)5~tEMQ>%t zF4eAf4EqWi*d*=f*`DXqyH#$oyFtekbEM?$TRHlGjDU?Vdwsbj&e>x4YOI9@^5*#7 zE8i1mhMF%0GvMH7o*GSAFe<=tsS=-A8$yB_Sy@R9IAT698I=_#NvM-@@S%PXQp9M* z7d`kQEqQy53^vf0epBXB_M3r$^M`r(-;JNN&lvwOxnkx=UaCGQkov`EB%($F(XA z{pF3KxegFOA>;A37G3d~f*&eL53lp>FS=3XQmSCf$faVt6!SfAykJs1)staeto1}% zWt;dICX~v+&;EjsU#oyUg$#(zn5k5bo*sUYb_^|c@JPz@ll#vsq+=?3@ zs9ZH$tU|OWMd)S=o&kKIWI~YrRW*KSSBGMk?4^Nx-3vSH9bw)jFUB3 zY%y0xdJKh8XW|r~fNwKVry|k)BS{zhw4ltZa*BTBeKXAeS^;7?k1m%irN!}Xab|4yy6 zYy9QQJ6!guj)61%fMIe2!yfb7ztA=*aayt?*B{G$+%>%oD2tV&UNJUT6o?G1+0da_E%fgpFbAD_H#ht?B*)x6vWGxwW~ ztBDlJ5Ul$0?q^5}1dyW>?xEABh~B_q5mrTs`N6XXX$n_Gy}LV0sIx+%U(sb83>1&& z5nq4Wrm*o<{i~J8@L+k(^m#Fs!6hfMoPrFYM3E=L@fbx@b3d<*H&zuxLytFpup|Yq zuk%-^7T?9^ocC;UV9<)`<2iM;Cyp_VbDh$cA}0LA$LM32%T%Skvp9V&S5IeeKkv&)B`70-(hOzeM@%(`62N1hG?pSqdU zUbU`yhc+<1;h5{XGI8`4AA}CPt5({T_cykBKmKrF-bg<@;TCqc{tYYtBB8RLA5l$p zjLBCHQS+TEC_aX7i+#w6TIvBFi}>Ahr<7%DrGfX0KJLtCZhC)KOTWT_J~PubW-R{I zOPlUvV;4c>BA%NXc$0E9G8@-uG!xS1%G#OeV=wRpRQF}N<&)!&l!)>R2r#*t<#j$7 z%ebb8u9Yw?( zv_7#OahX0}Ktjuze(L9`L1+24m+QxTqhsp&l$@+k4j)3kbVA;?f#NKs2IFJ02wW*W z2FsyR$k&-z?8mA2KGKw**0Lq%Q_^JEE=hMeb=~w$cOK+`-nk#vweHBn*vlZ}Lq7^Q z$}=@SvD^R2`@+uPS#1k^aVFJ4YxH{!SKyMGbX|(x&&nab-UPWZvz*hop>Pw;&`rK~ z+e-B7V&ZcuZfienO~2xd;yq`)yU?XKLrxdARp}GnDtlPxyo925JFSRLRcIer2cc*D z9WqPC(<}o#JX5J6r?Tv_y~k{SXBHtKq<-zH#-LWKRuy}Ejk?G~oEO{Lo%$mcj+pLB zSFt@Qqel!B+VUE-@H557E=PPf7tf{%e-^X-D_ygCw|7%^d|9w!L{#h?9*bDoT%tM5 zj&7JF_{!U7A?f**T+vE?4Hrg~{`R7ur5HwOQ|CmVyM_)rQEfOgQ7?5hNqq63Hv1X> zfM$w{vlwkEMKjI^IGn-N4;^0clEr5{N7jHYlWOeK6qiq$lXfM4%2dKfJO$hT=l4$? z%jkI;I|F=nRW}WJ-MW2}wFi*!Z* zc8a{XjQPQxit6mH+p$-!W-X&rMg3DHc9#p{T}aeaMa zh#oih)CVBYBY69E(b#A3qfo`_BCgSHtAxDOtmv2GVO?MCX*}^L)aHmuj6g*NEW;>0 zk-C8w+8T^zeLQe{J~!=}|7y{1v-X?wton@Pfts)!FAhK5p=^1A*f(S@^m{m)10RFCb^s)%EYv*3nSUnzD&COkKcaUOy>OzF{a2g$yZ1c=}!~~Wi2P)2LrCsgNGXo#Pes8(C2ruveBa8T7O0!;-!baP19}IJizlRyj1lQ?8{>+|dx?SsS;V-8s#P1wj zN~}&f5>=NMuC8SrWA=X57Qu?} zlOCL}Uk)f1Dta1lpMS)rF3o+`!IjY2pn?o)8ZuV1TEc!|(ah?m3~^$YN$6Fw@78~Y zaTlYSl9q_Ih> z)Nu`=VYP4&@&5K$G32fQkve$WfwIeVLg(<{xUWau}@Av%W4sOlcMNQnE@q;!>(7MNaO}RkC z){5HI)=5m-b{6CHUB)fbhmzQu0S*FdTnD|gN7p7 z%i4*eR&*`0v-i`teG}1ATDL{Qknl~SpY8Y*D(W%Jmn>mL<_iPA zYtB7@yEIz!X-VYw;iLb)>_R zZbo%a96# zDN8hx|NX(oDoD`!TGxM{;AFE%^~xtUp^ZKs$h?z2k$ZxZbbq++VBNNQ*_@{=(r*1S z=}o$^;j(u7eZ10$2w0iL4uU@}V|}Wzs~U3freG0PH8SFwV-Hmu$q9xg5!vQdJB_sN z!pv6LK{$0ww3a~9L<=9{Pqten#e)Zsrb#vwErCQ1%>fgb81(JCT2K(5hmjF2V0&)N zV~%6QbsP-}lk2x`H3oCl2JS9Ysf@SDtsD9$})W+1YKQBhS}%h;yk{#rP9!shrBC~fT5n$ET}bLRKHHFX;=pkB-a8N?tH&djN60|98IuHn>K?#SD#$-iLK)@9zsY;0@!A z)r&Fj91PMbQy1hPC@IL6zg9h9q5K?T4G>!iwGl{@`w9;2MX4N|J{cfWPVYM#Kb@76 z6W}!_>NwfVNkH&wk>g_~MugZ!1pVW{uttRR;zd2@U9UaLuzS0q^O*S~H?D6*gkZV! z^(@alPJ2tAu5-Z)c18i45#Jl+teK&H;RT1Cs!uXlpP&ACz^ zlP(5bbVF0#3bK;ykmHC^wyG8q9bR#zBGZYAjSUj_+?arDy*#AQxJ{c+{X(CT?bm<# zT@XwpW;eMhn96=#P#5A|FWwTeZqi0uR}Lu%1o!svGg%G%o*{Mb&%*tVF8nERP5VR? zph9sSZliNrNbrNmmgeBY=!-R1A+HbjpU!*;RJ`6aQMtWxI7Ivg%RdL|1~yabK4kX^ z%vp(2dlne-OBrjKIQH{~$ITk)7`0s1SvvY>a8#?`Ryknw(=~z8?BSNe1I*gx(KX&* zxdz$ta}nYkZS-tWrSZZ;_xK72G(IUE3orQRBZHL;kL{_-g6yZPd)IYPAySCW z79NJL@hOq&@_KCd3JR75zuv$MJ??*qWV^bD0@dS+?XqmFAI*(UVWgtS=U8~J|M|)@ z_}_aI;dRbQ8tCM3rr0fQmJVW>F-;Cwm6VAGSQX}!E@i&17i+y9e+fUItOyGKl8IU= z?#DKLLN{{04bqzI?NOvGENw>QC0N7vwQDs0W}*7vYJxya1AmTge*D)9XI3fQO8 z+o^X{KC93Dt$6+vpnwK+Z0cV!-*wsKJ+&Ox+06Ane~kIWl)Yn3AIV=A@b3?#pZ*?i zGybjUc_I|Zx>dJ|m$A&uDSFD6ehs^SyY74-yZ-lwTKRt#^s@a&_3!_^PgWxoTC5{@ zG5+P$TC1>6nXX1T64Bpib!qtFkd=*j2CFB`6=E66s3fD$8W-|~d||Q0#fdncNmXk@ z3E8&3@?*IW$oX?}O11UUqRx`7pZdqp+rj-ty7Zwo%;hP(Dsm!rZ^B)>6&sWsd~3qX zSiFm5eOm(mRok7+TiRjcHwOiYy5&vx|&Nk@pX z<6!S4nuKx`2O3p$EIqPfTPJLtgpuzNua9Hp3|l`_Ts(3fo@ypi0{#!FuG_UxXx2kb zJj2LTP>8mI`U;^ypx*A)#PRKT{~iJlqlfmznyxiPJPx9)#VGo^M zzokLTjos`sqbi*u%B|=Vz-J7L9rBhN&fCFicR~%Np~dv$TtK!cbd!RzX1Soc#Krlo z#9r{m`k~KJj^eo+r0Ky)VVt)^<(QD-7rAhI3V1D7vSf}6V2q)Oss? zme6x+3viWy#@i6$VpUAeqh+fhRK+u@xse!i=&0UnPr`Q%b{OloqTUzb=m^a$Ht1wW+f zh|lVaOzLR1`| z;>BsMkBj*w(cXKk7Wcn=J{)$~#ZLRDY;|h*x*Z&s1PYkK9*Ixce=GR-r0Ipd!<4~Q zs%5P=)~M`oRzz2)qK$(!CbYWDrE+=i#_K z!q{t~WFB>a~+@+-siXePA@&h;t z-JceCxoJ}TK)s!WlPy1t#F&@3gCqMe*~{~9MH|QAQT(WVQ(y#xIXxVPeBsw{;%K&b z_wBmXvYXy(hb8f+a0*M8C3SJxh7a%^(6NZNEVVV|(WYAbk^n|0MFtfbC1>r}Rl^wy z8awfPx2g?jn1w$7sBqra2{aj`v1ObI#l2?51)xq$xD%XYBg%{<~tv3?E^HV7;e?KD~VDA;^Ihm5(dmZoW4!0bF+YSHu=%o83#@@6w%j*-PzAEyjx zV!1C%i0mN;cf%e*r}e?08NZvo-|j6#TV}zF@*53R+W|FbiG?F;uzv55;k;#Gi%jeA zH@~1mDP~>Use!`$@W$Z0PqR8uFYHkxzD=aye)XQM96qJAfbpjV(y_NB-AeGCX3HaZ z@J}PXTrxugJpCUg4fQ8t%EdAKpRL>4@LMnpe}d< zTzkFqy`uE)xiDZ)u(kFWrS4*>T*j?+`Q9+;(sOCS7{v9PuO+b63^m3cbGeW=bkwgl|Sj;Szyb=#~Eq5hd;LT7@EghK0dv!-A1DM-XHRN`MYkbRPknP zWV-}>7t9$|+T&SdycHy7^=#2guGfn`Ss9xYR%@zpkJIi;RG*FidbQ<%@zQipzQMu{ z+7zT|m`B|I;}q&AxJq)f?hLQNn?oSp%R?!1RylzTDDc+SPM6^%v3nFyCq<4|j@tKD zVWzhK9b8Q(M;|tS_h1D|K{QLw(2(9+22UEYvXuIxxVk`|He0|A+uhaW`{uJwN30~m zl^xi?4yentQ)=yW_pZuyQGbzGm1AaK_XXNjErAHnfC4Cv$MD_O+BAMGk5P3nT(G5O zWjV657d#G9FmpBEvFk)GL4#&f0*MVF(7dp$R3UdO@+!|3PI$NmSPwtn!a2p9M9B{%)1(#1hdtkg<{aguH`)PODrDpFM&)u1i_4cibSDDP|mm%c`S2{echDcbKz zTq{;pA|*_4sp#pHP*vnx(0Aq{*#PgZm0pyA;zYPigp{!$0znwtto1hfJC6#@>836T zunN$AlDx=Gd9G*-XY??_=tJL{RZV?KO?$NWJm(Qse*V|;#O%i?bt!+{of%o}A7;)C zFrB_eCqnTxb2O;IL%hpQ9y!Y=w|o22s=FEjzKM{5u8H6LT*3OR8*3QcKI; zjtLxXPLro67&Vw4SE^E|ARO69uB{aoabH>5v;7KjLza#fu!5lwA+)E?pZNX&bYdBW;4=RjUhN}?%j6%b_xNcSYnJWiKfeclA6hT@Msc72$j%|ji6HhHwCN!6YIqP^Z%6s`vM$j+{3 z5M3eAcLkIclwoC|x0!aLc{>-a6HSO-K%?XnHW8>%(B}*F`(Y=oVVies)nP-W+MPmK zM=rVnEWupyQasQIS}7mC-!c76wKTW=B)iHILB9ZS{XCne0-v_|=+KGIX0Kd4thNt+ zG!9vj*$|f+d3KL7t8 zG^%syrPjH+%{ru=S@UkEWiQkwX!}0-5Bjx%D3cYz>|#Bk?(e4K3lZ30=y>4xf|?3C zt_if1yo)-m5BSjE>9H3xYFP=asW|Zrsr+j?`ApZhN>@ieGr~UlYVe)vh9YC+NfFlD zmghOwyf_5^3&NDl@Hb)V{ug2D`}9x3)Mo zWHkNCM>og=H@6V$eM$eeQF=azf;rajJ|GZZx+WXqg&Yd=my$fDn=c)1%vRuRIu@+@ zD)EK~&+La|^nLrDs~r0(E_@Ru#r4=BA0RgulJh3~yo+7dDxb>q#T0Xl+6 z;&6SiCY!nF3jfbc>4o1+sZ3)8!3CcZ-K~$8dJZCkpofsYBZ>v2sb%j008F&LmmK6i zNA}Al4R48#?!yYiI=%#C>&na}L&@Z4A*BES{RoMaPpuuuY+SIcnWySAx<|xX#S~QH;*V~&5M=n)W)k&&G^D|~~mutQcJJbb0wK5v<5FMe1($!7y3`snu z%5Eo;7$)iviFRCL&8A#3wN_BgbpLt=bE@AaivoMk;EP-14`+-=M{7||&Wgwp>z(R@ zed6rw?6;${v#Xh^cItgAUz-pc(`dxA=-<^!PS)qTZJ&kG;-NK~nUjRpwAkwGrmV$r zTL~HGIg;;iWJMn7i!?LDn<~m} z)8BnCc7x^xye$U%Xgp|z;V!XA!pZi{YKM4bzVbN7kHb-q)q}@e2aXwtYd&Xqn~l)a zNh0SD99-@Y5#du>f53CYXMbiWkG`U41fSYFVv4wh!w$o4JSh*vtn_XN`eqB$hZ6@# zJ&o*dLx0_ZcA{@)3Q}cR9TADG`&>QHe)g_ z58uzl&R)+zRem?bQs=t?svLeeZ8>&25CU!?}6G-oQ>h0OjQ-p+s1V=`` zgU01bdr2n(F#_2FV@|z3q%>+IFWC)e>Muqe()jez{YT#T?unI^+QAdk;4M4YoR)AN z>@HnhBfWFa-CYGH)Bl1;nMUj@7KLeU-)v2yv{8t*2fI$5mSA;V-`h2f7S zw>uGA%oXv4H)f!&8tp}CdkI8>S?0s@h9Ffa$)IW%FDU?^6bXf}sM0&P<_^6{7C}L2 z+TF~*B*5=b6QwO-8ISREovTHp&UAyz0jhmZ1H6|_tvWKCzpR*ro58mpLzDSr|t^~R| ze2SMt$2mR}8dgmegL=MA@Lbm_jyA;ycerBd(J(xH+N*38+I*Vq&ZFH0=i;F-nc2Q* zklz#{oqB8J!ngtIV-o45mHCdl=`^>PdLNVF7f1}+142D;QBd%Z=DB|iB` zw5l=#-%*7@ziny09nImhpK)^l`2iQl;{X@9KJLy=%vtskusyS&?^Tls(;HHt-;XE1 zjJ8=%({?+){UhQqx_0qvRri=q6tte7p(=U=E=TG45wY%3re3G4&V8BuMcF*G7Xt$O zXL{uwf-1e2>r|Ynr%JrDr;2!mG`&s-`0vJ8OkFm0CciWXIig;j8Rl*)+OaY977Hv@ zu_wALK4d0*RP%`FTiu|iYTu6571gJfl1|PbN&(d`K-oj9X;z4E0ZBMmB8sD)XzJ*h_X{W*W%zn1u z_;|)J6$6V4!&2ZpNoNXm0eKK=M^HpG4GUJG>~=GYq?%_^?Ttj5Ong%iL%<-u_dZQ$T6j! zxM-AY0s4Eiyhaxk^=-bxT^j(xi0D!^IgSq6`CRDXBC!a^E4hx_U6m2y1;^{rZmd=1mk-~^#UA#egyN zlPXlyt+WyBQFXf900!0!#f*E_?>=MQQSE_%3L(o0FNjSxya&N~2M=KB(9Zxka!D!?0S?PF|Ot)Ut?%{_itMrGR8TrvfLalcWaLkirpQ_jWg{V!()?DTGxF%xngcTvB8!eDcocLUZMCg4zY3>gJR z`_AT?EDHMH6&sHj$OHQ|$U+#?UN7~m9Ur)^iO55vzlL>%Q-<YLpzmYd85O`Zf5lyFPvLuk)-t!mG8f{dT~(He2%M&6}{1Jtw)m zDEdw5{y1W)!hX5_py@RJv${N-x0mj`QI6HicDJ*MSB@HuUR4iu5Rs8N^aYNjXmJBU$F>>uGnL=&;rv+9Klj$}EJ?Xs;CVH731S_SwwQ)b{GS)P; zR&|D|;6SkxGZ7vgTcUZ2{Hcx29o>{q%iuW6_PS4#rXYcd0+rTyS|`LLm+-*gHo2BSD%d7cvQ0ul;W6y+tl{-6;!Y)0W$lgRPX$g^p!ZN1p1x{sCpY0;w4LU@t zT#KA2z4)f9E%6lfSg~1Vk($ujsePk}gxVXl$A!S7@4ciPe2w>opS2z&;h> zwP1C~&AohJLh0w28bf?ARRu=Chc={B&X3@W|VNEyem}8iIt(=GtGkMZUP)G&7QGXPOD+Zt8k31zw2li(eZ^R#M)T3O8FFm6LdA_uwimI(Pu=L+Lmcz1JUW5K=%PJSiFd=2-T6Na`BS9 zDaNiva3c6Yi%Yw>>E(&NaGRXr+|+xZI@WI#$ToD_1x_3G%0G4JEkxmY1?C$?g>O3o z&@v-*LD5J(V!PB5@(uvWeib8S9d+-P?-7$S2s)IJReE32M#Sh4PVyW~6@zv2*P zx3jvS`rTX%6MBSH0$yD1y`HcGt&n{7ujkjH%x2czBeQ;(Ymb@6AKS($@ZZ$ zTnpcRHfZ9Jc8P@AXM^5w&(o;$o*73le-DD9S-4A^9I5vFu`m z>WHd$+T1xvk#fv@3&^o1=#1?~zTU$Y0aqISo-X~6E3~a7EvBS;W-rM4M?u5HyesM7 zs8OEmqW_*6HCGu#sL@)Rm!Q|A$BJ00kliSM8c&p_D-!4Y^?#EPU9W!z8+xzZ?5>fr zk*Xi!Y!dxy1)QK(?UAvih@O|q&*7Gz`tcD5$s`zc-G5`V&cf==^-P(0WsBlS?0-dx zrV?|ugZV`Uu7Yb&z#$nV59Wnd?55^0s6dc9rC^jsLA5Xe&$%&}($Wq)(;pNx z?5yk)oJD{R>vKKDTKul{2&qi3OVfJnt+gfZkfgX)KKC0lStPI@vZDK7Nt5$16GL8b zK(qOB-?x{53n&Op94y2+n7)0`^a#>d9&0;OWcJzVo+oB_mrmTqJO#w<#OeUGW9tp> zl5pV~#bOo`kW4_|1tWj3h4tBj4@KfI`RYF1l?q9UV+Ms=3PKUj`s(R@p3R-_X1{C{ z_c|>v9PB4fOSPOXyCeDG7b6@gN1WV5!+a(kM> zMLnm(iy}hPqPR9-nq~qL3F@$##P?(*)UvwC%55`n3udBAESO8t#%vf5bv$rkDA3w1 zI-$=Aitb=78WgnZ)#jc)+B^Gk$tVE4ej^{i3}d*$HZymUbB;T+wx`_e6}E3Z`e$ZE zunB##kPFMFnaily$yY$JIxif9i|2x;3pbxML00fw>PS|_2snq3oAw+3iL$%|$<$LB zops$Hu_!`t!aK+nnA=VoB1TA9)WE5?oi2^z7h#AhAKeS_1FL8ig`lUgbube-KI2r--#PQ_ zw)4lb0Yz?3yJLs<7X{JVTh%E`A5?UKVte^ge~L`eG*p5AtjK+}6IW8S5F5W2CnB1d z(}MT`A}LSG{dIantpYf*HPb(Uh9DVqXS*WqDS_FK4`1JN!~~LPC1VS`LcY->HA}+n z)OyCRAD({@W$Rm^Vt*wp%Fq?QGMb#Ss4l0e8M8}X76cjEBQ za5|d@kY{s8OCRGvsa4N6aT(DtbS}ma`(|&Qz%aSbJ*Ua|YqD4#`1mH{i(>?Ct>`>} z{1O>?`B~KFFLS$x-dL--jAR-k!z?kHyVcfW zAAR&*RB4OAN3^(y^u4u}fD_&;w+#)(-K~T*a$v zp7kLjO=YvP?~8vk1NYaS0gA%b7lxvi~{It%HTGAzV-{h~5qe-?ocV5ge>H|+^| zEUk`x+g5WN_L;qQfHQtw{NY^5%mylt8xV+J`wratme1k3c>ShOaoz&Y8vv&)N9{tH z$)U2uHD6c{7$RJa=YaX&vQX6@ajJVvG3 zc@$bGZw7fMehlB-+9Fp|t|Usl3qc~#*(=)d2%ZU&33pi-Dy!1>HvR~3?U(tc<*M-m zht%;m9*^OZ@D<{V3a<6J6r@f>kmu7w*;&`zAiuiyU`ZAB+zc)}$qB?K4!ofoJwoY4 zFLNaJ&YkCa2U?=VgB{Y&I$y7yAIf;APw!rnYYWSfe;<*32{X>2k`7UScVEADWU%9- zxuCi~^i{z9@w;}9;qn%zv#hHDD^M2-*fxN(8}Q4vuYnsnSI?+aAz?y5X(MKfkxZ64 zoGA|p^)MjaM!^4v%|}Zjf92^|L-E9>;cT(9gD!qm_Q(X>7(bDK-WNO)=7sEvFkoT_%Si5d0`&iLW z9D=#n)9`(i5*tT^4_cVbRc-=__JjF=1KM~m6O96YqJJ}5Y{gm77n~}Fj2#bKA}v<* z3P6tyD zRV!vz{Hy^Dc2si2X$FMlYn|Iko;Xt3heDlCAUyQ}BH_lJ^P)GgGhV4EKxM+0{j z{TGA^S*bcvsoTHFZKA}EvvE)bJE3nX?Om7Y<@QFe>fO0uSXWn6Kd2l%97 zVUsdE)&KI4u>Aw)L;5g3AOD9W>3_kf)_7lNysx=?du(^-)n32`Rv)Od(W~C*VjV-7 zfypJClD=Qer{Ov_$Dvm?mYl)eBWiCUFRMT7*T(^2!f-eK5oqgu^d~JU;IQunesV3^ zUxVD?Q}tRB-`_NIiMGHvIEwpO@2Y}D=GVg=7*&q`f8e>3s;QC}_c`SLdOO5aIsOBY zYvAC5|JOV6_s{7nf91$dIvVd>1x6P4_`Yp58sx56s@5zakH`N6WW#@x$bUT>@^f#& zuRMc4{|tUT8u~|A>A(K&|A{X?HBo)Qq~L8P-Nie-J7}#s$_jPJY3^Y{5X%cOmq49k z1N#tgH~!w&)uRE6Ntf>+#sS&XbhFqH768q0n$oe!ZaVZE0)Q}kHD!9G|D>>geOep@ ztfoY{VO$}>3qw2ZXeiY{(VJ{UUw~WdVO~lb=B$h}>8-!BcDs)pO+7BO?p1md>MMj~ zZQ-OqNLB>@0b{wJeRk(Y^xoU>7_>8Xv*4*$$x*x0+wIsx7MBjA@4CDDK#ZRF={+P} z*z~_2?T2HVXPq8fdo_IDcTjsuf|txW8(uU?4JuG(Bc#7IkIHzx()i zKoGugun~v6QhX@WZt-c-V!zqE>X>YV?=kB-xGe&9bwMu|`8{AP;eGP$tgY=#yJ{y9 z1t6Dt1*GkH;%P>dQ>ho^43opV3GW%^yriH-;c{q43Nd?WG4<^)L0A;N4yJ zYgie5Ug6y4!}0E zhpjrFp!cB`AxqIus}h>E3%d$`Tip~(go98+J(o0=F7|p^&anu3D;b~JfLB(kmhQs( z+3Ni&^`RpbIlxeU?*A$5Jc|IN^z@lCx8ShhB8c-Ah=mE}gI!|q_{f64^LLsCd;vsU zkizfGmsNjRs?#A=BX$n*1R+P~*4sae{a{2?<2QX!s087St0l}GL^xMAcAbjbcWAlZ zLfg%Pey+c$;YA3Qmp8A2t?kvtR)fk>Xn?*hbI!A8@Ig+X5aMZ04>lEKQyiJz*y(I- zn-YgE>nq`^l8#HvqGj9d;iE_CiHy&;X``aOX^<< zg>t$&5bC$dr5?~#R{sGA_fuTwjS8t6Hv&Jy#OFS5W6Qr-%G>c`x=&s7F{ZG1Jp|`5 zq8*XZl|LrbDTvx;%q2RVH~0Kx1=@()*iO2;AKcrMYu*Zv%FSXuM7&%XF#Z9@eq137sdzA2vMi_p1) ztE@`{8;!q@s~J6F-Bq3Mo&CqOz!W))%FJ_o=kAjvTC? z0_+w64e6dDIT?^!gha@^LXNcP@eiQ#L*z*qG!ok^R_+EU`q)$;p99ztgCJJ6d7>OL zGN>Sh2nk_z!!LttZdK_(D_`eS8MXJ^vzGA6L7P7Lf}u@T-AoJ{RDb( z-F^bSb{>=3bz2v~y2$6TZd=*T%<09Ul7RS~ppA0B5bnA6>kFa?M=W0N?d&x)Jlu`3 zdXFS$PQH8STjWr;M^liZ1;`?V*k14mh~9Cp^J%L!MV4P0@mfA^Nin;BEz3X5UDl71LqbaD0V+8g z_s(}0oCd8LWObzQoMUZ-wL=a9rFI3Dl;rBwfa`=TF4XqJli`qiy!r-Ua2C$F=ZUO* zHVD^Q{{XzEQyqsXM|-dCHQ-SaPH)Dg-r5dmd*wP!pFet^NQ5_L^6S9Bm(NBh^)qn4 z2$=nN@uvB>0K9Hs2?N0Niku<#nz*mR5>1JU0>2sID#@J$U30+gNbX`=99?{d*qb5K zVB@|Tt&xM{uPt^Ox6T2Y3C-?kH+0c?Qxz0 zA1#Mlfc}Fu+ZWykq)Y(%+9Zt0HeOTmWkHmCxG6JgZjv$S6H~=yK2z7o3A>WXF*8M@ zyOIMG)*iV{4yU>FQX^QpUN^9i`u(JdJHpe-4b%3vZ5XgM)`_I7Z4Z9t-%Ym)TeS5ID$K4Hn|uUn2DyjyId58 zDWD=k7|1tBwn2Ety4iw9FFJ2Hdw@R253NN*Yd%u!i~Cklv1)E zfS+maQ*`iBZ-s@b)9RyKi*7YSa0YZ@L1_JsMl6i$^iZbGO1HCqp5F|iiuJx}1o6{6 z2EtM4?^qR51n6C>7@>-sD;M!tJP9}R$zi9e(d>JDZCFs5-c324np`L7s4DD}WpJi$ zen9dSl5?H?w1N8f724#Yvla_Dm4d!CK?~u#ud@x>7hgVR*bo%UBOl%L<%Em_e=1o$B z3iLkk;l!`KlqBpQ8ygF=Kz?I^X=A?vL?1#GI#tZqbkw=@O}Bxz)utEH3IB;uX%oa6 zj%dHNc25nek;Y6C$z^Ne(0LQ_KRENhq zBu->fyf}8xOujpb`eY3oLul@|o%b6lm(mtL?bprJ3IdV3N)osTFrZVa`9EPmUUNTd z`0qk9=w~anN)@pHK=2T8OgT2l1kM&P?`JNB;0?8>6XrOqqCd%hS(ra_2n#at@uY5b zl-ZA`Hb>}Bho20(+q2j(DK@arf!w9(Hti|LX?sYFhBiWzPRzrq;dyVC%WCDJbTTdzF6B#pqGsOY>|741TnSm)5 zziteNvv=uVDEZyOx$tR94!xZS+4|tKxJ>U>5fvXP-o3I3tlpiPs*?Z#KLRWOwz04#Wtg<*w78U{m&31C&5rka0F zjVwz$q^jDxhjMG^2@$5)K{5gCZoy0?l0wOe2ze}g`g1Xq0Q}A^9%zN5L**rC}_HK%JnysVIexmHRcgw85bu{oVsZC3>62`4Vm@DY_XuVVD0}-rEF|ALE8UpHw3A z_~K>gbIgTyfzH+ov2KZa#Uv>e0efy~bA@dq=WwsFowooAhp#%)iulxfoPuUPJRH>n zM_we!E#VC76$k=J zkej{O+vCK9`Uy zaOROOkEXVMWcaH)jgyv`)1F_bwf(41piewHK0bJ6COa*FqNQ$q-4)zHz3zn*HetLl z`;9N-1dba|(o9{C~C79vdw|t0&I_u`dUhU!hTD10I1lCQK(W4?lMOE zl!PpCmCRLALj^mf@%&2+vIjOqjiJc!NH~ZyQ)Bhz{5F%z+LT%4pMU|HaYG;`8Yu#64RbGiLMWU z{?enJdo>VU9Jd zGGYkx4GVDdLLxM=ChxK-v^Zy=zE?sSYblIYT+C~@8k+<(vGCgdjX@>=pO6rd_;snf z;-yP}b+s%^XAGDO2Gb=hcZw{lOx8(X+Sy8>ln?+-K1`p;7PjDerx{Ya1efOHj zZx5p$kvIPtE885YTK9G6si(Clk-qUo9Oz-atE@XPiYI1RU z`}-cF_iMrCVyk*reD5s8UqKA|f}_?;6A5XpBFMDXRS4tQ{*wYWy+qx;@o~}9NIPZQ z5Q2^xHy)li-Fxd1p{xOC0fi&6^^VC-0rk+jW}A(OJ|VypXe+J=of;zstP_rabRr$c z0MS^vP=7{E<@JghEr`ovr18%yu(T0gpvoR?Lk*CB%hTQK#p0NEWp(L4iE)^Dym9CI zUQD3+hlEj^?47Ru=QXm-o?Xc@EM5Nr4}SRv9_;<;Y{F)rgLlNH+qi86a&Gt8U1QE9 zk^4;tzvVafK_ZTpX0L#OVDv7Ky|IGYkibC_7Mdico@)&5$BEtKvs_%ah!eBk5!zZSA ziwyXHlvHPzizj@_J_Y4Jy${6RHAsVu=)5iVlrXViPQCc?>t8tHm$9~*6-o7pfg0^? zU{o%`Ofe4nb^vk$kPK-E95$L%1x=0o{2d_;*zg6&o>nnIz&tB{<@>otbjWJe7!EpSAUIHTP2#mC&5e?OqYs-)tl3V51;&J&1NJYr_3uL-SPR@0uZmSfMX?qbd ztM!azp%aLK7Og7@y$tZ(N`Y4t(lPQg}g=|A7>4Z%6tb2Y&dc67e+jv!Kd&BPz!D-r=|zq<=UL zB9euFSAJ<5(riJBLOUdcMn@x?RI6vvxMt-vtAOcL)K%8Q$$?>5;kz?};fdc9b9@mU zDqrjz6Iod`Ft|widi}bC#P|bm=^js_q>i8AvJ^cKE=#4sN3gKyjzpw_b0DZ=ve)8( z(vQxM=vF?8(zl*!jaB#>L16HNh#jB)D^RN*98r*gQspB4G_?R}(xE~+zWX_orFneW zKhtI1ey7XwJPEh#1i%JUj8A7l(viVnwB>2?IF5NpzfNsf3)4ZubkwP6C}J- zK{jhk{;@w0VLf_D4TKOrm%Pj07K!BX!6h=&BXoXd8~v{)zSXl)rM8(X)`YF`lYa%w zI*0xb0ke0e{}C{2abCd3!tnJY!ZYzw_MCRiwsmD!2~^t-Y%&%5j0W&YoNLwxI%NYd z@n0(>rx8MHSwpJf3?t>H6G|2^>unATXy>}9t3$tN%8Kyh+5vja@xi2K;gS>f4P!JzfEI~#y^3%{qP26{)f@=XUQUu{{f6cmyMxQqi1yMl{ z-ItYI2Gev9E*){1L+o+0JIBqqM=}J(xR1U@fC2bJ=E2A}LD!t2zcJ!Yx))7frQqfn zl#_iZ3sCQSxX%@zgc4w+{aOuvWyF|&iUS6j1o;QvhsCM*^j{G@PgwLTSK1BR~BNK!? z)T~E}xO#?$+zxKz!{y|_BSW@O6Q_<9ZCu;Ss)YT&&D@T<*+UP4?Zy1|IZmg~4LH7! z=&18Jj86>10Y#Uzw2`Jy_r}Bx!!t_xi5ywa*JxjT=Vgmjb)~Z-5`-BD7gELjkR%HN>yJM;j(Ak%f^ zLeHGhC-Xy8jTdrriE110f9Ut;gEQ%O5cro5=#N0rjKrVL|%Zf{^m2q!_66l4TL&&LBixF zHUtS2nh1@)ArjI-O$$#Z1$3aw7RQ4A8Vuwj-k2F3-z-UosDFmH@=$fpO=4EOwXz-{ z6@0HN$L}jDKx8LPHpe>+AC1We?%2YZ~jx<3sy4V*A;fw-Tk{vk(58>4uOZy_tTPZMq- zZiuwiv}Wc{X9`oTf-SMxN$sCtvY!spEh#jHmi?6qOERLy@knE8ds!KC%aqlhCHMr` z31xJgtCi2jA&3>&dx61XL($)DFK!5C-roU5&nqbWApoi;gJ(fw`VsPKr&>PQ{Wap5 z3+X>lvbq@N`=7~Vveq3lFfxInb6c-g5<)b#x+!${AG1|?Rd-4KVeWXSpA!s%D&_@w;)crL zR=z<|$M$^|R-0tqiMS5Yhk2L1?6iaH_vW~7n%hP&Q5(p4m3WZ*Tp0_`0pz5AO8jW} zPhMH*n7wirw{}1W_^;nRB%OBYkq@1CzWJu!k$yLv{O|^^4i4lt-fp-7+$4ZZ!f=Ke zbw#X~IvO)V_(Py6c^>lyH7UKUkFBk;*Jzo&wkA(@Fk+TlgD*Ub7#N=^mTW!Y}ISo+aZa^>o6qVo)>)b zPL#Sv^H%_7*!Ld!!nqxsvsilcH?a$Q<8>`|M44h|2Hr#A4Z(?AKD58#MgcR&tLurI z<*P0(g3@5j%ouc$i91!b^hi{(t}Ucl8@8Nqd$Oy@b__j|`rmYN(0zbsTuOW)@?Ax< zZ>uRHnC2jVWHU_nOy+UL8#g|62-?52XT5CLZd^#NlL+yF#mpUn4U>|JiV;?C^^`M` z@ti-ux`n|oO+w7d{g0)}#M#PWM=1##TA3fpID17da7%X=q0Cn5_UNO&6{!E*D^!n$ zXWr1rTI)Rl=dP2d7Z;LGC?}pd1L?ii&qfiOH#Cbs(SM#`XN#_)$?W@)(KNC^JsULE6%PJ2$!LKfq%_z85fwt;_(;gq&x*+JC(4;1edHp^(K3D#a z=v)0b;*Sv@3x>|35KYcX*{&QfI_E}}csmm*sO&s*3}V*e5aMxxJojilqSABjM9595KZ^?zbD@g5XBJugq9WYulG8c%BF?W^HoLy=R;hbdY9WpAG>A`DM$!GDU9w| zt`6G{UX2*)Q%LK4)CZZC#*si=?FDAG*yMs4bb;pQeOCThQI=p6nf4SXavJsB0la6t zok6POR9;QSG*6KRKg9N>1*G7W)zo>D26&rg{*I4=IVg^3K1z#Xpj^q5W_5889{FOcn#_3dpfd1FScs27=g2^c*hMEk_bCr}U7f5cH(Hk&%XDdlq6( zA0qW+@h&u>%%BSKZW`a;9;k3>xzd=g$od(%T^*%gyIrrwa!;t z-(LF^YX#fpIix$EuORsR-; zd3U-_(x?XbBcFi0)z7&AkUxO0v&gEq9tO$U^ zeS2n~3Q1@U6;%bFlN4lb_64h20qK#7+4S}I>g1#Et*eew8uD`b96zQyz&NZQ*ipB0 z#?k0}!_2wosb`TYZbs{?cr634^vH;Tlligr+F)A%Hf3~Tufn)C1ec0Q8p#MW>K2jI zuCU12m6G6cf92_Z1u|-ogl54*I1==C-HDqidZ5sTgayO1IIk5tUi5(oj|ka-7dK}O z@(y@rCfavc)8PJvEen+?Y18+y!xI_U)o`^%p1h(}NTuGQOO7-18(X$uwgfe~Q^Qd% ze8_3p%clEBCnF|P4RSY5%6#elodSf{K%QDt@@rj)SG@E3DgdRyLL~*Wn8~%>K&4(!gA8|DF z(3+^^}PB;&KKQyzy&0j^LRsp-55lBQPoBTWM z+<4+o*cozkL4^1UeJq`%WOB<72cUFroXg0~y|EuSR#zuo!F=&+eBGs^h$RPRHXg6* z7HR8)oe}22Vj^vZO0683)01TlHUF84oBt~n*8tRH2zmcj* zo#Z`y_I0O~FS4l&^iuOSFk2*0=%gP;YbjTLu{DOnph`=e`c!M4ga=WEe8h)OFOz+e zaVuyStd`Hg0|0qiQaRf25f%zLBR@Rt08*@m&v(LR*x`g<$}8upw~F+px~dB`Za(2sW~x zgwER%li*^Q-ZRRc%>m70Xc2vOAuNAz6*ea+WlCuoF=@z;_=2kQ?Q!6pnijeyHg&@G z1Dq*9#IIgldY*{8Q|Yt6c+uOkQTQ`3HC0m^Q^ zJ|GhF!QCTY+9UgXzn>tTdVYo#?E+z|x+TVctTcL0uKp;PeuKjzVumdPUYoq$+r1A%WI!D~UdY`myQ+UC6Gzhyt`OHM zLnfi>reo**hF(Iv8khjyg4{NB2{ciT@tp*{mmEVs=`*3TI zywNxyFRxn_MOc`PZJ+5g&kHfHwrQYo$cpj%6$VtTEO(OsrM`Aa!vnSdDT|gpV7wr7 zZ$zTRBZ4^{cqPb*i&Iw&973?DcMsPB>+Wux-eaTyD5a3+Y&t_)!Q=(jpqDN4kL41| zLV~ZJflS(L55BLoASH~3?^*y(Yu27ECv$x0C%>syq=M3bfL8FIfdT9eoKTwU_kl%3 zGUMUc-0F;xLtZ%YIK1HCc&ZJ)^{+>7PcRt{#Lzya$D@1k*B?87{R3hR{zu>}%_D#9$Kz7Bdhso8h>lI|@?asXrig$fSMp<$uVeEoP2?trl0vR2Nh1K$9LJ zlUm92yj@O8NJ)8V2|(tc7e1~PVD$t#S2AkupuT@DXjw$7XaRHJ@Ra$+_-Qc44gNRr ztACQ+qdd@AYhW6;rwg9+G}$9(9-)XqQp}a0oUZT=grw>8t-3l5p;PG$@E%a$YoW8* zjRPQ)HBhXU5#Azb^2h=agt+cDFgY$uJl4jv>Nz3W$`tO^)DS}Re>;?x2$YC_hSDO; zug1ol!+36ZJK0GQN0}7q0?7q7XdA(+`TvM}@31J=FKZM<(W8Q*A_4*)5fn)ZB1lFN zM3Mx_K?zL`0!?m$s3;T%Yd>k zScW3jo}(+w{-DL8v8RYXmVyjeYF~kN0`|tBw_*GY!*)3t9~s{M<*}&AsTz_;NQM92 z**WY4V&2;S;sPSgL}u4FDLtwqj!53EAmmCi37|+$KmpBuIR0EH;qy8=xc-QDt|;X1 z>f_P^-k|jLZ>qG?|C_3`YoULnssA@sY5$N1Qu;og9S`_?MTwG}9Ky^Ty(W#=n5Cy* zMCYfhQ%gD`EC9v@9f~K?Iywy6+Sp37>`m_@y@-ZMfDSKFjmc@LK8w|q{>Z6Hw zdD#3L3rw%OB)_+w-qESDK7z%j1%rPH6M(h}8z7w;yeOxIo`3p_n5&f-t?cNg;C+w~ z6GzX*e9@kS0=I$oc+RFyp38bNQfrt)2#3j7ua!nXzoq?si8lqhfZB$*ETh^Y13`!-G5sCi zMWmhV4|})&6){}b|A`oGddGhvh8yQ20;dkSI>_Ue{$z6_l_Fa24KNNOA1k2+eDu{W zl{APKAO?boU}9A|VzFfmkO?9*GfG6m)6pF!`KD)Vj4G(nS1y7ZD6@z67>s*vafvV; z1uAV{l4EqWWGAM2kN($6UPSaC3>(12{1(_yy=TZadEt+!MI&bCreg-r!JxP030*`0i=+|HHL7u;ll4Z35Z7J5p|YBH=6eLks-B9+PL^iURoeBJ3}F& zxTvVt79hztA3-pzew z17e6$<-bs8Dd-;VvqqgxPQ!t5mJF;y6(+b)Q(VZJZz@TtTv4w5+-1H$;tO8%$o09*UH#^q(qSoo;r&?JXMEkREmAK zrn3U&TVR^IA|wce%{IIMn%cUh?T{2s*a;d-^MEI?8@Bj;$}d4)k4JB$^ok@keB{B% zi#tM&*5w|ktho4gK6=y7clunD<@nB_@@$aOfy($XT86B_5GV7Fia0WzAp_U8bH9m1fMIWOl&|uCE1ZBF_TAeg5{(PIU!Atlz!^964Spu)|$+r$(D&p_|7=KkEH;CT#sGHwLNUM|fR7jZxEFkjuZTO|z@kYZi`zG=UaQ#W(Ug1> z=5}DCOVa_O@?gW3zK&vp>Iogy>|um~TT^=sK`w`4lo1aY1#+qh(Vf{VhwpB!aDu7S z*{Ang1EKk@i*<31SJG^_12EAcHnwMNzrj*GM^pgrG?Z$vT=J@>m!%GOV=hyDp6YG(-h@9nsk+e&9y^1%R zBlo;t5=v!!e3HEA+{c4tQl!>u!Qwej*Z40a-8x~)APjn(dHu>)B5U5@lRwPa7j zDL&&VH{;$2glGKQ(c0+~#_0>>Lk`rlLVJDX9lz@CYe_}oTp-)^Db&qDzu^O=syyL5 zi}4fVwAT)6-JKv&mBmZiXwG{f0=z>0_yFP{)tc*?Gq;+0Znt!AjVA=I0JKt2baGv; z=DsnP1sY_C;22;Ih=&_AOLpM3p(V%=wWD6sXi*utyiwk-Z(FS8+QvJ-57(OH%Ee^iPr{Q>=0KPNNF3ks;qL_6hB{vZ#~LidLAJdgA6MAo9JRm_>nU4dB>j7S z*A`=>41S;Oo&`=1cr*j0&Iz0|^W_c|)*#jZ8^nC<9yQ%y3nU*qVz|7#4AKs#K}bUK zfD`LT{Qc9jsgy%6oEwl<9Ow+;Zr@>LG6WjkyCZGG+7&b)(AxlklL-cdJrN$Qw4^bR z$&kVbq3F2C#>i?XSVh;_&40MF)%6kri9mIwKb1GL(h#Z~88||*ljj2Usz_htIj9Fj zv=$Aje1t#w`wz4USu$K5S#iz51TGs^YuAWdd~-{z_@T3C z8<$=iS&`ddJfz$mXvmN}sXT175idHhmJoA{nK=lQ&PXM}cH2K5f_H+1^9j@Qzlu#5 z9Q%6Sj=``vbmeWG3DT_Og$N*+I)mQmmwAu zzsbwJz~&6|=yn_L*Yv0dh|vdhA%M@wfhymTFXVocEdpEL3ZPA_3nZx(e|HFsMbEH_@ua<$pDjAZqwPJFW1c zA(-#}l-Q;Al}P$mfnDRsZq$@dsVGCBO~@9|T@W_();_#Bx=6nvYD1%C{g}@Q6y|R1 z(FJ$pY;Ca2=%~{|5eGC%W{(c-a13!rl5UtY=)8(Lfhfy#f0YLM*+iUn_diLre>J2? zheLw-1%%=s_Bn8Asu(w>k3ZxxyNP%NGW^umJ+Od??`~}^nrvoDkofO51W5dmnWC*T z;)r+kb&|e%5EXtR!lGH0jraF${ox>r2*rVRe3O`IZ(4o%J9|duyt;Rh3b)p(p)(5` zmgcDes!z+92dszv%hWS{N2;xyMkn4WJ8|Vmkdzi`xlFSr%3V}YDb(8-CQ{sC7WKUD zOUX5!kh0QAg&V#On+K`UVTm&kS}NeY61B`u%2IMza)DJ-mJ1a8fIp>(6+ltYFm zkDvChD#B$bgo>=r^VzFk0&7jan)9hR4?uiJ?Y*RyLav!N<$11Jernu8S;hjD2QdQe zGLh+N>EuC_o+V9mRiSb!GuGn@L%m`WsvS8oQLVqovrED@r#b&q^6ZO0$g_lI!4lAf zfuSz_W#|SdcK>KADS!<|je-1DSb)euDR%bJ_(YChx+$g`T&vS({6EU%q5Y12|vbx0SUw7z@ZQQ57axO#m@J}{hcf88~TeY>-HV`hmVL| zYYjJVm~JO#V2-hNk!#-2>CvK#%>7HgvqJPPB^j>MNsRw>WaL4Y+E>iLVjXz*(06+U zEqF$ZeA_uKZE~WH=Nn}VNOK}rZ}i%~(P|O80-_mWd+rl2zu+ZI%V?7hSd@JA`tC}K za09K8ky1Cly^HNo`;-E<)W>u*-&{+`fgRjyfCU=8mId#~m9`Mj=v_v;xK|+8i?lz+ zoIwwD0|K+XIVGM9UB1pA!=s|UI2dJH2hH`QK4|WYfb@$A6n0}ug738XGG)%Y4GDqS za2?!1WIhI7Qg|zyLhS5`$EXxN#JJFEyym7&PgmE3gTv|cpkv+b9RFTc*HUQ#$ty-J zvPJ$ul%4y7D7%;9z(L>}^|oCm>jI`M)fqofF(1_nk~^S(6Ug)Lz}|XZ+;B;#>ukUu zbHzTEXYY?ui=Y zcOt;dgiM*lXR8|L_A)sMh9igd&pmzE>0##f{t(dmzpkX z>N4OB@~Hn(P?!AszZcY%zcrng&2g$AF_O~W0GO{)BSqx>(t8QwW)xX{`26tQ&g9MV z%O_^(b5^ieq>TXZC*J!C?Z?f}t1TEd;AXVjTapVtN07oE5F9c{`rrR9se7dj9)luhx0K!N`7~c0Uvvi7Xo%z)=`!@Gb6g1v}WHiCtlCdY2fV?;f{MwX+IcJ|mkq(L7JW`1qXmiG!hlJ4?#Ewby?%@u0C!I2qk}Zt_Qph zGL^i$HrNM<{(I{FRM(9(et1Y4I7WZh*7g23ZC&es(bg?U9H`Pdl6T?aKqdf%$iR2WJ@t<7U163*$_5&UTPxDjuH;zNh8nu}#w;S&Gxwekv4F-$EMjPJ>O0a64o)!W zE4Z4B9+EilV|*#O+unTjnH=BdQd_bB>mj*-<&^oB5YB=-p zHqr~&qkS~Cs@MKi!9PstJqt~=0k)h}Wd;ayAYq4NLiFjLkoc}D7C~!D?zI()iH|x? zZEN>%C^4z~HBR&o$q?FWPwn&PO<2m`)a2ylrCiD=yNpksP?h%AQ18Eq8}^tMF1=Ho z&zBU(yYk&}{A4D|U?AC(_fQC%;wR92^sxCB0OhXxF!b#Wz~igdVkRc8-@wmqzOm7SA7x2)~t)_Z09N?a!tHEwTH;hwrOQXk0xK!Cuf7moWVY*>zJM zgPQ)2b$Fpa>oFt?N`KShwSIbuKcmKT>Z=uZJw0H;A+Qg229fE!o z`gbn+?FEUCFI^No*6jybc#51BVPDqFUcD;m7y_Eb;#6<$!CRG@*LUl{%iib5mdI~) zv9-CG&V3&joLHcLder`J61-3UF2Q^HUnF<~z$l>0I^v%yykBH~^*I)7Z*M3Y?Cdr>`2l8r+2?n2n}4KYU?NTi$urQRky3u395L)y(HJl4 zepj1FwH|>9@D<)=S}LxcHwq1}@fEGi+3$khiF4H27(E+qzN-&+L~1m=<9;590U)YB z`F!yWz{Z-ldYAlDuqM;qO=YynoiXS=%K7iF2A36+9eMi!Vg;TWVm3I5ChCGMvV*8dWUUUz)O`e*A zU_|NY=0UgNdHV!#ICwZ57lg=l$7W`K6lT-}fV`lF>=;60W$*n5jg=1NclhbQ&{#MA zTQt`6vafL~w!mvM5kF3v_s`<rcoDtg^mvHgv_qK=8GpjffxFXgjttQog`mfHsUVQ1}pjLJ`O0eHMvL4 zGG;#cLtJ*>p78`-a&G`5t^_wT3f@Wxr_RnX=8G#WfqIJJm+WR1mL<973{Y)}lnNnO zwPZ1_Ay7~NJ!>o082?6LR{N1`Q*_i#fJ^=^ziT3ixDo?Zu!qq3{oJESE8nNBCb(to zFN?bA74|Q$;qlT7W}pmsE#$0J){Sm%bup|ufGg_zh`P}j9zT_GXH>?2#YRQSe7G?V z)JhkdHx#H4&SMl7dJ-qYG;&P>+nU=YQK+Xj(#L{n8L-7Ly*64BF1rBNU9vx&{Kv|O&+T0B4!LgPZUL*HmZbfJ|D%!|3tsnmdqXy;n`PJafl za6w~cN}=Z`ef7uVQhg>R%hLVYp_Zv+j3AL@qpe8>dQ5YB_uMM-a?T&(mXdlD296`? zcwn4=oE|3~2hoxTYoT3AClGpwW7b3F@t0uBcV4Vql_I!#BCA<0xBwSvv$Q_UGmfBi zzeC;geBSJt#H`^0wVg!fQ=*z;qVZKpd!b8tiEf{F0_f(F8$UIN*58<|Snd2lHoUNl%^om-TZPu)!#=YzI5MSoCI(lUs*Z`;m(2UBZ&*rU zZ0~p@ZBg>xe@W*~;SZgo?iFG+u6+*nL=%8RlrCQ_y9>exVD#4F_JaLDF(OJ(jCl*; z<0$_*P3akh_Q(g0jC`$j1Hh=QaC#oMe3ibY;+h1{qeq_zO5b~QzQY6Iu~E;ka{3Q8 zdiTuuEP$$P055;(P2ECc6c@-5tM5Ymv56U>uZ#3nMFyvhRY8}Px@PMuWz-WXt2D-K zew;hJp?Sw7d_U_sn{SkecwfH;qGU6<;snQfLdgqd z0~K+sdKAGV>k&!UDFV1`&>48IY)W^08+$V4h`%FlK+x?!RTKnrHuWI2 znk=_-1=V)?x?C5O>=04TiZ&GVDGIc`|Dyr8OM#tT|D0sQALb`W&?Ty#2IVDHZ0zioN_QsVI&iPnBcUTg(h9m~ zSbxcEe>OGgQOTZ9_xJZ++w&;0^_UI6fJ6cL_D)m$1JuHx^MeEARq;WMo+3?c^Zb_m z`h4zuc)o;tnLxjyWaO24vj0i$WVGPJr0SztaXA&yI19YvpovzlPz-@Ls8&c&b-wBJVYE%qj~w(5zKWlweREIsn!Qwlymi+7=E_(w}r1%?!%|Qfg{!>=}*W zh_JBc#f{-%O>0#h9ZTk{dk1EMjPll>6^%4od8JLIq!88hdYs@{bO?WE}?6gg)Jw*b1S~&U?v9Kg@hc zi`gAbDsMR>C@(NV=$yVZ@ko8UI&bCyGuf=X*zi_)`9&1@0bM8QjT#{p(+rJ>Z&yu5 zHysDw7rJPgFb)zun(o^VEt%s)iSc}gtYjY-ed+lce~v<8ri+h519L(A4UfL3_o{$m z+!XzpKrf=oeyRnr$;CIT`!S>s_g|Xk7}UPG`JIRM4ruXaQYl~`AnYpKDuF1Wq?4%2Z9 z@%DV-6@tk-?Gn##@+<91t+Ejus&~*9B^H-Tqipw(kx5(# z@Z7@`5zTwpoYqAc?2wjIfZK}oT?U$;i6%_7sQDIr}JHfxx zZF3v15e|RMDIHA>4L#|e*(_DLnHqzh?UL+tABk(O7fZNwN$fH$x!_@KeC^#%pUL^Q z5dEm)J!h4VhbvRY9j2>=Bb%OL2U!qXV>NQ`Ph!=BQI6qmth~wErk`1_D@3V!rur^! zw=vBsCEQJXkyoQ*knJ%WkS0S;hP(t5SXbh8Z}4TpH$YwzriLbDr`INggm02bTKw8( z%Ix#UZ)A=IDU$9Hog#S!8Cn(w7|nZ1`VVTIxae-aqW`(?d##4vgc7WMvHq{UCC)82Um;xh^~WDS6K_(dQ~YDg>|Nv&|Nas>`PWzY zwb`5MR^qQy{&Tm)n|f<6cXm|!nN`z9llZd?oZ+s%-~VlR^-lXOL2_H3coXiuu=CJD zVRb^x3&U%6?@i*?$FRNTrRkZOExJd3eUQh(m>ZtULAkB%*Y`rUPQ==Y9mqsCxczZb z&#Nxb9#3!RiTU-G*?{A~0X6-sh2Q^cgQHm@y+Hl1-@E8oS5h_q_RsThzi1tP-MwGC zz|Z5)1CU!Jh(DCD)up@dtpC?VJ!|g0-iH;>C5+9>3t3kG+SOZXEQAG~mA}9K*RJ3H z!flY)`@^;Z*0)pJl3^yIE3(mR0QW9^?oWd-Gm*e`3g4z~z6w1P?qU9~;JYbDMum zV>jJtq~~>h;bx-L1^a$Ws8Pdt6FnGx?|k{B60y$Y#c7hjlYOm#*cNsB+gaw0_>Qr0 zQcnciTQB{CZ4Q?KSRCw+ujtVrOH|lc6Pr$obnG-6-x8`^`)&W7I}2HQat-E-D^Wr; zf)+M=C-&a>^I7wz!opNbzNj-v_v}kT&DHM`sU1mh*1WkfdC|1BY4E<;AG@R%<-d6s zp2ghQvxj$~H!81AR;-p{td#BikIyYFUp=(6w75^soj9c1C~o{c{FM{2B1P#U@-2E< zuea->$1YvuynCx&eX6rbKtuL*ctm(6OoE;?G+ev_!6Gf}m$XkVV_YX!K|Y_&owU9% z{IOrM4v~75WioNE#&UY~q$;#9B+xox(CA`#cSXxZ_&^Zz>&4ufwEEc6a);(*MVrdv$=UG>k@QHIch;~uG=4Q;6nDmUZGJkcR zF)O1hm({3usoBCom5i1Qs7*g#-m8(=vkzZ)=FMNncj6LvSg|8nshQ|Qz1WKIjkcD1 z_6c=FTr#a*YbVX9hiBaDUhUl{=jV*&eAl@XGKMsmuL%@rm+)CrQ zm*+ECWZ5iONl9hv)-p05;HWm*siE%OHR3mO>H76%U9SD)aZjn}lC+#VRh*nk3JMF0 zVI_0mll|N-Fq*BjOUzKu(M^GMB>D=Afm}GZGVG+D?IO#E`Zl~r8!o$=u1Yq*xs@Xz z70LCZdv7P%+ikkditU&PJhEn0ExXbSIi_bRPP@0Sn2w6dyq{Ua~rnSuJ!cQ zYj~X^=eQ7g<@Y^kO3Ig)Vl~Wc1;C>xN4vbGSmAuDoE&;8UD=6l(RMIttH#UVcGm!` zoC_FZQ&Y?J>=GgOxxTD4y?C@$J!^e#33S+mbj}nGH(Rl&7V(;P3XP6+T(h*Y>Sgfq z_;@i#p@^3YjYj8oI*gP(yfm)KUH?Pt+?DTbrxRIk<~`pc#0Bg@DU;ca%{ls5+`9E5 zN&3x&JMeT4q&qq)nihJId5gsB@M2cO@d%TC2Px8J+d9G@QkvGV5L z0kX5|q6PNo%oOGJEspkk&yx5Id@IkVWnkYww8-{QJ>(g&R%w#Ip69N6V4UNj_3%!ke2#ydj43^W4iQy_F6s%(pJIQx*T{n-y{5XK!3kFzkooN?RX8bL7;}35EdN#W_lV`Tv8H!tK3C_HeT$_ zS>vcEuD+<}SKT|@&~lUuFZw^q_dE4Fc60<3cbHsX6<2TA)lA$|sPWhsRoqf>-npb; zCR+p7#SkjAMlsd4s|hpEjntNP!~RAOv${k2M@#h^9>(C?SK6-?4OMIuZ}?S>w^_Jd zVh?Xgis_^#Oww&8) zs3^t|AMeG!bY6X0T`oTJ(iIkq-^s~Vnw}XwL`kmDXTws$WqgUx!A;!3`|IcDyFL0d z##9|^HS3<(d{;`TwS;93Y|Y6dvG0bO#W5K~1+BL>>~!=H3n53BH7AK2u$1p0MmCx) zu#C9vCwGW#w5AGtycKZLs<5ukh!IwkEXKC=t3l&(rB^r3Dis+;G)^d%kv{2^T%Ry5 z(JLZJTQICvqhfTj>x5qrT!kW7ucz`kuCvdqt1}m_&!BCtOc2voF%}uE8_l@4Rm2QOVozs@%n;aB z#II~vhqDIZl{tOuQ3fTEq|ZYMo8|7+Fk^%s@s z+~Uq>n9oqK|Io8fdegBZe7sOE78|J9nXidEy>Q0ydn;ZPHTq5PLfmlFc)eal+C^6P zBs@mH4daT5pEk82(BxG#er5~)WPClg9^^2++q!`E-y7i|k7!fZJ;ptwdv84H$#T8QO6 zBrQOe7QQsc9T5>8ublJ}a>Gs1&bz_hugV4n%D+ zWU>z(T941xs#X0Mh@F>@^SN0W2EzsG^cop8{OUCsnHTc9e0FVv13gP*t0@8Ty%Jbm=W_kY?`No|9Z7pC-<()g43og=_vN0qg?adpdF12-h)IOH6cuto808b^grzF>oC1{@17IcjW1O<;1aE#)8rbPH^v6i-MlL5 zefUOFf;aiGggCFw!rZNnGhF(mN-wYrs&#oSYyGP)2+Iu)yBiSGOUN8_CLfC~z&A~& z^;OyWL2{5*-D--mK=b zspkcMlTDxNZbf6CSA**MS@-GC1op17aeZ6GnSL(To7FPo$+$F|yAUkQ!WRnj9QDvh zY+L5pF|73(AKH%-o>SI%)pARg{SL!5tv;pEM4Snh~ z48&T~;ytT}*y8tOG_(llky72qAKbz54HRd~sOMHVD&?mI5RQKzDS4}O(T=fm%+$7z zwR~eX>Fr7PnDYq+w{ZYZ{hQTDbBIF z>Nmz}y{*__OnvcMb-_nR_715srf6eOXQ5N8ZuL%Gn@+!H=A#)I%bq=bJ6{ZRr=%zQ zlnk%?8J07-5~fIaCXIf*&L{imgtoj_3!gbL2FtKjXdcMuxo|Rl@vY2)*nJENITJ#8 zG^UeS^UTCft8URdIl=mKb2!Bo(U!z03j^xKYxlve;#|h*P5Om1FM5McPF^?jFSb#S z(b*E~zMHnj;K?Zq;UI3}>4iS`d2;H!PSoyF#k4DdKd;8{c|TkJGbe>-8_rK7>}E_k z$6qr3-jk5=_N{TBhko+HaH))ZK(K(A(oMf3-TgVtCDj6_MU3~K&_X5%lOA3^ORcE- zHnLn;#4oY457Nw=w6s@CD<~)oRXr@!>i`2I-QnK8{)~(a_VdR&3{8G747^!qWe^n= zbqVu^OHx|IDD+UxI7e4IT~Wkbry9_85Lm-z#^trOrV%-_^)Tvy0|aPy;J4Ha)wBUZ zH7wi<*Zdo@$KRV1QMNuVk@i@ zY>;YCKb4->w>-44?uhMQOq|9D&zp>TkkAF?vW=FPdLg?IC9&vf2?q74nZaYNH>K@k z;wMl_+IjufcQGve;f!$Z!ubr>aVm{27ga(fE<8NrJH}5oaJR62C62M9USlj}vUpf; zSBbRZYq~&kTqR&{z1H@nd!STub@qKlLfJYNW~nWb4^f+c-ld)9t|{uAHAHE8J-mIz zGMUx$#;x72ymvxlWq)6AbzEdip#t}5DhcC#nf2ypf*_2I2N4B^YGv&Z>Z0#jZD??(~@WTKUgpbCHFOV*5` zzz@vCESTuIzr`heQ*%GmEtgxaA+up)PkFyLhm;?^vG8s;5N#*TL{5!r*t?(nLLk=0 zcH^om49GCxk&oscDp8nNvPm&kvT8l{Y6wf!5Yl+Ir8zt~cXAV^8CDrlxbCw^I9e*M zulgp$hYjtpZ$#GKBvIv^DBigWwTMSf$qFNOUbAz~xK(+<9TPvw)M#;OtG!-d{MvPRd_GJFA8)BI#cl$L>aE;?Vbv$vdD)fm zh2;J@7}O|1x5+uNepC438Pn-*Pt{XVS!mv_Z*K42#^lvjq^#eA`MVs4q9Bkz%l^2x zFFQjbCxb6eoGiA-TwPsVy8W|>Vy%{%Bk`Q_UCl(8O@{~TKHO@Y>1+xjhTh1=t(S@h zUp4DG%YKJ+F2{K%@$&Eop?EL$9}&+QSsQy}zXY~l!q258sG~2t?I?K>Ltt`Lg}D^2 z(wQFB!?mOZ2S8-IkM3;xO<#%u{u~1*4;T8@LJYb97bYOqi5B^yvPgAC@Ulgv6wY*d z=i|ZwvZ_z3`_3T9fn$-T&HKiWoQt29rQ^)f3lDVHZck_t=r4CT&|l~22oO}%*LoFw z^xh!(GBQmjWhly&h@^cJ^9}p9T3N8G>2q2?YADu_F*dkS;xSFx{ryih>l`}nm$<-n zhavw8Qj89!fz!OsA#wXV4&9y=UH5sFF~*4!tzL7K??fpOaE_O{j1N4&c)I9y=#T~^ zDHHUL%k=Lau4KxszR7%LwJ+Q*!7og?lkV~{rNM6EO_44BVYab787CSUAm#05%9g8e zdv3Vn;nJcV8ergz4~IN5YPe=0=jW~VnW@1&@o zkgQtd({wxA;qxJVw7uf8sfoWM?saTx03MWY=IJ>K6F%8fJ;D1a1{3X#red7#-hEqO zSRUx2=lhXBn`VdMxo_<9Tuq(Rx3xpk=>lION9_4V$M6ozY}L08ZO3z&pIG{7euC!5 zgYV@MYt;K%b4$tlV-wJ2J721%Z{aM1A6xz$ke{}MKfZAF)Hd9-nZIq>pH12P89^X& zm&?18^8&Z_%-!SAm(_@W2scekO^2yR`_I-8Zq?XNU21nVQykz~fvjXRtTRam1dKzfv*AfDT%SM13Nd3>{AC{s@Fn!2|$i$wDYj) z-VXL}OzzuP`mosHMa+iYhF7Ypsw#RHvoYK_MME%vdKHJvOBD$4O%5baV#Ew?Pu#Px z$fP)OI&ps9>Lr7KqSx+*R~`+AzKW4i@}U`;ilpt2n`=Ev#i;h7#|nFJ*{bl~l(%ow z*Pf^l+MDdS_{b*>t!Zz~nWAE(i1|mz6qiNz9GGb9W6tf#4cf_8K5;Xx7fIv?owHMK zRE7uSr@eV`_0<_}mcS3jlJ=;}asUHO8dzcTqYuSdn5zY4kGzw#Wz5JR>LJ(qfx-hb zDjQ8YYx+m3C$7!ADEKnz(q8L2e+F`UocJWWJ5drQRZY#FIw6DpB6HdT7mBypoHrq{ zQne>uW=&b|TaG^DPL>C^@V0jsmVJyEe?*a^3Kp2qYhSMciXoWlU3@!N&T$B&^()|sllt($s#|I|&>yGyW2@2B4w zrn|->3zZegqq&7?A*02{u^c@pPQwM6iCA+0mVrx?WIOoBb@;LuldP8E$R+Mt91AUY;*xAkTAI4nQHS zm`yE-ic!e%vay>i$FbI#)wwaRDr|8LfJ8Vv{$}d2;?x1ha09iX+YZd}Sz#O+<}2TN z3R%zlUmwj#v6X%bJDuR|Fx~Gg`+2}}IJLC+QI#j*g~8A;mu{Ja`}%x0AedG>ha0ox z<@D_`u`a$RSi-e{xXS&8eW{bjea$5XcYxt~SuA2K#s z4sgb8^b>h{Q{4SICa-z_K$|6k0&E;dN*00Ka!|E(-o(pgfuB*#L$kabJJ1??$6s#k zJ$YI})4=u)8z5Z6b%v*AR1cz}kdY3Pg|7Hn6s)+JnX~Lk3j3ez2M~5VepOhT)W$4> z6cM47ICSR9(I4bTMJ9;Lw8&TT5;tPjkbU@kY`owWqzB4lKSXFwo&p4~vV?tHGna-Z z=Ptza4S~$~OB~uQ1DcxRRmZRFH-q6ZN}GK_rYc;k(einUp5dJ7bBhyXw7Ht`-sE;D zK(ov@m6%i#Jjt)FW!gq%A>r#O$398Ap7idAgrkPKv^TsW2k(k+YCsBVjMcg}v1$mt> z#G+=r(DCmO8d79@j62$2+!!6r7v9M~GGSkqI04gapQVJ(lChwAtzg0CoRdjQ;U|a* zuOEmzeouf0b=Kg|^+w;&JVffyhH$dzjH!Dq!-`v z@PR_ppl`R69?ZoAQ(q~Y>mRmJg&Qc!l}>Z47>)PKU07+D$tZg(Xh=~6E$2-$tK|(i z3QGF7VAG=Ksob4ZR+wMUaCVBO$n<4tbmNq9i9=OeCs!~$0a>A;q3^W5cZBw-s}I+& z02H1bU@=bT_T)QrJOcr3+VL!sFH>t*{7!2ynG}}Y-OizKg zVo(6$ts&LEow$O)m5st*d$bL*UOb{xq2UxJRcub9e$U>`OEnM}r#Xq;8rovn5!*A- z|Hj7xwdMwpGp;ACRMg8E$~kuoE)rr{Ml%xMNr1>kCRk)He>F@=t>~!`fWc(&PCtpH z`GO5f^|^V3^WF{}i?<2xlR>s-U5S#vt15*9x(x>MYdKX_@65GgVqzAU6Hm?b?2W=~ z{Y;H%=BHoA0CM+@*p0iV?#>0^xoK*l)UzqSBy4`A14oLdk^!u;cK!JyM`iZ5qk#W*L2cRA)m za65By{P)-WOWsoi1qhzXuj+6LRdro% z-uaaAB_phwem+&lW21$%jam25&><|Ju&zkCPqE@GUYx{Y^kHLPUTBF$@B>rjZw z6&17-HGAr>7rJZtN-xi2PquoiA!u8}C64!3;BnA1uzY_RWB5Q`l}g$kmP91^>}$64 zUdRg4SHl*`n<#EZRkz`GWlF?s517}hjsrTqE|Ic_EKx%0kL> zTx%|DZsXwieTy#bs}7|&qp-!k+%HnXeumWuG6QezwR|tQ6^-jl%W--EvYF15fhMnn zj>R4?2Vh2zykJgXTk`@vZoczl)}j{X!siKl0NV*nn4l~#ZF