From 2192548bc88df4cc47b3735400ab586b52a4c021 Mon Sep 17 00:00:00 2001
From: Adrian Serrano <adrisr83@gmail.com>
Date: Thu, 19 Mar 2020 21:35:31 +0100
Subject: [PATCH] [SIEM] Office 365 module (#16386)

This includes a new fileset, o365.audit, that uses the o365audit input
to ingest logs using the Office 365 Management API.

(cherry picked from commit 1cc1d3379c2e93eb46a62354303a612926f114ef)
---
 CHANGELOG.next.asciidoc                       |     1 +
 filebeat/docs/fields.asciidoc                 |   659 +
 filebeat/docs/filebeat-options.asciidoc       |     3 +
 filebeat/docs/images/filebeat-o365-audit.png  |   Bin 0 -> 432036 bytes
 .../filebeat-o365-azure-permissions.png       |   Bin 0 -> 301548 bytes
 filebeat/docs/modules/o365.asciidoc           |   226 +
 filebeat/docs/modules_list.asciidoc           |     2 +
 .../docs/inputs/input-o365audit.asciidoc      |    10 +-
 x-pack/filebeat/filebeat.reference.yml        |    47 +
 x-pack/filebeat/include/list.go               |     1 +
 x-pack/filebeat/input/o365audit/config.go     |    26 +
 x-pack/filebeat/module/o365/_meta/config.yml  |    45 +
 .../filebeat/module/o365/_meta/docs.asciidoc  |   213 +
 x-pack/filebeat/module/o365/_meta/fields.yml  |     5 +
 .../7/dashboard/Filebeat-O365-Audit.json      |  1051 ++
 .../module/o365/audit/_meta/fields.yml        |   294 +
 .../module/o365/audit/config/input.yml        |    62 +
 .../module/o365/audit/config/pipeline.js      |   852 +
 .../module/o365/audit/ingest/pipeline.yml     |    33 +
 .../filebeat/module/o365/audit/manifest.yml   |    21 +
 .../o365/audit/test/01-exchange-admin.log     |   100 +
 .../test/01-exchange-admin.log-expected.json  |  5010 +++++
 .../o365/audit/test/02-exchange-item.log      |     9 +
 .../test/02-exchange-item.log-expected.json   |   533 +
 .../module/o365/audit/test/04-sharepoint.log  |     4 +
 .../test/04-sharepoint.log-expected.json      |   258 +
 .../o365/audit/test/06-sharepointfileop.log   |    11 +
 .../06-sharepointfileop.log-expected.json     |   796 +
 .../module/o365/audit/test/08-azuread.log     |   100 +
 .../audit/test/08-azuread.log-expected.json   | 15239 ++++++++++++++++
 .../o365/audit/test/11-dlp-sharepoint.log     |     7 +
 .../test/11-dlp-sharepoint.log-expected.json  |   626 +
 .../o365/audit/test/13-dlp-exchange.log       |     6 +
 .../test/13-dlp-exchange.log-expected.json    |   780 +
 .../o365/audit/test/14-sp-sharing-op.log      |    10 +
 .../test/14-sp-sharing-op.log-expected.json   |   586 +
 .../o365/audit/test/15-azuread-sts-logon.log  |    69 +
 .../15-azuread-sts-logon.log-expected.json    |  6350 +++++++
 .../module/o365/audit/test/22-yammer.log      |     2 +
 .../audit/test/22-yammer.log-expected.json    |   109 +
 .../module/o365/audit/test/25-ms-teams.log    |     4 +
 .../audit/test/25-ms-teams.log-expected.json  |   169 +
 .../o365/audit/test/40-sec-comp-alerts.log    |     3 +
 .../test/40-sec-comp-alerts.log-expected.json |   165 +
 .../o365/audit/test/52-data-insights-api.log  |     9 +
 .../52-data-insights-api.log-expected.json    |   281 +
 x-pack/filebeat/module/o365/fields.go         |    23 +
 x-pack/filebeat/module/o365/module.yml        |     3 +
 x-pack/filebeat/modules.d/o365.yml.disabled   |    48 +
 49 files changed, 34858 insertions(+), 3 deletions(-)
 create mode 100644 filebeat/docs/images/filebeat-o365-audit.png
 create mode 100644 filebeat/docs/images/filebeat-o365-azure-permissions.png
 create mode 100644 filebeat/docs/modules/o365.asciidoc
 create mode 100644 x-pack/filebeat/module/o365/_meta/config.yml
 create mode 100644 x-pack/filebeat/module/o365/_meta/docs.asciidoc
 create mode 100644 x-pack/filebeat/module/o365/_meta/fields.yml
 create mode 100644 x-pack/filebeat/module/o365/_meta/kibana/7/dashboard/Filebeat-O365-Audit.json
 create mode 100644 x-pack/filebeat/module/o365/audit/_meta/fields.yml
 create mode 100644 x-pack/filebeat/module/o365/audit/config/input.yml
 create mode 100644 x-pack/filebeat/module/o365/audit/config/pipeline.js
 create mode 100644 x-pack/filebeat/module/o365/audit/ingest/pipeline.yml
 create mode 100644 x-pack/filebeat/module/o365/audit/manifest.yml
 create mode 100644 x-pack/filebeat/module/o365/audit/test/01-exchange-admin.log
 create mode 100644 x-pack/filebeat/module/o365/audit/test/01-exchange-admin.log-expected.json
 create mode 100644 x-pack/filebeat/module/o365/audit/test/02-exchange-item.log
 create mode 100644 x-pack/filebeat/module/o365/audit/test/02-exchange-item.log-expected.json
 create mode 100644 x-pack/filebeat/module/o365/audit/test/04-sharepoint.log
 create mode 100644 x-pack/filebeat/module/o365/audit/test/04-sharepoint.log-expected.json
 create mode 100644 x-pack/filebeat/module/o365/audit/test/06-sharepointfileop.log
 create mode 100644 x-pack/filebeat/module/o365/audit/test/06-sharepointfileop.log-expected.json
 create mode 100644 x-pack/filebeat/module/o365/audit/test/08-azuread.log
 create mode 100644 x-pack/filebeat/module/o365/audit/test/08-azuread.log-expected.json
 create mode 100644 x-pack/filebeat/module/o365/audit/test/11-dlp-sharepoint.log
 create mode 100644 x-pack/filebeat/module/o365/audit/test/11-dlp-sharepoint.log-expected.json
 create mode 100644 x-pack/filebeat/module/o365/audit/test/13-dlp-exchange.log
 create mode 100644 x-pack/filebeat/module/o365/audit/test/13-dlp-exchange.log-expected.json
 create mode 100644 x-pack/filebeat/module/o365/audit/test/14-sp-sharing-op.log
 create mode 100644 x-pack/filebeat/module/o365/audit/test/14-sp-sharing-op.log-expected.json
 create mode 100644 x-pack/filebeat/module/o365/audit/test/15-azuread-sts-logon.log
 create mode 100644 x-pack/filebeat/module/o365/audit/test/15-azuread-sts-logon.log-expected.json
 create mode 100644 x-pack/filebeat/module/o365/audit/test/22-yammer.log
 create mode 100644 x-pack/filebeat/module/o365/audit/test/22-yammer.log-expected.json
 create mode 100644 x-pack/filebeat/module/o365/audit/test/25-ms-teams.log
 create mode 100644 x-pack/filebeat/module/o365/audit/test/25-ms-teams.log-expected.json
 create mode 100644 x-pack/filebeat/module/o365/audit/test/40-sec-comp-alerts.log
 create mode 100644 x-pack/filebeat/module/o365/audit/test/40-sec-comp-alerts.log-expected.json
 create mode 100644 x-pack/filebeat/module/o365/audit/test/52-data-insights-api.log
 create mode 100644 x-pack/filebeat/module/o365/audit/test/52-data-insights-api.log-expected.json
 create mode 100644 x-pack/filebeat/module/o365/fields.go
 create mode 100644 x-pack/filebeat/module/o365/module.yml
 create mode 100644 x-pack/filebeat/modules.d/o365.yml.disabled

diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index c0549a7c010..250765f3f1f 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -268,6 +268,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Add pattern for Cisco ASA / FTD Message 734001 {issue}16212[16212] {pull}16612[16612]
 - Add `o365audit` input type for consuming events from Office 365 Management Activity API. {issue}16196[16196] {pull}16244[16244]
 - Add custom string mapping to CEF module to support Check Point devices. {issue}16041[16041] {pull}16907[16907]
+- Added new module `o365` for ingesting Office 365 management activity API events. {issue}16196[16196] {pull}16386[16386]
 
 *Heartbeat*
 
diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc
index f606dbb84bd..8d1be818e9f 100644
--- a/filebeat/docs/fields.asciidoc
+++ b/filebeat/docs/fields.asciidoc
@@ -48,6 +48,7 @@ grouped in the following categories:
 * <<exported-fields-netflow>>
 * <<exported-fields-netflow-module>>
 * <<exported-fields-nginx>>
+* <<exported-fields-o365>>
 * <<exported-fields-osquery>>
 * <<exported-fields-panw>>
 * <<exported-fields-postgresql>>
@@ -22088,6 +22089,664 @@ alias to: source.geo.region_iso_code
 
 --
 
+[[exported-fields-o365]]
+== Office 365 fields
+
+Module for handling logs from Office 365.
+
+
+
+[float]
+=== o365.audit
+
+Fields from Office 365 Management API audit logs.
+
+
+
+*`o365.audit.Actor`*::
++
+--
+type: array
+
+--
+
+*`o365.audit.ActorContextId`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.ActorIpAddress`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.ActorUserId`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.ActorYammerUserId`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.AlertEntityId`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.AlertId`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.AlertLinks`*::
++
+--
+type: array
+
+--
+
+*`o365.audit.AlertType`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.AppId`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.ApplicationDisplayName`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.ApplicationId`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.AzureActiveDirectoryEventType`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.ExchangeMetaData.*`*::
++
+--
+type: object
+
+--
+
+*`o365.audit.Category`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.ClientAppId`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.ClientInfoString`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.ClientIP`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.ClientIPAddress`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.Comments`*::
++
+--
+type: text
+
+--
+
+*`o365.audit.CorrelationId`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.CreationTime`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.CustomUniqueId`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.Data`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.DataType`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.EntityType`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.EventData`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.EventSource`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.ExceptionInfo.*`*::
++
+--
+type: object
+
+--
+
+*`o365.audit.ExtendedProperties.*`*::
++
+--
+type: object
+
+--
+
+*`o365.audit.ExternalAccess`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.GroupName`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.Id`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.ImplicitShare`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.IncidentId`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.InternalLogonType`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.InterSystemsId`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.IntraSystemId`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.Item.*`*::
++
+--
+type: object
+
+--
+
+*`o365.audit.Item.*.*`*::
++
+--
+type: object
+
+--
+
+*`o365.audit.ItemName`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.ItemType`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.ListId`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.ListItemUniqueId`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.LogonError`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.LogonType`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.LogonUserSid`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.MailboxGuid`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.MailboxOwnerMasterAccountSid`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.MailboxOwnerSid`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.MailboxOwnerUPN`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.Members`*::
++
+--
+type: array
+
+--
+
+*`o365.audit.Members.*`*::
++
+--
+type: object
+
+--
+
+*`o365.audit.ModifiedProperties.*.*`*::
++
+--
+type: object
+
+--
+
+*`o365.audit.Name`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.ObjectId`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.Operation`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.OrganizationId`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.OrganizationName`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.OriginatingServer`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.Parameters.*`*::
++
+--
+type: object
+
+--
+
+*`o365.audit.PolicyDetails`*::
++
+--
+type: array
+
+--
+
+*`o365.audit.PolicyId`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.RecordType`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.ResultStatus`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.SensitiveInfoDetectionIsIncluded`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.SharePointMetaData.*`*::
++
+--
+type: object
+
+--
+
+*`o365.audit.SessionId`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.Severity`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.Site`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.SiteUrl`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.Source`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.SourceFileExtension`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.SourceFileName`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.SourceRelativeUrl`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.Status`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.SupportTicketId`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.Target`*::
++
+--
+type: array
+
+--
+
+*`o365.audit.TargetContextId`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.TargetUserOrGroupName`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.TargetUserOrGroupType`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.TeamName`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.TeamGuid`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.UniqueSharingId`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.UserAgent`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.UserId`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.UserKey`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.UserType`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.Version`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.WebId`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.Workload`*::
++
+--
+type: keyword
+
+--
+
+*`o365.audit.YammerNetworkId`*::
++
+--
+type: keyword
+
+--
+
 [[exported-fields-osquery]]
 == Osquery fields
 
diff --git a/filebeat/docs/filebeat-options.asciidoc b/filebeat/docs/filebeat-options.asciidoc
index 3cfeab3962a..efeb936cd20 100644
--- a/filebeat/docs/filebeat-options.asciidoc
+++ b/filebeat/docs/filebeat-options.asciidoc
@@ -57,6 +57,7 @@ You can configure {beatname_uc} to use the following inputs:
 * <<{beatname_lc}-input-google-pubsub>>
 * <<{beatname_lc}-input-azure-eventhub>>
 * <<{beatname_lc}-input-cloudfoundry>>
+* <<{beatname_lc}-input-o365audit>>
 
 
 include::multiline.asciidoc[]
@@ -90,3 +91,5 @@ include::../../x-pack/filebeat/docs/inputs/input-google-pubsub.asciidoc[]
 include::../../x-pack/filebeat/docs/inputs/input-azure-eventhub.asciidoc[]
 
 include::../../x-pack/filebeat/docs/inputs/input-cloudfoundry.asciidoc[]
+
+include::../../x-pack/filebeat/docs/inputs/input-o365audit.asciidoc[]
diff --git a/filebeat/docs/images/filebeat-o365-audit.png b/filebeat/docs/images/filebeat-o365-audit.png
new file mode 100644
index 0000000000000000000000000000000000000000..a2413e7b909bc7d98052b6cdd6b21022e8db12a5
GIT binary patch
literal 432036
zcmeFZXHZnz)-K$FKuZS6k`yIKmYfk3HXvDYPLgxZARtIm0YN2+2uRL3H%ZB$<j~{{
z-AJYhclJ5&IcM*E?stEFRk!L^S!%CdYpyxR9OD_!2(w?SsmK%H(%?cM5CVlio@hWI
zIN=ZoRwxu3T=9!$<$*vLAqr0(Kle%7Y4%l1vduuGYSw0}!X@X_=W4S>Ri354E)e5&
zcOFU;sbx8Tp{n8@R>(%l$=RD@tD|VIuEhJ4gmPATR!ylh5PlN)I3bYy`IE<LYSL;+
zMuJm`h711Jf50h?-6Eeq+d{oQebUz`jyP~4ONR#py}=JBmVw^=%U`eVSG4az{(24E
z^41#@)9ml}LaD#-5HtVfarCWsasMy6wKoJ~F}EBC+aU)2K)TR-{A^M=KNr)&{Snev
zA73)MS(H&qHKu(s4L`|FbROmVU-F82fGt4mbahPDusxIJ$>pV4u-WFEaF0<bHiYAh
z*^=!YCf^zJ71us?P$F5o+K0bC|GS;XCltAoz2P^tP;}rDRqD1!)3FeW-5z++*m>vl
z;ria^wA=r+8;4dd7>l<eKM!$wkBbQR_aGSYDdcd2Gbs3M)}Q`uL!oz@sgtC2Q=YFB
zT`?i_-glq^$o!AyZo=5!ow6Qpi6Nw1CF2I@Y;3n_cbxt<J$#Y0^hhmjEenHF`e!IV
ziWS@k;7@L#1l|nn<a0&Abbb$pq12E+BD8F67SsBO4uWa6L~EQhkzGCK$4E<CajP&)
z$kY>wZ8__{=l-n7{b*Wwf0{wU%df0a_OJ8Aad|;cLD6!jL(XS$A#0hH;~_-~B?b91
z_&=2(4E;XgU7wKcbzcM!H~igBQBVvIv0#G7HkZ@4Wmj1`B2R}$#>ra3Idk)~u_{k|
zBUZ20*2ozz_aaG>nBl$B^S4oQU%Wj%mlYHQ8XAk8S#($z*Ca_b17F-_79>$t9#E6-
z`dHo4asvzNDN+mTa~YBv!g%S0JvzFZYN2n_SatZ`Xog78)AK0mwQ}d{#PzqAJe1gB
z?Ut$Wgak`ViLN`H)GKRiAB$9*J!e)#ySwfLTklMHQ-K#eUR=9@P~dYo&TDES-TEeM
zX}wN(u>z^8^_He1k4#w4frR|w$w6_7^QF1DqvR4L$(~>9v^<c?oOh_)X3E3(P?R1E
zD>)N|qes+bFFFZ5`9AAecI>33Gx0~w?$(w}(3NJIurJ~MEw*pP#eDuv)?E+k{C1fK
zGaAEZXT?1{J)08`?)}+H&7&)Sm*q=V^2~PhZLu!&7TDpRAYoOd)*`DP+S*W=@85@&
zcB_)e^UZAQEax$@vs<@a20Mqk7^vO<?0toU#1D@<<s=L(4JKaW#C-++3AhaVjH?^A
z{cc~ywzaYGPRrHfs91%Hx`FOu|8kF`7kRYKpHI0B-XJC9cc*LWwZbS@j|6KI*^_k1
zs~%sRjVuSmaNBe@;|Tj-Jpu|gXjF#*p%Uo6W6{JsJ;su?dz)owsyZ;(#u?F;VD-3;
zghb%8S3<(i&n^dV)2{ocf`)DQmjp%X-zb-iY%LIM?7fFI*1zGOl3QH6D>9y9!7@V*
z<u;(_z&^$9XbVP=Nw9|+W_4bL^*|s&cqxxd)V_RO!GfSS<3Zm`4(!h4jQ8pmP46<V
zJ=!iYLted-`%bPH?nGEyH{i{u#XR9rChWO}0p{uE#*kW6dF<5H$s9dHPDb`I&?(%T
zkOzC!e%$HN)LJTHJu4^Ys5y=O&jx()%T<n^IToLyS2l0HA+AeF$D%Hh@|C}j+5YI*
zAI+Wy983}p;gm3#w^-H*CZctsjty-9LQEDr^Xo4x@n6LuUxI6xqJlha(x*shu;Gc}
z>lu?G`Na>8Hm7#2Q#^HD2-4vaIv4AKeHDzw0eePNq^kcR6}DaoZbkSug9jsR%|Y3z
zyOkD!OviEigcNlDM=j3ml^S7qp<Sx_jExvo1sT+Nwu->Yik!4spANFj`bQ`cC$W>A
z(<>miPt~dCb8<R5l(Vz)GK*`Wks@!@;KNbmh2t_MYWMCvq6y*kIY!dr5DmG09}12h
z9o0EqL;0G!5JJ+^^?@Wg4CrHj|5hA{R@_9HsWKLg*xbKS-JD%fJR(FqzUlET-<Pw*
zr1nZ4+{!Q5!rR#DA~jJ0e+lfw=feTCM<p#3Hh_sMM8vC050&L57CdpfmF4g2n?r@2
zDeg%h5i#Vl>vvx+ZXe9`iG~{ugz<rZ(M19*F)xCZGce+P;RM+5rQvsph@-Syf7+Op
zyk6;pGPEt+F{7mxAM2qy^@~e=ne@x!xwckzMF9<4{w9*fnl?gg%sSaJvwg4CFpCUD
zUoq&F3~<Xp9H(AJ<g*1PCVsfG+`(lJ^t2we(6FxfE4Z3S*@Ecv*^K5!iSr#7c~11E
zyj^|!!}9Gw>aCBh+?KbSVx|1?!#MU|Dcyu&6izsX!Iy~l*Q0yw940Gpf?{NOf?c74
z5xXg|cKvnN#G&m5=nF4}9OSz%BO!hmi<;{tcYQj%fK9e{7o(70Kj#Ue(3WR8#!M^e
zN`jYM(y>H-$Mv-H=?~W7+%*aZxI6w;-?+toblha{3df;ev(e@D-rlR=1wX^OFLI{C
z6yGq$8HGwA*kLzNgqiJM+6a&a6%=`cCf=;XTn_^Yl=J4-ypk~%n^Ex}<|Ge-1iRxi
zqx(@)kY|{Sxw$VcsA}+*n*)&(t;#*|MyM{0KAD+DFNRKFyGWoICR&h3e3f4VgSB63
zJ-)+Z7c2B4K#Y<^DEq<o@=_wN^Od=ePkh+PSL&$eJs1#0C6mRz^29FnI*T4v0k$so
zw@GQ(@8KHYo(|a4KG*d@i60`gqHY=$94G4Zz$#(22rS5x*;ur$j@b)!ITjS!yKH<{
zu$1CY_6RyFz;}xvjeMg|w6Sw5Jp0RXTo1gQ2wb|l!G3@H4ZT=g`EuTu;$|a53gEu@
zTGH9C4Au3}YSZ4~P8*OrB==QRn-qHD#N^>#M<xAc|5Fr_4)yHZa#PRucNH-h=wOYT
zA_bs<*;#M((m{p$#El=U>p!iz%zsxQ7SFnF7U52Zu&CnQIJ^nFBhyiK)<Z|NEI{(G
zHK)#9NOM*P8V-c8j}{#OE{pA&xs9EjGnk6Ew@`eha7=0I$1s3RB(xPjzIxQ>tm8r`
zxb)*!*(c10S~`GmS%MZB!G5d_n8cbfH4&Ftk{|DgIq(tJ96H@-Yar+*mK5YtuMn5I
zW&@IHNzKQApf?N5`h-E8taikPf3gt){bE7NQKR~2|J><|&rgJh2agMjjK>V2y7*Lx
zF*Q2+5W5TFf*f|uizW4vW8^sGHr;&KzkgIac`ed%1=Vd(G`w!df+c8t3#JakGbxdt
z=zDd;dz1#jPuvoeYdw`~x?Hhf#YGN<|M>nAc#%(^42GxjyI$sOqn!z+{E*r8A|LXI
zNXF&^Z(Bh@5P``xV-fyTbc{}RnVlmQa5`#6nk?8b;BBC{=3b*8xLP7U#VMhDQ|-EK
z?3%jk|K_g4y4mSDj@f$4Z3rY?<;{aa!N=rf*eIgR_T%QBg>8oLBZJu6{xe%92+5ny
zlkrR}Tr!1YW=f}zmw8VPX@5>geJ_#L%@bNscpV7GcjYIJf2|x2fF(c%7h=me3#R*(
z4GsY1p6QQ=&oYiBfK)FixDu;4Z`R;lV0I0wLm?3)2~K-VT}TZ8J3D86kdW|BGTyI-
z0O5Rscpu|;8&8bi6~0df_P``QJvJ`2CM&;wYK1mjP+YtRtwZK)*k+c_CK;`)U1`2C
zj5@4cWkLZcV*rm&p7vM(r$L3-4I{`hOCYKF_)+gIdlH~8rf6N0u*LS;6J@;h@CFKF
z@nhv>=STz0bN4bQa)H?5Y+-(Vn=eohU^oV3dV0E3Jy)v#i1K<)jCgOZ`+Xsad0mUB
z59Tj*SLVQq<D!7e0opnu1_B5xdm%Bx*5!|Hr<{34{)8A1;H&QiRkC@w3(rQr=`JHN
zwy}4n#5AjyxplIbz29LNyuV%}xSZk!bd5A65Dep^`sqf!%<G7l<e1A_b5#Uj-Sder
z7=ip)XT^Dd=d&}Oz$m*iyz$ns6!D_qb9}Vy<Hzq-^!AL_>RUt004yv?Y%3`b*zce9
z4hRH2HfyRSdW5hR%Ly0$6Pkw;_fXl;3yxV+;Ksy;kzpp6kYbv+fBl-v1auT4ZKlqf
zdyXH#WoC^9!!TQHToiDM_E8BbFa6n)VMS^hJRFJ)W|d=H4k+4{!~X7%7rtEj__*(y
zyyEq;;X~q*q5?Ge8AV8jw3|w6Y#Akq2eXyHn|2`=$wgR@`}g5!QWTv*-8Zpy<aa-J
zHdO8>+pF@&+y1>H-7GmBz~z?q##+6LkQPQLysH~nT&4t?c(YiWr6w~~hq2^MtOD8|
z6pfoIrlhinWJ2&E&YwOl0%fhFWa_l?=3|(qg9-_He=aH*S@Q}x5($qW9vTR|-*WYW
z5V9Rw#uKf@T8Iw;+*=xOo2)E#hnWudG^!W4eaW0e$qw8}IeUA1-QRfU(Hskc6h_=4
zq!VG=%LI%T?8b~Y4W^gBqMUya?~Q*bZdFYUA@H}ASq=zB<VN|=B{u-Sy!dJ2yZ+^d
zRgvq${QOj<%{&+rU<!c6M&H;5G%0~(tp>yFE*ZI8B<_Lm3B8CTJ28bEKi+D1V?)CN
zLmAAR5r5L;(X?S3+sy+4g1B!51?@jH*VPR#XhX{Rs{wYe*upU(6x>Ff_3K?-L#~&v
zXp{#Amg?`UD+|W+x4P^XtccvkSe$p?89X-&)h+l^QbO+*;TmKVT6Ne6tYETX;FN*U
zVCX%P_VDV><nQ<0kCy7|eIb6mQ8T#Vs1^g5#3QPPPPG|&fRG$PSu)U^bOCR^zv$46
zFrONoAgpg^L;ptB^Q!tlR7@qN*=Otc1wh#Ejg?dFnFYl!5{VMGlplrH&CP!4nbbZG
zXiFF90V<<;?=EUcN|yQBI|Vm9^L>({%=CDTmtjm)*En5d*&|DK0AM`M?|4mr*@*Hw
ztMh=5Wv<(jPr7oYvo~)J-|jY!*|>EU!6Uet>>58FXK*4zUMA;uk+9AkcNe*wH|dT{
z`Whf$ik}{M8RjDKX#T}@xa4f?9vexj7fKQhjs_E^qq!2HE_zx_G^t_^PB^-R;ms@q
zZLfxTMwsMPZ<NtP@v?c=2Tbs<L&%Xtx}mLCj-o5L%d>ehGwpY?5+s3(y*)!E7W9zJ
ziGJw{ILJ<tCKxviIC?0&g%VKb*EePxj-)WkfHn%%0$nrjDyU9a1r8AS-lU{+?AWY5
z@G|^6i$^sa<*qHZcOh524k>lTJi$8=F%k$RS=sEb;&pJC71%FUKka)?7VN~5fot~w
ziUQ;c0o2i4cS>xbiX7?;B?tp!#+t^*sQOulmJ$EP&CW7OYUvCO>nXR?BkuM`MP<9*
zV3fT36kh-{xd;XzY-z*fF0pY-#d=V4fGtNCXA*(}WAXev<K!uHdHJ>m;1Mr=KgEKm
z)%mtrpF8YZ+YgNan?PQezqGvO?ooLKH2X(I^>*zfK3ZLXukLgNaB1FD`(|p}F+O+g
zMVdsg9)4Sdcif-D=I@P>p=D>1WEA8UlTdE3_6O89RzofENI?6Lz7km`x>N4F9O*`<
z&_S;8vw4ig&O6;Cu-i=lS6bYduz@q<p~ANb_!)Z^BiotK=TDR_hkUhbzJLoE;4Bt)
zIpm-y#g72!K*3=YdHzbsoazpB;{B-_XGZZ>)dd4%bu8c|XX{hqip7XJf~WirpHeN_
z7Y47L6Q_K@24C@?`0lTB;?}Se2We;!q|ckWi?!81$c`XM1PnyCg5wYKwM&QcU547d
zq$-ha`!7^Qw;mh9FH<=1WC8=jbPJ{ePi<~;=smb{aAq{rJkYOb4k0!@=IWTeW0sUp
zJd4Zp(In|O_M#;Cj&X@$^Ps~W$lDJ|xb-rkCuPOby3nx!JslmQwg5(P+g@*T#wNET
z(L|RM?df!HQs^CgBOrVXz$I}%Tl1FymJeK#{Aqlki#r3`M}JY46JFq3!%)bPr9ZYC
z8vJ;P_X1mc``8DtVa@BRKrtxf)$y{kBdoRCz$AGCs*enh(%J9uNEX7rdxnA)RZ&9?
z*r_>_uqQS>5?1Ht=FstGiD6t>8H<|6Zw$AHQ8uf;=C~$bJ;+8eYz4gyMSgLWih5vN
z`b+!c&D_M_mDsbJ^G&tVKI<=*D^_C+nTaVd#@jw~LP93P`OC#Cr6&hF%onET=R;Yr
zB;b<YgU|87&er(|^zKPd0{mYkmst0Zcw~(4;QTG_y2N?o)&Tt~Wi(Ti<I#{I!^4M#
zXtWPsnOUk}!RqpgBOdqIQh$Cvy(QS}`ht-o>G!S#+~KJexf{dk<HE7mj(CsnLVh)s
zkjq*^bQc(GXn&l0Iq5*q;n&jA`Uar(Kxi%ulKQkiP%E}sQ_^(^=)!zm{hLm}F=Gx&
z?5af->QX@1&ue_UOMN8773Ln18cAiCDdK+%c!YOb86&G8Cm{<M%*H++Bt$92*)(?I
ziTHOvR;NmDI0@h);{Cq&xhg3DqL>8&lC0tOY2%GqBVa487oB>LwwB9oub-oFLyq#1
z*yz}en4<TY{L`KoN9U=AjuPp*lje=Mdg~mJJMcfILo@f}VlfCrDH#hLomc%jC8WYP
z0)`qjq&!kd>RK|tx98*luSfIt6fU?6EAieXgW{rLbWCP;)gd{6kMR<?xtmc0H{qmT
zNk0}0W`o$;qH+Dma}GEJGK-02K(ZCqNKR|MQ_7=r(x+p!BnWFf1f;umQt~ezV4ZhZ
zoP#4kh>%{Cu#M_8NFXSBN*%_@S$t}DLALLX1bjHP|Hlji74*cdp@(c^IyM`d@6(<A
zgXh&#!@oYRX2We6o4iCUQzxVaPsEltOwU?nDg0N%2*PzrXI>pP5)r4qeFc~+nv{Y_
zPff=;El&WUKmzdFWnn|FiKCFXL;tQzbAZIOZi2`|lAO}s@@piu>y?>2#-f&ehuYx|
z)>7gq+J7XM@?t;rJc?7pDr&D7OLdjnCUKe@>;!arq18bG1bG8jAGa|f9LChRT5UA<
z=Ne*Oej&Yy?O4uET;k~PRLik)%+YVTU%D=LO#t8=4A{`lOz_Q#5_uSie8812H8m=a
zBDW^s{q6aDl%2kw7R#{@DkDa|g21e+OKHLdq`<zDcb~lg9=?-tNA3yP(rpbMfFbwm
zZo}k+PTmRoUEo*gr~eRvhGzFV1IDBlv+5P$Qr+Avo0cj7I53KkmOQM*ak0BTLx6?=
z5Xx5o1b{+xgIo<r_Jn{>ASVF{dHM1lP&t6D5wel0rXWT_vtEGPU-_%6fk~ENCTuee
zgZSjugi=OIG?QU4{!9c2>p*@YI@IN<)q5W!LORJ%kg<q9foU)X98TJT;n1jtUDHgm
zmp61cHCb*i^-@;wb<d?!t|IL!O^Zb))k1C#oP6DcBIC|o9!b9)eo|6R9^dH`^KV;!
zFc!HSv>m6TI@KFwHsEt}oHg~F0YqHJ4a|~4u#48340d-w%W%&?AnUr-kA<ew`=9jj
z!dn4jJKht!SN^$8_iEmhCu)5eu=XJQnFq-%-T?JpZNdD}G2_m3AhDP?9r3yd#oFt?
zWZZu{QQOcnCxrq|+6^*z=-fu(zUEuMZNZ0y1?qZQalZ^|_s34zfP_9AA8~+O21qx#
zg7n4p+gss14R4-mKBa?vuFEE9Ren=V_34V6?cH}9Ct8>FP;WA5Y2Y0w-qlR2v|!*P
z%aN2KgwXfUveMwU8%yuACR<LZ9v0f&pNT+7K6K&(3aDL7keC!ZU+0<mHN81fCA+b4
zW>4B@YHL83{vx|B7^D>xMAiYEA&CsROH3;4ZWq{Z?QCV{NY|CLkSNV3*BygcZ}{Bh
zX3=ESu7A8<^9%0Y?UC7nauiJ;NE;b9&>RuOZEOrPN?qq0g}Rt)JcL-N9j{LQSULv^
z!7ENK$Npm09|AF-*%rKD9mM0fnbcfQLV`8K%^c+zAf)*qUSnWj;C3G_7|qpb*7J@Z
zhO8NX4gj0%o-^k4;kmiE;ekc8vpF_H>yV?OqH&x5D1JE|(A~)vcLv~da62g}rBagI
zuiSPlS0sBAs}hsan3LO+fpqtG4a@u8{rz#a?$Ges#nyI7PaeeF0-z<G&D)&kzQ&ml
z+cZ~h-|C|Ri1|X}$A`Sc*da6CdkW|GVjohJv=T${;F1N-He{vk=rm&w<zC)rpz!d4
z=ZkIa%L!NG6GDHKtb%MONEfIFIL$ZNlFF)O(cMj>1T6SqM_XG<=^tU<0!V9TrFJ|R
zGSVuA-yRs?Oz`!RkK0d9dRqe=V&EVaA%g^)@c~E=bY7lI;;fbEICC4fa5+r?XC+`S
z^if=Bb@ly{AaIY9)$5;6yRa6i=Nb`Fx&tr&N^`oXeRXwDo$yb1UND0!_v@Uj2oawM
zjZw|O*wB3!BJR9cLTv2$V0-tQ2H9obsEn6$@i!(z5-}D@u0?Rk>$?-b{j}YmntPJk
zzImPT4w`;jGB%hc6bYd%lAa`)o)JSXS&86dAGoj6;A1Df*HOTbkk2m&iW?snjM+{F
zse<WoC$IG4E4?LUO+Fg<q|j1r<BV{yi%!brkSRiKYw|T8;n4t%<L<7FePuv#Lt~@5
zk&(qw5I;Zvr~aIWYT$z_ohdEb>@Um922XGA?3$XvEkV(A!lNSs?OIz~+iKAfF$lka
zKx(YEah*-Q&u;O+-5sc3^Zb_QjgaYS(a4OB<Yets$7xwWW5>3?PHb}~=hdXt)Cd-y
z80G!U%4+{j>Fpq)v$g?Tk4r13x(S>yS+Le;=hK8>rutua#$b=0@8t7LJwf?PT&A#e
zUhlFtX>=MMv(#0SgYZ?wSCH`i-rGy<a*aa^y_UiyTIp#@kE!enk&^hMQcQeK{mQ(J
zrA_+7VdVI+N)v0Tw@oG}7QFM7y7Td*60Y~{X}_k%Z<(fJ)eH(kFYiAmcEX95AcOrK
zAln?Hsdh~7X`uT&7GSEdr)614;kqv-Zus>DgW{|x%?-!~2G5#$uI%FGbuxX7AdY<K
zaYQK3CK0D&x{bpg)qmHHeE(THV&Vv>)uq>GWul{KnPGFsKIs}eXu5#~vkp6sy1vRn
zs<&eNlGQ53_Q1HTzrnyF*OV$Pe8w!P6z98s$@1r_1&~;$mdlZN{}@W@v$U?M|5;2>
z<TncjIKyx`${n+%w?3v-scG?0`V>Lxyil0dh-kY0+w<XdxFs2p^?qnE7H*pmu|Byh
zt^G1GH8zG=K3T^GB|fC9c{nebO3P-_yY}D|A51Wz&(D{2sm*nQL;fl^8EE;d!gaHf
z`D?J4IY>?NdsAiGk&vQacIR`ESMwnn$~fpL4QW^))py2joax!&gU{P8RN`;1ZvSQX
z!5-k&`O&X!U3x42*l6z@a}Fsy$^5giq2Fx(&s(e+#lP42UH>_Ajb7yc%q18b78d*e
z9{z`T|3_eyn2Ufcj+AgslmT}6Cg$PD+?>RR2^Z<QbId1y+tMfjLkS}HqpQB(8CrJ{
zdgS!v+DqzYSZ;WI?=;ooXJ1AWO{cwdTcJo^23NtCGQvcPY&l69fB8$!sKxTIl9Jr#
zssfkWc<ggk5jJ<9iRQoVNiP2UuLmNd0<T*43VZdFbjGtPTDysn|LO(ECGjK}@cB8r
zcOL3u>r2pEu%&j?KqBDjjBIFm{nyul!GcN01^KgUvZy_si=AyAcccn7+1kn*M2;U}
zF8(g?YbtS;v2efh$v|v)G&k#CFXx<|9#{C+<OzBGudbbx8nGSe(l>@ThO<T*gBT6<
z=0eV2Y4g|G4UapCv;AuU{~Cbpa`T&Pq#TZN9z9*UpNAb5K?ws?XF~8xc|HLcX4qpZ
zYmA!p@6tJB$x?woP%qq0;P5^JT=SS<p1(HRDEn#N_+j|Jrt|L=9_Bs7H2bd?(|vhF
zocr%-{LdRk@BaUJ>y;(OVj}e_R4Kq|DQr|okXysnNDM}rnXQ~1sREBcex+pn=0tax
zdUE%Z@ob2xCyDkftMu$o{T~f|Q}3Dk3`cfSly%9~qm*5{z6VWN9_hJ~;}sYTv@nQi
z8tcyHHUA7L>s<HI{)wI5f_K2ZW@ZmNcq~QvH%Uw{t1=T`jeVi|{@m`OpIdQh`kS>N
z_h>|sBDm00fC$l^!1}1@D8PzhD;S|cuC}1w=KngiY1tR;0}uH2IaYa4b&RO$Fq{9{
z>wk=}4=%Rd>SPJsUlQqkE_dy9ACJyCvw41~*Ysq9q?TD+2o-c;ZdTP5xTRkO1`-ac
zr4<dN3@YcLxvpZ?Gepn_QL6h2gatYMZEK{gf;B>sr(t@R4S(Q=JNgUc;XZm#6FQOk
zMb;inF=BYq9L(22^^q~V4q^BVzh3}-Quv#-LRa2GQaXK1(JE|?=3_GONDP-0udg<C
z<4`>7O_(RAe&fmJ9cZn`#>o8C0b%cRyYL5+42SO7e|`NWTc5NpJficZ=!KIW?L)Xt
zr_~H;=5nTNY&IR;t?*3k>ZKtAr)8ZObEK+$Lb;^AD8|`F`lAb8eu7qgvan#i%xLiJ
z#-Y*hRs&MOR9xmuH2TK<11$9=QL{{wbNOYWZH;HWTm}Y+@&o!cll~4J6vM*A4c^nA
zxgLgtB_8KtRY(m<%ZJs%G`cQ2ifp8~v6p8aR`<lc<~vM?tQMEM%1<W<^36Z6*0GgP
z1-CxB(W*-o2exJDN$C;27{cuMqx@;#xY%hI%%&)sH5}-d*aHH!z3*+M6kQ7l9p<J)
z;@`iT-GC4c`|=;@oum|dBMYDMG7m+U1&yq-oQkvFV&IOCm}o(<7TCT|ODslNY+s4V
z`eQ6EO*m3D3*BxdjA}<<F1sG8e7sM5Jn2i+vd)nGxq-aZfCA^EVw?#_Y&ZBiect46
z3TT&!AAYnZ+k}<!8!Zp!ZAUB^daRxp3lcKD@K*ZXm(Oy#KlbAS@d+pD-2h{$Vl4As
zo6}1geT0Hf7rhkaM&Ms5N5!6t7+;&s;pLr~z^jTQ!V9jo#agA<$1~Z#Ux23tC-8dE
z>j1W}=-s!390~Zj;PqKD-+=_RU-xBdM^MH@5>N4^N$COQ%TtEiij121`@zmCJzJ>}
zr|WMmfoR0@9p3F+Z}vX<#<jBec=Ha~^V+3#ye~*_g`?&C=JonC*^h6Q)@O5@hWox{
zFW}a;z2y$zxq#~H8*Ax99cWqCDlMtajM`3ImU{-L=M+oV<r_tU1??+c+w_Z^PzB>F
z-_F#z3-a6{6Ez;@?rHnR@zd$AU0C3Fe-~V<3PCt~VF7Q?1Op((jQ`9q#FruGkTgPA
z?g5t|a@+0ixZ%P<d}Y%@(`rP@@-WuWLz~fXX7m=2*QyY1rxj(zLv{TL!t{AzjMIb9
z_g#$w3n@Ux56Aiud#Bf22SRcB;yw?3N3C^~l#utv{z!npl^<(g$x&v>v(6#PCyx(~
zr&p2%9_MN-1AWhvdIq3pA?0cWjS)Vs9J#c8-7&T6T!*XHLF!8ZjpT7OXe*87e5K+{
zYcwbJJx~j7rr~xDo*3Tpi{HHTs&aKN4MAnfChWgXl+U@^e)asq%qV(b*H4OFM!_m8
ztqLfv{OSN09~#Y3v3)h!&^o9A4VN;eW%rd2P!UHf_GPWH449CLLRj5UZJs+w?JaRr
zCdd8_?dd$yDWIS`2;Dg`n9<6?)ksavbcF)dHFT>)#M7=p(fg1djKyHx_t4fD-!A}b
zWb(ZCpo_tCZ*hV6uIu+HUOG`ko4F`O(xZW;RFbzbbJz(X{d{u0^7DP4ohFuZzE;+M
z%>PKVnfL3Radx#|n~g}I<sX815$WP;yXn}ptp@Se&Jz*={3dY#uil+~88J5rYP?Sv
zEH--EiJ9WpYpbk?iVhju4PeYL_X&v~SD9E376H`UU+0dk@Lcn)kC<!EW54a_G=b8q
zPjkHR{;@5XD9P?^IoTw2JZoajb`w@PB%aX3Br_?tdn$V&$|zT%`s~Uc8}?U_%VDTf
zxfO1pug^Q%fd?8D5?0+JG=94)+KGa85g8?=LOw#gg}L{!#}e0dCZT0=_R_jb?&#G~
zMafB)JXTJ0J#^Wa87T`Cm~c9p36vyKgngU)NP5Y&Hf31)Gxe2+=w%~8xW9q^M0_T9
z6pYgU5$AD^H)GSr@7q8rE+l#AP4*h!kPG2H!!UD4UE8V0{y2Lxoz52j#Oqa`GucA+
znca^K%l25xxXJe#cE5{gpZQzW;2$uI=PanEjyldW`0tfgR%t!*+quFy-Aw>_cYtvC
zf9C^IF6pGuOo?D>bbpQByby?=LBOgYM@U3weG^8_O><W>-*qo2qHYHaN=FzjR)u{Z
zY{F`AVXEkUOvDHpM2Ep90(0es{@RSY>tf@;I~sF`qXwmPopFi9XTtwQIlI>W5``Py
zd_30^eBm==d4@>tdVN_*4!!nLNLx97-ZBE}0g=u_ZQK-!eSfU$)O>Ep|Czs@a$bbi
zq@Sv5e<a&iVF!>>y$L2%5cJiKHmUuXwC?2aa}n5)7tV1FdZnPC5zQ`mHrhFAuj+^m
zOI=n>n^yfBMr?fmTN?af+qs6Us$RMdgwP-z?%i#6Lzsn_V*DC7Gr%`2{s~f%n2RXx
zdFfmYi=}rQz^KjOGrl^lL1IMPY3^_CYErKUD+g*5A!PM{@kR9(mQU^#@x4J~BtW}a
zHe2bk1}K<(Ux`HZKNg?TN;e?3XiA|Gy+!<92lGw(3AnfXWLzmGaFY&tJ=1M)3RuT|
zvR_N%m3|j}=g(6^k?$k5z~EFh5}3SarLKaN7*Yo@Fb3J5X;&5ftsj6JAppa;2w#$W
z<s~oueE%BUT=%=IcSUam><HSSf(;UOYs7a|wcqa<=11GqYz1@U-kW07Hb;c?>G$17
zhTjX4zKzhRT{IA&2baQTVcN6hELnU0`rxSnZg_ADBkpz0K82HHfiHJ!|KF%*em)Rq
zWE}EQqanKgXYsbM$LUQ_y*778T`d$zpPEjyUwFNC9h`18`54kl_hU=v$A%V3#A%m|
zg&H%E6qwVmLz-eyAeNvtO018)x+?n6<DzO*Et3QaurFMb-C)y`^Ao*Cev3H)7qzRm
zmg=tq9+SPi7gL0`m4L>tkMXIk9tvDlvC%OM)Y3z@4~+nS<eEYN{*WdqqwCV169Dvv
zn|?d7&F9JL(anrN%*E+s72e6@e?W2(75$8Vu)|!iHK0Fh4t5id^AIwf*>-4DFyy+q
z0vd7#TpujeB+JqNJKFdsOpJOLY68P#3cX>$wh2<!=&njo`=}V$MTIqomNk#pin7%C
z>5oOP5gu3t3g}}-+vyJs%G)axm*8QIC7+a6Uj?2Qv|w^?O{1Ex6MHF=guH~C;4uwe
zRl0R+gEhJNn)r&l<@rVvrS9j%2n6_|aj03=UixYFi(%BWztZ}1%`vu6B*=EWP?AeU
zXNExXNMyMTlEwi2+q5+lH`PYKy;BD%<u7)b8*7Xzy%H^}kkV$1e;X5+&YGtp<Lu~Y
zG{|ecP59*G*$6tf&>3Qoqp_x?0F9}CGcQH9>aRd3ZMwLApiY<8=+d=wUb)VVF4{FJ
zDb3*hZypdR{RtkR!oB91U@(cxeCfF8@3Mis<$woA_e-`DxnHK!V}k~;zpfX&_g4aN
z_gEky>w0`)MJw(>YdvHlXQg%2D2xyJFDOsau=@e3VXdlE|1FPvU+Vw9xJmpzl;`hp
zRuZB5|MphT?>MkkE$2TQ2SU$);TfUVHTs&)FX~0p{cXY6xnPFOViiE&a=A9F3ln*~
zt^>(hoh%qRF3j?UJP1VKRaHcO4F4Hs6IGs{V=;_ch&m219T?h0f79b3$7l$QwN;Na
z##v=`DY!_L?$9*xc!Cv}$Np()%$Hr<2x@5KH*$fvuz8&SY|wd-NA=Llpx)53!Z~(u
zxnx-y)2w(fq!fViPURb^5a~qGF5h=*4)p}ZgXdKZ_~Ay+ugv}(&1#(g92t|uGiMY(
zy#&Fw=pijg(2r4n9@*MYeNcXSkbKxq^e8_u78a~WMG&X$EI{^xap%i#BBg)NU^Fwn
z<XDdwbFm$Plan->wJwdh=oLo@F!I{U>=1|8Qo~vw{^e{F8>XKg8m#;8cr{5QWdgkU
zVX2?Rk*q?HlRQub(URip7X3<1dub*A_0KpdhjWvo^R`|KJF54H*MtcEqb!?h!{FH^
z=zm@+2eq&A!-mODCLgQV{NsPh|Hoz8FwV~AQXeiPwA@LZ;l~fhL16__{-4&xf@#((
z{o&8rL-(a&+WIkgw3Pv1M`Q-jW=yj`>!?T6mR%+mFERZ^keVVJogWCr@x%YDYNK}x
z3Ii!RrG1d7$80$s8$YB!JR*MaXN!&e_7~y)e@y}*N(_L{i*vd83)sXYk0a?*E7?fd
znQK5du6w4*USsZdL`PxF`aBOS6d606ILb#H1_aX)hXv!ST=8HmHd$-ASW!d8oD3SV
zv7QdS+h?Ry#Z?-f9TohxuA!wF`SQzpSdj96<S+Gn_mX2{rP=L1<+ws}wap<^H6T9m
zr1wEzrHO#q*nrHA0_Rg@_dEpy1uReD_j>cCSE6FXDjY>!>yH(@f?3af)ksP4?4>sR
zAAI=ag+ubLoH<!M*cPR$B~X_i@4n$9P<`~`jgF3UaH~mD@*=EjyDs1X26x}XXXD$4
z*p~A{-6Iy(Z$AX!aTf0)zQ%c*c`9?3JbkiwIHklIa6G$Jqc>F_6%|`ORoieb_oVCo
z!b(1#PudB{U+*@4WIkbH;_EZ_SH;Wx=ujH3^48(!c**1GU3^+$AKI;rn;tgL;QRA6
zRW(e!XB6@DVqu_*V|bH*qSn#Q_URK#4*E6mAnudSPoGpcoeGxwC4a^_e{$Tr7Dlk`
zy_oert*gl}kuPl(ad$g#S^DMsq=z}HW#sTAN8+SkTZ*n8F<6D1a=)LKJJZ}$d)&mG
z!`<h4wIo0*<w_Xw^noDCVhC|3eLm#dhnq<{&k4Szs}$4MB3=M5oOtOMDG5@xGn)0^
z*_<hGJafehdxY}bx{e^Ub_lQ+iJ@O!l{l?v)tJJvI3iKr;<D2jd>Ak6om7KvKtSy3
zj>I%;Zow-l;=?op%>MItnUNMLyuJ&rRdihKgLFf})~>K&R^(%Ketd*F_sqMln@LGx
z64pzxcMYB9d_%UkP9KX&{u@3wBTJeyu`cb@@w*vz&P<y$t=q0=eei(g>(Fb<IB&qV
z*HnO$CIatzvvv~jR(RE><}2rFJpP5#M+>v;&y|>qLoXBVXLkK~J}wWH@;So>ls|Cz
zL~$4tgFq1uU0&M%{T`Z%ny;hAte4pw-oKZ<G(e9S$qr~dZuMfq1vPC@AqUNHpm<Jl
zJB6cUV(U<srVbl0dhuFxb81aVd%mOYqt$Uohq;<N|2$w23K~|rN81E^-oCeRho{Yo
zm#gk|$fFDP7hU!*Y6G>5Z-JIP(02#Aienttq}ak!QGbA<XZgS|=gfndSej)5Q1M?0
zI_1Q#ntU<*DUSJM7!-hA1D8`@#L`KTgGte6EQ1;Gf_iS(wvNFBqZ79wA}7@T^VsHq
z6GMd)AE>%x=!E0<ijB_{Y)vdx{yO;>r2QL6pIxUka!AOXRy4PGePU!Au9H5`IB&7|
z(G@f#xJe$*@)=xu9Jb&A-CXV-pb9UVi3O{Kfo3vhRTRDbgmd{h*J02Qy7lH4m2+eA
z$=Eo`?WjTjcMzC=nxy-Px&QG+i!EZ~$?zvNaOsKM$Dv0%wt2EYU)LXC+()l1Zd?%6
ziu|304MV%4wBIk#n6W7KsB?9hNU|+XUf}fDk#!a>EnNGBdY%6HlAVeGuKhFwA}T8+
z?hSYU)?ARQ0%@B)c(b23V2cp{N{+E;+rvN@#JJP{dmt<n^n}?<ofvzqs7!r+1-m2&
zca~#WY!Ia<aBig=8=a27qkb!l=KG&>meo$dm}YO%yNMKua_`_^R(Wsj1MraiRN9@h
zqiExS{fpn*{CG+p9V$1C@cHe_;)V|ds+@2g`)2-AlP1e-4O-*JGNn%!7H=mYhe-s|
z^?}NinUCpv*ocnIkGwv^OIDbUd94JRDV_wFKRm=<{zC%PF?AcAVt!7St*jM`Wr3RY
zXq%~FLjdL*`c<Zf%#ZQiYIY~>J+DC<2ruZ*v9X_!1{(iLc?N8}`a#2><&3j+LFe0I
zZ)kGbr+6f&cV}7$ND-m?RzWKgfD>V_3yu}s9Lt+^psIR?r^9)?{k{BWohzT58|e7b
z)}56EReqq|;+z54%~^N=`xYbv_+QG(3^=uV%~61klqZ`?7EeP?JD(>a)p$^gOuUvL
z>ru4%>)0PObE!OQ87sY{BM9I14WetlVxAD5@rmO$YQ6==IwEjhSQJrl8*-fE^FQDG
z9!Tk6>lg`2`RJ4Y(4xm44)@#udTnkg@25w_saDjr!eP?;XPa~v`ug)=mk3g86k5v6
zcLVc%jX*R1YpuuIS!0`7KkpFN1agB#30KtCeI?r#a_ZWi_S+z+35JUg`ae7#&}VcQ
zLKJJ}aib4IG+ki0-ib)XA*2;|I^jD78dpy~V7_6`$&Y<b2|Xcr&Mj4h0ihjY6`ES_
z3q0Z7|3mN!Rq(`h3gp*#&8@MgtFf!>38>2XFt6*61TE3gf`~E)orIq=bBo0L7<lXD
zQra^s4wU$&jbO{HHv`DF@y-lMIV<!WCW<gW_~wrTyAIU4mrLt!Q%#2r)21qt)^+B2
z1q;UCg$LVU+XZ7TvXhkm(aO%5sitZ0Cao!NNhnx<M(k}u#+e|iinO1cAisWkU0|Ta
z?WIKLWqnKWlBeBFyhmKq@Z=`e!f)Mi-)@QrX++(zvlyPu|9MiCuhK@~i7|?Jk)>%b
zo<R(?USDInCkmSR6OoK8MCpPpub=$e!=7uFONAn16GebtPtxjelt{g|y;wN(E3y62
zr{2i7KXQ>V)FN3WT_>e)e*n@jwDp=V4kqRIl0^8YC#OPP%+zmbmlzX)dcNss5`vh7
zn!N;cfF>E#qLmfhM87TDp$0cSo5qd|hxw1j2F*>RSdo7a<CcD;!7CzQMEWU6OcN_}
zv+@CIchVCA^w7i3Q^mH!5DtT#fc8a2#hzpO%@3e#3gB*}d<|ix;)Fg?us4U8YR##p
z16Of~GT%C|$5u#sUqvf0UhF;t%|<!G4_!u<w4&mb`E4~>kBkf^AV7T#HoXUq3pEQP
zK@A_AV~XwrM^d_z%Zw-xKS7tFZlf_x213jQA54O8cN;Xfw8hWi-0#af?}ycb>i<mq
z{wHW_MCgaBUBkSaFd_!2h=-;GphfK1J{aU}zb5hbr?!#-Nai_+#7b~+UEMlDew4fu
zNtj92N(_P$g_xW~w2{<btv!3z5`lHq*EKYB^oq;j$`wbv^@Hh&MCF*O{9dCe;6{@0
z{!q~C_*|>?)x0U~z${9iPSQ=0wB`6{{*nXec=WE=iPB3Gr9Or=aeyXdvRVd+7*Ww1
z=oFJ!nPwqq%<TN3NqIkzEQoUQJn*2QhF*cq*2c!6f(ANs;BOB)#lj;H?;PB(+hy<P
ze4V=N4~_~gyME8|N8q@r*IeH#LWNvP(xZM5>3z+ff`sf;FuUr3{FIG{(Na0S(cEO_
zF)8rB@U&imACxA|=|jTXT8XEXZM~`8(e1aeJU6!Xrt<W%d;0m_bXr_(pFby?s7bA2
z4<C_XG}K_3Tl0(=-(*Unh7$1*6UK8S*r?iENbWc@ro9co(Q)p++xmIZVPQIdjOmdm
zHTv^%5Ep3zVnOi<2dQRUtEqrKT}k0>m!lW7dzO+<{N!p}1AFN<2#i>Rt~5C0(>>TR
zMSN99^7(3fAKat(QM-5dfrRELKvyCc@Offvzb^5N*!A^h9VtnlZ^XY%K@q-X!`QU7
zi}O*bRB4_4^2&oNsD-h2r$vZCM>ba@hI}8`!Q_bK<n(%PhhjjJ@VFf-$MahrmXZJ@
zVB}f?pqq~-F)#4V?YzNd)Km~)7E1x;GUz@e>9&Ni$;xXex_t`3A4S+tgf+?xxX%7`
zN(eZIShm@->-FBZdIhxR0>CAcy$eoiO*WsDS*D^+81xBVV^7NgudkryzIQ=h{(J}Y
zVRr!TV&i1n0aO%p=%-9cLakn)utS03yt|o65T^`C&1+7x#<%a&?Ma~%zs6J3S#;H?
zBG~%v&o|U1fdzp>D(EAS3x)a|w=R#cmzxSod)d1(SHWS@U@=Ox0s?~IvasO#gSI-m
z+sERvyEsA6YgghXFeGqb>BsNi(GP)ZpKZNXs|Yxm|HnxeJ?8LF0;St&6wumgdt$04
ztOE+H6Lzv1a%kS%U<lC3rJTpY0f+o8v|`jiRnt_xfsrhURXuP>5q>D{(0DYmG7d;>
zNvnjNr(f*JaeLF55?zaR^7&MzV7PVdp_PbewO<ht!R<bE)uWFQfJ?+8`VXf773<y-
z0r=78U~A*vS6Sgc@@v#?0!2!GAV|C?u<qtB&w_41jC}QaX!a6C)YUfk4lXo~VP>#v
zBU)`v+$_nDk3R6=@)Qc(5v?D+WG9+;=xH!df7Hhf7wRO#gp{mm$7JzCs=R1i4xOmY
zGk(F4f<Mx|?-Btsz~fq%&EA$t9S?b`lM&TkLJY<17I{PTwH1c0;BeN`K-Bc%p@FvC
z`(^#YLKWKZ2k|$x*PF2+md$psS0Bu0gXW=-D1UwSTj4hr%=Gx;t&_4FrgUqjHKGQk
zCovF@h+BS_jam|#nU#<$p$?C(=YlA&=|8<{(C$m@o~ZU(g3JB{*#OK&)HGcBRN0*!
z_=y;I9QmG{C0nzhuUjC}as`@SeI&69|Iy$6K1#Q$8ch<_Pj|5F=94vt?=-wk`gAur
z05oH#83!Li9VNLrDN`hRxu2Lv^And8Y_c`GF+IGouTYEfjQ>xXTUJ>f!z>Gbk^3?`
zYeb==_`3Wqd9ZGZxflGEASZB?u-lok&Q#~2W%H(K_LCZb&ao|@--hD3&*5GjIseQO
zqLRk~pc-`?pD{$ynw}5yac0;ckO)QY-(K%Lf<-knp7aNg3ooO5(WYfT;Ygy??H9z`
zzIUeV@6Uc&qHv~dw&H-;jaE{;tHb*45;-E~nBAOxJKxs3vpzUcV{`!=rvV#J1Lt41
z(u?RK9mXM~j|40`aTV_(#iIM<pfgjaNFNUv8{kzR2*Qgc@4O#FH|1)a3+;MggC2V{
z*oQm9V>aRaDSWj5>IE1SsLyM5v~vmtW5t3607EPDu_Xqt3ebw_l6Ko|-~>%(jMuMu
zO#?NM&+xzdrxc9e@l%whOi5Bq#>>u($OPf0!rF5$K%|85Imm$EL6Yn~LhXCQ0N4$l
z`57E`?PBs;XT(N0a8{{7{DaFJH(_V0F`bTt^pfDT4%@9MI$s>x`m5tQ#~$M!DbSr}
z>v6Q5)P(QC06xTAdjXjN(66H)d0-q2*jP%*JefS7!RR~by4srgluy%sz<i4go9WZ_
z=|rnVT?g%ztj6ii0xdX+YsOUceBTS#?wec-(iy<K%yv%m!Gadd1}z#hBSEV$_6|3u
zV_{KMj`S%A2%m{v5%Ud+!;V)dZGO@~AfO@$0CRb2ThPNBlgaD&=FbDJl^c*pO7O$*
zTpEe38IJ@DXeh|^m)Gr_gziH^0GC%d+fbV7))+H;Jp@VyUFu!U>yPF$E--Gtu>?JI
zkyZmsekaIANXRS6OH)RNFmI4Vu+OAsap!milc5q{wv3nU*>z^*ps!sd*t3#=4Q$*u
zd>!>v!w&oKRf#cE5F%QxD;MoRjNjjBB|yjFPR2JhM)&SM<kF%gDG~xF|CBi$m&yTa
zTHG2Cw((r+bC_*7fK1%WX?>EY!RNyC&{cZ<kAFK0(dQob(W#LCsboGAzn3oB?>Ivj
z&@g&o&1L1R#DcrH5lI8ZV+hbkdBX#XY`MtxoT+xcH<KQMhWcE<DHgNyo~mZnLz~-$
zM+X6#gM-(`&!NPJuQH_ToWCst5)Qfo9Vhl9+GK=to7Yw;o6<{lL`l^Er3D^FDOrNe
z=LP;;2AOCx0oYwJF9u@S-=Ke1@ui~K)lj$40O0<>1$}SIbR6w2U$!1dK1>(mhDe=q
zy__G`^g2JDdj?!4Ar=fc3p7zf6QXQ7PU^aQoesi|3T7Ua#8iR;wWi=K7tm|8=K}cM
z&p`2y^GoFl70y?QGC+aE*?gGwf<XS^#}V@E1tEwJjq%e_x1p^i_MOWtPhSl5{s@C7
zR1-$RWEg4d?mhWU*u|3jMb?6rdW$cxW`)iT_^FRl93k_j;7G?{zR~Xs@OuV1WAEnw
z=?FNv4Vwso$LVukzwNb>p|_ov?YKeE4VTX{h<)4uD3W3G{DGJ@Rp1<|xy;KL1bVx^
zCLlxeI=hA3i5|omeGb&lkL82lx_IG^)dxi@5vSs~<h0Y%0;ix|lmltvbaK|<#&`je
zkTzSxC+x(6k)j9z%ZJOftulJ+9p1f9xGl9XAT%@nFLmrgk)Xa2)5lEPOZw(#qq5n|
z_u3vwuUdS_aMm^qw0QJOqW*X!RYnZb)y9k>F9K5u&r6)JVev>wj728zUYEm?vr*pT
zE3<#<0x*1W;=SGU{>X0P+In&}+mp_ax>79xPa9jup6c&DX#IUALo>=(L6Z9R1r1c_
z<U&0$!E5L~a<`Z#(gk4!p7?V<x@GL0^eKb(1JJ_JR<W&$F1+zvzOM`NeR2atv7khJ
zAtKs}EtX*X86;4qP~?E|vwjl{DmefV5yCukJ_{)gGnL<a|G7G01cZ<HfYUPy-~ZLA
zQf!PL9&sj)B_ZDPv7f+B8BJJxY~Rk!w6b!B0R((@?Zw5P4*F=oDOlw}7Pbe<k4j4_
zr-=<|sA56L``DQ${_}iIcHXQr0z^I=6~eu`tO7GaMReeh<icCEjYDj3>hcEQ7)<vb
zQGgWPWchZ8u#oLy<@)d)&}~o+wbeTY$F$IAIe{A1u#2nsi+$2$wWrPeV5c!%TPve5
ztJEyhL8#2KH}4<9x6Z|Mt&k;LYX=XE5Ya;on$a{^HB$9IebNn@&COARmrM2NBf{Xv
z7Kq6cO;6n2k(0jQJnEFkVuhzyt!=Som73!0da4LB;tew5H8^FQn)C-nFWX6m>hwGB
zws+gk19jn+K=Tv5r!xFs6lTU(-4zCBBvmq-@3+XqD47mlanXv5--g12k;As3E_vFK
z2b3kzh?f$G7|?=i@><#<fE1jo1&6F_g(-cM9VG_S8e`XL!=`Efg}nxi-8-yHz^QN~
zR|u^~QbF@1?b}Ynh#Z`Rt`;yO`|jg~B6D^g-Ykr9VZ0=Vd~Uq6B;I^I(QTmZ{v<t%
z#iyDAdP3-yVjOH&Jz&t)eQ+9RDn4kf6}_5&<Fk=Hv63NPs0%z{qLfCI3M$syNEmLN
z*55vPNrdJQmF>k$!MewU5jdpS+XR<*;0Fk{Tx8Qj)^kQ(P_|~bN}hCnDOn_NJHU&5
zkiG3U?d*t<o|{pa%%q^M-8Fh7`hfGN9V17T-drJ>lJA)Pinw4<NA#bv+4-Jy>9V?~
zXMnPRju8R3zPRjBCyBzyXE_v7i4B_O7t-#d?>Nx4S`(bkC{)n5&@yCuUUl%vTn{}%
zQ$QHV<RSIcG+I0UsjAXG;Cvf8ozT2q&B<O$+M#@xxWy}*C8X$ELAhw&7RL2zoyXa$
zQ};Y=qLamIDSvNzvZK(2VED)B=}({haw`lB#DeRtyvB<M_=XM&KPrrI8A$Z;#olZE
z@GVx<!kj<0Teuq!A@*=zaw#zD%YN($-Q$}G9|j+jC{|-yjC-JUd5%AG{mn7z{hC8r
zJseS>a|s$>-g*p`N(HsfJ??`|_;?0u{v0JgG^6y~o;MgbG^jrj+34U}TXz?YF{F_Y
z>|Z9UXsL@&NRBAwRjrh8ACx)5-?R>LTwdE<V?4Mgq7{@Zos;|i@|lgrO%9O)W(i*|
zDW%UKo5A6qrFnH@S3>t9te=S_uKb5^#BQGuB6Auq{oHN=dWKWQ?S8+u^1B4p5d;6I
zMbvzSW34Z)19%FI=zib-So~?=6~)$meKrxj<Zt2MzJpC&pTvUmdv*f^T*A+&t5z??
zbboW-oWx7VJui##Em#G{km9=oo<2CN&5`o1zb7&-F5&-9zvMK$hep(|Kt^6!UFOS4
zo>s{gUwD}0j>a0d*!}yGf<5ZXNh1%W*vC&11z(0x#anRr*40Iy`@UP+1xF}3{h0n3
zqCXY2IpCQ@HoDDz;Oe<Itr?S2@~BnN1<85<9|^=EJljbc=^p7e(|qB71n-+e-P#(n
z{(MHspZ3)GS|iH!X5i_T=kLm<OOE3$arkpVsK2{}<2082w8s#96MjylSt^OyeC3^e
zmk<^x2p_%@%3L)Vb20p>DVIX~Jnn|~%=?wv(o1LTscZjfg-f>!5~2r@#?Cm4D(u`!
z38Z`uRwbn?Y+nglX@j3+I@je|>{BOvJ)D)nHZ#$g33Ji9W~yko?ii(tfLq~vQH(hd
z*HDU9aX->V-Fve!ANC}trGL1%k?0>+vS(F;rpCp0V`9hJH*PmvFTBf;R2^yGSf2Lh
z(XI(-%wWm09U|ft_22(A%2(-epb~JF7t6&9(l{%2CYD8nw4w$6M5IT^k=wfxRE6I=
zSXMa9iP67Y1%Z51RK{7XqHPS4yr+N7&!s(%agzE=)@x2XW|$R=v-w-Kb>`Ly-ry%^
z=8ULd6y-T)isA5({1f~2F-xNEI>V3MUg0i*7bW=b31Ho<{ANqfjapp|@`jAx221<9
z>ppr__(s(0C-?ye&!a8ngFk*nt0;>FtV~p#;@F}F0~<)ajlv>hk52K&CbL<p%vYz~
zxKq<DwDJZse=IS4-T1I98oXHXLpWh?uo-7<-P5?)OS6zk&?hZnnsP#2e<h0v4D{oZ
zy=K5mf7)Fso3C>58J6)i%dHs&gGT-Z?h_g0S6tXc)a)_AZ^2oif&<FZZ<^~vWWzPG
z5t$DR=Gn3l^Qt_N%+~Le!0D%VnGe+LCjt@sx(ux%Ha)^|J8kXR9zfxa>4fit5qj3s
zGlV_mTy>nk>#b;Hbx16D<6k{5msj2B;aeZ$J=LtXrF58AUH;ZdUfA;Ueckpa5&ux2
ztZSZMzqUM|aJnn%GJHuX-2$&bTT^lT<mbW(C%e<{rF{V<PPQ!<_=^)F^)wQ$Ue!IO
z%jG~H?<~WABdeo>-`Zrn^gTG)3r>lB?6a_-?uSIai%&ltSxy=iICK77kl9-KJ*OJ(
zI8OAAcXhry-Jhs`h+NA5Dxt@bOf=2-a<HjBbL_G?Qu$-fTW)MH`O&>*oK@>vzrL1H
z<DQv^oWZAH4;FtD*_3{)q<ntvUpPntYdog^^>h7)@%71QwLw&a7v4zuZK<u(A3yDW
za_IsLunW4h^2_zwnRSj|`CoipcU)7+_Gec`RHUp0q$>gn(tFKf0RaJ#CS629dT$9K
zuArb&lqxkMy(_(j1*H>^8hWG!Lx%vN=QmfMzV*G&``tg3BzNY{occXy&dlxi#avdT
zp=VQQ^UE7I?b>8VjKN5ftPsnwape^qm+NzT7>-VyP0^`Zy`ZZ5jze#2gNKh}zUgJ6
zorSY+z)DcNuzG}PV-KoRF(0}s@_zJ1r0%4Whq14bw#AIV<U+3<eM23y=iSD}CGOXh
zx~H=pF!UMH?NwV}mYS(Df7ydzA)eX+ER#XF<y|+6C8kt5ahlztVU9rg!m4*dxntuS
zG?oFbb8+6juk(nPQzLbI&mi{lHaSB2lR58~0Ec;lLn#HvLp{oLS=f_nE^B+^P*7ML
znsecb8?i4=gMb6K>U%6?s~@!l!qOGlt586?x9<87v(1@K+we`3sG@U;T+sb3`yQn<
zp*_t4<H_UhgG=%|vwx^o?Crn5wnKb%iKoVIH(BdT#EBWq#N8eD=k2}B;S2@y_~?`(
z<w2uqB{S#GL1rD?Vw3^Yn`Xv_vlK2;Un39~PataL%cF%WJ4N}G1R95sR#>vEvp@3d
z$|{HIV2sDyx-7{pon6+eZ4U!<sU!8K;DItnrpsodXH?AgT<PASVf*@bXWY(Kdhje&
zHK7#sKdRjN+}Q3qjB!UR?bZ|m)k!-_&#CXD2rTqTz{?s~k{rrlNvHN%j?%S3nP_)k
z>yCJ!93v$sq&VlZL?a)z3!?(P&Q_|5PKn#?U-@fifrKI4v%dSmEq{Ai^Uo1FIW|PY
zUcBpd*VYNtM1+fb9|?#U7#x2M(&qIt^@R7ifTSDx^bMUCVhNoVb_dndoS)6b)kC7e
zNl~|f@$Dz)rVzTo*3|kl9PA5=b#>AEdr3EhfR`f6G?cCH=YN$7p={>vB>5s>xg>=2
z!IL&(G1K%FHyDMMO+g*l{mZMXr?82|x5p5E+2@K037J*}E!BR{fbp#z#kk|A>ZT3?
zR1ADkHAu{A@!|MPHDQm6@GL16H|K)P&l7zSGtTJ3L&IL5hnJ-c=keRm<Y*`#-!PB)
zyiScg7B^S4vq(&>Rx#~v4ZH<?hhjc86{%ct<5AT8<#dgRutu9K@OM>VwOw-AwvoYK
zVX&5{{P#B_Bn0JBh67xHh0Wg*Z5_SfT+`BBscOV86q8tRztm*z0Dm(UT@!P$F>{6(
zWMZq{DfH^1ng5!x;8oeHgPHyPHZ+D3U!-CvmPW=YsW)wjg$i00w~dqY|Ew(AbE~r!
zcrTzR-oD4GHlDK}_uDtwyp8cj3TIsqc3)^~_5NClO+m3R<x&)<qO=QQxdV}?T3ce=
z8IJ6^D{hcAHGUrMkgM+hmswn4+X0=N_hR<;iP&9&Qe8*Z=5CN=ZP*yX--Yw}?ifKG
zPg+-TO4f`sl7u<>Xr|lLMAUws*dW`OxaYD}sr#>6sLddk98*3T<)ec9CN^u2vPgNs
zLz}+LxyZa+zrd5<(`%BMhPgsI*Rz~cgGQA};uP~@wq7zz&b-7Mc@|i$4~iTqS-eds
z4w}CPnD$`yZghg-rruEW0VZcV@u9Fs%<jIvS$OT|?CCq`{iS@sA=VuSOp5NY!j6;6
zkbyz-4ksvYc^CUft$wJb9AJ+D-Mm9_EI*BofmThD6V2Y9f${o=WgO8`Y<us!H?(>*
zE~1SNc(cR^$JlA5IkJ;_0ku=zL;rnLmrS~Qc#+;$kIRMcZ{8@lpM;Eh=#N?LyLN15
zoRV3%wvp2(g5@&3;VDY9yCa6VZ9@6@$9LOsQrik4+=2^OL8MycY*b>JW`849=WrlW
zt^wUP!?@*-FKcKn3|3kIg-33!q9yG*9tfVWNCkw?HAMfV#9H~6x94`7q|sggzvA(l
zlp?~g#I6b1HmurnIbY3E{4@rh1k|$-xIL-hl!|QouK_OCR@zrpJ6;bO9_%Nan(_B?
zA&%sCHG}bCmA4XFj`lZj(S94;<Kcn9@e^wsTz*%S%$7qp5A-7Ij>{KVtrGVNaxOQ=
zXRh?mk8fv<@2ra{>VnO^Jx>}ZSd`Z6LpfM8`Wab0U<a19c<H}^TiM?V8utEjyA~hr
zz4~Q>+i?V=DsChE`90$)iOUYp${a?_W>w!vtI{@P(FC|i9t6!K+qZ&~T?%6qaS`^5
zu!S}W0>$#!_d(6sIxHXAhBG+bVi{RJPW9PGgeE|F@MwUGRRiVy;cxdmQUXD?GHt^K
z3PwexNgp7>9C$A9yTE_GE?Gu?!W=kH@u#AS=b*Nfc%v*M%cFmSDgW~<YLO4XVc?l}
z_6qk)T)L0*WTx%x5SV|oo&L|Z!OA}M?`9y+$7nBgNoc9+!hpldRvoZ}0}VF>{Cp#S
zxPV7%|1qLDB*W6V9&OzW?Cbt`lL_+O{K|MS$1o*|J<MY4N&q-E6uRPTnl{ZD0$ld-
z^i+TLe&h;)vj;L=F)p~=OYqs>2aUU*+-OI-_Wtk3I5KEysp%(p)kkxjyQ0R&$!GVm
zv^`=}^?120(?Vp|Y3qN%y+3tvfY<jK3Mjk3Q9Xh)2kJNntboqXe6YUu)B^9aSTtN<
zl8p`w9cXQSPC%>X4Sk7B{Wn$nexZy7ZNqYCST=d}4~$2a6ZJ&$`Tf&O-nAWQv|nNt
z%0x!jao}lg`@n`>vC!z$ysIk?xn|Vxa}IO=Bvn^6U4ub_SyF>=cK@f;llNKzwQ0lp
zU}4W+_gfc^DGzr2kp+r`W41{af^V|-$xa#(!+9s9wV51Gf3OY!oLq*JuwD%Qj-~y(
z$nP}$bF8I|fZIi8g%K2JNEom^x~!(1%R%@`M8CD+Xe#Z#-=_&_)fkQ(it;JRbplyh
zM!h`@7S(Sp?9I19<TBlf>Sir4lM1I9M=h86m)^6EYww@=m&Q=Nb@CObIYjk%E*sqW
z^-@Is-zgmn3T8KN_M$oubWpGm<qA=RbDt$v>2x9ZVdyv;zenFBmnlG;BY7tb(a4d0
zuQBy~yZT$<U35|}URD<*pD#tUeZ8vsdhJ9~5#h{NeXnG(qC9w9+{w3pskc*6{jJLn
z=Ed@~B*Y=Tu85!HnVjc)q)phvU?=0^^2n;v36`=Qf34rX#Kh>-;&3_CmQy9&!o_*;
zh#htM<P75Y)PphP`n%`qPWMN{=fNjMpZE;E?80@icDrPuDubgFM_$Gt*v|W{xxVxN
zL#k@D_j>G=`&eqhyCr*O&X_jtz!U63X9knngk3J-tYak$AtHxfcS>f5{(mf4_-Cb5
z_1XzG{`d0wUsnjBw&Uf8SaQCN$Qqk_FmJD)>Vg?NpNlO3<Vd$BT#{8Z>9VjUZnxte
zoi2(>OwRA?V0&mi+iF)VfH&Xnu2(u27^!=wKf~;O-hioE&m;*JgShU}3O<ycJZ|8o
zK36?n!xZ51`Z&AL5PlCE^gB3c;@gE5@Mt?A)XF%AnNK3Ymo>MsI78=fu%c8EWNDvl
zChL3T(e*rEFC#}Uz!rUua|^}FcilL76g+oK3+qsAC9+Dga(8p!3_{z&Th#~PV6AW0
z+xwEf^kL*h5HXoL))<_Xd+|W{3VfHT`17Md{N7RyY5A!(wPowRQG;$~mt^>9A>mv}
z!_;Q2%~qSEtiJL<Sbki8x=($3;^k2=xq-Z~tXxCqOMuij@`m14RLmO}d!-IjAK6`K
zxyMay`J)jP)g`p{QP6)}!-=zkhF!1x*NP9f0j&T!S8}i04ee*`Li}OCphj=~lsE(D
z<$mdb^M}2GZjjLVp^4C^&(}r&ImA<qKO`OcQB$v&Gw@W;nuG(69VxO~VjQTF4S<c(
z8>I0^uQ8pg#^$w@C(w=GueTZT8(az=vyQdWaw?Wbr#yLxrQ5TH5#|C5_iDyj*;6g6
zm-=>vzuWn5P3+zc(KXa1?5DyVs|q}FYa5o;%7^>ydp*I^JZdTLa;B7x3(m43(mutG
zvrqUbC|xrVs?A!NmqNS--|7(=dl@s)bNGg^`PixOOP4=poR@dDKj>C<lQEM^*iugr
zQYa*&Py84k)#p)(c4eQhog;Il#3~#t%{-yN9(;m!j1Hi=C;Ki)sDpr=&`<Ub4eo`7
z!|qJr#PgooF|wqeoNedyMBB{dg6aF8@iN^n8;$x%?CE-@IuFZ8eD#rdr=`h$r!ngz
zflNQ-Ya;&c)ZG5;cV`7XUBVOV#GrMvy%(SWenqj05|3QqaKmg*qc0~~+)b-vh2Mm+
z|B;S98E%l0I@ew^&sDPwe*wtto9HzXzZ`{KIzUEo1fsx`l{JJ1cDtbSsJ~y2=Hkb`
z5&bE9NbE-<2d_z>ivFCTW%G<n)oCvgjCt4}o$t@uO?*&o>kwR@+m$x+DFC6Cu|L0>
z;MLTUS!4CMWh0k`*9TT@$Mzk3N|el9)i?_)rbTIBesP&}6S3<rb%HhkpeR`yEk1s9
zg4lg*r%r_fN)teArtB{o$tDUx83W}J=hlgJwm>`@eid}R-g{nWC)4$VT=c8ULA~jH
z4%JHALRwI&fg;0efW*|LB>H8tX~l+(b$y0~zU*(X3SaM<3ik;CM(@YPKd?YOfyW+n
zPu(<dHdBM=gTFs?qLdBM4<JrBDYS3S?NW9}iU}3F<6oJNT#;K|-AL!-gnm4*Igs5L
zannV?7G42L#>KXl$wCkKI?Me|^4^FbB+#;9vC=eXO}})G`NAB~rfIP{6U#J)CkdYl
zC#KHCPP@SA8YW;$-NGvD1BDG?_D&A(%paU-u@>&Bd&-Uj>=*E8b}TjXQ-&ryAx75u
zBtIF^59A0Xz5Yrr(4uGIP0+>xC*6+;QGI5XsD>g1JuKMWWV-2f^@U*$BBB3WU~j$`
z6g&oxc~84kNr3U~d)$mFT4N)S_om+5-N%iJ6JRzYY#aeAIh<%Hyy)b?h}C6wk)`<+
zAFhu}XNLH1tu0<I6<`Tu?<~p;8Fv{+>XERsvIO+WVSf!Uz9>sUiKCX!?)@CgTL1%+
zX3%oOGWs6+vH5~YhGyNUTe2yrIG<b4d>|qK>Hcgn@JZh%&Nk=|NI{M|rOgfZIyhGE
zK};_BGRO_sKQk>4P5NaRY_no?S6BN@z{)IZL9{FnX+mDu-jiXemRRL4cTpV(Z~Ot8
z$Oqm0f!u>tmbv`VV3|_?b4XO7YQ?O9tnHUmRhKZiU!r4Y>b@lUzL*7nNlyH|e_WVU
z$IC82c7Fv48C|A^?a&f;Ft-+Lqhj=Ev35d$%dEcPdbrhnMU21Ds(wCQ1IpO*2Bccy
zF&6w&4O3U#8T{kpEdKkEK}$9H?*mr*50rr(;XWso&+jo!FJ4Y{u5Hl)q8>Wtt?eC|
zpYfT!T(M~w9Ui<X(^m0$q6dFc@c~_f`+d%sa~91@)w3k!3hd+w0<23u{w_f@!+OM1
zdWb)$_n%g^?>3krFskc7VAD+&A7VCh-%rgX^UICd;b0-pfmI!sr~IAUKB8Q)e3m@B
z7vpc*RlEi$*2Y#0!@Fn#s!MEqJ_KolHs&R1i*_PNn6&PFjh=|FlT8^!5Qh<pH(;EM
zi@nNQWK!205ckr>wG*{%f_itJX+qj?fJ?J7_Fjqu!RkCP6dT18-M}_H_!m-ycwv_{
zbh3dibNAB3ctQbU{~EBD@LD$Z1(&J^Sns*%0NSC2Xjqv=h+G~e(LH0daKBDmi->Nj
z)IMZ(`)*p<OX07X*G4lV{hd8Rem|Rp6UNhm-ZWsNxB7u1NomU}KA2rpKRR(p`cAGS
z4chNj3i_mXc*lIFVk9uCaY2QUp1vvH23F@ZLfDLsPxT)@O0xgTQOlrS;BafD&4kG}
zEw5Ge7l2{nh&D%YXY4V$&xHkGliRM(G>4>A^T&cR<F@%dd=89^%gnNe&QP@eEo(l7
z!25t%-kcz-G+(;XgWP#A)m3=0*5K~+q5Y3<-oWL>nE!qExPCE5AiEaX<~aSBuL<O|
ze5)pbJ<_@6JzfyoMf*Li`t5!T+s%J_+!*(sAGHABM+yD^&--q42CQf|s2FaQPDknG
z8&&JHUd~>Ii=S!wr&pfI?N^qm(4g0hlTxiWgV)Ss^_c(tI4Y{B!U5_D(0<$KcS(S4
zNR<3g?x#QEBWQeY{Yu4Xnj6gwN8a9Z9K)DEvCTpKH3)}%5mJ<ZFFXKEL16H)dc5S~
zKY>J6a2LRrq$lNzgQ-%BPtHJ?pKP382_OkS2#&tN@!p7E(8vWP*1*uN6Pv|{4d8ZP
zgC$vIuKt6jbC0!;PGtAa@`LGw7w*p8{PN;Qei|C+<F)PesBSR4C|S8T%KvN^)I~k<
zg5Q~8v!D2m=a(Vgtfg(hDA@gSd)sWU^5Dp7>_5A(`+q^vwg*Gl-QtuET<v~w{IAqU
z%qnly#zlH4@(eMJIEDT?-dYmZHzZwpF9Sl;D!<UetA@m7ivI;~ZU1t^^ItmS%^9L?
zcpCOjnt#Wg>d$Ml+k1=r<gVJ)O*vmph&s?E;jp|j?i0xw7|N*vQbL;z7XT=JyzsPB
z`UQaJ&vq-TKkHoFO_<$?=pv2N*4OZUZw3O2SZ{=LjT(Ie50l%}QG?rG_5K>m_N%^j
z#4G6df)>@EsS`e=y+u9c=f9B`@liPrv;@iT0XBe)%>8?{tGtRdtj>EQCz9IQh5M#v
z<Ej$g<cu7<O!b&|(&>H<2dpbfu<rBTh|Wyy%4+<Nr#=E1z;91|%A@sLyy5LEM0ihB
z#B1)L;w;Rv5F_KZ2uQMKpObxoO5`>9EA`U}i`F`>Pxikv{=6iUYJ8n*TIm~_sBYi$
zo@;$+2#<?4!Fxvr2itvEH>`vw$EW{ZT|CO9V16q2=arSM-;bEm^kR@2SpL0Qcl!w4
z7%GaFPxUWw7CkZXhEO9+OV|IekA4#Z&vAz@{JiY!^w-CIikSmL>F;!6%jbc&e)00<
z{I1g<j5>ne^5<_<ZhMg=zbt0I^VQ_~+3H<}k?(S-G)P+TRHxqD_6l-yJK-UJJ{_}s
zfswIax%||fs7RByfYx3?yBm*xd0tyI`8zkeUX*}?IAM%B?rlEZ#WV5>2h^tvk6r(H
z_37n)1w4S!{EGqeY^=@)rx+z8o%qtedWLEGZa*zzlEX5|{YnLcZp0M!K110I6aPp&
zJ`cZ#THpH6nN)Wh?;Q}FrB#*m>Yal<#$krGL33MjqT#6qd`sj5W?7|JXnw=Kv57<9
z($W%%Kl5{{cGeJqA~`^ixI}-eY(~CDiN&FFbbII8pVe;IM9Ivab|o$Ko*4mG_`Y0q
z+lWz-N96&-XDvRh#I>DOeZI`zY}nxv-5@Qqi)zZ0%mCvuyZn-p*tU+2KB&#X-i`cG
zFVAYv`7$Ak=aKC*Im^{ouWMeMa#kK%V<*fjYnq=DGOf^Cny;UJpIz#O7eItbnac}V
zVD1p?jf{-!hH^^5;|khF9yxSX=Nc4tbN)VjnU`=AiI3(_kV3{l&&#^jy@53Rx2VMF
zk0YieSpr|a<N?c{fPD@}N(JysuRyAC^8PYMnlSamjDSIo22Q&#eVz|`1n9-_fE1D5
zE>OF$!kF4$q;H?3gv@9gi4*gD20fxB>)N<tg&n~|4*IQ@GLOF*5yqyNu@cS5FC;V&
zmQ)RWkF|K8W#Cj@wZC}?R_f4iyuG~*4J_;VbguH&r{}r^_v}^U&)}KylDi|u)yvU}
zs;q_VnOaFg<f2^efw`55L4N1d4~om3$>Q3ACZz+(wYzh>1$st)dxwzn&M8GjMc^aD
z4^`3;Z|4heas6P2JX{bgo%$ZkE8<*$ORIS;JRJ;du9qyJnV_WMYFMZiLB}TZ2va}4
zAv}gnA&+jKhzGR8eC^dHF<rUi<rS9Jc68!}khm4W;UtSfpTh58&B{db(aP<yN`!Vq
z)T@=-k-XYEb%oT#zU*EOa7^yd2`1s}{pNat&Vv)+RXFauadC0SEh>loLdZ+_*o%Uu
zC3*qW^!;N9GIoSj!Y7N+ktD2E<xRm@V-F0FJO1f6UdF~bKU*HGG=c6TirYwf4&OR?
zPOgUy%XG!m;UICBo<<)`duIA>DY9AUB!`&k6yL2o9v-(!{hhC0$8ZD&(Xty6>~(_P
zLE~f(@qmTPCuxBm?gRwU8v6VDKkZ7Fb{g$_TYt^-OVG`H8jEzyKJ}xnab(fR3D4Q3
zT6J`4C=TSqH*JU4jaU>ORLIiJ&dk_;{*n?e=a_MkNbI#SX8-VQu(Iy6^TQjg5pAe(
zNsf8ksgHfAKeGl3@zbJb(Q=-~;DNZ{*H#{rpDqLH>Ddnyh&z);d{316f8>3-K9?Fq
ze=0gUIz2Q2V+cqX7rW}SaFot&;$8aOi1XtMsdU6`5>xzXsT<rXVWJj>8rHN8kf5iv
z>OzkJjJrf!wC~;DU5yyWNMV!3yQbt!g<|PA!}`HUB*5eyN6M~MR#p;l;b@uc)l<B-
zfB${kak%CNxIhzs4q5mui*;gVKchWFD#5!IgEb42Jni53i$ON~VZ}L`LHF_E-WW(E
zif21??d;-xD_@vPKmVy!b`c;+f=DSI|MqX&QKON7_x*N~_$(9!S0`HMf6#CPJhO4H
z7{5!=F)4Gx&9obKEK3UEfVfBSa|8-h-%9wK9^0#=(UT=Qh2?G(6BFxDuDWQ&ASHxY
zA9UT1#Z$5#<__#E9`$FDU$PG$>B3?+n7KpdgTqm8SE6$v1p{(*J)*?HcPjy9p0i7y
z!Ztgb3Vo$`yuw<GbK19}joJ<Jqu*@ZgeXa=1oBzsON!Y6k_5i*Ptj%CAE$%^efLb2
z(Y(YcndqlTgBmD~6*8}R(ALs&d$ix4qpQ1#<c+KIC|s{x2kPjCK2`3F&(6ga81Ar{
zb(4s-yX5G&INNb^bMs_hMa66I1Ux!1;?5Fj3FxYVxin-f%xibsh#qsm_&zi@fxh_d
z&^7GHmCM4y+Mq!$nB?(;UNm-I-hI>bY515=fi%WohvXfqTv2ie2*!;qeqcO?6<!9d
zcBMD3pJbJWn(PSIQFK<&2YE61#`bM}pdg`kcQXNJyEhtwu3g=+l|k-=G+PN?x+Fr8
zm6pa$ZPZTNr>;^CfGL_G5Da#z)PA}iy+}VX8XS(<AyKI+#}2`u#O&MR7dblN^2Yfs
zsyh>%27*rvARJgC&d=0FU%pIy?u(R_9RRt5HX+?1F265-D?{dOOldJ?Z_kf}iRK9G
z?J+li%k{KeB3rRZTGtd6yLU7zI3HY9^j+&?W4IXSoW-ijTMin@do39NgM*0^8{0Et
z4)^@jBI+i?#sag9fG7p{%oDBXnZ4Q-^p0LYR@MlyxddtuaJd`R-0uiUg-0iPz^DXc
z+aHDn85LUCkMBK&?01>Nm^slsTl59X$NW`4_MY7Ei_2Q)92L-7bO|{S!B!(?fZ1Bz
zSskI@^B@rfA-e|l2=ztsY4b!Q$0ey-+hYq`tc&9c&jF($fd)E|Bn*7pF$--WZw4jA
zQqA!bC!*2l!hqL7r`g$4p=m31B}(G_78YT2F=OUgqE>v6_(Bs&)XJ3en0p7FJ3rZ|
z!4W>f99ReR$_tSq<v4ynY^=%ZB;Y?!>t0I`Fb#?YADJ6$fLR14RL<qg+xy{cB%eKc
zj*DM6<{jKSy4u^tQD-$`^KUCF{{^s%q}{qqsl&{HhC$Px3O+3^;dq?~edkG~uHBOl
zBhuoE33KEFRNs*MtN?QC;!ii9qZaDVP<Ez|!sSqNzSe)ASM839%CqLL#&8Dz6|Q;(
z^_;Yhj*cG;cA#aP5a7P3HZ&v)+^B%u@m!mm&T7u8U*x@)<5b1f#PFYl1^s61NFO-1
z&fkgXScNxr41txmQ}YAP>lI;6=uHvrBkI?uHG!Fy2b54mkmES`c+?`cM-d`xubv!e
zA0=&970uqUI-Rt#@j&g4n_E#cDO(zF$Pa#L=RG6|t(Llq)Rt<HiEMVHXP0W*Yxygp
ztJ)y9e=m7b8r^j-Byyx|Q3Op6)#U;&w5sXg+Cxxa@#O9qH{0zO(S*BBZ-DRK9^}(Z
zzCc_g?Z@Pg@c3d1qC2*Hodzq6BBJ8st?9;lMsOLb;hc!QD;i$Jo`>PwkrV)Kfb1a@
z4tgdF%*8EWk-FmtyZ1x>1|G1x&sH2VL+rBfjw$cc=R8~d9BYufT5-F&L-V{p+%lt%
z=6#0EdM*dH*AEi!ukCEG5^i%vvj<*-Z|DF!RC>WLnnU5H2>x-Q14F@rSQDcL5V@%J
zP3*L8rd9$OE7Lf$IO3hd76?v;2Pp{W(e>J0&87F3t57g=@1^nHI3S$d`60SaUi%u}
zkRAf)pdR5HKWkP^o;%q0F{}2!#w28V$Ii|;uGx5q%hc2~FOe-5%%*o7x!a$)Y-l$$
zw|Lp;d2mg(kkYlg5liFM%d3flx!x9P(XiMUjvF9--^L!;jtCRl_hVsa*InXT@Q{OC
zSg%c|T`xh9aMv+$t!|xEAR1-;;K9uZ_{New215&cw4h04_=D&){ajqsxxi3H;|O2=
z#ZAtm^XqZNAUmG)E%<ybY*w|fx>F6jBV_0Nu)%jpW^w2wthFw1_%~FW-*7v%8!YuI
zu!d6zSQBX4u|j4808X}n!&Jdh6c@>}H|hWc`&!PqMTDe%x9%YH`0<5@{;EyD=E?Q~
zL<Ls&G(0H&e(8k?KkeRi$>-meA@5Iele#d;%+~&di5DyS5ou3f#^gK{Alqm*nbl@=
z!8h+fYy!i>#_#9*4z*DOvnP(KzW}M7-?gdT5b4fPod%iX9Wr9MHOgBHl_UbA8L%en
z75hM+v8e?yg?F=mJ2d8eSJ-^=z@Z7?VGdQXTA$Uc5heCyb9bt{<^HL%=IA<?4{geW
zGPSc=pdKhO(IL6YeQYO`kg$o|J()GI92Ok!4HSsdzKoLa`}9b+wf@7jO~(?R5|Gx0
z*2o2li3r;SD`$yO55||-<-HS7LoG5NZ?w*ig@n+O`mn$-NonWr9TcKcafQW-N){E<
z_S!cBRsbOh7Slu3&UM?Q)kdySAkZf{MTgl+Y&zowvKQ=i-Q3*b@ae8&ki-*~%j3hl
zfolk_bgui&cy|mAf#0wD78I32^ICpyhL{J*1=Z6QP5k@vVoC{HfF-tbC2@q6y>()-
zy2U>M#2*3g>A^Y+(j#2-E(Ub+2pA2wO4EqZ%zX)POqZ;E0f=Mng*DZqc8a$%+**~l
zZm(O0&lfI;b)oA%Ga+~4R8!BPEg#jmVjj+Wk+9ZNp>sU}E^zoW0Ec#vk}ZDRRUXaS
ziR(Tg04hd&T-}^?PVA|gx2QsxIt{J4kTiEds3IN|)Dyn(H~njnht1Z_#QwIs^*r)L
zH5{uj+*y&7md4k=GsdVx>NNcJv*I(AYiNu`9KIN6ZF6^q${EF2mej8xR*6W9>eCBX
zt|*%Q+S8TU#I=WwB0g*y0-6gC=}&D6F$4f%yFy)Q`RwUINsqxxB*X}cEe|rF<<*<j
z8+H`e_e%3a8WRGBhH^9-J+D%@vGZbKB0{n>tl?wKf#psk=hX-zW^jgN0L!+SLvWP<
zzGl6B`}ZD)Ri4oP@PnwhxNPv%n^;OMg%c|dKYjYN&*-d>8LS%^h>N}$|CkPDj7gar
z%HQoqUFw;M+zwn5-v7(2=$hgBFJNHq0fYGmw<M7Jku17DQ$;OJV;BRFUC<XX7+(T*
zk4>d@-xt%LU(_DOW}{)Kr}x1Btg}9Nzfud)!(eM8G4Tbb)x-YjRdunT<J<{Y!m2fl
z@pbvO9mD1gNu*Hzob2$3d0l703S1qwEC=2Iq+{ZS{v8gym7M!#BH)~_RLGD!K_6Z%
zm4M|V*Llp;b}DMAi%~9gZ?aeO*VgnB^Hw|oo@%o$-d@1ObZqSr)^dpdG`Fo_1|U7f
zFQ}M1ta^}<ZqwTJ$6yw<<%J7&6_RPn6(7jct-WHZHzAvGN$EftiI-GM=A8YUq8n>`
zF6G}4m*twL6b)|O<1=l;_3P8Q%z?;}T*E>S;IU$^m=yqM#xE{jj9HEt0;r+Xr`4_T
z6I*s^D&m(8#Av+dMz7&JEizX0=W}L8w%hx%-GSI&xUi-Mb^GJ$8_kJSmJub!8RVH7
zaz9t=Vh(&B+`=bHbL!u2#64GwdIDi<8}D(kDnv3?C?0>xm3Xxh?=CDDs{AH6*zb=3
zk)L-nN|pmM9N@Oa&%j;KyiF>It;HAHFDg8g8DoXMmJ1MKx8YywkvrgqbN}N}pmsor
z+@(SPcYh_QZ(wB9mxjju<Fa$=AL2^flgsQt$0~vB92kI|_<!8c%B3JGWehvUYSvWO
ziOvRNhvuyJ-_x>mrnZ9G<}5<<{&8hh>hlGxyojEkwmEi%8)OuDconS}crUz@dk#JB
z#}#klDMqtv^m}wnvOb|}w$mc#i~tUzoKDgwu3JASeEm8$Uyc=^7q@R?o#X$nv5o@H
zAmveU4Tkxo&)n0_!^Oht5V5=k&OYjS{fPeB1v1fMw(9{H!3Fex_IxhzRAh3T>Y>;Y
z8;huIMbPez>hV~Q|IL~LNBu@<biXpKjycemgbvOc`n7*SYRmCGz6*9zzY4@l<u}rl
z=fUxszlxIGdVmWi2_jJqxZ?+zf`j8tz*_v`(@r=m^e;c>MTo1vis9Z`D+CZws>hg^
z4EMPp(YSdZn(+7Q-7|b-BwuN+`}+Y38Ra|JFMC&8D>-ku+HkhgRA|UyyA;mqD`k>z
zjzZ2xg2njohRv&)Ym1)l@sAKGy}6=yzxCz)kKy*c(g;?#YfU30cz*3I4kzu@AieW$
z`HOK)bM!38u7FxxL9?>q`S!GojLQ?2@3y;M#^mXN>KI83J$MVD9w@QA1?r9m$R=Jn
zSy?wDqR<vxpdx5<DLil0F$xzDcs)J6cAe-sAb~#Fa8efHIY?*!6tS#{n1n>r8D@tT
zO|62p9rN0@2v9l<3c14nDixCV+KU2K5LDAT)4kW<7^}k0!9Zzzm#uIwD2NSZ!3UjS
zDr^DO%_imGZ5E}h!<C4-CrS(NbgX!@x3JxrHl60Ty|lDKol|QLHv4Zo4p#JM;*5HK
zaJX-jdO|gvBO2@;I-#zmRiFoANF*NllhoGz#BALfjzDegq&qVkj^jnw%&MP0y8ZPM
zkkRMcvubMElJ{0_(iao1L|t?oEz#@_3XjLLo;#DeT)rStSLTjW(tIPMX|c|p_wL;V
z9$uw^^*B;rb=RMOo*)x-goA7e`ohK+-v-+VJm;E=IV{A5c5mS8jms3SK7C4;q~NK-
z>AAp5dA!LY;*$o-HOwk}K$@l?3L8_XoRYe}w>=`NFn2retRNk^0@FioWDeAb*%UJa
z)MJ<TSC3fVNVA1+t-LnRuz55Xy!s;KMYlyA^V^mzX0@eypN<NV{l(mr;c8e9Tg1zk
zFH0SpIW{<Du5zm&9qDkOG`t1&wpNZBl|vLKL~oB5@@eXtj(U;~qR7P?4?#9_0gD3W
zqJkhrV|e=CW>4p%J!MuA5RE=?J#TFXDt2zt9661c4*Y%C>s9+q#Kl_wr2M36vi<DR
z{&1O9_>}|Ycp2ZSi?&-W$BfG^G}MHFIz9W*z{><2V12xjd-DD8#M>bK0ae}Zg!m3u
zA<LEK1~osbgh+z|_ats0Y?D)`B#=!C;f3d77jdXJARx`vN`iq?1tQn?e2bbiw^RV*
zzHUA5<>%+`2}?qp0lOU3?vyXpmV&qKkl;{N=JJ4J!8#^N8hCySC1N@lgGK~+;=KB(
zBoB{bG>}P%_w!|D@Xdv%T4-5eP{clvPcfemsEcfb-2_2&G?Zk!3Rqdnf4>&IZjc`g
zj6+eY2W#Tp2g<&iG~c{yH!M(#APC;gcuQaXXe3P0xJ1SjFl(&BwR#ktUuebP#0#aI
z83W!k{*$8ZBcg-1jh=@`04uDgqLOj^1UsnJCoWXJe27^d+1BU-I!bypoCC6rsY`Rg
zCy%qs4eZS(lrOb({qe{=R<uLCCzQ1u6sbq`$J?8ifvWwEcFavJQP{`w^~<RmbPZti
z`psXodDOI%6(Ye@iNtf!<FPNOCwxh<@#VT8Bu!lZw1*Mip&J-*tnNUWlg4;G7taEz
zj&0Uyitvyjyx~ytyVyzsdql|QwVRuLxL%u%-Z!q6GY1Yx_5c@g$fO2?r2juOpT!(s
z?l`r<yoVf-iZ;j99BF^BO5Xz}C4pGF0LuUK7*jEuTgijmeBk>vW*ETN8vc$zj-hIu
zNzMoS+rEvc?X*}RqH`E}_p?w150I;b*d+PoMcX_L1K=DZtt6eT8rw=CgT}wCaU;M5
zRQnK+mlSDYJAiaId$Ll<sm)8>W7h4$WY;LRz|dtuez!Oa*lFY^wsH;1|1)^Z4y|Qu
zd-~%tb_s`1K3J3Yw@7EN^x`5j0M^M;NYISfbq@q(<8q*<sUoYUr*UY$D{51`x3XOr
zk|k|Yb~ZRO782R$8yg!5@8!J5{~#%?FNxnqBgYLRBoLifA=Ts{4>21Eum<v6_V{{N
z(3q_N?Eld1OBn<+@eOb>7_bLxir6lV0tberzHM=^w%I)eC#|hLC?!C&kO#}rc>8iD
zfYj92*aE>19o%K1QclAe!j!YdOI>BaTE9FSG~XI&6OpEfK#9NtwwppncAUnn_4%kL
ztk=L=38N?t>pvWxWR1CEFd5F!32gNWT*$O$QuILGS#`2@m-}Jy%zSFtn8f`)99Wky
zDYUQ=ke64D@c0sR?f9b+<#H!{e<djv;&8<={7rs&<77o|9U%MrK0ApZJ>#`BoVlck
ziRvZxz2gz+uWgRyAkVw@oB}i404m&BTj{Vqk;;GR(&zPaqz>JiAWv-wY-0w9qp&Cd
z(a}4rdA=o1%F4>okQub7>ohPP)<^=+fHeOlCSb-z=Ayn5O_xQ5DSH5{9~?uVcl-8R
zQ0*(Zi+wbnk8p-e-{s4;>V8qs{uJ<LQNdPZ-&)}F-j0-NM7S_0BEC2?GeZQ_g65M@
zzHo_blMuJ94$Z+u#5iL2k^R(qk48-X+SaW{&iDU^DqlIjb}!n><?3|3dZE>5ptFR>
zR)rV}q_ZyUZ@m2N#dAeoU^R|T(HMh@xBVS@NExBw2J2YZH+-^<XoKai?u43j=<**$
z4&LC?PI`S2(v<uW@7PNEr0Pw*t+wThmEnh_ghoI?oNt;VuojT91cR)-sdZVLhUv_i
zRv`G8WC?8U?tR+nXLWu(8sPPGlCb%^aCsV5w1#OBQ0vfhOxETY`*H?F)Dp*ZuX#qU
z33;4=!^FuoD+sQGm#YFs-T@dOA}yA9jzBiv3xMn|Nvdsk=<Jy@ag_4*nLDnou9X%f
z-v1#<qsfU1*-5B5J!_ir?MyAW+uDPq(W6r>M$XXkO|GGlWEFdCyZ*$({DDzB3w-rx
zY!1juwzYnU*_8yedHVDr%33J4eM&=O^z@HffSZm}h|pej9H<AtPD9@5K7-Uhpp)H}
zqO9*7+y#Sq<4<#PtWUCSo47`AL8$HmwI!$zyl~;&Gu?%!dX8cKle&0SSoU(zjqlj?
z<fZ?dg=8WD#aVbzT)4&d9q_+q{7);#qV)r0>5YieNJm0AF<5yp7{Y^D6F<>q>3^BW
z|G#00w0~)gMcfzN_JWYYe~&N=&Iv+Pe7>XnW*<RQ1Yqyipw8gutRj)aZqAk3j@6vz
zc>0&$0V&Jv4LKTZQ1PI6Z7192CQLI)sl3eT88p6&KlC2V(<0oE5^3lc_PtR{mN~U0
zV89{j(9cn}?j5iMP=ZZO%W^(f5@5$>2u}le_ubC_b0Yn%Tz(>J-)b~L9YrI|C##Dx
ztc|9WqA#T0hb)#IR{w!s$oA|iJqJH1E(Zr1_tm$2T;BVEfWLFnPUeR>(s4B83wRIo
z1FGS4iRA!Z!LDym?Zw?<<<urENH{@_`QTI+01?NRdai+r2jC62I_V?6&F?2^PW^DS
z{azr3A=45wBQrbocHMw(=}`XS9^W9G3(PhGLH0!;jbKSPOBuY#E9^gcXqH6V0F`{)
z$3By*HU-6_ts@Z;$#&S`P!@5aTeZ8idceKTfE_u%Im%}NwStUIWL;b~=Y`a0o8o@*
zm|$;evzqal59X(MwRC}xf@};>TBvB`b6LQ_nwl_Ja5DzU3PY{1(t)LBpdiDgyN`Lb
zk_-IzgR()FU~2~#K#Fs~6Ck_2-$QT%ygB!>;NrvlvG7l-YT))i(;dq8jH{7$KB6?$
zP#AaNCpmS9Zs;cBYVvFK!NK;AQ;OWtyAlPMW%FW?;P?|PTWuhv{S0d98lXsW39Tv1
zp-Y^}VGR(`H}LoW%b;LK3s@=1W?ko#%nEm63r%yEgWhf(rI!TO%??iiSoJjJON#c=
zHCNXU{xZz@pwKo439BM+-9c;~yq%o9j~-=8b<XH4SStgWP9!{`@4Xd+*EeD6bNQDB
zzl)erP%wkSl-UWQdf~?zx65D~@54`@IC8s@@B;-SWlpc`?uYgQV38oK9&JY~>eu&o
z2D=|GD=DQI<M6<x0AA!}co)_~F>Tg|$PQf<sJK2d{1i_udtfG8xTxxv2ncio`GMmS
zY#1_*%flDahD%NqY(6#`2Cl$vBY5Nmut9dWzh-%3C;|or$jmz88rOLpuqkT0lbi}1
z#l~0H2yK6<Li2}U+a=I)j{l<d>(}DawQZt<Uph1kSKu#Rm_oHaV*DyVeI;w*(fX;o
z(NXJq{xN^YE9Dsz2Um3=zyo`WjNW|)kfyZrSoXjMzLu#lEiH4|jfqtcl3O58U{3&#
zZ&=;T$p)TqhOn2_oi;SO`O|Kd64s`J^7L<bz*aBZR2rY>CUa4dc`g8feqI!?<Hans
zm(O|RLvtof6{c}7loAu61GscGC~RY{j5#pDkhWpz8)*Bf%nzcxcpK)GWfpH;e~PoB
zZJ0?qzYYQ$K->;Cop3hAY$#FyU4W&Le}okIpfdX=@Gxj4ck_U&s>FnBcZGu8rCJ~0
zYBGR4tYiCR+uGoQYQq(_37ee3Jsm?Q`U)u`izA%b0A~7Dz8SOvxYht_3w~mex?i(h
z`sq_M6d=IK=d#k<4Fq6ye^0s69%oNC0%#C;Ijw!4fhl|MrP1C`t-bvq@M`3cT@s~1
zDcZ*0zaMT3pd^cu+mk;yd2I0qHzB|U@c1YjRvJL0uOC&h?Q9^30>}-DOsZTytnO1P
z=k{nOAeikMDAKP2pj*6%YkZgLE#R|(lnk`5hZv)1<KhbKJYLM_KyZ#O=;QqE2WQlS
z{5>|XtFOu<+ZrA41@HuT%R=WM<qF@%|FR}3+Wv38ZgB0b-)r18dKlmWR+*rf7E<Oe
z>qxK__#51Sw%R}(%?aL!mquj+D+gbfX=Mw9_As%_lkNWg@_J`w3Z@a!(<=_4E+D<@
z*B+EqfuBF8Sn;TRRMmO~qzS^T@yk-s4&mZiA@zuN^qkS)YkdAlp6`hm2rBGdSxSAS
ztJ@3hCxk%#z+&}=PO}q-l`B{@++A(tdjx_q4hzKEdK?tWNllsL<0~2!H1fc{Eik?y
zPKptN%-+X@JlYN(^2*%87PoY0C(BA&(7dXrX1U$q`kPo=up4Mz%AvdD93CLo!LQ@6
zd{P%f0oXe0_Y4pkY&6O$W$Xo*7DRQVEmk2+r*%8jbLGHNUHR-M7?R+Zf4~ONHn0Pg
z#;^pC-#<>=&@XlR9~2%BtAF-FjC!Ky&Yhl%YD_}rufd!Fr-|)#PvNEnpmKx_wlLX@
zAbQTYfR!Y9^2JJ6XAkpB9x{zUC4I{X2tlD}cA7(fcZ1W~91n;qv7HbX0Zors?U{fr
z%)eVXz!qqz>L8-}P_4>$J`6C3pwrNF^NJc+TZ#d0%fP<i;$^=XZ-P}s8i)&{&jqH^
zHL6EIaTE}zWCd3|#jKhhauy^^EL$MXaqzym4M?_lT-v$$6h?V=H;KN%)3vfklqOO~
zUEMf8?9H>5tRmH#-JBaQKicmfSk$@Z_Ur;#TL;`K^@jmhVNTq4kzxB+09!c0&DZx;
z>VK$sMQI(*%4Krk;EZ{==#n|eJDfWgml1Kacw-*cVMU8vmr(--$_-{*RMW+<3AUnw
z-4<Z!z_=2g<ZGY{05pi5HQ?eoLMVjYyguVRHU$U8TiLPTK$-jF;H~IWAi2H;GKMQ6
zIuYx!+VE_vmCSfW@7LB{Mwh_+y_Uv>)mY^G5}O_6*uumDR-!BH!4|9wv3?z@;Ykuf
zgdS+w1lKXYFlO@>EH>*;bk&_V0L3>@e0MoDx3^W-W{cKx%{H>Z8m@Snj#bor#A~6O
zC_a1U6yg>nbeUJO)PYmhH#J=#?OKc}SA!kyET`qvQTz8F1Lm&mxB*zC4~GGGQiCaQ
z8bjFcHwnu5PnLktAb*3kJPX`!ZlSdJ5dM@rC5&E&&vwWCqR$==aR%%bn9sA{fK%40
zJ`?)<mCCL%TL7KGhF-$ui2MQ5ZKH9HBUjYGN_3)@O?rUKtp!n%-e)Nj3=~|+(iE<+
z1s<h$MJrYSIe-GZz2Rq}CfJcT{}DkV<K&&6Lx}~TwAtS1@7sqT@;${$6iTn^K!qYx
zVi5?21ON8U<EVp^ALPyj0(10zdrW0luOg^V1-<KlJvLIRaXqL3sY`<jrOVY#T(_Wn
z-k1JA2SEk{7|Lh_yRTFN4h>6uvo$yyUcY4`s(%jH&}2o#gsTw<hdJp~5Q?<;3g7C6
z-R^wEGQaRLup60OiNfSHp;!%&r`w$KcNjBR#TQvJWXv`Fw0`UNn$M2im1%A!43Iy5
z%fP*3d4SsZG_O1uXR=za*Tm&VypsslEu_wzuF$R=MSY=pO2?iHf?O!xK6-44+Zi%_
z2ZvNI@$hJZTnS|KR!?OLum_@oJ(lTYWesL#nH~YNXnwN69y4+gV5Q+A&sZR6&i(_1
z7okw`{|`rJ{vD1&j-}Rhv?9Nw!;mm^gM!*zTF=fd>E1;y*1bjJ%*;Gt``}C_cdbPx
zdHq~3J6#si;}>l88A<UYzK2;tvVt%02cNohA^#Hpm&eEX=|W!&cFNp)`J(6e@!wzE
z5~EjZ*^(EYH0HIu`S|*~JtciZ$MdbmhLg237+mbUF>Qmzc^XPwY<S7FxU5{~KMf6~
zo$!~h52xH3#pnhX6gYW!dTMkr))^Y&AA?)A#D!6xoB`^k`qDq|7UX)HxENkmwy7L$
zCBc$({2hQ3?!>)D)EoBDz5rqXM`i{gKvy7%KJ6i`53MWWnR0+z>)*;oCEVwSCR``W
z7g<&|Xd5K-XdBLci*Ay+T~V?z1@Or=<!_-9KBMymg3ijtrt!<Z<y!;|rxxtlJZkJ2
zm*G32t~eE!lg1Md{Ag2#w$#2AIAKMEMKddVTjU<Y5|LQH@V2qXo*+njPK1V2&QI@n
z1Jx_|7n+P)NzWhu&Bdk$b8-(0Nj19DejC24A<r0|@FgfRvuo40OZSkq6>5%=>QA?}
z-?FU&pXL8G+J016!$OU8cFM`hDpHdH<4U6Q+s`1!RU;Xa%S8f}2Ty@8g37e5dQOB+
z4smJ)@sysOLtyGr%+#Ti^_|z7SNnE&=L1}=+im6(3QX)BcBWTKCp9P7U9J1eHcrki
ziqiDn7Ns$P!YoE#x__->6yf$U%=$L^$g3{>MrW$<Ox62)W@clbiR;(kn)ddr@V>e8
zig>ujyzbDfh|?1^*1f}8+}LE~nFRgo`g?!c*x=rq?<(GB;NWJW9IF5aI)9WI?CF{7
z`|t_Ra?asmCYuXj6l)Q^l-)SWW$vzA()a|w#j3Q=LjS;kY+`f&UR|QU#iSI&q0ssz
zn}tg>^2HHx%03R33}yEqtiQ(guXt4A)e^b!k#F+LnAu7Tp2H~3A=yfXX?2G&3@fX&
za}bwdRZZ?^CfWw8=}DN;BMIZI{`lX5ird=8WoScZg{LbW#ybx`+Epa66BqkW?tnXn
zf3wK#B_2iQw?1&Qqq8m^vMdP=8J74mfAn~Rx-;tZI4bbd7)pdD@+7t8iEqT}s{hxr
zkX3(gCeKZEts6bb`xWlwgGbu4!0ITd2pvS)r`uS|(uPv@NW%|j+hyIyC$>9h%vsi%
z+1Zo88C?NG4qihwDs6GQa+x-X%qtt`>k5mEy4ebhU$z?_f7@?-Un)Rk$m%~Qe|_5N
z`^+lC#2IyYFHxIW%InpqFw%9|)HVz`NKNT<pUS#0VENAZUY)=rrYpxA(*ZT+gS<GY
z42g4d&&X-Eba>oU9h%OE7Ob6yg?0YM?cGptn%c4m6qtOQ*0k)8EN2T?H*RieM6t-G
zb_avq+gF!nrbNUz<lH*aXT3Zq_blp&J?_q<HHXs6>vX$~O^py-f**;F$z~H^6t_;k
zS#)taarSB0R|VRJ2jR+tPoS`~#r>Pqfvm&pYEhc-*Dop4HHL-lu0rHL0C^g~sUxq8
zgiq#jTP23&Vf=e7C0NYl_*5C;;|&bVwA6sfBSZ!V7&s#$EG$eb77NN0Z|tyjftC~N
zR)g<F{r}!Q*pyZp2wk8^p9^dSHCjiY2>JEwHyMHqv$xeZ32pT?pW>sJ&!O&o^YYm<
zmDtW^2Pt_4=f0i0dB(+-gQT;~703Ly*0YCrNF1$xHBH)0k&`yu$%p=5rpR{138w6_
z%Ks5zh5;Kz<mBYplM$CpuFJDflFK`IMpT1x2k7Sa08!qRmST^f*#bm18viHR-NtVR
zxB%XilzUe=DuGv;nw>=?u^;UbQ&Ct>p`Q5inMO|^SMlZ4E+Fi}f2s2YH)-k#QMXle
zqIBY!hAG~y^LEI*_5fZg1*CykUY5Mm6HY0I5LK5)ha2?mClqamUzx*tm?glyPfVYK
zzJb_JM|6Qy!T;O!s9<X2>!ir}o^6GLUE-_RSMCIbkS5FsC=T&C_r#RAE~;|B!bIhz
zmF|MqqtanU>|dZmUpRvlGwooJJLesG8#Vk1lhSi3j0tHvdkZ{NZ%gwJ=_LHYkoQ9Q
zQ&oPJ-|U`n+OKvBnwTY!SMeUME2mD=80LEp`I*-WarRUSn^%c_UA42HPlSip?aA3(
zCvn&^#2h<*YyBi!x7R3;!mdbg!ptx{P{rZudw%NY2>L_sujB9O(;6F(q+5!B?If&I
zWG??%rS<hJR~d0ufeTZKN=*MPK-LVr@;t)oI;MMUjg4KaX<O$C2$ZMSRKp+|_vYFs
z9V_n4$#r(wo|~>|$0f=on-_9!*5LK^HPBYBtL~#Up7hOOXqCM(GiK@fE+YAKsgl>A
zI}lMsGF#vV{LtJStLr6F$>~51bBxO1+}*x@>35ivRzhWc4s#R+eu(Pxqf#1!#<vTa
z>AJJu5)41B<2M5VT-;$`W^N7_<Fj8~Ca)>0+RO%b4fXa;^=$)(B%3zXxd%?-uo@T`
z2=zJG7iFexkww%K`v<krF|_lLx&lJIZ;_+15UdCQ<Y_Q)Q~~swm*%^g**mo#BzHLX
zep-J66$6Hs4mDP_-1psNC>;G)HfqSeK=@PY6Qc^GWewIxPviu4<7uj5ZDHpFG3ES$
ziVZeJyHb;I*f4XT;+IJn5}}nWH>KBdt4l_7(mf7qo!RMmaewPoShbCF&PS`WOfb&X
zy`!WqSYZ;}`DN@g`uQy|!ex^a4aSbbN`1zJ)NZ?!7o$%SN87V<vTuNa^7h6ep5_iX
zDc6T0w2}gTu{*CzpOLqbSKseH@<A`JgLgGZ-3PWsy3@ynI^Z{8aXv`TyzMOnr(J&<
zc_CbVo|h-{{^;R4%dUwb5)<UQxu?ncGOwc#rFPQ*Hk7<Nc6{2rg>_SQheUAXVPQ>R
zgRKhOW7vHBlCti2d>a}4agh03X*bX88VhV_qS9&HP3Z9R#3892<NA}a9VijLA~&{9
zs|w0zahk|lXF(eB=G@zEyY%KebZj>!$3K3yLofnW*dFnw!Z@5ayJKwap69(hz9Ik3
zM*k%E^O8C0Akn*Q#-&sCBl-D`J*6)5fA2_+Rrsn7>+93L4+HokEWKU72N$Y|epVZK
ziAsSV{=0I)r}iF0pPjtJvNpnh0$>%~-z}1WrFz`38*W-OpIdrEqv4hBdYVSKtSM~+
zhs!D&136ndE2}^6z0&AB!&25XqrBD7*iIL2<U@I_L4duPn<H!G|H0Ae#qci{F$r6!
z0txo;@JcDpg%rx={IVR?y~U=a!D8V<RId<37JrM<A?wDKd*7#|dJyWy*5$u6DY|!p
z=Nl-KfVU+(dCSqnDvm9!_%s(6F)}a*0t>Zp>sAcL!fc<T{i?xm2v|foL<Qc1@-%lF
zrPhV5_B#nko7U{snWzekdWQ+~@4$(*wef#y<h!@DH#3;v#=sIfU`+>{=U^35dfHs6
z!X396<2`9VD@d!{#%T+HPX#iQ;S}=FdGcC)(W_|i+V7^+cYK4z(r4^SsX;rb^6DDD
zbSgE(<_H+E5ZFaCFt~n9O!+TX>18Uafg8>5-c7Q{D@k&jmY(&EEu6rUV$LtGNm9k!
ztC16<ei;*Zo_sa=bOfk1*LsNl*fYZqJh$4!&OKvZFq)N(gs=+1W60!cA-MtTScBaz
zDfw9ix{QbF;jFaO04CNalz%+2`<*YNg==P#lar^Y*+Djdqeqld<vL>NP(nFsT@hyU
zP+kF-!rlDL<Ce{RVs(yP0uFf6AoNsnZT7YJAme;jewtYDg18>nBxE=M7wzQ?f%G=k
z8p?Mwd#y-iwZPDD-8~b)UQMq~xskeq6l}nKIuE}19IWZH2i^%$_Z>;6?)hFw9yOo)
zfuxh`oQ2%vXkeA4gA=R2{~qA7K6v@GY2A^+)yVWCJd2C$z~uY}<nD{!rYwyc&wz9A
zA*#H)=blC(ZF@xj@TUCLlBL;W1&CR(br`gJ3Y>IHtsg@<&u@I%=*H{#KLf#OwS|jc
zzeW`-H#@4m_r2w}IGH}t(%IS=l`YQrL5`)g)H66_I2fRB$l$7^G6LD9i7!4(#UNuP
zbca4eqdAU6gjKaCoL(;W;E4#;-r79d#ifHoR9t}Hz}xp+C<AR16+EdqmHa-{HUt5b
znP!vt_dy>w`0K&!^zT$&e2W19tplI@>Q#lIoq(|UK>%oTUB$5hubuqcdx;b2<uJh9
zYXBbtOA!?nwYfVqj=FtVx!}5UAsv;=uGaa(m4ASD&`;nIsPE>m5)YJ82p{7Ef`Xvt
zD8zQfgM)_;o!OGxan4n}&Ej#lKp}F*N2_59Z}^Y{2u-Raij<JXlX?sV+1p>%MQ?o5
zJer36ZaYvivq1^K6z3vZn!hE?f4Yf_Zc@}Qtwf@ibIzYS{m9AbFRe^~oF@+g-YIpB
z#J!;f(C!Ys%jv-U)TR28TR_@gWBgawI1|dao*7YHx_tTRt=n(sNgEvjwsFvC)`!DA
zH+mHP7Ry7*=o$c>@6cywZ&Ss+{X0_|8_@aiEmtC-k6bts90y+TI$7G;k_Om(ZY1(+
zi|FCQ)b)=fhVsOyAMe>q-`26L>_>0JbWcKOkrln?bJF<TK(%RocZemF*C!Mm@?>86
zH>#Xq&%uhJ)tr^TL}(CS8&Ph8Hijv~&W0kd%F4V#628o?_!I}QQJ#f~-{L(5l!>k@
zHaTvlZ#9e^rnvBioq-tyL<1(;v`r3DR;xWOnFmgZwdIc`0jeP9Q(GGT2d%1Nr5lON
ze!|XeZ=2NzqanLl#;!J4#(fOHD&;dDItj8z!23vE2{=w>rgAy#->t9{eDLI9xt?oF
zpfFkBU<M}(wAm@{<K`ITE)r|GYQ0piQUopEbBzuS@g!MU%vk~hHR&RB=*Yy7^2>DD
z!K0S;_t77e3II>cqIs(5J=!(qxvnVT9__h})PeW!Xt<6X6d$?rK?!&x;DvxZM%7$e
zBr9~@`yPL39WmX-cYf8@)~2^UD(E$Lw_9{oD4|YVAmZVZ-(_t&>EVg7>4k~LGXhJt
z&d#0>LUc(k9;qIw-GNEZTeaBR5j`cANU(9}zj6EP7JV{<RNR$ZjgR{FuipzCIaYn=
z{r_?I-ho{1Z}|8lGudTtN_8Y;W@bbs(L(k}WXs+{QAm^&LP?aJ?7d0I9&aOL@A<ZU
z??;_;KIe44zuzCf|9<^b$oqMo*SPQNy6)?KJ*UNJV5hQVGkA|mq4*K*5L4s`A8Rjd
zfWRgc)TbDLAWOqbs;Fp^*a%7Hnnr)<(^HKG5Q<-JU}TZ9oY}%m(~B<~qpLH-G~h*`
z-!g;%zpz61wcWUMzcPP?)(_L$3#+wtCyek=#r5}1Rc|U4EuUc8+I&GZsKdkG-5Aea
z=^M~xCLzE@Fl>EoZMd)WZ)Ng`xy~G+IYm5+&BFK2r4ENFh(7CP+x=R;YM-ec&hV6r
zzP@;s>jVWu4#BZw3E#|kFbpp*bG3Jga7d2$UFW~aG%PKj#x|Ed|Fupu^4Kgl?->T=
z3q28IEBrI_tf#&dx;IW5!7?67XUuJB={Z?klATSu(PgFo);g}OwkN~Z*#OLRzvE~s
z2d5jN%zoKZ_tPz<|8O-t>~)_vR1_=A(r!k|wMigLok<39(i9FpR`eeg+pSho|1RWt
zM)yTYg|B}IdtEpTEK!{G=c2thA{hNbEK8X_AKUm>m#;6g5dbq6>p#5YH^1Ll^zoxP
z+u<Wgsi~E|&FRIFd$gZ5d4_Y2UeLM#r-B;3wPx$Zh`&ou1*y0Yo6u2USW9mK$;=9_
zYh-kIPWpuGIeiKcHbUp>#Wg6d^z9IW7!jW`Lkb`B)@V3$)=rQ-nx9rFB3V^$FyM<*
z2dqXk;(8l*+=JA6(!Lq)hcY?71!gKTl6-+dnjVt)){ez_m_$EV;pa4KyuAkhT)H3%
z*@&If40(g6KRq-pqEjGKm|SIz8C}^J)s-UJ@SuiORQq+1hHTPf+il<z&ba=WR}YWa
zrApThdA<k^R<7JEf&%96%+H*3ewn%EJD@*b7S1zfoE2*FYa6?;k=L<B#(8Qs@q^~;
z$hVFTp8lzpE^DzHl+zU1QZ(oGTF!v5@;TvCD~2_9{>XuhnO@hWl^!X(mykTRu7@BQ
zDR?w`K&N6qx8?vFouXi!p4!4Q0DPDqK@K25Oo*2MY2ZkN-Z&e(ZMuEB(RU>Znt3IQ
zMo=DRVi*9+^!AD&=Zx9}_?6*^I5y;>yv&W`cug<4C39?-9q(#Ql*UT<vZ(_Mm4+k1
z67Njr`)J?Ix;}kQMs#`NA}o9c28JyO;Un=hehq^+^gAL+>C#s!ofBBqQhU6YM5yOP
zseSn_3R?|GrLdiiUhE3S;5Knej^IID+#$1_ey|%*nmsa?U+SWDc4GXcSL!_ZA*bMV
z%fg2nxs7a>J$_@BpSra50{pw~tQ{;TPj8gB^B7Wp<(qe}lm1Q?Jz&pDv5@-P3=7$y
z9mz=zTo@Y;&`nn~F;OoKad2>uOPq$*&dXd;;l0Cl)s_j&JyG{;zMXe(VhCq*hh$iz
zyighIvH?&_0ffQbuMH>-zn1C*9sN|RD=Tble08&wc2OO>n>+L~1Np<Ai?|=$)n_~N
z^|<qf+D-BejEXSQwXaHfm=^BLz>4B>`%CKErvV^l6STtZPkp+4Bf{7-o8ofJo8)Az
zDL!C6LF>+Xl0;4p4n{?-Dw?F*Cc08fr}c34ZwX0Q`3z<}-UEbMuc>Hq9Hmenxitw3
zV>5SX2zMy4wN9&j&#se+?wpNmyaUPq9%fwBsMCkCTHjmd<tE_5e=1n=x6|Lep{zei
zs7>X2|0+=hEGrH}WkEzANV0s&BZaC+Q;Wy_WJrL<;n}5|a7^0m^x|UNHwNa~41D<c
zRFki6U3u+Q{`MPA$TQpae50b&B)?Y7ps`(Z=~&+veRHm72Vv`<4k@1&sR|Z__m@_*
z)BcAJvNZ)oP*tv0GUEft?TUz~Gl5<?o_#mz{O+=aJdVlx5mOX;m9eF-Z+OMUW9L1&
zb4qPU;A^QXKqccaD&hhl!AK29g?g<oTrH^IzEBf%>(IiK!$!cEA$ZAuk98dPa<A&J
zGi7oyBzIbreH3EMlYOZW++tb<p^UQ7_&7|wotQ2`<1L@B@yD-fX^H%>Bg^TxQ&b#(
z8q(F-`Q*8DYjlb9r>^z-?$@8mZ*~aDNp<OeX&B@f4f)J&SwA~1!VC}Xd~5Sdf*p=G
zd<JujR~%zm8x~r0eiNQNR^jxF5w7k5x%K8EcSLWFeZ~wp^AY%1=Nl_{fYsS01r7m4
zuK}!Ach-&tWM;Ygz*frh@~LX#`qB2)Uc2IA;#ZybDDUz982T1!bfG)k2e44y%J@wQ
zPwgNGbCBaWr9wD?Z>fSz0NLQXyc!u<B5NgNtx$(0k~HeRbD#wX3Jd3Zu*i4P`SJXd
z(oyDPlJJHwPQ?76)D#pHB+SG1ftA@jn(T{1V6b$GntGmqqynO@f}5-SAYhkY+T`Mp
zvhaWeX0~;4ttY0%Q|qS(=!Z;+8HH7snaxViVTttg%KA2wMNBDed~z})Y}EDH!9d%k
zm0Rdf#<cKFyUes5G~psAKrkhx^HYhD67Ox}+)Vo`7Cfo(pLC9;9r=a!<&SRuA(K~7
zO#LyLcCj=^p>ppwft5PE`arnas`isU^$YyucWy+v=0e@}%M82O+yll2V4|0(f8RZe
zOE9Do8>#ruXSnLRjj+sW%>VuIW-`vz;eqSyQVh$@u?h}u$t&IP%hyO~V#W8i?`~7D
z22-n_?v-%LgFX5Ta`7soFRsZ~=GhOF9@xLewsvQoCr|Kr-Kg(RH_(NZj@+ODxFyek
zkec<C8+Q}<kiN8!Rq#*r6O~2MZ5vECPfxCH;;0j{UX+$X2LVd(|5DCjZKqTDS*zb1
zmNr!DNg-=;UlW0cWEp9@&MzfNz1K?}^3}u(cm30)buY`{n&r)c(3lu_{F*kCWAOMP
z4%^M_s2choADbiF?dq_wy_}fPQU0oV_l4}j?8i%Y3r*G2s6d3`;P95w*tcT+uV`B`
z^`gc57|Fbgv$`g;d*R1xy{9+z3Wqbthjb#WXi52q+OXxf&kS7~xGA6V<RQ=(5V?U&
z4ZGAgw8Sv9pvP4FbH{`hSG>LRRdbVQ1lI}^bW4f#O-7Q-=frVGNwZZ`6$915;q10_
z7QfU-7zHhB+F3G^iWSL#Ko#%Hs^{iLeW|(QQDEhxeehM>xu%{&@xr`|C3SAs$)5Bw
z1w{WQf7WU4Ha?VM@AmvLXkp_V4Ycpnp<4$bl|qD&v%f6SZr0%Q6*%GT*AgS0*ic)+
zLvZ^iig!T5WRR`w{JuD1=%3#9r!Zr;-j~>X=^YjiDJ~YPvb<OZ=>*`(DUBnK$yuci
zAgA?Co~xRg7%F|!%t9@BA6QL}<B!~;#!^RIP-$hKa`TIu@?U}FKWs#H`-bmAR|VVU
z!2&2W%5a^?Fl!`u*?4DiD;6j|8y||npfcsDXTGx?dgj$-j}mYI4O0EJFaN9=ynV=(
zT1j{6$wRK$xZ21G#sH8qBzRpOf#~ubq8Lcu2*RzVz;3J;sWqr{?cN^%;A>EwW+9G<
zQMg8q>xAmn#ik+iL-W$I0H!O)>+$fRx^Y1dlz37Qux!WYJb(<GubWSXG7T#fX+GKA
zqZBl$4;VO%m}YANG)o`UJ#z#oi!9fPr>=a=DzV{cZ~`JaNq<~HqIQ>WUzlI9yzaVX
zWL9P|vAQW068`)-{C9ZY`^%MLz<8~lt;3IpmzHu{M<B$Zj2Q|I!nKbFa}EJyPe{i-
z;G1EoNQDx4+r!%cKVLF`rknrx5eM<=&m)EDyzL{aSsd*(`_Oz)BJ|L2i=WDJP;1Pd
zVxT0~qHN@IP7aK>>P;O^k9o`U$3W8|)IV5p@R3_4Tmqo|dB-cK?ZuS5zD=)+hIukA
z(>&BKf2#_r!AWK#9s5&|#VbL-=?;BLf+VG+$ZESEKnn=PCkfxQXvjLi5c|k+T8xbX
z*d&f&e*GGt{X>^SazN?3?o`hfOlaJ=Q6vYz3*97ZuVrC9K7s`}Dfxk;6K;z_(BvSD
zaKcES7lAi05mai6iD3bKz|irVA((I&U?p)F>oI6*Y9@@+fRtg(&JFW%knElDg>vjf
z=5;i~T%9)J2Ua}A$dG_tO`15kmcXJ=({c)3sB-=xZ{tUl>UPItyEIDK$?V2?6?d~4
zHE5Xwf94rj&{6pZ%1}}OWZrt7ZeiXL;vibO*>ud#&W0ruy=(dUy-FjBz3=g|0-S!p
ze6YT?i*@?c-YsiWQ@_iqD?OfUW*(;i6t;H3jsjQ-MGpnpVO>0bg>zgd(4`5$0yGs=
z`~+hE_LzZaxCa?pmcWiZ(hmA9XqbjhStt4~42P=_NOl4`;B(r&hYBFK8Vd}KkKFb-
z0A-TUm{<6)7GM`52*`Oguscx!2T~+FiL=(#gCG!Yl$meeX1dT&2GP<KZWRKStrnFH
zWGm41<$-E@@A_syU8_#Ql?qsofR|Q4+*zfkZtUbkAG1-#mi-1qq2txfsvs4@9xbD{
zgNj8U*tt1vYP69uAU$xg3(a4{)R>RY_K<^Ovs+-x2=OAy4)_r)dI~0n`!mtnmtTn;
zh7E{e;$AJI1Qw5glx4frP9N3$$7v}X*iIMiK1tm%?PiGnB1JfVvF&Nz7M$U$+(-!W
zmSOIUJWS`^mj1wqy}0*dxVL>O?i8Ab0-niJU$^;IiW&OJ+$S*(=?m;II?$QzG_?T`
zZncMNNav;yd<&ui4jmkWY-;+v<oIr<vQF_R3x403$dY5ffn52f8hu-m_X!Eqwu=W_
z=VD;Q-dVm>PYJ4kd26+E;^I<bS5NKyj?#%{nC|F?V!SdcvsCqLmdg$D@C=jFw7h!|
z56{K7aGX3#eP3W~7>atR5NFe&2@hmuCKdPY-4WpW`>fwF9JrkP+=g_*vIgN06!dW1
z?=nJnHL__%pV~HQ3*sM$H>auxL4ieHICIy9w_ZtsM~rX{$V12wVC=xR(11FbMJ3IM
zc=%+nsaNRpA;{?+7wUm$?{Sc8YY9E>HBfFzVA}=?1BH|H!O~oGrej`p%o}l*@00nq
z-04ldTy*i=5L~z33IL{x+2-V=@~R}D)1-(&>98HFHb_n1UFww($W)fU6_}4kE@31S
zjTW8{&Yg9*3{_I_t)gM@>+4dcvT-+}y+vd7YtviPFCt2-L9~s+oPV5bT&>DYtey(8
z*tw_N3G8Vnu3WnE065#1_E$tiB(gw*Atd7?urmBX;ISM7q9OqlygRy9tmJWu`Y8;d
zL1>Q!8s?#(^`Nhz_D+N8)te5%_A^lCOc|s&&J%X{$EB0@m_ciJS)&%~GTi-#OjHF1
z6}Q#MP{{?<Ig|)oR=t3+*J2bYCl|3Am|Wfo{aKKo#B_9bw~w=w<MKx}wszvLg{{r_
z!_6jlkewv*PYw9&(ljgn0HhHKx7`DXFQ13jU!dvFqRu022l64Hs$e@XTP}vI3PBwV
z5FQ+f4iqtv#vEEQL1KWqHcABmnSxoS1_arOiJ8y94D$zh;?Dz&ex}y?_{D>i=VEm>
zJ~kkMLXX>XH5pv*7E>RXlZ%T2QCOmGf+6Kh465>f`Xs_fM*;<Q2eDrd4NDIJ9?gsD
z5iH!?Zk+fAwz^$=1(wSLzy@HmE`U)ZNP!ccPZ72rQkLJR)OzI;$U2Z2iUyk<*?!i~
zJundIg!gPTl0R(d+r`_%u9x-H>lk-|{EMnA-n`s?v$@O~MS{^XFH6jS-(b`?`>zlV
zK@#__ot&BRVN>S-<pqRw$W`ou7NiFb@a$=Uz?ZVJrs!I85O4zU0*MLYp)K;qFmQQp
z^Ej~RA(Pd@XuV4kQ>CynH%BE{NW?3y#rEWSw&tcLz8Mhh@@bdeh391X(r`k2c5OEU
zPXm+KJrW3IX=!sZz6+3`AV!1s6IW6~dC7W@lF)#^?D)*3^3_r+qnZ@_YoMl~h~+6a
zC}}uS9%eNV@`i*wKYhMb009C%N6AaGVwbnHseG!AZr_Ijd$n(T;G3_(zM43Rp((Yb
zg#ZL{N4L8klm%|pU8=)-@VT`34?||W{MNCOQXZaE2-W(N_rh1iUd3hfd^xvG=$s_e
zt<ML^1CT(N`JiAZBj3L<?xz=CS>*;KO{G2G*F}LNfl6`#Bee%g{0B}F8oz3c!WTUJ
z=L5S7F@nmymhDnRxaZI?>UJ0A3v5Gp-ZF5`A&l%P%a&6QbwZtEAS3z`46OtmhP8b1
zIl4uC&cA8ht_AQow4>-Tz^TvZH>h^w5|)|f$0ZQT&Y5wp#fGm&&xG7sdW)KNRBd)>
zP{ail1`zwb+0-w=8G*ptd?CfOYUj>g`1GhqA^z%SR{d?C9*a3Fzsa9yNq|9F<MUB;
zULY#ju<_t-T_dmTvUZK7)7pK1z(@OJDnk=wdhq*Tw#N=4let$>=rVPm6Ot4;HxaHk
zTmencw~jYokX8+lfIhl^nHSt1oNs)Y|HB}bLc*?I?g)(#`J@IYgsRCxa<0MP!9m?Z
z-b_I~77FI(n5RwbX6ELsozwEg#RXE>;SST!a#CsVGZ6JwHcPOp%w)dh`iGmj2XCU7
zQg5((Jiim8U3kcMfi8btWl$<x)7P)6cwgSf@BpX_b=z&0YW4tvjB{V6bs1EUle0X$
zuIe{=n3bM#XF6<Iq0$G`>7GBoH0ZVvcVUw>?#-N*%8Jl$=#Jrn!Bv4XD(ale_N!0j
z_=3|QV}PKkdOk%C3=hsKkq=P`Cwt@9(0bgxYiTzn;wmO4#=NTr62$Q!g>mdFR(oBZ
zRJnoo-V^4(Yb=9_kyzHJK(rl?9v#u1I~I{D#X|Pe5rMYyL6roEam=5hP(WX>jB}9o
z&t{ta?#16NBWVB2?`-QQ&O)1YX!d(M{_<1(Wx)9V<>f#Gyb++NWHRJf<{Y(XI(bTv
zmio!siuR@CjtW!3Cu@Qd4-2Kp|F7enBGmVF{;<!iVrApDOo+jmS8*$A5jCabJaS)3
z1O-KMMMeA{DnLH7pUMXmmuIv1>3Z{QGla?vu`@M8%TVfssr~95BJH7eAX`&lf`3Lj
z0t#;ym=Z>YV8^;;$FV+8uK-ckJ$*7dGtPe_p31L{%ors+jwkHC&F2%NRs|fA3h12z
zQ_x?AE)L7<zCg~%EU#C3*YYzcqxBk{l80fm3E*fG+m*DYN44+xthOPEC+}EmA^j(g
zNf>n=0GQu9i8Y-EkKzsWQm6GIV7*U2@miMELcIm5cLb6TSI3uzN2O7$4<wC}A?FU<
zrTtuIr!YWmK!cNcWTJa6Bppe32Eda+8LGppjvKV2M(^*yZ|haw*ezEaj?`JRVqFk5
zTtDS?o!z6^Lb%ecRS>{EKJptAI*9yM%qBokIQKUhDZ70JCxf&C49XP`0wX9P<fBUa
z#vvCz2A*aCFzm#-;sLc{b8NVBGK@vikyw3sZ&SiLUNCW$ao9#^k9S5z@<17t-(f1O
zA?C?Zl)3<Fp0IaCydh0M`jD}E!6ts37FmFC2+&{-u2!nF<=`en!9nxrSgIQg_T&y~
zx9bSyM<XdDK7HXR!q;A2;{@I#w|Y<{1%4$*E-uXWPD<dDYRF@69&7jmf!5w!{<!jT
zb$sZOo)D3AdOGg+K4OE#{IoLEsE7Dw?6<A`<vk0Xu<qahZt^TVkWk`^*U({v$}xd$
zpA9rs-G=(1KioJIm^d}-HMO+->ym=u(iM$bSbaeTlwQM(T_b0b0WkxO*T+?E<yb@6
z6W}@IShOVO|AYwyd#I*zAm@hXr1@GzC?e92umMXz3x?@kn3Qd>W{4LZSC#|j3jQkq
ztQr|7ZiwYvR@GOOJp*rULmBlbH$KAF$O}>=XnjzbAcchi;Sm5BF{D4h4)a*MvvzA7
zK-373K5lm+s44^2K&L?_?K#K%x#e8x+!LToz?90CuWG@~-Xd;7%iH$>uE5>AQd9wn
z!**=u{G<n24wY+Oi6+G_IZUC@abc$r-uReYPQKXE?Vemlow%<!0cQU9o-r}X5G6RH
zN>Ku!21EoTPR$%pSk{UO+$EU$4t#TJFnw0<*Q?ned&RdLxmhI!9y^?KgKS04ck@;X
zl2$XpxyORQ)<#_wt;LR7nwWQ8?`D)BKcPrH)=O6@ojfwDii?O>lZs0+M}VImqC#s|
zCq@{wVc_5kE4L0Jaq;no(afw3MXAu}dkB2iwc7;Vz~tY3BSm0N<j(1Ti-R!{L2i^J
zKLo8OKOY}#s9Zs~FW8D8eN9eB3ykv%>E|?#51Hxl5bcfc>RhSTzgno~yVqBG2=q6W
z#eDQc3nKl02YagiEz8Gk{ObeO*9jz=&dE4ie~~$9^NS&XZ{eL=|6_iDFHZLMhC2^M
zL9c=-2i`teQn)4~IvT>uzkE*f;YyK+H8;QU)MZ#;s6wH5UZteyjvm7w+{yc3JGgZk
zJENR^u%ffJsj2?_x9DT7U29hzn+I;dF91qH6^>v9ZjaMYE64zb0g_pkOYE=-q*nA=
z&AyGLrFMV}VfxV>YJmy$192wqv4)8qi*2CQ;ylDh*m0#hY(<k}LX*u+7W6zNHJc8V
z`v;BuzK!Z$W8sK!@CtP2xiBJ7?qowvFF842qNNwO!$ZeMWc|4R3B={+;l=j>pIo~)
zRVL#cYe_){#;BESz#_)R)Ufp~aGO?lC3P^sQ(V%0eyLfnK--wn4||r?4<{}$kq~G@
zCBQL@zM|sh@i4Dh0*EE6tHFr($?GP=--hCWVmyDi>d?A7X6<G5tR4?|IVJdL{d7*E
zvOMq-2rMf}9mpw}b$!kE_I*$()dx?P)Vu&dc8E84i1X%WJbJ|}1Odu=p>N0EUcw~k
z5^5bhLMsh4iDVOwj^p6C2UVzl8Gzr;eI!ow&B*y+P&N`Uw7fW|($d=dFf8mEy24?z
zzsbymh55f6z#>al6oMe&sg{8O90XNyAbtUHfO50!<gD}$HYQL@{mED#)ZY$s{SG}m
zmbzK`S5Ler_^JS^4`@@J<17`v_y(YxK=DBa40+&8L)}6zUZ?>zIHk+*1bke;pka8S
zaLb{lh?~)Oyc<fIpb`S%;}GLw!AM!pN_^X%ZQe<mc%;0IUm`!;cgUr6x%jwpC2&yi
zCs(3$pkSg~YTgd0@8lL#`QMpte;+cMjA?EfCf;|J{s*u@^STqAFQe5Mxho03`(rdA
zL8Lz4xJBNI67Q!h>aJVpH=`vyXuOT_r(j-T)}=Z-MnKquK=vX>6<9hB6lV|6N&GU>
zqokiF5fUks%r=YO!-@b|q#Qm3OcOp(sEj770O1mLhz2t~E~1fr$JhQeEXt&hX_HQ)
zpXn;0Dq3bLXb5(Ml>%6dlLPg*jf1-=KuBn=>HSp!hSkyS>IvFf#GJClj#RM1_1Mxb
zUN2$86AH(O$VY`xy!hjf-+17R5H0oaP}nOE*@enu0xjA%CO$30WI|b|+(H<;<*crr
zyJC{n6I4^f1u`n->#Wq&VwH&_;Sr_hwX_OX96-MU3*uRi8SpLG7w|5(O|DGL%rGo5
zt#01e6G5j)k`87%=7_YfW-5K>_Cuo^K4=X9>J$CrXQitYM;vb^G@7HeqdKVF{i}#X
z`Yu0-q9ak@s)txx0(<xMR1JE32+Cn$*I|Pk0u^tE@O-=^PsCwRwpTiQ7K-}XRCS62
z_KL+>(5l6ubfqnc@rvnd+ve&LyVyDBq%_?sC`Rlb_+<Rs)j}V%n94(*>CW*Gf&5sW
z+%+06c`O%X!Yc(4%Uw%w0k5i*3b=@~uHN`Ue)IG+A1_vLm-7zwnb;l4VLJh|A)$;7
z-bnhthJUcM>Nzw_unxz!q;-h8TR}L6f9re_quVd5!jAmcrj(ys>i|F3T?ZTJDuLAn
zCC*DBJzmYP!mFD0Kl(qbCT0{gprk(zj0HACuoIKK?>hdkn*k{K`WE}lr8OB1YrZ$?
zCf=Iya*7dmF7LC42J+%3r%Brxm|YzRCP=wZr!q9=U)>L&XeDk=_z#(NbH)=ySX286
zI%t)66fj{&F?S>0UuOSUsXDp+>pEOb>;KaWu<w-*?qN%5(>lHD<Y-=7RSky&eA@mt
zJ<}<h+M*=AfWGVu*onel-Qf9{mn0Qp#RrRBIomZQ#R{@dxOEZvwg~pN!4aM!XXunq
zB%8@A=F*s@vJ|^EG~@od&6dB~`saidd^1LeOBKw|sfW;Xuxfql>y-TY+h%67HU1AB
z?N?3Tv@pDjB_x3YH9T1SUq@>7S$-ujcs)R5nU2#hS!`-KTQmJdK`_VOHi3__#Yq9i
z>`ne*<D0<~Gp%ujiL|}CzAIT!Cr4enrh<R=$A=aM*R!1};eS04z!FS0``S!U$m#8p
zoPh34;kXq`NkaHj>vTp}T{v#jh`U$3!*u>eykdOThCwacR}}LJM(&qWq0U#=e`)YZ
z3!BA3guv8obwUmMHoKTnxp8*A`<oBeAy#!c^Po_+a#EV5?5e*)L(=H?^%8}~S}w9D
z^Cs<{EUeNVyQRv`df0=kjGEut`<`^JS=lGMy_xNZS2ua;`JJC=f6)fROz*dSeNxvL
z47!CM!na#t8O5LcosxJu3W}RnUGZumYe!1Njf9D`IJ}SHnSK_t$F97MSMq(aW+j;G
zICNd<xKy_N_v_}zBQ?cD(LW`jiyu~(O9y#gn_A7vD!GY>Nm)~;woFM`AGRDO-d|W8
zA^QLqhQD)ZP-Nv``5Nb*hi~Nwyja>0)o6;{(Gn2gp*L#g2m(@YotR5a>OAL&DGk5{
z&>hfFjH-wuwbf*Li7lppO6rQA!rp|M(1rO&1S0Q!GaQc0b<oFkPPN2$zR~IrOpDQl
zxo_!@KkuZ%yFU*i0-q<QTHYon()Lg3t|U3AnwO>!=R7I@b7kxwE(bFqPinSb`69@6
z{AQ#K;yr-*n1~{I5N6Q)1*jkK{>hsfQ|FI?>I|CKi18%1gtMw2DdPy-TT+tq_(Jvr
zEbAMTf-M6M0B)tt-#<U_lDxu@gkmo}rwd7KLSX4Jr0y>B*`R;i1uB=Ub5~2pJNKHf
zSb;y6+UH-5D50iXZD)WCtR))bvLu3Y3j~~xQw)=C*4%%DLOTPZ1n+6;3$zpu%YZZt
zm7X_klQ@WLF$*|HjlepN@*FTFCK#c4ZeY}0gXR+zls0gX@bH^Z1ug5_XaG++n;?Ty
z5{Sa*ZA|?di-1I;4jh22S%*(<wemsbhl&ad$f;>e0>%0(A5egcGB)rw15%f9RRPN*
zz!*F*NX$g{8F-Bu;rnLj9HBE^rQ4r_T>ecAe#P!q41-^kRxd@S75ChL*C~(rzH0aF
z5;Fl=HLI#!x#REVb8{Tn%&s5sxyc`(0cN;)vrX~aaAq7tkH5|2H2vF{Nw%W(&Sx?q
zLO^a&;Tr^0zE_upL(mKYdE<%S?RO@3WT3DD-AV`|e)t(`Q-Hy-omjXEA$LIS#sLHr
zR+JxsI~K*~;8Fr3wM^d&JT&(M{y|ev+#cHu6mHLi#Q2r#mw~H`!?cMC4E1u57h#1$
zG3#m5GW1t`Odf==j2d_08vIa60)NyY1X`}7U=5&#m{c*AX*3L;MK@0JVk*H<GQJbq
zMFQ;r_#$&S$bgy}C%BfwBGRvJWwMl}_XZ_*flFJsW?p8y$zx*j>WIx9VKw=hvmU4S
zxANbTz&^ccYi)fDML$qIk62d!zg1Gus#SMNjpWN0kHE&*+6A^?D4BUH#Gi*+;{lVe
z)nFq(k>_~`<`{5!d%OF&ix*D<bCNU@LV$%EK-Hj5axc-IWtwe!%Hb^1;1LSw2Q8=M
z8Lz1F5n(Lp`;!IUV(la*I_RayIe+cKQ+tlnD+()~yH5R^gDy_^Lw2;wnI?J<8?h`$
zB&)|#>p>_a(;IB*d62VqC8a;_I&p;;lf=W-D5s0fJyDU5NNo$>bTOiXHp$)K)zk8K
zlZl=2KQi*s$S|koNjiyR^D)<J+rcLf^8om?29`RGdx`%7D>!PRp~eO}D1wZRT4&nl
z6GPb%)&<NK98H3=aIF3DPudI5e>Z^p@w2e&KvF<!<N~WW>bryX8XP3?Q?mioP@~|4
zWx5bB!wZjtCMq;d-9S>&#JCK2ZS^JHVKA0pr{2u&xU*g&gFjEKZ%;_?ZCQGEPDQwu
zq;NP|g0enel^?jFk?qL{>t57}UymVK+AIA{X3ylvEyAJh*^{C+qDrnaX64LDomS;r
z<PP9@2R;2l$b<Apm3p~z;toHXB>!F$>iu$gz;hy&(t6$Jp=Je-7Nqd(7}5N+G?B^*
zX%%Sl?VX(f0Z{=SJRZ=UfEtaV4WgGMtEX@NMax?_;0(pEQS&@dPp+J-wP>njn-Mb-
zBMRitQ#UymqTv6rm!{~W#kon0>;8ky-$uW>X?duf;q~Wx-D1Qcf<zG|uAG*ueS<_=
z*)A7qv&br<a%ZcDzFJIXPUp_aQRm~|6hb?Ny8E`|vK<3g#99iS<~N!DseQ^*Goz&p
zh{|On_KuFIh5=y@suR%Mi8?oM?!VYe<<p>0bKOFN78nXxq))ThKUe_p2qCGj7>l}1
z!BmVsE0k+Me+L&f6l$*A9zB=drG&+$$$jW3Ow>^9j#g#GUVA37uD-m!=@<ksp(E#;
zq$aa&skyv|-SHKI5mS|jfB@|}eL)l?jNS}ZHD6V`+C32lugUoa4wDb-9vyd}`zS+*
z|0cr+|18zPZ-Vd8NtE0YpvXFQ(bZz_&0&qwvy{*p1ap1DYl{qd$Ma6<65(#@IjG`5
zru<9uO&Kk<wxRP~9uyIkYRYC@2b*?lPBS!)5ki$4At0{+&E`V-)xY@)C>A6L(8PDM
z3E=~~XmmyhNGp(qbz6RjRjraw?0A1%40$vT)^|QriYv{cI1nkP>gfDqYc)jf_-4@I
zd@d$vcL(3A7S>b+-cQpvaot?RjIlRvR;YVB!>&WpFMaS-)#CMWMF|zy`YSFc(YRe(
zKmh${nH*=JSf&>mb9^966x%8UQ9Y~i@lg3co8$K3$Ez+D@Ma36OUfG*FXtxWdatdK
zK^H80aShanfRI9q>xc2E#ye1|BAsM{tg~iNe5D<eJVI=6JP1%%8cEw4LtM+$)wMKA
zf;18?j?FasAg<@?LbCB4N>{r#S(Z5Au~ng6&v8~VNLlNdrGiRG@1&6ip+VWFKQ#J0
z#jI*sTRnV}2fH}jm6>23h=RNQYE>>pOYIjE|B}|<-apbQ!kLxA@XEMDj;vh1vj)zB
z>$s(m`<^zzdiwP)4<QG~rek<Xs$%YY^-cQkU)Z$Q7wWySl(3_jT8f}k?sM;eC+qYK
z!zLMY{QmFc2J~6N@;dCgs$lB6Ix*Av#8ilmlF~!`(qLzNmewKV^q;_29e;>N9E-NI
zz+XdCtKxZUU6OYLl3gYLReIrYVubTZi%i~WRsy^fd;z6^edw)C?T1ZZR)j3m$WvLU
zUeooP9c%xY=)c9c1h0FB%FD0JQg}_Q0{HKs*JkjW@84r&=N2(s-Lw?FH$(E|_1Ex+
zR}!5T#p&t)nT3Ej02JG28t4&Mra>n>v_ep(VMSCi{Gw$p&p#vi-}Q%FetJKDyT!eh
z_}X>W^n)HX4_`J~ML8)c9oqH07S!7ta-~!uRc*wph>Oi;GbP>Aii1O?Ymi(L28FxJ
z%BXoa$kSg9Gd=8d=FD${d&Ad8#{*ZmcD4+R#t_v<!acj0a&aA2Nl#0LaQiHzYB?>8
zs7R0OZI<q_t`lzm5uA!~EU-`O{AAZOTpR1DFr0QYQLnAPKbX~PlYZ~m*8I=wk2kSt
zulzWB?_T<f_=>A<;9z~-KUX+vBt29ClEBco^r5@{XA%(YpC<)?BLI#gY}Ro+tqyO9
ztW;ZbnOO=?CL%ishGKOD4N;~3sq%I6+;J_Y-&$LJc0LgDdks-l)mT<fe>#JlyI6k+
z&);uoI6-0t<AuQcXe#sjmM3OAhGNyzhXm@$rFT~Zc5BTKK+g|8azxtWA#{bmEVVfZ
zOt-?HJX_c<6W%R2rc=KCK#8K%K^&Ysab44tOIyT#+a(9YUPH6b>XZ;%fgQVzKS{Uq
z+RdpIyfuDrQc{?Zg*8ijAGwMQOE;etsVgyGYUbV*zZCJ}Cu5Sp^Bqz`@?EBdI~C3w
z^(?6}iO1l_w}?J3mF3`wurZ++d(i^xUXW>jhTva6tbm_RPcic8PWprSdq+waijSZ~
z<y$0VaQiNN?Xgq6v7*7y*w}c&bCU#psBK(Nd}MnEdw6@jt(j=un4qAr&~o@=-j}?h
zZPKOXL+{ePwkJ*QMoYc+O>B-CDZRb-bI#_yzGQISW4@%c7aAiiZhG1i{@42DrL0HE
zP>o~#vL`^VnX2ZhbG5|?d0OJRun=k=wA)l{y@!Kd=fc1iA#y=){z@-*G5J>J-DMi&
z+}y^YR&3Qs+9U1puu?6Kw{PI_N}f6~i-(b2GJ=jlNM!nLowrRtYtoiJ3pMx$B>DN=
zBGp!ky>GtC#6EL8aX88_xA2F18cD?(r}+4(%UsWnh+%p$p-=M|(Wm}&B}QRjlzV+K
zF_tpZl?O_TizYFn(=e&mF6_W=nSdi5U;*s^T+l?yy96T~dp0T%U9DNZV{hM&NzV0i
zSHaQ(Vg6WS8+5vPZi}Fe6cjq!EA&k<;=Hd*6B895m#lF+&Nl1l==h?)>bW;4h<JOI
zrK6vF_3G7=#UXoPJ0iWkn5);8WFvh+^J_w1QUE>Q7w$)A-VZ1db|M(sm9L#uFs<T>
zU~UGD=YO&KzDwA^L~ZYJvY$?QxQz4C5%BUz@&<pLGDDtnEWrK6ZA(8}+~0~O^H*Xc
zFVSZ2b!{A4+e%9l>)^dIE3)-r`Nqz*?51abJgGS%nt48|KPf6TC+l21CAFgJ(}y%#
zH*PRdT3nSmk9kv0k53tml;hz05%AYB9X&`9HjU*FKUDG3RF)=X`nrR<!~5*c*U|BX
zUAgnwkx@~UjI`3XFT}9ssgit%61K)g+Pk^}lU?qYUtMcURNznRm9?rEsA5+q+UwHW
z<C4mCQS!@M%1cev>8qU;cUo-B9W*exJQKG;=0I*RSlV1JGU)055j#Koq)j;FTZh50
z+g`I5_X7O4H$_G6bsLxiLX<5U_e>~uRnw~*y5_5FvE`h8ewK<)xelzdGHOdaOGksZ
z{L!BPXn(V?9IPOgF~;T<q~c?fxv%zjo*CXMd0sfrPJ*QCmQwN_-a+r8yy6(*-F`iB
z|CY?F9E)78KZ!`!<(xMt>HpH3ipjx6rldWY;2nzd1Gos<z2M;?X*HN1ScU6frKCJA
z`IR;#evf$Q1<f>eL#|93{hXn>VkV^Q6LipyVdfV`!bZ`*Rj(}>esd?7V??gJkN&jP
z*J5-WS-~Hg6xbnPhH3~!$Z~byHT3GWA+g`V!@a(}v79t0P8rJWGR#sD87!_N5tzPz
z^4z~3vcz+_YKxH8E2Y+Jm%;a9z5haNX-(X^kt8zh@z7&uEdRC_?3BIO;XQ-kJFi78
zt{y?SJ``0`xNa;_BXERXLS7`cto&$-Hnop+$qpHuiA4v6wy$1(=vRC3+j`r(TQ?WO
zTBY%}4?_=X#omcM+Cld%<}Y7#AJ=}9h9eDKjOssy508Klij=KNf2tbaRop1e&^YBg
zCT=r`eEYUgZ}q_1qj)uU%8Pu6HR2Sl`i16QDR?*KtwI*`lU|(CdNgwU%5drKrpPwB
zUI@%N-ewLrvAM5T(fe8M-eQ{0sTwW|y`J=8=lk$2_kGEpV{%_31PSi`rKlwe9X|5N
z=z2%a0(}<vQo_U8s_R2nNTB7D<FF1&xtPxFD5lc+T2kiijckT!Zb#ab9ow=yPf_9}
z?NrymvX^%|e?7+6pDeH$tGDBd)qUdpVSI0MdN9MbO>JdmC4k*QtBMRMQ%vnVO$7ML
zRw%t$P*39&jl5L|4R7tXp4Sc|yyVTwDLQBCz+T9bS2f+X*RIxma7qQtLlge6?cBv~
z=^yTdbC^4G+xU)|v=fIamT_qxhxVF8@=Cd9C{RETbF6IF<E@pb9rD7Pjq>tF#wl~`
z5(_0W*Z#S*+Xsy-*WxH7Y$Q7GgcLBR=HPJqcF9hT`d+;5o+-pZ;987>P%s}3`7AKr
zFBbCb!(COkEt%O_!uh*)6jTK`A*|Ajt9Aswl*BR*zBY6zc+4-qrLw((P!w=!_a#~$
zosqnq+gMQGnpC{Q6p4DihT@Me?nu*|Q~gMJgzDk;wyeJtw-5{}LQws^C1#Hyji@3m
zuFatgPTAOj<3xy_)!)Wyo0})g#qMlxWc3s4`<8ou`V=v29L>$0%rt=Anlf7q>mG02
z+Kr>jYjw#}l8L&^HDSD~r%w@Tk}pm)SYKb;8_ZACD$jP*0uF!{19@|zf<BJ`t?P%{
z|EcXL2VNC7BgqM-iFd5BRDL}a68DtvNCebI4RG$P?|QEeQ6k<#<|6Ei->>F29W&6Q
z8Y4U{cejW8$2hH_)@_m_KE%}2oK7c^IyVh($JbWv*pqnF14S;}Qe-c4=`wBIR5jNw
zF|kfb_gZEZY^wNM-(oBlV9|Y+II{g<aB<}p<*?JdzpU!e#xj+^6z?&XLlqHv5ktKE
zTA3pQ%7xSw;&c5~dWJc}OVelU?eoT1vaTJhxMs6vQIK~{WNcj2Ut0avtz({6o0p{v
z&q<=sbTM2U%GTq&4~zU4UN9H_zT0oxjVVW0%B+8l8e&vYQsRaum`^sZ8XvfMgJWd-
z7}CkcRO%*e=ykDdID!2_bDg}C6FGtw*^Y;KRlYq|4u&^8sJBt)X1bUkNz*C4A6{<0
zsI)DGoHHJEldr8Z8VX6ykX|GrA(%e!%Fp8>5%Iw+@ih7pX||0Ycad|2SNyAd6`_%n
z51w36N2j>o^N&A1E_}#5m@LE?Y9~z&s}KrMy3x<LECk@*?jL%=Dam=*TL_Lop6z=&
z_{cH}*EeHUlx8=N7{g(-uxNyf#BE#RAMv?VgrBBdF(CJHXbTq!sKv60ur{crD6GGq
zb=GaC4dkIY)bw7j>hVnmzqEt2dRZQG@PfVduD9WNjyp9r(g_VgE)=J|wC-n+YT+Oq
zmOL8IUC6v1^*r7S(C{y<vZ#Lh)h@{@Ye37<^ZS{InP)P2Dl+9pGb$1R5NJs>9VEgc
zBc(H)266iGY|X#@F^KKx5Pfxz7#}}G$0JW({`6=QTM_pAMZCKlPeWapVRMDw6#8b-
z_lQjyPs-`i^c2_!mW(rBUhPpEUV1YNlEDW`%3!TunC<rAz1truWt_2Xp^TbkMb#SX
zBY%KXnzX=mHZnUZj^f7pF;CX8>#cDsOXaK5R?v1nJKzudI5Z~okx}jSHxxIV)xj#Q
z>IzorC3_|*SE}Z~OK}~-=U}@}yj~Qwn>+BnX`$AvQ2~)7G=LrcG|ZI%%-nW+`FQ9A
zEH4SAbXxfJV#qBmXNNswq`0X@QoYJ#-<jMtgz5gynn8is?3K%%z@vt{sJdCpi9d87
zgO`%K8^xMO68Hj-bGh~ADNQPp>|9n70?so{dKK6`4L(zGA)#zlqCX~932e2Vy<Z>h
zessM%+bvc{{z|tS(Lmc6+en46?SmDJQ~2=soh`!QuRY62sXKhb)|13W4A9G{R@P-b
z5Em)Mq!?ilvVX8If+ZMYmY$b`gq~{Y5pkv`+~$Z(BvE@%x!weH`@P`JN}w&3(ivI`
z-8kLScAb-hA@^4qpsuEc&VrHiu9cMxG?Bn^3d+f8;7h+%cu*<A|M7f3+!x(FAe3-|
zN0pbF+t!fb7&X$FWTq8-2vL0Up6#f;@A~@rNhKHqctonTW98EN?8L;e!{A%dNbMn#
z`JkYz%ya3|7q$}}6WiDW@=)`Gm#1;S$k<BnjLbqU3`xPBS0nmEP)G=uZZoU}V26nA
z^Ae_eQHbibYXs@_ZPobC`}-v+o|{S3H7degR*0M@+tlTu33R@kW7%IEfx$99v{abk
zJvcEdB*&hldaEb*so`QPMb-QOuV>mGv6T~J7Tb&k2?6@db=iINekzH3PhbhESqCUo
zl;4)GnK=(5S8h(Y7eb(71jB`L%*lNq4aJKn<$M9=C*@K1OvFAn&dss(c`Z<6-D$3^
zU{%Li$4dH<uk_1_!e)gfgNuOK)}Z<i(&xHThBqYb)+D@3lFZ<hT#zsDWj@gOTb{SA
zC^<@WN$5^fWMI$k{qE1lh>!7pK@gKRUb2Eq3psUk^7BEtm}XV%)@-SvOA?#=iAlW3
z$jEAgz+ySeWsA*f_K-b$O@b?l#`<&85hR;Z(w?6c?!Hcw>r-=c8{~M?e%&N<q4s8y
ztDfYK9A7WZ@pg|O9pkS)3-3;rfN29%e$bH`Ud!ZVT@N9}c+%UG4>9K2Def)M{r2FD
zsG66S#-g5P+#`uCO2UJrH=vs(M8wJjCrm@qXw-^VRaYkutoHGC3G^qekglCA|3sbK
zlGfHk8d!bi$FX?Jxq*fU*w1Gjn^Q@214rr;XV#XF!P$RG3WLQFhY}*lK}(x?GI;yU
zn;+-tA?|5f`u00s*>Sug;fTqBRa4b90`U@p*~G*;$%8mq+lwFib4UqBo-VsCeZC;E
z_E06byLcQ~am77Fb7<{2OQzP{?PE2kh`cWL?Mt)jfO-j1_Oko?2}7RROOTGA)|R{J
zka{R&z=6(h6n%-y1=l}!!dT@vvA?ekWX2gs`vNkUB-pV&^|xgqUC7Fc=;xHK4pJ)+
zSD0B#AB~lO2lRm$7@Q}&Zs5rdw@!X<8T@)rZFi{-jPX2#R$qRiT<FhH{b(!3gDWX1
zIlSX-8S&6jkcb=fK9>!Kf<iY$l+{m5Q<MEfhp3|jHAKe*<8(fUhtg)dDG$J<u%I%{
zSBWK*@Z2ULjb(tScJM)5MR1f8ihQY)1x-!Y{g#%TU|;apY!RNSf;cAVZYFQ1#0@u~
zptd&4K2FV;O9;1%l==3#0|;eij)iMEMojHeK_Dr;op)g0?KgL*f*_vK<V@Q4`Yc)`
z#bEu1H7%6%rlwBj;rV8`qw>i`a`b<~pH-|zl%yGnXG$ZBgLsd~-1jZ7Qxt9(h-=;e
zdk{{-p=qzaBhv9}YrZh;Xo&SL2cz(n_wOG?L_qvtANOQIg5X`=(2!;V*y<5hw5iBl
z*}X9*HZrmoPFr89Z-dyFLLP#A*Pvj@Yuv3xhv%iewtFh{WJcx4KU$vliZzPkCGxlK
zJ?&`%YmQQHue}>@&-=l!dAW3|oQg{G)8zwfx&sV|tDBqu_BgN59hvTD=rj}AsK60h
z!QcGm<zd5{G;8hEmW^L2cCMdz{E@-w@+cIy8_;vDLRWqPrIvFE$}Rz}f=;SLPh16Q
z;fpJl$*HN3$;v-8!&wM|g6=-mhPD$sG=ca$JbF2z@3XUK1EoybpkF?XVwV9DM`cr&
zVdlBSX}T5nJ&^365u8OaQ8xrU>giH7>E-)n*`theL=|r2G3Z^f8(^;9SRzKgwHZ;(
zA1`t=3KD<61oZZwtJPE#?xim6ij1Sf<2Lq}ebz}z(n`?Jj^4aQ9w(8%<t{y%0X*oo
z^S`ZL1w0s+b$$Nhf6Qph`nxs<wzI(1{f8)i7QB0G6e)J^_LD){{??hsxYAp|lZk%9
z`!(O>_ur`?XQOrdqmqAXD?dw`pN5{WG3_+q!0%;1)?Zn9Sv5XCPW?C{>;(gX!3OFv
z2xIwG5dL*s83zY?u_j*UhiuAzqQVMuvKP7?7Z>kyCiV$N@z%1P(nBxOx)0)kn99%9
z{54?yv8*0{dI2gBn|Yc0I!AJXt13TOy{zu~EtsJP+@VIjFj6Oc0|fY$^VXc?X}!V+
z$D8%yl9Msjit}Rs4-eMFCK2=R#j$@>U&D_d`!CeM{D1suL{Dp=N3(jNyLOuB@IPSC
z{?TP;&Tgp4%ac?H!##GGXX>ACx*icy)#?-z!$8@R_qUCrhV9g|XM6H+hKEJve+}OL
zPe)qJXAd3i8+cNe{Kk=UXw9*xvt(gqs6`ZhtNP!+g?n>Mh}}gOXYEQ;CS(0FvFfX?
zACr~wwxINK9p8IY6ZN*YLWbS>`-zV{D=P-QEoO`hX>VKG{AD=xDRK<|l}z96>KdC9
zKKOor<Yo>q4`}}YrbG}72Sd5H@ON}{$j#1T&&N7s4~Jd*8Y!vgz71Ii_L{GvpcITR
z40Vfh>w9Z@Ap(p-R7rK4Ket%uHltcftMewGDIT21_U{?I9pA>F7+jw7rj5bB|B7`w
zJ)|)6F6+3@GvT7pcUU@+_c3|TPgd1q^0W5GxP_B=37YOHfE$;`QVBy$-2pn)*L%HP
z{Bf=2uD|a>!rL}Zt7M%-x#9A76pUH~29?)_kRsm8w4Sx0@h6A3;8-0<72kEvAA@}K
zH}I|nmbmB<m8&q+)W4;{%5opL)f>1R!Uo|GFsOfP10gT~XlKltE~VRqru*NY#Ex?=
z7zm6)Uz9<v(V>b_Yi@$#7tj?nUCH?kgMp&2gE%2vq1-UD`!!>ipJmPRc&FV+4qG(*
z9~pLofIdo-+*#-+$dr;eu#6kQeov7Jk}raMNNgHjn(v}Kyv6+@RU=p_BK=KnSD(mW
zloLvL;Wtr^*AW>!Y#tsyPYKlcfpl8MZWSjVT?$T-7e%L^<wIFjcAN5h0E-XMl^k?8
zv#5Yngr0N)5R$`e{PgE(`|d*NgK$LMcYDo;{h7*wBo*j-7K~vkU>&!ixKgm!kb#+;
zovq$3GX{e*-K&T+!<I08SQ`3#bc=kY6h7C2p@S6ZjN=9rIXNi<d}kp>n2?_Kw9!vC
zYCU+17e5tv0HB-;S1!u6H|anYfvVkGz%N5l9Q+t*3a9ze$6l|(K0~t&KT*TW>Y!X~
zNWOb}@p@&O!2crRv6a^2WQ0SXjaB^nn=Z(7n+nR#&iVtcYWdJ52h@RE9So6fRAi`X
zP^qZG;feJG^!sr@Jy50_z;CO-nanfJJVo%zO9bq0001)YDjiAFZtwx>;OA$BASr;Z
z;fdDu4%^ODodlf0GNxsX|0>*r5x#r4zLb5pOa4T$d)3W4O-o!rk^uwsAp+y4^`}U@
z_-U}@6<AgYShDPAkC9SS-{cg=!7za#y}bG>H>y>@<#^5zm^8)s$K41#RK^9S<X6$#
z#~D<ZU>op9hlQPSR*oS9Hz+bOH+Mho#)yoS6qGKDxKwK4l~y<!drEKXm~Dskp2KWc
z&w^{xXT5(5N5j|V-lfR(NZ>+VxBCy2DJg`2!3h@WnLCr!v0WV6QVgtnW0SA`m%WXc
zg1|7;-DF43l+*DkC#e7y9;|_Gk1^N;!;YV<`()0a52w4XSK>~Je47-j(jY;EygCmc
z=+=oYL;(52br%3oR?k}YQa!LleK2MC4YnNl^U<y4??wzMr0xlx5Bh>Eyj?j42#mnj
zwhC^n9nZqf)WYHb^6vFna`+H~ObrAvn9d!JSoetERT!c6&A5DJ_i*rWX%kBuQG&hb
zY=iFEXysC(2XQ_yX22k90I?wyd*&QIUYdly<tT}%4?J_DIGtrl01yVQK52zY49%l0
zGzOp-@s@Fx_!;c@(d<_L7juvkumk4ce`k!WkXfsb=Y;#?_wVo6u9O~Kf~Nw0n)D&F
zMjMlFTRgyL>L%AOrvXdKr1`Oda8#)MQF;M)FN)?=fQtwW|M30zVG}Y|$&(Lt6Cy(T
z;atax#9=8lb73-<m|dOoqX9C`@3{DE$V&A#aDkoBvMPco;dY}hV{p<L(kPk~Mjj>4
zvAbh+Ps5rrwX~EgymFij<HdaA)&>iNMTlXvyw)u(i)f65_*>ZAJ*R?F>o$`$nQoew
z^nM9&SnXpOjT#h59R*+B{$UXoH6XB}G9@f&QW)(_Cod}R5(qpu%g|GUNT1aU8lopP
zKXE>3T0GzlcfBUF9_K-k!&4GD%NhVYy}Ik#wdR1W^|Myw5P&S5o|Nb$`c@m#!!fw+
zc&K;9*mfz_RH9{Siixbka`S~jE|^Y;Wj@qoj(qqwO?raI?ZF3u?dk?~q_fl>FM;8r
zVp#R~HZF}}_8m?JDWSLd3Dh{tG@RU9!rr0q8e0V}2)K%1GEFX}x<^T1z)fI4j~;9m
z#`FuBe7c*mK4U}Cc{jMys+Pu&Roe3*)a`BQf;*d2G!kSkOb`^gZ!o|h<<9?sqtP6k
zu91Ldfuxj=4`Dma757oXx%TF_79u5>#dHXP6{``XJDeb56}Kh6#LEinB_!xj1pnQ~
z>3Jdk8xJ5%0j>21no+Z%L<H&?*R#8-;3?Q(1Np(;2^-Y?_ZSqN{K&&3L_pg?^Q7Q4
zkPi?hkLz*`>$ln#cBv#9pJPt~bt9nJ!^{GWHH#(0KjAPrKyYV>r|`NWAt57(A`q^m
z+LxQDPeMToGW0(d?S6)al$ri1o72iD56=2lk$Rw&YX|&&eP!NlQei%**1~JLR1Ubt
zXK@jhd``0B;ydl_?PQF8;^N}`(l)QwU!7O-0XkUwB=Ip||1h%Hvah%7&=3q_S{A0Z
zzFiQ)8|XI>ulD%>32{aJaTVBj84x1M7L@hBGo@)aemYdapIHhCB(23W#<pQZMuR<x
z@78Rf17psR#pZc?dw0hTDOig&iCw+4-FD*lREY-c#HrG=d82#PV1AwLoE06WR-x+P
zI3<AeEsfLV6ZmGp?ho2$G-SUR4e5<nU4Dn{SV@V?kB>>o8tXp8U<Y9rfaGw+1ML)l
z?OJ?&e%|Zibk-y-I&J-K5TF1&DE6zVt7GFvcEY&$LN9Va4}-fx(~g8i$m2@LLWZMG
z(4+KraW;Dme=dCQzT2pmD6`L_O*p#xw;><8F(&keEr9|5WQP%zPwh2Wqp*&F*~t8O
zA`1Co?HJ42ih;657@S@hUYc44X%d)~Ps18CcQ0y)iMQNTGZb-^zQwy?E=aH1uWcam
zxqzHS%8(=Mz<;dou;lS(rKcIZ2M@ZD5AFK;$4EsVRK6!emvQ<$b~S4JQ#cq`N3KWI
z2S{sutg4L_PCviXx{<WA^_<;*ZssI%&cUua0~;OONT&EDUOw9G9@E*;TPM<Z<l*}^
z{^#Tmll;dZLp|;#o&hHK-QGsJaW~~opw8%?&`{aa*pr|=f@G(2j~Cv-yZELc{{VcN
zDE5aa)tm(_XIkS0{_YkwiPj4)&jX^DP8GGhc-wG$rM>H%ywy*v3U8``S5y5>4}|Z?
z<i(E&#7J`2v>2TP`=ozqa||JpWMxjjW`~I%*1k7sN?>qz>J0r=ZLNTY>bn7rWURvN
z49WyZCw0XfNd>NAtFKO-=c`A;l?!_!m*htd{a+pjw7xXm1_EUJ*d6X`k7GzS@}sw0
zh%gze=1$FQr`UD4IEg>rd%AR@Wr#1?G94HB%q%VVUdCCU>2%T;112tpaXP<LIzQte
zRD-zpOM?JYt^^I#Y&Z>>celQ!zx3e3w^Z=$HwWSlD{sDQE=ES<fLSEBO}^-Cpkc}^
zODVJZY1dOk<Uy6y*$-m2#U4$dM}`2rp+kw_k6$bnhzhJv+%gbz;UlX*G>bi!=@uxs
ztaBpiOJ*VKLPXF^#H-HP@bC*9L>PsN*RwF4ewnp=6}ji+uT|`Gf`5-Q*DLV+JPRW?
zXk;xF-@c^?!8-NyGfJ2|&H>u)SGL1Lx`=nea@ISa49luJ{+x*tfd(&4nf@zFf`ufD
z&3$&06m~Srisl|$-yOm4(q6$b4qAczCZ#mK3*ENHM03&>@96xt{D*u#GBvv|%Krea
z`djD*69oT3=+sL9_M>(=aySsu%WQ?s9^5NtegJ*`VIy>z<>f3S^O8!o@<pa3TT5H&
za`&)VFdlTu3B*craomNI5B|MH;e2$)XKWU25El#>a}152D!5zeQ&<Tw%)|iG6i%JP
z4P%+P=XTpt<nsYUb8R-vogydLPUT5_<F_-dU5fHXa1O|CsS~_7mwhuDL7R_0>x5JG
zosC3e{#f*K2^Dk{Js*8;5`0TLJ2kK4wWN@hkIj#px(bmO%>FNnhU%9r%;NpVcOg>R
zQ}I&EVdzM^)*hG4`s`-;j^bRQ7UG@uDa@AIZ!4Wfc#TeCBP&?xp^rp6?`!Fa+%!Eg
zR`^1Nl_gm2C$58+gvcK~`-|ZVs$SP+CLYr{-}J-IF<yV*rr>CY%jQDKg+$%?Nx7#&
zA$SIHyeqqkRR!#|YlR{+16UzCKb^$5KWaH;ghp-=BXPMh;-`J#AqKR%Z@qT1BH7Zy
zD2%^m)GOMN{$wR{IA<eJD!D@#h|?(Te3XR$e~i{<+nrL@BR+&=mTPYQIpH27WPo}B
zz#5IE<X@0<=xkK9o*&PX6n*^y2Ot}0g=3@UMg?97k<MW<5a8PfJYNFd=+2XLUM<je
zFHTy=ztb2a{li2Bq^a0dU=!?b7#G$T1r{CtqbTTLs}I6+Yg4q-{Ez7GnQRg-;Q2=G
z*+we*er$9mt;h+z9y9tO)~1i{<Tg1|F=;PvuOdY81GK01-ZsZv*d^swyQ|>Ed6Dct
zf=Lfu_Urf>eGH$OqLi1@a;FYjPk3@PKJVQTAVMh1@GJJOF%>R@qQ_I`g%b!HROxyh
z3ivU(%1{*v2*&ufep0W?kM#$HjH-dev`3^K#N8m@=z&7iODIKvtoSrmF93cFXye9>
z8#o9GfmAQhJyyCDip@X(XqIg*5Fu-J5s)x|F6=SraE-jw<8VzfID<uy&&d%X(`-yG
z;So<+lp6;00Eh9odC}WyrRzo*c{t;t#X-na;G4stgIAKW(CEWAUz{dC4^se23u+NC
z2?b$P*zysavr>*8^6*d6yH!GT58fgDYd_z+q~avr8+l1vsvsyB1dfYDzfyHi(Iakq
zQKHgE+)R$*ptu2DS_!&bIL`WGOiuM998`~*%lA2IwUV684^!eGh3RGd2P(FFlcF%9
zMu34pxeZ1|V;Xv2D0zaEui7^@mU=aB?>oDoK@?h}<yPOKsa_2MAF9G5c89#>wVa)p
z%gU8d7DPqb*;x<D9!D0h>OX?}&5S?;22hY`7*6oUykfB^N#31Df50$$b2hpkn*r5i
z0h2~*?AdD+WKa!svwApBenHBG0gi-#X(&ohqttU#zxpU>Iie~b{1GADdQ=(CcZq;M
zw)9)hYJ+4f3gQM0&p|jYggwt?dhY2Kdfp>CJ=Zk*2_dSwNyI7Wl0Im;O`4?4PdOq*
zq^L`J9@1A(Mdi1Lr|m?E%+<+DzvP0o5k^W`>#fbGCJg{%j-&Rt$kx6v0N?-dEYbGF
z<o{vqyW_EL`@hc?LMVH$r0lYHNGhu$dn6fU?@bvYt0<D3ilVaTX)9YulD&7b$;!$3
ze7@9m-Pe8p?%(tL@pRuWmwBGY_c%VsXT0C<&v66}8b7h>vh|0$68hkP=~OT@lm?>Z
zR*@eIVEBr5cG=riWR9S|`)iT(osOcXGVHf3-&Rb{yn7t@JJ>vKjd{}x^>bQt9zZTY
z{vaHs_wrR4U+a4SbLbZ-jsu6(vQAq2X`~R9G2KS#Pk2qzZS<SnG^B*jgzBgfUI|Lz
zG8-s;Ango^3{|@FgBJ3j&&HdK_k57#cw{C&`C3~)_hCu|Zh>sjT|FUS(2E3>gKp3!
z;DQ{Cz90#<&4{!O$vHj)D(&S;AB&3l@vCw@MZ5tYzdMty!;U}m&Z5?aAL~E~Oat_H
z&JS5w5mnVLDmY%DgA%EDw?P&4A!~43;LbySSQUpkcP<M5PxF{}w-Hzf#}66A>3A9j
z4`I!6T-L(eyQ9Yg*|YT)xidO_mL}SGE=R(qrn%gj1W$<z`V#L%JtFKO0TW*iH1Ova
z^JTHPT=F!5{$bA(Hm!ZCz?NBJRE^GgV*k#{)8J4#o!?3gHhLw~92?^4^+X1UY?5P@
zkqoLItEe(5m?5i2XfJK;DA)}!5$u&zfZROKX&o~~*s~keP<CJ$FiPIMz;rL8%N358
z+?-flhk6Zx0g4@km8BvfV+RB%y*Md(jN1K~ambJnLPI}&>a%gf2&nJnvW-JD5(NDV
zcd%2f{nr9=puV7>kg0>-?;K#az>J>L%`S_IVpza>fa?NgC)uq&EUwNd-<3R;Z?TN=
z2TWvb*UN7DFFidcck=;Apcc#~_8`ux-YZT&b7k@Vbmw6dL*upxP&ZF|hxApc%MF%S
zjdz$wh)FCCpl%v=dY|*FLK4G`&D<!VTlqD#LHKVIw%vkF?FR>{NXr<3TYSylgfQVS
zc6dA(1x$Cw&z0lG)KBg%C*6OQz1qei<@;BP^jHIq_2l_uxT*^+VI&PB1M$=V{FFVs
za{BO7_t3FdK%6%K-sRfn0X7De5Z<7pLr3iC+TCat8ML?+pDo<<^1;)$0>=^6+&nDD
z`u1k7&I97=ltfGtbFs>R7I0RZ&%ZV|EL`stxv`i&|9P?h^D;iJfaJp$xy|L6X#}YH
zv6g~o0wwM5ItgeFAjEoKZn(H@j6jP1OxQ~Xq5eNq^;h4oEc$|z<mLAZ1`g;}0{nHE
zqSXR4<Uxu5`H>!RWGhKS6L!aaV`fdeHC=Vs|HqV@yXMn?jJWvdVtz;5H3LcP+U{gM
z99NB8pag{m=_(QQH(b5C>D<U7<<w;`TS4F~;m~u7CSa-d@9a+vZuZLk(^e&tRT`XQ
z(>a&f57ZtUY+?dcB~8S|+WPsAKw&Nm_xl7ZHyepF21YTcf}4Akz@MeY#6=+KImDEM
zXQH2x2oI!oaw9PS4g?gSi})9IPu#cPCpwt0x?OVoEKp&n=|xs+4KQu)?z}m)myzZ{
zi0pRR9#{3h%VMDHN8}hke*6H8hfKgOmnKl~v$6b8&B57qblk}8yL6~o!Ub>(FEz56
zSKKcGA`X)j87;pzNxhs6S2guRM0}dH+nNqG=Va4*5xZyl+(#x#=W@%_YAxv-l;FsQ
z@aA*+OB{KLK)(X#^xpe;6Y*RMyLEY9Z3kMGb`IDLl|zSTZC40Q?e6voYK0?k&W?%-
z@S^}5i259w;QK41nt%(1=!kwNRkv45k~>FPtiMHi@A9pE(**~Yg>xW>b{6-Q0z?OJ
zv$@C;b>4T6T?FL<peYePp~0_yuE?pYM|H^cc=a(niLH<a!mkq7aL{^)?#RvWEOXyI
zygtYfEM68P07b*qm1N?12}W@G598jilj?*3kZZa5Eo3TI>u`&Hc*a~mDnm|eX6Y!z
z?pL5Efm;3EOHFnhXj6UU5XB)wQL{`GMWD-n@}WJ0k&eYI8SCo`K-nRD3U)JokZ@Et
ze>!Z~7@Hk>%b?Bg=VtnXaLfLzFWp9FU8$>C1=t3f{4G76DY>>g{j*YZ!Ems#3?zl&
zbOAPTN10ve6B8k8Q7NB5k_DLOul@aDphz0q1~CMJ=fb`ze)o<Rt^x$NxAY3_=Nr!X
zKTq+uB$4f%w`X+{c6@&xJ0OPkCWL7XiPMZ6qU9e-qDCRI4P_pL%0`Z6BPPiQ*Vu2C
z{M1NB2V;`p?&||G4{%v1V#Yv5X**IBQ1!Je1Aw-x_Lwg_0pXtl_y7u#@$4QTs_O>0
zFc{4=JDGQAikB*B0{|c-rxd8Nb8(Ry)mUEJJwzi8CpE1{NN(;j6V<kP<D!n#6b0=%
zl|iUk76hgi31a~DV!hDo^Y3xvLqkI*QD*yax$N^FQ-o26zr4mT1G6PCjr!POe1L~)
z`)Ms89#CgKzSa{!e8l6e@j1V%1X;%CkbFKEfy#b-F{AMG^nBUjB33>a8QDfs75Cai
z3UBm_izL~JB149@htN{Qn>pW8Ak74nA(WrApwc0+16@A?^}T?jJx$?yqCK<^@9wAc
znv@c4yr2;!r|g$!vOmwv7h-1dgvsdhd$BjPYYKvlDuzbBZMi75^^<<<?3A7>*;1=u
zg0pnh>{hMd(8aLh1J^)fbL?2sgB?SI2ss^pPF%xtt&Ib@y`!dd(i%)0^8E`~W<B)P
zK`e<y5`!tlI*WoFQ(xQb<Q<jw8m!MOUoKMtYu<nSb?A8~<peQn+!5p3Ek?C-5+R?}
zq$AT_o2t4O)byL}<600wCEI$iOr@U;;-ZXFK6hw1(f`Kz=+vO7d9U&5YU1^EMOJs7
z9)E$$^Z_}wYP-<g7j@t=scXa?f-GBK&IP~M+uK*<aO3H=zM`qz4@~oGIC34ITe8vG
z$rZo;DJ<Wu^lI1ikj!1#(6)`A&&Xh4z3CVfDxf_CL?%P!E_1ub0V#)y3fceDg%y=E
zv9cDWdbpoIzYXl^cVKSo^C6RL|FU%Fr)V@()5>!bI34=*5ApUE+r@+*53L#J8Efi`
znRCC7VVYYR$p}4#hH1#R9YRFBuV!6YE|K5om2^!hE5rBe>SDh{ZsJxI)k&Z1usx&@
zT-40M0|k8a4UJv;D=VVK-p@SicX4sD-I}j%H{iuZwJmbjdxMwyY)a<J^gGu+Uh;b`
zj#&+~_{NK$x+XYlmRkJPB_k_n!M2|15Fd3~MAL>_iCAk#2gh@PdVMkxy0WYK7Sc=s
z?F6cuYPWA2HEchZ04^9(tGbQ5A`7*xk|nN5+3(-eIRcqS6OeQJMy1qP?2_e=nX<IV
zx&fk{hI4UI_g`hD<T0psXWDOlsqm8Sl7)k}sBiuc1A98wSAEu)QtEgG_>-8<Y6Jm6
zbF~Kw4Efu`A?d^yQ#Qqx?YUeRWl2(UiNLa-RHeh2D@SLd^F&E(;`XeY!-@xv+jC3P
z_r;}J%(yz407q<2=K2R4{A&_|L=?jM*{4c48@2~=uD3D>nHpVtXCZVv8wl1--yRvI
zC6DkMhoez^cc>6^Fzh~H*kF-yG^&2msw*VttRwY0lhjdEW4YrY+01?u%q{nmdltc?
zi!kTp(6hSwHv~iz$l<!;$5Xsr`Eg^&+{5!B)98ZoCC-7~NWK_{pNCkJO(HNX1A~JB
zjJey$E&vOtniFR;@~ryRCXq2j76Dc#UtKi5+;Jip^Ly!qAN$*HZ^yakTIDwfXFc2_
zEdFDy%k<@LME3ieS-XloyzP5uT<ONbwl9131Ga55I9=kBP!_zewW*NntFkhS#%^cE
zq+oB~KhHsahM-&9*sa;XITPT+1ONU&o-4zQ07}}HX*$EJ7tFh$e(}BG(N?srly!1(
z3PN7pHlmvaId2>`%72*_GshL?d;JSe{jzw?iM$W2`ez5IhRGoxoZG<@s{5k_I2l?G
zi1vP&63YXMhS5-exgL+-QFo6`cNE_;o<u9t3gVGwmu@BYYaN|_(!46udchbtynUR8
z1H?gc?#cgdc*JVEZfi7yMS4%qy5C+X_jV4*8tUj^r*r!Q%;@AHlm#atZ1lf-_5qL^
znebEdh}HMMea+@oTH2{QMa@cO+=OXTSAH%Lht@OyUj|H$o$yO|RmXew+}=`%@bx6;
zlqGw^%mrIq5~|#%G?5*J^xdmd>}_Q@D+1AXuRKTJG?F`gYPuz#ew9%Eare*Kj^GVN
zi8W7kX8(+{1nNsMxM?(ln@6D3#zb*inlN9<IA(;)gl+nNdDY##!VQGRXV>={&b1jV
z4uFCiO0{Q@4qsPKbXjfh-v&AdL~773D$n{B^iF-x7MM};-GRXH;{zN6p`1;`mJ}|i
zqc-N}^1Tmf1K<^)w;r>oNNYt%7DV=hLR?4puPD$5gg2GLq1aOQ)pxZ;wTq?BpBm^T
zL1Lf=eO$OS-bv{msB<nb{RIj~*MUw%>Kb_es6RwiL4Ex-sGuw(BG_$br!vbRb3Vy<
z`J%(+Gw1jXgP=48JUpV^`j74zbsq9apsr1e>=HoUb{wQs2#x|;T@c{Hv)-cMJM9fL
z6w^xn(d}pfS$o<m%|@)URb=pEC}iKheG7T&zv&Gc96d<@>?{Ys06<DHVe6zVJ;!6!
zabX<;WX!`Jo_gcYiz-MU5*l!*OtAjRY5sFJG@e>ejjoXsTTuO))1Rxu1E|kyi=N@#
zRUmUAp$C0B>MF2$aJdblTZVf2gJpq?@zqTV{Fq4gnM>yYRJaIP8<GhEC<I#NnjL)7
zIvd*|x}a@RCVBEATHyVW!q7X@k8G%17}VZ3Q1|{rJTSNJbx!yg!t3`eYZhQO6er4q
zk09~}s7zebBmSX1-jhHS!bCd!z&N=M*Fd)1@<Ld9VEU4r*y)ok3njm`(q{?a&aHAw
ze$mC_UBOB(F&Ju;{j4jAh+PB-t#T!`AoG&)GdlNubwR*fZd18Bi<j7sR~&EDRUxd|
zRA7-F>tek@4iLM;mR-lo^o_ZRkou$leRJK;|9QC>B*wiRK=!4jrcy!eTH(9NUFnPM
zK|%RgWF1xy#5#f;g5diAYKAr*%;v)UK#)dNVu1WrldlxU4C2rIfy<vS0{sEtk?c?b
z1F!%VBIY;hhJw>j0KrRZdkA&!VW{v@d9M{iEdlxB@e`#VZL1(dv=`Z71G&J*1!;Vg
z4tqMhD)6>1cc7WzFd|BJ7|knwxG`UL1yL#Y7ZKy7?C1WkU!#E|rH{A>I*CV~KX_nA
zBdUR`m7Jq20AGlC|2(-bvw!u&XDz2HCjAmLV|i(X1HoM7IqXPW-ODd%NXLNW6F;Av
zqR=*$_yvGwTG|C6zW=`S|G%OTsJC1BRQFuW7XM%)R%BF9?t-ii_2Fr{?wA8;r^BE1
z7}xDkP*#1Y!OEX)(bB4<HrD@t10<g7IaD2LK=e7kw3xC<qY!03ip3Yy2bEsuEryHP
zvtGDzUdA`keymTnaE{i{SNE0?S6?B-CcYgXKo{C=eysc~2s!x|>;0c0p|_>QaL%3>
z9be|&Ghd$m7GxPnZ0y<icg)}sNYX*NP&X}V6Dki%WuJyWzyY17-B2larIyhy3D_Q}
zW^a>;B(z?Vhz^Gh0gNu#5eV2(Ie4R6_nT{NDC3?y%sx}$J;!&$Mq{l~Zy?eJ;9^9l
z0JR@>v&jj*l34o%2+ck+j#w@re@Gp8-uQ0?!us>NHh%qFgvEaTT(8WO@y=vXS-37)
z(bMIWhU+;y3&*fZwGzSg0OnVMtw3XGVUU3jmkCwa+Shg<dH8k`A6gMfO9`^g{6%Os
z-GbB!eVQgPaj($|#Cm%u0k76jX`<<d_vOp92<Qt(Az2SFfpY4&asHrNF$l3b<Te}I
zDV7WIOSZ;-OuX`60*Na;HK0%g`+@;ixni7enDUi69Z9Qo?-!RAB=OD8#lx9{e~T5s
zPmkpca)Mr(0UAx9GCX9z%T#@+YWx)+?J*P-8}Nb%A@8-J@5kMrTj|~F7Kz;P0hI`|
ztjNs`^dUeY;A#>?rv!Z=C{&zZRb<(QWAH#!3do5!Ffb#*^4Y`jF_+GGu5@n4=#!}x
z=MTQ&R`37Gi$;G9yghfe*qK9=e^ymU;(u{B8p|bpqbwQ1B9X<J0E&aO6+s!{U{7dT
zV?&BR-u~nRsI7fj06&);<gq~hK7il^aIo55lLEBX5VrDWA{Ar~fFB6q^FOE!{=e1#
zfF7V4{FlZX+U8`eg!B}CBCRBWwjY|~vga4>%s~$XP#Z`;3Rn7j<Z-<CsS%-7+?=gl
zH(+7*XIBYPh*JG#q4}oQMM?QQxDO@s2-0HmqbNJ-u_IwMVA*k560K+25H}>GoqeL~
zhm5=Dl?&1Jf0)Pr4CcR@yM~yB@hq$sqbgZZ4KeB;0SsA={sgE|-S+Ci^B`7o51j;j
zXc^84x%bh;^(~8anMwi7<E)4^c{W8kNaV*j9s|ylxDPgX;{a=@!5fXHHoHZ(Fh3u3
z$~u3u1h#BDXiZR?|IimltvU9Bq9m-%OBEgY=*uzpXTxrFouF({7$Tyv2R4=g1~l3=
z&j5&yjIhXooUBXedApsB0w5k-8|X^d)yi9(al@$?j5Zd|K;tp;Sy#S%jzAkzID%v9
z3#f=<D!%Op6O%<84yk~^diah@%Vce5dSJe>x#$07V(>m$dHR<``O;DNPs{u|>Y@7C
zSQk@aC~AFGD52HT$_h7TT8NbBsKl(A(YC^Zf@F<sH%~vP&jEvzny^arl!i-n5{FVb
z5jJ+2sV!>?*e-GLqtKGYAY`6&`6KjYmGa;nS|O~43faMBNzCN_>>@`?^F{KAzevvi
z^pwXqvuBQ8f6veI=2ta!&`9o0qUw`2&<7{J$PJ0xA%w4tGdNW$TXJ|5N-br6*%mMS
zsAG`ey{XbKd)3*Y!4?gv{C`X8h0uwrRUr=^z=b@-bU{k~OIIVAlxcqs<XhCauV-wg
zV|e3O46Z&M&wJ~>SFb)k($7H$1#HP2hC7Rw!7Td%D4G%JD^ex@N9GtZpn6WO$2DMT
z7kSll6q3q(a5m+&<mTjCE~}F2>PlMg6Nb-Dkw?J&L;r1rdu0dt_lc@>|64$?qtOpD
zba>2B=izg{tsRIq(o*bfGk+of;7eoO$h!PC$xGd`4P|)DS9|;{h^y5Qq0-(zw-`+_
z8CR)J+YI8bkmSBCEvYt>6Wc2e*p-pMzD|GFg;`3Pk?r!oy{NC7w=6nKe{{tJdRev?
zVa@LRT^dCntuE^Pa0q{qb&f`RNLHucXnJO*F`7F?W|3V*Na!EWXX1u$(lJd^t}HXM
z(!MlOwBuIKG6%o1KR`#(ro$#~(F$ah1~2NH71dE-%6walPM`9nq$&S7C@8qy$QEpE
zT$^QvlBDn863-Gy{y7_K?*MB57g)E>9SeTyG!IX%JlBOLhd6BHnWz)e|M^Nt`M!4^
zD>4c<6EZZ46Bi+kXLQ%y-@fxr6+k!tkAGz7v8X#F+mmmwrSBRajz*IpYKnbj#eS6~
z2$j~}8E1Rv&<PNz-;2Rzg@;V&W*N*I4jPQk%#i&}_bO8b<dg^4e_SxMJ?dX!XgCJK
zr8h|X$=*NYknMvnux)4B#(XR|QA9i_12@_4qJ7s%+xGfX_H`ormE|B~V41V3`%}8{
zm22B0<^MkEc%w({SB7uMZSJLV@~G=f9HkQ*Er@f~L_~Z4THW@{a|cGW+Qv6;cN?%`
z3x5L;mM>E`JWgLq2!2r$Gk;O8PfDnw&1q}*wKHE1V6Rb0Qc9qD`fhhB7)nQYWGEdi
z&c8TsK)Jc)b>i4RU3Lr9V0)*|K`wxL$=k-XN8fv_hx9|Jy$a1_H@_~+W$W@#Ay_o1
zPEm+F5b|rl4a>}AK0}Kl9uPSIiwa>1<kM|F04IYw4_&B`@IGJw`pA8=5j2U&)VXy&
z{0hPlb@iZ;QkEAx=Q=txSP?<rzidZ17;eA20Sx1ut0kfeH<|lFQkJ++bpb~PYP+6_
zb&wlFRs`hmEF5+@09{J?y>ne9;%ui+5(5hs7Nvd?_W<e}6bh0P;N21VA@o5Z?89bp
zNlBeXu$1j@V<4>VY^6k_2@inG#-VAk$xEL6f0-b=g?e#@z~O-idRNIJ79I$tj;*_Q
zlaco1tMBVru<vp&V=dsG9`C5{&)kvBxb~1z-OKWSwxgD9@PT5NT}cD7qq_N?q4cBu
z;ZV^%Y{SetUy^dCK$;Rkuk2v9f({ITyz(Y+(nt@Q_{J*Icm!pG4sAIVBcso>*a=dm
zI#8+3Pnq>EK&zVx2(5v_B{MGbm}LS*qvDAFB$ODhX{t2T6BVc4q$8BN8MhWYDB97~
zPa)j1BXmE~#3%yod>49tW$F~&5=J0_Te;ysHLj2ZEFBix0y-{NQ&bx$xRRrPv=Ojb
z1Ojr(0&-rxIZnD^<GkhWGhgrzL(lVY^o7pQ&6zE;J&h*2TP+(9@5@^d0>FNd?2_Hy
zWi1IlN8QuvM=Ci)+YYo0)ST3y1wM#^M@16C;3#x0i1WR%mOhKIHtogFJdWh=96|)#
z_bP8R(oXY_LbDx|)SxSX?k<6iBxSPVo8ssAjcY*T4tDqj?%<nN<UrEwCDndJOyT0P
zMlehf3e9~;E>uxbF(!qFH##(A)Iw_T0BF|79y44}e?I^Q6zcTfT5e!qZW|O616>QJ
zPJ5sbsRv}Nmo7^Oz+yv6kF*Q^RvIAPsi-geGF?PM4xBz{TN=gunkZ$rp6z=)0HCPA
z5pVpZWZKKk!OM1u3YVBMw?#1&;XXs6j);7ae<FKSbtErA)t<7IBg=U(&YcFQS8#$;
zqXW21KoD+%%x270=9}LI5OpA=k#x$U)>HVwh;f+K!>9ykQS>@)VO07M)O-MAA4Po`
zfW!%|L=JeVnWB-6f3u={8Q4wa=}|XlR<1(zdK}Y>i*DaJMqJIoVTLRQWaFqWgM){l
zOooOvXby3p%!BJBpe4G?rU&l>T_8rW9+fksuRAlz{$QxDj}+DysMELU=}0rV2lV>B
ztT42oe%o+p&kf3oNWK8?0BUT<f8uNZ>Iy!oqG#-hKdYj}=UlDjbim8N+>`C8S}Tw-
zffRyXgdn@int~r+`Vl0M>PeKLQ3~CGrha3`%Qldl9XR1Hy}h9T5P+l`u>|N401g-_
z>!<MhvaN?;XF$I(s#1y|Nww;<5nI0qxV5y7b6<wCYQX5g6NWAxJvxYjCnP6jqQpS=
zoB}9GQTNok4*=b1Wd(;wFYcZMJAjo&nw~*aTu;95>M55W$>~Ud?;iN4bBA+7_s<T6
z2xH(wY67CBHZ&#3WE^HzgrNl>65*Bt?4cIpF=XPhZLk(m$QDI`e8+TrJtW=gz$~FY
z$lk%(E|);s+E{F_Ymn&$+Hn9XawWUqSskRdDDLr-RztRrXq4c<exwM4!w`FzD1*WJ
zp@)VS+F_t2*ykGDwDS408aUH1NXd_vm~Ji_Kcord{Ltj5eZ*uB#bZT00Qo;W0Q9mU
z|J!Rj^s#+!FGfHwSpX=FAH3RrZT!gn1D$LzQS}zCa>Gt*-3AzF=$@tKXN5BX`iHim
zcL?&@9<XF^?r;tTLI{Ig1iHQGRaIM&#hvEIM#8`$PY1sQ-Tq4DRf|YRG9LcFP`G7V
zV4)z|0gw$286w<w`_Ck5n4wwW)@s-3!$E<_y@BHmc;FA<%w@$oexz*^iaG#4Z}mRx
z9IJTRK(x17N!<VA#{Ac$1@$G?B8o1caIzQV*Eh-3B%Kg(zIuczYA(QDRTWZ!1GDc9
zz@dQ&A<g5H%Cl8bq{P*zM=zpJ8KFIpCXu<K!oqQA%)AG?0%x&kl$0z%_H(&=_sI58
z-Vg1{o<31YVf{kQT&su#vZ^Mv6Pyw;@dl>^+iA!<So-db9Z5(a@DK41A-q`rDp`(#
zqC6$}ZHRv|8$t5G<j~Kjwj)~=mfJn}zX;RHW)`M3)--P^ByG<$dx%XRJ`#M>%rekE
zb$Mr7xOy^Snt$^`vC>&o#-@ib38M@jwk$iF8Mo0JM?gp-r!>7iUeqh@ku2}NVjnQg
zf5BCa3H5TuOpwZZ^WD;>_AvI|l5jg}j=GwioeN%>z|8quX=^psyXd=}d*`pd1&L=i
zIt1GvKjN_Od8n#=1A_z}Z|9JSn6NT@&>?8k;|bIy$R{&rZIRzkvs!)`-AMlNy<6kq
z$omxIl*Jow`Ws|rWFqh1mrL_=TcIsCzZ+3MRpH9ZUpLp-81iYEzd}$*C_FUuXuByn
zIr;Y)52ApNBR}mkXc>jizhj7R7bp)3%3)@}TCmO;>wx)^5}A-wRUZfsTFR)Ce-<P_
zWI|QV1HBUP&oZx4`>CbRqo^+YEv7U6O@6s#>j43{>y*`nHXG&A+=pMj+CEBT!X|3M
zYF#Zab}yF<U5I^0X3HfRrhJ^6L*1`NLp_@cc{yqSp#3cY+!T?Ctk|aUZo#GKgSlgh
z@feFBlxF#9Q&yFUQ#^sHIt2IvRMq*hvXs>kbru8HZP#QnH-6qVfeGnhhw<)htjA@4
zMiMfq9)^r$ri+uvH~F0oK|&50$xWU>3tr@H_os3{T3lGDmhT}Y*<B64j&n?wh=O^C
z-$mxVxSlwrxXdPI!o!oNtv`QiRp-wN{55Ezy+QMLN?XJ<r&PfEu}qu4KRFw-5qRqP
z!=Rj_M57;sQ@hLFI2XsEr{;B6J^sA+pJfag*q`-9Cfm5z=fioA27i9Jwmx@Q>Rp$a
z6;9c%jj%nVM!qL7$bRG&tCUynz6Btwfs_PrT78_ZF5JZvt1Kbq#~*kgHe@%s5clTx
zY@S!~V1K@X(CqI=0TVL%&-XS1mAJ#vGl>0qkBKxrpd|>((Tt;=0(IG}t#Z(9cuv*2
zzu#TBd-~N>Jy(+{4de0pkMcb($SZms{A(;2-5UfA9Ipw2><#1}-hN}xLQ%bSLpS<K
z2z(quKfR}A;1xdmxG`dXH4I=ivhj7}ZFNOc*x_?91tJsmo2-A9WolWzxG0^x`SXhp
zeha<#i>;`G8af1B+4)$HpvWi~4t~%iOS70mFN+;|MV94$tzJ-h=e(mw!O7Vi?48G8
zJ(gOx_RP;7%&+2Kmae3E^VtFR3jUK(MxC?sy6k)N$mvl|X5=)=v%-8M#l`acPj?G#
z%o1)2HuHD~B|MN#zjPC!$&gZyWa(4J=**hFBCjDdW3q1O{vy}OyRY9u_U8URnc%~l
zCu4fCtGiOrnYgl^v2UC)Qd$Jvt}YTgWwAjy6bE0CF?}Vzq;+a#?)u_sKfT)PNsX<4
z&kX<HcFOQ9Yr*}#h85H0=Ys7n$qqTc%jPJGYRc^A%eXh3;yc?sfoYuMcVC<|yH(#Q
zX4iJ*eEf&Q(2!})#lNjOVZOhC_+SH3@9$$|2au>tUT(X(w0h{WlVhhsyV%|?ddyFM
z<J}i659JkN5m7I%uDSOa^EIMp-IhoBDU-d)ov5D{`V66^(!M)Oghxbpc%3tEF`lYn
z4_f+~Oy20HX|p=bPiLI`y1-yllxTG3@d|Org9XkZbmG0QeYop+E^f&Zu$2^qtaA6a
z*gx%3Odxmf+4Af**Q_w!M!t>{k1!UksVnan&L}QTJkb`f9J~u>*=RkucyrfZed(i8
z7+K0C|BESW9~ho_ueFlu&}WjRzL|Nm%7M+F=4Xi-2-zZ%`B)uA&2FO1RiKwxcFN@;
zky#vT)BwSGDdx%+829J*2{d1IhZ~KADr=MLhDQ{~x0MI-$k1pQcl6VTb%hP((vk<>
z6t6$KJ-Yy#0%H+u+4T?0k|ZHA>4r@z3NFSPaghf#E{-2KDc#R|XI+@u-K!{Mfb9$6
z=z?!z&AFZz3%=V&W^g|19Jfs#zs>aW|J3ic+?!nGQPAVPjy<BMuR1(Qg7rKsi(_;9
z;gM~OF@Xmqt6(K@Ta^9~k$_pQi?&<t6qPM@a#U2Kq8csp+daJZD5e`^BC~Tp>aWBz
zK!ho`^bRGZ<~xzdNSs54=1Y|0)_q5#e}W|Oqm$p66OFHp>=gPA*tMN#2j~7T-o=%H
zsyZt;D97$5D?^XeH3F;P;N|ZFT1~4{qa6Ia!fb5A)VgIyWMz9!-?=p_ST3!9!S=Xi
zko~7ucxgnVPZW-c1PclXguEOfE5GZ*E7kQgk2WanGXXBE+=tpKg%Xa#v!|epy9NI~
zwfXKUMkbG4A6<?(d(?d^PjPc2GTeHg$~XX1;iJQA9QAdTdO7M1_chO5HVC$nc`Mv+
zi?4;^w&#>vjF*lg7I6DQ(CZ0j&4ITR4?23jh371}z`3-Kf)sD5*5b8eiAhLUPm3KU
zW$rwHdhqnhZL>wV$m!Lkest*iIvjD8I{tNX78%e<>&taH*FzKI#WzPA1Q?{XLUMB*
zP#<2^G&rme965RFjS1xU6LZ^?o;#;e4y@K_Qq=d^*@mtsjGGHdvL=Pz(s1Ur;&>(u
z?&+)JmsGBh^LjPUL`0}xRBzKy>k4=xb)A6vg;>Prtc|p6@Qx#kI31HhVkX*aqXAJ=
zt<F!_?q4T3^mQn>XfNn-vOv&_u}+*EP=Po=*2*}uS@TB=aQ7eExWR;V&J$7wJgVyZ
zt>i)We(8EE4is1{id4PO;|?4>v?W7Tec>}vf&69zZ>Jh{HFq>q4`UaSi7dwL_`?Ag
z;ZadxzOLzcgdbO_$GYJ}C(db<|1^JXQ#ISDh1^Hh5amm9yRQx&ZZi(iNNYQYn&RI)
zOnR5;XwBA2`r<Y3btyglVHTKU<w`8ckp}fwnVE;I*hE;ky=38t#N!pLRLBpyvxcjC
zdT5Fkdm`X%*@!tk^znSLXBbd9BQ@#{>3N@~ylEpYdhcvZBJ=s`Z81gq<ZSNJcpVKL
z9aZXhFmuh4e!Dmi*8MCpw5gtx6b!OKBU?lc8|XVFnV~)Rz}hm1BhHV$6Wp|JA0{gi
z!Mj&XCentF;@Mh}L|#`+`}%{zc0$B#PMtaxxa_;txgn;j6Nt<Lf7LH0lz@oH1G_5y
z`)yU5bVoSVOwBA0%WPU6udlD4&%%G_@tQ2sfI7gRJWUbqM~+oL6VMt3>)3*<oF>7r
z&AUe#1}c0}Q@Yi*se+b|4VZX)CAj^5ps5Mj{2)lyCJ~ONH4t4*EL8p~)mH`HZ&C!J
z9r*W1@EL14Wb4P^%e0|1bq-wkwZuZAonvi^<0h;s3nE|J7h-Kn#)k~;+UOpuBbiY7
zdG5eO-hkHJv?@PT=;b>Qxj$l$B(XRs(}9hnK7fUv7TevWVkyBVF>Q()J}RqxMUC2b
z{q6c$IH(Z+1K6*JR)*PQiLK~%-fX?&6b$~my9ZQMRBnC@PD;j(-8lV}9bWTz;%y0C
zkj%r32kNC9K!Kr*uku%3Y>z)-BH`(^jY2gLs+qu_5Lygg%mVDGz_9wK&u(3JwY_nb
zt-@7%f^T;VTjh%}81-UOC#O|zNO)gXRA|sFf>%a8TZm_XH?FMo1!#;N?5CzC)l636
z?uX@=DifV|1!YXHryk1}1AiSx<rnby_|w5*de|-M%9V1es`DyJXHHxST6$!D{%bSo
zDv!xV^vc{wPqe)=DaOkyHpE<*s`}KfCV{qfAIlcCKap(q(z<oYF{07lu%Mjr95PpF
zo<N^N@a0Tv1R*9PuIQ6~^75tztMwPlm-Gxzq{dB6ZH<R_GZwd;FxJh-suEqL9NF?h
zg9Nt1mfNp|-*Jg<xc-u|I;q)C+z`)?uWHi$o&e>esqLlbZJ!dWM#$kwS=@K!Vb7e#
zR&80p{j5b2JW4@199}^JHzoSlzvs$Bdnp_IN_Zq)paVEOQzzfZB<!(aUrrfcjJU|r
zQ2no|Dh<6()Jx#%gZwy8y*bMHCJPKbkasLS3lBD9Un!>u(I}j4FgjbsPtA*&n$p&q
zmW7E_<xg<HPS}Yk8+pyj-DN5Zw)d>J#qKb3TgM`0N5+#T4p~VWf(&^$!$xy@na6~g
zWv%xkt@e1iwDN^~roD`Recvk4;{P;IP6!Ot)rB4<wz}p&nEEY(ADKd^Gly?a@T1dS
zkAG}SKdBmFU1-U0UyDE)E|CQ<`+}P?X=!8W8l%6zf`Ev*M2d*$A{p2z>(uytW1cN4
zd|zocsWv!~AWe{RjoG_^pgXGyr&0!czk@F@iix`x@l`#Wx2+>pPcRvmN>POB*ET#C
zqT`j(|0xQ#Gv2qRzquLZN44V(TXw})dd`ux+}Y!;B?CAw=#<UXBiN`a<9GTP+Cf7@
z19uPDzbC77-JwDp$+J3UiMv92qb=t8v#)-AWM`0ZJc#<TT14INHuvCSN?mR3;dA-x
zuS&Kk4Mub2X#}2DBLjRh%|E6%u8c}$EB=X9#NKHVwLKGX{{wfRRsRAqomUOKRKBih
z_PfG1zaTWbm*iN>@&p>TO~@DH6c3>jrC2>KN=RH7_wcCHTyYRWOU^dkV7tjWCkDR+
zCD-tXdXW7_O|Y%UPWQ26q4ld+%~uoSmKC0gLL};x)#_>n)fLiJmlG<+^p94|w~tMH
zG;h-INz)c$g4~Xr$RxQJF;ya}>aSkCsg9*&3k%)743XEx{lQ~ibN@jMm*(Q(;T@-{
zR1?#1*^V4UT;`WAUkDP_f@u^_L~FRBP_DOckB`gl(z-;=p3Tr4YtF80=yH?o&pC5o
zn1A~SWF(`FxiN_2i66Tj9JB<%0y}JBe9O{OXLIYzmmK?x);5FWqYkSau^ST%=anp|
zpX=+v(X^w;O4V;}is9i0lS%opMlx~3ib!ntdY71M6ODowe_~ut7;!PIIFJIoeXc-7
z4ACeWQ-QowM_Sui5s}D&L&1q$fvp{7f`a&WBk-s{@gd&h(4hd=ZUx6rBqpA=L#6Bn
z(O$PN2xod7^C}?2Q;Ca0d^f3#ULd@I_fk7sEywFizVVjIh?V+G-Lbwb_MqU<5Sq8@
zYv$Y|=be*rN(y!bJ7ek>_KVJbSd(tS5;9x9vXR(jXIYA*WoH+g*AwH#6iie9v2sf>
z?7;))_-nF_!|F9k=e(L49JpDH_Et`mB7uXsVT;+1EFz^)H6kg6=@MFF+WkQeKU6$I
zl92Zz!9w~|dMRV<$H^O!vg}Wd%O6%@*OFiY<iMluu5|k)S5%PiMJotrqZSZd)qV<k
zOk5nb7~WasBqk<4h(b&I-RF<>4uhv{tY$-!MI?(E-7SmdAsPjbi!2ozOd4b2VpP>G
zHq79(G%wszNN?=BRv~aq7EAL0era@iW3l_@XhT@gHaj(C+`$h|W*~;1;tGt3?g(nW
zkPW_wQZ}24uOGY2j0;bVYei*HSEB;G&fx=M0@;!V>%iB$F1xKk0w}mQ;QX^8FutIf
zLJSkCqqo;Q)`BKVb-aj+i9fJ{^$VfN`Cs|!tLb?t6#28Il^0vVFB0BGXC;mGnGT^j
z*pfa#1SJnznteDcR^=T(F;nhmjM#b>BtNia;B@{<I!e|pE0wzXV@PF$B(Q=F@;weZ
z1Z99Q+-}kcTB`B!8eG}(TcJD{GB95k&jx<|P(;L@*B^LtBOur$j-#!XCQ4!3{}XSh
z7_R2rWhaxmsAPx3x8QtWD0enJH9DWLZO*FRc$+crbVo-)q2`Na#xUJCxc2xRL+&rZ
z3g2&2HaCyq1t@pi6!CB$_Qf3ZawO@&`V{K%aw&4sGrZWfIO5bUDI#);D}nKvmC$!T
z?MG#IZ{8#uA0O9X!eE$Q0|uc^x~uGi$HjkH%4zCc1tfzLv*tRI71Yeh=fNezB-qau
zrrU1i3^`z~{M!^1bE&L27#Px@p~ELKfxJ-434J>7*j-`0Y{M9-LlOKJAfNc{VMgPZ
zHCYYvIs19X+mBVs4xP0XDxEBxn~&j)p{75QGo7YhVy3@f=gvo`zR=2Z+fY4DNXd5E
z!z^CdT<SwW68{yZW_foNs|$;*B29u{PgioKzBg;+9j9e>*-@#CzwY8zGAXRl$suFw
z$}OX|vh(J4?*`1|T~=!?-Tq+gSFMS-qEdsyZRS9|De7!WAW7MS;HO6Mc+G--hYkRo
zBD0xf{FGzMEVS$?W2BObNJ+|D(WDC13z2_2Q&OVQc+)=*1THgF-u-pTAn*8F$<1_2
zDV{(^s9<Jc76c&=p#OFk6F$ECnGtQoD-`DOo{TRp^NBY@cUSi6r*o?pSTkm?m6<VQ
z2G<Rr?NbvjHj{e5x-(HX<!bX3GmytyRdS7$4qU+VED#pW4f>H~4;P5<nu(S;tQLJA
zs@shO$c!0lH*XhR?%h%n|H-RUE#~vfr`YT5xg4XG^L9w>zeNlg2~XgBgMQG`szy+8
zC9B?wj*)p3q$4VPf%wKEC1w=`MrB;c`!p<HWW}z}m>LW-obfOkE<J^Old5__M>JN4
z0I4&FPX}_=*AJ{z8YIMVKaX3N#0;K84|%pR+uw!>0govv$~BO;%V~V$)m{CE6XS3D
zV#g{Ynj$%aNlVP)X<g8=cry@T>~_c@_gR;8yD+{Cb1>r(HoMXqJ>7e4*(yGbaFqUG
zYjk$p^SQw>4=@}7p1?C-AWvNdh%bqQL4Re}x3D}Z$7&##PfgQn`nte{$~~;hWP4eQ
z6>B+cgy9iX9o}v}noH*TqAAFJvBMM7qHMZM+wKkz5h)6#a4_lMIsR5NYIyrJ`QpVU
z%JRw_g%wNBx*+@E)#>j(di;0r5{#?q_aC}@tSxA%xcz&qgQkr#RjYFIn=o5ib#0eI
z@@&GdxAvbqHQLFRwynRxC3)E(HapgvA#T!Y0CTq2L6&`xx4GqIySuj$V2}&te#5-0
zD?e5^+TEePO)o72e;tEkc{@Kq{>`THq(?!;So0_vw~XI3J!w8?zFZDI<yliu&ij0g
zl|`Bg_1Uww)4P}p=vw)nHqza)ah}nh6GQ4fx>H}v0d~^wI<&~BGC{Y$;`?TZ6lrCM
z%W9wxTFQ^%95{!*e`@)L10S|re#Jqv);bV?gT2BVpg=I&zkVP7+zR>f6m|95kp}p)
zSFu#c6!u492uDi;s!GkIJm0u2L@5i=5{;t7HWwoWHFOCj&G`Z#8!0i{N@)9bifwvJ
zgH=jEEc}?mokvZSAp^yft-RTcvNMcS)$0(~v|L<9ha#Pu1h?)1`nFe6@(`H>T#Udk
zi{?=8=#_6rCICSNVD$EWHBOlF-HmUdL<jb>!$QP@`z5cTUvPM!jZ63TN<+K>fvn6E
zIKHE$ro!vOIFj7#8W50HcuvM{<Tdr5L(F_yzIgX4>w<0X8ISr1(`vw;exoSQ4jv;i
zVV2mGHI)9OhM|bw+eaIp%{sk<%07)utXQHMRfLYg#%?$@f8qLFk#Bd8t*ofuQgu%5
zXftEAmW3^FKlK!*r8!@IS@-F0Uy#caxOU}@e*H2Fw}ue^?{C6Z8@P63GS(yBo7Ca&
z#|hTc1Cv-gGA4W795F5B0;}2X%QBIUy;l&3OfpiIy4sGpyTr`s`IXP1_2b}tyse3!
zW9&GheBE{SUfsfx)u52Kmv=n3yoK-gtm+VGyoAM6z{go6gKzJD*ko%KjIprOa@3|}
z&_5CRklJhrEzOoR!5@_K@n)b(*7=?Mi$M3L1;D2YruiCe7VvcYNg@I^LE(s$GKPRa
z|4(1Kr;v3WBPlgw5cbMbT!rX@1VqFLg8<+5g3bIm04MlH^v5Fy;m<a21llM>&KjR8
z)$hFzGmPO`gcxjuR%RQX<PTa(C{k;jAf(}~WXLp%3*qjzlU&2DUe>pl^ui2&V`!{_
zoG0<~1b^UPes|A+A^0Ld(jR;Nw=efc^4Cw{OCkOJL0xwr+Uc>e$f%E9LRXs~8&n_A
z!fS{POxeS;FHPiQ-;nvPl`@_yIS8?{+H_@2-+tx?uVkC&;-+!z2*$25FJWx4(q*P*
ze*QJ@pN!zoNc4VB!ta6o+n2~b{pUD4tRW{;BH2}*yx_v5Y$ED7ZI*1R?EcO&IesNh
zUMH<X;gt4>V$2Lt(AJ5sa4Smku+^PACNvNJ<^SeXL5<+Xwi`eCz55;^fk9W$!D>Tx
z^M&4J2z?`pJ4<@1Yx0w_B6;hJDvD}Uj*JMUWIpLZ)Wgq)weR1$x6{_FF9l4`)vn1;
z&@BjF_&mP5|4G)Ui~{nV`w_EA2z5ish>g3lVIQm?)(q9~ZG(uK*<EwHw)gs~D$f?E
zGXyOMeWzR;J%sovRZkx9;|kOtE-+myy#Pxas8|mt=SVcDdj>O0S#V}ivvu1iu{tts
z{Ql(F1}*ZPqt*tv30}y#zK>KrSt!yhuAm?ZRAwmK_Wd{|MYyEwKz_L{iO@uFGUU_b
z^#4BO*50*YZ4Z36D&2<<NpYt?4cf&fXRkyiq(x(o!|s>b<fn8?>b&dmZk)+14P&8w
zVw^m+Irj&#-V<5gmBtlrKfQ^`l2a?pyE+8w_*L#LY6kol_U1!s;rA!VRKa)1dtT_`
z1}EdvC_ct?82a`u2;{jgHf%Ke9v{4AYi-Sd(<wc%y*}OMEYgUdOGff20M`YJ1e3RV
z=^ZVsQyDMi5PI^CpfM92>TdsnhjmHf+s~_G2IO1J;Nr1kXC)mf$Vwh;6F*)puG;^^
zs<;jLMCGPa!LG}oG)ePKC+9(F07k{c0uk6MZ)xYK1p=P{t}BqCc|}BaLK4U=un+yx
z;C^YxCe!BpAS<8mD-Go2i#X5JLLA3RdY)8ihBIC!^)$K>_Xqw5-Xgj8JuAoHjC?VC
zT*x6*r)CFSftZy0EP$}cd!-grpqA#gh%zFyM*0`ESVUxw1OzCc?!n#2a7R0-__l8y
zAV!;OBiDYG&({IA1~r4j_>>LmL;sLWMr?M&o91q$bi33O{m|si2}wbxrJ5)cG0zM#
zQ`5!mrvP2&is;>E_9Ilf=J3w`#1Md{NRcUGeFZ_H7Ia?!gp`E|yWxHYadF}44l)|V
znDwd)4)bTD_>#cYICD#uOV3{L4gSNZ0aMbd)hYYw1z#X@Mvn1IH5HW+s6dshz0V=9
ziW$yCp?<Efv%+&)_dL1h^u}xxut=z9;pUyZ90I8Ok+Ie&sUf%|QnAD8vhzw4!4JMz
z7FgQ&1VCkkT{5Nd<(3EzV&=cNgbnIpNC@;FPeY2*g&{8#s`!R30x&MmeoX0!aXRlj
zwemdV7*d7Zx=zPuSh-Noq0AHLvBZ4O?TU%hvhH#+v1iKX{;-=5ffQnrX4lcgL!hYj
zQ0$36%or@y^UN23+c``CdVoMgFuK;(?7#-&syl~nazzlSy{Pvml|6EkD^PZKJSk|H
zh{zZpsqBV{WUv$fB2f{7=tc&W+I)?Fb4g>gWw^2MY)@<v5h};o<1}Gp(uoI;y+#CL
zy|)-q8m#4dmA-n-4-IPMpW)+<MD;Crlw%8c<eHPHJa#gAx_0A$ZklNK;?5^NwF062
zJ}c)UO*Pv%85M1CfRZ{95bz|X3I=qy9gnby+A2CVTa8-8Wev%1_8kUqVSTyvfsrgB
ziiVlFVZB8v@M0~S6c-b9_CTKGLg_EO#uUu?Q`#&dcR0V@ji{M%bP*HfT4eRMIVjJ5
zE7zt$22ih5sj96``U^H!9;jq}C~fWkGPLYl#&=pO_{Ozmf`|~s>vxMfr~4D^yqX_-
z$LM9s4Rjeo>Y`J@cN}A@O(dJ}S!Di)$Vz{&qe;R*jMuk!GkH@cHqu&(bwnNC=XOCA
z%*-gvB5W!P?|2*@37b-->r+{=Rfxehy7hWR6c$RWPm6c;^k>=FG#4>QUkg8$dq;z*
z%6F9yCgJM#W_;&#t8-E=#<)0-r_oJi+9_6ZyTw@sr)w%im&+kcFYeJ0*pM~&w)%%l
zC=9IUMe(7UPmj;E<!>0d;^Y`7W-$b-J-uc-O!tbW;*y%MF;BL`(ud9FY&5dG<8m=L
z2|)&55q9mKzEtlSukg&7_F1LJkD`yp8{B`Z+Vr;AZ0BwQ)_Tg%)@PSGt$9R030L>d
zBr7&sX`+v2bQq#uWA6qxf`I*o8j%tT79Be%>vzJ}ttR#GNxNpU-JLCJ<MFXK>GG`B
zu7Ch|=T7L44g+EgnEnA2{7I+)8mY>0_$op6TI;)ac+NOdB72p3+5C*P?nCt3&ozUw
zgc#~t;E9BsW#wSYX1`!<J@>3JAEH@R0%nn&=Nt*-lI>r5h+*gr>c%M4tr%CfGs5(D
z3-LU*ICD=)97n-5T&ywN_VebHrCz_t3eV_np3u7LPGXfz-rg-6^65Q3OyKvKd5pwD
zZthtm5KY)kzq<bJc+8{7g2Zh`wK(n?S{ep0l=E_<;&7L)$>5ZYn88&cGn#Akm|Gi_
zH8c#@*=)4=MC$DDQ9?o@>_Ti*$0Az4FU$mZ?@%#Fdr+aSx^CfR4Q4os4Hw0-Z)LT-
zQ0O5`cu=`3_oB@H$bKHtF_dc9d-3^meHiQ2jS2BS$<iDyE+(@$yPiZoD_3*o3zipn
zU^{4X38SXhjlH&UkICyo`ksW}|7h|})(XkiOk-xU-;pxN1Wjq%&3(?Um{h84?Xt?K
znD>xq%dPKnwXxGLk|13q`PQ6*31RB~;jBYRNec6}P5L8M$}V*~yke)i(@d_?q%<l2
zb)QA*>Xuzz(K;VYiQFmen_lKjC=EFt7@gxN*RNmrxvV0`AWKm5$jaQvTV8g6T{woV
zo4xu@xTn;I6qW&yAmQ>_7$wOxVuDfMw!^rG%~1XQPvAdus!@V9qZWdWL76t6;wl?@
z63~gg__?;LB0|EL<hhk&$h)R>grVEo%y%z;@*+sE0bdJ1?C3Bxzo8<y%wnHuCct6A
zU5<3gZz9xy?GP(5_fz?AcRSqNsH)L>t|!g?n`_(b<Xf|IS@o}q*J&VvzJhS3w{5Iu
zRoT*3(SQ9ud8dbwBvFqR+D$grRq;eS1yA6PG2A(4J5<S!mGoQ{F(}r76R@1WWbNv*
zqdE@Q!IV9yH~+atI_B&Uzx1L4pYYLhlV2>Qt{QpYvn^9ZY$-{;sG7?(-f~S@VFC{@
zuNIeHBkq|@Gi$2xs@-z=hl?a$@Dukzk+rBaLc%t=wS{cYMcKDCKU`Az^J+dFFR1ju
zH7GggyO|7UA3@zKFf3{8^J-l1?$?i;DC09urywB)-WyqyoA&N{{RQd$jSD`(xo38F
zsC!yocw4Itn7EZ@%>3{rN>t<L3QX+vo1e!e8cKhkWj=iK*X&GAqnKv5R6W4U;9KjS
z&SK{Oi?K|(=;Ob)Vp2a7D46G`c)gFQvD*#+?Y4c-RLavRs<Pn}O97rq7N<+EW}yv7
z_N#+_<4WdzFh{##APub+O{@niEj~HfRK!I@M2zazY@5<IsK>FuyrMpo5NQYEFv3+>
zm8qoHL&gSMe5Q5@j+15K6*CUzVp!{oSviHOTVFS5ytWm={O>YJ%grXZzU`zF5~=Xl
z;;fu!lTFy->})nqBQi0>tZ|0}RzoJEt@q#vvoGNr$HRJ=B-{$@19}8@!@2ZHyuavy
zCxu&;fv}f%e0awT>UMD?j1F_z4QjYcG-ZD}aUH}zKke)W4)t^b4m*A=VNKbW>~R5P
zN3lPiH$Z5p8+mlXu1^AXDJX)2lHkBDq#g-FcgP9^!o&`g=pRB6goW2s;1^c6X$Y>f
zn{H&g4|d(JIie`<>ACIjqvc43m)jBv3QPbT4`c))Y0WnU9zM|6m?#+>eQhyi0)?b~
z6X&Wiw*TDOv-gq6z&Ed{=X)$+48smltgkQ4cC~1#zjyLdCATQ<a991a${baTgd$AD
zfY()S>sh5?#&DHOP1QzW&33Vdr3bb=9pr>PN;8f%wB(T$6*Bgp^T3JrZ_GMe$WX8T
z)${F)U$32=Z=#{^MA@mTdWn4LvXvK3)L8`mzuu&$HhW9t8>$b*W*);w!TcYmtX^xQ
zLt@%1lQ*sMJwxs-bMu1h>qHjDq>XOk+v3g9`P<=zZJHfhSPL65^H>02=bEG+F1>X>
zU38lT{58}luG7OS6)hR-%YqQeFY4TWVgH6oc|TAkQEZ20PPg3lbNFdkKlHPQE;7IQ
zLwHhaBVDu2l^=^|yDD+&(_Z0)qdm`=R+*U;Gt^IH4LMG1(v~&fOKQa`yKR{To7uz1
zv|tOaz+pd<Yw4Yv>u>{7MNk|csmnXEO6M&)qbgf+%IfJWpDqO1Uw4!^QS|ztz>Y(0
zpJk9hC5N$ZFv8A*Fs#WcXsPOS@=}tQ>&?q@G9=QT_gE9RhrD$O)YUiaw=*Qex`uC+
zsuZ{_Ca6$c0uzah?Gi!U;7ZvcnrtJCdWlL5M1c1D4w-7fZzJ>-<F<*wGHUufM~7#0
z@pGgFN%^1a<p^%Se6$|P_X0aF)zy$nSY@?)(1I^5Lp9DwmW%Flq8I5r3FjFbQY5*+
zS37b2+~Xqd?kUF}bbK(xYK;YQ@A-?AMYe5n?wV5I9A2zQ>95YWIG!9ft0eAC5b21^
zo3ZX#FM8bEZAa8!x@G-yb3$ceGKs=>V`Z&h<Fn2SDZ{P@rm$~{iWv1xZE&L8kOsAe
zO6EZ9<ju56PU=lCwuoikDr(Bk{cO!AF6H@03(%G&HEl2VI46^u$`Cc;URG4Zt4~kD
z!WY=k(7<Y3bp-APIe-Fs#(9I*Ydc7=Im$bZJ1L(>ysS-UTSYjr%@5x9l!SuLn|jD%
zLR9-geX6KfAd$l-Ny-z)#SAyMAOYm_TmXS_!p%aV{5?N0{JPKBTH2y?J4|pdie!$8
zl@YgW_J*HIC|A9_BVFIOft&G;$`xVI@95~<p@QfdJpA+nOf*XjxApGvBj7R8DnCiS
z{q<}6jG}#K_izf7eJ95ec1~}+WcwXGF&;3`O!Um59&5y-eOYP~vhVB1`~x<-U(?hY
zS53s;dKR?wbB0)N0^|{%4nLxrO5z`~&fmjmpS^Y-BzrWFWgwCJNYHd(LrYw=Py4rn
zBRd@JEf$U-r?n1IR)A#k*|TS4XzCJ&^zX#Ag=f!*x!3;Mnamn4=PsS-ffZMbGs+V&
z%p&20tQeN|xUZI;uj<e4@>uY%EZ#Q$-@j^l?!5heLW9#!GU}~rsxn?8A6zH4C0w>T
zZz&$VSn9OM3V~<&?Lz!gk8{x-ZOr3DFB19O$sJ?5#U^R40gKOF&b_7{FB^Jyy1RC>
zwXALml*=lx$cU5cdXXN2d!L#bI;K@!r@Px%*oV#Mg}d6<r4pxA%<amG3VHi)=@KM~
zyB&wAor(9j)YhT^z8L~OVVq=vP>fIgkniY^JeJ|JgKfHkgBGdVTWwU$@|y!e+#!9%
zH#T(#W2Qy;rLE>GtgWq8G*zC35dh=%TuD99v8M~WA{dX0cJy<A7?5J~sdw?*dTK-O
z=u$pyNp+vdq}8x#hHBg9=H`=a-{5RjvcxsJddLs5vsXy;R-=-Iac^%c3LHt*b!z(F
z_38i*pI8WPAYWnSI;>dBcVfL4P&j+u|Dg_!-hb$=Q~6TprRxyvhjSbcLpGSZ*gdY{
zTO=cLW7DcP*@-%ri_2(pcDUB2ESHr}6>1z*W3y~%;o|Q5igzWH=St+ANsW}J_#buK
zYMI=+b@1{XuSbufC+$lOXw}wg8XyKJKtQ~xbgYLg?m?ng>h2MHllCJS4<9ONZ|Jv=
zr-d~mR&pqy=F6;7u8SARt)am~ry*Q2h-rSeubk&qT2VzjE#2`jNKum;(#llJ@*<=%
zGL>MmB_zsTX;~pVH0`rNj-=tb4psH%g{q=;9E|pOLIF7lg^>87WcP7&+(IQzHe9(T
zv%eG8a|l__S>diBWIc6E|60#(S*zOi7>giCyI7@X?{)SQw%p#UKOoBgOa0LcOP@gc
z4CCf(Vr@-avc(BwaQNh8T@e@0ud27bNek+htIi8-V0>pm2^^+v%PMjwt!8V|;vDYe
z<nGufH`)*DB9rhRua5CKd)T%w%&Zbt-YlMVO;dXOu)?E3;Otq}@<koVl*FXgkVajj
zs@nzSb3A&%LrEMZ`9DtW3ZJ?771lFH=)E3SxzX!i3J<NK#0|PGOfVrUi5^ISpql(_
z(WB#6Dr0&#hddO5Jm=JkDa<=}lr+%fI|~{5;EkUJI*&RiZOoOprVze5o?Bhv3%iy9
zN%arhgFytEz&=fIWPTkQ8hU0tx``6@>pitJrLm&HYSZJhF-xU3KQf8tS}~argRN{-
zK0TSQ^KPmFN1J8K9$Rx|ph#crk%?WYb*|K<v6fvcJDi=>qWrh|%<A!FeYeohIimTZ
zRqN|!E2`^8rUz#GSDn$OVVU!NLq*oj5FQfZc4D&OoVn)>8ccDw{*-~DNE!HKuMF&s
zj`O>I8u7Ea5IvR#Ai92&@;o;wzCP5v6196uiV6ZW{nL$%$nO0u_1M$TVXZ72a_y&k
zTPl8kOAU!kau1u%sRH>aszYw`9Q`Fk2eRF>lUtB`UC3Jc#gWo_B&U2XV`&pKiqYsZ
zE%G`N<=IO=V+@!g9xS{wCJSwJ0?j7sw2~&DtWrw*Eo<wRcf*O#o;{k7(OiFEDnRo}
zOC86=e=+4a7bn`zt}-p3p-EKLEy2}{{wz)Smzke@Q8lz#b5%uX*{vbBuAb+{?~KU7
z;w-#e*Te+}vj&^ued^o2UX&S;TDm^}ygv8Cbu6om7fMh;ru8p5Yuj>qd7_X%Qt71T
zR~7$y(OapyoKGv>++Ef1Ong<wgj6=+_~YJ;;@dwTsfE2!<V1owK@=}|1`zXd(8>^*
z+*v;HHH))~i|ESWBaAlVwGSY2+Uw!j`*6QLCCI)m;tJ?i5Tz0zH}Kgthm`A^TM!d;
zoIX0I+RuKucRMZ;kb0)JGG_J?slHjWS!?whpwrZ*JYE51$X-w4-iLz`4TPhJx<C(m
z?8=qq$LL)88QQXI*YzS5!>Z&!DT7KC48nnp7pE=3>w}tAdfXwO%#}G&E-Wui(TLyB
z!W5vmFDY|B*SXl(h<>Z#_g?$-7x&j>S)c)gm-^UPHoLgk*4nT;;Enpw7($51nEnrU
zZ{Zi!*X@rFAT2G8qyo}{bP6I02$IqvDIh7`!VuCRT}mS@(mj;4G)N994H851+oR9D
zpXa&vd;ftSFJK1FnRE7Dd*yqrwGYT2LZoJ^!eH94v#2i>wTp|2azoNnXgU|EZgz0j
zo?5El^|`2~Ci#%>IG}9rzrXHSg8IRm%dpdtAHbb6Vhd-Q1bYKnHHaKsh;OJ}`!Z``
zc@Ab*d!p#xW&u94he>kHD-@#Xw*Q>C91gO;0={k3s*Y9mu_q?g6|2rYxSWZJ8USOk
zp&MBuv*Vk5P$9LhQKf#X{|Y)FTRvZKc=DQs5%a%_>ybswDxVH?7%mUF9pQ@b9*f%w
z5zum10GR68aU9O@1@VC}?@R7`S)LdIP`~!yQ+VRvWs(@q^?;N7dS@5ajh75Ik7&Gj
z82M`5qp2gF5fq0v%JIZRz5dUSF#TD2uvQWF2|UO;`kcE`)1!=;qSiv7su?ICo*c^k
z6UKX4l>c2aj=ZCP7ZdP$L6yfMvR-WCEbQ6P)PQsnShUvTF5W+G1KgSubI&yEOD<~r
z&&PJ$Y>cs3e}TH2@gGy+)`CTi;*@^}Um4krV+<)MEbJU=`3_hRCY|&os0s~)wFDMc
zQSQ0)N?cK02b+3e{xa6SBzw4uEBSxPHDIfgjt?GeC_6FV9x~sEH=J6-0PKrig9;Rc
z>u|);xr(}`xYW+F1<V9)O#<AbAH&l-F>iKuH)PDl(Y}4Fb~p8!x8MK%1{kgGL2*oI
zHx*TCg+UAs2!MgcG2Ol<eVPqmTYzIA&&WFkUD&37O4+}{vZ3WQAe-`{<myH3yjBq4
zT_HCXwb(2q;qd2so&Yj}5w`=bX}tYN1@d>T9(fjyQ~d?y`~WVO^6SZyx3g@QqPAOH
zAmBxT7(A*1z@AjIPuTwD$ZzYZIL|wvkAyaPKAYtO2*{!{oLiZe4|C?5QSRB!aB^I5
z7EVJT@$#HvWK|CA09XT4jIL&Xb#%F#Az^%%7|BgBhzi2BHs8!_KFi^s3-@{tce}xO
znO9V1#D|BRF-mG!QbWu^rV+Uqm2sN+?LS@3_JNf_hIC+=evJGK0$6~}Oa%e(hOi$b
z1C6Fd9mjYlE_G?t7+`e(ZnXKJEO*mN7?~j!_Tpfp)@_xnI>+3^X$fCl(kmQ*Sje|I
z=G$^W2g6RcGQ{M54qj=MJ?jJ%AD*!|Z-;}`N)z{`44rW?QS%bPr;`jYUd5uFnD|%j
zWR&vTG^qOYyuh$u+<#yb@<PUDMCqepGk8#EWI_1@iMs%$SvuVyE{=KuSV0B}&?I{k
zQZJ3X)Oz>$sG*SZ!eQy%g9&!km})0Ukp_=E4#7h)!#W>oWV{JH!g2m6XeQVdhlYz4
zmUsHD<Lw+2mz@2{GBN^bl!1cjzRw>@ebNUKQCQHjI#Ax0jRS~L@mv%I0#FCop7vLc
zK(GS=63_j5Li_X;Vg|8XVAp!0Ux#GNhLaUs3!T(_PGNDm(>btYQ+G1)Bc8Gs&j25c
zD6SR__?QBdf17KP%aM!4nC16Zw^+K=yR9Z{*v#~ceM~SU={0Zy;SmxZ1-EZ%y26V3
zK<-oRq0b0*_}SNzvk(NXbTV%^uyMmJlkBP}NgtjcniS3BA%kiFtKrkI-N8|IKO#dS
z%ySt5UoN5ozdizB-a$_?(qET<d$`xTf}>Yb%XB9v&V)8dc$|Q4=5lU)i}>?o)Q5!B
zRmbxFzJy7L-)TuhUjIetXs%{A01}~aD`$}-g4>^0U>Yh6V$)Zc&YDBFs`&}P66A3>
z^_dON58oGa)lhHb5j%8LjV#D3o&gBq|2gNM$=)wnc?UWTY_G99n0M~r7(2c3Iy~_%
zN(`^o#Il>qKx^_*XZ29NcA?duvxD-g<d5RY9s=j?A;`g(%piaWE&i^OH@<u$ipXxr
zCxFVXtEjq=wvH)0EgGXr1A&CYhFQTFl`)kn-$@wG2#8H-B=s3TW{9NI&hVZzu?rr`
zws-=R+2aBuQ2N{2Fv+kZ-_YSa8amRGW#GaC)CZm+P$rz=*)?{M7Xu~I+HZv;tp&g2
z-5D@H!GTW*?!ex~>(#QIC$H{rW%6eozqq(q(k>xNa0d(uP<=Ts$2=aoK{6Q7S;ktz
z?}t?a=8pgBLnL048N%xKHwBfFo+WS}3Apk{Wne*>jo7pYpyg-0U2>6`4)ugwBCbS`
za)TJQk8ysrMtUUamd7>|+gEb-fLg;QMOjNKdXCtwV<3C(MFZj<W#KK?t&_9|_w(H)
zOo&HNq*z00_IgQu1RpVKCJ8#h-GA2{X04iMtOJRMAi-e3C><;oS(m?G6djte<u*W<
z=4g=>HssvUv;KKs)851WLnC1?rw0q;SDIRDYwsIskG{Tfzqe~&Pbgscn%eLGn$*PG
z`5?fiV&3z&fUZqzG=b2k4WvfLhAO;zVS#1X=(y$0KqG!AJ>{kO7K~$TTyW9$m`Q!M
zJ{aJ&1?pB}KIf>Nxrs4p*Vn3@y+q>|(n5R$5c~CcneQuk3Zh8izVP9+Zzh!BuL4_d
zlTuJ=qC!@-UL-zlcBz#AHrs#bb<oQRk@A>80dw5$mtei~3q(jNuNM43eg#MXQaFB$
z&xz)~tLoAL4GAvEv+r6gtc&C8;bhQ#U<rU1F64R53o){re`tJ-i4hEiZyjd?1o93i
zqGyZj|C~8c5Xh9wRy97{r$)DC-3a7|;WpZb+PQP$-T-LF$z1?|03^>4D|P6LKFG&h
z5M&T`xnHg6cQiF%?j?-b(1>~HP^|wdK$)~v$F^uABTJV9)(l>}N|LVt-AI1UK+`Pn
zILQUj71*s|$I8aw@-vRthi0E5o@Vo8KG^V#$w<ZoN1an^v^i}`KqW~kx9D3X5VTA8
zuktU}5=uDKt80~ka4!%(SFew^=#9b^HP4tLrwc7_`ahVobna1n(Fab-0-sYYR+M(e
z<tMW1b{2im_3e3AEjKSCdo6XL6a|?>vw(rzO%QlPI)DRVx+8w?&M@FosDh>|NIQ6M
zUq}l804=dh1C>Xg(L=^2<s~zkl;RRT+!e5EI#=KTdZ8Hu4RHOz*s*WyBygu<-7`p3
zd7%g9JK`Ldmu7v|pY`H<ULfYY=O*A@40_C5fp&AHWTdc!jol5BjP(N02@K>T(2N#b
zWI119-i|;J)GG_X=NiqhZ^~2)^NV%mw*E9=hG=0OE=m&px9Jv*h>Buzn6U-?QXKKT
zEuz=cZTdGA2yflAbfcC=`ZR}59s!5n@>}eS?$*Wf@oqef?19WTk8}Vi0$*T@2Yc)d
zZ|;ehI3|k}(^Q-_Bv{CT-H}q4HH!FwO&!f(cHN|-_<F|oYG}WzCgZO&O^M7Fu`uFL
z{B?uP%Rp->u%tB}CvQNa&`vp{TgdZ-3jk7oM{EN+H3Pt-98m)Pq<V+9^G7#S^baY5
zqcYoo_7c+93p$BxJqyp%w2pQyAOzUT-o7ht*dWv1O9qfh#LNr-b6c-JNveNt`{$n_
zte`yY-)+<1|Art-iT-_z|NlGrg%lYKV_E1Z`>Ex(Yzo@p-$<_TE3n&y?T3(2?XZFa
z@QBDg?7!+8`Fo|z<}S6XCxadcdtyf%hg;Zf)$2{v1#pe4T<)}sQHO`H8jT4$gFX!Z
zpYja-h+BVr%0It;%T-54G*tcRhCx<TU)7z#OfH-b50GtmnYAxAhqXBa<?!<Q0@yS}
z{?MK9_=Wz<FYkU>;$<nk-WT`(*Sdh0%lHzLWn1<@WJ9N;{_T_XHIV2)tgj*e7~ykK
z5SC|05Yh(E^I${_`WeUL<8g}fL`EoxD1l76ez?i9rQ3J__%~HLibuf4mEZrKp*6!L
z7#0t2)>mz;sPF=0tKg66an5O>d@`8HkEqDUMSQQHl*m}iNuFb9#70DggqUa6ps{^(
zCNO?d5};{uXP)3RL+T&8UH48@IMk3K+hrk&==-3{4g^rqAdX@;bNoynsqif3$Okro
z16OIMc;~^SZY7R^q3$+68<25LltKFR$%@78E{AuB2gCbcFnftO!SQz<+4}~q|3P2D
z$UpQINNfhrREKG|t$|JvoE8)JlYK?)2B0Z3Vyt#pgFaF<?x<zel@JW2G^i|$b@JS9
zKYgAd=$c(+0+Er&1IG)hvNadBPcvG<p@08ARY(&T*iDcYa?}r3Ygr!T3mm|_KF)sn
z>j<OZk;m=Zh5OZZSa;{H+(xIvChyuE)L(Jx%q(P8m2`h}2|6fi+;!{YxsE$=-T38=
zSg1js6}juvxI+zVjmBY%pcQFCIakU46%n<E{jd8jpSfL$-ul-VPG!u&1`Rt1!fG?n
zxko_$^XBfWX$hGrbyQ2|?3abdfPJ%kpFx}biH=U#hi4?i=TYv@pAhhYYe~e;`@5Dc
zT*)8dg?|F)z+DsDe{4Qo(8o8~Ouf56@*fpfp!&*i;9XQi!%pn*LFkOlwHW9a27!Jq
z4Kio)74jpB>hmz=r-^Xs++mX^CEX!9nDNN(AtWIc-%+S+@nlWN<POV}P(q&~uDLU}
zo8SlH{{L3fg{<#77*M>Ks$D^b<lZ;eQKW9er>bt-pt=LuZbO(D&3OE4n+&$508P0m
z8m0bB%`crVC|$(Y7#4&4aB`AC1E=8-r{Vg}|NG+o+kY+&$+6h(0x$x60m#{$Dh664
zu5ll6tB%a|wF4N1d3E<s%9c1fSLVIo9>lGGuRB8?b+O3n?wV7@0$4<*DwgiGt~^H|
zWsor{%b%BjCt8ves3RojqAa1i8*n{`Iub>-U>5#g1C_%w`O)I3U*nbTx*9utKK!tm
z<=?pq`CcMA`7SkL3y_yVkedhY6XSvQ?%Z|qr#ZNZ*S#RHc29qC;LIX?ADEThUh_o#
z54PmFy&RT&4Wx?{mSI{%C_r~Q36^Lga!JEe63N%ig<;5{#EF4Tg^EsmfTn{P%4vHp
zFaPiBa66n#)#~EHPqz~Hxj(R~ER`8Lb{7<r!LrE`AsSmx4;phZ^}XdO!cA<GF&G(t
z<1bGM)n9xB+5|0P(CDDc;tW&TOPT&3op%H8uQ-4R%edVZX(B2U#W-+zxw_MHkC9Pu
z^X|*fO`e1zO~aeiv<oEvsJ8D5LLvgYHPG_9tBH+>ADg!=EjRpQEc`)3CO^2HLF1;s
zrUl{rDM$N%3O`V;m`@mNnq$7o7s+|6kpnchQ9K!FY;&X*eRB-+Y`svBJ^T+X8dqhq
zjPepIO2&>NK-11oHCM)4EwP3rCL~1cQ*$A%d_2BR)Bi(54i$sdx&R(**|UfQ%p1_L
z9D4RbIh#M^8ui2fQl;QTElI0D9nlXAxj}zUega1KSIq!ff(nW>vk)S~`9EJVEnl5&
z#OQI1BY-(!(g9{5CgD|?eg0<Y3aAD~NEkHRBzV=@Eu3Vn!I{Ft!>2Cq2DJHsUbfdp
zMpC~INX}x<^SEwDS$?ii#cH?^Z__VBxeh7Q{znmyR5;trmf^xx0yctrs7l&4D%(`6
z-*(fHd71J**HshaA<u9|?0R1sx5+)5uAXCG_8tHEVH1-dw3A{$X6rRVB{@z3_|+mW
zQOcscsdDuR1K^nuKj_V#T7R-Afw;I`zIgxjwU4@F!DCNPOo)-aJ)zUuU^}?My`D#@
z_utM12|KMD56-&RzB~Ieu+Z@CjBTwy9kfrSm2<e7n#zlCK51^feD#v5<guG%(xB&i
zZTGYL#i!4Md@m3;t*{%!gV<`@0Hu61$Z#|BxOMBVU#wr~#uld!gDCO3Ni*CAk}gy1
z&QfImnKGZr&Xf?YF}sV!y3s*w%WLq1gPwM_(7@~JX~ZSAb$(2p#OF%OI9ZD5J)QiX
z&111E24;%gs$LJKG{lL1yyrs~2uA(5XdD&7Wmxw?T=?Q4_}Vef;1G*IPRG+DXn(5t
z%AJ+F<<as6KQ*o9YcRvp8s8g&JLH)Gs&6iC!#{sE&Uw4wZ!tt2XhvBntn~E_!*5bm
zGMKEz2Ph%{IXl8@-{H*b@PmVc2Nx-K%23L5bfE}3<%16Eu9ZozzDbUM1S^G-3^rP8
zm~-~2CD-2{WxHoO%B;^<T6#%yOw8*R<Ym!#G&G3m&6dEO^aovES0#<D9ogoachY%h
zIiL4{L%0^t?h5Nbv@L})Bs{r3;!+DfpvT4QK3HY}QGejNL4$$+G4<>6--$e+v+uTv
ziAk2RL9-*NLSl*3#u+YtFnS|*ARtwAl_x<0m##k`2#<)!2XbyI23$Pybk1t0N!#zz
z?FTE*n=FOELrkXP>!^{R?OziDTj4+;o13&UWK@wPEXpW6=_>5Fcyd-h@zcb089#ng
zxc*HlKV(RV6Pi;pQ_f-`nNX$`8VAjX@*SjUV}O2iY1#@hhXdUoV@Jf0=w_4ratU7p
z${=v-{NmuCAacO9cagUO&uyx2@C<aAFRTv>>?qNyw?VJYw=i<k3e6wNSdNqAA|Aw;
zjfr_+gL#1c90JK64q5J2W_$-gyi)zB*b!V9k1|<C5XU2$8a6v72?p#U7*k+uhhiCB
zCm<)b>_>1UKt@K1)2`3a;`cig<kY~7L4`)(n+M{)DB$$yYVY7Vvl8{l#f}~|Ed45s
zEy0dY#oJ3CchbJ6=CB1ii=^-W1O=^+kX?nrLHmY}Zvp@_!FT5_ToC+VK<}4X069V7
z+HtMpaSD%(ZkaYnjx}Gb^A7viJ))8w9S1acn7UlP#6oGSG2iuNA8VNIWa_6Y%7OLV
zpne0Codz@*>@@kH<RPLWQtxOrzrOEyvL;<dN1EY!VuQ_?opo^7i&(BXNs&AghYfpf
zM}{kY%xLk;d=+G@JScI5KqzZltgU+7`0z`=Drqy96+1saw+ACeuE}hpArt{?YkN#1
z;&q4JC-yN|m&vjP!ib?{#Jm6I)U4_E(DGZ*eXxnnONdU!eNATs?fJz8)K_;6tO4xT
zuL8?jx<D_EdUXddPox~$&elRNW#o`jc=_tbjS*5L09hEgd~hKL+E#14ul0|f4)YAu
z`L_JrE${D#?ynRt5Tcc6vR~>JjY|W>=%$(@0TUAw8gQ9lp-Di%o`2`I-TXJC&N)3g
z>=g1^Nh%LdexLbYwE#3Xp4T@^T5Z^H1ZU!2THT@juYHyLME_MMU&IAHvRsL_Li3vv
zt)vg54gnq>ci?*R%|*ik=Hpz|&-Lg2`?c;@+y=j2iFv8BE4Cw5h4U~qbf?v;ZmMca
zKruOQTig=`0ywsKu&8bp9a5qh26X7NM?2hx&F`$-b+2z$Hc;sm8+1y@@;cM{i)|YE
z&e!9OVIG%zXE$L;hFI$C<JvKNvU^X1LGN%sW}nKe5In{$u}rVCXhO5$BIS&K(Y1wu
z_~bZ?uM=X^VqU1uHf(*);;VO$E%4&}Ja7`ycRAB?g9*7Pi<>amx@Q073wBoHTRr|c
zzm-^3nU~0UgYCB=PrYVlM0*n%uJ2-aXd=)pd`v5PcFgPLyz<f6{B2!|VSay)s68P-
ztwB-B-b0Jh4I8_|y;t+i%Ojp5|7E|3hC$80)_ZC2C=^trTKDy7p}`11X(3H-1B5Mq
zH;psgwp?G|O+iBg%HJm^B}wrn4H#^=xN4a5vszl{EQS)W5aImf0TB@|kUJRQrxlG`
z87C!cPyg6>2awEiQ4T&QhD$*G&){t2Vw{1^nnS`rbfwkh^?7Q}HzP%e0f_N1P)H&#
z-{n#86VMskTViGUG*ciAQPmcy3$AhN$^Gn`@<pZsb+(Tgf}DrkHzyIJeTyBT(w0>^
z@P#$Ler7}7pN`@kHj(XM;L#O)xPBWMO*i5<z77{kq<|OR1D$lR_JUeR*ATZ)4r~GC
z*kjqpThP!T$9f+r&A_S*f8|ds{~b~V_SMj8VZcD%JtNIKYjtLN`oSHdQjWciJ20TC
z{N!`rw;7c;6c6<Mmev*)5fweq9i{~Av^5(kyMhAtg#wRv?ntXU;V!bXHr(29XTQ8z
zT>P|uUhzxW7X#8zrhURi=?&x=N$?i$V^_<npEsFJh}*U+Vu#+xW{A;=IgxyUS=EgU
zC-oXH{i;cWJ#iZL^y5e|D(wW<lkf?ZHk^cR&1%!><#^3lxvypl)n?NM&+$ikaWd%N
z@Cx@ke24e*koez{Vq71S5)4VZM#yBRLa_b5N9<n~UFQ-#6PWiI{)N~<AS8yEVA?2H
z<QKa*i25719lRXX2Q-&$qqV=k6deQ$-teu9xzzh&?>QWdnB61B_F64+U8<+P#-<@}
z{WT>NdG~^_&FCeKAoSwZXU}WCAzC)~@Np|=;T<BzICSi*sRc>aNa0ro&iwu6xIsa3
zj_0Kf`Q+Z-XjsAROWymPnT>iANlJ_{&+ZY2KKbWmfDskO4}nQ~Z>;|rN4I1%reD+u
zF<C#fb6MHPD)ICJHCo*J+-A@r3<aK?Je^jM=X=>tdvtQlM2NK#p-H^xZ?Bl@eMp0Q
zmt7Z?@cINTDx?fMMjh1Xk&wjwx#lvt?+0?<-@K)bn^w2+)}_r_GCL6j5>=dzMJ>MN
zujwzxM!^;!v$j!FC#n~%yY>)2EG_5>85#^#eW2z?*>G{Fis|%;N0Y37`Hva|otx2&
zMcMe~lT-UO8v?%<-w(m{Qx30n{p|~{^sxygobsq4F56o*H>b9P)`sW3J1+~zX3is@
z#L8Ep!a$X2SNtpeh}4t$ltT}CLcex+M_1R=wmqHCpvhUC(`ASaBhdFc%y6l<sI-f^
z<qFMjR%BV!+qGtX>--$UepTbu@^E)^suOMJu3=vv??F<bx|Qw)M)1=P1X1Hfr63wB
zXkDQ+sbs2xR>(iQXsJqvQLxjXLHf<ZgfMbdA2gnv+jV+=UX&TSsV#n({%=e1cVSXw
zZv|RI0v9}Q%4@Z5LlhMHmSB!9k5uRhA&`gZdq<rL!ri1<RSAh^5PGgOWkp5CJ2;O^
zCO(zfL55oPv)uY4BJhYHy{3);FYfQ}f9+x`!O~Pv4#EGlSn<B?)2S#ds|6zZbyV6(
z4|3o}Lw9k?vLBT>9e`X^ukGc`DYA&;F1s6gRA_Flnb^_33F9XkTFTD&R|iA}kSDE;
zB!py;uaH~U2YjB<O8I@80gis<(Wu%5F~ScYh8i}XTZ8*nB&=`QUE)&>q`0No&~uE<
z4g@`x{#FH%2CO&8&nPvO;dJSlfD;&Y?8-o&h8O<2g5uIgVBKTtXTodmyI8kc9Z>qY
zIX+bJ<NC7`KW7`q!LmS`NKV#<T)Lj+HPs-O=BeR=)MNU_FRGyk(Rg{hc=?Dz+)*tp
zJ!z42E{`E%kVkltR?;pP3GXdB-A09!CsBq;oE#``yJdPUw#ju|phGUN3GBep(k=z=
z8^(394|6R-kt7Q;1y$Gi?Q#cwuYB>!5{YI;=0@33k5&EbADGyj<R!@a*`MUyW4L>|
zF3~~|r$)ZNrfX-12FnfK_)oC{e~oc4((9qo7msgtOlDjo);l_XO)i}34=x?N@U$ak
z&~EPBG;I9MR@(TXZ058|beGK6?)7Wca5A5@X&JX0Ww{RMwwoB&Q<gd3MU=+lOy7=f
ziEC`+3PIX=-2Lq<Ot5<+jT$a8E@ZVhTjd~bYjrY9dzUk6LpED1pAA;jlqK1lqaZXw
zT+vQmD0w(ir-^0P7)brl?9x4#WT?e~6NvJ098=f7ygcb<1>pmU>W(|SknSA^Qcs@Y
z3zsEwNm4XF;5%Oy-Gj48UM0Ip7?hEd=Wzq_pB7Z{S=2jyl4Xn`EQ>)~@W3)W+e}9a
zyF<4=0wUEZRjcJojtZMzZ`m`v=FgXSBSEiMTy_^fIEm|IN3xmSR^WT&y?Ze^nk9Zb
zkjrzyve1P@-5d87H@XY3f&Sx1RP0!RB%y&6-si9=AI7IA^WH;Okm`WGZBNaUrb93j
z=6vyKli|09msUzIj6R)u^IjMrww;E;d__e?6P;*9=UM{KVS+nN8j3P=Ra+jn0v=az
zS`5AmGx-b&44XRy5^9YdXtBQLu&Qxso)DL>6y{q)inaGBFYbRR$a|`lA%6CFemt#m
zkvKftCUiHqd@h%iW8`x?I+siJCzp3Ucgb(WA3m(xsU-^|Ma;WO>GhLu9)b2E*w*pV
zH5x%k*wN(NzVhpP8uy6XvZK6T*-T!~G=~Fzg$R(h&e=wtN_0lXdrP2xA{^WT><t5D
z!!1l4DdZo*9qVSN5ZpIx(iredDAqUEd2hPR%P}q_7qr^>BJ!~AqtLqG5RGtOub2_x
zi(SkfLInKFAtb#U0r?p|0+?7pKYXw^e`n)0v)6LnwfE%5VUO|-@hFS3VdK5`!8S>o
z#~xrN_KUg%p{*|L-*{3vYj?s7NoPFwyfL37(MxGDL?DtY#n1f9LH-dbuP!%lclvNg
z$vX?Wz#TL%U0Lt^oJdGN_wX@(xZY@cvGmHRl#=+l)i^O0n%BLO{kfZ|Zb|=OTA$kz
zEp!maW^3I&l&9IxXTuq0(E`V=MdvCFe3xC9u2RkF(oVo`K}*)Ivk^nyKABqUT7DUw
z%?*(KE<0cD`K{6hc&7c*O5xjelshfHvWzNXC+RGmnLF3p16tY|D1KO<%Yb=t@FLlT
zi_RUoQknFjz@%Hu5fPoQN&R{J(tJElhr4S~;Hq8k{=)zw<<^Rfh_DobMXp9q_`NW_
z*15t1M0MRJrgEFM8jLYh7?7{NWH?ZHTk8swx8oBoe76Ifn!Fjk6q)1DZxWVK(R~vX
znZvH%vfe>zpTY>KGw<k<?T^!E>a6EQT69ktiNH;=Bo|Vw8gxjv_Fl8O%&n?bG~+|1
zL!K~_Rs}ryl5d3<i0+_AZ#Oraeg{98y&e;M;_br2qVW$4*SjxhL{AuEd+z0NDXvQm
zZnto{WODG2R83v6$2<#p5Z~v%m%e+Z+dbt065Vebd|&bYZzhf%1IoyRzER^WEAi*!
z>0z~YrfgNgU|@aZRh#_m`B<qULN~4|IZgTLHOgG>jy^|{<sUEMo~mb<pM5&{O*@?D
z`gG7!2si|D^D;Qz`*4TGvx%7>mJ>O)IN%fU#V!~yh~%20k`i3-=0F7Lwdj;6Z8BHI
z|8!Pl`Jdj$4ks#%v-wmR+$m>dd{-*z-|zW%1UV&)^on6OU_4_F!MlGO)4z@@k)Rms
z04(TPP9zbE@qZ2*`ImDF7S`yJB=TK27S{g~Z{otyCsIjdH(<tvChBa2kr>)vJ5J8E
z!mUxA5gTUsdj{qepSb5UoJC)a94MJZ)>uY26ZD9ReuZ}rw_Dt^lamM*qNAu$`|YA`
zT^ZK-weZ`XvbeWbOlL!)cCk*cwdAr(Yq8+7`KXnXqZOU&tt!JF_!w_6Tw|j}^w=@#
zJso%Vc*LG7dHd_a@7{&VJvDD%YF{7{Qg!$ENY~^KMf>AF2or@pyP}{EC9ZhZ>AhyI
zrC3@uf2@j&U=vC+SmP;#mx(r5c;0YOux+IplLkL@e$yhFhrc)_7KY$DJWN)VsL}Se
z@G)Q6oJ*x7m(x^em^j+fIXVviw7yM<DiLMsl<X)b#)Fcr#M0wwSkHqtomI@$U3%p6
zC~vKMN^(G5qRYcew8hug++Z}H)r*EauHl+DYw2cfD(z?zudd3*-qC%%VLh;}MgCmC
zrJfom5X~R&D2=)`)vhTln=Z|7V3*L>yi(NuD1c;X2-QDAr-}3LI-$_h&sxo&zf@H~
zunW_qFVlVa&B^;Vl_$Q|4>^IkzDrol*p=M;^uX;v!Apawe)FCgl~8XVACk^9)N%!!
z7SCi%SbUmt^zrK#xiO7~Jv*yU-+EbTX6h}GLruH75KSXr50iXsGFmJ?;`qxSKOs5t
zuDiDM-wSj0TwR|lloBGtQ6DorPD2xHfZ|bJ$+kil9T^k_?hNmiPxD=9x2eD?-!Gb{
zTtw^k$*rAwmW=A2o`0}8ttcJ&bkR?LJ`@4_G%ha?RoKBtzFyALz}n+E)6aaAMp-;_
zzz&7I_avo>95|pxE#6IEP+niOH}+mfaG+!04$^vBRZxa2R@VwnqMI_4`KCPZiDDA$
z!b5}2iC<0C+_*IU-n2e#Pu*Mmfy-@-$nXYDXL7E}lD3U+=rY7k`>Qj@rEdiyW%L#y
zVAwOu0Ly4-ZWnIa@z-gM8T5*W&JY$d?MA_N={H<WcSXf*A_~zcRM2_8^?ugvTI%P;
z)kuyBS?Ov>_O}l)F%tM@VEScn*em8?RmjO<UAk6^;ZxIgZg;x4nf6@s49i!qDxYWT
z7>@1EBC?b5417}x=Ps(*R*F_CKR^YeLu8{BJAfyc<8v$e$;P`cSz9?D@o;yxNs_~9
za|cKB6;36htbfZ8C73bv#c_V3@%uWiilD3G=X^34u}gT@%VCo@=)BwbO`Am^n8f5p
z>jA+KL&w9|#+&I;G<z*hXHlO*MD}Z1O$VX6j-_mLGG4XagSp$d+LXyp+3FIpok*+V
zTgV%*=3{!^t_MNjXJ_}f=PT`W$I5gnBj-F%kmP%5J#lz#<Kt8Kvxeob3W22K23~EO
z2U@qpW={3J7^x{zpJZ#wiVm`N%e@r%MFYSgd^Yw>M@?&sw$q$FYDZ^VbNc=>F)g(>
ztsZmxLfcwtx=)1`gXIgQLk^$MH%q%bymYNjW;C^`Y8U?s4}P967aea-6gF#M+xcu*
z$K5UdMv2xiI&V**Npf7o`Q3vUu>s4^G+nBct2`q7j6%BcIbo#&u;Ot}n+_o{U60H&
zZ89}cuNs&4j0SXJvP{0=!-^?m4_=rpI2B$*&!$L-^+{&qrq<xP+n9b`&3a#x-oAfN
zT|WNaUelwN@Z>NjXVK;%!v+o%X_1X=r%Ps7`mU3%{y<lPCN3j=T+eD9gVbqHz>tyG
zYqq_iv6SPtJX$XSg8}AJtg=)7tA`;X1XvfBGsa&&5($r|$?+4YwX@-OuW5S;8D5M<
ztpGcS2B+_qs{G<VV=EJK*!G$Sh(p`*H<`+;r$Rp(U%C~Q*plgB20M#l=H`AoGOs!s
zR>Wy`RFxpB958*alLh5)^qgASwXvjkrh+;C)F~Pp{>j{*@iH>%BNqEDS6)J;{Lv7o
zpnS8yWil^rx(>I{LX+|5eor*DTQDqY>0q`gLV1LXBa@zz{s7!RG$8`toEK5w=1wx0
zK@0Ot)DGvbO(+=J={O+p*gU6MwS8|xKi+D@n>>4Mi$yr^ykp^7jBT^e$8(z8=&M`u
z*EC@N;-GI#W4W4sX5M`<EW9!E>Wg-DeFzo97qg1+0y4+-+GPKI&0sX2TVAwJ1TM>|
zB4TUuHBZj8f2AMm-Xh=hnDk%@pRo;?v$5T@eCv2vKUROVv&qCipQBRBUKgw$Cz4X=
zXrjxf6_P;vGQnjq9Vbw&$E{})I@lJfQfN9q9zIFCaMF)E_gnGXo{q^bXG!xx07nG$
zmysRzbpE-g9K1Z~KBXvo)nMCO_VImqk8xU^W%Ml_{FA8ma)Sj{>j1TS2VbpD_&!G%
z0Xb_nWwPSn9*_#JjjWo@gLyu;Mug&^wSOyy%ii>>of#5BW~52>8$^YjktO9selP5Z
z&l}u&<tW74EomfQwWw(8Q$tKh)(A&bo4$p=F16qsSGE4Cu|&8Y@VpGOyY~K`jH9*o
zW~W6Vr*n0z<Baax&0jA5KC4d@T&W1T_}QkmdkrfSXrz=WRbruOcass1BeE{~9P%fF
zSQ7UfGlx6}@!NLFp9}aT9O`puo)o(31jMc9J<M8CWAx=2g00yq&O9oz3Xf78KNc@0
zHp8XpX<amN%C$HGOq`AscNy-+K&I}<^+tix$=7;iq&GL*hF%!HXG?tha<C<9pihO4
zU<%{S;{P%^V10{+D%q>Xv&`82+e|hgN*rI^e1po4*^h;zQ)f!B0<#~J{l1SbaA^RH
z4R}Do{=;v*@FU*f7!8U0Rg3(hm=O^HuzqQCQ{%Gbu4s)joZC9-D_75K@u+LUhfJ(C
z$aARQqHxHoqz<kXZfB^y*|dB`k`q}R-`Deq1ecru%aSEGHZ;o{etht$JZ>u}aY@Gv
z-~M6a0M{G&&ap2(taW^PyBLLhEEjMmQEDIk#KSB0`&Zrz_c@g^8tAWmOM3Y}zD}JE
zymrcV_9h6fIWV~?NLe8CHBEqyvR{EZ+PKt7JQSEfgNbhX;+$QJ|II-kISOQtWAHU%
z#?I&_Msg{=bNcOnFgy+3nlF~Ho;jXSq23!)dnP*Oo{~LHbQnXV|EN`b<J~Izs^Ld;
zocjxB{Hfp8;or24Yqaj|DLWo|T0ak74!h(Rv-_3y{qg6#b$c``k2R<JPT|8iYI4fe
zlr(JlUDmuri5{DVuJ^Oxjq8J7Ilj4+e)-ChzT&7BD_A-6h6Jmwx%8grWN6eN!{XsH
zpLFuy->ScP8tkF-D;*E5G`eVZA-dnCt2Q>+Xr>8|M=jHx82Ol2?0OG>w|=93w{=+9
zCsK9jMY$<&o%n1L7JL{*Oj3aLJhYi_>gt3V`Exqnd5C;<vv43=_Tap}VCP=D+&wf2
z&`=)1{^Jm0{}Q85D|>2O$z3}o7T><;fJgVn`CVibVV?T%O8V><DIqG;ErW|MDy1$c
zIof{qkG{V@t~Z{bW`#bgE2uGO*Ub*dG5BQrv9B;$iy*PyGTjcJzkp*${A0pNpnvXD
z$1Z7<!u)Gzjppx00dbwGsX177Io*#gpT>;#(F|I<Nlo+~o|aJieqSje+Z;{Qm4F9i
zTM#XI#TqW36}u+*%pnw69n9T~XSS}A9ja-ap_3X^ijjskTE35d>xc++FE#afeX%Mm
zLj$_)(w2g7e)E0<9)=`S-UqIehVc)6JV;mGuL}+SJ;*n;9mVkZAfjfqxurYt=CP^u
zos#I@-K>Ow*?!;~OwJTru*rp`lBzWrjEuVsn+nB^?6<pbu;{F;xfG!qmw4b6*BpN~
z;k4S}Cqa51^)MhS{TOKBI(NnJML+W1A7f{$-4Uq0D^L*6#%d<dV{0J`bo7?a`jpRr
zD;r_yJ>D+~Cua%@)^(#aU!t4P*Nk=+9m%$5>JrLd@=Xn_ECfC;o!x<iu-COji*~P?
z>V7{NZqL8pQjJ@ecDR>5@yS(3?VFvIxa3O?b{;2((gzpWR0`Tb0gB9tdtTN}Ra!Tk
z-GKjfNwI7u;@le%w`upp;}8~A#Q&22V>H;=C%X`n%_T2@ug&EB&iO*E;viJj|JhL6
z?elB(PHq@YI{VGzsw8U^KY0gnSMs=-ZlD!_{|Tl8R03||Z~ghgW~)jRxFd}zWzsQ5
z&&*@nH1e7!_&7w;duAwbuVoi@4-UQs3cb}I`HMWC=Zp7Bs=r33Y89twyWQh3R<T^x
zdl*%4S~px#w-h5ZZYuf)Jy9)-DP2k73hSlQeUgI@WekpI89EEC(QJMOW{^q`d^T&4
zT!mD;gbWkbbY6l@j3+WzeZ`p@GZ0#7r-Cz4iJr41WewgadOvIz-@BlxZBeW1CUJ-?
zOc{QVNh6@65obTsW6oUVpS`2TO)n-{2?0*NvG+*9*2c&3x>outXP`LTC$06hv<OP8
zy<`9C)pg$^UPvn)cKf15$0R}1zG}%r<X>ijjNxOg&oq(ZqDRYjP=EauuaqAn-$8_n
z{$cl?(_}%AMy_bmVV#PUo1V<eq{d2JA}rmAuIdoBxeWuJyfy#!ja697B>utyeYcVO
zV=i~m@5h3DwsdjOa56eho9m4IISRGI<vpcTMyid6{0nOa_k&UH2cyei{QfCaP|R_M
znarx_-J4JB4!KUbucgLTtbCubj;TwCH8|0AXMe6Ail8phV)e5uziRWX)Ov&4POjKW
zC*Rr-<LAlb|MF3&I&Y{cW28E7%$7P%p}OPD*2cTttsb}A2hXq$o)Ly>-6}NQt%yBf
zjXls>OM-1V+*=w>L%hgWo0*9Y510;-*$aI=O$>t`<Mmv`%+i$JSw#1uO*{RSwz9mY
zIq6}d*yOi=v|?89N*!-2@u|Kt)5p6Jinci2(kMBx4mqQR^+Pge?s9r*Q3=*PjDdT#
zTYgwj6k3c0he?zVf9$d9oH`yM*T-w&?;b>WU-2l9YS_}17^qB%Oq<-9g4d6$+zB^g
z4hbkpHaA(GN0jEfDz(*kztcF!W~@7#wUSD55dO)i@$Qk<<@{JGN|OvbbjvG4Ysokq
z#&K1rZk;)Uovq1&q<NLV5Oavv@>YF%`}>&oF{+m7wv|{~5$r0b3thKE*@q2mfiRZD
zQ=b@0rzk-NxW)LhL_SHy`y_aoERza=OvCgolv0~RpVS&RLt2fTmvsre=m0!VjG#NE
z4U%JyQOaL*@Z9g^o^PFOxhCAbK5utBTV3!o_5#_f?wXdXoL_QuXM(5RK53$Yfx&dw
zC>-Xvv7ti5!-Px2gt4I%OBEE&H&-&JU4qR4@XrUgk0NC9$Cp225-foqn6YaJ&*@~#
zxwy}D<)q&`s`Wv<4|~T`*~;*A*GQOoRU5f{>te)G7GPO-K9SR_<lo(2oU1U}(MV#W
zl69M2F4u3s4lioIRPWH-%?Ny4^j53o(eHW@k#0%yX<d#giR9VdL4A@n$g>zCmI%w}
zK5Y`N+?`m6u@MOlDBA@U_ARzN6!d??34>KsxO5dwphyct<m1-$r@XXr+i9@}6sQt4
zNfJ+zZc(KBgcsJ)ygK(|c;bIq_#ShzBx6+2N9Ce}@y74l2*zTFo^A~zVFG6_(R6e(
z=XmW8#`A)d_6m10Idj46-Rf(lme}?fVcL(vO(U5KB{WN3JR3)`H352(hTr3G>eE=0
z%;Mg?JXOc=;-cJIP*$x|Wo;x)=o2YU*q)%8g3{nlT9o7u6APF;4d7sYfNtO3XhqQ8
z4n62Cvdb#6=H6}GGNyQ;d8-z0)}b4%_WGQAu`u5!Tqf8jsA12C0)@*Dv2cT>ukU$)
zByZii0W3`N`aY^Z-sLr74|#!!M_Y`9N*%Cg%*)Z7?B&*z1GTFOWlQj2U;3vPy{qiM
zHh+edmNuOZM;Q<q`tG;wEw}o!fHiBmxe`Sl>!$O?h?2a%eZ7%+EofW6p`fKb+<G@;
z`Ktu0yJT!`4dLBJ^~W9y8I>~S6e&ex&vH#H9<KLgsN$BfY1;pG<DSLWl{wFgnbc^?
z`qE?SSc+SMolor0vzAx*L~Jj`{-F>DB_W0zYoq6o#P*D@=N#Bx^>2*RD31;k^*1tJ
zT-f(qL<pfgu+GjM-S<qJ+V^y1hLCLTNYzsD=xx4VP|ApbU`1K?7CFo9($r8PVWM&a
zat@5_m7RhKA4yzovc+EV0Xye)t~{(^x4ySHxzcF_y{jh$1TO}whBAGP%V*IWJvbT#
z9Pxi_mp&SI0t*V)Cd>XZ7)Ei$qt>l&u~6q5N6eKlE?=>ak@c8NN6y0Ew~(_ka1p2D
zvpV&U@hb9`%W>ThmQf-1-!%30CrjVq%Zxb@vf0n_)d1`CeSDT5+c>&$DJ4WJ%a+_a
z<a0td)qv<b9Vol;qqaRo-4+lXDa^qNr1M(5sNDrhi0c*EEg02+h-%L*(>@$M*SQiQ
zw|(?-_$_n1TY;i;<2GLfEW2Z{CjYAzpz4>TAlsQx-ME_b6ouMQEYDm%rm<iu^@!kV
z+F?@4kk43Iv5gJUmg=Mtnq;!#{O;Y!!29YV>Aelidbe*YfOLaYiFU9~rNL0mzr+R-
zj|SgH(Xfv`2L9BdgHEmlr(2q4xj|wQv+3MgcfkizeOw;BBG#EckvC*NHmgRHW`Eks
z($nC5<*}M!i5=Toev2qCuXFNc9#h=`K}$*~&iuLPj(OQA{*}k_$aD<#vNV6CvZ;VD
zYafNKcr&bUYzwZ$-t_X#n=lpUPfO5QO&8&f3lj#V%?D27A275}56940CWk;+kmvk3
zDT(3^8!cAL$xq#9`J--Y$(f6znb$NRy$U3oxB|=YP%ysZV$b)x%q(V0l<!3wuG?Ae
z0)4vtTTEC57SLae04zPr-0L8~mmmO7!?G@|L+_4Ee<Bi3>~F7(fB-%Z6S7~#?l7rn
zl+qHi1&cQ4Dj7bsd&W3>O}G}0T!j2DQ&Uq5qBt^f0|duNvMW>A@Fo9naw#yrQd2q$
z*&f)!urSMIVP&UE1}fxt%D$#WroyACTT-<||3XVY@zU#AE)ty1?z_|2>u{=OlBH?l
zdeLH{N(jCau*1JSkByUv69oMj641NJtU*p)8>0W~ai6pbY$Y7n?O-9p?y*#T0f!$V
zLbuDxwTkJh42nc(ex(i7s_C&-ZNs&F^nUZK(m7Rh@n2YO&mO4;oLArFcv8pxkzzF?
zL^dZw;8pQEkqFC|KaY0Omw+V)K5y5!7X~_agTE;wMiUn~mhYaYWQX(Q98OesfT>uJ
z8}pTu0O2)K>&wx3;|xh$j5bOMC5PfSzk7p^R6-{+a^=<4k=)(~)U|uf-O=**84}Bo
zYKTiejWo)0>4_k%$1fuldauP+lBp(7$+Uh96gWOmB3`D|mk)bh^L$!YT$VEL*>Rk7
zaZ(gF2LAjK>`Wn=yN7y0GB<&g_1l4x=9<=Ms_@{C4@Z+2z!GrrOBHBO1}gZ&93vw9
z>?=`?yGaP5XJ&s&Hh&-=^ie)a`eL}*7x~1>Ivy?X5bqPLwFQpw15E8a4KJqvd@aQB
z)J@+-Z>08Njww&$QXej~2)#YqO2TXlXo0UdYSl{Cxt@gNpHBQ#&!02b3D16z(yFP(
zFB@fW7o{?G#fWu&{RLs)N)WGlADHg(nJxB4Bb~Qw<|fbwk$w8D*J|jvQzg6TXpdV|
z^`6hc-ih2l9;;)_RejDQ+dQ<gDW12M&AKo{EK3=-f(a{YxfTE#<h8ABOmIUeMQqQl
zk;0EywyV6kNlG5Ny}wLR3)P7?)Nz9GuM~?(I8IZnZT$@_0vU0!g5N*(0=?xOE!z#a
zu5-sm2J~t2%!@9b6&GDI_6vfv!IB>Vs0)`!?#ZL)i<hLuBTzKb&yDfYo3*MAnkL@F
z3jpEu)+T?N*gWplPY;>%b(qKT`i^;TYScUVP|$2?Fpqsp@FIn0%h|Yn?*SGRorhy`
zYSAR%R$!`%YP&oyaN`T-08Gy%u#YR+c4<IPk$6`#+hB9_{dht5#}R*tWXu2@?x0s*
zq%v^T*8PwV?LGI&<kq!Vd%X%cSKA6QB!GdxH!XggsrZ${(8RXqyYb_p*EupHZ>wVg
zyU!>xpNew<kG`};Ux59c^%k(RMoqT%;c~wPV)|Swu%dK0X6q=);;fJT6XRQ(U3eeE
z&-Iup_JhXM)<1j<ku`cZ%s-43^+hP{yO=fW0LM}cA<(bpTtnG_KYdQyGZ~1YOw42>
ztjn6v4KIGy*dHw2CL=c!@~$VZuv9E&@Y<ew4$}4}=H|2&mg=`)EXwbY?<@Imd8l3>
z^?B`jh8&MzL&#a3Y?|;K(yF>`4M?s+;Oe~oha}{GY%kDQ)hKY1?xCy}yIY1W7ew1X
zo%sfj!eP{kMnP6suElb^xnYrm@sjw$9Oh{f!-+K*rhK(zSEE=I98+eMOJfJ~K~HcD
z**>dJ1mj+cy#ymKRvmqoN&MC2-AnWPyme$;_t|QvCj%)H@A{M}gcEaNK+)-GZg&!f
zGGk#0#^nUXo1((*sWuc+(bFs?rL`@rJHyNb+jA!6y>)&y=g1(^NSk<F@d;_Qk0<eP
za0zMvT<yhU=uwiQss{Fbx{}A2<E?s@KL1nsp0`i4=E~8zIi30BtyqsNg+XU_RJdg{
z`m!S|XOe_smrzdN5?E`1$xGE02hJD=jG9ALiURt~WrcpEg$0_Dapmp5-UwlPd4TF5
zF^OhC+mrLnMMK!&{E~x0QgT;>s+^%HftgirHr|%%*?kgK<;*@!Ml%1l=aVu_;>An$
zHW{6=-dLIqxSl6oL=7%;;nt;RG=mvCaw6$n6(;%iTkCe@*&c|!7R=8^SiuCDt@)DP
zd@egnSII+{xQzxFc1_Mg>&MEz=T2_Bb&2*nRW*zI@Th2cW&oQLVFy>(Eu<rtw7jvn
z15eNkC6Rl`j4@{Ubk{Yrvs7Pjxec?0AZOHVt3)!iy9w!-ZMjOmk5W2m0|Cua7(CWT
z=J)kI1rr95+S!P)VfwIxm<Pq*KgLEu(Pv(nEj%K|z?~@m;^4C_J-1+?*>dQnVyj*H
zI`uY`YFyz~K+j5S6X`ATfVP1~W}6Xf_}5hUp@@?oNDBPU2vdAJfC3wya$!}J(qep$
z$KC@n4mmDrxl%$M50@5!dTZTtc<(U1_$}G^hlao@@QIf_F*7?O1b5m?ttG>#?S2OD
z-Sr|9U&rW`m^gSNJ~*f|-0(|k;kWtEUojfK8ZT?rdGrPYX5B;m%NIf3O0ADZLZ_fv
zpm4HVX3?u$SCK%|_`_SrD>{e{5f<*-SG}5xE>rjHaJ8xIPMdhBZ|~RB@K`#RCo2LZ
zz?eT7i&)TKyV~th@Jl{hMU4i;n5Y$IQJ`$^H5JE*4xcl|`cX;UV=Em6!t!X$SEpMm
z+m7zuKR>9zKpay~<<tE=SJxJ=9Udi>TLm-v2D7SQB*X%yoFQJ3zP7@jG#AG@#rc+?
z07!JSR?rlaSw}7(2x%n@xDS|DwcEP3T2(R7;4o4~F%X5($1AoPySCao(Nl%CT2(OB
zw&j;9F)v}=LM_)Rwx7BS+%=;sA1zKz;BiyDr9G9wb_)=@ZBP;H@K`~rmW1;OrZ11-
z^;CN;jgZUA?aTSKIf%}Sg=Z*8%^9~m`m$`Sg(GZ4^{1Q4?%F}go1CpCc)FtPt3=!Y
z>n3JB1<H3iLT}A^xTr5_^OFR0EL|n&`%eXdI<Wa43wd8k$a9h4tATwuu0#}?K|ZNV
z820(`@z<Y5AXm3ONnkWtmC5-_w8aM^(2%`iLYp}PKPpCV!gV>~YT%(qtUSRMB)OAe
zNlc%%V{ktc)zcCR6{~cbSzjL&FPjn8>({{|bD76+9+;KQYRU2Vem@aG_~VO|R{5wE
zbVliAQa{L`%C)Y;A6Jax=PF|7+MxSH;fD7Oe|vyAGb}2bFu{JeGVB3o$)Xai#$nh;
z-xM?BLgGan04b12MWspZ9a?QjW~=TT3JwKTn^!_aBQ+qRv7v5tYVObDLu5bQr{@SI
zS7aziCn^?UOcD%cs0?bm#rUj)F+{E%d_U{>N)yFM6t>b#hRc+^erzhnCPIYEM2pQp
zhRsNe7uvn#OD4<Mdm~1R$3Qgap?AGtJ&5&a5KBE0>rORKLO(-4#rq^37W&yxiHh&-
z&8n4e%tSjLCe;ZAt95%CKcu)vhkIBz;`mZkg2gqHGH}53%f&_UjKWa8W=|eUKwR*5
zN0Km7P#1!lJS$&%2V?T}i(1-|va)vDhizNmVCxQkCVIjuFx}7PkU+ur!*8Xu{9v~N
z@5hdn$0~xr#Y!+9HxTO2*YOZ&KEnOFwuiQ-;!18b0$Q9;fAvyazI6$vAZm=WYkXta
z^YS$N!Cj@n6bIXkC_>t3&xZy3ub=gVNY!e8Djy?Q?G($yHd5F4=}tSa4deW_$juc!
z!Ai<n=R<&6f*&Z{g;q8iX&Egmw8*k3H@HRL=Vv1JqqyL+mS)ItsBo7|Rp^$HH})H|
zE$z(7p$Xf@64~hhQ1NvvZJ&E`n&OGiG(G!#AYa0_45l+xlJn$|-fvXNy5?PteIf@L
z_5o6&8l#-8fW{3Sv!6VcRYFc*41aHlX0FRW3u_!#9YXoohZBycJaOgSOUWJhvt`_z
ziz%+BGo9d8B5Htj6?2;M#mRz!y}sMR^^Af@kgfM!%`hTbOge`Chqkx8Y;8`(h1a7A
zu!5Nm-hx!GGBII-{68+l146Qq_kj0{C-E|8P-@yS8ahLqtMXP5Ez6~sF>Qe7jdJWC
zoLj!e%eNT#mF)V-t_SLqOpfNL+*6oMjSihD!Cw%Tg&$Ia#3X=V+ueN_^fp7e>-Nze
z7oizXY`uT2jUA^%P}v5FQ{r|{{aymlSGw>%lz}f)I>%JSPniH-I-yPlz|x<3FF%Kw
zMSef&QS1u!h`*Cm%wxrpsQ`ufBt&Ux*Bnv`m>=o2S(-7Ro_)93%83@J!@^lVY)CxY
z%8r!)uvEO#7ImrHy(dz&p?YBhY*pW2ijx@bqg8<!a6f|X$h0^0?#V?RXG%@yxhdCT
z-d|f7RA35bHpIdr-3z1Jv>TGTymfc=xo($sr|>|KndhWT!!H{&&iW<(bFYyWb!Z2&
z<s4w5hpr}PhYpLeOal(^Gb^p<%mDnTO6>(`>*)J^(KbCJN&<=+G}{JJvTRzah%Y&a
z-Q5lD+AUnEwoGTlwwK}QVk1UA7v(UYo!nk5?v*13nj--Q>3po3Tp|us0j1qr9zQ=(
zSa0MvF3gHL>`Wk_Ew?`9k?~5G*qv`80M+J?$M8`;oS<S7YypfJ)`r!!>NjrLQSX8G
z!R$UDr!)<d`$fte`Gf-XUS$98<$xlk;kSv-Rd-#X2a0djtVwZyAXMXzos~J>(!Sap
zD!rp1US|396;2>Y#WRh=^QY`&ID~|@#F;S%FE_qwo_oF@RB>Czt>Y8_g1-pzY3-F9
zjm<yxELfrt0^^s>8ph>DCFXcnP1$%`MLop5N;HEYZx?=aCBs~kS_EyY(jvj|L#C%h
zcSZc9jI#5b)FYmvhp7<M%;9wHK>GIgMHZdbU))V6z_N=VW~S$e`NwV2qvyB{Hp+i2
zw$EqF!zG#~z{kNXK4#_oeD7+d&4LXTrcCQ)-fcoB+7hIe81XBkGRt*1RH6=W=Tk-M
zbUdgvN}xgn8S^1C>ujT~96d<i!E6N-=J6dpg=zMgzVm9ulsubHFn1A-p&x&uk+7tR
z`bt`7044V*)0k6oS?Qoq@!N$X<?wEW{iiR&O?RxS_B0ymMb(16RGD^~S{GLes)dBh
zpue0I@UkZ{J>;l~hjl(E3<SpRn7?m(@97!z*>F-|`)Wnhl&ApF7_GRgPX4}abquex
zGi9H>tXY$s;x@#pii#|bRw<P-yboWpy+-31brUHL$VbvEBH7A08~`)ZXg6z%d#h>z
zZu<K|CFQyiJeyTNic1rY<{J=qO7Gsjg8>tq|7O>1;>%Ooh4e7`ftG8FG)Tt0;^oF5
zZKk1De5pk>S*did?mRfa1r0V#uka?j$JvRAd{C#;CqemsvGYekF3pC0mYnDMRVz2{
zMgB!T_k%&g{IvsLzJg7a&)ffxs<!}Z`U~HOrALqM7!4u~Qc@yFm(ndIIY7E)BcuiC
z5D*Y)knSM@QqnC<kdDy}?}zWde(!Z1MvU!(bIw!ueLv^G0w`{z?R|?*f&t+3_3%~^
zIOuNt+H~ER?zM^!u|Tt-`loc<_ltg&$~>N(eQ+|S9E?6+HYSXAnTFk{3p-f%7&Cs|
zpU}Dz9NNqe3&Q~Cz+8uiW+l{oR*8x2MhNEl&aqpaVJWm(UCi@Dq3L&~n_!ypb6<_3
z_XD59d+gr#y@ihsmNXDuv`IV!0eC1>jQsz<S6(r<c|E{aBq%@RdCSVVB+}c^s*c)n
z+$rDOh<mHOahiayxIz@}GhQP|p{c&(?*9{(>nC+(<9ae6O~c&AfJcRaz=S)wS>?a8
z0YGFyziSKyDRd-wqo>7R<H$R4VYC*jdCev9murMpkE!Z>r$2vu<=n-gk9sdZBaiw*
zi1H(YHyQ4mLmp1CbHn;n@5*Roi{eH$JSb~d$Fx;EH|+F8`gIk*!YGAs2~ukgKc{*N
z@)nn=CuzC5`Pl1bXjQ%Tj;rW5fcp7UP9&$f2M5x=>CvNROz#2|AcpB?DS<b~0Am!C
zy=MpS4h(rb=IISW%B?yH?=(2G(7!%j-ORK5azG{2Y-Y+$K!g+cVg_dP6Dwf?yLAdw
zCvV`9_&cA<9C0k`-^}OvYIvJx2%BM7pH*6u&hRHz=gcQG#6mt)keOG`3LOCm7ypl2
z<H0~Q3(Rh~ckNXpTm=!I&B7gD7>x%Q&_VzdafAfX_fy~f<~^mo-H<fc+}kA_F(>EC
z$z@6e=HP0p>k}gOJs68$F7|AFC|2O3doXJw?g18@=Afn0u?^lqYmW-C)ur^zDyEw|
zb=%YMsfJ<i*l(BcY1X=hkkMXLOrzb*`t>W_V=cUM8!_FuvZDLl<BV;%>-m8C69=Q*
zVO*0O&62XrQMLScl7v-Nq8+k(+W@i>&woVYGdcY;XnBbs1`FfaL1K)_Z1ryo$i=(4
za`D44iSmAf&*nN-X6@KLEtGccjAF^SkP*(UroLKUz7!f7S)k(aP3=|2uP-Yyef&VV
z0)_g|e~IOUv2MqIgqnU?$d;r5dKe&Lm=a(gV8ZHV!s{O9I|r>o(>Gg8yqtsDYe%~(
zm68o}k{GYdz`$~{qQ^=UkcD&~c)hm;VnibdUN`#o?G%v6gbHK;e9|Nh4;APbqZ0=R
z#j>mKM^|CXtDy_7@To76@{QP^balo9X6hnPIE9bJWh#2N29-{R=EgdA6_#u1f;=Ez
zB6Wm#GeTY>^2i(w?$4PMdjv4}vGDc@2<MBLB1>b!sZ&mdP)n-7=S+~{C$9i0P1|3j
zyfms(5pz?t+GQDqAIPO9(RLNnG6~r;qF#%prKt`m#*V*uniQ!o0qE<Xnj;w2CJf_4
z0o0T+uY|Kr-#ZDK$0exC*OVs)20mW%*pNpjxP#`xO9m{VT^rq7$+y29Gg-4fjtwX{
zZG0BciRK3C<w|U9w*;c~VL`@fnMP`^HTPLdVLHpns^@0biHV;dqQvE8QRax=)MHiZ
z)1B%JLX@~K^X_>|7jPpY{)P@9OZ-WS2`l;^2_Oaxi+V_qQSeFB@+xf9C34U%Y^prc
zysZ0M?f33ZfSq7rUR<g>4nofM^Tb;i_HEIy`rEl|ns^k1%*6#a;{*v2W3LT~aRGvU
zS8{SjJ+*uAG6+!4;T4~<sa;q99(f?WNo;5~r>EK7aGIa(y3ew^Juhs3^_&@MT?+lM
zk<(^9upF;itG$LXIJ~JNO8lF6RLlVHZBWK(fmE-QOK=SQ>9@>2wW0^~FA<o~x&R7k
z=3MP#xn3PC=CdoufMw3cM&&6q`rLoQUax4e9xLKRiYpx*KFNDLNAB}3o{4zZYqngc
zVl+YP&DnU{+8&_!ICU456L0huNG4+#!j%&zW3vG~-S3J|Z5*aAACf^YLgecrQtTyK
zXG)Ak@5eWcH~>T>o)@5&BEX7nRmCqS*F>3Vk+OPyf2RjyP0FO#`o9Jb1e~nauEmu=
z#tRy%CIYaXskeBAo#C)Q^>^BGF4Y*|3>6@fC;B8V8w(qv7<?GGwwjcc^`R^nuvYtu
zO_Q}SROn*3OfwD!9+23$73ZStG>~>tq>MU;G3|wZUC@ph<FO?VMr<v|FM0IIjk3Jo
zrNF8DJS(13|4s1XTTxh?XlyaXxC#;1pj%|^BLd1mNiud*M;n#0FY%P7E@oDFdGN)d
z?tiv|#ovbOAzpbRg}sEt>o-BEsvJBy2(@p9zTx998WRD;HuRz`qW68r_mdkL*%({0
zFiQ_V%AcHS6j`Z1m5V<+k8iG63;0fhVdIoPKLkxUDr554lM6XvQgXn2MPP~|v5LI!
zf#I7H@`MrhXyhiOJ1>UF<&Jk}<EEyki0LUUBGaGYxNZ>SQXK`y0LI62;SBZ4I47KN
zKVMpu9~c#I`O+khu6zb7Zvldh`w8Fx_$#=`1sp`HGf$y&yr^adODyJHPu4_S-(T1W
z#)#*ZtO{~X#uaY~F9!I7V-yR-h$a7DwoU|I7n16NNs^S$;N~rKV_0PY7#vZHsHpy0
z5%C?6tUEkGR@8^Pcq^;)Jrk;ZpHMsv-L6Gj@&p3h8X`0{fpkADK=3olPTmUpxoYvc
zToWmmbV_NOr*)FnV1vV&K>LW5+(1d^<a~2#<&?o5i&*m=F~J@YESwkPwuMr@L86eT
zzrwaio!gI&_Mb8O=V10c$wNTL3y9m`89kGd_jSUxe+3N8t^NO!P!P*$@*Vaa2~06m
zWd!=BGO3lRNNrggsyj)Pr(gO<==*rh^u5ZcCztB(b#(Yyn6FxL@R0{V8fa~}&EDY$
zs55j)U_}ZK(sPLNQW7?wE2p{)U$Yqb&-|50NFdsG`L(%{!xH{)THq!hlUI{zh)7AK
z$2F7?vs*y@r_2{U?rL6~2rDpA<byC%{RcP>)-6B)a1kG)F{vZup>Hq-6ti)fX*RO}
z016Ka>CwD$==*?2#VRMMa&%qIeT*LzAON<F^%zJzHGIlinT=eLw+-TFkvy=r-A+bO
z$tyXFF|sl6#e4*h^cz&8$=o>U@n;jg9_#V$x5DA>bI5b?Zo!Q2V=}~myqKCDaP+!L
z$qz~!hQgz;>PRg@1nR9kby|=o>go1p6O*0~ZEYva|Eu8gwt<!kP(O-~E&p4{{Y2Aj
z9upB1qe;LEAP(rr8y!T?V;PlvR2N>S?=0(MndS+}Oge%*Km^^E8L*ETp0%9w=s~{)
z)IC?CPZa2<NI4Ab8<#kMHM2DfA4kWhE7W}A;uc<xaHvPB2Mw>{2foXOwi!<=xUO9o
zYo2%t;+NLq2zwG|)EvDbVIDfL_RIr>1U4+@`zL0)y$XSA)WH34ObMkJn@OJHk5{YJ
zOY;XPTBPbSoct?V+~1a~6o#v1@N+p^Rp(=NTohfqFP%1ikU6>GN6qitNAFa1Qp{L{
zJnlfjrNAIe=t`E>%GHirZ$8r<K`DT_E7AjZHZ~z6_~j~$!w0v1#y#Ed;}5>01ps8y
zLjrKTGO$XhGK*WH8B<UEGXQZM0})40l(Kag{dET*ef>pf4^_3>vYGF{PfsoDBrO{y
zNdBy_9k>Z)nC3X4g+C4Z&u#X+^2rsodh*UGlLH+=YZwclYscENVWE#;bp^0A{U<D7
zBKR9jSQ$xCEXRXBFw>+6-71)hTGrv{t$cPy_c9tlueJ7K*2xnC<<H{}zqVfhw`Z&Z
zYSJi@p4Ri-o@AUn?ovCHJ_C(eZ)Eb0xYt0GurTEbpZHkg=HIaDp<!j5$J7K|ZPrha
zx;wZA=&->s#6P~1ZF<v*C%;a4E<CA?=bQ_(kU)PS_R~fwERb?IFXcumyBkLH>E3r^
zHXsTuzFbMGI&-YhO*`ZE6PGr&dW*wtrV_N4!^`V|ud@&Y{82K-izy1?dCJ0hbI3VF
z&<u~IH~{d_e%aI!%E)#?&bj#({gQZ{tb_xk+a`|?*KVy;7FS14$ChNn_V11jQ>%c!
zI^^NOjg-vo)~Ho*Fz(hn+VelxTz50~^N|ne{h*r1myfuy30nDOPE{b+s^)ddwu@B@
zS0LfzB0Hq(zPt5VU0C)f1sE$qsk%@Ao`1*l`pBIrcoT=3k+DyW|CV;f{Mt_%)pZVD
zLD%M)v@|6exXw}MFxYQ-WEFy4aP`bcUV+FrM{M?qQaYiegXnOwka5{qm-Fv#AR*oP
z9_B6qP}W_7mD!#UW_9ku{{Y%}-2u7T(eRbfQ4BF*)N!eNHcH&3+GL0Ytlz%|aDVXx
zkLyCKDK;qSH%;EXv7CFNgiDMkXV}aDQX_<G@zw$&>yk0kM$e|N|MZlZEVxXabPiSo
znmKOK%|bYySzF|uM6Ip+lsp2Izg=(ZRDqIm$E3*cQyXEN2WuEA`UNAX%J|}(&r7gj
z=~;29Rzuvt(9c>y(U6;S`(LshqgrxJiKDib1DlSAGO@}%x?1`8sxK*AzF9H21LC#$
zO1q){jhZBGF56)W2GbGjbZ6$k(IDVp2v*z>uIP6>a3Ggpy4|EO^&EZzZC+#n2OkYE
z{aw%MjCBiKm5S;u0O}SXY`qeSZ=QSc&TH>Q$TH}`+E9g5=JGtB6eV+buA2Z;<L|iO
z@!o5p!MnsOr=-(lIDpTnXs4^Yz5sxw7&I$1>|?p~Id!VN^C)?Rn@lJ+sMR@x8Nvv9
zY$H@!QlZ^%V<b0=S>;3qx_(9^xWc`%F`;xUCl0tMD4P<1tg(rfmzVH|tP<_sxfvio
zJg)2_G%$<a3UH$e@jh6-XSlnzxML~^>DUnd*qHW^0W*Fh0JQ>c^I>>NuDH)5`yU~_
z;;=t(yd?IpvB6?euS8C=vyO}y0tIgLA1njlFA`)vUk46YRrU4l&BK7<%Om|UkP7<%
z3ohB$qu<JTzjp9Zv*pFHpvEJhcLDCG9CntJwUC1jGoUC-;mb578>C$O*qE>5$_5@8
zNv(M);G5+{2wzg?TPtImFVo@fHJL)#+i@Rd6ivJ>E&1)o-leTmHTr+F0G3qG1=7_y
zjw{8=6lFr7C%k~CUpr>#RxpC=<`BZ%011ch(X}k1o9TvHIE@Mq9eE&g$Q#f2EE*uJ
zHn$kNHv2DG<ivTVaqkWjEV|>K{=ts7J-j)V?c0z!rvQL<MP}0x_vC2th{(P%K>EO`
z`Hqz&My|-PcVM+0kl%j{Ap!)S(lb1g;y9qXKhp9F(%>`k3Mfd<S7U-)UI8zIeqNLj
zB*n|&n>|g>JS4;?NVblx_7I8G);h1t?mtj@TM#d?p092^4Z^-hHHHvguP#TdM&qE)
zLyir^k3ZcLPKBS#pRNQ6NMC6TEC4T6bR_<S2fGYgCY;`(467d93!T||fX8~Q!&Itz
zGL;DDYEN3biHNyT-CwXd`DvlvKO=InaQvwjH!VD(<$UGVdp{$x$k?+9VKMSZ)iCIj
z&#0ziltOik)sC@&uVU{E^^P9YP{<>FS~qUR+Y>M{pmcO~$r;a2D)Z)?0s~70B$INr
z7AlD~iSVxz?yp^BEDD9G&IrrI>9gJ(j-lh1wKi8K=$~lPy!tzqI61M=#zGBrsWo1$
zk=_rL2uykBy6^9TO*KAt_nFFz!2s)8wZErGkiHV>IG&wI&un=G2Fc!Cbh6UpA)PF)
zDgTo%9Io2Ogf376QAnYi*|qs!S<_xa0BT>V4>hSLt7I@^9-CnC71iW^@{SmVYO;Uy
zpE4|l;t~(rUzz=$x8KHNt5Qr-oC*8~6(CGf50I%Qm<X9h2J;dI#*!ywY+rg>lnDLE
z6hVWwLgh}AG|bKseQ(2O-bRkPP=yKfHT51Fn+lSFi&Mtp>bJYEp}iCaT~|47(N(v-
zdG|Dw#DQiv=l|Rm!{)9JQrapWSgJGKExFmA1I*(ivPXhu-+Lb5-Lf%IxGMu~9Nv-L
zBSbh}Ak;j3bwV<`!$xWJJ;uhmnf3gpJPAmcT3f)R0M>|sw1Xk$ws3Cmu9USIGX62$
znEhGAEg2gq$;_Vc6c-vikDE-k^zb4E0~Q5j9NQEW2(%C6u3}k2S*rR&<BhhQJ0d&(
z*_Q~4mD<#pX{uKJc}Fv>8pSV6dA|^2eAVWCRLXvLY%Jt_&}ml=;q6+fAXx)8wXm6L
z!#781K}oEo%#-79s!zK>au*>7om4){*9<>aace5w05=8#`UWuh)XfkNBw@!j<Kygk
ziDXiLk0X``Y0ytPx1K-k7Kn$B`k7!x9AX*bSJ1_m;;=|Y$*2c4kh6a4e^U1)du%|+
z%yzHdZ*w%lM}eJ|#b+G#<zG0=)cV#E0LBw~h#GtFTIVneT^XF5z7?y`v^NyL*J&gI
zegr%LJe?O%7Z1?&kVG^DzABlt`Xf_IGLTyZtGb+T3`>$jj&bJWQY+hb=YX4qix}B^
zVS=SgcJW-_M}<B?GzO;bSR+AuVh)Udt!fhauI?|Z?y=Npv=`$aKtNG__LA5$zb?Tn
zx!DcxP<IJr!vdf_w-h~;Gpu+U-yPzw*?<e<&vN(v6Ok*yc}022WkmuS^aD$OJ=vpX
zZ==9dBZR>tkMsslEkYSyALFMh+ZE-lecZVRkEzIsuN-$-)xZ2hB;;0+({our9H8Yr
zZ&|va-!GP|awI15tIi)iczDzJITC+oL3Tq|H(YgzxWYRBdxYm8cB@_Tqww~QE4w^M
z@<0XBRYG=J-EsTrXnK}WsIv~omT5_*GYHRw`i=nHvC(mW8f!e{(j8!nRU+GOKi7Gn
z<KvlRV{C*nFkAsA*KxgM4|q8rx~AK01L75`PG5%3i{2e^{}Z;{;HwvaG;703D3c@(
zMnVLf7Q=cUvDA9r(|7Spav$K8ofd<y8z1ChRd+{?fsWe_hPw}m8Ai~XkE8Mfz^Yc_
zfQf9jch@lxv4ec*R#^j0xUhd7kH$aAtCZ+!_y1!7H)O=J0QK(Kjht^UW?JMYY|uf=
zS)D{>nj<cZDwW)KGkRmi_QrQ@;JM#0mYCzXE3lx?Zd*;<5EeI=c~+zM7oDh(`?Ss<
z|9!hw$=`E!(O82TZvC-|#JS&CUd`3I%URoFf8Yxufod=I5$y7+n*}UJmp@Y>N(iJT
zn9Sw9TNxV6i>)gP_qrSkh8+~3Yk{wpAJ75b(v%Qf$xiMHGeP^6=yd+DcC#*xIxr}i
zp(|gomh*amw$u#R&ZvWL7f`a=Fut61W(1nuz7bifKM69S4cP~}@an`R4T9#d6Zr3~
zFVZvb`8s6lZd*6)aY1R@fsbTK$~2-Yj8#Ird9y;oA7!ZT)8nrW*3icCOBofJ_V$(z
zejE<?rV&?F4e!Pz^S!9CNA)n>#p2Y~0Bb59PcIWMbr1;l`E$w4=(`dC!U}(2`VZ^U
z?w?~eN>(tQFCK&TTXy6(zxxZAW1labr(gIy{Bo|}dWrAJSPAMtt1}&KM39Zl{p37u
zWkibU2ja%VsIMK61)z3?WqU7=CtkAseaT@RrTkvvc09-qtY4^e<j0+%&bMm}xD7eq
zo`WTH*fW#RYE~-H&P=|M-gAfnGvy~&SGpLb&xwye8|n3YUB-hoDuDt#LInolJH!u7
znv0jG7@PaZd;>8|%DbhdiG&BTH;h*P_2&kFFN=9|H7>1NN<RHPqD`|%SM+V;WOZ$>
z{xe@Dea0rLjSg?RwdEGN2Md1qe)=E~zeRbUD&%0-;Jk3>{)X=V#>{M?O!pYMbS<if
zfEhYy6+UPc)@u`L-Z(A7UHETMh(7PvBjg~*JO26K?JIHz@9~3T_)hG%LBzjk2!6Fw
zlZI7;A-nt_7#7!}irj?*M`o|S0-?NzQ|m-1>gYYae0)+HLymKM-O06;@Oz}!Y37>C
z*ZO~UmH$}K1H7Y5KehzLd023K^wAzDxvV&$oh|kL3zXNao`JX4C28<KW5&m{r9sw7
zc?K267k8Q^PIczG_(c=khmwW@zc*Ald};%P=?o+EX@&2rsR^jJnbK_b^<pHqgq%S7
zA?THl@^~aOVu9p@IU|bolj_miyxz&tx4_XZhvyeB|0<3gtlek;ssH-H_!hZtsm=O@
z729e}_G<A2_m__Y9}^yjuG&a{05BIrapp5Mo1TPZrc=afwVI49d-4F>%n3L>gNQN|
z%3Kx<M8Xx%1!1{a?6f8HtN~D+4so0kMv+4F)YR*jKvwZ{dz&W(k6nb8a7gKyGY6}w
zH@-9x9W|B3b^04qYX)Q&C7{rm0;CiI|8@QWZIQlr%KUEt?zA`WU?D^*_kL_}w%z`r
z!Bkx%ANtG*v_oKLnrSu!Wai~6twj-^PHS%u-Bu6o*Q-!x9i#I1n@<myobEZ#%x{-h
zeE*`65NRzPi_S9Mi|yY}-p9DzhUBHR4gVL9wVUN;54^fJ*2Aj%-j1Rnuy1KaXhm(*
z27!tMcodha=#GwQmb+LiNX9{^xt<J4FN9T(M<OY_`?!#r?-76?^H2K_(C0F)<uMTF
zm$=EsOpo%j6w@{<SI|$FkTKToMHojCLjFw`(d!@LCo_$xEkAv)adp-b96K@{ULsYb
z-r#S1kp1nnbZ9-gSGwL&?Nm3{A7Qdovc}ri@~=X$<Siw>XW6;E;SWUp!i5DsZaph5
zHqc|X1N74NtzQPbYA<|Ww|CwI-B!$FJI*scS*Yd-oft$L+I~R4qToVAIADA?o4c$_
zAGW4TV~3psyw1Gar#DVOM}a%i?Kzs_bJP8RC|Um1roRX7QFxT=a7hLrK`Pr{1|X#5
znB~b*5jELm_T+`()0b53$nzrsabhqfD=bGE++Z>!Kyzw1;ZWUD`@R>>-v3Wk5rNFa
z`ar42^GSh?KEkx}$6o}gzJY#q@mQD5B%mTVmYaP$7zh4?2Wwvl11O_PTyV!KA0svf
z(2d>2^e2!L=K>p@?xDrF%gzTlZwKy_?~jIjE_*4;=>Jzj`s9bF?@7SuYCdOfPtWo#
zMC^Tj=64fELnE!c>v@-p$j)0QQ}<qq|Gwb0o5H=j%pG0fzq=Xzkushcxu4wD{=b%8
zLN5KZ1$iv)$Gki8$f|@;vsD5EHj}SkmWd5Y7%g@GTR>F8p9S^q{;=Om05<;{23@X|
z(o>#|$uIvt_FOdt8;=SH!CH0~{|KQlIR!JmQsHYBBqq(le8{<E8p(+8r$|QZ(Pr_O
zy>03n`tnR4-^%!Ec88ZFP5tE4++XwlkdC5!NwGM@sD}ga8q42baj`V$b?ZMF5A=3i
z7Dcq<-E~NQ!&QCeGNQvv-qn&L<0I6pXQn!Q;eQ46V9}Y6^lBFlL;D(SLL6|kV$DPS
zU%WnbS2xN~hG{sdy>>PR^axpeIM`|Eu<-JyCBe{O=3Vlz>Iql)lJ)zs&*9!K4BMYx
z^YZh)Ss$n8Q#b!Hd%>m@G5Q7y1rEr2v$@Bl<aQ4lIgR_=>O=jky=QZaLE*ev9%!Eb
z<^J&bgebqnhkB{KM||e#`#*QU>9xdfpbiA#;j7d%G6^+@DyHdeQ5kBUhUSJ5{<akJ
z^<LD3lCw`Z#P_ConRj_Xuv=$Pw>CjO^t+5)Q)>wmfX<MGxe3ng5-s{p$OzWItN(@r
zKJyKF2=HAVXg8={3#)g3S-$&|G2Z?;j#4c6UrwK7M3XqjWnp!h@1oB8KLutD4+W^s
zoQfFM&UYcL>1%dI&+I(>C04)eb>dSraH@SM>hSH85oa_+yPD<+f9n|Mu_aLbgbpQ>
zvA5yE=2|e2`k@GAyGtCCG=r<?hczY3!G2g%{X!CR`|HqlWB<7y%OyW2(Xx&IQbAMW
zrkH&4VVgbXSdqzUf!`F22>;YErao!VB1G!LLIC>|{02rj_j-P-zfKAC-w4La`_r85
z^!{zP26}}J^2!T}TUs*mDD*!j0zRjaCzY`ny+3HPNc~FnDb<#YFessC`uBPH6h}I1
zhLGC7`1;}P(9!URR>Piyih)DQy7jwAVJ8AzXGvzjK<hCP(gc5qV9f;5wlq|RRX{(o
zYb&8<Bn43!ja?y{QVyk)qiBi;`}#U1^m3e_n4=gt5HmWd=9rpBA|W4%OF*b)4Rt`r
z2qyz>r|Vl;5y!^<Da1IMejjpY4_sK6-L(R~Z+zZE_VDY#tAL~3eoX!l;j_r>UR*>6
z-gkP^k=n~RJq}yE+)kW9ziBTEFf+*)%tL~eZF0U&^P8DdU>Tt6RU&bQ33qj=SE8*|
z94Ca0w<CCM)}7uTS!CSqVisDx(6a*A_j93)A5NVi#P^qflplrmb=;#*I<@>~?EgpK
zfsPoWWZtdq*{Vj^Hg-7*DO8z-D^<LAc2@yZx6bakOqveR8-(PDsaRn^cSIe&cecqq
zI_zJToUZ^GyY%;ugs|HeVbIo+IGLIsvR}E?|MTGi>6?lVLViHJ2LO6?lC8PrV6Thr
zz<)ZCz2l_k+!DaT3w(Bt>ksorLp)AhXG}P{%m!PP{tD5I1Fi|7<10VJ|E0GxypW(k
zxDOX{g3c6FvPg9Hid^7lPwLq}$^z)CFQeJ&`yvT;x^qmqpS)#+#H4Y<^%s7hXHQSt
z?Na`nyA<l1vpYrXk`{CDO`oJw2?sr~8K8F64sryzWIzzZM+g#@kn?4w0|nHDRSQ#r
z=uQN-yZ}G^S-(;NlKdvvl_ag$-W`c}p{}X%#>0bFZ=*!e?+%^gXNiD}SakH5ih8Vu
zb>MEGxt2|^eV{Wb*{WW;bV!)&&ovQ_lH!LKnr7zq-Yl|^3rS4=dM#u2-5jS*z7q>1
z^)#&7hYZB;ih)?z0T~d&e9W$mc7dGy;cy5+jqkFgKV{nv)fNMesP~`w5#;%=Qjp-`
zpwm4(eR%Ngb-S*T?B$6Ts%+*yD!O#=A#=YNc3bX#t|c9*&DD0yl*U|Y#r_}p>dHd{
z66Wg&hB7kmHkeq7(q`g;h_#-$p(E8ePRJi2ZXb9;8fM;eYq@Sqhu%C2_T2+Rt~Nal
zC69oX<gn_&=~)MuzK2X`7K7I&D#e?=ia*2#h2nY8`N#985SM-NmiiLQ*O=;A*EEZ8
zDiZL0HLTooa1tOjWiTlr-mm_zUjAi_`KS!t>tpUG2}7xA<GQY{Bh9K(hA(rt>y*Ca
z%3y?EWLP--9VP^-<Fh~9t4f8^0dG5ySt3qTk?3pXUeOfX&W1C8*AC4uo>c;rp6mJ!
zY2K%rg-VGSldEI)WRt1-_ua@)eojg8ej)33C=Rf<Et=H~2e<(Ula4|N=ikpe8%AbG
zfmLnz9t&@NF*M3=X=g{7#y`9=-b<sdW$_cfH59^cia3F*rRS~(JuF-kROjY?3qS2*
zdEhEbjmrMP((UZ*1Z6uzfp_RnO|8ic>%OY@N+<L;)KFpsEdX2SF+Ql(BTOI-AJ&s(
z=mH!haJ&824_L(Xi~I9j=?EW6d$p?tkJtQwV$*PFWbo0WkidI!bKfmlsJmUw_8Hzs
zTK$g?Jj!12QK$eQb8BKiwd_HqT%Z!=(1nUDIm7x7|KRgW=Z~kZZwD_d6>_j(dz<Ff
zh4y1%e{4JA1pt374c7PdEQA3EA>9Zx<%9_oeb`qA`f`abq+cof;!vSGE94v=OHI;@
z;-n}|(E}=~F)sLar&z0oe>jj<PY=^i84tk=GQNd%BMwjE|Mr1(8T?h7T%UFP9Ru1K
z7%`bL{!#s<BT14f`1{l<+w^akKX;ZS*R6LDuc?pndM2x?;YC|%yg<gHgln<GFaQ$W
zg`E94X-(Q`o4HNiPb>eFpt&0$yXckTbj^0Aqt?K?Aj#>yo6U9R{`ZHz^NU;;qeEsR
zeW%T&C1<g$;dSXc3F7n(ze=>%SfBBZf3F+_&tid@(ZFnIl>L7KD(qE$XxEqFne_yp
zU3W-j1yD6~7!vEP@t18J(@D)A^c^#M@G2=6gYB(1%=M!<@6FsxAZ+~|H81*?-=Ryw
zJ%YcJAQa3%G4wIweWCURmI#QV0vcw!jPDX-6TRkah1l$nJ^+Jmp7?J%dic5}fd0}-
zaefYV_3<HY4NyeiIV1eNbt;gdUY!BRmw;u;MzuTx`3FV8(1Eu?sgt|MhxOMGDj0rN
zXrfXOXMcP#=k`a+XIWCT!j>J5XEpE8>bNJZV7NvDG9_@2Py}7KyEf5#rxVQMBNse5
z7ERo(ZI+(Hs^hz1xxF@=5N8*5*uP2`>UA<g<n_t%;4u&EMLhh6XXg2vL=ve<QZw(Q
z<DYv=s~dzNI5qk)1W{&x`yW*e7Wy%bgm0zjl!yO(9{%2{oghFlBJWw=_j0pqXOdbs
z$)ZGh!NgHXEfU*>3%3HwXKmXY;rYkP*hsjd=eM)q+BKH3=>&B}qE>5{;GI|Cvp7io
z{ukzRj=Fh2W9~F1!N;t#ka}6TLbD`qY3WYnS$!ubx19<%(Ng8z-~CnpK$q5CFW4to
zXw4W+6GLS#Z&i&es^H2btAU}4J<y0VLYK>UeDK{^q|k*n$lj(D4yH`}hHphgIx4@S
zk|I#0gd2Gie6hr)I=cr25S<>odW5rRkAql`gV1v~5ji)3E}-47N>;IC;_28$Zns=V
z;Zs^mktExU3cJ~IeerVdCI&Xi*@H8dwR2WVqOhtLIL8ERxq42Z<U<!D(s*1ei5yuD
zn3HakJ$K>#y5}(PSmhHEZostEQ<e~45_^|5O6dJ-Go^ebtEw|hog-lXuHMObP!*2?
z@qNsD%D53&*+UHlaUCiI!C!UqG0R6X3HW@G3`*_hJHv<yBi8*2@k7hu@IDjBYmjHU
z2sB-W1!g~l$Oku&K&0)}8o-DnPY7&FeQ6_W<29({hxjg~)D0s)B8>U3dbvIKcqQpH
z+4#?q*_U5dzkdR?XeO0}f6PR+rJtrXMhH|8E?myfY@G*_c%k=xi4`5~-H)`TQZc*j
z=Xx{8-7_xGU8uL`_UqE&=Gp7K*COqamE^~#Zz@lN^R>Bd?SJq0d5fJ}HqP=n2es!?
z`(*5ZsD!wOM$6?o?KkIy5;O^(8K<ra9q{A5aN^Sil_ZP$@k|4^FRws)UqglzcNE0w
z37FT8yEhKIR?oWjyb)XPx{%e~z!EvubUW5|SvPb!i}e7*W?OyFld=v=KN(9O-zc>Q
z=;PQ5UD$*5?S+l5%J*+PH`JgS?qgZW;37e|6RCt%;ajoGEBZ)so5q4G>zUdwJ*6|m
z$<0d@81tylP|;RZeBo#-13w6YPu52R>gPK^0MGsY;O=@96>@iL-xPE&7@?Fq$(<H(
ztX)`N{zV(2PUm7!kz)*sk^abn!#yImM)PCJ$kGe4OV12xn`efdze)dHN`g=#5-t`m
z)<C#JoIeTJb1L|bWI97&32MkpuuK*Cw7<Y-r6;QJ<{u;hDaX%VNhc^YQCv&4(-AbQ
zzGMBGnw{o^I+Xr_uo}LGQrcYpWzpuxs0dCD7g)(s_lkeD|5Q&OD?uG^eNQM>o(FXO
z;+f0$%)6VF&)?>ry(@b4_5Lo`90kL~gL~Ade=99W!~VLy_v^1DI^#iaMOEMRiO>wm
zpQZV}?eU-R{Z&7lISXRKc{f?O$K2*8@CbMG8wK&?kH#RY{30;rDzC2?9v>wd84-jQ
zj|C8gt{ir60La5}*Qz(-Uv-)FEK%z)prHGPXRU^zZ#bk#Y4T+FV6I$$wnBf_MNE9s
zwwd1BcTv+9kju20V@k`wFoG4I%L|-db?ZdAH^hM{<8hJd4Zi9ist^DEfRLPI!WWYz
z7LR&7ID=EIBm%c5_(cX*kG}_lkfwYI_ZI_FPX_+^CttmEGE&J`NEe&0G~O`>B~LPI
zD5S?s*@wMAzr%)<2mRVKsVi;)GcFL2LfS?xRY%2ekw$eenz~sw*ajU;K!qV^o0@&`
zF+>`q+oXTKIbC`7w2^#|k>@LzgY5-lw0M=DEH*B;-<@Q^s+|z3ZgnC!z&~s`$UQu@
z9aenrvYy1_ODJC(f;b$(NT+%hB?CGQprW5YNAl=pCH6%Nsb0p~o&SzgNYCZuN+}y=
zo^H*_HN~WgGwpBrSo#MaIcTgrYu8{E=uDZBGI?y9M-C67Ij4dPfgHGDwkqP}2x<KI
z=+J~0-AV{c7Kq|=2rN7pb|Zs%BXbeR=-bZc+s^2_$meUS*^~pw=`@=dh?;UR(|U+X
zmau`5)?*&Bv<C%zaSo~}8`U&W+h$G`2*@mgnG}MV5c0AG`QY@IAZIoL8A_}^MdqVO
zg{IUqV=_qK-oF{t(!nkG5lIJ=X{U}B6Jesr*uz&;KbJ565JQ3I{cE-XD~WOVf1YdJ
z2wvUaXN+f6(&KFhxv{avUcUW9d}xs8hZb^}782KaHH3e$e;ynaJus)ozcXEqd#+Dk
z0j~~wW&~Q0!nJCy0C()_AVh4*;CM(oz+HK$>K+FZptrx|H;u_Otaj>r)~;Yl^I!|#
zJN^*R*0*?{Pttx!B^xiCVUcvRSi$@zpNL4gb3b7$Hyz5^3chNK!?VKscZm$kjS}ZC
zybV%`8%yH;@+F3Q;qU5|XMC%(7c2uxUC65U@<($Auk1SnTdT5?$E`5@`!W^zFIyz9
zP}6^wkg9Ou`^(`_8x#|%APxaT=r^pRgh{HCK(jBYYhHqqEJHznh9tO?N+u5&2~nmA
zSy5Jv_>5`z<`fA$(N2>VKF!;C=l+W*|7WPnK-6U$>bf0-83m5V#E2>tN{>?n+p|P@
z3PwrCz<x8sdX*r&x#>bJ_6p)TBa=lai=cI^o6X_8RrqL!VaPr381>-60Hd&xyO|%X
z62*P63|wUC97Wq*mD|+)T^iFJ`Wvlv|8e_JJmdx%5A1E>p0!D%f}txI@g*2az|tpz
zZ*?#S6X@~q-BPPU^4}d*EgX%fneXrvDpgFuQCB*UArgr5+Kz(nG_UnE3nLXmj0Lvg
zGO(cpN}%rVDSKReOUU=46$hUOmQ|Cr_mVR}*5poTEauA5pkC(Ewj8os__2ijd=hOj
z{dbPQ3`+rA6<G$f>x}i5$2t}T&YN6&HYz~^$3)Ay$$#|<Nm{a0p3&>}f8nzUnkM52
z$@w%WG9XE^As{J)Rh*Bh%EQk3V-QR#RF3>pUNUjlGW52Ao4n$;CWtJ<U&Q5Ib_`@h
zNhJj;g3dvyBtow!LJsgX%3Pa~%Ln1IE0Locui=$A=2flneXF|eWr>}1vd=qKAuQr@
zsWf<3QzBz%iaqiIH3G9-(T4GLIzO6cYu=41g7B&MVPVg?P1Ue&sX{JiPR||h?`^D$
zON6L56Tp@FWf$u^ZkF!0b$9dY4MfX<w}j+)y}2hQ|IZ~!Re&|WZWXZ0V28!kgApZa
zG{e=V&sZ+l?zV-OJ{di7RG9TM1??EB(*Z+5J?pO*M0!RQw2++MSd#e#l@IRl*KJDu
zv(2F~b7J}&j&iT{K<8`KI}Ub`FTmk0FjzD&z^1Ab+NEq=4-$X!-5Ywnvy!gT4J&G0
zZqw%`ii7aLt9atx7CQB{UX^=HFWd;%>++ddG)`ZKE99S~$&;mBz9UUgwzm{E;<pL9
z{gy1_a9z)kkpercF`6A}D4uaTzpL}EWvFX7t{S8)dRxeyVm|H!S>%N$;922rt>u%a
z7WI4|ixvkWp!^CokaeO{VNk_{#(mR4AepU^%q$QVczD<&^z5a|jQ^trK$AremPMD5
zMR!!)3SGwO99{VMb2Rbbf&`Rk3x6N1s1RHm4^33WQSMo>1}?0|j1ME<NR0A4eK%J7
zj+#Lo2K`b2<|7|$r$8t#jCCIb*9U{F%o9<=Gs|*C9v596P-v)I(1tPyR`6`Aak}=S
z0$jl5yIH+AEhL-#A{7V^5w9V;unDV3`H}<w+ZpqHdYVNZ-KH#W&!1oMte*Z93-_(1
za^Z&A#{#MRsO*M<uR=~n>)*+{_0)pBa4g^m`GJyT(B)0$c_9@D_h{Ln?RdjKiN(J+
z=jZ#(4?c!fw+-jv7wl>@dk1>{KQ@vg9rXzV*8V0G-onCO|N8gklVVf9KLWT^;q(-H
zv-!P3^ASNolRBO>W1M=A?asZ;(8k-&hQ+%guU*%@r|sVFST<udx^tchmFlTy2bo#d
z9^X|i>%FL7<_A2~XDWpz9qdLj1dWj+1P1q?cVK}TMM>j_*@LS-Q35v$lM}Jf0wJ4-
zg&vQY{9&+=6EIVsu#$fzk^6nXiTP@>^Ld!ut!MXVru@$>vD%NUM0v!4S5V@<kBivZ
zN$?Z|Nf%BN+Y!U7=g$ij3}15115V%ZR+Z*<@8FL5z^oI4Jx87+xi|7@#3Awh4b!uo
z|1sy&!Vr3Ca>P$QI4U_hLvLV(w!WM;XTCxS(l!+bP8D!_UBjLUug(D>{Y;Lcz^My(
z$m5q*lFV{rSKaS{3qoydaQRyCTTLW~uRZkNOVh-bzEB|A>F@N@cfQMR1}wm7r@2*Y
zyWBig(y@en#FP)BuGeLrvt!4v+pLEjqyM%rW-cZf5w}&K^<lk0n=6f}qUz0FqAw-j
z@=*b8K_<$H2g?%sNi7zH@_XmDQYQh}L&N1FMH|zN19G)%s;jx0KXabZB$08Xc$?Zs
z5^#oJnS9a4{#1vDRN@XS0BhEhA>8{vMtz}HW*LD%zUm;PF$6~vC&vhN)1yft^f8zu
zxL9CZEE0WOYz##dHU<a>gYbPi*wt5-nqab%3OC7?1WAucMkqRHDTXIFBDXTNX&I&n
z;(RggWAp*I;|-_@N?g55sO~S8m{uRk1-Fhn?2gkMCV98-XXVTPFZTXdH5@&oLOg`$
z5jI%oaXV9X)2<$_Rq}6r(CFMpDn3|!3gY~ojorQ<;|W(99S=;4gS|IN^F!wODlfG$
z!4F<Zir5VD*iGB?p7sizE9q=KddkT4pv}~I*dtZ9-~K3FNyvPJheT=4(>Dsohr!-x
zr?AJpfk8nc_0n*U(+oX5^n|SMoyrm)x`e11G8A~pw+D~fo$qs-l_!BiLDjEsXYm?)
z;6T;Jg`0n8{PZ*>z}=#A%cVWn`0|@c>-+%|p6zdm1cH4{KwG9D9`-IAtjXES0a&ds
ziwPEybvC?T7`)1h$rsTiX=j>@P>)q4m|=5$rEwg{<r@wvvu;wlJq2Gn?*-KV6R3eE
z6U5iCX}o)5;drZt7nlroUF2wgh7L&rBH#<)fA0*$<)u2%aU;(9A1=ZhGV~n?kP)aJ
z_&y9(BC}++x1wJU({g-TLKrCuOTe|-Zvu<OctP4M)#!`kDsim>YBlB^E>&@nwg$95
z=PyMpZayd-pC-HN9TEw>0_CY|s)WY85IyKKLV2q8$=}%;9E@;|h7<7F*`}XT4qyL%
zLg#{w<gzamOT07e2|Mw|C`%a}{P;LdDu9htP5fhS-SR2SX-8$?T`d~?NV<BHjnvh_
z;yNHjfAfq$V3+2)cGujt=WQ?ZOwYdzY5<yG_He$ff7y2JdH2QG&T+uK;nYW!;n{bs
zvxTvt7vy+F88MUyn$vr_LYSU4J-3c{3W5bkaAfj@vuVY$NixEe7ahnqZCSjc>0)5p
z@1FvW14#G1VGdlgCmDupuhIs2pQjG=vS<j2kMwQ}8O92~jEWQzXaCsoR0+pkmy{r$
zivqDhfw*=2A6t_jUOlyi=>J9t%%WLEtIm-S@62Hx!Juf+-4}1q`OwxuZw)xgR-LZ>
zFNfEA*WE-(dE@0xbB+@T){Z&W#B?{qtF1F6;17}yo3GOl`wCafeP5#}&W~BcV~j|<
z3%r<GkRsthDf`qg2TEhIE64GD^YRq6<d?|s@XGyqtqG!UQ&;|hCq6IorKxyZaZJod
z)cH<<?x{Q@F>J5A;veD<m=5YH(_D7%EXSvfIoF|mr1cxPm~4VOWyCZEJTh&AB7tOU
zes~!z4FEj!xL)PyFRdC%i&28y^f94tSS_s`e?UbD8q}=E1d;}7z~W-M7UqQnuH`hm
zKj-{ANzoI&Xp<oVCmKZXtk}&yEBOA-{2#l{95U3)vQl6*YZe^q+$8wj`M?;IC#rCv
zm$%QS;Oj6KkMw%V=z@*1;s3xHP&1-1%Q6i|DLjTO%HvtELl$Eq+cx5UlD8Hr9WguM
zIxSb#$(U+G0)_OGUmwey*hsa!B=#}RHSE89(^GhRW`=pECM5AWt+b0fk^u3!D(!VO
zlXms~RB(v4zw*;_>wnfnpLEeidD!W*^+=yi6E~b7=jHOXv6JPS;_F$GKMDjM;2v$+
zEKghQYEPVf+ndP#*fseBUETk<<{V+4F4DBgHuLqmWn!u7!Vs%6J<xe*wJoWS{MWH!
zCk(nHiO7Kokd)(wDeJ!Ki@|E(gJZ={qAFhC&um{aD&a?V3tCmzfM*S<oq5Nxk7(j?
z%a$d`yQRr0l(ERrh9_;S*}#B5@MFX5U}RX-2dVYJp&HnFkaDXDV}0GP;NrN3vT03r
z*c5&s3s90<1LgP`T(D)U59O}`qH8twk#zzsXNv*Tw^`h21llngnuJwvX@f>Hu!c;2
z<l-R*dEt?#Yx2{hjv+l#U;B^T2ZV}bhWO0KBaL`qt<Tqt)>2^Wx0_f4DFhQV6YEb}
zCk&xHzRtP=ZU!sXFQ2{MVb1}(Q>H@=k7cr9zd1<5J%aallbniDChx?V;K?>HUo7(m
z&u_lJR)i{4kr{gGzaRgb_?m(T4DqirJ69Q>Q${D#@=v|>xKd)?{9dzV8L@JDLzS$x
zUei`RJ>%u2Y7wZPI=Kt+IUAX;!c?6D|1wJWKwQKdu<x>Dy3qY|UUT7m^oUo$j%9|+
z>~pIOo8BHL*Z8I-UQvKQ1ZFa@vZ{j^cn(<<b9qP4ts<wemXtzNR84Nr+}qqjUKx!P
zr>lrr6jxiZMpk|e>e#v#B{5Cwb_DBbV5>=!vLvLun_Vv4DiHQ4kOxsE4O5hY8NU?&
z4?F}|67&T&*wP*7rw=Qk!t7W*I9N!~lLM#*|E?XQlOW=OVthG{o(!SK(NPG_bz_I^
zDT0_jAzp!GLtd)T>?k`vmC<GT0EFXfpWH~GxX@Bk0dW@NjeKGIp#TBV<8#n6`nq#*
z*iz3cs`9q>+eC8Okw$Mu{rZh#<4e7FT_Kv59|3J$Rh5t>j$3P!-ArZ{dwYT^vQ-#v
zsos`ccKfV5wEEfDC1^Des(o+D@&YaZ_*I>(*>~UVn)NRh8Hd!LgeAPt0Sb|&XXDv9
z*>y}=nllNysn6M+ltdfHKHAT@q}0if*Oe@D+J)03Yf)-u5BbkK3)PR)Jk^rO@9Ik$
zaCB7)<7Vrj{|F)KKS)q$Cdf7bP_R;ATx5B+11X~R9TzOwx{VLcE+02SVffNL{!4-@
zxTlTB8%qo?EN<!re^PrA2kkQ1EH!L?W7Z)V#PPO3qE_=$CV}R+AoXbXe%(57Wl?Xj
zf^X<UYCEPx=hE)7L4x>WNwC^Fh7H-3_yjZ`Iq`RT^Uyq0@-4>u`QWojIO@XnyA*&!
zjWEL~cwl*~FxVowi|89Ys88M(ueDLZG9&emB5`H=B4X`p$g2XUYF)_UGkM^aw({6O
z$>?{wu)+QJJ=T$3LSRE|#*)^z0)uw7Z~tt#f=StmvLe~TMT&o~5RekFFqW7+Z2#$*
z<g%f+g>SxF^MAe#!uq$%E2$zD!CvydXg;Vwtvk~sOi&Sf+9`ae<q?gk+o=@SzlkS1
z#6TPgxHf&0tB_AXSs$&@5Op^5&01fHmmaZras;oanlXAc;$fjZ;=k}=W!2i3sn@w}
z#}+3@CN^Fj!tQ;Zqp`eIiB^w0_ESw7lBv+_Z2AT4nt~98l(WGk6+us5T19hyO+qN*
zC1)Z;G2<sGE62EkRu@TV;m{r*N7AMUa{C=2afruhFyL%}a>KMx1+-8ICZl;Mq2t5=
zg#Bu-T)}X|TA=7nH26=9<vU?02V|()bfz9Ad%8u{Rc&f8=t7A=i#^EE0FCNF)Zr+S
zzl7n~gOwtTv^I<LpO8_xK^eiC-4W*(f>krR9_G6}KuxiPtd&A~H+A(DB$A;EahI-c
zU@+#b2Nj>>ItYC6W71UE*%^4fUJJ6~xy)tyIlT6?dC%q6gzKNM#`#d3P*eJ|09-Tx
z=aVQk>pKbRj91~>KyYmYK8$||F1rNfa*n_BjIx>Szn#8xMCu?)+WEQcbH1)O7+05i
z+_c*_KO?V0L=RH>J!Hl!Z^k;7_$PI3mY;cka0cGh_=+2rFhe54$iB$++P0JfhFkv<
zS*R-xfqtX5V?K0dNP08bzno0c%)0!K<~62gpDpy6&_$y0J7`=cfh#2f-U6&a_bbo@
zuu}nu+x8(@<%R-T)GC{<mq(rs9C|XOK+UXs@#Q5F*tXO41lY#7NUongh3Sj-04_-L
z=B5eUz&?*}rM#U^zRw05<$>2T(gQ4rs8epwn`5~p<$dAeVZuHwO40TYGBU#tGkObI
zJ9hemqk2Hnd_3c|!&&|k4wcRDNeo+7R@zJO;`|B@?r17uJ?Gr3jZKM>cqG@HE_;?c
z9aN&tMWxosDfY>OfX7ex8$2iV)scQmt?BKt1bf)^^HnPUxLw;6RPEz95)28PJQ1s=
z6vEZdYsyN|EKi>5aUXq6y?j$O!?li?lAyl%R#62+O_vikxGz1`@iIHV^5}V?w6@MV
z`LEX-1#qaoCZihN5*wV%y&pGU1&@=R^a*b?ed)i)9$wtp4swp*A1r;}*R;`vhnHX5
zLUqj|zx-PHG9TFj(!ZYNlN4v=w0!pih<XqBr$gc1r9%k?!igxp{}sc8FvQeJi^C3;
zb8!2aQShczt26W<@Bqhbia=&w5*NwM;K>7N`&|$2FxCNlFB4~%C{r?>lnqmkm!D34
zE6%>{`9OGUdtehV$Flt&9~nvdiOK%+uo5&DJ$TNEE=>`3yH<XB%ts6O5!sd`gtA5Q
z2s1ht`LBP)c?wM*J?kmDmAN<CP7er|1KyV}N*rre37(5fA->1$&d@ludKII18{@)-
z65Q^4?tj!%-Ba?LT`T0g>_<}pA$KgUJtlU5AE3+JH&a0m_LaYqo6L~$+32R{nT5F;
zgcJwWtV=94OmAyXNOl3>(QkZ6wic%rCycHDCd^%GgvW{Xx&`kWn1hBRnUtjGW0z<&
zGNu1%^irK%ts&zFOO=)FowAC1Ag7TL`?aF3>Nv~D11klR2VfQh;^*JOP!X(}Y>vs`
z_)~Szd2Kx<LJ){U-7vWHkII(sok#}qTrp|-nF0hO?MUO$1bs4h*?Xw~q4hnR-whVT
zRIfni#67t>$1>XfF-C4<ZNxdBS*q`|eLTRo4BA({Z#k34mT}=nH#(1X>c&?|MMv@E
zU#Z2fk`qL-G&v~Muf3>WldpG>W8VOnur~lQ%o1`)V|dd2Cl@2lY)v}Q>HNa4DVy+f
z=7L;v*J_bd2u__9nTHU%1WiOXL7{Q{>gS=Edk#e~?mX&9&Em)YH0d`iPH`2bDA{uM
z16zu6mka^Pn)uf~w5xVBjV9%tR5R~Y%HAt;U=3>0U>iSAS7;WvdIBRZf)?1OKsne&
z)sSmeDbTp*-0DA|3Tx5S`mFxA($T2Bk1*P=udah#{GwX|*LQYYc4M-mX5dgW?57|g
z&b@*|TlioJ)5QOKbH+71o@k*!(0Q|Hm8eS>6PEM9=G3@gD$6B=y8{ZdsSf-w27~7y
z{^lqfQ`h6WR}~Qz&#$x0D-M~WiT0<Quj+^v7njm%c6Wnlw_M=@qdzPKjT7}gW-?_B
zVvhdk5*8f3mfvCs&lSqV%f0iYVR;j8-orIYT#|$^k-3t}*Uo)PnZ1^=9@gPAlkFk%
z!8D?G`-q%!opEMv&Kw~RSFW#)3|A#js>V2vkoj3S)|v==MDz<S#X|?+u9#`@-g>m}
z){~pNmmDhQIJ6@rOtt<?2jH=!y)hOy2QQ=KU*U_rI+lFpDMcs>Yb56OuWl2G?!3RQ
zg5+%^s=8YBjWU@m7rf~D$ZB+d{XIFnMT2hX;N2=vk%?yFT8XNPFEPU=RFe9qDRrCp
zB8r}q{>}fc5#7cUa4CuV`exc8ke?gsXd?h|x0&mE0Szb6#5=vS(<Pn57L`oLv-;n`
zDYtC80-P&~YXDUInJ_Y-NT7oNg)%2DQvMrj+b#>S+qu^o@(D*`mMXW(kM0T9ygZ!=
zGmS<KpVPo<f1A!p$LA7SUkSZP>HgF)ZE$D3&krIMG?j{P_igeO5{m?|^YRL3#9L1}
zUHeV@f0(A;oW-0}f?|^4Nl4t6?v<Q7LAfCR+x`-h65m2onfHIXD+yiVw7VzVl;YMT
z-x4{6v@MWq71-VS8G3X39!-WBnW-PI%1ih=k5kWck~o&nUiuVxSv=sudi+7v3uR84
zq*DbnjA>{g$B6qFru&O!RB~QhSl-PVq3Qh!vG`Ze*VJ3X0LgIvkgXRtcRrnnh0aTE
z^UI?c=<K=96Tg~<THLC^iaAlwI^yIv@tTYQsS66CoiXA&y=pTZq0ryheCtYlJu9E-
zU-zQ0dFBY$J`r-2YLFk%cO1r50q5uu%$3uXu3<Zqgc$6|R*>&=xQI|7$UlgksDko%
z;bc#Wpe-D)oOH!sIB>#u>fx{5vp!x#a3PIp-?9Xl^f259hJ#!yDFRKgXRc<r!d32x
z8wWR|0KSvYqTqk|Y@l9Q7~zA>JqJ#Sz=fe)3&D2RT(AH-_Qf5XG2_hDB%-(RCNGko
z9q7)^u+)At;8qwVZMTnIvwU+T(C6X14H5koaVqpKpFn7i{uliJBkC=HqWr%9aYdxN
zk?!seLFw-9MjC0P1eWe@5F`YpQ@W8B>1Js~T43q_<^7rO??1Dn<L*AY>)dnCJ+C<D
zAyv2@`+h^mAO#Z*+`k;x%QfxW|A8kH&QMd=5bsL)(L!hNUq47PTIXBti$BUzBBvRl
zERx+@(;!Ff4}G%fT0plkw>+!i_I14B&b}%$WbgaP$Z=tMsqA!nIxIs9Zk?KdT#_Zt
zz$C=gur8MTdSy@k1s;mE>u>Adp>FIS?Wf>YA2j`M4Ifcw72pul^z!V7!xWg}tAh^l
zS=mL^P4`aBVDt}@-j4zp%%cDNzSd-a%Qoi0E#K96+wmzq+fQG4+<4sSQ}#OIq>t<2
zKv$ox$@g&Gt}`5yz~3=GxAWrC2Jw_%|I(zbykY(xth5x~(NWgob%?5#O0+$Lp)rgu
z_<61BRxRh}-+c>-^C{aIyPS{+1Y(l>zL}XOr0-Wk%EI=bo_Vrq0Cls4Jxp^|5t@o8
z%Z#lnj_bk{v7D3)>pP~~R2~&oM<~m-cCE)!0aEY(s_f<SX%!X-L)^-+gwG)4SN)6e
zrgANz?s4MjC<&imKk`^1l~F8o5Zx82qqS8Aw+shtre7**Vv`!M{Z2tYd%l-x8sq?1
zYZaua2k6L@s>$%`_o`4X&z|zgxMA_&x4@`3e{-|eit4P`!K5!-N}q`sz7aNcPVTK!
zLhuXt^P-(eihRRxmbwbSMJ)xh<d;Ya&u49|e;^|(NW8mQ>HW)09sFr`XpeidMmP~?
zEBgw7PlS$eSMe&EbUh4<QZz2j=PAtQ(;07h^+Pht-;AZ2NAIe1jPbd=I`traTMl_w
z0WXqse6Zoo@f}T~#k4Ez6*v-T4&M6Lkq@<8pD9WB<bPQm8ebmX=tyv=67tQDrNcwn
zahq18G6I9{*%oW-M56=(VH|=!^o0hOpAG5?4HhID&EBy7>D?2*g2NMvwl}AkEqV^J
ztm$3vUXr>+&8rMEE|al)ZKk0@BcvjYlOm0OpNx<`<t9kT6@Ta~I0ibxdwKlc@5-d9
zAwO*OMOjW63Ad0C9AQiICOr`poiYAmdW5|L)Dc0q&BvRAapE)u=kuoCxe`d#Etu1~
z)omij8K3PwQ<N{NDN!9B+cKu^<(Z&BCo}|oEmAq<JAjhm;DOTzAX%8|I5KsMwy7M2
zp)8^R3e=-i?*G7*Zd;zP#KMA*1gwe~VyU50?-U&=w35pOJ(9-;+%`1?XqQ7fc)ff}
z<5-uTk$QQxNk}Pn4hKjnR?+_JlS#qvOJ(h18;iBc%Inb|SbTKYsdX96M>BdDmgSAs
z<u+^O-!e{h+@18JA}P?_eE_|Q#^FNgeI}f!T$(*!)O#p&Qi$eQHd49Kk|s24Mk+P{
zD;;7iqm{R4JYuUBpfhNh5{o&PlG(uMqr=o3D`=8wJg_uE51$^q3=J7~4E<3Hvhqfe
z`ob7L0Jxk`PTKs?Rf`DlO20eO^$YN*$#RN>4*{A+q7MdtJvzo$GMvef7#XOiuNluW
za65tP0p<g*ke89Xr$<P#gf<Az?9_n^BEx#Y#o%>t{l(7Q92t5T)(H$;)h*Tgbd@gw
zxQaaomwKpatyHg%U)sP$vt^ZE-+mb{cz!2%)+)?-=uP_G*~d6303^=O{2y-4djC9B
zuuVGGN^S}PiPis)7&i&4Ra-zH#L&^36)$9cOS@Sl<kKW(l4kSrnt59S+30RyI7xyv
zXJlg6wO+Jn8M&f&U+up<A68?2238q|zGJFitH(WFBkPhUu;aJF1IN(cBk8S`7(ggt
zCjhOyP1<HzrA`;Zs~Z;Ta-yiReN6}ffl{G`eOvRJdP5S>n^VhWGV%D}QI#8g#l5wJ
z16f-AkT52*k@WD?%I+R~N^2G(fimc3Oj-JO!v{2_Dbixcm-7OeKf}&56p-fYTtxpS
z23TV4?}_QvM8m9lBXgFK@#=?0S=AVyvS)b-k29b8zXs9K12wkqr?4rk&TDY|{GBou
zebs@QVvf5*onSBYarMyJ|9X_8$N*c7?e8ap1!=L-&GQ1k=NQXk7KKjRsZyrZQ6;1i
zwsa&F)|!fLzC4b#?^LhOQ(w`w?<bzJwk6od7l%&#SoZA685iW@;R)9@@kJh>PSA3D
zVK)HZ7C-^^P{GT|+rl3aNqvKA+cWoHN)qDpu@;vz`CBtm5I}W*-6BV|qJmPEf*zvn
z%n>GkZ&Dl9f**+|rht0wcgHi7QSzlRc6nq&hAKBT+saiLNpTnrzc+NDW&ZI&>CWZ`
zy<O<R7$r<Xh-cBl;6T&N^r_fxpo(XrNnm;r!SuQe<q7rC5Urw_SxqOjjjF6<^KJFi
zp%1uS^fs62Rav~73Nfs=Suysqu$rz$fdZE4vlP;SP#wAq`E<Askn0Tl<0X6w<FHI>
z%GgV=Ox~x=s0w&ljV)ogu*Vfn92k2fw>C=NaucbCf0-k9_BS)qqIq|G(9oqXhFNKK
z5-k!JQK8f<+iI#)qV<N}wExxt8SQYirvBx^0$jS0e!m9YLZ&FcKe4MDu|_Ezm2tQ#
zql8>a7x8xpzW1vsD`dYyQLzO%06KPie$W;j5xP?s4dZ}d$kiBZz4BSV3elI+q)o2A
z6mn-x;7SScwM8g*L>_j;?$S?9<Vcp=wcXJeby7eQ9h9*(o8~Mb*}=+LEcK=M5H)$&
zfu}w*X$U#Vj*vQ2F_`vwr$%WtauOqbqChNOkb<R>c%H?cD{1sP=sn6cS`=kfcj?Gl
zUbnebZE7WDKKs_5JGDd<j-w+vKfh{v65a8+0x?F_n;WPyMLtdacJ6P&7(LBNzuQ8`
zfP0B>f0;3@4czG0sxS1by9760l-#!$_*iMUT55)@^`!)Lu_>_q7rLCFSn?W}2&yb6
zxCEiQQF92L@A5~bxVyfBReJ{pR|j4w!XCOFc--`#vy4u|ZXYkSNkwD6O86kAX^;lp
zu8YUqca$;i83%Nbr=y}(;B!>qi&x+aR9KG!^MP#Vz9jvzBro=$J?1e<_@%WdH?tW$
zp~f(q6%Phu9eMdSJvj2W>&RmhFu~}A2S2<R(kKk}{*yVw$KdAm2O*SeIb(#fWD=i0
zLdLY`cJ|0axNfgwAnf24UTWYZ2s1%~*2^Lb6vrQFpa?`mKNqJ^r$W^BzT7$abF6OO
z=1IAV5U*r1-?U&k=W(~{Rj5&Y)BY@xDN*<i@C)M-K1<z}ZUqA=9YjwtyNm%1W`?*-
z>Yq$OFeFjwU57;#(jH=<8YL)VX+x{NxMJBqp_jQYy)*KBYJLwbcp+`IVT&%(VE0ZV
zJd8=S$Rn73#Og$1YTu_-FPd&Tns59|?U^V%i`@Q~sT7>K_*cJe<ucCfwxg}l4y;z@
znXt5>B&sQ?U%}zM{D3xAOA1jU?)y-}?zQTVT_2BD>{ybo;n|x#XvuROB*WgrLBM69
zb}|<mIkd|Q^B~4J^6^;pq73zEMf1+}f0)RR&7+imTZy^X{e!M$OL}E3?ets-`yAtC
znga5UMAcyv-AnQWa+N;k+5$UqQ2c+RXW1>yNK&JD#bn!eaQ1F3!UP8yKB0t(LTcsm
z0mC34QRZ(4{0h1al{Je`(CetfXF|583dAa%A3II*%>T~|u+FLgN*^L>A=m)5zXf*6
zoQLsX)venC>JAh)df~*no5gB#G=MD2s)6hWv@0Fg^Sxqc%D{LYUihUI(P!VtEEJvB
zb`V_Y8aLwlOEl->k<2FR?h$MFerlZ+DFVb29D-b8$7}bN+Pq#%_gB5dng-sRbw<ZG
zo)qf9b}R~?US6FbgRJ>PTzpE$SRfL8Y~0m1Nw7C3oUJ3ARe+y$dp7Gvq`(}a+v$(a
zGo4WTy*A`2s0H6eVzKY~`d`*RqT5Up<m3C_e<#?*6J@cbLV5eGdi)7H5S(KuNMp}N
zBhJ<lBTf=UN?@_DxM$`RK!zNosdEOyIi{xrIuCIZ<qfgpTCvfVk|xg?@itFBjDvYB
z8Jt|F&%S>{jQ%D|Y1U^ee!ISLVUVbU=1EMt$y#QxXJ^G3CP8e(Zh+LB+?%CUq>nNh
zp#ihvVkJ%KU3JxhE1(TI;MQ|a?*WvjrQ6_t9Fat!T6UpCO9xh9J4w%i7ZxV}eM{G$
zo>d`Kv8<V`&|2g6M>Db@Qj>w><I0V^HbvOss`TCEglM3jAGynVcHeUI?#V$85A33H
z5y3|5l}VeB=Hs1<%Vdi6igCY)cgD%B9}8^jgn2EfCLVLp>vXu7+<T7|d<Ee5uoB9#
z<{$<J-(I#|3XHE(kLFpsI&Iv}9Sx77oO1IApg1a#Cs`r8s6-(}mV9V1M5odmRN+J|
zP=ly4ZZhyt!)p^vitrF|F=Fvp|1GE94UNOQln|0iq3hS66^0cu``lY#Yc#<Hz<iW9
z)rulN>h*K%(S5sh;~YYPU4+0R>V6Cz4NV)3EL9*{%HaB@yAeg$Q#|6z{X2d+E7IME
zm-}Ve_|!$93WGF}C%q_Xe*d2{1SQbc6sM%l<d5-$n8g0!Bv~e<-R7{@5OO9(?gqS*
z{e-EWolX?B6yPA!A1#6^NsB2-n;=W?hJnL_?}!+gYkXn#-a)rY_E}d~e!nv(BBAL=
zRYvM;W~lD@Q(OvOQ?CVN_d8vjga5f$ZDhfCR84I$f2)WId>K|Diw$$j_mtijp>T-0
z-Enz%gKTz@S=;~{fHTPP#vQiP4zczoIP$@E8IN?$rz*M7CN?|twDO3PwI>c+Tzz)-
zTMH=j3Lsgju_M~DL`-KZOz0=vIBkEz>Ej4GrC+<>5<!9)!|wJT5w2Ok&f(7mM}0s2
zKH2$<>PS|I;_s+ujRyP1)IL_{Sz5-)Zo(s3*Ub*NpDC!j#k(HZw%tT4(m4OMdbZ!4
z#lWsP)_SW0?|Is9{$#wrzwrZWXgWg8Jn(6{atq9b;5PByp#!gtg3G%?62t>BuSpSw
z8bkfXAgW@%6ympwIgA90rTZIB1wUs$q#JLW?CjFD=mJME!!#z<iU|sXp#l`}bm_fr
zR~oPuQUc*<sLb;fdAR1Z9=Ce5iQ?i?r(veyc!`$(a<ujT%h5oA`eC`$&4&yf5}}H9
zgmKj!_5DmH6R>54oeYarB{*-XVhWrbg_glq@3rq99#8_kgNVCG40?lBjr)&}*rDE%
ziavWsaBIW{j^nE@@0{NuceQ;Dw0-)k>l?cR{;`-(wD{|l?u#iWf0z{o_+TP~I!mk7
zh$M7z@?%Iml6jT6hyg0}T87F|F<%48w5nn1zSOvK^DS)}HQZIPlQ0wT)bJ`=izq^d
zmt%0GwBgoQQ%)mh;l);H%L~w<q!#5kO>jbYcCYmlzO>adSgy(zd9$HmbBX8RVy7wq
z%<wZpesvsEKyv|OyPL&Y&!Q5MwO@%C6AgttXZm8MviZu2wXMFU-j|5RN<YXzQG#&d
z>+fQBA4ht-UeD*mxeFh1=<=Uv0#TK#s9T}Gm}XW!IEDvpi7?6Me`^*_-&y_9C`Kli
zqRpRe$Lye`I}50$m`9azcD-tAmQ;q-Z{kLuAW7f(Xne`Q1bgeWULQH83Qe#imMsXu
zqBP`InD{(i=`~BQs;x9Utp?BQe0IyZB!GO%Z?-d4n=~`Mza;fpU_UR1G}}lKQTtxx
z%1y|>Ek`0zq)v9oBDn1Hy?f91oXN1KRp15436XEhIZS^fUigKrp+K4Vgnb@xl>C?e
zY~FYoq|eA}cwbuS8Kz?Xydj5xxChY#py`M-s7zedpz3Vj)!7Wx*p}4U2Tw8A{n5|s
z6V%yDPttTvLT20J?1y9A)*?#6klQaWbk*2~)JHCDL*A7zN+kDUg;C1u-p5Mw_d!cC
zIwQ-z)(d_qJ>^*UBkRLF`lLsY$noA)Fb=k|_ki#|$w5DUPt@_oiZP4mObA11EL3kS
z)F@t3j1ZE$M8{O@E@s6|dL~3}Hvn|i%P-YmJ!h;=Dpyk+5P;%4`W9&94ota!O;E}v
z=)?V_6|r-L^%1;rdijWz!fL{w+^k_m_*zKw5Z88nq~k%(IZ6n{w_8`2;o!D&f|X4E
zjlQS=BMQ)=J=k=zwokuCw%FZ9<KS})6<#9?j22%r9ca6nKRG&i_23hvy;F{IeY*<f
zYxfIMzJDy+etM_3)r;de=S@{h!xpio7)*xC_m;q*0Y2N%ZR2eyFjB{D3?Hdek&3G$
zaV#VQhf9h{DdhpfaB8fli}&sA1Uc|W6!{WsXoMF^quYq&43&yUh*!}cY|^ANo6qI<
zfK1k}^wRJ_GMLL;d0tcg(aj`8!~|kW3u+ENHkPPl9$ER3xq?aglM3v?${Wx+VrRIn
zuh5Oh@-a=m`0Qew7VL(FMNx2Gv}+7b+Q_4;3Yfk#kg44Lr<Bw1g?h-s!wMxZp?Rw_
zu(chzxo`2TqcLr~s+fC65X0dLdnqIM;}D|0a4sp9Y9d|(u$QQ^qLfym<Z^NQ{62a+
z-d1nHhwgm13vA{F+lK|S!n?_@?r+=D;8~TPQ<WnH2qJPB_8jZt*7Tz!);&=+fnp4A
zf25knCJ!?NnW$RyWoVW-6N75rEGo%5k#U3D11cKWNC{0!Dqa?laWmV&AuwM2AjMt4
zZn>J#Cu=D6a1<fOA9gh}%%;&4@=>c-)kdm+T8jC~K4_*2(L&;OD`3-w@7L{m-<J<@
z0%2D0?PC4C(9)phPO&=#COnj|Uxpu;ATf)0fKL-^e?U}HiS2e==|8&UUb~s3*mN+x
z$EmYJKujYFKVI+F1^=3xx8V}FB?1Gjnu#ddB5X?@lpFkX>QZKY;;VM(xHcwtJD5JA
z?CuS|cTF6;>UuPe6(yDE?58qB>f37EJbpMjmt$h(zu~O4A7!9sKYFWjSb^hH&x9ff
zC^_m{Wc4K}?%H4v`xjvisO71#l+`m1cLvl7DK#byNIrG;13$&G8U~P-)<IWc>e~DF
zpc=uWmuPw0G!kX0(V~uaC5a)x))s~~!CTy1b#e6tO$@Ksjv0bjt4^g<sMfIQOW4a(
zA)3eCK+wA-Vjk;^aALNa0M#ZuViR)pTZ_(_mhl%Y>66v`U{tWshqxuuBGwryp5O$%
zuVrh0e1{wKYPI|JbI!%%<FsVj6#COs#|h5l50483528(B2U{Xm`nZ0ucM1s!Wgaa;
zPW^|zEa0O#+yC^2dWy>kydYXf2BtiOI%S?g!QH2hn<{BUO{x`K@>f5eh4K~ME4zyn
zgPs}HtJ_xoXU-U8?0vt?Kdnyen(v{&PE#WR!A7MSo=P{>rC7xZQlvH}cGIz#vIU0}
z{9r3b%wsM+T;Irc&yT0d1?Iz|tvdQAj&Or81{TI_uoM-)bQaV>*)xJiX~T>}rvMws
zg{T$5ljKC0vi1%To?dDcv75xR?-d(l!3}Lp{lJq53>v*U|BXk!Qt-}@WbO-3PmRmW
zoxpqI+AKs}rF<}G(=dUcSytrn_S-BUg#gRKISXf)m0s`mx>wh&-JBusy6)kA#4|i@
zYtf%9nGMOpyMeWldKIw+W07Xt+@wa&(~0EYKF;w9?afYjQ#hAWS~D*oC${c)naa<E
z9Xc~62++fGmUA2VKbL4VDtLpdl76zA`thR{gu&!lS>jU9m4_5k%p!`|l7jg_3TVCC
z!24AuR|gL`FBQ&+tGUSjHFR>-@*o2H@?`WEV$gD#Y6hg4qR`_bzUm<h$9TNC8?pbg
zd>#;W4;C|P1?GXQ5wm(o*M6T<uqjd<gu4DXe{AOAfmCh<uP_*;^nqe>M08Ha_T)b3
z-u7+-alLPM5Uv8Byd-y_`G7L1o1avRPHO~5W0;XVVRdM}^TwJM7h9`fpr)-koFm}+
z)h;2udF|2GMbHC(_|d9VXa8Hm=qu~TYTsle*ExD*R(TSveso$~k{>@vzU=a!u(ri%
z@UP4^DI`ON5^QR1T|=BwpivTqMkY6OkhUlsXST4CRy=2ha6h^T5rqvIY*vAo4KMDN
zy#I;i4hx`aS7S7I8^(!UCL4CrPab;uAJX(`!0!)5ry&34`#xwOtWa9SdD76;b|QqN
z9z?%Wx2z_DKW};81w$LCaoEMw296LDn&01_swj&2v>QLJM5ubbzXva5&p<yjy%5Xi
z-x&Oc?Y+y|^4g{6XA#+zu8~j8?!eO*IKAZRB<X>fpyB$BaZwp9SMi{lBjWcma1}93
zX&T6!<UzRnTklr{V>)wQMGYcFdECC^30r5E*YmLEIv(2qW&2;p=WnB=E)*6~s$7a)
zP0P%B(t3sr%Rlrl|3_{<wGZm^mHg4fjG9|U-aYBew)r6N)5HTQi<|zNUHcVpRM{G9
zU{`kcx9kZ|j?9-d88y43(3HczFFQJ;Lh>j>i$tJ84@Rb-sEI@f&CD{e_ha>U#?;B+
z=Y3Q*l6f`lV)|0Uf>eWgv9{D(;6<(_{YzY%v*SjJ@-qY>>whvC`k1Xd<-)bwS1ic;
zG`;{%KyaipEw4Wyz#B87D#jL9KmLx5)b~TMEahD@ROHWV183Kj2RER2ECx~rz*)8y
zppb5EeFiYBD1TWk*$?wy*@G?wbbyobqEGlFMPGgAsM24=6Jy>Ha+Oct!(`oZ4VMM!
zBRDY~jr#E64p2bvd6E_!Udvqr-`rl0-|Z5`p7ZZUEONf&gEqRAcJjR>$Cv-B;t_HN
z|2=lJ?rKF-V~k*vYUyc>u+|BQ;|(CGEIns91RIJD6N8x*1z5s-5f#4c4Ot`jCKnFl
zh$*tI;9>XT3y^w|nFIhnW@XQ$JHzCGVqwXs|1Dpz+i<*_^k9KFj7ID{tE>0%{?Y%H
zc;I=&k6qegcauzN$MyIgV0IujB)t_QOq~&{<3r9}mZ5WaD@5{!D@S;ie{%9$1M42}
z2(pXcE0F{kp->R^@-eNjLP(?>KNC6AL?obWI=^eqUHTAT_4w}5V0c4E0`|^>6TkNr
zKQn|0FIoriDk$b1+5Ai0<{Cp5fKq{(;3ar}CR#_gwCXF9L2i5R0s{Rd$<dght6xuu
z;kk`Jw?jVz54}IHWw$I3f<L!q|B&X5Fop7;?05dhDa4k2S4uFexk&KN6_c8ciT0P0
zsQjS))!b(`4)FlEEMc6TB=iBxF;8Ds96yj6Otbt+oE<{=?H9=DvzSeE!YEMb2&FJr
z#G`{BAKxcVKa_sQElW}X5ri4Xoo=)m@KDYW=UN2uX^p*CBUfd$Q(FG@Q}zsNW`7+p
zfl3t+vm%JR!>gPJ(sl`Kol-SIB5=NUU`1`CGbsFwaL4*(4ZPN(wOCW9Gt-?E`99Aj
zN@G{eFs7T(lrFTYe2KK|?%!0Ksig6LB}?~A#`DrUTrgS|y1ZGN6I1%&zPv@r052NI
z`=V{fUb@W$p33yi6F{vN525qhoOzL*qVp0wZYbp~9WaKmZi$#kPhkJ0^NVZ$RYm&5
zZ@%szh2KeF#~OvGvi4$)OOB=1LPyOEm4jU@Q8Q~w&CO9b2T)GR_o~4ErcesGRtwoZ
z9xeYv9g-X!(X92~3he${s3_Q^tb+C6EZV@Y^EZxEN_>ARJ+{Q7cV*qfY%Qfp_sv&c
z2cb(ZL`<T;F17Lv#c&@B9=3e?hdPd<^7*D|OgRUbOGSi5Qwr9er8*w>c<7wLO3)Lr
zSmFm<zy}5#)gmQE@Fgqc8fVUAT=EcCgT=RvZ#F)oVhO1ZS@WguWYr`({M4NPeWR&}
zYs?-cN81}IW2BcE6ygBn-NQp`EoOOEcIB;thu?-Zix-?k-Y2TnK_vf0_m1>_pM>hw
zb+TeW6>nlxj1ne|FByS|4gIoeZwcrW$O%M+I+wVr$TubSlJ&bH3i;b>kV)0Bk{#%l
zIdKYo_N2<?NPV(D$^ZwU#8mViAfL10`J5Wm2zxIYru?`>t4iY5P&RtPDQFx_(8N8r
z)}l!y6}?uB>$WD6@tX<9o)T^)F^}_j)_eE4*c={uP``U^@5Ukv*baL;k0)BMm~cM5
z)jQ)a0F_Ud_o=QD>7Q?ckNj*%Yy59(6)FEOUvZ31*hxdM<McQAcNG*X@<<#SRH9g+
zsP~jve~v$1XsW*2)x*Hx$7Im`m_noOn6B5!{=WH+cwzR6%!nL3kC;(i=G?@6eRE(E
z{KJUKcu-^%ndtL1uJn+7C1!3bMtY<fiKIr;;Iwsn2V>7f@~eCXCrt(>)*7_@*zws%
zm8kcQPJcI{p~JW|%((9{5@djt+N(-h$&MZe%^t9V=5dUfJe+!U49ggwlnwBe^zioK
zXr&vNij~Rc6N6l({lzD&y)I8g8-7o|p_oYS`Yx(8)yI3@s+OL643oGw+BG}B@EAW>
zLvvI*^!M@U{L0ox>LhBqYi@h4tdDvrxmbE$k~Ta~6XYGbcyk75P}bVMi{lGQ<A3rO
zGl*#>GJnLhK8HH7jl8AZ6#dV+tPG%G>e_UIZIh40U^W9X;Z|to%xnoK$KglZX6yvE
z(71gr@%kC=dbKzmT<^(W>$Y@l%wgkS(ks8D9}4;q3|(M8d;~&gz>hizVRZmDc{To`
z|Ff)i3Z|@qMhDaW!Cmgyq_xysp!aat47<<ohcZRpZP?U;uie|ChPc+_Idf<l%AyFk
zY0Z&i_pi!r&d9?FPPI?4(}X6VfG$|Mu#-=G|Cbt9OpsLn^7sJG4y^ZJQ>af1aW}X%
z5RC&ln)t=WS_SG;P-Qi5%!LpO>?yYh+4jci(}-p9ZEO+uGVsv8^q?si<82pL{3W@b
z%LCm7pon0MmfL4I-tQ|r_yjYn@z5u-!Wn_HiR{~zgGE81gwHcXLhAQ8wcC-&`cnq$
zT0^)Q4AJH3I2SiEIH1tWrjApMN#W?mW80WKkY8D%`&~3XHP;xK@Jk*=yyX#|ddMtD
zHX;I(zHps~GVgB{duDgCLBA1i#r5%Koh!aQ5`$($XrQK{7^{Kw*n-^B9(pyLyIeSz
z+^?7RtMjiyjU@FB&S$i(-xV0mw<zkQaQwL1&9`_Phe19^W(w@53yUieD@7{pb3<`Y
zDF5(xV{U3Pw@$)0%kh+cXUced2cj$TiLIV~df@ASY9JKzy303J8qssneAr~Yuf(Gx
z72Q&+gsHIs)mp^$gf(9L?m@ukTzvfvF9DFMA0MgMAxRV83#|?r({W*g0w#U^GbyD}
zE*%>a<ckR9Ls^dLyYptha(KIrKY^}y>z~CZTwE*Mhwdy%%LWAA=ZonF`$aacJjj{3
z>a-fbI{JSA2J|ra)MN3V*)P3QsiYwtfH~t?icpCzVQfHcu%>U#IipzJ1{BttX>`AR
zl(*vQpcw2MrzCem<ZQz2ZOLZ;V3E*MTty#xO(P+=1{#=`k)YDD(I`-I40fW~2GddW
zf~c>_dksv2lQ$hY3!gJA3k<VFfhzE}9N-QaTKzwn?5((7{0TnUtcqh=SSqQ)r7>a(
zB24YPUE#pO1NzM*)8j{jQ$R5V8hApaY@59YC}k_W`lgVH>u(sz|In^1P}vnU9+`^3
zt@S7o=OtU~QIFL2=#5+pI%JQ$rA$h$JrsZBJ1Pt|swbQ3v)-GQZ~4o<?}d(p2sfl5
zLs;KYZ4Q7O*nM2z81}rxmvbB@WJr?QHdVH!#xTM`5n4;rcNAy7Ke14Y1XaQH%$Us{
z5>N#$CU%Q|P-91Dc4|^D>Wyae?H(t<y>q;&UY98Uwh{C=-Fz}?dXFboKn9IO1gy+P
z%;VNEmIbU-iLPTK_`~Z9&W^UZHZpdl_{rvW3_!Jf9gs$bN;0j;SCA_}>ACzZj5nN%
zkCEY8!qA-mj>_LpFd=6e1KS_41%jVz^957|%lKR+36=(NIQhQ>q>zsxT&=|Yp`IM2
zp4h1c+8q9VBa;=GbJ75j#!P`lJBA!g^=N*ehLjy#gbr*;w9tn-J+U|^zCz59u>RBM
zA+j>u-JRPS8+&*w^TV9*s-4d--&+YC<X@JvsK&6GD&eJ2C5PtG*{RHTM1-RH^|0!F
zN24;9Vb$&}t-k2)%Z@14YOJL#@em<y-=({V3G*Os*Kii94;WX}kYAp``(=wgT3HN6
zD<t7vyOUvp&MR49hXcM4aaVL<s3I$b4SQ$d`1gbX{4_oGd->Z3PinzW5->(8KAKRW
zZ{wcU3~w}~mI2f9=etWY;_n=eWIE4hH%IxGL+7GDxW5NF->N(sevw8@*f->8OOy|e
zf?(ScJ@FG+L@nW8I4TpU!ocn{;HeNx(C^*rnrKis^-pDD(O)l;3}+?lnlyDd7ybWR
z?4~qT5UNsR^bB%`Fau9sw_h%O{cq#BtY71Mv?}8%h;sXi3yMXG2c5{?ZHYg;=sX>N
zj9TwJXVLr1-vX0Zzx1u97h^_#{u%RWJWKYv16a0)Y0xCY!DN)t$DjaR`)R+r`eVai
z*tZCaJ*`0f|7m#x=j@QZu@Gj+OQqji;ON%;K#+3F3Y6uioV#!Htk1!Ob2!&#xu4dZ
z$mHC@gXfJs$*~L=S1~s&jZ3A}WH-S|O4vI$Cjt9{Rw@Cr0#@=!m)At?`&yh0L9n&g
zWY;Q(RO>_<W>Jip^}~8zBS>d%#s+f;`^W#@eeBG69(!&PxeYKqn1;^jMl1%cF{uVJ
z0c9Geg&KGk3`nq*CLEC%(c%10w!r>d#DAjyJ5}sPR4<kwHeuW=&-unzdQ<4BE&i25
z413!zBCa1TjVyipaWrMLyvOVExmvh>YEdYJ40}4OcCIMHRzUrLVn;`o$jQK|wqL#Y
zc3-UR@z;8nH|3Lk=!y4L>*$Z9G~CFrKG&t(NO-w8_g8dJn>KVfGiqh1pgDHZF26*$
zB*6LNnm8w<&2L+O%W+2%ulSd*To!Be4!nXjau`m8(prSpV64_4Jl&pD=Z{Z%>1xaj
zl%>{06W5}1#{nji+j_C$*|T?RApj7g5wby$%X#F1Z}g20)jy?YUq>C9J5z45R4JSV
z@PR-1NucBUf<-VR+zVHV4o8nJN{>!T?}0{tsV}-12R&7R#}oi!*5(|oaLb(A0LoEy
z%c<*h!jK3MSmVqs3I-tYJ;lL&#lgDM(kV`VSRuGtNTygkO?^(4(v+`%ro7!-I>04(
z88fjP@M{$Dw;74~sv-~;pXB}pxIkVeGlon_Uj2$L3dOV<d~hH2N<5(Hi#*49+e|V>
zE;C>L*w`;OzEPIXt2C8speu;!z-p>$x4VG?itM#q0&K;!o??ZQ!5G&XU(pLJb<G$Z
zXQNAfL@|O~6wn=HIY0VA?^fi)m@)@gFutIZS6b{2=uoNXyEdM%;jSHD5#QClOOxmy
zCvU5${Ba091J^HYL1ch6-pbp7e`rX561$WPh7TGionYKG{TQDkozTpe3xb8xzZP80
ziAL<Pk)*if$QPQ<(6e0>DfLkPbgrA5a`+cVM$A)|d1Co1D@jE@`~K*u^3GuW{!7mT
zC*9~!-^*@&zW!&7E%O#rePXOfrj_Tv`i^WLgPhC;LcDHzGC6A{Hf(%U)~SW=<8v95
zEWGfD!KAbVQ$OI~oZbE<4@KbePsJTLRu}%Z#mfz&r7|L6D3fRzC5Wnn_1y}nS6<4X
z0e2lB_Ciq1pYs3<2ZDy5w?#o;aVI^*GIPQ5#D@V4Xr%~GCo^y%0DlshTs^HduAe=H
zC))3Gu?V}+k9LxzJTjf^kmWf{&=_zC%-1o<itaP6BEsXW;^-D<76|3zTsUNRr#dJ>
zM#^SWX)mi&YyYTNuI2<MGHn&U?fLc^XyCD6?Y`BD0^tNIg-lTT5j^uz50c1axm-ZS
zRLEm3*aGM1_&irbM$~u^m_!n_AYn`!htkMEb2MS<;~=22VXhf;L;CV~98U<{9Ojmc
z(nu*5V&h{H{U&no_kPZ?>d?%|Q}H~a>g|AYt;1SGJ#|G2A`$e2uWQc@$vkGN0?bqz
zkuFK#uh7R{GfCdqMg{z`p2f?%y@p8eW3(~lnZ{YHT@{Ga^_~N{uvUxso5Zg@#YGf<
zI3d~D3B%{*@G4Aw6T2LDulO2Nt6p=xz1><s6_)mR&717hn9m*ePGbWb86lxV<uicX
zBi7p{8GHAitvT6IN9_qBb8K@@wqx@G+eDD3oVwsRzMAzEc9T-?Kt7xrz5n+LEceM{
z{ngsrWTUG*hQ}m+ehF+s5)y;YKkZ6p51F0uYYStZ@269{;yp{oiHG;3rNSwei^7sm
z#KWZBVMKvPfJfHo@5b#$8}pcKxGGihJ09^n?il9QUyJkb&i+3yz{S|rgOB!XXIn*E
zMP2Kybw9&Lrj!d48?Wpu->&t^4euVDhMre-J^S7g&`Zmyne6+8eR&(rke5DrDig;n
zjCcwT8!||`kUysuFg+&!5K^%?_$p}x-KCB$aV;bPHKb~1xszsbAA~HWCaQz~G(y(_
zYl2?;lxk8c(vUagaHa(Cs;~O3^pVbs#bRUHiS)gTf@Y(ugvjPsCFXN6?!W59eiPwh
zKMP^F!1iTB{m6hG!a?Kary#E(qx!X1b{=z1CZUo7um<Oue5C6^Cf_e-+8_Q3{Hm10
z@32sz?k1q}w0<AJ7A}uoUNBZ1t=C9P#Z=}UXi10gT?Ey;;Uk;hE2tK>Llaunxb#mp
z^C=ed(=!RYLMv<oQv#({h@m0tnsLHs-4P4Dq&Kw2y~$a{c6ofoKiO=cwlOVi7PV#y
zq4H@P@z_Z#4A!SN8hCkz?>(Z1uO_J>EGK+Ye<pulMR!goD-UvtG{O(3$DSird(q;E
z7L>;%P*40!of;n`csI^BNIKF(%(hXciFW6Ro#cTGevXNLY>0eXjfG0`-<MEPlgyZn
zrpSTualtkH1j((@9$giV`_V<DF)Hd%Ht=$8LUJr>=Nu~ZyBmFs3G&r#Eq4DFB7^jJ
z`lt}v4;6;atWOkEKcSx6h8<lX<Ls~^jZBqKFKtcwB@rldI?<;sb*9C#HDX2QSFNZ0
z5^t8SY+H*uJiPK>m1AmeWDl3|4P;=^U`)MvSBxcAiRT<i<ov8LYNPMgCl#wIHc69e
z3<^d*gh@c7M}b|_v6UGDm;+Z?Bt`kula__h_emsu4q(ct{uIw-2i8&6d|}XVG?b5F
zP}(^*=JihG?y7{KUL01wP8gRa=<qTX&qRSXmEaV5>MSl)WZek|5r75hGKhZ*9hUez
zwz=wNzpw0v0#+zk3R^tKW+NWo3~kp8bq^YecXEgK!cwTtSuMYtgoR7$7ab9tK5UUX
zAD6pERt}FWg}rBpphjI~`hz=9yuKt#voxy>`ZiyOc#K(5q_)E=4mK&MDjv29{%Nlf
zJZdQ~T$DxM4ciPoCoMy{jOS7P;a4rukix*V?~$ZVd}7Tp=ls0MiIXuiRKIPO(G#}r
zWX!=07cN;_EMLkQ=^O3v>@P%b>5g)>*OP~)F?CN8eD$0SY9#H86$_JVg%4whDf2b=
z*`odW7KBy~3)hboeejDt6n|W^<}&MOZZ~J!%qs7p%va%{<5O`OMqn){gDERN_g<d`
z{8t}L;5Lf6Gv*R*t?=8*ebOB%QXT1a4=MHtpYY<CGG1%yk#nf>9JM)WJ~scSppQ1J
zANdz~|26AiYS}@7yh}gx_!p@{Bjy&|-dkxF0gDzdY=4hOz<@J-1~S*qvkYaVy)(LE
zp0En6e2wrC3BhNbj<P5TivC0yK3uIky+2!VLs|Ge#_hi!5wzMg5*gK+zgvx(Vj~=+
zGl^C7*CqyYL!L=UV`+|H+03Ao@?nPvyS;1OUkY>GvI0!x&~&87R9W7X35Ua+8_GMy
zSGw0|;oHa_&I6|sLTU9gY2h@<5$uV5im0^qDn}EPiHsH#nG!=fq=4y@YlVo}!EII0
zN(@t5vEyj3a42r<3^4MFQOBj_D{0rYa}xH%H3~XA<6JwUZP(b#>wHd{|F-Q8E+w>~
z`FZ2+Ds_gwj^G{+FO!CR!i!AQQEZYqH{ScF+NEH)-z}1#HdoxIkwhmY3@k8CLSK|r
zDzu%9!JI!+(4|jbuaWmkxZZ+(uL9W<CqRQB-Ibi%n_zyI`scO#Nk7WZ>-w7Tb68a3
z+fSlG(z_FzX<>}izcqwr1F=KT;CGen_Fo9K*AYomszaDExBdy!3Q9YzddWbQDDmjj
zUCZLM6r_k5tt)WF=PLqey-EwuQ<i3!RZGjeO8!|@bkVsL3%%xN!c(x^aBzspL~q{D
zDoTrGlv~H2=m_wHClM%Yn)38m-dWP*NL!k=v|S;m>LN_BoX%ZW1?Bl%k5lT2`L7Ef
zp%q7Le=WcGgFbT!pJq@*x5S5)#sc6)7&Z!W7axuns(IR!A%1U~aIe2UR!Z`-L1{6t
zs!~WUf<K$B1}lljvzDxQ_04$oCmP}nd0zcv%i?N)GNPJOfHx{Bz|DG0r9CJyNoKCm
zL2P-axUrcb%ei2PhgySYeZMl5#`4vYKfJ#aPE09psRxrN11%q~c0Sr&6g7d8-9I@!
z&T<XDUhg;gAKxfGh^Mk{67pcn<?8!byd;7Xf}}`umgCGh5gXxiaz>oh@c6z9&~GVv
zDcXl=IgmVfK8+1qpdKqU@>~_qu`okR+82@JOt6KS!}Oi)-E<HnchTg>_Hi@k=xWU5
z-uza2W4}&JWd7M4?c#hQjMb6OAT9lA)xZAspTW`@p2=;7vhs>(Xl_%c=z#2NIh|jw
z;^^xgYQ_F#=2?1cosVY{k{P`;H<ib+Fd>3h9)*ZB>)bbD_!QbzvHAHTWIp0{W4`xY
z;>*wZajKYB{VIp@e|5O8aF$!F7R{1ybibOAJeUjyx!%S}Md~^`P3qg%0HFn%mlIW=
zL2X#8RTTPS>~ya|C$#_ySI8gi%oW4u4yT~Ibt`Dd-owf0FwPf!aOjJ3`_fnX!^~2b
zBX@jf{;9jV7l4Ai@m^`Yana;e94IYf#QvFBYZPRlvm#<NaO(C<@@i}HAz}UN!}7^^
z^=4n!y&=)<N*UPxf1$%930qf>`&}FBcgv<jL0x-Yn}`Bk>H)_|$AP4eTYZm*-QEw-
z%jT1u$J?%<vaWNiy~8rsNo%a$@BY6(f*WCKsu6e0rcR|bOo`e(0}osa@xgu*G$%o>
z7JKRSI^^b3RYIy<rP4&DQrG)IWuvb5^*2j)>4wt=|JZUkTYzXCj%#VbLEryi-^TL0
z=quCbS+r7+LuUQLPGadb(t2*gPI7~tTCsL-f*bO(1hA-9+(&NWD(KPPkq%VQMY&c)
z+6AB-r)f$drbxr5NZ)xx2eT;Hn{k)pe4u6B9c9YNP}=tEi-rdY2a;k%rm7qcjU_O{
zNa}HtEmlh#;24ws^v?<!z56wJ=Yoz}-`RPP%aSr_1c#xV<}M}+2``_u{girbnX=r7
z<~I)Q#AUSOtJIVp!IX@@U6r0(+c+=xFij4nx(}e>u3HdfSdz_h5a;NgTX0nJqquUO
zc9nUy(XrajFeQlWy=iQsP+xc)=`Zb|*}}{WY5VIQGdLPdCuFcxa0)MT6MO3D&;gk^
z-&XWe&RD;_iD<y^D;FerMcGIwR%Y%|<k$*F-6yZHM5Eezc_~v=sZexnH8NB_<u7qW
zfb&3df3i>%9j^J+g||`~<V}v0pmxYoPR~f^uvywMYfegp3Z5Ysh0)anpV-SV5lyy(
zlR?mi>vGh6`rT0sw)*EdWBu#D;DfC!i9#&q-{*V(h6+YkY?X5S7wx3x$_!3;4!a7N
zC4AI(yZ`(`K)9vn;^L3f6V!7Tf7vbs<IrOw2HiiRE2vO|0mp!%mcUcPt|!P&S`yoN
z>>Wtbb$ZYh&hq$MobqH_;OG4hhEtNR2M1W3=_B92z+F|q1^tCyJ?tHC^mN@>-qq}h
zz_unkDS}{0;@z{S6k2qrE{{DyVkddxH!0%%UDwTB@v3(h_qojly{`$4k;-_&UPuV0
zO&lYc^SM(x{VVQIkdLDHoI{S59_Bh(gl#;1A&X?%^&a=?akwut6A#e({l!>U0e{W^
z{X?Ja=&Z6s|3DB&WYlQk+7~sYtlHRdJ1wnib&{IhlN!B96KczwWDhwB-Zy(uNijy(
ze)eoUq_C4@M=kX=Czk(0sGw@fJH3B3BPqcNY?~!vjIlkUE46T1Yf609^;~igIXZh4
z!Ug%ozft&RNV}(?o?A1BGhfRbyl5oK)IvtV)E|oE4xUf9@bRUJUZy61{#TWTzrk=H
z#G{{~eciB>(MK{WLLDZL&*dNo1t}67o;~xWls}V@%50?7^3w0?cRm+VhTr(g)gPK#
zHfalf)0tTQDd*2lm|T0A0JpBDSNl%EVq6J<r_uIX%J|FiyX9GMdU5%RijQxAA8cX}
zxfz#6H0MP7M{{@N%^}^z^tut%Uah({P6rObAmy-E%{yw1pQIyOb|yp`gynf_DxS|+
z%0HJit{hK#bvrlBX}xGqXEYZ#?5-1vn_$D?>iquI=3g`&vMjA>9-ej-ZG5rf&zrhL
zL3zl{!KnI=mF?CcfZOYfFaK#=3maam2x?0S>eHswjSc_lXQ?}~xNskIt8kO{?R}9#
zT|RN|2<ktJjX1)>Q|nr1MeTVC_U7?Pf*Navlq##Lv3!2rn@^WblU9f*JKUNM0n3f_
z8Ky1!TAG?7+5S!_4OfBL+7UlFQlVa$6u7wVKPwvKq=?_8zCy!1gSyYs`wGlU{ru{g
zyN>#Fa!$RY^8di(Pw;;EoxRJsGnElBNtpyJRgp(iX0-E?sI>EBPn*i|dd{@xU%&3@
z@cN@MkP{GLV<`pQ2?(7rU$?}&=c`|bKi=IwKGz)z`gq)R>*>F>l!1W+t-jlKhb45~
z<~#*=0dSmE#hV&YedE8zvYbYQxbo|YQbNkK&5^c)>##7)G&YA?e#A^EbA$`55a~63
z_8X2|_LM;q54iC4ht>{3&k>(JTkQzlKO%#F2D^Ly^xWxKy?C`lUUOOFz6rO5*=#%%
zT|h>lgNV>~R6<bgaOh}%Ljl4Wg|o&2vGwE{+qVD`7bpp|b4%A|<n1OPOYk6V!e@8b
zK_{}|sx(HMLuRrDTiLY9V3lYOItUdsb~rr^@2DFwC5J826ohA8>mofJQ1S(d-(k@H
zc;-cG972;kR40TSKxt^)C1CR9A*f`~b?5#~k>0%%y>^I*&W8Wvk?opX5n^k<$gQ=n
zIoYd{@bidjuV7@Dkc%WuR9L7}!O_HqvY8C_7xJ=I3vO3ZVe^fa)ps_7@Qnh7uU!ts
z5MSaBRQxljr5)X4q@H0eNGMhWl>sOVAj#6-7P(v0^RYgk@i!Cvwfpk-(KYopV1#d&
z=tYN&>9lRaa;d|d7N6hXH>xl*{TZFLW-ea<8e02VpHN{f@eo89xg=udboS<lRp?$B
zP38<Oz<Oxa>@rWMhV9wx8M0*sEu<CC#5CF*07XG<$XbE4p!6S8)0~)%@iZbEG$z*U
z=^BVTme4PxvS=)k`ll^DpHZ~okn9tXWwoQ$!gDf+>MDck<3bakL0IJDPKTf<h-sQ@
zWXlF6{i{UYJiv;ugM4@32+tp0np3K_6g;v$eT`cbO4f6kAnfFAAJ;F&GR~gze)q7(
zrk5?Bl#HeGh0~RA9ufKWycV@hfF~+SwtSStcaMe)yj=~n`SrPIthLwtDq*hZG2&Rg
zk5}N<(1nd6qYtT5Jf?R+UnN@L@Ox9Yd~E*S!YC*nTzvMwQdD+cj%Qq=Kq=7u2_KKd
z?_FRwjYF=Frv8!ti&-Tq|Er@_$){#p5V29L)?U&`xKyG|J5&-r<6*(th#xYP_A_<n
zSHcejoHtPuUI%XOb)GD2Y0Ddp{^F{XIZj4?@f8ED`a5Uq?}3GM+XO5E<`Bf9&?qeW
zfK|3o7Er0;f#!C@KiIttvnVE<^jyVeQ{M+9wuE8#f}`YFyR|y$N)ctjMoSqIXJ53E
z(s<KlD{TjIMS0J@r(aNHpw#Cra4d(IaD*dX|DbmOPSB)6K8T?rqXNRmAp%}KUOFz_
zs^EEsold6<3kSD;rJZ(dXv<{fUy(_D2_d~+Uq>NspZEDz`e3b`vUIL^ansnjYhAIN
z+g^B$o-U%slYGi(m4h6AjZy#7AtX4u$U~qkA4yjH?`;=rupu=;U{j>BECMJt%x%wp
z-qeHe1W-VfkGLw`vZa=wFE{Bf$hvnf=A2ej#`-L{fQ>Sj6=0rT2Ss%NDEIG#?nbSM
z0MZD5Loo4<9H5R#Wa2L!-|bWVs#B%7N#LXyAMJ(0nO-L?PT$};J176bj-ltqwwTWE
z(SA#07>}0q$y3Py3>Wz&EHkp_agD70^)R(^Q*=7IVaf;vsxRr(6|mwJ84gE8kvBNk
zO0;No_j5AypG<5VlEcWax4>*dFpkx0o6%c|*H`B9d1U`J=YQd&C}!G?t19-gxy<(>
z0vy=6X$gT3p|E@L8xGj%Ny_Z}B`Wlm{GL+mUpY&Q@WTs`7PZ;4u{!;(jtV6NGdReZ
zAZ1$S04i*Z-hoGEDohS?l8)JTz>dbc{8Pk5YACg$l%F<*Y2}dtQy1v9hW-!Fj&2wF
z_~!ABGBpal*CK<hNy6uiiB`|jXdnTzm#R#X#j3YOPXS{vPRb0i^{8z<cybN;gpZaF
zXiaRnMB_6^bs{$)dqn9g+38DJ$X1t82QjX^&veYnF$vdq*}j8*CF3-%IoxPi0)v2a
zo3}W<3NYz)&}7LA_K>R{I}>_wCf@!Xv(U==I9EV}ofUss@!rI|Fn9P<{Yy`*N!&&&
zH$nTHKQDw}UM1#ph;Fl2yq%zCgv-b0bd{1LK&upwFddWXE{<070W*%JS+k~noR|#a
zgpX6|u=XQA@gcao4xqG**n+O}CrEiyH(Q4S5T@D(c_%Z~_K#)seXbeexGDr(6-pLw
z(!W&QcEky$j}>1w(&dJNAJkYo%2dMFNm@0Yg0!ivSl1fw%$4+G&<q2`yR?$QR-G{;
z?2lBxWu2HFW|kVCi;{&w!86so?jo+|G2+itID*6Y_i^Wyz9a;)lcc5`I-T$yf1qt@
zez^XymieYS)k;X1=|F2oY*UacKU%h?y(XOLK@^N0O|F&0?;47OzI_NAeI-?>W?vRi
z;#$A$YPsa8SA&P&%g4HCgrWM-r+U(#q6!_F?0}R7-MFRM6vu*Ht-%p=bCCcQe>ig4
zENJcO*t=MjfFT|SkRAK2-<||VJaVjD?IWIwJnp&tuOj5A4opA4)NI+IMutYCRmmcu
zYMX~}!v~8#%b(FD=oO2N_6KyLx!Gd$n(qtYQu}HuQ7)!$2lb7p=I9^x(24Y#z-az3
zb!@wX;(o;Z8ChybTA_WHS5YWt0#^Q_ES*G4))bhaLoxm>SZ?L{;uOwR@s|x>OPmf3
zf>jHGqo2b9bBFmBf4Mn7GxR#?b=I4TsxZ(GmI?)(*dz8ng#O-{;F)s8vTM56kU1_O
z<*q!jobm_+<>R~gn+RqX1gP7G0GIY><zHW0yM~#+G@Q078HJ2H3Z3#8OhShWc#<PV
za{5?ertFP307<E6qfub6GY$>=j#NIC1I7a<_O_9{e?rM2Erz`o3I!Dk%L3_^3pFVo
z6IJh?gDl}v)sH2gQ8AP;ml4LIV8z4qRV`#JZJ=vHrn^`U-o@HD$IC4i0bnD?>|m-l
zzuqj<_<|^G`7XbNtAtnUJi3wRi9^NemAJpxtYewjT6fZ5{vF||j#BKeU`zZcpi~s8
zytXAi>KW8he73?@A$nu-86Wq+fNZ=&{LlvmK_0B%apbw@v&u<Q#3TB<cUV~FfXAa5
z<7Ddg1Whw8GkR^Y`{P_B+3`Ug)gaNL##q!Abf<<AW+Azx9LBlR;D34ifcE&%{6O~5
zd7gu~w#){3EWcg$*>0n#K3hM&u7>p`+&%9+-OLa?ei3HK4h}T7&?{7^W0lW0ECNPJ
zsUqf(9VBz{C+5P@m$QAhdm|eE^|_1(ihT@LXW$mSbNgy=erMt9>Y%3@X@KKUnPzoW
zB$C9%dt-2!j5C{+p{h;ulf+~@b|{MuTD1^o-3}9~ISv`C7JSqSyCSr&DAcw=eeB)m
z2vl=p()w0G{9aPE7__Pqa+_ud+8Mk<qJS1cGiC((1hVhBYi?rlKW^8lqUT_z{Bjcf
z)cAM@f}-HSV+w!Yw~9*(!5z_h<#^hQG9$Xr$vYP&l>XX3Q8bg$VlYtxoF8(nTGD$A
z>g_111RUu!&aY459z6Ns3faTV>X4FNqthGrqPk;`5l8vY-njb&3d6ayBWZF*sMR3_
z^J`a<wA)j4eZ8=KVn}lnk)UQmWdADJaE9B=6{(Whp^YVsO{7v7lf=_L;S@5Q>X13v
zU)t3MJU$L-KX%pXBAe&8^lFPo`5JhT=%Zo3@m}aQJk#WyuiHwMC?uWqzcyN<u^apT
z6SuQnLhp<6C&Mv`Pv*7uVmBt1oup)bhAZt38eebP)d)74r4Sj&SrU9z^0ZR6oQHi{
zAFOfIzg0U13veyZS?dBp!QCz$%Q+u!H(sIZ3zk?3RuyZlPtnbK8Xwo$wZ!M_fHz2!
zuP?!5KqiK>v4yMC&Z~~&XOpo36i+2JgUQ2Le(F@)bywF3mH(y#uQl(E1rqe0+ou^z
zrR01F#XLCVhh{Ly5!6VXtk3d!KXN4@Zdq`I&yy1A)qZm6iCpeovi}bd&bzFLs*%8+
zYLrh^uHMIH7w3&gP%z5mh9DNa*UV=;_<b#*B{imxhQ_1bC#0i4s{23pH=?ofr(`gt
z5OpE0l}w+@v7FHwf&Sgv6mdVo>amDi|FfLdjzi}E<LWKIqU@r!Q6-1&&Oy2xBxUGU
zLO{AjIz>`sDCuqxknZjpQjr)G5eXRq0Rb5V1S!wv{l5QP=Remqj_~jdkM3CO-uJrK
zTJNh7nZ2cl`_z2!s~0mYeO=>K5?*W3YTui_eid~*xj9Lpn7Z&S7L+OG+%^KvMhIVi
z3r~GO`0O&%)!;~DI(#BV6;G_1+{1kg@YIxt9-~LU)EI$>uR}4m-MSf&Bf)fwIl}1T
z8C*rU<=A^ne!L%|5L*8lLfNTuizNG`S?bkJJhI9?wjVPxNP?O(e=W<oA^~x-m|X@~
zYx@UTL%|H*{26<sLb)0}&PAM2uE&oE-%-$JaG?Y4UzmK?QD$M~skeR-TdMuxd*P{c
z&lo?Vn(f4~#GUZR(L9ExbNw6tNS=%iRGpoNV)p3^SQW?eqc_lH)Z5ubG21iowwiAf
z^3Kc>cb}b|%>*e{r|=33n66(jzl4=|sf(4PRY^xKFF^rrIyib^+j=;@u|M93H_<cn
zaN_*)Sy)1N$WIy~*RwFF1>bG3I-}KREedTb+VvP(H`fa_imo-tX@o=wk=Vk%kHAOc
zy;E`T?dcIVn9hkcPSndhgGli?p49VD1^qY$#I=pXY8<$Of?SA`T>-uImV}Cq-zXaV
zmNPZnLvqANE(nT=M`sULD*cILlf3D2N9|U`Wef3Io7kmcqj3&xVf5ne=GAb#b{nt2
zw)<1|$LZw)Wek5vHWLM&KC2N6WR~9d^iV4vsuGRh5g<rU9*fQ_qR}r!vZ3Vc=jc;j
ztLvS1wm)TqeIcJwW|=fT8YK|MYWdPsPO3!>P8h8I&SV;tK=TaYh@Zo4N$C~aZ1-YT
z=z!$%nKwvSz`y2?mGZ=C)L{8?CqF2KXg}qGJs(Sh7Yn2vcE<$<sNe&*3a}=BUYc->
zhOTR-6t2B6uA(_y-rxbZCR^fSJr7`?u*frKH$luCFyp3zm3@Dj--hbc#1fgmKDN&W
z%n!Xha!*vj5IuFa-zw8W^nD_B&dL33^*r}89x8o4ahbSUes%JO!5^ni(9<i71W1#+
z%9dc~a==Jl_*CDXVcl}T9u)g;?m`A$E{EEmBNu2M@@Jvz53gy5z1~6(00;ncKlXwe
zq5cl+BtRod5ZH#%74gSvz5o;=paYo`Ji3It+(7eL(_YenLwk~uZIXg>vtq@UmkNKp
z4!~t<#FW$RP0&9!u>G;O01NP&9!w;W5;M^;$@OdFvv5W}e=D3w>_OfB{&r*fA>%7H
z<9Mu2t$IklW?J#kIV=^vntm&0<KdKhj4LD<hb3h7ekY(lqN5kb^04RM&{3e(qh5+H
zZ5&M=Pz=*&ihZ1H6t&kD!F1K1Wlg*W^}EL(I{(0!9^kf(;xg1F>CZoHky~x6d?PUU
z_;2HQ_SkEVI7hK+?7mC+dPRa%`%2>WmcFohp?HZsD`>Biu2SpaC5U(JZOsbgJ|7so
z6zkoyXf!i?82o&o*2}rcNFls#*<fLDOI#)g=E8@wwP|H|2u!cnv`=$mZYvHbBcxXR
za#;Hp3*lwQ>LYT$*`SkYzFwO~)ER@4DtvY~*>m<MbYe8+72|XIv!#okZq8SFq0OAH
zZ-aX-QIrb$cIRCR51}Di&;pH$TbKsTpF$n}+uGh?`GI+7;QG3f3?fS80wf|J6N*o;
zmNaQJ%^1pWB)UGOy#7u(Ck1;b9akfxX)+P%kBeg>umgg9%5SQ=-2o$k`xBd`<Ccyf
zd7Gu+u}jJg_TtET4R+Zcu}<ttPRhAPzT;i=Ci{D{Du)_apca(^_+R4N{=%hwmO1>_
zFH~%hB)^}@*=&;0@3K?&vfN9OZUlXY1zMa9W~#x<)V-jyB=y`vklmhe`#?HD>n(|O
zKByH$;N-W`8Ao86<rZHqDb3YJaUAWS?5bbn3{$XPouFL2Oa`JUz1QeEnug1dZoIh$
zhzSR+Y6-0#<nqAUH$}coXUbVT$9u3x^A)Syg(?+d&L5=jtxpec2YCO_La#J7=qeoZ
z5^x7NhLEQWNS~(yzrU+Q9~>$sg3c-7p?`6Tt|p4b>sJ4h)ig*q!p^1Xz){(<Dq-zj
zl$U5GCWUTBl-JWn(kxt!w)#)Wc)(h@1`yWe%*i$?S3Wc|VJIHBkQ+EJpQuemfRQx*
zyLXI>9utyJs%%uSUX+oI(mI*h6K=9YOy)6B+&U%2xMx|1G>8)3kI#Mpzl5(&fRg@k
z;>`<Z(2*CFrgUt6*5KKT*E~t2{eQFo?GD!%L}uaK?+u#0^-P7+WC{y=fBMx>J>wT@
z@V%KEqf%HLqd&*H43((NbC=*X!4Or)XqBN}ouYB=Ev8masYqW74g2|pZJVp%j9?Lt
zd5VV$x%eJW0nVFi;unlzNUk2pd;eFJ?Gv6cRKD(e43APyc?uKznHMfDolDXpYR+N_
zjp|wR6UrK$8C^Q$Tla5Sw~typD|&WaMUsZl5F9As9ko`XF+03FtcFiX<Hi{l+-@bi
z_|66D(2z9327O4jq1s^*Y1Us6o+De><}kX433E!#Z`K9LQ>72VRKfUm)*K@u!ZUix
zAmt4L4>~&d-rpve8~8-KTKw=cc8WgQ*(}AP{Mq1K913WM8+kHBFZhi#h)YLwf?$Ay
zpO-3xg)^#}RDlVYkEaDuD=#h%BtYy{9RaH<U%u)SF;P$pV&A0I9J>b~FO-_t2aFtc
zTeO!eME%`R!>~5ngRIXB1)bG}Deu}$=O&~T6}@y@*$QSTYzIk-WL$d}(+p1PG%R;9
zd8#;O{62;Q+gm_VG364ko|$-`=9xUrC0*I)ldsR7yDvwW=yl75!`^QN#g3cb+u{>7
zN3H+*ny)!34BCe1)o)xW09V?ETThL!h(~>F%fv^C;oIhqB<ePYkSs4R|G%4fCLiR~
z;e6}%-PV8>yrT}lvn7GQ7e4nf2+p4T#L78ll@Konm_p$`)X>mtvQ=Lhzt5?nL1zZl
zBo<(JtZSd|QgYA9SB`)mjxZ!WljRz-LT@R}<6`gPk|Au<M4wO$`+?M-Fgm%icw03F
z*+-DWEQAqGaT4&Q?W*l>xDVo+7&BStQtV-zS@y1$AO0%S(0md2kE!m{<041?(WGPI
ztvodE<RpFFvXh;bu|-{$d)(1Z0C*QLY^h(y8nXk*jUee4!>4M0`DTQNYeBafen6pL
zJRok3rlg*B$x(hGT+OyUK^O&dVd3RTQFhi@W$;Xm-F*GmN8G>jeAE5Wtgm@lV@bUh
z%_=cWy4Z<~2wPZgvN70z8gxbL^5TdxhsH7>LG}zois(fgS25yw7@Dvs@HbD$Ua+DX
zZ=s7u?|;Ho3#BM8+7N6qM2IS>oY@_@IFb!>tAw}}+9#bQ;bRF6FPLO1e<qWz_0#H7
z)9Pl4)tC8d#eu6ACLh2pwmO^R=UFu1Q*vfD`qr_8PQv9*HL&xhopm|^6#K21b*V}f
zr<hY-eCvCQIX+jZEg=#5&EqN|%Np_I4LhO>tkAU%Ejsrjt|m9VSB=o^s&1dn*UP`w
z``iy+PN1+D@D5)bh%VY!!g8=F(2LiFPQTJ6wDEzyqV_Z4?SZ0*Gfu>qTuzr<r^e{I
z0FfS{kP-#WiCim=`p`}x-{+{Wv^|R;om66(gdNVp!29MKvT@4ys->UBC%H=eEcf@;
ztJ2)Ka<4bt$&%AG{oCt0$^G3<B!2{bdhLho?Tl%QK0vyKc+db2E*5KVkQ!jOc)Uee
z7g<`D*#S_)X25ddMsGb&gf9Eh#<msWY96O9fM(!0(m7>ni(%g5zb$W4zy-C4Csfdb
zIQvFf!lb*^A;+6a=*_!mc9jOb*bqmkn-GDmyo??lbY-$!`OSmHz5#yt0WC$h2=q4@
zl>aDAVKVX(G&bRdR|aUJR*}Q)_^A7#SD!@BMM12}0c|#~Y$zz08PUrlkV>k3>`F_&
zu2ehEmLBVUgI>UA8@_Xk^Sn7fJ-(dz&gCCj{--eZB;>+xey<ee+f6FZW_;<GfoO{s
z9(L?pJpJqBe4QfwG4`$YE${1Zjsu_-fZ9L<V$$|f)sVcxhFGWORu2NAmh{%(YXH3P
z?bPYPv?OWV1xxsC13yT={_&7GC_L+UBMF?Jv#fYh(|*nE&P0IqpG0gW&VdxVw><f?
zapNngj2WSnL7kd;7Yng#=eGm31U$Cv*NY3kQocR^G2mGrU-Ecvo)eV8!fn9z>V-w2
zd7`{>;=bQ5>OX%Zt%7SQ4*iJl+`0L4*noK2A@TNq-B#CA*!fJM>?xkD@qL&nGnW1j
zFv6b35R%3v<e;0{;wxq*M5`)9%5ImG7uo(s{a*{+h-+_@u!|J9vvP<SR)ue`#Z--t
zs<wm$4iYMuDxZ6S1?_eHi7nFQ_0#v>3AK}~A9|t~g`mYW1g(64xmIpO-phAm>Hb34
zRugZ`_u;dX1YF<-%g$SLk|trluOZ9&S44-#97+F^@O@{8Y&SN2SyhO)svuRPY~r<A
zB7j$_`>e3@i)Vz&ud%@C1jwrZxZ=xVcW4j?<{>?g{WjwEIR~K+CoDi>0HYD&cDLdo
z^Q^vDju97<!|CX!9VMGOjtp3H83YqIE$pX0bezq^8TVf3`m6meGScr#d)-qTZS;u?
zS#t{|`xnCpm$8R8837R_BE$Z`^Ne;}twLC~AD(DTX5>Rv$0>Hj{JdR7s{l`l$Ivds
z4?lEuW6pIZz_T%<nw4Ve{va1fZ#ckS{N2t}@*kQQ{5Mkky?pW8$ox<0TljVKo<Zv9
z7MG>Jll(t3BP|5$D%x3p64hj}jblwG!wTmbV@~jVA<X&v_GA-5MbPuZziSBxc3zS4
zHh~!&U%^$8TjJ}B?*qtjCKU1<%o`}MDd{M_Nb<+xq3iVelvR3~kDM=#DC8sGQt%3v
zoCgrg+WVP8($`*E)C|yFY-87JO}${Ck87WXqaRfXHj^faLE)|mHuqi7XKY9TDCTA_
z7qNw8+L6X;I77)(-?FZ(Y0dK`4E|d^TjDyH6tK1dB~GPHKBK`rZo~Xfh9N>qPvPu1
z7Xreh`>AqlyX0hJ(Uf4OlAhlEC&wHup9bs}tosci&*Wc=jfO);T94m<>mJoTF_>s^
z(Ff8Dh2N*%{uuJ}SULk(zjOO3Mc-jI8k@GiZSq((o9#JW_au2wL2JNH=9nJSP@AIp
z`2Nr5zjIZl=2eCA-opX~;LsaRV3(Tcrx)zm@)Mxs_(P7JU=b>}aE#0&=+DzzY4`J0
z!e_BSoV&SQP;F>KZEkOP?hXmhpOY=alV?nli=zeKC;)Kz6X|+)*#iJ+94KRAGpV-m
zotI}GMBjfNH`*z)dz${QukdCDJb~!BG_+uvss<*V$__KF@Q-LDRC)t>B}DMxp&p$)
z&mTLtsYsxzieB8`F&8ZfR*IRCBt;a$IC^OOzy;gD>7-lDRfk*-Wje$*LhiwZ0W|`H
zBaWQ9hJ*}p>3~imRj|S-?nn||#Kf$xcuW^UH{bARX2#oJHdK(t2_8?&lKaYW@y@hr
zL`A}n=&3wW8M=7Zb??PfCX=1-#S_mf8@Gd4ymb@shOM_n=5=`b9JF9Rb?&8bv!!sC
zT91F<isH^OBGb~x0oDq`9e);|wr_xP1gP)aWJE!*OE|{IYXU#;@z4;1&`V9K5|T~y
zl^+%mUE=FUAKL@$Enf7|DMVUmi`?&qAEB8hGl-GSJ3LFh9=l0q6Cdl?an{G8nVmB8
zO^J7q2%K7FAFHq#KB!I^38)77hHM?3+FicR49`2_x58;sr)WqMwo_)Phu&(%R%pjM
zP9B254Ho&BygTSQFo*lwrj=u5Nziz))sok)*L0}Rfb4n4yWluCvJ#cMNF%aTBeL8O
zGVtxd)4iE#0vu{(-)AeoP`2L25#kK>dpQ8s;r<F9%Qr|!))_wVD)=c=mr*UOAcGx`
zggYdlt_E%q7mbDXmjIA<BnCk_3H=Y^@2Z1Ik2a<3zK5C8)!^F>e2T$Kt>lHrJaz{&
zSPG_;ID))f_WAu~;w1!=AA}e7CAP%a+!&%CE4Qv4Dhocv7HSwZY!VI1xanWpfc|f4
z^`g?n9_~Ft@Bfx->%h_86X_GE(am$hHeRA_65GU4-}l3%0UYbz#qq;@F$?1_7@p{Y
z<I?A7tX-AR$ilyV$7K(?ovI2H49%UzmsB~(9M}D2QguHU<(AN;`fFFP%Qa)XddCL#
zAuyZ3_2?fX&|I%U(8|VugAnW?W6r7h>{vYY`xswnKWqT$!SA3NIGH1cXX6AZ&@wsd
zdxz~m;?5ZNrH6(TaVqA%x_?ebJ$t=xe084d+I5kh?X|J0u%n|lD#r2l_wpRQTi}l+
znxl={MfAyn>+RRJqRS<p^U$Bf7SSuS;Zde+kp~8MpLb{n9w(m7Ez7>@eSY|Aws^R8
zcHrgN+5t|!z%UaZYo4HOfmAY!;xR_psS}q$w>uDwfhY8#=ZUV+>a+G?W^k_-xJC^m
zeKn@|df)MClWP%uTs-&+Nyf~kgZ2DyCBn)R;j8$9jKNOAE|=Wm1`>90<=S<lCuFzF
zc5-7e)v-1DiX4-|b;p#*PG_lWuWHI^;!6|h6oIS1;|yNl%B|DlFtPRapu!AI&!Ogj
zz+tjbunGuoi;ynr<^vE@{h!o|yI(CK#cDXk?C>R(fMQbONFfp+K6(2k#yj=7Iz)&8
zX-tiX2(;J2E^xvdZQUW|1|C)U+wUY&W||iwJbw-#wl7jnH0dw~`Qg~S6}*v^?MP)u
zVd&#@!Uhw3UwQ61w;zd`K-s8MLy;mw{;+rQPP|aam2OSqXX1)alTEJ(SE>spSPXsQ
zFz~C>j&YmR3_Sa10w%V73JIWYV&>AG%C&fbavCZll{aDBL1CqpKT8ab(E*sxn620e
z>E-QEHkRLP?f4&mNR(BRbmIZCRS;tr#yJLhyq(OZKxg?R0B&;m5`nB%)sP-&cZbI}
zYm1MY-$plyX|cgiBjh?5=`8Z&A5`f=bNKDLqj)rdrg2X?ku(5DGZ+52f>%KRpdvk%
zNRkjV#d$ieLcGwwt><3fu9MdzS+3YU0*Im3eUa@%JPj5v?j(o&s6BsgG8o?&a@srh
zR5!<ZWhj%6Wc__6?%b-pMdIh{t8JDE#j9)MmHuFwS%piC+fSXXp1A}ndjoyI=)7vk
z4YF|q+>hQ83dh~Ok_5_9BOKhde>ce+H<v8K&j&B>ft8e@#i3!$Y0>@r4s+OfeBcRk
zaQO1uKT?H%e<xC>wwn5Mz6#4I#A~p{c!qBmdw&Zpj<#@zu^Yb{U;gTM(~9H6GAHD|
z?=PMns{}Q+3w#M#bNhWxC<7W<jzoq87RaWnw!WiX36ND`AO}%b=;pL<SU8~4zT!4S
z@h=vz!{f_kjUc}5|7CD=eQ&`-`TZb;*0K7-v0vNVcWfisU?WjeRe_u}KA8gmtny)0
z2?rC`BLpxlB5iL0kr35@Eq`Gm0E&QE+@9!o{-kCgU)yvGmB_<#R3O<=O`JjSTP-Ma
zG+%qC#p$<<=raD#^)$Y{5A&4kF`v^sf_$V$th`CHY@kN~kk*WIKx49Fw-Bx9{tOwP
zG<zVkaAtQjzKUrCZ+e)G05Yaqcx90Z=X?B8%4#SrH#QZl2OygDtRJ7_aIys*V)?x*
z0O^<`QQ;LT5$&i=FBVPNcEf0a#Mqu-24^+mM484;*WG*&3M>XBl!ikm>bE+2Y+@iP
zIb_o|@Y=R6JIYJ{8#{ToJG;*^cg8Q9FmKGWm19=sYlPI%dL&R`P%0Qf!Y>T1$72+)
zoJl{_v1SP>Rk#1Qh;H^#6X<d<-_=)4DjzxeUR+Zv{7#KI`nYX1s;=-`m~oBt_n14k
zxYO-~uMKz;0Q+;kC1gDT*4Bes38N_VP!p+8pC9Jg+9hf9L<QMY%097yNl*E5tBi=w
zr-D5fe#TM6%Fk4nx4AD_IQvsS2}v?pGdl;SBtPYTDb5h3REryKN9`*%wf%i9A9zCC
zhH|%Fe3acTF%`l>@PB;=A?OJ#z(|Qm9f=aQ{=o$^1?GM-n&R5^v7gY6cd%OG8E5%U
zKB!qd#cKY=Bj{gil>50o-N|$ndhIP`r}L*BtGTl9>DQ@5Tx1A4HuzuBe<h%uxl;ff
zEl8X`td55oaX>p#AzCkPMLsx=T<UjNqTl;Bci@&wpv4{5J&;~kNB(3{O|$+oyYmfL
z{Z?<klg%u9lQYLqbQ>M)dd-UA)DQ5q*DwtqlWF=hB76>PBBC#^KY4WR{}Efj^fVIh
zmQTY?|62WsPLB$eu-WXvv0G&FLGueDSdl_w{}ZkxjxQwpn|;kc0i~_-QxG$V*HVQD
z<(qOB;9=2HfBgEfa4N(7+^tm|qIgO$D$33g_Alj*NrT+Wqd1p3Pjcv0z2`sD#(^*j
z&;Hd&6<+g1(t!oBh_mqZjli3~*(6km;=jj(h_dh_qN|UJipeSg41+<()XdlMp6l_+
zp#;_!zn^<;&oE`Y#+JL-`L>?_?fk9|C&91&Gw2Di4y$z^W?~Wq<+>P#9l!LNYXH<)
zwf?tfdmeI^Um#WT>LW>bbnsy)kYC+M00RLWPL&*;+mbmSoJL0l^4v}0Z_g9Gd;Q{r
z_|+QG-MbuwCwev^4)}c93=)n+Pb|L<wb|T_yq4piZbWQ&J>W644NM`4d_4QN9}}cg
z;53Z6_1;Fe0X04Xy3ON9A*c@c;d`mWAQ+`1ne12bQaXR>9{g`GklLq{D~<!$AG<=k
z<n<<e;njdDMUYcl*SmDoMHQ_laRaJ-&9QH#{bjbtEULWWzD2KmqHCwK*THAPuqBa1
z8kveC*fwR@5_FV+$uRibF@{vgPY)H9<Z{(wPrnF?BOI<3jcZ%_2JZf0wEFdA$hChe
z(ASG-QGE<NqQqG(9y|}&7VvNzl}*6Vf9GnCoPy<8128I~{7@ukUPYuliID<oF$m};
z;G$UPG_bZJj$96or1G1k=`4_46kl36SUZ~My3F!|QhlEBiXHdrX)FbiMWIz|9rt{T
zlQWRal@u-=H&1%Di8$9|K00~+^!$Q>$KO8u;;j{^Ttyf8*{kBvdX)0E$-{LuXrrA~
z5cz{h<xjWrY4JqfBbMtrMo#$1JMxO{MenWmm^(k|z;RSR<hKxdSAF2sZ0L<ADWQ5T
z%(PB?qd4ruH)Kb-7_L(>T9$k>%?!Ol|2qay;=6yy)kZQKtuBhd`ie8`W=aZeVtr|4
z2Kg4H=Q<>RCKvns+b&F;d~93cauF0wABeFyB0j<Km5?~SbxFXP+)b8B?0x>rrkNjp
z2o~8&@S*bg1j`NK5n;7)omZz7L@4jcJ@~Opnp%*Z8@=mPzSk3X|8HWreazerT1~0_
z91n6{vRu8p&o5Nx8+LdbYKe4JnrbIq6N;=R{ow_AbKizh9LW&5ZZ{91{6Ldm#0Dvn
zdq{-<nrbz65JZs?>2exbZ^4#7#_@wJ1O~%ib*f7psr}=%Iy4`y4b={;e}1>|<ikd0
zk!s&c>&xuk?IWK>MyuVTktxeo#~<%g!qd-wOgaZsqqSz)tafuJT>A+E+dc6b&+69`
zZ;bood*V8|*mp>4kYb)g;5m`5lD7|KJF?N)ugAA7lDh-Oi{KA|?Ws3RIsoJp>ET#&
zLRa|e-QSFA?O_<^sR&?-0B<9vr1(EH3tXr4TGh1x&oU6oXb(g8t_obr*Z#Y*V5uT(
zxLpcMHZmV&swhGJLcNnw?odid<K#hB%H@YUhW}pFt!kmbwA<&BTZLY8-a39)hWQ%O
zU%&G2<O@VhXQc>LCJgv&-Hpv~GA#^S3IBKR{D;&Haq;EKB4FNfYgHh8?bLn$u36Nb
z7a<BKCHgS-kEq7MKk^}eg$5%JWS<}X*7ii*LI)JdKOTh(q&^Ch<s3@^9icz;1O1?~
z^A?7n)14bp?Tc&UxC&^z*p9d0%u-1t)PEsZG!R5|>pq-lB*`>0ZSb~O11u~+bDdV&
zo&2ZoH{VH9ASP2@9tY!sy)SPO|Mf8eN+)0<6Z8q=B>0~o%vWQ`B44B{1tLlwW@-ht
zn<MCy_~H&AAJfx@l1SHlY`qp<4^y$hdx16JF#2v;MCqCAhN=fu2=8~jmcsdr9v|Xe
zqct7g3!Mt=_rx2lNnO0mLI-^l1s8c5BkPWDZ<TL}dj7&-g`5{DQN{ra9D6lv%%|3A
z(F+%Lk=1ABo>~{idQS?c0!_bw=!!yC1u_9zqUxt1EJz>)R3%w&W2v8-o+s0>;;EX|
zS-r_i&G=*gIpskoeC*}^&TvmWH{6BD)&nhF0J-QZ=qxi6zN;7_kTKkg4ElQcM9I-B
zROM9!W~#<%saMCD$bVY2viDfj39|nh97=Z;pcK=Oq+cCSarBu(6#rgVmWcJv$qL6Q
z-t1JOx5IBtG#r1M@-31M+~|?$1PFmw+U`Cxlu<hy{Y%!e3(S4UNm+3XKB}@93X{%y
zzi}LX<S%!=zK#B?K1eKSSci`SAxr)6i>biP)JB`YK=QJ(kd-cPf?Fqa=J5w+PK{V>
z{DzUQf$}X5W-R{u!GzSFVgZ6mJu>UMB9l8gn%(%A9D*Ijc^4dD5vvy&H}&KQKwWQ?
z8S0v!fm7S|84;ycZz{-5;uZ&zW1BMP-b#6WF9BC`4){hKDCmCB^}nF66oOh64ICuZ
zbN(G1<z+WWx~9o6osKQ?2sn3=@eT`GtLHXe)6o&CVnE}xllQqaQfMML-JnmFXDrd1
zY>jytk%$zqU|AYHMd@0wtPPnf?{z7(C3QxBMt`28Ut@eSmakm90QUE1@6f==5N8Jp
zDYeeYo^jQ{=LWBDk;eKIQleh<u<tHryc1!=l5pRzp)XnSZIAZH;Ouvb+_)_L%B>MT
zeqKO7#Rfn7Oq#^R6XlvZJb`E1fQvbUKPbnoP$ql9DN64Qt;Fokpl-HdNB%4<9VuHV
zXIqM*K#Yr3IJisgQ}5+&J>rA>?JL0h=#-uy^6=e4K?iguE${ciV=bGRln2>4s>yI{
zimfnf35s^u$CRg`oI9QxM9&iQ*R(-FBM;igq)U}PMK_F}^~%Y3Vdo<(H-@)3?pOD=
zQV2S-cyy8ZpMp4!tk0ONsb%)#j}qT}XCnjuT`DFCq+%S$Gjwei;X)1aP)Ss&TAW9d
z_pFC+%{R+Gl-Yl02>CNMh11<Ztb74fxyiS&+n;4Fda|W1k6VWy1cSrK4Ygf0{w)->
z3O;oQq=Rj*kqU3-xH3s7v-QpI&XR>ZuUUDL@6&shvCdkiX4(H44Xco&`WjN^!W``U
z)$zF<O7M@p+xPoxFt`P100owkT5DL<;O6U%bjarKo^hl}QIYGqAM6}7?i4RC%=uqh
z2<qTbOAr2g^YCkwI75V10|Jm!eDMsX0BAh;#$FLcfV<f=yM;jP<7bFcZ6A1uTWBvk
zrRulN<y;#<I%`QQ2rPGCG(G#4T_ARY-h%3AMbf693-cb?fyl&U4`$?^Bq6^!veO23
zR>yn`F3D@=pcxyhns{ruDc`|gsUsU~ee#0i%Nuqpv=pd=dtD+O$K9P1s*ZSltqsH_
zjFvDekJ&1ue69MoS9q9Hj|m%=g<F0N<xJ{+<vy}CpvSVd`ZeMKt@}!bP{9GAH(W=M
zEC_#Mpi*3UQk)S#W;@}`%M3WTLxifoXheLbs0_6N3s2ccw-XCc<g>z>IVSx$fHA7r
z76sw7IXYx*=4yK8a`VD*I7cNJJ|=)Xq7xCsznhF}zLzFeUT&n32?>-Za!u#^WMu%3
z=>>{ELviw@IA<uCEQaURW>tY^GSz{&mcfU=QM0+D9KM87moo$mRm8N%J<=rm7nadm
z5-wDn@7YL`Y+vZ&n50A{^01n7BMy9&+0zhD#W#Mf_BNRoeo1>a<kX2mM>qFzMoqEY
z&0meyafEBRzg%V*x_V6+!Fo$?l-n`yTHvwe60^nOHwR)cnB(UhD5w~409@&&DUtGC
z91=}i=lS0D3=TLJQf-<hK?6I(QYAS{_}Vvms9a-mMCY@iSQ`rYP}nVN734(pB$N7X
zV<j&meca;K=uXoe049hAN&KI<gT8L4tD8ue3oba#lMQP##P0JVGjzv+-u2I<Ei{}N
zm?n@90fLwkTb_fK>rcK*!Y~e_Z~I>Dg7q=CWx?;POVe)-;YwS=gyrZuJ%=}yvcX5z
zjibEoP|V*McTh-(m8bpYV;eXU5n;@CK|Q@=DO~ET7Xxx?!2HkMuOFS}!S=wX3e;yE
z3l8D&_+1{D+&R*lo+iH^cF0*AvMnD$DHVmkQeg1L_etEc7_XnM>zr7n^5HA8P+)oL
zo``^eWFUu(>5mb(_)ATfJ0UM(Pn4AARS76%fp~yI9^_0&q}oT_60F=jA5I?(xm0tg
zw#km#l~0%UaAzlj%)B9Uk<<+X-ZWc#|M=sWDm9AVe*yDxFAfWHyHwIMFVRYxu2_2v
z<t>w{IV$ZrWft3-s6Wj!$2rI62>sNAW)vg)DVMH0{zqloHS@`B7M7(TyIv}@(6kyE
z5pI5K@`l5F?!154VdZV6e6G}gdUdIe*T&6vsaXiJ<hutv@0CU#yZkn{@QlO<45}n2
zi8>r46o3qz9Oe5vS7xB~g<Lc2^co*zI^U>(U=TBXKauO#JB&Ki<*)`F=H+sXG`im}
z7}6sPm;MsDN|S(i642{;)nF+LlXP>%c*#ZD2@+{btB1vK9O8aq+usT>UL)X~48Hjt
z4Cs~5zk@fWjs>*o<UQFLbC*c}j}~Be?D8%D+W=}0YY252UcM_EDB|;G@Hs~7M{Tqe
zYne`7BCHKMjAmsK?Cs}SeB3$=UnnP<IaKGSY|w0dMEFPl7uj&kqtuar`1Xsh88&wX
z&3$jwmhl?KewnFyVgFa+=hn_-`!=^3KnOBXEtDY0nZre52UCNitNu$ESKcEgtXmT9
zvQzq2iq}uT=_m9PDbYA`@Is)c!njMmeAqn#zq29(0Gc<3tm?S`0%fp$06Ot<)rwoj
zXh~{tp)%X<BVLUUIuXp7>wJn>e~pdlDoI!`D=g?^-^K>NRhkUf0GTKqTV$p!#F!BN
za}qdzpE}Y86C7(w=!ZqpVaZ^X*E<>sQ6Ib&F4ekojGl$!Qz?OX>yVnDl}e?i=O)PR
z8+Gg~)>3HCv*0C;AO7${mOjp)LWX9yM;}4ww&JhxM)!>gkmpVz7(nE0nw^>$1~q0Q
zXWK3G=Vkis;!}4i?=iY37aoln#$H;PEZ7jEk)ZOekUikGJ%YnP8Y-f3lrlVQcHK*E
z#%{sqq&w0i?8Z#E;M$_R=RvwDmH~^$8CvAtF{4as<L6VOmJ2t=R+6to1Dp{`_g`>+
z4o+J8Rvn1t)K4}Nc_rq!48RpF6Sa-Kv0ue$0niAHeD3LTJYxdT1BAP6L~@#1KpHT}
zXJTjzs^f3)UCVxqXy30l`TuSFL~=x`>F<}flFDE>I^%W31G4A`!!NnM@xdn?!xFUQ
zXsNnIT2P}8yR*FhrD2C^JDmvT-)emh%p_!-7j_CBmDp>=5toolMQN>2PChRg(j6#Z
zeYhX0uQBjZq+De?0l%>I*-DXdnX^^Qnj^(U)`uPI7MmviNOj4A+uzN5WMlCIJZ<Z(
z5QZwPAuo>MPYq+p;V050qg<p~J{!C{EVe!y`{O&FQWtkctzNcIoL;VeOccjjGb~wo
z5s%BaZYS<pOF_QT2Q9iz{{RL&ij#Yv-#(pr{4utz;L1lbfsTpb8#WEVpEYewx%_jk
zgt$L%o@G3NU$;B6g9`;GP)he=Zn;}fp6U0mkRSl$jFA+skSDSfuU4tUiXvx%<ZbL|
z_O3qNFCRG=a5*{Cv3cW3-WO-a|DnOg)iU9}Zr6`f!uMt$7`hK<H4}K>ZQjZ4AGj9$
znquRt>-TfR2~fx~?G3w&`sF&<xu!Gk+Vf#95^r^qFtu{=Z=<6>w{872UT#H6Jk88A
zRHWgsCj>z$;IC?(kTV#8p!^1CgbNIHl;F0VOFKxU$pumJzI*WUu!PuET8bCKEucSq
z1%>jS9-2ciu*~J{ae0Mjyx#zpr#R8TXjF+mmzrcD?UG-rWZWuk_AhD#3TzhM+<S1Z
z6BTGko*!}>oZ#B={IWrgEwLuq0e-V-#cm0Y`-iqqk<0QSer_tzdfz+Sa$d-JYIWsd
z-{U(>HOfitVs7kywijvo#k!DV2^Fl_pMvUz>(}sW1&4GI73I5MraxmI;`Uof^FIdP
zN!LpX-~E@0DNG*~-5aLjQV$3an1fd%Ty^^iseFIP`D(+xS%%avN87h6{*fbwwptpq
zH0}M>zb+dXj-pkuK8nih8gtuGt9DV3%g6E}P<^55P;UK;y!o`?=qGHQ*qL?8c^7Bh
z01;7!-xy73bCQh!m;^Mo9~%ql%W<X%viVw4eO}mLgys0Dxz%|@NGU`P6nO)X#k!O>
z?9uV55N}(W+R4O5Bv1O#R~AY9`%L)1&L4t)B?OjV!|o>%D(FD?h>C!a6=YT!)<ED|
zI50;nIWsfJ)T^8fkR1h}m63|W{!k4OMlSByfvmtcLGVsGDF<@<ZVM_rN+l>G7aA`Q
z(|M1%{tiTtsG}d!@erUUnW25X0ca0spE>^Q?nWgwf(m#!OfPvO0~JtqWKFyq#@|+i
z#pG6AKv2Ohcv3Gt*F0vW0R<ffZhhQQw}q~5jC$v_l^Z7k<LBdV$*WK0D|<f^PfiYX
zj7@~Hbg_~-4q;tMsO~tYiwG+z_6gDe+Ciz2My8z@zzUtAn3ofngWLNO6tgh)fDn39
zkmuWMCY(m7UYIX(LO25}lfGYzYiJ)GfqhStL%!5Tq|vz~U?I%I2TMpV!;8c2Pt)a|
zn#0~xahN+szkw)n$yehupUKWnsPEUE^^m-%g{KPbPyN5T<&X(>Z1&{pj<e<zL_P`g
z7F~ZRC>2K=`8U^*@I=?n4UlQ^40F}~0LM*o+Us6g=D$nm&UKu*)V~kv00L3Yf3Bv(
z8q~QUJomu~!Nvqi5P%mp$Q7eO0g_k?+BL6I&oO*!{;8#oqp_A9^Jcri5zVjcKK2&h
zC*F$R8Q@p>D(GBuy~GE<$Au5rxB-4xmw}M$fQ8T$b(Q-c@u>MEMkyQrH4rhml_09X
zB91Ab`^P?O(XA<(Dz*|<buyEG#e;v!v}EROyfRb)ooO+cNyN1dBE*r~g#nc0fUf#$
z<lr?y9siC_<Z-r?tAeNW&pPFB1GB=B*ik{XZl<umJ@?CGzf71G6htoDVjR^)#IA?!
zzPof;X!&QV^`Og9dHWRw(-gA`>@It$j-{w({X^wG9{B}-H+z4AC&qiC9;3OWAheB^
zDFiJlc`{m4w8unb`$0__!nmidTnsTGR_Jl(Cu`fsqSZZxZ(u-od22iTTrSIzFzMX)
zO!wfcDtTGuO%KSbD-xM$E`>S&*g8x_q6BDgq?mRrMa#NEvs>NM-(}DBI*hMZV2+pz
z-X>juyDavXGX;Z8{F-=Q@%U51Bz!?-zsYqvcfVvpg?Ny`Z`)-Bs&IVRnf+&j9p#f6
zC0q~vz(l|GclA%M3ZY(p;c<X?WNQH*Z+Zze(aKp_CcFKI?&5VX+Ejwajp?wGPim_3
zyeEQwtMp3JO`ZI&#%x}}YUED(N*WA5&CpHym+1%f9A|tl(C<3<!nS<TrO*RwKlNSH
z__f5a&;inUM)0XE?WptU%eo4oY%LPMuvGqFWt|d6bDAKfdSX#XvxGz)+ovyM)_#ec
z1SHxv6~{D_LC+~#bEpOFYy+@swHdxxP$=`JDS@z`S{EeK!oOz2{+8jdYEN(fADvTW
zLy1;NTi#RdJBbF7)BYlDT11SG8Q9JLDFz?XtxUf7aT&H;zgiz`q2N6m*0ufk@8?zD
znId!NJs<Yq{*KLsB(>odcJup7S>jn7=E#=MN-b0Z@9^#UTr-^17&%|EL)gd&Z8%dY
z$l?mb<{&CK|IU;nS?_;f*C5@zG`iNJhmS8$t359ZKRlN6Nf77OUR3ZL-a&6hgfdeR
zDG5G$(^^Q>y7mP<s4k`i7bZinYoxGx@02max-0}edEg_>4!V$!qB+#Vj4vP-s*r0@
z#V?{PrsP6B&Xzj`Z6&%6ZYMvK@+V_wG#S7p8_hnOsgRxQzr)7xq12cm!{}j?C=*8r
z$%p!4Xy2pmoeg$49=r_kh#Dc;T8^@>;sP?hccxvajW5L1_Mxq=+bfz6DX~*ism(4W
zJb3A4d@iT8{si@X(d}4#v|eS*P_=mTfR!{aK63(XA#=AK7Rk&>GJYTPckUM9qz4X-
z(&5hyX4QjVInCKVi2O_*51gzE$R(S3W35ojQ4hYKrbWiQvCIk-|EGMcPbyE8l|MPn
zC}l>{wd|mSAs&crjKc0>g<63MS0G#7G{K4X$H^SGM2dC>kol`gMG`F4g{aeo;8&9u
z9_(Y%ApR1r>gP-`kHT8+*Zd((Vo~TM072CP1!z#N+y@;ko4KFR!b~M`@d%~irz4_H
z+n;=M=!>JKoMQCkV{$d|;2~tD@)+>zfu2yk$?dVtFN8h4T{$3Cxwfo0#QFI}CmSpW
zVoMIDM0&s39NK4q4`w92jr8%31!>g?X_ZUddt)px(nukaQtKb;gDWIiqXa(^D45b8
zw-GbY_rI8vaeFZFmg)l?7nre&t(%{wyUo5-0QokQmb6CVw(Sw1IOswcFL5a#>WO8%
zFZu*cMkXHWv)v8<n31ri^~UU4Ghw!JXc4)@6Lf~N$5<(BDB#=YXJ~e?QY_+Z=sj7k
zwK*Rb?KyaD*EoR>##53miogzk`02*tHft=-b&gaXgF@2v%eG!t(j*cF%RSXsVd(oK
zwA4xV4qh0%-SnJ=cVPoh7xw-bIE85@1dZT^uRUXz&Gn;8Xc%l@Xm^85aC0-tUgk4?
z)_n8Ml=iy|PY>OSK<(w*no#{1objPu29@yQCa8T;5vjeC!93bsopn=;Qq+hrARgOr
zqtzzBdw7rKl|cn;DEORH{HM6gNx-oPJ7Z+v6P%F(W)M&Sc<MVH4|yu-_taJA_1^se
zLcEE&kxiiXL)eMhKMM(1?0=surUGHHgE9vGuFU@){9`*X_4=gwt^W_VvVU^7bMxj)
zJmFdq=?v%+!<`53<AwjNAw92|dj{nvd87XmTl@Q6d(ch7o9`=$QnXj^WGwiS_M=`C
zJM)QV|4ufpAQ|H10`kcgEkV{319~_Losn4aM4s`&RVy44)&4!@BF&>Kf#UsI`FWT+
zsdI+IFz0!FE%Vyoyz2BSLH(7kSnGZI6VHpQ`9#O=&<&s0e};Zu2Pk?v{Fuj+uIsob
z5P3|8Z@0WQ+s-I({hU@zA}sVzKG-{*BS^IOKF#Ml-G2amfoX2JA>c@mOsM;5CbI7a
znn0KoIZHSGX>`9xAzUbQ$G_-@yxvjmp1>#f{vtjQi_FH-E*y<bovBM2l?*Eu)36N*
zJNEY4-XYu|!<0uhAh(MWA-Ew=2fuWp+CA9UackA@<eElU$V9mD64z@jr!+fN(Ms<R
z-&-t-_Bx-eAP1?(rWy^urVC@?HlOH(MWu<=oE4*^HiSRyrhbXkac4IYCv>8rfek=b
z2?gJ_in80=^0V6uGw7temO7NsQ&nE~jUL`09JUj^mtQ*T_>scSYbg>Pyh3C>;S>q6
zWrOFFv%xh}q!qkLVbX=~?kNedQtHA=o<|PCAjcU>UYmElHlZh)*M20naSWCpiT(7x
z&dI#>JmG}xr7#z!OZw@`&hdGd>HkzN{zQ@_hm{1fOMF1(x&>QE+ar42x4cn{v&5XR
zoCng3gvOU`B9xTh@h;dDjHcIHaXZhhWu6(BHZDko5T1@Icw$qzC#4~ypZ$H8NL#G0
zw5L~U49kwN`fDNA9QJwYO~l$nu<<EN<KnJ`Z`l@iOEzI6hnkL`^{AxF#-j6}rs1Qm
zq^F9zAx>u;Hh5UD<ECZTUQ_Nny<@LmP7syx^=x~eR0Wu9-J2i1o_XPWB16K^@mwwd
zD?N6c=V?G!B1|NR;mEmuefEiK@$4c8Qm`z_&xXOVmIU*F=8`oxbv~UmnhQ#q@CpD5
zPbroUf`T7#3`Zuq;2)hvydp1}$dgEd>X|K>u6Nv=BbUbRc7{XbW`t=A8FiATha^3f
zqF+mf6r4T~m&22Ey#qGwyxIL8It$_6uAQg$%1~pE^8r)o*a7CdMn0!`+aL|@;u5Z*
z0wb~>{J-a^xfmwhnxgCkjq&3g<W&wVC;d?iTc5n%$;O`JI*Kr+LL``ReI5VMCH!{z
zPtRKe7a;W6>$+U~c>5>tB6piLyY^3Cq9Eb!oTL+u{pUEVI0pV|l2CG%3r8^5H^zI2
zL3ZUFPJ`#bu;PHivaI_=kBsLnOu3eQxX5?7HEk11Ma(cSqZZs;@>p7b>UM<6Db+7|
z4rcHxDsHcV9*aV2(q)02JK`4tVtL8<9WsvaUlZR@P2_-*QHZ{FsQn;{5i!@dUmot+
zpG?u;ONp2cD)_4X_{2jvFnwJ&A30SV^&nd%rr^d+KizWnOgJ!Q=Dp24gKekjy0;A3
z?-!}DaAM0$#<H20aYz@3<UoHqm_6BVRj;pZlg>M7yGq40VV##6k0pNhSfHh|`HtDy
zpr*RVHvY#_1ziky=g5&w_q_VXN6(PU)9UPAa$$!H1Z?m)QV*?IQck7s=c7vaD4U!o
zCXloL@z_}xNWP<&_cyTY-$!?Ni_MS#0_gJUuEmQ5BI(O__j5i_pZH>Rp(<pL-c@d&
zwI$Aw{G5~Yz_EXi16)o&Imws#XDqh4o|e!LChE^%U2AlR?DsZoz}@$^roLU$X{w)i
zl#19@p|q-OMQv2k#2h(&QFG%oHPL&x{<ziou@jzWz{Xi=#+p=_Kko}#yz_jumc__S
z(J&!l%9C%y-(9a{4x|M0L#K+qOzUu~+4>Y&M3O<&Q-j){<TU@frbRxM5042zh7T|=
z2>fA4jca%#@~q-t@FOi$X<OJL-?Ea&$*V<0xQOAg)rfw=3}X%d`ZT)RV%<A>ZUISx
zoWn}!nXcU+g~&#|jvm_CWX+ekFiwzswXBGB+2^>rjbTL+lp|-V^FtupUL+Tc?XWN0
zeE1W?|93=H<l$c37FHba^y+;Mm~;$QI}GB=Cc*Q;5NFsJYbfgiyyp1+ym1}BJDx%1
zZqI2!I^*6=Tx~?J5Ps*5ji|ZTma){E;(Jx{&llw@MPwwq_uT!Iq+>cnC}<5I`%O!O
z4}Th;GOpvM>t~O2g$4TmTUWAlQ|9TT0rmETBbuH|k|QX3C+no~4Wy}(hYl5Fu3v?C
zNP#2m$V4;KO29<4ShvZVsnwy=sng|_m1u$>_|KA|nJtl>WT(=f_nj5DM`A<QzM@4K
zu{s`*YjJfm1D+fIl=sM*1lpVZp1fH`*QthUWSsr$TS^%RSMxTVJO*E){*;80*22|K
zxsgGM#A1eN(aH8)084%OaJ;j}^m62x>v<qV9k+ED0t^CkOj-5dVlPMj>$29u#3%<w
zt89vmQkSlMKR%kug=hfhelbDTUQQ(50y}{x3}m45Cnv0n2MWu<irb(Frb5KW$4fx#
zM7zl1I2Iu&Bbi<`2!S{mI%Aj$_JttpOQcmZ%?COf87}vy3{t2oNjUmgXdwFVYL7@b
zSKv-oIXaC!Ys$E5ujpg%n%Z`hFSx73cOI-^f_}T8I=AXhPWX%WtXSHjrW6qmD8^n&
zKIWt82b~0YqtAG6i;<B2nKAg|Al-3c7uGrD`lqGIh@UXZD9Y{U)2o-nf$|z$d1dNG
zb9<`~tr}M*Xtjb^#DaIX8HcCO7K7p@-^>!E1F(JY3G(w%P<mPUKVtie@y1yt(qt?$
zbWqatbl0wo1132HJ~BMtZtFmjTa!o)P-Ya5_C}I+sXz1b)9(&dK}2g+c$xca5fvVh
zsOP-^;XFH+4v3uC1?GCtrRFawu_7?L^ySnczl4G19fd_iC-1&Nc}EM&$i-Q4lE|Dg
z1{OfQzC`ZW{tj69%t4R;a^c=fgNkS8Jxl@r*Jz)TBgze2ETIK64z4h1N==x;_NxaB
z^&pzZ_V56@uY6d?Am7UDr{6nw-$nhh3vU~z-MnGM@~mKdNq+|Qz7~wOP|=G3<HzW@
z#(z@{oycw_fv*#~;NVae{57h`j3mf;6&x0ZQZHQ%OdlRF_3=l#K>J!^&_M<O_+peC
zomB1Q8|G0hrBk*CL;H-V12jKN+%pmnak$`@FeI_fUX5t_*7?i#$=Odrlq8)%U?j5M
zQ-*}@DcL)t{V=y~KMYWsW%Ar2xiBlmIyuO(P=W#&Akk(Fq`jAzAfs%^QXm$>Tjjv)
zr9eT9JZvN32bl&nc->a^N#3-L-?YWs5@C5iOd$mFr-zt?KCRi~|FBJ@B-NyP$h-OQ
zz4N0F;N|!f-z?*|*+n;uxEw}3c7>r8#jiCc2VQo&jQl9ZlN)~UE}vz}99DD3IfFTJ
zJU<ee5~-LP$(0o)+jGZ6ny6n2yPXd&)!RQfw$RS~!P1VcJ^3mx{(&gIZ^JlCe&@&z
zn%#{d!^9njI&F$BB9VDYPm`l`#}>VQA9nBz5`&p(k$87)GWA@(*AS#3v$wVwr<cm>
zO%yduRGZQQ_w2;UG10?#_Lvk33UeC5;KF$16I?%`aP9JWutN~M(7p_g52=^Ksh72M
z2#=H4ej7bmq=c>Vax9rOWZ{1%wc(U-;CBrJ`b2CN%&o@*-pq!6Cn4B5K?%M4JvBew
zFGB?ZrRqA#nF6Pu#|JZ*`kp}4J1G&7Jzt6(!O0Q}v1X<}FWouWwUSWorlXpk9i=<Y
z<|WIhTg<cXS(=7K+SrT`W@>~SD7*u(1X?NVuySEB$GIHJf&h3mW-BoJxYk5y+^LbZ
z$vp3`+NIvyXWQ?0A|8BU_+djlARJYKG$Tx$u?zI0zIlM<p?_y&VWPsx*z2$Tn-<5-
z*Hk(6f`rMhT@UGUQ`pS8hs6(v_7f<(EvUEb?vAZsyzVA^KPLCSoUNjAl$J`DjXdd%
z1@9XJUN-tTyJrRoX3dOoQRG)fWZ=DmgMQKohf+I!E|-y(avCNq7avE*k!D1m>4Ucg
z0(l|Sf1?~MlQe^K*SieWbWYf(;^!CA`Au3<66~M3RiGw*YCqD*eE2S3_Be5tDSCDb
zY+p%xc@Zg5@w>ZqeJJ~Ti~_F|guXrrCb@oIx-`jd4~p_cKYdz?vcF&Ve@`G%IS^<9
zOMDx5S{ZQk>FV%M3UMUz<Rm?ng*%L$Z!8@~X)w*5A^*PTI=jk8hThy!o8UBgx89$X
zaAWr%J|LB>aD&=UUlw`q=#BpOT0Gk#(XN_sv`+x~4;=ki9^RP-8X8kTPL<x2aR`Pd
z4WxXFzq+p#3Nt){WQa<v1mMc)IUCO4cyK~>R7W5|QbHSBkon7PgJjn%8N3LOy=(u@
zOULNfO7(M$Q%k3Oaf{V78wS{S;~S6m{2n?~nOb^GN{lExB}&;7#VA4MMBdM-^C*z<
zmwoa?@4NZ8p1WeLK7Rhq$ax>~Y|8+A0RgU~1J7_0_d++ysrbOl4-@U%f`eD|7NI{S
z--_PvJ9%Gxl;~*@V<Qarsea&mce|B4`*qV3x2~(-uISqz2q}0fms_ZmTOdY9b==KL
z@pypDyULBObM=No?)2oCJB#LMo-e$@+V?L{fwVWdiRCF~-@i3yZtCCMGz9(>z!J9~
z%Fn1)PzD)mwrO!!Ns<n0WA!t8k=VM}11=(0(;N6%n$eF2JD+@sSSHkV+GX0T9ZHHh
zM#26Cg&`|AokT>X*U-&mNz5mQG!no%>*#-Ao@zl};>E~AvZvS3-i&JhmkAEe9M05o
zTunpn>Uh{g>ylnp5`V0Mt@C049Q+KHbKg;Y5spoxo*>QjMMl|F&;%8o|I30S!eks+
zVKsAHiaXE#t!frfRC#-k#x~#)<QV?RBmI?)z2k$ddFUQ`{xdNOtriN8A&Mg^M+Z3E
zZd2H`DKAsKKN+--889<0T0)KNWOx#~)-AwUA2E4sJS~{HL%(b{NNFsFGUt$G_*n2{
zQCvRfEI(+)NU>%jW?EzH-kVa?*MEmjbj+2lJS_<aN<Nlqtm5>_tnueCJTUCH^P4{V
z^%1u~X&Ep4{?#L}pH|TQ!AGlyYmpWMu~OeINWpB2+*=s>MLdkcD|uM69+f?_{(Gv?
zOaM-B-{?I@fqd{?6RQ^#MS<VVR{R&0xv2=MjNa$u<P67AaCuKlbZ#WchQEenT2dnh
z-$bDagbIfpvkMUk2uR`ZE9dY_+_ts?6_)rIpXyiytj1%4V_8AZ2xY=$gzvx1Fx7{I
z$00{Dp?xU{Wii9bb9*l5rhgFNsyEUPOffTvtF03DJa=JVk8xjvX`l0Ge$@HOE=~hH
z&O1}Auug)~5<I_-R+0M(!Te8h7_kE4sX}JFMkc&z0gi#7D&V)YPLlq<F-{{Fym}L+
z3vs6Q;e!jet3iA-mAo>cUYkly>{ci5`gV!}-uT)vAFxpfLd2J!BzMmA#q=J^CpI5d
zf3^4N#((}Tn0|Kf{K-M{wsi=RP~XW#QU?+{0tb9RhU*7X{@_9J2LeC~B^5Bsn$TIO
zL(~Co)C7->GQme_gE{}tG{Zu7Q$8951~PC2N|iESKOy0xFYiFvf8m+_q#OvPi?N+)
zsy&PDKn`Y9zdiGebPk^KGp*B2&3y4tS~+-@{KwPXjgg${qdnh;rqjpmhi}0B8~KAE
zSU|^%lfD+Xqy429w%L>L;Hmht+1u2T3XW%B{70kW<tMYLk!zX+C}2Smao8)qhqK;4
z^JG(|sn9>nS-y|P)k0|t;5v>kVeTr;ZCz@Rk4wYYl=0XrVV5pIu-iDif$#l&bU~P2
z$F$B!SVSZ~D=Yo{xVP9uaggTS$`feF->t==9Y~1*?<*~Kbm8F&{PHlIG1JFo8z#-9
z9wAyrn_fy=s3am2WoMLNXAu!H-|x8`ROwC%cIzj6-I3%4KBTLkdg+ym_>Q`D@*C8K
zX|jqqmJ?Sc4<8X(-v2|^UqD6qeqZ3I^w2{$2nb4dcc-*~fHa6mcjr*j3er+i(%oIs
zCDJ8Q0y0SVefWI;zyG~!-L=NGW{LB@>U-uq=j^lhKDZIHAL1IsADi1F0_hi|{qx@m
z3!nExuKclS)-;1B$ii35?Jos!C}bgXuOT}wS1oMOk6?sS!qaMz$G-DO2QpHpW&kO*
z2_DuA@6v>IeZK1cd^P#}Ea&Y2`oLEddwNtOr~}ZickRwU``fa^tLArSVq2Di*QU+n
zCsi!96p0X{gz00Qx%<fneD?9<;3As3Jg`@F(82=vUl{x&;c67tBQ#OW(JOE8)9w3<
zn293?GL^Jck~q_BjmnuQ{TK593qoG<JArKY={=O1{2vz}yeHH4V(b1##n=RTn~=`~
z^|WI<Yv<rgOSrIIa#TCf{u!&ppHYg@?{8m#F<$XjIu-hcVpqJ=+4dV&Lc!DaGXKQT
z{W+zl(4TKvX#GaYaeuY!9}Ng}I8zxc>4S9po~%dZ_VWI@Zq!mblzm&1i6l3JXB|BC
zZc8v^#rl=~aMkLyGx1gr-7HEv-uK9t@Ofniwr)}28(KS;$&vCTm8Q+OnWp>eRt;w2
z1`e3EI3fM!i<>2lbCcx+tsIJgN_^r##F?Mhw*kxVJe<U302qrfNJ{_#FfBnuRpqgR
zshdke4Apqdl2rE#%AdXdIL~<{z_<90m3G-fp?A>bhx5YWdKDUgF?&(*dfW+nkYotF
zeh;nDX1y*R`S+NrQ<2f}MMyxiyUqaiCZ*(p&LmFjJ<Lh?lOZjPitpX<t7+*}Hr$YM
zND$juFxyF<=K#t;pXj12suAgY2egBipP*ADv4;ee*M@+sD>YT&C<fCmErq(2?n#3v
zB#s-o!sRvU$?OJj&C@}xOzM%j7JMwGXsz~8^-|0)1kQb5opS5M4LrOk5jfjL@k!v-
z9@_N_ABWG6+&pK?$R=sX7|Yk*C+}dxq4#Ba-Z|6Rtx21q+-2|C^{&3x%JT>Ekq2mm
zOO-#P;dm>le*mB}_?{Y~Zz#|N63-cXKL6WtV<ua|icuifra1;B#!;8ydmAk8C})<1
zwV~V`*{_TO0ARewoc>(G8$(_6*wDy(E4FE`kS0&##Sd7Ow8cP@e(VTGCu(QlhW&ED
zpv=BCq^L&Dl7!gl&ky^io4*l_X|$P=T+9nPh>p*~F$vi$-_T+Zv}WE4+8R65=Pl$p
z!j-RmP$DWU-}4g<K5;|_&~aGUGYrg<ddr#Fhl-QsZ*%tl(#NPL3R5I3XzP6_7k)5I
z6zI0Icglt%W{ddQ-1wxQ4#*fzr#ra;L=iy1?=J=8Fp>Q5%C@h<<2N~_U`|wFP9e&9
z@gn*uRtTW#p;Zk*Mqf7#bK=Y_#@OJz{PUt|nDd&5_H+oT&L|mtNqr_o4v}4lLp&0x
zcaXn{m9G{2x;S{g^H?4uJP81<s{l1=W=nBa%aLwX#NAFpX$PQh0ku!rhbPy+5l&e?
z!<_0`9LylRiBy;yE1#nuzoGLqEu{tSC@m|2gW<7CZY)f7BQJJWVjrBfI6hW$7TcUy
zE{FTA7XAs|U&(jEb<`AYX<Y2pt?su(iB7z2GKrU^g3-uG(U`DyJa(0U(FDbIFhPBm
zM{8M3nkOY;XN{Q|aVmeIOzwXVKwlAI6XGei5=PiW;KIubsIexukEspDb2Xz_b%~>5
zD@eAWGvBE-AbD|v*FP3m)!L2%D4xs<z!IS#3dc4QJrjQlYTp9^uiN9b^}nrw$||PK
zKFQF+8mrqs0+qjj8H!J)sP{fOtzFgCM)cd`D?sReCluwnv#81BI3*)UCBwuzUyWs~
zL|Y*(UfcMML?mtbw|g^Z7eR0@wP@0;0{BN?W}3<NYU&IZ@Fk5fB&mck%YoDXx2q5#
zruX%g7T%V5z~RjYAwpL&!jm)uMz3a_GPeBlFUo1w?N+ab!J+VzOfPZVfa7<9iK3J!
zTWFAgi;eHU!e4ltB0}Fa#(0!IP5OO*hEe?c4+w)M0K9cuV*^WLpZurNsYx;aFIHx3
z1y_SPJtZ`uhY5i&AY=)vA`zRx;bh#IVxQh@lWgB{H)0A41W&yQv`7ic1+*!p@X20v
zhpYP&M7~8ipT|GRbNIyY4=6}JJP{m*lRvgxZEqeAflt)n`@E6+Mt*G<KkdAMGMGII
zM+oJf62-IlSVHT3SeiRdXqNKUL4Yo}-Kv%vnL6TR^7DitZpK2*j@7OhMK;Cf;XKb_
z0TcNy*Crk=im2h{Mps9}vw8dv`~h!p(q*63(bFC@h?r(K_L$p#LC1&{_r!w?Qn_-X
zc|Hw~pbkKNEUiNgse`;%<Hp$yAnN1aB&}2ch?)W~2L<=GH^r(?20NMmzI~DNg;@Oh
zJzBQ3aK>OXN0yYzh|;q2pt{phd;EIGO+fg`j>u!ZP7~->!MMYEqHE-_z|{6{m@K9e
z+EcBHZk<7*XXH!|l0^l6k4m=Zp}S{p!PYY%s7q1QA{;J|X4`aSLr;>v6&qT&Vk%ob
z<KNab)QF5(5@A=iwlqD1<Kfb*HqZkKCwmbI-4wDz`xe5o&j=DoBH6$CN!DP4oBbd@
z`<2P?qbTFW&M81UK~d5AS55TcmS)4P#g+gy;I1^~cy}W36+s8+`&N8gj9|u&eJ=&>
zppC27PnOwnK@&*K!oW%9-*omF4SqT^k)JRDR%Ha`y;$}<n&{fXsBY5lt_(cG7ppL&
z=|aL44d&>ukzpm5E71=cvI+K*_t<6m6&cQG#s#KdI6YJS_Kh;%N%;II2cx=!xl&ID
zK%`Yk!Z?}8R+2zF7t(he)jqtwVg;EIgS`jl3X))u*YE@Fb6@CRGBi>GYa_~%cqpo_
z%7zXzcF<oT5Ho(xvbX~<vK1a2Fh!~=5I-Hc+x^6Wxv@pvBQgRtRtIGThQM_pX0VeE
znZcjutd$ek0Uhj79%Nw%RAG`|k0o@^L+n>Wbm$P{XS{bE#b1w&&C2K(m8h3khgoc%
z^iEr%Juu#wS;iNX#&iFj{2PxxSRDaZo{oC)u^QfBLId~8(X}BL|C=?r>q-*rw9JL(
zS|xbrbr_2aA1*!mH9NN!s{0-$`>p4F;O&!Z@8_V+DjR=d9Jnb{wICf6_i}S~Znc-C
zvLjm0*q@}b^NNeu1qBN`b~8TEk0j79Yr9-PLQ+A2W7TILN$@~T*rF~~p+vuHkS42_
zWJefmoj4var0KRhp-W<>>(D@q=81W{4%Hh<&=#&^4E*<Zzy+3Zo)S$#=+(q&cGO#1
zcm;kQGPFi9YO`{v9JFbkhqe@+-}m+*U}z(3`^o^!1t|hzR^fh|XFZ4if@dUx9t+8_
zN|OQ1i3hy3+wHTahx<WIrj*>-KgVN^0VH!Kfh6N!+JhR`?xBwn?a;JA{fr3%fRjx}
z9oZY(8G&`IuoKJ|M6Sh2DuS-t^nN=c0-GOL9Qv+Ks9r@G4JgnAXzrVgS)YK5LgNR)
zMUCSzNrWF`%m3mI>%ZRfVztO?JB<Xc{@^C&(0+!{WMnMcllYPmkCM7<+Z)X2Dp&u`
zp0sIw3sGf_@G|&Ng3dLdP(=GBk<V`wwrx&JhL)e7ZJ9^&G@y~9eZ|jG`#3y)i}U|4
z^ca*2@O4lH=&FB{(`G8aP0ZnbMSD<oj*Amqnis~YfQM}O3q|Ds0lZuRa{ZNzL;(vl
z!%x`4vIDk-UJ%;G#Hw%n^;NfUvvV1_n3A4<0{+Y>nSy<$T@(qWTmo^=H_oPEjq-R-
zHrTtLpSo4-fDap87=`~#m?TJq-|k@EzAvcS@pbEsDwkI;X;{vll0{3Frh_AzpB^7B
zF#8fAFpJyO;yAYdhsU{0Z)Wbs(l1V)j**UNg+tORZS&lxrv`TorI=p{G-VM3U>=j6
zO;fzrZE{a3J+batfsuqcSvqJu7o<@Z%u$ZR00R?n@eq4nz0P3KP2hNyF!~v9Bnhhe
zdA&&aI|)m%j&91{n=+lMCdIcOKC8$jVR{SS)apofNCv8P=twb}$OB9BM^US$q+7o}
zF~+GN2=BbKM{wxe24RY@y-b?Fy<=HLIK|2#GRy@Q?~=2RKeQAM-YMI`0#?@=uCGjS
zho@+h@<YF0`L26bdA9k>%|^W}|CmKZk@eYIF<eCB6gTg;t<2CpmvRHHMoqTd&`OlK
zDRNjb@fB(^^;xqKyeTCN{v(MLKu+pnXOtaRV@Dx*FWPSZEeSgRvbCviSrngI9F_#x
z84D|>j0N`oMu9!z@yJ#eyP~8HylrgS`5Uo^wb73uehsHo%WA=HTy~MD=)7lt_UqU^
z3_d3C0NMJp!`*T{39>nfVcPc{mzT6Kl8;>A+*H&ZF^ISmKjriW%m@vZAF0}7-8r+p
zWdc36>4Q0@gtlQV8=H*0xcn!gfY9)DdJ2JuTM(hWLHtvC1{G+2hIaq20j8{jex7Ky
zp)CV(rbi^*DH;?|f?M{Q!>8YYv(SDwGgV<f5@9DSy`|#l5mC;K$nKNDm1t%o!+Nq4
zMqU?3Iw{13J5Yz+ZZ4o-YkaEW59aB*<(O=t`Gy!9hn8rMV?D~3pDh!9L57|JcVe)v
zscOyhMQxZr`&{l}Q3Ewjbh*Qbi$lUtiyO~H4`cg-o9(~+03M^(QT$akk8{oN58;oN
zKIoTFxKBc^c}|`g;D+q-w(u?70u10-5o-I`C$F)`icdfxgIP){K14G=d94r0z+Udu
z28Y{au<lMth5Yc}vz8<!LSij9j<qn$*n&Y_aq5@Pay@3UefMhk$w$62V8`)?IauNQ
zsJqO*wR?81ydjlzXJ6d+9PfC~G&4h<A>V`{iY3i^_s1sGNjPUtHSc4Zg3ynMnog?Z
zuUOSNc=<Bzq%?aneU4qyI*9eNP5Fndn^7;7BtG0D^u4O2FZV^V+84>ts_~CBHzmCK
z(QVw?Oa;aj_vuh;?uFEJ{LRJpM_phQs0AUW+_LwMjG+4;{@*pPlcK$oR8UA`tsmR<
z(#m^pe_EsOxmxVfjIVOQxeY_2-?cb)TCgfI<xYP`dpjj`yWe^Lq|BI|z4d@_)qm#`
zc9>Ivk#vEM>{DppTxS6GBVL1yWVTy>9iIL0lRhi5XUC)4_RC<V4^A010?1w)bqj!i
z(aqoKT$&{N3<kzP2poyNurYKmG1B$uE->QXcj5OF9gNMH2&G0n(pbe5d>j!m<p1A*
zUlW(iuLP=ASi|=?x6p%_*(O7`U&yS#2;EJYcBxlCD8(@IeF@1fwFrkhY-UQfOGB2X
zSUmF85AwsReqhFNgPzL`sB3=0;L1#(I&;*6ID+NTkH@Lxyf_vLTPUcmAM{HE7IY}5
zU!%BS4<F1&dI`?!NT}_vq`a<{>Rh5GYUi+hv)}3X+}}8!MgC}f9GJh|k5E~^qIw0$
zUvA`Y?0e+dv-Gu{yT0<!rKml{hxfj#r6)g?DVpjo=Apxf(;r-P+i^-2O-)r+FRr^b
z=gjP`S1qpBh(NJX!F#|g!ox;g_iQ!e8v~!A{e9A7R!@6y0Y1=eo37BcDaE@RA@x2;
zEnkM0G-$*jV#YQ?EkAVWul|J~Nt|YC-G7K{+CtPp%<~t;Z$xg!G0&9TN?%mX61x4R
zqU6!0O+tE8{FQf-S^ju(@5bpm*jM9ql}?zGh%y=G{q6b4<&=NpX1(5*ek6$w3dj3n
z@1$vB9enf1qRXbE)g}1N&X<9sY+rKEl`Etd1$4+V*Hq=b(|v`9brMW4YmJ(Yh|FVq
z<bIAk!G|KYFnA5=JtS<myB-VpIKq7p`Dokv&gRy_j*s85>JmHO92Pkr)_dk8Ow7UH
zZ3`jbWcIq+;@O96Ac9hjIhotoXOGSA?%(^Tl%xpJ{k;GHJYMz9Hg|T$qw#mcS-Tn^
z`~G$2a%*N{^AS|WXeNKSomgAZfJ8{s`rYl%{UYhSq{6tOoM+t#-)~5W0sr^3;0a_1
zH|?Lg(P4n0CE{NQaB>3N2r0m<WYm@XPSRb49c7=<2nJ`8!gylveZroNh!5dhVzhuI
zrf@yapE{MOG+L7W7I7y)3I?a;AUpIrmAY-Lylv$Zr1pn*0YuWjv+Ln<;34+m=+DC|
z-vgn6&C9{SJG9#^lRK3A-Zg)si~D;tS;(iSQh61cxR1~R7<Z0J2LKef#2Uf^0vd7s
zyG?b=Gg#Uu54X69{8yG;BoUI3Kw1s(R&wW3H1*SCn?jj}ODUIQfGC38VQm504P*{3
zJ4H};KBeRtkKW6$iM`LQG0~Xf{15M_{#dwA+lHIgyq_$vtv8a3yZbXRenz)bbt^w+
zwf61=?#w~bP6Z0V5Eky>ZFaoAW?r_qcb}<Mejp$IbB+4*zC?w3?T^@gCu8R?*Zl6T
zbneq!(jhEHXdEI*!Ku5!vxci`+wu0+HPdCGYtg6Ne-GyMBUv<+-gQ|tZVXDa5$s3=
zlHlH6R#?$ek_Aa~!+eiAP^yCvl20k|%?JX#jt-&fm>R>^$Ln_&rd~l&T8oiJ(=anL
z4(hfCYE}(?)zRk-eD`MbV)trS+nZw=cwfu26pM}JH2%@i)ube*-)uHm!IeMUcOwZs
z=#LR!wv9+%{*q%HE%dgmeFTs}!w5fcd<Yt07eR^cmycd`L2nnM1j!FMx*y0fM+)$n
zw?N2Y5OZUK4B7B1uNh>)4xkUt)qepJhBPBm#7dN-|32#NX_5NoFpJ}2m8F}6;bS$q
zYjY&!VTK^nQ@z*%IEH{9$SKJAVbwugcyS(}haoE>LE|3$g8tHga|-;y9>2%mk5*Fd
zvkCHNpz10YZJ7)2n7|wlt%e4gj(O9DLS^q?l{$(|GvfT55}upUEtf95`bi)Xx|$Dd
zSj?<{@bvwo=R>YP4&@iW-6YR83dDby=zL)IQx|nxm%hAFH;(SSE$!@DGdZtcv{-Aq
zLcX7Ce4y^!^CHCU2zY+K%@P=E@+I(p48$LN=jl{!{<NwW&_Wf~O5z^7D6}##zwHOp
zUm-9kl-iG^&Za@6y=|6^{fQ^m!pOS&#U)SgaTs`9hSxLlx~J3%UXa!;Le!I?v?0I7
zOACc8?KD}U6%uHAWkwX~q|DeN5n&7XQ7-itmp&Yv$6C%>3v{f+^)j5}@+=V{fyLtO
zv8w~|SDdx~F7dE`3RrXi-evGBfpO1tTE(YOoab}|V$MY-pI}2O>Z{GX(Q|*+ZZ7=y
zmMLN#ADXmd)N=8&VJobmb0xucx=qRuy%${K55LvDHtW~&KWfdyGZ0<w-U-0R)ATkj
z^p8W20!eiGu!hHEmuI8wrsHn@wo~~W^46(6Gz@f<|9rlO9P+I;^1HFT!38SD_TgI;
z#}{G#ZT=DstyDNoZ&uTxU%uea_~(_Tb%6q{mPhNc3x1qZkV3IShfFtrlq|t3AAB%-
zasl7Z#P^VD{S-H7f~E&PNg5tL@K|wW`!8a&jv=&;1q<9?QiFC`x?mb~%;0KA9XCoZ
z$twwa=8S#O=KcLLy>DcUocm*&{<etVMafF`695J&eRgin+%7mrr-;}nar%0@U%g@@
z)^dj38UuV@V_1ij;3Ys<WZ#NV*!_GWAMt#{`R^V1q#bAQ1XV?}&3Wsarb{ahL~768
zN`yFa>IjRmXN?TpI(EG~I0WJ;nEvgEfa~>??ERNDKZV4hYO-P?G`)olPH7mN8V1i^
zeL#$tIMF&>Q@{H|)E2P4>4WXN!abGpu(I~+ghGwVYiRc^yJ$$~)v(FtKz6nP1MFdc
z?w%*$-}Xv<;6rcYJ$2*Vzt;aJ^Hr086?(Lk>XXv?-<*R=F@lRQf=eMGMOXmg_TS9{
zF!@iE?XOf+`POwGP9use>lEYTG<i}#d7O^6Op5GFb^bt$8%6uVtyrn@3UZ<Yge=CL
zj&KJs_0npZ5>SI6_ng1R?<rR>g6#0PtxeoPGg^UjD}Vo33`0-AS_i9MZCu?Vt3~oD
zboJ)^&CyL@5)1N=Xn=7G)#KnqA8MRGG^B1P#>ge)0H*41gBVG{KQXDhqsECP;v-8h
z>m#)kgK9dlx8_NimB_yGq(C<6a5`@eIVPQtS(%TOuB+!?c-<X(9qbh0!55uRUe3{y
zb3WZaLfYDsW8dm(zgR|{(x4foo&aH&b)r8tBKPx>xMw=$oHayG3-a>t=-8hYy>c*q
z)tJ4a>DRy`hEAd}%JJi?6BunRIru(FF$uu#IF8+iuZOBjmuTc`v0FG-hoI5;;ji7F
zU)UPCjvYRl+H?`=EklZW<y5w{@LGhB?zc=F29_KHBPS$UBai%#j13?u9~ApGA2Hou
zOKbPk!XmF{x5R@T18;nretn>D-i*E2z^%*-UfPmxHiAuThN_lzo%XQ`9!T{`i#Xm$
z>2<+-`5j9zwze>+KrhOFa{Fy=uvf~9KTY&SR<ev?#J_3)>8xP=%{@$99&Mt+0bR!K
zTXembU6@{CsaYR`0MD>UJ@Pkg8*yt=m?ai~@5NN9%L)N@yVHb^i8491PCdMT5gG#7
zc!RNF#~z{Z<(A6t-t@3qkvHz~{jVs?Hv|49Sbs0?&*~4>Ly3DHZbTjk=CbZdZg&d|
z_0Ts0FMqCWUPn~)L?09#XPhe>AKh<01eXS$+W$AM(VQ!efU>8I>|=m4xPlRO*G>9$
zv0gfr<sy{r_$Q3hq9;5~lfXdE$FEy2U+1;me8Uhi^JPfqGuTU0)p;<fWjhXGxu^uz
zurHDQ+?yC-XztaZ&#IyYtovXmti1|r$RE#XfeIz(g#&=bW78;zQpy$%`9O~JXtwuM
zt~26NcQdB#r|T=-7Z0%4h{wWhshC8+Vq5%ZyW!3qBr2Nq*u75VFyk8UC5S9z>R&ZX
z7BwIVi*g^XBLG2;4>();f1aVbDUp^gd`F!a7|ha&)IKEg!`p%cmP5x$kAD#0h7LN&
zFfitskWlsQLZbuTaD^!Zo<9}8yTmH4BAd!V2WK-)qu&E67N#%fk+Y+)@&6a7wDC3q
zoFhQ)`k9^&o&ACApmUGGeJ!xh9Ci}r-^Tx1k?xZ+Eq)wbvg)fFWDufOk1uA+Qmv*)
zY4P|Vi69M5*$WJIqSA@vM5Urc<w6@Rrmr*aEV;?PYBMFNFbHopr7AQ75q+ApaF&#K
zwt{f-w==4WBo)P?T`PbFv+6R}Zxw1Y5n^5~?tI1&YC2Hk6cz%JW1fpM*LLg#y(>d_
zJaM~7ax3+M5IP{s_q0uR9w5>{7rSfilo-k0Xr&}8&8H+PF8n5iyCX^wA~t$A0hMsj
z(DZ4&Hex4rM}2H~qlg|EgL5K}Y7R?QtY+EZdvV%Keu_5s=YX?ep4*knhDizcnlxdH
zQj^OlvYOO1x7I=|(3yoh^J37!Jeh!{!!v5{f1ZjOBmX?jXrmva^EO!H%|N>r>P@y6
z<l)lfUYkwi@@W{{pJO@X;ky1IX6-^8OoktB+i5l&JN^M<8HsxVzca_qkjnc*J@`tt
zvD_n}=h+|fvxM#pU<}3>p)dM|sK)~iSmm>cucVty{wQSkHL}76Rc)wp!<?Qb+Rrzj
zKdY&OQcvYu*u92aC;`#NHJGw>2uoLHFk*G2kK-GEe7sh>GB~YAp8{T_MTujn#vFiW
z(4^*%WS&jVf2@pSWFb4Onm;dJPGhS&Zv&j2=S*d7-5C>;(w$RFd1RWxdXAg-Tu6cj
z*S-=CwzroMU-~aOrf!3JZ$i=Cl<G!oG=E{vSea7zSAcq8EaH1+Pfjp#|B5n(^5DPf
zB0}nUX$S?}vD1&xe}zONDt0<vE`sZs>913y3sWwdpt;<hqilb2+^h~<b@6-cy2da4
zj~R3C0IKS+(_(>dLkCDOQdQE(D*Y~yD>}|r!QH>V%r!VafTof-6p!KNIiGjNRC_S&
z&uk0E#>Y~Nhqz-*CBm9_FMb>J(cua62&PEUW_(lHC>Z=)6aJo6Y15Cmz^~!liz!>K
zL=tmdi#EbM03pnXJZzDBcSnWgi^<vRdaK|3x1-YhvAje`fEm3i++e5lJP$B?&9WPR
zP`m1vub-m7OWgH%^nlYBjN_Uj^l7~UL@p3gK?_VwsF!&yu@MXXv;{%?qmx~vIyF}B
zNU*QD#F&g5tzzU$y1!2%!w~TRf3NB_(yld}{GP&*zNSPF7&`cnil&}L<eSer)8V0m
za!{;c?KLpr(BKAKXyZXg6E6aK3m#Ik>~2?%_SolvXD%xs<RFbJepL56fwvcrS&^{k
zVdJRd!^8bq<;Ji`NASbNhljYw7<1a3s2q4qj7#H#aPZ6NI<^%)8m0gbypQkfU71(~
z^wa+W@P-Yhy|?@U%S`0*59j4KPOtx@5E!%va`8>fu;;9oE`33+e%PcI*Ws4vDa_HP
zF?-H&mE9@ysBWtIHelsYuKF*)FAU(@OsmY3gMWk;@&L**BNXy};pI`2HRJD-zlLPL
z4^8<DZPQrBf@W;j<|tTG{>D=zSHz%t8apIN*6PT6&8POE<l-IH)c0gf8tEe`sTzVg
z=GnL1qxi+<TZ3usRLQ3Ys2y>{-AFC<?a|RwC1YVuT2YN_UU)R^52(yZumD!B&^R!#
zT6X**%^()x;s#BQ!3(Ry-a;W+_P_>12l+l}>lbzvd=`5N+N2sNPuJseI@N(aE~Hr&
zK`k2!c*?KH77`{fn~SNOw`epni+oXw+#D^s`=uBdrTW)8JAT(^%Q5grD@zA|$d-}V
zc2Hmt4#Oyr4%5oVCsSBB+j804y<DwT695LZQoN!I@RM;huDw`NGD?Yr34>vrmmsE8
z2toND84(KD;2pL3y`OB}ThZc|O`IL9cae^w($gW(0A0&;)NXD$oy&Z#xf#&$n+9<#
z&bVyHGM=7cB&bo2t8Vy(e@R`Q!0)l+<nv=4#2$*l;;uFy+XVVoAdQ(~<j8*de_Vh!
zN%fAzpt}f#sul5E_GZxhsy69}RLBlM;Ap?6Hh2E!u-U;Yav6P;Wxx=Hs|;DYKJ|1y
z*_>P79<1yZa1;-I_!oHheEFpHXjATd=5puAB;0Y;53%#eAH(zZTK;xS@1A^ui~9M0
z19kU!ABb7~lr}*R;624cabTOTXemLZ=nZCPHBTNTXj=b~+*0fE-1~wsrP;*yQ}X>a
zkOKV>7Not`8s!=^!X-L_&ZV%y4>m(IqJQEc2{V=hHcbe_SrFSvFg<2a5yXfNCbRy&
z2WmtA{{I1cj(`{Pbs-8sdZ=3WsOAnvOSZ`wtu}$<<?s#_;gG(U$qoCMF<m|XB8?L6
zM!VVZ^TY`a(i!UU1N5Gs^GHK{WNR#Ynws_aQz}PM42m9{;7VkyKxI~N>MclV_~4}z
zS;|k;vy}=7^+OG~I-SrM($~as1>nkhW2aBZUzW^NX`w!Oq4{VR*+}zYSi{fS%SIFN
zaKGsoE?30-ZNke%!9^=V)HApK(1MA_6^~?;XxSn)W)f3*wM0qV?yzSZwD0esVUd&;
zJr1{5<s_PF=|Ay$j`HwRLT1m%jQ#iKioeDb%f2<8Ro`sq;n=KJ_&b=7`#_rQ2S?2_
z<{LI<9RBI4aeC-@Wg5}{;Ze9YAtho(OQs+Yx-_Yjs`7gpy_o1v%bP&3?*-yT57HUX
z7og?W(uj_0^v=~T07(u=XHQdJB;=moH{wkwa`A~9UO0n^tEILt$vxm!tYA5;Ffu|L
zaES_PVS1kr`S<sfkpHI=iHSaM=I{%BD(yuAwgZkF%_!;(S}$~?t;l#q(X{(5efv1|
zaK1%<c{9=x{=eqcZ>!SzfyO~1!TEoqwCI)Z>xU3<1V-zmvy)Ll25B=~%jjXDe86Gs
zEYI_2*timlu>8&xfAQcBCCd1@@-c!d#*tghraFn7;EZq#4-h8kmO>rtaekF^pdAl*
z)2@ng^ktBs!Uwz&Rz)SMJ_w9s!neZ^+PsY;!Q11XDWRvnhGBxP&ZKV*B94oq>Dp$v
z;&4;71(#U*!7Ub1&vr?(6n4H6wb!zrDz~%1oSb5z#5VN2=@6J}wfhYO#2lb?#CCW~
zJ%xG<Mlyw+m}8L4?JfBv9s4dT4xFpIIlv~i7WKLf9Di**l@>qhU|aiR;(tG1+*od0
z>Uh~8h;gv9_OVLB?s>1C2HV3#w&9&|Y=%)b9t3tc^CnB5duQ?2d=id5J1lfXQGWFD
z826~_YGN(S-#9#)M7+<w(GNEu1vR;k^%pG<q66Eg5107WE>?io8Wmi)9)9zCeT-p>
zF@JI>Eljmy<*J&8$bg+l>_O-w0-t!mk-I27U&Lu-Y%X7s3;<NhK}h9xq`3FHYRjG%
zY{g$kzsqA^j`76jZI0mP=zYk+$2?vN^u<yaJ10nDq5`3&S>vxUXA!`j)zxG}UTr(D
z*tg63`(u5Y{aBEE3D88U0@fV#v=#<$eFKVO9w;svU~fDgt=+=LDeTWS*K5#n=h)Th
zz)(cdK9Mg|O_r<ZOYbR+^bxd^o2mcT<N8MkaPg)Bs&Qk~a8S_(JXWp;9jc}0VV^|e
zFaR0+BN^F0GGW8kh@sLU@9dE<K%{O+sZWUE8$0p_7269K(KjK{f4`5Qu?+AN6VXog
zA)OZXO=G6OxqLinFZwTHL1jSa0<>kTnjFCJyU6xYU{=8bL;0ieGVfnfHy~Vo0=kcr
z5C)G>p~EK@%OMST^yBE;@OPb**;Rd)L0nN6t&DKB9l_N-=!W_s{iXKJi~Aq!J!uVi
znazSR67|@dqy4$ey{~oyXC|;WRhJ;(r{6j}k&oOW|NGccdKX%Zl3x%0=1hPPxbh^w
zIkLqv;&vSpYc)kXH^=o?V8&R4_49XwDH3hlv#_~O|M7YUKgC`*P+QfMAh)T#ePjLg
z2rxW6i$~JlD2IQbt&3lvLbr8C-K<I^Hax7Et&IM-aO!ThTGd&=hJI#MvV5UiH?(Wv
z#o2PZiadk^j%bk}y{rVj;<eS|5>o2CEyq-}PY$SH)A3>r^xQ<2K^&n{J66CrkXqty
z2={oA=1YH@88MM^h_W3a#t>9Z!ij_WZsA?s7vQKnN2#?zhV|_fI;sije<3Rq{N^lx
zRaVC>-ee>@(E~eV@EV`v?mh*o?&P$8(b=jC5t*PRO7G=S7mLBnzDpzSQ9@$w5ZBSN
z)}ga_(aMqcYp2U0vmbjdTlPn()WSU%2)l$LQFpQPT2MsUy#<gikU_@+{qU#F+MM(<
zG;3izIZu+t5`%&R;&SCyj)f8h>~dS26)b9A<*|;Wg}5+8pq+sJo5^cV8Is}ngqE_>
z@pqqK3JMzDn0U3`uL3<LhjJ^uzs)?95j~D1%Wu7e@xp)%)lnd@7yWZa`3!trkd@Je
zY84FBA2k}t{?t`1S5>Lo?<a)p`3<f;PkS4O`r<%?0SrKZ>~RHa_1h3y1n}_#;fNVV
zSNL|TScf^aQTS(pR>=>m<*{clT=M^7Frb=(tWAtI6M&UlU^kQgA9^E#p6*#`uVI|+
zuh{nVjCDAFoTYNQ-x{Ha?<KEqetG9NFBXQII&&E$6os2g;8pn^@yI=H^KRU^ZSB?F
zk&jNcZ>1~ck^9Saq-|MuvQut}zi9){+wuJdUaf~nhW?ZiTa;HdRa@-JtTCZ`%(J6<
zVYC_%;Kf-b4;lQ!4oms!l<#N`g}_$mC#TX#Z<}YOH;O;0$<ls$fm?T^S9=B>*We;`
zAMn46VH)}4`rVt0tx>mQ;K)P3&yW&Daqn>3td-lVU26&mVT3+XsXm1^49UMj<!9I{
z+;YqzNKPV8j-gIYwGnb{Vvc5cC&rAatHX_&MBihJ>WuqO30Un={A0o-HpkFd4bWG$
z%Ouf;ls6G4j}Oy+`3zLPy_;?h@9p~61s|h=rz5uN9~Sq9(C<w~eK+m*VO59zIxn!t
zZ;!o=E)Uc-RA5bw%&>Q_Z-s_CjFbGuiu<g&xRygj96QmQQ}L{p(A;P?BEPW@-UZEt
z{;$jQdczI?-A8y95aEH|KB7DHb!X?C<(ajIa){8G5ug*V0kITlP7JN{sr7mSXfBt{
zurTD`FC5*3joBdp;Vd(;yn-POScjv(;y0?Mr2BF>7WEG3{Bm_|ezNxNxR|;4S+9IN
z1>;sAQA@=x?Tpspjp;B(0P@-Qaj$^YAkc6Ue>@I<V2k4cRUH*@p)O?y>e&R9WDUh+
zAigXG-ax5ogh0(123Q38FM<@iaA{4D#XU(AB{x+z9g*>RL<k>+S5=E|GHRNd^i!O{
zWc9z2Uw6>h5)KxIDeojGztzLs=qr#;9WO3Wk&pNcrfJdQ)f8egYMey}rZKN4#m%Kl
zHR4@Gi8|I_z{wQiYVDZB_dc!LWh2wn_FXpV#l-u*J=UDS691dltspkTyQ0lI3o_o=
z`sV8EYcW=?@pGkJtLlQw82UjHaCRT-*bx1h5;sS*7)9Jpq5}6hjaoS+1^i}jvCltC
z8DaIMVO37-EfrX+<%ABWFR>7Vt9SqiBCq<MhK8T9TkH8$`Er}*vS!GKaNN3>in%>I
z#gacOA5~@qbk9$CSntcjs@(fo9eVzv)BK_!hFLYRgbI8VB$TTddxQ<=qp&<s_a4}j
zli20o>SC^|eD~%s@2<t#YKv^DwSQwi&VM?b^?v-}Kdv}CXxhNT>7(yv8+?rw^AqOS
z?T4ClZvX5w8=Mp@xn`=dRq(zE8d-jR+)!J$WM~CU!E8E4=Gksf5lu(%V8HnkYx#v@
zn4X`!jiXf}K_awp;O$iJdUstE9Q&#bU=mz{oT%}=2+>n*M=ti2AWTd%d3gOO(YnET
z>PF6e?7)CIBuJ>m&_X6k>W<b(qxg1<6hAH)46wvyXl3MR(-L!2h5%-$(6ujx>w01F
z0r}SS4DytKB|&9|I}tFMl`Fy*Or-;}q2OS(G#8pLL#XmW<{V8t7l>sfikHkc5<xIU
z&mKY1#ieOqDK)D_1)GWH*a*amzKHw~>x+V}=7OQ@^yPwf=UURHK6m<m&IXjSyz-C;
zu-u?KIpUGK{1H%}k8?a1(YNcUVw_oo<xXrUxYtLzh3YWs1fOec@WfGOpU=2l5;P!Z
z*DzexnS4;cDHwS$j!@TabJ$yBNpS~s%Tmc`4z!&~eoM(B8)|Ts)ESRcAZL1h9K>(}
z2)LmvxWScQd9wcND-FAKrh8s)eKo~?Hg~8gq?6n$#%zG25LZPR7mgT7J&9ePGqI$@
zkPk%k00%cop)u54Y>-jg=n>u;QL=vTUu9T^O@n0S3SvW#dIbB+?8v0||H}S!JPT0v
zyJdvi`1uYp2FC^92F8Uvm!<tfU5vi=^}WSLD^YE@5XeTP21S-<TE4ikTD9fWnJi&&
zeCNX(&iBvtFwHzEdK`!XTpm`cDBfx)eFwj@6j3buoOZV}QqSa?kNV*%)a&5wh0OPN
zG7P!W3)c={ZN$+ZuWU8h+$83yv2|%CZCV-oqic=QY4f1xh#7oNyS0vTy`KiR7kl^J
zLVBs~06Cois1xq|r8TBP%j1$>_IK}Kg-%czp9q+{pFHYZ+oj0%4nM{yaI#VkCOBaM
zTLmy+sPtJitClX;n5$Rk-f-%%!gbL9+?LpM-~mo3W*9E_{}H1{s^{*zfnPwfk-j#!
zu$mQUMa<wjW^kZz*phk_IS>U@eKoG?cQ_pt>`txAb^Q^7lSp>hi&}@_ZbS9sSDQvG
z2kMVY>70QbKNRsDCOC?E@I*7q`ggtBU(Fm|r@rDlEby=(<DcHS<mI6TkDsF9&ylf|
z-zi3kQKA66c+=>W(|N)Ga4&F2a9<xPoee%|FH`oGLd(+}c3lBrb16>%8ADNd`8M?X
zVQC<5lZ;!#_T}xLIUpny8r9Lzn5Q@iweGA=V~a#S?^L&^!?$g5F`HVyA91N?iINTZ
z`=-g*`dZ4`na1k7hv@QwENZ;nq@zeSEx{Sc6F(zInd<az;(bBKoKcsNltaU#?X-aE
z$riFX&Tqr!N@1K~{6T{gBUY<*@BL?G`O0UGH(2s#ml(9S)Wb<QfnLXYmzV8x32~{3
zaim-f<{N)SI^$&}<F%$?HSuA}cEri4q{+W2d8cWYT~5xb{uF6=H0r9zSF%a8;Ng@K
z5q~0ktbci$fb+<TJ4+(MDx__8y3Qd23AmW3W!SH<Hpl}q-{c(26C(Qx;5?8EaE#h+
zWKiz-l;bS?SZv^B&!9p*oEjm<_WIf2iGJk|T0RQyF96)A?XKHC<|UFdr$|O^h&IaW
zs&XpZ3s}SZ6EQ2=Sw5tU7B+DhqVW{5NF6M7H-=T|<aT2QUh;hL{(JVyk{i>VOaRz?
zJ`T9eg@{Q=JXym$Szu_qD*t%32zo@Vpp+<Vup1B@4AiHpBHgJqp+aVIJG-L7vLGk$
z{rVM&V1lzh$^7HjNU)IK(A=+{pzVjZN9`@k%(a0l>Qxscf}6J!V?rc5=10-=6rs7n
z4#WJZG1!a(y!Ktlp}9)-Hss5JE;Y`f88#NJHO$O9<FAEul!%gC$GzF^#`{0&XeBe3
zDl^}XbA3Vhtm{>;Y+#@=A+poQ&_S4Tsb%!LT+O3dg^K%jz@ovqSvzjcC#h*#B((I7
z`N!#4ZbKjrwhU(RL{hXv7B80t!Rx6nhg6vW{V$15?B?D9p7P@EK|tbamNJ!vhkllq
z?D))2T!Od^LGfQr#MSVVZ#?bc<rV+d4wBOMs4ku5Ye#$_gS`Q&Bf}5*$$!a**cTiW
z3*EPB@W_@WC}g$ezeKu+Exk4f$pY>;A2jJLEu9+ZB4&CsCAQ0AlCt=@<0&ZjGc38=
zpN1&twbSC+&GDJpszux{JpCg#>b1>Un$6PAE;5g8qzKbWJ-g1sXWSrUCFn`Ir~6Su
zOWFLuNe`<hS?3>dI=vS;p6|Wb5%hV;5_DVF74<m~hYX5H8fKg{oUrY7@y1Eqy%1h1
zl`>2xT{tjl|2TXQgHg+4t0>1^SMO$SV~W*_WKos&((rn9_mH~hcj}YlDw-A)Y}<;4
zoK}k`?tFkC{)^=BQ?qs?3Vt2GXIEoyTJDy7c_u>kO!N>Jf=>(T)Z#KiyL_nrceJqs
z$|n1j^#=F+`jUUOtpdQ=ma^jZCvx*wry6<QT{(Mq7W3RK^GwOhb|~i6<aA%etj&vk
zK}ua7pVo-UAK!b8thqsHlR?-sWQp<I*dO<8XKUmqN59CUz?Kg@*<S`(90MYCm|uPT
zf2$qhd>!feE%e_oCqaCf7nCwjN!jRNS#q!{Y<oHi17zz$-jh^>15Gh<g}P!2eaXWv
zQCrj<jhUjJ+0}POdl}tZ)C>XpTI-E!DD3XcP9@r3A`nxAe`CpgxhdD~PRjkO`Ac~X
ztKwWOzfe6ay<6x9&S<`aDMBn6*|Mm$<j7ZaHbkC9S^m0cJ8(<aH0a+19xXwZ(AFd{
zh4+0t&MGuNoV|M!dwY;jAVEj`OPc!|0+Du5T(sn%T#h;Sv-}f9S?1P>v?c46bD9cb
zk6dU4a@20!$JNFH(=Vsy>|Og7$dQs1T`<O=;DsmGKcvFlGZlPwq?`y5;DiW~X9%OI
zq*5ZC;ggXOX(u}&d_mstO?$b$>Rr8>I}IVo(p$Bs!s8pS1OD!6qjkTsJ6PuB-tWq^
zCUkf+_Kj}7&_3MUIQ)L0|IqPw%MS-GDM2RG?4{`IMGx7~7($$@W!3nNAonz=noU5s
zvTzXn0+!jB_hbMHV%$6AgJG;0Xxu+Ih`nBWO*-mhy6ud&+_0?n95DjUQML7sR$M7I
z8f2?7dD{)czPW@qn6<9O&5I$0^2SP)JTl?}i-xUF@sxAtY%~m4(n~$)GYQSSOy9T1
z3PhV~!5TiRA&btbS;Lh{c@66LJh}a=y!|<CQfq3ApYv3kZFsu8`T27?s+o+>VE)!h
ztEr#_$>HW)&x{T_9HlH2T8K(*X}%Dbebc5U5{@=7sXq~{RXFPZe4tkr;%ES&c&XcV
zxp?y=NWG&asPHGwlP<8&8n?Dz_x~rZ=viO_bYXM!u-?SWMX*1?h_FYRCA~=1CXF}W
zdpUC38EHNrl{e02iZf5@E)um~=A@WPBj4HyXZFrk=b}VorBwQ5CC026Ptzh#Y^m5x
z({y>?7CQ>NCzDfwVVZAS%iHkR4SM}$OO@k_rhK*$+nN%2QoWIk^r6@`)B-u)%im+(
z4a4|z-8CU^hm9*4VXaB4A2Bw{{?m=k`}11+s58gzcP@~o8{U>Rj-(ybA-JD=(`Zcz
zO*(IU`)WQD8NpH;;lR5a>Y6bke>D7YO5}%$Hy^W<@&om}E&udU>{#Ud*>pZe&Kv3{
zCS*Z6G+p!3d*}7Hw<A>vLpXmkt<Mer9+4piYj~fQgqo@#Ht}vmsG1m|I%YjVb~RAt
zh|Doag&FW5%=Qoxo@m94FMMX3c!jKcK+{HiR&VdL$eKz?lGD*ZC6<L08F8n$7l2Uj
zL|k&^2u%vaDEiF`(ilip9sSfjm^+g1It=@CFq7S$sEc|Kx+x-M7>Dbb+_Q9C-69#?
z9>34L`zIrM4!^s+Umnc4bJ4)uN#JcP6B+;+#{)^=Ig(1$+Mz6FM*L?+an-bcQ^%a2
za+fp)yMHv9DpYPV4kE8NT-cS{xjzfC6a^IfVQ4%ZSv;YrJj13UgL!ixhd2#Va!jZ)
zV}f!YNn^ELb3wcU&r&p-g8&)FvbyL8OV-TB0J{aje}kETJscRQkQf!KmVt7B%3j7u
z&x(pfs3q5*bh8Qp0lxeDjF$Smcc&)bJBsk{J~dr(0Avo?qZWOW{*z7d`$5SgNKe2-
z!;v=Q=iKTqNF|B}b+}-wEy#DrUWkwRPP&>h<$b#I_RI++jNWVGhlDAofikzlqo)a@
zR0uM`6}K0Qv_7{5D>E!5CB}md!|XT@x*ZADYSMA$TMfguoe9zhV{OO<g2eJ<daF>~
z^T~h2vgSB=A)LvO|G*i~_b|n&N2)ERN|k$=O<qrC%l%PM<?pe$yTjFDFvxD>`2mWd
zEgLA-OZnuySns>2r*fI-Lo)_n+N2FzLNLqMBTryef+mpG&&e_DjId~>jWM8}3`2*l
z$Tfc0!(3*yQbrP9e!u3#dN-9&X&KP9pLuT09m4ZVAood@Mo3(Aw4xc;ZWBh7jg_)y
zft_!E{+Q*myTmzZU1^H+GWxbotrbo05dz83<ab)0gVp`drD+}6=L|cC;9$hUkzluC
zyb%;#VrfT5?)h6_NF<rj*0zIYTu7u8;c_TGz%r#jC?!LMmdC`kJzKl`*A(W|BaUUe
z!74pGv5uc9W%t+j(rzX}%{>@Lm4kz+-HABqo&;uO3sLaSK~kO!AloMFU9Z0lUmRHr
zUh^TlUO=A=V0y8luDV@q*ihm80R>+*4zpqFhV{2ANtWHNtH{%I{QTUw(A5fB(z*hY
z=_{~^F7MM^M1o^9fdoCmqz=AM76Qf<@5d<QVoOBc<eoY$l-W_%>38JD@gzVFL*0nx
z#vEnIjS%KXZaYhPz>oF}U+62okoBx9B%(K`gs@l#UxyhzU0I4<8+aZd7xkhGC(EW6
za*CCQ$g)O&m$g)c7b{MhDtd`*u$Sm(G6j5}b_AXoTQI2?q#R!s#;>N-ib70OBrWlB
z8=JG8-tTf)4_WEz|Gq9r{wK9#y8rrEm)V{zi*t|oh^Wn5YkspTxAU#nSjQT2&rwv>
zTI}jy+R>8F7gg*G+*~t7{`G$>KnBf?aB`QS5SO^2KTs1e7Cghv^g0u}z01x{v0MH>
zp&ny{Ata*bm<Yy6ubuKa)&VbdijI@ZD*w5vO*(IgSRtCP&Y&emysf4{nbb-ov3oCO
z3?X&8!r{6RbuF3h^@Wjj)>RC|x?zFy+n6Qlei!vj{=4bOZFKEIBVKw~%I9cnSXFH?
z)cQY#JffLU`=6)j1qi&6WI}C=@h;O0_yu}YT`}I|9`VrXNT{0@QmZ|Ja4h~_l2tR7
zno#Z+yzU(?dOYl;yKsA^r4@yFbKV1C+A_n*B!4WAj|&F))`UD(G%^fTX)%Hw+(D(<
z0jHy!R)q@NBd#mGBdUFS8pIuiD273JU5h;~_tZ2@^e>-6nK8d`2ayNU`1NngIT5!m
zz?_1Hdbs!8glH*oTN0-IA`*V_To%yqv<L8!Y^2?zC>_T4hrxSZYYedDjGpDVNpO?(
zg^%Qvv*jF$PX5%@xQ-s(#C)4L{l@4*(4QTR{LdmDx?SMFycQh-uJzj=HnzXJGgIV@
zlo{oVCTIBc(_@+xpMWR>3y?xG96QhgvT1Za;Pv2&o$87HgV!n+y*oX_3GV+Ut@oD3
zhB+*{^QS3L_nX!(X}%dljeeE9*%gd7)qRBWQWJ#U0l$bt+p*fgiZ68S?uKMi2ZQ(J
z#^v#x%f8>gq1UOZ#0N{BBKl>_ygwSbM>Lr-#qZX<;N5S7+{o=be7idwTK3q15B*pC
z_m~@AsZ1<c?c>-!ZxU2~+t~kk5<e5VK<55>m1mzpLPU_JawP6^Ar5b?_wEtZ>Z_0p
z$rmV#&E9UuH+pa6c?3H54l5N<2Om#vCCH8fFEPt&YbXByYiCtiiF)>vdsxsnBsp7D
zAvcJLG0>kp)4cRy-XHsGrZQC>S9OC?$`N@C!mR65$)`lkp7<^Y4RDFkhYyl6EpvX8
zyNe{o?ls`WdZ#Jzbx2d7Nh9gjiab2keP4mNagcfjgzDRKJ_pGY7y{cT`8tfT(Ntt&
zQ17ir+BLgOi7FX;RE>t=G*kFBV`eE&aMNZccV`gwsQk}g<tTLa28jo2oQ<7>FMR_O
zW8)Nk<CJOrnAG|9Qd`jbAM$ikz9ghbTmJOI#d%kQ$fso~@k2@{p|f~(0xl?M;-Ub{
zjk3a?eapXG13hrWW%Jy@IKf(l4|kk<>EF%W<UHaC<FMUx>@=4Lp2D+s<Bxzv3~l&i
zw{~{MI--ZFL2oHr^)7jTbnKV=qAQ)f8eep(eHpkTaYwNKKcr{YonZ5iV-W1E#iuf#
z*6?A2V_6XaTs1?_p~m-<wo{|q$rYlu@{nxsaGQ<?L@;6Ssr<m#j4+W)F;Z&kL2QBL
zU>=$Pg!Dq^EoFKT3~=uiQksmOTp8Sr?}>mkRFI%HV^i$d54hvOJJ}Buag^TVL$ZkP
z(!(eA6<*D1ik|%#QDpeUnZ`O_yYs}M<BFP6_!RmnR<!^=zVz1V_xBkT>8A2z+;UyC
za@`17(eU5G+^{*}3jY-uo8nDLPTI0aVs@3+>5mXJkkfLI+b(UmFQ$l*pnGvmiXeI*
zd1@~iS7OCQL_yippsR5}Li!)b#i@w_0Mde=ggrQoosm$F?O}Ny>G==*xkTmCm<BNG
zI<>S(VXI+9Gb-{yEYtYCDbB*N9GTu?oU?obQ1fwHK0B@=#-=CZesG|CZB!AU6CJKe
zRU12cPD(a<Q0m>2uoM_Q8KaxaFe5SF@&d+VVZsa(N&dnY2G?SG^aXRWul-CoK2cHY
zy#+@JgQN6E_GexGo(bGI^t=z(E;42%>_I0QmFH9IxE1~4d(N@D=YW=#DJN<qRFE$N
z3W#Wh)`hk+ehs^p|KkE^`G~|QHHs}fqX@Qa_>8K>?Xw?}REf1doJ1pvLZ5QdSk7yI
zRIgF_0dIOX<g8scD+_3Gz%+7aI4N+pW9v2EsCJq7MwQMkANi>pP98Ya!V+uYRxl^k
zGX|p&9)`qjrT2s3g9V2Ak_w4-!&zTH&7mcKY%Z)xi`o5sVXyQ%{EnKJ@1H4a0pW5E
z^nPz}M9^vd#TUO{D6kNzukXn9DtLqXzk%vYL6o?6Gd{a(qc{F(nrcYlJJFL-mdle*
z93d0?2+^-l(sZJDU(%;3u21G#c>QgjODx>Wgo?Xvs~CB%(E8mkH0HefRt$A;+z&D?
ziZCuhds&bWqoC{}>c{R|aq4Muq49c6;;Jm^zlbOt2(x*=*9Y$cY#atvA2HAk2w&Z;
z*Lm3gIcdWqqr`p0%;D@|k1<hE{(=!E08AqZdjjMk(MjP9((?#k`cUHL5#qk1#tD96
zV6Dq}X(?6OrSmi_gYndca>nX+6>+S^>)cYAyBG8k6!Pviqe&_3Pmivyr~1#x2UG32
zmVV^ElQwx8YKX#U&Dx{tQ8oXWjD^SJOP}Ubm<Uk}mNBT78=$NIE9x)(t3MNd-bEsP
z4Y#zcf=;C(P-T^S?HoA<t>{F5s%(2AoJ`b%|I8ex&G#C+j(2vwTtIyb=EQCO;%3Z1
zoVfs_I>B+Np_4*I{{0T|usABpkR2PkA=Ar-CFjpo*$$QILJG!Ti~{1^d>c7f8kL42
zX4MWzfv$#6WL#BL?s)7GbqNHK0U~c)p~^KEqvBh8R0lEsFyhd^+Xb!b&F<kkqs<KA
zfscqU)L^NR?L*i4>djeyBee#%9=7}G$#By4&5pcGB_{#(h1~N_8uQ?<rfE5IDA^+j
zjVq`T{aB?#kWa?A?ea*SgRiT~URQGX|2#$wb9yz4SEc`|xYQmMJj%k7OlZKrArj})
z?<P(w?h#H`E@IPryr(|&=ZCFS68CTlKVy!^JmGh}C-ilO_v6qn>8ARyh|bOvj)S#8
zQXZZ^dD4O-E1nYJI^3Ed8#9of=2aAyn=^j)@We5d64N_(hC-5+S$~JF*bN-iVG!hN
z@2;QaRup1uZ%Q{E=vGlQO^#RkWtS&0X}Z><%<84P*73XB6)%!LB4bDYb81|SO16ai
z6u=k3daCCzBq%fXZc?l3zdA`s^kIx0(b6PiP2NkJq1(9_{@`Xw41t&2uiFlsspc)P
zVmEzw<MzA9CsRMQx5UVfi+*{-UTf?j^72zSBH1z{C(q3|g^GvYs6I)UlN##C%C3gj
zWXb6^`o`8>r~ore57<9p5I{O5YP7rxY63js(K~XW-H{mbGn8KfuF-d~ZLx4XHnu)-
zJjHi?N{mOBRg-f)JaPGZ6IZI}7VPTP1DCD4y?b|Z+)Sx4+)x=0whtBW8k_bziP$YM
z56#J-HR5L7-cMWS7=@C8{b<K0m#OHiOU`iznkbX3*g0>;PfhePNG{$xU2<vsx_gsp
zIzE&k1V;Gu-{e}Jv=ox?WWHHF6cI;8+*k}^Gh-}OJRAK@(aiOvU@BhxmA5RMJA}Uv
z)IR?orrrW7%J2IgR-{3?yIWf6F6j;dK|o3nh7gdB8EFvdZV;uryBkqJI;5n#;l1PM
z`&;jSt#PekMu+iv?mc&(z4tjM(FdXLPp}aiX*&N4I;vUk59Fx>sBTY)t0uouiXnru
zFV+G9T=sTzZb?DLPo9QInR5ZXo}8js<i;=98%2;cOy{Bs<f#l(McQrmkO2{;<|_dw
zqClRnLZ`srPZ9KT9MBl&Kh)fY@jGuWs6S1wji9a2D`fQ2M~mvyKr_Ye$)YGlqP~5j
zFMqX%MB2&Ke8_~QL)mk*R`^+kDMoGb@@$$6tV@q0n849u6ZOh+2a40>A$>@X`Aeo)
zIT&~J98zuv)X1TMm|3kkKw#<iO)^etiEW?(1I&Qone8Wt_%l_?xy41Rmi}&Dl?b(X
z9}2`yhaTISw|R%hXiZu%1S9t1qDCBq>hLDtP5*k~*1MS(!pd!C``?aR<#C(-MbzJY
zq`zw%*NI0yE1QrO@}4jSBM&l^hx<%ho?o5R1urq3%cIZLhHNtXBbw^Ru`0emLH5Md
z!ld`LDr6XMxvLI_4P=QR4B@;<>{h)QBUt-!O?<yQOh6A%#Lj|kZ4}LChii3;5*(xJ
z0we=pv0RM<ZH5CT4_ZUru*gI6$Yr_~07yZSUBmJSI!VePTKT=E-m&w7M)e9E3Sl$+
zNE+^2hfmda>?@J~M&KMLBQ;sBU3;;3qjp2BpV67W>dI1rswvs-*`%S_{Ot$DvJ~7_
z@>jv%-y%A-rQmkExo<1Iu)ZP2{#v(b@ZQ>rFF^9rXELqGgyv_$LvtG)E!P(!s=#CQ
zm9%S|(BEY*7WrmOQk+{Hng~@RMf<xeDL?K#j>d<#z1<<@OnJ?g*gx^3TfssMWs-OO
zTkN9+EOI!h*tsE-IAFhXK-$~f2yKbslfK;jP3>%%Y0HL`I0=KpWN`oB;aJ3zHVJR7
zaR+PVbm>8a9!l=AQ(NZ_4lQZ?)F&x9hg-R0YY9gCJ*FArp>4P8gcKrf6dZbly?uz`
zjJcVwIia>}FbrbOz@BfNl<pKpOi<=tq^u&HC@l=L=q_Y8F=Dr>qT9?u?#ZgA>{`l+
zHy@cJ@lczR(+Ea&oX|atNhnh!ja-;-_e&nEKt1^Xvm~C;HYX66l;NDC<P1R}M5QyM
zsAe%w_DE@mUz*vK7D7_TD~-|B$v}FQW6K-MBWfmjB5bBkLXs?6q!8YoG-o1Z1u+?0
zei8Frpwz8`l0s7tbq>QsxfRF6kkhkD+T+>3R;7nGx%!mdx&hSs1tbkIenBx2Br$5Q
z#=Bd?)Fp(1WPb#EbcSZr%A+!CgWaumyBDcVLb)T8a!i1}5=U5+)UYdH-UDdlxi16X
z(@p)C_BgKG>hN3SG0I%L5U)IK?e>T7{0&)?ahq`O0t<G3FNy^8*0%28mImV1YtKHi
zdiJ>g)VKes$|oby-QcCRkBYN}Sb@1L3m+zQAIDNQpNbkQ<smy$D$wA(z*6WyU0F;%
z&U~2e7C|`}E`zA}qTY0)KrkMV+D<K?@tL%x_jrJ5O0Y&sHNw3hR~E*~90~xGqDmyj
zwDF77$R<)_H};g@-l)ty?40-*S6N!4_BO|vnuRi6cErLSK3h9fof;1Y+fnKakJ#ed
zJDZUOmb|gQeT!QCS>*0?Ag2Cisda8*P9%iCg$3Fqd?TsNnkICDbiOYZlAY~j3@DLg
zoq)Hz0mP=>7=G82V1bhNF1DZ?9VsmR=`JyGZ2vG#`7cXTCbo0BJ9A&IouiUezjy=m
zSVmk-M9A1ebWqPXLnbJ-&#4gTld*KziQ(93=1vnIlCYaZQey~CsiXw`sqR)R6Y2;{
zjsP{9T`Q0i4tt6LwiB{m$Hf1$CbzZrDLB5A^*#guiU#V=2p4vo_PX8BRv-+m#;8qU
zU=nF}%n%+(q{Zk>O2V}a-mvx)jh<h;9wvH`WjW}-p(vKZ{M06czw}X+%1|6_)o2c?
zLpm>^6%q!A5a~SUD7u-*EFVHDyPH3=69I8&*t)bw(La8YrdU3j&7WP{_a}NXN9FEQ
zdAh#=Bf`-)2W{k;KAy;DHHjM9UT6n*Ywtym`(?fsHAFbJiG}x3`;kaI+){okyANC9
zyz{r{i(2l&UXrs`z$hld2f?20U!M5WX;2&sK?Z0E;5_(*(wD6@8h3~6TW9`)#O?LK
zab#si@$zkJ0(*S-SmAtfmED;u7vcIn+|S+=EB;*j$Nll!tF|XokxTydHPkUMc2u@j
zsQxi7K)L1W-jB*oT^LmD87SyOP--3V4Es0b_4^)ux>nG?bvSRL1SB3xVF@{2Hi6oA
z%Z0h=5iaiaBI}=Xy!Tntu-U(QDp9IZoH2<Gb1{#!LP>1ckbXswQTv@fH4!{wTJ*ZG
zP*FoAjZxOtV6i$}^rDtw()BO+0%@8TJXs;WTu*!#5upOgC?#Mf){j*4vnKx@-QQ%c
zR*kjxNZcQ>#wiiP`5;~_w)pO8Q=e#;P2ctg7m3w{N$Qo;?P!hHBcDL8m1I6sX-;k4
zA#FuW>`3_Qko&nzkd@=Fb<PVHs{27NmL3Q=6TiQe79={(P97<%KOP1L?$Zx@mYMuY
zG`o79!hi(WgT0YPjCW=d*lvikyaeQ<w1@t`9;MT2#R{lpOt30mj}NpIK@vDd1f9vw
zgRepdPx0IWnVkaJopN5AqbM}8z~<!Od9n~|8evxn!emZAAvZ|Cr{vtOcCX<-qmB-|
zA+I_p#!Q%<;H(HrC1qFtqR-~}s=<b<F|Jj&D(EEtQ12hR(|JG)D42JT={4**H<0OZ
z(K^?Et|ex+b@_3o^}zqYFszR*+S&r>752Me7@Hlojy)GknO$vd65)P+end-t7tg6a
zUa~BDo)DyvmC;d!x9^p|$8ZZLy+%^)u)z9G`q%bX?OxRvr{Be&!`@m_D<la0;&45|
z*fE@ny{fQP%kPyuc=_9LnK4;qQ2cqU*=#nZq}8EJ-s@X$9XgXj%9!>IzDPF8VCxS>
zzYDQ)G&^5nz|1V>7L~5HOUku*XZ|pNPEs@+g?68=GIn0Ci9523jj{)R#y<K?9CVkf
z@sd!acFATud?Fj|P^bkmn=rH((25J>HUms#5V9ub`(=!jnPs){W}a<W&aKv5WYsi0
z0q5Qu0Z8IAZKVQBCCu~41YfY`fOicnyRSNxS(q-Z-Os#5W4t(2Cjs#@&X1G=jD1X!
znko;=9Q^SJ@e%a#A-p>iMLnA~Y*m!#wkgP}*5@%Q{z|=4+Tk~9ldc_tM2ZR3Z>#&v
zWV8V?;}e<l@_Zg4OzDx9Q5hX1ITH!Jqxv~rOS@|-PWm-`2|HI$|H~b`8R}u_zh;W1
z=>}yuCaUO;@~G~tElAQyTq7^_ioQ#t*M;-_ZZK!3w}DL|@XXV_dCN)fF(NcE)Nf+(
z_-f2D@jYSEI2|`(*c;j^E;XyAJ#)Kk%miM9rY!gJ`H|)VRn(P||Js-@Nr+lLiZqwF
zRFbe#@y%Q19B1{R(!+e}zP29A{8{A+2mKvx=wF<OtrhH@7!}XM4f3*_rteQ(e}IO8
z^(6v^OzEx56`#kRo}He*RnifLQ!WbYaYk4-V&waUyY3=@P3|}Z&V5gx3Cmg|kFc}v
ze$!{)f^75=$LUUTP1pOXD{lLQha7gzT1@5_f5EI+Jr75X+|PvzHHT3X(mk;EPVMMH
zwxL)XcfZUri9gf$_DgI}Pa0Q3Lef%b<@sDBkS%0hdrgQp&8eDR;H3O+4#a%3cZ&c*
zUBc_>85MBa$^pJi(oP!%8cPR$X30Z8b$i-rS=X62`Q9rWPt8a`rSZqha7$T)?_WX?
z^?f*pJgH2#uYM)G9ur)RksOE$Hl|asb5R(mL{{#YIecr&*M$bPL*2U-1=~DaT;Mq;
z$8YO!)D?81e{*J}%q^rn7+IT5Xm?$~xK$$b6|7`-6nZFeKDWYO$)=xC=PCu<^sthM
z@{w_-^0$8+3fds@$GoI%%KcuPe(7n5qjZ&=gKt8g?rDh#YW3w{CU9DzShM1E3XwK{
zqy;JWKk{R5{5yJ<BAH}OJIZ$>EMd;KFTZB#sH}u@iOci93m96AehK=TZlU5;n2pDw
zJ%~RbF)@3_gc;#tJ7zYA!@LhUaI<3kQHXN0cLf60X^4(H-m$&MZZ645H=Q{Yeq4ru
zUWAZV>j3fxNwzQGLP_y6A_K<pFZ&2M*Jl&(+{m9%8rw>I-q`@{`t$GfuICPUe?7en
zE3tGei}x{pCrBEwP&S*qCLlUSArVFQs1|BGhKo8)mpX8Kc71D5j+|A)qsz;-e&fIw
zg7k%wYsl`$4rn5arDjKb-53lAcJnNEM9OAy{wb%aW~&;bVI0-a2_ROow>^LVHSbgj
zv4!)}7^_>ll`yd)S;fZoFU!r+u3@_a4>++Y#r4;X+hUw2fK7!2kWba#jax1*Y##=$
zEC0{m_fp5zz7Qu$cI~6Ipdk&kN=wl6+j0IY+TqXfofJj6lISkoFCemd)fmr~QA>no
zk%+2Qlc(jH-V8KKV+iI9*PgtExIGvvuFO>a?syeujZ(HK0dMUcP)_<c^=5orIHZ>f
z_jF1TF-W?bPKyE0ts7shyHkn5Lgr;pa7@HgdR%gOwrtsyT3S^h$v(?0b8`l|IqgwS
zqGM1%MI=gu#xX|LsuzOnGd?_$=tFTuQkV3~Tp*PjH1q^uMHYbvfRs*O?6>BmWIGKw
z>Y?EYtFxG?+w?=ayjo>;jbKAjSyg5Z##~h|5Dd-kYx4L6+94Wo)iqD@)+-RU>pq^W
z^C?vNY`3Sv6st0J+cdw#g@|Cb`TNW=vrZCN3;_P;O#RSzZae-inW}A)ZFuDCii^;)
z+e}t+Di}=OUo&LDRWd>ev9FM=2HQ^=pBe~x?@Fuv7uu1^T2Oq%x=5&#p*jp*yAfnQ
zVlv=7nDdPYG$AfnSAxuWjV}m2s#=+C`V<ZGwsG9+Z1$|(wHS~dl*30Qr{8s#5oq&2
ziczfQ|BzJ_Q)m8*3FNI-FQ^02CcfdjOg;IZxh7Cnu1_8Y;bCpYrRB(YL5RAN|EkkF
z8Q(h@L`RqW@ZaD*QW_VDF~b@@LXHugn%cGE<k0L{jRoj~8j^kfR0i@{^oK4Fljsj)
z>1|k}II5vK>iip+VQh3d>d`?uot3W~l5kG-l^`85i?Zw%O-Dv0Psi)8<4sZoCDGA}
zk~Q|Xd5h@k{f;MBkP|swgPw3HgSS>02I1d=^*OyCwTedeVIP&{Bpzh+%hXzR5dq_0
zq6&~X`KyfZS6-3M7h?Gfh-2?>?KVm<KTqZ`tE#%~o3pH<TP{j-4$7B2FyQ1$&5H<0
z+^TK8OHb%{b^Q|@J43O)Nwp1r5T1mDAVwV2Hb1~KE$KTrUXAUEj5K=^Eu=pYsckF9
ztW8yAoZA3_*Q!up$>PNym)w>b4D$fQBW`*+9|shBCi?1=lcWT8+JBA#%*ZoiaQxXD
zrDBcDiz461k84avW#4O(d=UOxs0+L+xv@+7mG>!4NT~xMfI~na)Z#U4%aQ`?M0>3>
zjLkxo26S<&+1uKu@HeJ2)n^O_NUn9?49E{F7xt~U693Olvx36;Tg{)n&~iG7)G2Ki
z*m`M%>jz6{d63j#$ckHNizMbr9@b&^i^J|(gpMYv%AKRUC<NSj&Wg?R#D#|(Osn1`
zt{@S@47%SPJNTVqe67!h{!Qet!>)zma^Yk6zT|gM`L?m*8byn{Z(SLL&pTu9LPEYH
z#lHc}+Jmtj(s|l?FMD#wZ3$lX$S}5D8K!JIm0aK~zT0?NG+|dg*NPoJ@yNkQ0Pvhh
z0?Sl|lpq)ajw?xjtTZW<{s$6hktt==M)ADHn7<k`tF;09Otod}i^0@w#3A3SPEon5
z=(-`RlKP8wJqTw^jZc-7jx}O)K4Nms`j?JZjk?2Lg=+ODeF>)oz}h1Am(OQtb9h~%
z?SS7~jq4O6h4S~bTmQ1h40gUs=uynT2QJ5-f4Rp+0s%c^^=A^O;}-9X>q|e-Kjs3s
zePUpTJsBqgxkW?$`}pw2+MuH<Ks07XKmIZh9h;emh1VvGQr@NN!h^X%Wc=iH&w*1;
zp$m@E?{n3C1{_~(5JmZ)Lj-C{4QQma>9NmM7u#_EXM%<YNj=m}<&|Gh2m{#|e&^$m
zLe(v;YjhZ-l^}u33eEaeTxV2|y_urkyp@wbdqq&4TK$({;pDTbxgkp=Wy*%Tjc6E`
z%LWwCaGPi=(xkhu`9y&5?Wp(PM)Tsg<~@>~-Hi->0_4T)a-93mh%q5g3f0?SH~UQ(
zoONh!Wh5&a-~`{yj#FRle{!+BE07te_8SM=v4rD?mVH4d^_;Z0z{W2Z%QhYkl#0(~
ztG<Fm2_B1~J|q2w$q@<nnvmH>z-aYs9U=ny8osiB_5-#x{C?4lg~8b%0$Jsoz0E#B
zR^z82rhD0dM;lRJHMNK2loKDdOlIhUjVZmMa9)zYxybgS3eD>7pm2V5eEytrGr#g<
zA?t-KLUeRoB)E&uD`Rgf^ViB4zm@SH^!ox8<?lBmWzL{AGYMdB04|*=V>MRoocvI1
z6EEzaN`$8vWSH0yX3i?*D?aE<vNrGcXSBF}moGhm={yD$o>+Pi_s$urM;eYwSo`K_
zX?=#30~NS~kh#X}lJW$W{N9~PpqW>#A6MjCftwt#7z2lsU*7_LUihO=s)?yU+avHf
zd||ei3u-gN1%yMYT!5kfSMx8GlViayEyxZNV1$C@O8HT`UVGo_tsO3F8h+OgIl+$)
zV?(GbX`%^lAJWxVT$%}M<KsJ&FEV30ob?@=)6ua{$il2p%D`=u``>Lm<o%H&GcfO(
zm*ax;yX|>R;^6?Z_2GC0J<x11(WRLGpdt->+&5T5Ho7hj_Zqk)3x{9ID~X)=nCQ+p
zvIFeV5OlY~7HZI6m)mkQ1^SZDPT=)Qm0>6);{kxObt0bl1o%Rh&(SsJ#$hRjoQ5}f
zTbhmGtq)#>Vm8}&IgJSzqap8l#uS(AabEL1=2w2Qm5e6&&3cejL`=l1`OcxQ(NFTL
zYr?s!l`;uwF*mnFJ^2UWq%&leJf-39RxSrVg(C=nT(8Q$^r8u$GZLpw5i2_$O4Bvj
zKOhE&dX<jh(oOo?LMTLZSHa6}x)LosA3zQGX4_gm@BI4ABmi{71bUCQ7Oj{NljK>v
z)#0p{o*b<%K{4@ZBXDTJQ7}k<CU`y^-|##$6?>vvmnCJSyji(-;06{8&{RM~21*O4
zd*r%FN?3If0(L9b8$mEzRbH&5vwwU_yv-r_Y1$MgU@eww`S4To>9$iWZ{SHKyi+p+
zn{X`~baI=YB@97MlN}wf6B*3VNFm$VBH-T$AkgD3W`Mc0z)s}Kf0{hvGE!<}Ij0-i
z47aqF`nZ+PD=5<HO*$OWmV{~Y3enmUG8W-D#0v*BE3<!A5$VlW%_P3ovn1Y$@I7lE
zh-K!^#art@IT%ATGnIt84hDc~C^Ct=OUK*W$u_6`UF$4utGt{lqsCW;N)=Q!ZYKwY
zZ};WDc2jjqm62Bw>U7Sn99g&qTyffwYn9x1l_;ApXpnAm{5Gju#XD_$jScwFsrQ$-
zo`sqz=ntIA%msoRR<c1biO<6<R@`M7a~ee2LZgK~%A-Z=vhvqplEX9uh1{d((h{E5
zgOgp&6a@I7<=tc2Hk42s9MHaDz~gPqaGUlKixz0~dBk#Ju;^SQd*0A|wyK#FNhD~G
zmA48T<CzNsx!kikeKy=7oRQC056$oEDX>`9`M9?uw+=`<G#=o^$HT~CAV3?xu&z~r
zD7G?p^Mbnp<oNPbRd(~|WbJFGS!G_RSmC6BXt-oMf+XY_&^ZSqryFqR06x0i|HWLz
zniuvVv8nVe07ITl$eN~;pHjX*vvK&d9+mo@ymC-kiZ3<VwgC?;_i;OZZt~NezcG#E
zX5!%!^P4=R*5W}rbfch^SA4{#kBP<brtpo&qD#XEJg2-b6_z{Po1bS^g&X>Evha8`
ziV(l*<Qz75@Yn6_HZb@#H+)El;1P)0^*9+77%<o{PLR0w*f{dIuLz-`LW{d|)CmnK
z=mtQIaiL(^67I1wOu6JP=6=jV1y<NUz4!CiLlzj$s1+L6`d*1>D`^CJ#ir;dd1{Am
zM~8VwbDTXGJ+%5(J$bD=UQEYzgh`Vcvp`$O!LXfvEO-~_`WLo?aU^knTatI*kV-$s
zSiGEL$5DIQvCX@>6?D<HX9g{o$m^Q1!Cv&;c`n<9W!!M9t%j=2W2@+xKq2S*`B2ba
z<VREO4*-jYcnjDA%zyY6I(ee=sd-s@Z+)44ar<id?chs+vfK#Qhh6hFqbe6`6KjU$
zfWC^W%BcAEAFZuDO6<ze{HqB|Y3+=ilus(u>Sr%5j^aoW#(&>!WgN*k7~J0?Y}2dI
z7*C#lOP-?nAT0qkl-S)r_Cv8JR)&?oDpMf#dqmmn`_*a#CsGy%6WOfl_sW^4l%^uM
z-hilzo_m@(jgq1ipv3q&q;JKo0T&ZlN|T^7o4c4u#HzsBjK@eylNAv`s{Zx9^t^*?
zCobac<NDVQ9`jVPbY{RFVw)n*fX8Ye9<M@&7fM5dDOJX2Zf1hfHipecsz68fNwcu;
z@X_REU7Z)I%pDk@k_=tin?F7}7T$vkaDYH4v-6oI1W7n>Z~e8K<9^Nwb$mLID#!8p
zO}U@zFUy~kY!O(had$q|g!5SB;1=Vkgy0-E42fr)@umu$2l?az|FSG|8#Y+4m??wr
zw6)Oz7lLsAsJE}+4Udsz{+Fz;1hUd-veK+y1{i+u!?tY+k*^i9CTzg}3-BX=smrCu
zM~aA4qr;63D$s%mr;%(?cXZeL3neln_v!LgC8ZG1#sh|g(X38{TUZz^bp)$O_Hl(l
zg2+X;xu!}4MwZ?Pt?DE&&j170@=+ttxCBDo+>^qt(20owOADT@$Shm*qPGb2^!Owc
zBmvWFkHMz_{!i#N31vF;CCflWw9rGSoYq&Jsw^!<I;j4eaz_G;xu2DTUw>uS6g{~U
z>yjG-g9|_=2s)wT5mM&kb@HpqeB&))f!gthdj6jm;7P{}FRif-I=h&1H+$DR^CYg<
zah>E=PjQXyInoD#bopcV%~I{fe=FN<g^h%EvdkHDSNL2&A?S6^cYC__F^?77*g-}O
z)eC{mz}}GJVMlv>c<6IM+Sk@=Wi`}ECnrV6FMuGEqfQK4w`>!dw>76Vl^dPmawpx%
z53KNe5#j)|do5i@(!l%U`S-+_eO<ofEd2tv{TgJ^(XcdvauZSILBWe}PwIKs`+l(&
zbi23-g=!dnxf@AT3_1Ubu$6|Er9ddzChRZ%0rDZCr7r3C&l#QkDgnEyxZNx7_q+3X
z8J(8RdC{Pnzkgh;>+Ms45T(h&7A;`cBKb?*6Tg(A;ggR9NKG57lL?K!0L?N5hCjiR
z`~Gw59jU-WzEdg!WzO`*jd_VUAWLy%fC;(=bE{=|Gc#NAV;BM@nRzth4%}Lb$jCiG
zk3(9Z1kThQxTOi7QT_dE2mzcu$J(^1-Ql&}Lp$8uLhexiq;A0tv8?SLyFQKcr;fmS
zLepL?%A2a+xZ%Atv8on8F{p4{+5_{~5aN}9|C9#zDIM<9gxjQTBL0Tr<&omH3Gw<E
z|HOenBRTGO8yoH)xQv>5(spnS_bcKMg7m_tHn3!a;(wiZe9yz<Vfi!prs5mqs!kZ}
zyxraxz^3&mk@FW_dO?g5qtot;6I{C7NY;187Z$%g!~k#8poHtf;BsZh8ywq|PS7Ym
z7=95z2U?65sg$l^F+<GitwBH!4Ux+|{OBX-wkx>bbf74h4yJOsQNTT9;5WIlp%qTT
z$Q=YDu*EMawq40UBqsH`pz4M@fm*z<mx~Hbkb@^-;3?3-1}m(`9vjy~aDm^)@Oe0R
zarJuVK=SODyoL@Qf4sE%*dyQ>g8Mo`WVObN2!JOIg~|gRkkp7Ns4IjkH5c~Ess0=j
zS;S!FYYZl+SN{L;e2XO?C!uHr;uXY>ZkEWL#0({7d>1ULUe2bU(5doZ;*RUIW1e@Y
z71qDBKE$!4r%;f16vhhx{E*o9{^eC^LDPQ#5T~}Y2Tg)g-BXJBLlVV7A3z8=XhLA2
zAJ!*hnnh1Xc+mM@JX~=arr5<4c)!%%H~s`kaSl=|U7U8wB^bhq3QivWw7`GUO3*DW
zUcVRrOGc22(-G~!oVOlqf+^qi1POd3%e<bRp_g@oB)9@E+W5)@{<z49=zD+Zc6ejE
zv`m&wo!IzuYdc*McoN3e{cV&G5*Nb!t#?Q@m^Sx`a{$Gu`sL9jdV%AIii^8=Rwnx2
z>sNOzzQCAmSQ-DUxb)bM*?#-BbUHg|E*NkPAm5|SBnM#>02V+^tEDp1>vUy(aYDTH
zz1>#7SSuS#>jYX9E#AP&$rUap6tdhN<Z=Fcdd2zUvfD?R#4(_Fb^=*}j!J!bRD`+*
z7`{3#X9#BJgvY0*9;c6nL`9jTiCjDZch39%>Z9w2GnqoZ<v&9Q%Rn5JLuo@X^}V8m
zzj^lSBBXEC<Df;o-CWlU@`eB$5Ge(R2YwHMMvg7SpcTC6qQ_b$h?ZKRGqtEI2K~Xn
z1qf<gC?C9@KR?Df_X-ntd`<>TXl0k)`Skchv`IKXM9<HwvpaO3o)$7iHEq<v2$hXW
zb!fzJY(5%OapR7(%}4h-r)V$IJ}_Tul^M4^1Kc+_p$vwJzynwn&BrpHfEb4YtRt%x
zB>N4UPHBQi$e>j?7I^cI>@k>$5hQW9{TM1k+k7?^4BD$T(GU%NRx1ogU-7wd=#zN3
z62c2bbZEOHxxd{^Ty}2E`n5$9&w_&mGviI^Sa$>V%FePjW7vSrrzL91l!BwZ25P6d
z_t?wvv3`A-nciq{KX1YKBwvV_7gpA{zo;44Cqpm0Ere)qFWMeJ`PFy0x8d_xP039;
z$y4B7GCl{xMF=^d@5{vX;}Qa>52bc?ny9?mwf1GeDG>S^Cm*Nt6)T5!>dFxe2eT&(
zb;SmkHcemHGaV3vm|XeV`|`oV@fJn5BYve-{ny{amI>b;4(8{$tNoV&HSsGYQKMQo
z31nOi#d@5@6GP5Z$AD(Ub-2w;y&5HgwYnBPwhWr9cf59A2*sB0Cf;njL)aYi39ycq
zfE8wXQb-sJqO?s%dDOcK#D0&bf3b7cbRL{Lg7fs6?VG71(OLC34lpykLOh<j8SUAn
zG=BXW8AN`wotQ-5r_F`n@lVt#<{?4)cRzm?8_PG!_j|j!(XFu&9hV3y=KP4+N*r1a
z?{d?bhD=O84=Ig$3;;DyMgX@8h}KRkUWbou>*93@fhN!CojBF6vw6AvRN2osOlH3)
zOVSw6VU8lv{#4+u#0i)sl48rio}A_-j3yEtJ#CMqA$>|u1&_g&p6VOV@WVksrp3kB
z^mOJFCmt=v=bW*kYrOO*b+;<bbSNmZ^xh^({*asfD22>pe7Mx4lMlpi(r5q%CVu@!
zA^MIE_a!x~o1{rR;0Jc#AOz50QF)`nT_wQ$eJd{U^P3O|$%20O%-!ZZI=Yk{UDy&B
zO$(1xa(L+ySvQ3R1<}EWh?)q{`~L_>U?Ga^+;d*(B|qq1GV!B+S?F|sI|c%N)~j(k
zpyx2g3VNQBHlMB<UEVjDLWZ7Qw69qWHuLtCR!e)BxnZR@w^kaX0JJ2@-B8I-NlFp?
zCh;7XNG*&8Ke4vYrU5KSo8rwlfaLQ(b3xng|9XK2)477qe{3(C#q(?dl<R~GjBs;=
zb28q|#ZsuLZ)+I8D$kDurH-|8Fj$1T&mvkZ8X_3sn)2z55+?ZS>69%V8(d|}$!*P*
zyWWtM&NA?QHT0*4(-eO2!>u;JeDle;04mKBIe=ycz%i@*6qV>D4QQ|Vc`&YOG|JLh
z8Wntw>h5`jcfseE43LLAzh1ktmf#I5EHEzuhiIebC17I8TCb^q?ZPmnK^C<v2yk`4
z=0o|LxUPj<KD~6A=U=77zr2!=a*h#7KOw70%aP3UEVeKm-7%X$Z$okAc~7}rGJy%U
zGUK5kogi~iJd8I9x3lN%p)>6~-x@t!s*8(r6N=s5LWOdV_sJO9y^d;}4X-~Lojcko
zlXzopj#*L?i8R)BGP)ypbZgqN&QFJToE<0aQFB}m0&k}x4?@OXdW8|IY>>Fh5PKQH
zLfSjGK0gj;kJ~NH`tcvk3WeQaprGMeN8EKNeOYx&&pXqF@Ue0FF&M%b9n)~;w@DZm
zL&eEKKQa(!e31V8ewq^FYWZ6`$59Qp;H})4Kq5H`4gL_$c~gh&j=aok5nupcu6$+o
z&)zTHB>nsHjJL78sqFpKmku$u4TCAvgtqelbP|aG$*&ZjHf12lvE?5-lLQ*F>v(+}
z7aRm`eI-Cq!U}}tB57<>hHcXN3&;YLxN{Pe7*{TCK&FuV<7;w+9vdl2ywb*0G_))E
zEJ>wWlIBtLT#!!Kc3JYC8EK?E5UkDkQ<92nRDPB3x*do1nU^OO1E6nsa+?`~>~bUi
z;qPnEbJYSe^V(xOzwW60PMwx2njTjjRPXr?Y!!nxR<_2?20;LqgaE<Y7Y-d_AcD-n
z31}-S^2_&k?yEuA;(glcEfF9VD>xqD{6La62nI_~nkNVzPAe*&Dj~%t&o55Ju#!_g
zYrxs4cI(KRNLV+dS$4{)$iN8B_pnU%??VD^9KE$E=Ab=(i>_D=R_o=ntBN;ICEuY+
z=3r-mdvHYgjjoDPMHQ8Yr}5nSeI3{(4<0){D(Cl!O92I};{-4dj!#|(9}&1(FNpwb
zvCjBNh%Ir;p_R;Gl%ljk{cwpWu;8j+I_6lLc3M(5k5bkbWa?LB#T)(s8I)#hctg6(
z;C4m7+qJv$q-PB-Jrx#y&sgr#)-xY&F}L|6kB(R=guCOu``tIRb-dwT?*$H}Z33Gx
zQ1<Zz;J8{n@nI%DFdP8umRVb=vCtX^YzeCZU5`I8n-JhqgUnD)$KkjcJ_D4inY{-d
zUl^%D#HZ)XiE}FQfZlO?>s`gic6x?MC@K%P8vQHz1=N}d6v9HGz>p%z-&?MO>aKp1
zfNG`=HchE1I#*&>scsLX^^u7#LKy>m&(v$Lyplq`NeEre|Hrokl<Qve-f7GcijNOm
ziSi$MVuE@Az@aBgF-B&^VuX(sa(onnioKMTVQk^4Ox8b`#z*ro8~<Axs$y2~wz_0@
z%^(a2GUH7yT8k@3K?2z_!Tk~9y4f^4diCStqD{MZBihIs&klpi4!c(0)>b8tDJFJT
z7Du?&`h8acu&ND@8L9Y_i{eL%)-OUPiNbNqE}kw!u-ko0%jI-EjG3qN&(20U^{H31
z$`dg6GoR+X8l+Iqu08w^3)D6QGgf*G+IksQ<HjG&#TR=nV=Y*Dll71l^Zkmun}cqj
z3$akHwp*+f4OCaQfjH`XEswKblc2+IQ2p7|&6}E8Nk;rEEi{jL2LQ6LmjTRew<}zH
z0(MLHL8{|DzOJsq%EgtGHY-Cc+U;Sca{b*n4?L%6x_GqTe4=@J5lKT9xpF=iO&H<y
zaNm`bh68eEluWO^P@7N#R2|;OaIcy}BYCvwF$Jf$AKIAsjW7UNFT0%?VihSwFLBh;
zJm>)i-gw^dWg=7-LEQ9F&=U(m-`nT#L|`+WkKG#88hQv)m8d>yk(fEPlmg&!43{?O
zLS3=1T?E-cG{(|H82A<J0txoNx3qkycZm6yYuyviQY1mGZ**0q@x<^*E-)U%_}A@D
zbM44kU}Sk|L`1RrbZnOB_skpVs>l09q%v-OfLFE^ez4dxGd9_1v$DQ2l@Y&^z66;;
zFMwsMpUAOfigakx3up<H05F8t2{`@z=>^6G^_7EkVR(2LBrzSE7jFPkyW9i$4FOV0
z0S;EM)8Vqr<r?)t-*+&j2EO0Giub+0dZ&hZ018n?Gat|ZMnPHhJ_#~DKdi9mJ8FNT
zE=8N!Tdf6~h(QCzDlE*vp@#%EBB1<`1QtD*!H6S4tpNs`Mh#SJzF>*_OLF)L?X>!|
z`Fhayb_LrV5QUjiZ1J+{V;ZHx9WyfoaD&&FghX_%!h<s~c~wXT0?Wp5e<9BcQ8cPT
z;+kJ2K&@{F1QdfbE69!;ZVaQlK6Tt{VxC3s_g@0llkBhHVdHK?-@odWf6NrnDH3s_
zdcOd=Ig|<DH+1M>ik3lz5RWl$Sm>J``M2d|l8D6rb%%m#ecofYcCnM{gOM_zA{AdA
zhezW?&Pet3d>liQVt!6SzWq3QNS+Os^D1(}({n>U$OKf+$|AHmvQj*~&f?P6>+_6y
za64cIS}m)7fP|$1Q(#qf^e~}lAG}oLG^mh;W4pNK{oYL!Uyl5Tr^L@*2NDjQIS}W7
z9=H!1<Yp|fp$p%!vR(~_TuH&;yr5`Q4YQ!@@y#0^`&NOE6}x}5(zv{S&H1Tqup!tG
z-0%puRnEUwME&0mdqsOYl#dKwkgH?NM@O5)hdqhJ?N)V9w)tDHHY5OEI9v^PT<OAY
zgI5Q@^N=3X@1&2V^Os!(K|^Er)%%+VIMk?luA23gVM_<kA(0$@)4@jA{q6Fot7|Qb
zRh}+W^a|_zKms#!3>%~yz#{~Q<nW4=+pA2-{yetF-=f6qlw=uxvYwK<#b9_c3w9Hc
zsh`i|&Cz@R-@lPO=69MFm3xz%Cq_mnz}KzctEGomGhk5&hJj;dc{sW3vkHULl8^do
zHhhI7OSV%>x(m>&`QFu#9T`x7AkiU-10L|x0Za*kj|kF*L29kH;ORvW3N>_Lp9QBA
z<HS(5Q*+*BY;C6P0peinciFX2zw)UI90*xo&=}0~Q*C|&BbJpz>+UqtUdik7(jR!{
zfD!6MZ=ISDNgA+{ap{q;7W>w-Lm5+hySBhKd29<*%jufpDXRAV+to9LrZgd}yLS@y
zgyVJIw%BI>^DFz^pD2UY(U;S0t(~nt!EkTkYJTEkFYuXtg8%nGyn6Dz=hL@uxgdTJ
ztX8ntq_EzI3JM~FOCK%ahQQTw`T`7i*fUQ4$R<Y^_xa&8)&-RBNS2znzY~M59SKGt
z)1OeNuKX;zfJ~~ocN}07;CAxoOt4^4`;r7>i9r)hJTc%OLgl$t2L9nAf@4x(aW@N7
zT5<IAq6P;iF&34_VG3^N{Q17+1p$CmoT-Eue}#Y>27aD>^~3B6S_1$U*gKx3mN%xO
zGC^@R;-^5L%KynknnxAd(ldL{2s*E{0JQs9sk{A}35L;q=+?i|{GMyUF}O2mwE1}I
z_fe@nvST3*=S4IDB0_fapKzFt>kDR|Nky?AtmIpHwHnBMu&gy+pt))cXbcR^_H_9I
zB7dsJm|?l+PZC7mlE6L=6d^0a5+;n;W4*qE?e=vea!aq?S)#h;<=tm;B4vb&Z{Axt
z$rBPow<Oav=ec@YeGx^MFBVKBWE)5PF3!}vH2U_D9i_vqY#-?tBq%rR(fo1gvYex|
z%%!A~ZzZSneR;zB^=jUP1<>#BExt<&QkldR{q`NpXQ5x<D2do%0yT%<5hNN5F#PNp
z*K>fgTPp#5h1$0iMxPYOmozvKS&ZZGZq>g)i-a<{A8pnCqmG+}2)z#H6tJB}{bOtZ
zAw`91USLOZ@gO0va^>T`w&l0i#qPB){eZH`eL8XBv9^J7wEW<M&*b;5OJx)1+dV`8
z?6C;gN7Yh9zIdg;(f&w~)MM9K%A%`kzhuIP2#LMy&e;*ZU|!P%ywRB0g|I_QJnJS|
zbPq_C4=>l4A$^qC^mtJ~6_tSR^zUV9z1E<?!)tf3PZGB)4jdddW-ngBP1h?R|6JWE
z<6LeJ$W5MZ@&rKf(T{f@>aRAu4tvQTpgs0IE@M2u2P7U`k#cjj;ZY<LgBTb5qUfIS
zU%#-ys(t>;9xzS=2DVH_DW{&Goj}4}BMsGgE)bKE_XhFN?i`qB&Wva3u4bKE>RTcn
zQ5mhx2IRhBqCNl4#>MBx4jel`E%~l?pH_#g*RsFNnrwGb0ee(X{TOqMFS>3ZO#R&)
zX9BtzfPO!EQsxmq%LG$(f+DAWU1^Zo3wr*so%cGx_qf^P1K$pE@j7}Xl-Z;mU%lDC
z@ctGL9NkZD&KIz%2GT^LeXh3~jIE9anoj^f+>!1s9@uo?OYzw64Hy9C+6WRi1^C4~
zoOda+064*8J$^EI_z$DBpsIzd>z9v|ZN?*!7KTNg8DhGZtKojRb?%y|lR9{YB~<Wj
zWl;R>8HQQ9*drJZXcY0tT<m1&mGUD#rj2XAQLX!nim`P`kW84<E`1w9YUYF(Hn|xi
zS|178gIc>kzLWoo=l;pCV1K;^_EB|C{7$WSQZc^!=XvGKV16-P7h`PKcg1Be#FK-d
zgMDB*gVgU+&A(Deglqzi5q@R)v#hloIy?_tHYPc`N*`w>R^3vs-=In;R}CddFWBbr
zg837BP4J=ogIa2bWtFsrg>T;Htpo|KA1LFDRk_x^D7D?u?Aj3=CS$cvu_Tc7`;QHj
zrZG=~h!pmNXLnKjq=P)&us!)0r@7SkhmUGWFq_<tgWP<nDCZYHaG9dhilz<d6%FV}
zaSPY#sU@dwlfT|~IoGO;W%N*TRt4_zgeo0WzoTE+8qbolllZ#+qSK@&(t58ei5aUA
zx87ePz?rSv2>}%}?UYVXD+1|y8f-R2dN?{^ebn#wIy&=PMt51AXc)Dl=%?6+6Th{V
zhZCme2fw?=To2I?F!hI}pv$ua(5?AlCi>s|eW_6^^AGM^Cim127>*CqktDa%Z9F3z
z^s7fS@ezDJFnZj1&mA97eff~tauMa6t8#L8QMORU7d$k&ztH04KDM}Ulj`C&mQKl3
z6Zw=0laDDm;^~Z)3ODAP_BY(N?TFYDkL~dzoO<`uTt<c1Yo*yYIdob3?(gqe6w`k$
zXx06E$9Ld0x;azArrV;0)S{c|nX$>4cDq5r>0=r)Kd+^Mg}&m?RpjE=e*hbK*HtyP
z-&dGPWes)V_J1iDvYMl`J9{Py?Nro=!!J~O-F?32*WGe)`<P4gfk|GW7dI5T;wtR4
zoUVS@{v>)0Fb6%YJ}5LeAuG-e%T7%^qWoaHn_)LLU9U-BZpD-V%GmDkruooQwBDlv
z2atqxQB-1~3e*chlp+~D+D#WLbFswbE}JemXw1n!XR{yKgmr>+>s@o3RGam{80n!P
z{#yFIdzK?&rQ&wl$E_{b>C@(k>AMQsqwR{1Td?W)H$o=~D^BLFNk}D1>2G|I+k!vo
za7by(pm>)eTF_u<7wYF&|2>TwWOWVuA)*)h>#@n-q;H#(EEW?s%Oxh;pMT{w<x=;+
zo^S1u`H$GAJs){j*sfV--&~=Q5UYZVewp>l#_3Q0Gzl4n6axViY+`|>w63GIC4h9x
zCVu{m0v8Q(YOG^A9hj@2zWQeX<MMP8ze><GWWWTnahkt%1uM$sOu|_m&*tKJ(JS@J
z_IazQ6WL>ls^*RkTneG%=LQ^{qiGEhlNA@A0wMpn71->o)#aUUT;lX<dw@EKiYQK3
z&O9u^^qgMnyhvEo_vmXD_A08X*}1vI!Pq`XHA;~X7JtZiwEt3cS(|wHK^qrTlBPF?
zeyQDtyBFrJYbhpvcZ&G!+u!71Pc4E@x4zq8yE)>4tVvGi9NqqiT=FaaUV>q#VQsz}
ze_=A8F<m}vlIn09f=C|h%hBP}Y6_?~Xbf~+<*ULdW8^~21f#oL_@`Szxoz`e+>okW
z^CQ(5pg#9+q-jNClL#`NL9Ih(lFdCH3yG@ZFn34~g_c<FUvHjsF$Hb<W;93(#{QRM
zYIIq04q7kiRM2k4)9<eJtV3obK7CgA&r(2Y^ExWD*H_|Y&E0&RmJ-SRPW$_Z4~)w$
zLRp^&D;J|>-|`}5kI4m$y)qQMz&=^2Hfq=Aaul0K6sR%GL8#B@oBxVqYu(oOHdjMu
zD(r_95vMM8cB>^S(cIrW)VGmNm8}bjGJa!kwC4Eag`tq*D9CyQd9?BK$P5N*#3aSy
z#q0d+8fH*fg<!_Bfxcp3xOukY*i*qZMo*AI)H(gS4r%&zU!Je;>BQz6-ejKVgaL;6
z9SNCBfyBPGq{O~AEK&EjYP&6e$-Iv<Q=L{e6s%EKR0V6C$j|Q<xQ+(ZePIWsUN#9h
z_qW9EW(T^{%PkKsPdMkB@rfN~15N}S6xO~|Oa1r>blgZVNaWr_!o~T8Laz57D$1>L
z#zl*of~d40sJfP7S+;zu$b#Aw891~aFufCwo~&UU$Nhk8Eyu|RUB0-I6k$mk(K9G<
zOB#6r9tO`|c!-%G=01<L4f|x6A2hco#X=&@fF}hWECk&@br7|+wINMnSuA8LS=8D7
zj(UEvc%4+ji<=GI3{^`zfC!foB!G@>%CXE!Y<Qt|YX|f#36yb}$#$9*sJZHVfm#2I
zjcOqZg<2PTc`h2X{4`jwOq>K-w18bp1?sl{5;mx`n{|+JoTj;)-&T<d?X}(Zr5Ssh
zOQeF79)c{+SNe6+($6~{jR|HRmpGN%W{p}MS@iuIuO^9p!RF$`Hw?2j_iGO{*lNvK
zVGb#tId%&)=&{w}Rs~)v(Oj^_%}wzI6k+&^kqx%Ff1x6F1}i|qL03@^m+h>IDtsvj
zJuJ3Fw4%P?+rSPEL`Cwh61U@MdNMh-#T)ooR=O(sMhAL0|Am7m1&QAfR&+pp=1rzc
z;kjr>jKa!)tlzpfm(nyPJ9wMdYLrY7`C;#{>7VZf)$GSh`aN_T&>7dn6!HmYii1Xj
zlt&csEOeiUW4c(ojARi{-k)68l%uNsN7Uo|kPG*3*kU6cx`$~*tfOjN<q@0<saHJU
z95zslv&6qTP@t<O-Ax>M>n~k->bqQEkAor0ZkWiJLIlz3n@=-jSvXbEL1zSIk{Z)|
z0nN>9)oL@Ez2**TOyv2^#jRv#IO?cUuT)<x-4|(SPJPxI+;K%UgT*x1{^B%$mv2gz
zlcoH5RMXl_%UJpJG;q6Hxi6W;BH$C;It;Po(MOfI8}>~T*Z1e!#NZKp@z~D>-IT%t
zdZ?|w*R{XEMbB)_H>hNXgBDEt&7ntMV6T1gduhkL-{sTAtLdG?DGA4aFOWY}Q*Bzy
zp*nWLQmK0i9~wx#${LZWZ~Ig|HciXIF;?)~T2bIH`CTuOuSpAzj)=s#A5_hpR~eOG
zC7{sagm8Bdn>lMCN6$TJP(d0MbnkF!4X({DYNZr?AwkswiUdKssj!3sP8IYX$RrlO
zfZIrv@0qZ*LNQay3ue42)j43*4niw^q?C-{UHYhHLFQ}OdtjX6O2abpekGMj4j#Z_
zP85q9bY}q!2h#cq62Qv{##CF$&Z#L3abA;eX5*p-L#|I5?dKZFvER={GH1?&m$iyM
z8I&?(!}|m#^4Quw1rtBz>=&B}u|*FB;qe`-i82O4!dZwPEpbj)`+gzvymtR9H+s8S
zoyBx1aryflhtqRR8oYRoCwE<7p6%<I);rRf_inP%j|-SwtFft@{RBC4KNwQhI{G2U
zEtEO^pBKQ#N2Y)1Sx0S2(-9arv>eKO4odF9-s{gp2bm`|WXUJm%r)*wNw5Ek6j2J9
zFt|DhZK;93YY!dwd!#npKQgW%hUK&y7W}!*RyGr`?CM`884TMQpW#y55wfj;l}nJ_
zi6_cx{>4yLKNsWMRGhAcO(oh(5T#Ht4;;jlDS8)IhbA3!G;|R#c%oNsC8dNSWV|-@
z<eAMKYT&Ov?q8k}HwF_S1Zu8Xvl4?0Xr!&ZxNiSzcqE;~|Knv7!t6U#v&6Z!JRB2l
zLl3>T2ga{N6mXd7Lq95`y}3zq{W&0yG)B}JJ^(k;B1$*fn66jX4P+&-YxzdMDl@7S
zACC_Ky6VW=eoqO!mGY$J?DwQbwW&%DzkxhjsmSX3?l}k@f_vZHR~#!fSxRjb)<V!J
z&6y3MD$g2n`16E}Fmu%~!lke|!%>QCoK+8Qtb(uzEuXTsFjGp;9Ax;=H)M?2r^<^X
zsRq99GNM6RolkAeQ{xJdtpAe44joJ53hcrU{6!hKKpDu4(*YW{(i&@;U{no67zsFb
z(N8Y~HKUv_caDf0Z9Fs*!Pj=#{hi}#v-cTS#l<(f!;x#04b+u%L9Z^i=5q;`!ygZq
zNG5kTrhTx(WYy^9_3wV6iDmbUYVYTJU#<v7ug<HAlph@U!df1xvF5{=NFs@nRP_uv
zUL-{_#Su+E6Wj-$Fj>dxM@r#4tJtWu^0{3<(UE428a1_a!f)rp2&Y4K_qSy1v^Sfl
zUt`&IS{kV$ySkrdSJxAHV^M=kMm78CK11rK-t)qHNedlRYEciwovDSeF>#TAyPG8$
zwNWeY^WSKQL9~C?<7vUJciZ!%O5`M5Nw1UWZTwINryArLD3DbrXR5ay>}Mb%CVqE8
z9&u*M$|x`F>(h&3jHmIU8N6@yqT#x!Sr?eSYcxp^DT%qZ+(Ccz^&}(Xv1}(T3*k4L
z$aTG~56HWVcX(4Ja}lenY|z{T5qC~vfq964L(?8Dg@iA93<NdXpNq5iZvV>G*7^sh
zc_oFelg+7`7KuLhc7(OBI#UagQW1w)!_)6R>)0N5<N4)Fs@d@+3Lj7eN;dO!i90c}
zxOuTDAv(#FRSz03`R`wk)}~$2SgDY?=<o~64&RNtp6PSOFo~*{=?c$z^03md=JL@&
zeZ>7{6TlE40C(hPU6q4zHo`uHqno965fXNWWBh8Ufu(Mu&&vHdl&%y^{)k^<VMV<$
zjmE?a#HZq?R^pZi&IVPSi8Dhl!<+Ob*~$pYCLcdm|9s}l&}lv{!<bkG5yHA$a2r;Y
zX-x}8xOI?cu+wGx`p4No^^>k5z4%Xwz_4C3e$0Uh{sOt+qz27bL%EtG`8;%m9eTVm
zT`rD#1y8Ww2kYerzA78K7LP%tN)5ix$c|f#<)r19m^^tWCm`Dcc@o|5IO!|VtjclD
z^N^=RR>{gE>R|4WU8t<|%wH_2cjw>{bPjXc+N#EJBOMm3`G9?H^5N;?T^%{(coyZ~
z>b;gI?Ybg&U+z>Dak?)^zhodox?NFsOlF310qkNbJ1KL}@;9X(rxkLNd$}y(5T-!x
z2LRB~fS*He(?c!VQn4QmC)Bj{n)veM;ljwfW?j+S{SP?{AsaNv7i97>Y<OcL(=M-!
zf9ln>%gnWtZf3RAkgGK@l2N{R_Ib~Wz8hcKBmD%)jP2{XvrdA5q$sVivq|AXU{2sW
zNUsnYwd-2NM;7)XWnuCNEjAeoACw4r46No8G_V#am0)Cg-=7-Q?zWdoh(>F$K+{Ds
zdp1UllCN{KX*ySMfPaCewB_85<<DR}ylq9|;mwi+YGG{5uw%0m4)DzU<e*g%qNra7
zQ|mi!g3IluPdrv&0?9ucVo<TDL<38VGP~2=9r}P4{Isl3Oc_;Oj_&eLtc5|_{R@`(
zcPet7U?S>F#U1JG(Y8J?YA}Py--mN}lXP7;@zTD5r)KH5Y+!w5Gw#S!N*2yyDQhDx
zhR$stg_zZ2e9a+?w+2nzHx?x-G<<KZimUXXkhZuh@2B2mSM&sAm!W(ExB0Owx*lSg
z@{8OsCUK<L=QlnovW^#z5Sv4bFX%~|)lkAPzOAv&hT^E@;yBoE_h$GUbgrN0S$+h9
zkvy4go@(7MyiST3H$_@eZS*m`F8r!jQ8XqhkH%i#8{;-tV-|b?{VIUT73#{Tje28@
z#lrBT`t@=>g`Q2kk^!dYp^!J~l{9#gbSfNzL<fEZ&si9>NUF)ebJyy#&Sdk`UT36L
z!@eC?|Dn|mnK`LfBU$gQJZwbf<DOQJAPf%P?o}HBtdmu|arq!tO&K>rk;zQdApL6O
z=%Fux95k-`y<E*VWO?rh3$B%$ejgBA3qD11Zn!)(lJyrXy*DgN|5JH1eu?G?&Uppy
zsgjw1-4CsUfgM-LXZn);_>zTM9ab+2C?+@r#@~ETVx9@MjF_R+=f*{<`1sbDP|40y
z!*C(8^GktTbPW-$c4oa(;3vtUc}#pe{c|A;Fi{`^tKv&kvB@*T6k%HRqqHxaw7c$n
zoBRm|5{^dvhsp0JI1N3#;uRbXqu4jN1YXyiq9P*D#&$ywVaoY4^+#&P^*ZR^MG&()
zf}P?~+|*I~T1A5+fh}O5PF!xEvI*=d%A?t~inuZA`_qJN{xJdYmK}BXkp2Un<L#tp
zTI)US?oE@a+B9-&a!hZ<MeA{_sT}N3Ev;n*m*TcffG?(9)9m)|(gPWDnGen;$R+fB
zJ7o#_JdXaFX088W1X#Jh8`v#sz&vruTn$Ou81uj(g;$D{yF?bJbxTp-!sOwnLsf|Y
zeVd(H6H>lh4TRxUYj*WlqPSnp%dY8$u*xsOkY0QVoNbVbeHohgF%z0H$Yc}81`T}d
zeb`}EZ0bkOna0(gEn{kScRdHWy>u_1+l3F$By}Rkq9rIXGt@K*PfHuIv9WogDpFxP
zx!|!=f?eUXmcF$|`bbsta^ZlgecCiV5`BRPSW)?(*TRn-`A>aL8>fuMes@IRkWf+O
zk-qFe$&mE*Wp#FbLC;n9HUsDWG<I!L+Jg-tKr-UPj)R<o1KR9dV@zxnX)ZknR7MKX
zhe|M=ed)lip1;+RC|kSRo~uF<+I#H=N(%#Ole1rxaY)z8^+#Zb$yZ5?4idOfe+32o
zs;KTEg?(NYXuV#3+r#s26~SyfAMGT*HCET3hp{r}YqDvY&XGN&qOS0xo1w_%R@MqV
z8$tkzP$WP*slR_PLiggl6lv#~^0X2<orFa7XRShHcTDX5OMr1K94I-l-v{Z4CjWp%
z09>P32wSj+YOw`ru{}xb36jcH6ndUHz3s15`jS;Exz8jj$@m5o%7k1>&y2{wl#TtY
zoMbqlm-|>LnF4Qu!QP6#T8WTDUW_3}@#`P-q%&dgxB8iY1(<22oFrSjC~NvFEv~9`
znVw9cUY8k<6kQ5bha+IY9I99rWSH$Q%Z~<-QOOtFBJg2xTBP<&Pryh1!DH?H^osR>
zSt|Nn0%C^pi~zd8ujnlI{FuHIC+!yzn2}tK62cS&d7hq{zo$9faw6n%zo?EWWlnJy
zODgK>5B8Zh^@j>mMdt8WiI#sM=TK`RB!l6_{lc8G`5SY--77PvVXTqvd{^p<W|r6$
zmVH0rF=DxoV4IEqKK9y%t)Izv)l!=Pmcg)-gA2Og)^5erzi~$X|Co9Us4Cm$d-xF$
z4&5LvA>G~GT>{dnfHX*l!l63^k#6a3kOnE~mImqW{w|*9{r%U+x^LFuaQe(#*UX+h
zdrYdDvqryz-zKi`Y*|;Pk~={lEL++Y-@G$gA3|MN7r*)wDd6Ba(Z%cY(8XK5W0KnJ
z*tg%*2ApbVkF0k`DPmiw6<izoD8l{lCvqX#qs;FW$iMqB3?83jv5i{vwaH%FF$<9}
zWF8U13_t2E`}r?r(Ldq65+Yj$aX~5}<!na7uj@5BF$Ef?Iri>Lv}j|z3W?+3#=3Xf
z_iA$Ln%)!!uW`!198lQHQe%8v$?h^0_fcZ-<i8`wRWkL429{k4Pik`Iu(lz2Bn`3&
z5197$a;QshZP@ez5@sauli9nqjFl62<60fyBP5{2ta73`w5p0R^%nJ4|6D}V{NDx)
z;me+S_qEX0>+5xv(WRxx<%h!;E}t%e8lfhYzYnNVfl4qw$$`+XK?{muWaI%hF0Q};
zgy@weFHp}pGrc-Ys`NP10&;>Ti%oi4h$dgv0}2Zv%BjW_;~$HN)Qpz>!6MZzL*`3*
zRIIwCJowXybwGc)yZ0^VhslvJqh%=#md#h#tMaonr{`~wNEIS4VOQIZl0Rg}3&dMJ
z|1d=IzU~7x`;C78&?5SD*pLxYt29Zul<ynRhzLJT%kT)8a#R+an4Qnz74Ddp9)x3b
zFs_pc8?6TNYMlCW&Y+&9kHST@k}S=e0FZHGK$0^pBN`!zI|VF?aDpBFDpQ_muG^aQ
zz#~|#xhh_rV;sY&4&oy2xiBH{SOh4SDtkU^{%wsr<|p~KQa0?OeT&m}mZ{Cp<Od5Q
z>CY|+vqn&^^m-*tk}6k{iZwKb<-w|bF#%P+(0i#19!n_luz$nCBzs1$ff^@~GpnSG
ztknDCK%dD+&iP!2z%gp@G2rEpa>u`j?;QGrqJsCr9!3e3gs!c;F$=Z}Hs@s0ioxWN
zum62PyZZQ$k{D*BE@>p&OVrpX7(KZ!1=+^$)`BworL#CBVmW|hSB!EKP1?6nFE*=F
z3DZln@r^F%Qn*PV(E~d^oGy>Np)iz%=dis{Nx<Q;_W*_G;2T~8&q4Q1%6r9d<!H?K
z){_~mq3Z2Dj>PKGnu!@9D0aOFVmNhUC4yH3?0lVr=Alz8k<}~-&Mh?xEqzgdoJccg
z&ydR`c%eTS?LQ0lm(YN`0Q|LWbJTMUK~^85Qsie6tRVqmiE3Z&DGGUuNf!wQVh<?x
zefr~j*EMQ=0SOeJZMu-NnX7^|j79*~2?F(_Ha`eRB|yy1&J1PI|JB!6-Po{|E_3oX
z#jiKTo*1h7I!fkRcPO#JA-z9dr3FWYz~`v783XNQhsjw5cnZK{eQ3CxUjW6#T3zI}
z<><S^1ulD!XKwc&W_-b)|MY66;~rgw3r)VkRmrYtU^e_q`PRB&sH$0Vj>yOYCNh}-
zz54Chplxovja*M7m%~E#RhQ}5Qjgi(GW<u>y4?YsPP4A{S45;Eo+5F1`BjMU!{-4?
zAR0;-`!6KYR#ZsBaP@+bLt4d^UnMYgXI2PXZe*-NqX+<nIo*PY9{oR#Z-K5si8L%&
zB{`8^y4wh!TXTWS;2IbDw*xzF8dBVJUrdxI`@|i38&&%^RwA5%X6^)aesv^R*EJJ#
zaSp9lD!v(W5yqv9tc(p|wV|aDUesD-67x&K#D_qKFcACHbW_96wth-^>5-(?pppAo
z$L95~)aYftRhG%fCwv(zBA#VT<v6h7N*-9Gg@=T+rz!$eopco42Ka-g;KId3_PBr-
zs1@|&ilW3DA_Qu}m&(5!gVL5RSAV7veJ8irazPU?^+U#Q<h6X5b(YHM-zRIftT$$~
zFkg<lGHpAfIGUGw#y%~a%-Pqi7o#qGP*~>b#h>{TcrRn<Kap^MO=+NWP`%eze_HyB
z#ZFqx0|B&$NA%O7oTEKwnyHRxsjkS@#otZRDI<~;>}T3thS&JSXKmOe=wnxdhz@}{
z_=d<*`8$7be%`O|uG*r1N0EAaoeFZ>wEzs|kpjHImZ0OSWqfhQ@7=c-^(GVf&7;%v
zFDqrS@H;mx6u<ARt;zqgKmte0*=65s#j5MCP5FC|AdD!vt#2Ep<@SN`uBOX_N5)`<
z8=IPn9>e4Yk;8iT$<f;2-Q~v1jSU-VAf(Dz_L}$mCi1E)CU&crmF3B{L2wV0w32dj
zlSfj@S%~FsJ=Udieok3SgT9Ga>le)%)?|EN)oOnwN_*%|v}5FS*D#)QTk)(AY!v;S
zk6y(5ZX!c|YQmz8q?O}h$qa}K=yJdU27-gKZ;2%2#MnjQ;j2=4$5>A8d|12$1jKu8
zRsV$sF?6O_VYQ#3r=#5NY5fKE%J^|Ol0Sm$dUAw8WK8dItAX|*K!^U&=F05x$~HKL
zM%Kw!pi@{&6H<+V_|D;emK>1tNHC6N*l_EzbGNb5eJ<%z9}g8a4Ee)njJya`L>}OP
zG5M<8UbX7DRL@CgCEJQFK$!~7-rzZo|0-BJB2#!Bl+s%}7=`zn%!K0dBJtc?tGNeG
zIGC(_#+G~AWP0zf)H0I0f6qisvkgR59PXeCGJlIvbNSkmNODv->K`G!`BOgcgrv!W
z^HEU>!o7v8w{+D%+wK+>!?u&zKZ8*UW#;pNoWF%ngrkg_AAq>+hcZ8ijIS%g0I44;
z>D>T_ELFH*M}XN^CbM4*Htm}&gd2uslD>v-o^5H|YHWe)b6mDA&R^}0<b2<#=!$%e
zFzLW!5PF)P{k3IH847_)@H+ox2MUA2E-vStM_219_P<wu3)GuEho)et_R7V~Qm}G?
z%rk;9*6>gltfr$ArONvGIWsJ+w}aixe2ph}ys*3!oS3NGa=oTE+v34sqeax2^-pKk
zYfn#jK#90oJKZ!T7Cy&yJ@m!{OCLD+(@5Qx8c6^x30+sO+2PWL8Hn$a{&8Oy0>mhp
zld)i<mHd>$ml-VP*6;}T-*6O8?w0L)zPO=xtRj9XKV$xw5fwQ`s2)=r{uLr8DdrN9
z&-KAiKMqZY&iBzJ#)@2Vff3{6C159sJDQ+=C!AMP)d>y~dpCXSl9$c-JF(MaY;yj+
z-sN50D{nM(i#MNQ@^t2Di9n{7fHO7J#0*HWxe=iG;u()K)#VSY7$K7vgN!5;TVZrr
zz2?JA75Z1%L-bp}Zc9UsZDN83)`;YryH&{QSNU2+6Aps-q7nRa<r&m;Br8=T?I_rz
zmM;Jmefh!<CpHttuHXe}(u>v4gt3`ezU7F~2lGIzOBZ^-)3!rY%(qBcmt&<L{l4zS
z*8_b{lwv#~ExaOv4|T&yft8l4_nl1%xej&NDuOjWh9uGex?C=l8l4ZVsQkyo?9m^p
zxCxnkw^GIXgZATR+b;=cg{lT)aN%qhko8w+edm|&<V0k{EWx5BvA#BFv~pd$;CMfO
z!0QwUS#{<S^fzm3K&J8igidJqcvf`J%}kB*L7u97LYTpzrpvT5*WqM{$Zi0sR{TYh
z*^Uh@eIs#RPwgubQUu%T*ThJjdnfI30_*JDD_321&h783yN*6=l=iI$DHjJX+5rm+
z8zDjrUd>Gd^-f@S#|?`Pd})d#%f|mG7hu0=BeP5Tczf{~9h6nRd?r(#M=YN~&KN=X
z;Nr=<4esnexMQApaMg8m)*&YVN~~fN%A+-)mFIaowa&w%_yUI}@G?>tA*~<njy=!;
zH+T*&Aa1h0a(c)-Jb9ACf)e`uCc7qGCC4~HPV7OVkjSQLIQkzY8YUP*TpPk+|2euJ
z9OOm-K)EIs{=U1Qrmqul7$pqWF9!`p?qac@-#t{T>(EOD2ebQ}>goq|&HnNouf29A
zNjMN5?#`StcCjQb9X7yFf~;>%ATpEr2nD=5GGYhnHJ|(b_B;Vw`hNzMt$PVQ)*t&$
z!j{?sQC5PF-!=vzjokEFPnukTfuOGAb7_Z{F~7tw>g(Dk{?}o75TH&OA7Y5+5jdtf
zMqxQgvG41IFX`_nSbN7N4MCvBKs?4oRBS&oeMGxua=)*X8C%i{c6j}OnJr(40!ns8
zXu|W<`zK~uN-LtaZJeva+2+>w-?2hg$9L^GQ3f>lsTJN0vGr@0A6};V4Dn*rpfb~c
z*;-4;2zI(hp*8aySDBfq%g!!&A@M-zpgN?all&z}QUp~+$xM{LZOH&OL+*vnNRF}2
z`<mLh#I$WNL_zcyl~mv08vFILg;51#b{g3a{X91asZJs7tu*=*Xx7$3^npjn9~AQX
z+E1Jbo(%N&y;A97XXy!%C?gXQk%%|%0j%vJL7iUqrX+4q%}_TwXr3DfS2G7hAwG)%
z;Da{d-p0DL02u<vG@e@_N4KO$kCLfx-Dp=N+PA)leQ5uMK|~#3aw&Ln(*n6^txjSK
z_;!!_()(lv#t<Lo<iZnFuQ8Es3z9g@ZiZZp?jN$Y@5S2CsRIzb%P>4k@eFw)GnZjY
z`(Iq<VtS|HQ_5deUG8}bM~*vEhlh(+R~?WR^XTFG$d-GUe(Ezz4$A&JGpU4tI%can
zlEcdO0YyP$=#{daag}<hW{F;;CxG9c6Cyb^)Y~S6tc3peLf_cVc<u1jX>Cm?%QMkx
z7yVyGZ`#<W)XFlJx-*IkFFcGDzI{ddN=oV-Y!SnER&GJGWF7zCb%r?j)0x$+_`u%i
z%&P}Zx7401Sf49b9U<=6|Nr1jOQ8U$D2me|txAr6a^y?3!fa9XtD^faLEx~$W)tUi
z<GsU|U=vgpXkc6lOI*#jVco-CR&D+-4^TF5B}0x?<ln2v2n@-H{5%3hU-Cm3R(cx(
z{V^v#J0eAE95`I$uix9(b5?M?%fJGJ$|%>ia$A@Ab8sWUM1_bSYQ5iot}bw!$aGaW
zO|y;DoBQ&7Y#eKPhiG^H8(N<HAfPwL9<-~x<lkqMJ+qM0w|Q0UFwwJD(<QM0UW@}@
ziNicormZxb;ss>a2{Xi*;KhN(^@r?6I3pZgSG4yXbfZ;g5TY|ohukgdh$&0ay&n{L
zXSyxDb65-3<QwpWt;PBp(O@6d3Yh1=WF+u@UhRl+J88-Xe_k8VvR`kH)UOO0EeqIx
zZ>i?VX^Rc_Nn(4a)1Us}rPgO=XdfysIbbdBD8^O9kTSY79{Ka|g=WIEM2@kw{;fXR
zw{u;{4Gi${%%W^esh3k=zv%|~09Y3RGW62p>uBLyxho&AGQhS<5Rl2_!iEa_v^CmN
zNFQ&aX}nSpJGL596uHf-zEdY9(Wpq`%hw4vFM^ZK?*StK+Q9>Hy&a}yDeN;|X62OM
z%tpu5JDA*m{IsX0KNhtXhF0ScQ9ORc0Cc#;uX3>oHCzt~0Pta%0MyY?b4qg2YTphU
zM^<4Q?g@}+L2~H2wBsx+Yhy#Yjial^mN_KByy?K>ZC?B&Wcqe|MR5uZ(8iowy8J(=
z^NrmOPUoX2trU67H>i@zxr4P@yCgh-Hfxn^&-32~v)<v0vqk9I>SlZ4s?V`A_fnJN
zDzuZXi<YX2(kHf;%zP2*?SONGkxs*-PDAtNCfjF28}cMEkH@0TW3TArjZw&rQIR*{
zW<6T1a%bK9G+L+$T)KmFy&d3g^yyHwf|no}BR7HsNTXI8A{g2<!jqVrA||lke8=mo
zoE!|tJc%}=&y_LhkRs;0$D|-frXasdg_w{_b~*|^oMX?{9ry}9&MI?qX_?U5NOX_L
zd$l#w<ft@7tN-}sNLim97|8v_Y?>{OM?A}51KJ_JIzBo+NE$oR$o7Xp+@s65bG<yS
z`uNDH1kX?-C|li|8KH^)Ry9UDwDX?+c^PV`fPW*!g@K+HV6}!bgk4~ar)Y-h%Y$6J
zEubS+V1mo$hj7v8K*!uo83a2yPS+F9&m7;P_NTodmMjuUxfY&7ifyl7vK!?KD1f{K
zt23|1Rrne7IBS_z{CX&Ve{ebQntn@|_~uB!@$YT$`_^=~s|knq$N5j{%T^%XVLiGa
zctc$y{|4+;Kms0oa9{@#OdoJ12Z=-iJ3((y-`JnoP=NYx7?g?nji{>A<v-XVfuvh?
zK%ES^93H3V{$s6%YBD=^X_IEFk<7VUn@ZF9D@wghLH3S6O%*#-6Q;GLjmTiFrTdEe
zoi8Xth<23RH9Ox6<|gpd54){Q|4lF@8*zV(ol$ykw@jNpT~f>tw}_swgJ7%O^QGL<
zra1H%(7Qtcf9b<=v-|4Qm71njuu4>V_ZJbr^g7@2L=0bt<+STyzZ*nf?~CY))kCB8
z)+!%fomw)4Fr&_L->2p4l(vVD_g!uGaDMJbVt|ZC8Ck<MR>cC1$E_|5U7PGV8u*WH
zM?O)~LzBIUWu=?A?#%Z-Z%fbH@b7Z%B^4m~eHM$)EZZae!qwz*Zby~*+1M1v%g7s#
zJDgC%1X=uro<2k+Fd_sl4}vfZxgK&D=SR78Grpr-7@gOTlvRyg5-$F>+_`Jn+NcBP
zfZWHc0^b*f9-1Dsoc70&oi^n`Z-Fyk%+W&+SWJRcmQ=&By|dx@`@c>aq%3tt7cQ4M
z)us4`Tl+u48m+Py2f`Kd!(16yC^847X1_&eGUJm=7`o_^-~awfreQrX&ckAcDaa^g
zJy<tO=b&lsE%_S5_j<#}!8aX6*q4biK;%y8GVe&;JIz_-=XH<4nc)$yyP(;6YTnNY
zN%jT_!3R}s$_#%?@sRZ2kGK~BRo{V9TM#f=-h;&4B@JM{kLl#2+-EHo7Q1)yc<JAz
zN2t;&Wv6uVzXp<S#1pC;*{6gQQl|2FZ%$*T6ELM9YDqwfH%=3lII7QOUZzOjL?DRi
zdEg~XpRYKnVgEeREHB(Mfe9Ei0qz<wzNYI^bJ_l$`+ciQau8(I0?DL)AwcMEDNw(#
zV+{L)D)|0IUx#cNd7z_(DJ!&TOF-Jr5A5!*cga@s?A_KQ6}*o99+%rz9+T|)I*J||
z9v?ql-$XtIir}_{6bLUwkr_Quwz!_~{bvXz^)ARJ86q_RZ((Ok^;O63NRBBg`7`@}
zT!8;-F^%2o#ZGVM+OAKU>Aqbw<x-NxfgUMQ3VnY0F;H8i`wA#h{A-`MPWVYwnJLFT
zxaw!r&m{dhfqLd!!Mcw$pg0D<<aeavzI8C;xJ6RGI;CwWDfakMG4LF6C%yU!jbiNs
zIo9}k=Z(hmO)wFeNu}cH&5#JO2?;L*^Qrasb%1vMZ+`B$LW0zg##m}w7=hE%B5YDW
zT${gtO|z|%BcylsNF}`#uI~9iD%)yq;Jvo_DAhfNT;F6Kv@$F+s~H5D3J!5b!IVMo
z%*VQ}O)ALo|I`Ti{t+_^9>Xz;VjrvPC@ZPnZ;m#CNv+H6y=H~o7urn8ABqYrDPZgK
zrR8)TbnxzqV$g+T=s&%VdOA&qPPmxu*F0(MGBU(}xETv>%B6=Lkl!_CE7^ZR7cLfD
z6xN%&<;Gv~9DTfVB%$W@<~_hWze33ZFl-GIUtubpCsp#|GCo#(zUA)1SH|WDsnWua
z1)9GSJ{#?Nso)P{b~;D*>n`0NWwz+~58iyT+#{CT`$S9b<8Dc$o5D~29pil~%l~Yo
zIiUBfyd}7>u&@E+@(y;k`pDqb@N~_&7Z>z+A<*k&cTS}D>2bJJq>n`90S}@0a^3Ig
zJma{JQeb`J@h<48Q=)wFztVFZwQf^j#R9fYKF065SBB}3{|d}_ja@@ZsKr8e_#(bM
zFE4d&_j=T|IL<k;ZNQWnVmxdYYg}GNW*2%~pzPC)ot;ZzsErL|{ENpx0h$qN<Fo_W
zcW6fi$(xT*sU!dV-pOd)-N{4G1O^zn9M*t=IDm-=S#fs6L`*)}p+RumIPQZW=o9R<
zaekLBQ!<t@XmgpaWaC)OSyt*e;v_dFlmL=#nRPG4Y&ra!wBS%$j~4)X@usQ&9mrC(
z(k&kM#y%<Texo%n^W?X1e1vF7%$h13eK<TK5&x(`BY5sTMq1-aVM8z0-SaX7FlYWc
zLG@vvC=vUSvwEv_3aam15sio+Fd}QEj@7Z?hA$#8xV2xe;Ym=Fc3f?>btd%*i+%X`
zM%?#<ypN(ZoLfj5ZS;~mu?ji8j&-KCHwP%mW0Y|+x42Vfq5O=49&7Vmtrjo;NpjFV
zKt9UziKrO29ME}}=t}<b1d1_*tAyz16)z=7E~zpjI&f6|>fF+5U((m^O%Q_g=;9ax
zxlv4I<y&@hPrnR;tOGZWIni-CiSkLD@tu1#>juS|gO~_-BZ(Xp@tk*}IhLHY^TUNP
zMHtiH3g11n@_ys(@p_rk+aruTKp3QIsNVKoqx30nV*1Yoex+>)hN0NN_6)jrP;_)^
zw-*^nSL}MhNk?Db$v_HOUg>i2I|=u#FLx))JoosIGk*7!mqzZ~%%AH8&jg4|=A%V6
z+d`gBM9Mo$qnBm>B`yH#p@vqZIhBh-%7OLBk#SJ|7b=G~@cx1n+8AA5FBayxE90ij
zL6UV~NK?=Qv|!_vk<o24c$RgGXZAkvPwQvAkJCSAk8}_Xk`?7tvXma!4#8edyT$s7
z8~BQBuj`j8KA=CrT`jxuQ1=kSwG{SuYi>tNpG{xNjdpVNMTfgT82&_kAwecSeg;8C
zW09A2M-lr(0x$X9qwk&ETN=XPuhoXd;Y+l3{i=~GlFy-DV-}_3fp`+Gi2|3n9bM4?
z^J-{c-TKW|y5uOGq-;iTMIj1lFx;Jy2kBAE1rohNTVG0f8&stAg#BKbt`iu~ANADx
zUDou6b+cd1=S<&;<XQP={bP6<g9+nsJ4n_hvsL%eki1a|5HKOoHbp{yYW#!_?KlkK
zlVY#q;ifzM)G|`y(2OfHbpBl}9VZj-z+|fTQPp=%2yC+=E&D$~-=%oF-p^mPdfzmQ
zkwS5XBT0(6FJ-%}5AJFO`AsA(`7LqT-x(rF(^{6r0J~5mFd!Ue@6j$deA2+}d{1=d
z(M+9e#^y(LvK1Xk*SDcKd^B(hAAuHW;p2t*UPF5VCdc(4QC%J%G)Rj=n*We`JDpQq
z{&dA)IehvDLF56;RmO8%3bvR5nsL2NuJ2}#_IR@V_#&F*Pf)<yyOU1s==DDBC&1^M
zYFnpy^5*hA9noGd``{<@pHaLAM!~9GqE~4%oJy>$(iVaOsw>4(jBo5ZWG`8~O`psA
zI0Gf6eoXlh={SsOr~G<UL~0}sDHtcwJ;_LVv2HiS=lpc}oj|GAb!|H~y7K93tNYoo
zcC6P8BaV}>ehsQ?I31-=!H=C3@nJ@v`=<j6YNwx8mampVS(0!%oGUBQBnFBl>n(Lz
zwK*d*^Sw-``I*t!G24r4OMy`LsLl*L&sSbt!*;eWAu`bFWs<Is<$}?je<s`?=V&lp
zLtl~G97#I+uo=!)6Zz_by#zg4!oR>(By6cnS5lCIa|VCCkjAak1dn{poZR$C61poh
ztKMw6td7}na>OY|K15-a1;BhG-lV1L_hJOz`$$-wG&3TfDMgxL`+Obom2GGF?LE(k
zGCKJwv1%OsF<m3?H<6pot!G&znWEqMrF?!DHE8mj#BRu$Ys<kU^+;KGbcKDi^t2Rk
zVo8!HRn7G&0WqwJj`-{kt>d&ZDfzy_xA-{>VpfVHS7hN02RNmM%SrL<-*d9F*wrj?
zSr=q&zdvQlFq*0C3j$*EbMh;fMZ32U&Z^`gCqzup#H_D?LEfSWB<+G&`F{_K+7~QX
zLss1su2x0+2T$7S589BQzwW*Xxi*6ad=;{#FEec)c9D;~w|xH>V@|P?Ll>lW;>#JZ
zyLXOYV><xPnXBI=tza`-?Y#=5y!L!ZILWMsYl~eDFtE+w1e>hrh%qR!#woBgU$1?j
z#7Z!x&+XFu1ucxhjLk$6D<|;f!LDV>NXTzJQtvuHGF!|Pe0-8me3`l`&dXOAx>B*i
zO3O_NwJqslt^C<tAqqvS#I9Y0(d0z!o53s==^J!-Xk>c{ieizymuee$^~}2XOqN8_
z-AjnYVsPkrlJ*}^)BP^x;H=1Dn)D@8ZHRC7VN>}oUQ(Px;wiopb`{!3tqhuF7}HyJ
zbzCipzMXpm)yI<57nIy4hcZop6nfQd*yzeh(t&=fTybUq=r}`bm5FBjv1f#uDliO3
zeyvDof5s5@TX#)uUd2ppxfJt$JY(X$1t*wJbz)UewjA|0>*gIl;WejxU-J1+?C+C)
z3SLx$cT92#TC<r`nI*Y)bLs&jtIxS9b(-s(8SGcZsG?Kpgs+od`u^rwv^;av3Dz@9
z8qmI4p#Gq@2bK~zA>5`_Df!fOXPcgq?O7UMcA^HGA^ixcj{Z2De01dmJr<wcANol<
z!C@ws^XbwhT#T&rp>*)}l7bay<89}j3xF{G7iJ{=8;bTUJ&>&|RC|nCCgEGO=;)!6
z-yajXt&=@&(zr7my=>8ILZ4Yo2{5|9d|EZ0^0o0a7AkA=BUxhbdl}vGiRC#_amc)W
z^Z(2Q2s6?IR?Fo7tK1G_LOxxD@waN++1Z-!hxtxpe+=_<6Nd8JN%%k1P@nsEW1Y^3
zcMTBt_u(Gswklp!3XJ@jp?T3WR|l8`<YWS{55G*@8wQg)5>L8VBT0ik-Lv-6^p5dn
zi_2Na+|Md#7rBOIzvdW?*|u`f<ZPg)h7m8x86|4{Vlc%Y<sXNqzh9mCw&J+Tf7(#`
zRF?=N3v`+AZeX#A&r<dddSyr%d=jR(REDB>9H%U(y}J}L^w{CM7UCAXANAQjDwDBV
z^&l3wB}Z~r>9WRnZF=;1na}6U^9==W@>$ZNSeA->uL!8VsybD9j=79wlmoVN<;7f5
zYvJh)Kv5>8snxIdB8Rr<1l1c>+{Wm00o$5=-65g>X<AoX)sH(C=Wm4bsOIv|lI4fn
zd995tt?c|Fk2$ko0PF#r72}wCbVjHl+c9LyvK>Gkpw0%$7Z~_cp0$KR2C%erMN%p=
z|C|$kx)&0WB>w|aQK?_Q#?~sQVsjWsL|pSvs{1HxrU;bN(v-<lQLwUJ0nRESna%4G
zX2Swl(7)oKBlq0<A6{e33QfE;^gcdu+@HH*HWWD~kf-0p43!)oKbi`~@Fmzgy2pLo
zEq_GvJFEAL^n03XTbptoSpmk-;%J5b`0+vIgval0=K5qxq%)pOB(?4Wi(C<~!}6*v
z<RMS0-44`JtpBbTY^HR-si$?qI0C7Xn`#Jj-PE}pwWDj(**zPp_*d9oZ-1rOND-aw
zlbY?58D)@auRhke-oab1T+ggZ3kL3=Mj_y`U;S(cz8enmn4NZq5x-XWj_NDX%)W6%
z-TTj9^CvMt&Bg%4+qx3j0!rqtm}gH#+;~U|-$y&^SJz$#wyXvwk<_??VQ=4}D@ys8
zp<RyTj2+G+f>F;=qiyMNQJYNn(wEy^7{RAMcCS7m{i(aD=RNOlwzQ+|aPY&9^1c*)
zyq;vfrlo^XR??MphzNvM^eAU}vEOZJ1DIC_In`@-Bs@P{7)J@;$5Z3-r9HiOy(3Z7
z<5e1OtCfKA(6wR#srRS;qg+AVyM#1<oXci9hpEB4hp@cq13VR$;>JqY5;fO>_0J$N
zjX;fN@!HRc8(e2^Y_2A|s4ac9P0|T~Fzi2wvOV#m^j`sSAzYrdR6X=E(GHYqOl{nW
z6Q)ufgbNm7n8U*XIcsvNMwF9WayeIMuTP5l9TQ)Zx?<gV-eK7~+nxKM<ommpc|c;$
zXXWP%s!Kd9v1fq^Tsr*1rM*Ol4R#C|a^jDmzhirwv>UnnXEexMUrGr~0J|t5zc;*L
zaR2aSdpXb$G~R;3kRAimg!r|5VrO#Ve~D&~tagHFliJ{f(FEhW>3OOAnVohxH;TOn
zoe=Ynkb(fjL%2T)OiY7u!?O4WBDtc$vxt2437Ac05u<r?g`gkU=auWUiB2zCS6_;O
z#%$*;%%)V2WlBYs4?$o0RQgJOT8MN?`xmXBxJ>%k-`{z1Mp}*XmPkHiqJZijEu)n<
z!}9k@{(!nis5tK$9_5b_iEheX1s37RpzknH+XIIIme*_B(iU@X_I*~PN3G1SADDQ=
z+YbUq{zO)k61*rNZYK4CbUh4X>=IiE`MtsFe6Qz8Y52^~!>)l?aVjZ_w8YcRUvm>L
zSD1;Bds79+c08l{D@uXSsQzlk;umZ_bgFxOCdwwMwxqA-zu1`0fSM4Mi;f~7oTlLN
zrJ$e{BZ7)iW+K6x8Bm#A{Q|gbIQw{%=3}xZ)3ihZK3&_^M^d0Q4WO;6>Y4%ff8-Nz
zXR_*w2$&+%why;u05J&s>-7fmN>)5sQsJf(fEzMfd|&VN8Rv)Q#n=s0yf&a?e0zI{
zU)uZ0f*T6PeTh1oeNaa?9d$*H;AaAiEvVp&UKt&rj1Q&^(141o*c_G!ub3<v*o%5C
z-fK6+0Z<DJZy3g1*-rX!(ph}8-UBv_jb!~FlRNRL#dOf>7yq(wbour21CPH_2Wd;d
zVH1FPjESbDNUJu}CsVXl+HJg;fbpWWKCeVD3?NMtt_~Bn4yAX1)?mW6yXvGPw!jDo
znJ2W^!98$E0m*&u+1ocOI>BMh*=}mQv|jN|6x`y~d4*m?X36^oVs1bbm6eJIc(T<F
zj{=__BwD4SfYLjO9Qxq>*NDabkyD2AYfa__>-XMTOKi5jrM#?-+g%6N3uI89rY${`
z_7!6~bt;Z=YsB*Kn4+aEkuY(j43pPW1xRvS5p%-yWp;}RMyWRgfA{ZeeioLh-<dux
z9T1c9TPzA?JT$*c;orV)DCB(@{<k2uFuOk7P$L#{!C(%4fiCR86G15K-^&io#_~8i
zQ^~6Q31<^YQ@T~ojfstFFlez$^`xqyiUom^;nj{=j-jpYJ6B8(P1YrC6O6}R{;bOU
zAVzR6RpWZRwO7UBp46pHgs&W6aB4f8y{u3iGY9{Ya*#+ub@EhQwlBAWnm+KWIsxE{
z#VgAczok>tQV;%K^nO-xkceSn_&JgQv`s1@v^<;l0Gt1@i6jd({b4>hl26I=xOuNN
zQc}*Ku}i+9oLTRMp}RTXI31JkxQ`Rw@_~+hX4wW}(v|{a%aPMkBTOnaVs^$V$Qo7_
z1?C#m=YZN5!1JH?AlpyK^WU2RfDQ*NHXD&#(}}NFrWde0lP_$2->iR{Pp%moEa~vg
z6NMhL2UY}RR|4?!`udj~O0*OE=*NHK2F`JH+hTI)Ow%hvCQL<hAnK?Smbg7!5m&iy
zbUySZMXhOo>l?dg>4g<FfXxB72pqJ<1oX+o){QWL6<9p>PpdBKS4A{1MJ`7R78nt@
zT&j);E&w)5q&On@bHF-CtvGP%N3c9~uvpHQcje(M+H~<^?bx|_%hgdYqY&XQ>mA8$
zqL5687-|VS!==#m`p`Q@AGoD&h-;7t_);=9BDaO<B6~4$Pmy<37bwjEYq7uJCOofb
zABX8@`ah-mk`TY>idI;r$UOJW&8?N3ybxagRkwkYKOE6Hd0B88FJPBMjtPqfSt$3-
zDb4rbY}2|W^p0Le^Z1(t3hZqOJ(mgbO2r9Z<_tB8Olel3h53*3GKDu<6B@|n_Oe`G
zJFRJs?UD9oWh@7b_&%`yY!<$A;=xt6*VTdR`z7Q+2)b6_&6y$Rh9MEc&qt&%ZK>}M
zTi=RW;q$>($juh^xfkZS$KRH}V(ok4?R%g;7}(X%sBL`gUwZPn;6mK|T%6b-TJ)%=
zVIH<@8aB(M2_4o6UA{N%Rk$<_I(kHALA77MPkZh}Hi%i3P!9mKp|7T-(J1L3h9l|1
zf1@zCrY1t$wdwDv&ul5`Gx*w_krW`{V>&Zvn@HWBO|n~EE|ovF;eG$!rZ52}v<B-=
zt)=z0sJ0hN5WIA|g(Ep;D4=|pa1gD4F|PX33K}$EaeB9WsLkGLAaY*=SXL|=5EUhW
z8=;$L)=xzK+ea5!Gr3@mxLOO=9*zIjo;Z^?JE!bQ+!|EnwU+t-x(c9fq>Zwv_)eDt
zK!3r@0sDV`p;r6R1WPxW5Q%`%Rns88jPOG&XhOwQ5a~QUT6f~fE|%&Z7YP=YoV0+b
z_y&X&dM%xQuEf`xM*McW6c83qR9-zzuhUdcjH|)WVA~mVe@|G07+2nmAFgP%qBg1*
zcV{P_KRzdZ-Do*rX~5i>ukKE)-cs>_NBCiz<lJ?7ZG@}^2uIDotT*rnIq0;k0O^t|
znLN@+R&^~F!s9vplJ|p!4sD;&A0<!^7Y)G_IN~XHx}D8`Afrhr+Ol(pGkW+73L<l9
zydDPugNfBjcOoy!GvW8cH-EKVC13CLpda<LSDt;NwfbC<O+dN)clDH{dCYACMF)R?
z)i(=8V(S(BNMe@DNbt4yqARgMJ&BQ>vAT|5tD~>Mx_!BkE<9PAtAMht7b>tT9cy&r
zbPP>T1{_`F1b$=`Y6eCv0T*co>M1-+RJ?D)6RKzk6tS#;<D#!j<H9clj?OF$@fRYU
z;K;%ldjH-7O$9=)_YXWhBxM3U?>9_s2cgd*Iwc7-@KijjR@BU?{SeJWb5nYUH}H=M
zl71iwsP<tnpSJ5M!ZT2*gN;!dzEAbt(l1FwFH1NdJ19)VFV|Tch@^$<=n?2@O?h#q
zJ9-4hKL*QZy*EU^#YA#nAB5cgndnYjzv|rzWn!r-*_p{1yc#yLr(FqLS`8e>`#g{L
zd7SXgtzU8vdSyRC=o~`fT(Dd`x?mc97ZMNrCd!;}RFVYIau{Be<I=1OH=UTlC*<9t
z<feh4fS6r(__Qg0nOuQp`9oIhm-dw(^4sQcI(I%-C94^#BYfQ-xI+PJ(^q{kd@gp%
zm(?m~q3Y4c91MEYj$!vyFKSOYBI$g_dB+Ffz1@EPBlJLNwFhXefYC~5RaifT*ExsR
zRm|l7FMGAWDlyQ3TSL0MmL_V(6V;^Ju)b)o`jr;*{?^icT-0VKzXU|1)7c@}gLdEn
z4S$4KqMQF0#N<S~Vz1$P`(ftfP>-eW=6=Er(-nd-HkDOSivqNgtftTFf+$qi)V~Fb
zK&{SMPZ2IwfJT!WXxYwP>yPkl6T8#Vgz$(_lZtutOF<VYt~rx1xc^d`+QZsnu8#-W
zA1?{q#ro~w&{n^~^g`(Dg^^5U{MAEweL73y{?z{Q2W=}{vy?xZ#pQ^{^JLlin(%L&
z9ZA9J(MZY&9&RG7KSm#1y8^E7zc(ko2^f5=AoHIlZ8`1RQgti*XV{*&^CrbL^J)8?
zLrU}Ua9{Ar<fY8XMwh_oTdjb6Hx=XDERu5JI~YUX+eTipwhQL#w+Eq=$uk^r*Jl?C
zCsRQi=Eo-=>({S))3z}LI;P!?-4Gm?AEM1bOW8A9wBhlV>H4r);iPTrbnXKUD{km(
zEVR{!EA)Tc5V}y^BpBlWjpsEnO8eHu%H;xC?}3{jOm!D*B;`LsxX}K?Udn}xj*FDT
zPFg*<cn(M~4fINwHw=~NP}EKgcmEKhS2N;|%?gLwdJn884(?RP_t&T{`tT$DcpM#@
zG9NKMVxYkTVQSV<5&y%o7eE3`w44Jx9|aa#*VdUo*Y7~(VhLUxNzgq#Wh&)1^N*r5
zM?M8+2-Nhr0UPjz9OsCTZZQxMK(lG4+Q+fEvGDXmU&~2CAYBTYHlPwObV{{Q(4vgJ
zBO*Z;Gidgg<%KKM3_4-s)>$W(1p_3~e6Rg6f7DW+qdSj^boZ`6@LdbgYj{vn7(SQ%
zWOKQQ>NNf&F7pz6aAlUDOCMf1vc(d~D*o$S6xeu$(jLI%2XP-;2KqrFK*o=}|APd=
z4HI?R-`jlt<#I=@If3eH1>p<^kh?`36hf}&Y6=fg^-_{~1tBU(W5ngun7}}LRYP5L
z5I7`o30%Z%Vj+TCRXw);>m(rkaC<`Fb-L$Vy4!vgHn2PTXFA}yR0a|f5cU1fQ3gNG
zVRRP138{YbIrJHbEL0c#E!e>{{r)NY12g|y&)sh3V3#~9WqgqIf{|&gJ1(p{HQ!d0
zKMVDO7$88A@rza=9H^{^T4Dj30$u=Vsv|S+y8d$`l7$lpF^!`gGqq@6rzEu7j0Onx
zzK9+U26r>e2?}9(zFUqKa-j|kz`xO3U3NJNb*hS%g9Qmms<GZ9n-GFc<pg3<P=bTU
zMRe3!P1fvc*R@wJ7##8`1hX?vBSz`mWbZ*w)#yZMeiwO6%P8bAN*;P3C>deP>v3;J
z?0%MaT~l`}{)_r{<=d}-=qrMVoM5qHuf(Y%xhx2Y?Vy+ac*8y<c>t3ek3#%{LL8ma
zrtpilj}?DfO(V>Uh1V3!%p8mQY(m2z*R3VR+~S4d#Aj9@gNB8cWE_D!#-!FtrP9#5
z2@C^PkYBXtvFV8gNlUq}GnukcJ(CrI_s(=5d6{ir$Ai7;;1M_F)u8>@>0cAhHb+P+
zZtZN-CMhxB@e9v^k7GuQ(9ozCoGo{_-;o9!mJjq|?k=ow()pu1HMZ2e8X@~@y&D$x
zaWzhiCt!4^7`Jbm2hlT`_D-Q^MJ2>>V_VMqdS?bS^3+j))}1AfJ2PUTQ!f5_FIJ$F
z5TE}q*)fqxpu%pk^!j$M8d!e_)c@E+=()2F$e*IO?;nfqK}4<2y8fbN{U{;j<4ZXi
zctl@04r<39a9q65bGQ=n``ob$O-C}8UHx8LK6zrfQLmWUR7601=HfzY%R!US!Nw{7
zMnh%RTITIrSn%Td<|<avT26Y!-~wK3yTF4^RfH%qfgT9p=P4;2Ja<y`_PQ!6Nj-P<
zH9S4`0gbwB%r0SQm)NWgcgyW=^K<*wb92*lX)|sLk9`_>ssyj&y}<KT&*aW;O7A7b
z#XyfA(83hyxvK{6&D~+oPS%`W^DWPF+iMIUHiO<n=x@sau=b43!aYCG-pq1P+$p?{
z0eMKoPqGM%s5E>eX*zF_hHD85kYY)f!oS^&1kxnGbUcq<yt_Rjs}28#5RELIj1bLK
zcYbjd{2KZk0db>$;$i|c6EM$GVGy=F`7_smw3Ql@PL9p!n9peL4A2>S1?U{xmIv<~
zya0<vC-S*5&*7cELvQllTM%py)Cne+XcVeysn_qKQ<dL7ib0Q0p%qKUouEmO0t|)S
z4&|VwFNXc6rQr$o*Vpeg=PCb-)i&#GkXKz~*KER#{w2lBKNpi$ZH$hoC??cm!cE=<
z(B)iMUlf%m)g^ZjtcwFlAv^9)6E=W}27n$wjvVPk-7K9c-(=KVT#;B|4G22YW<``Q
zVKm02p3e1s^_Ao0B>u1F>tP#mMgjCoRqS-Xzig70m=yE6lAO39Kf*8)Q^mXg1W;zQ
z1Qf-cDK=T!a#8H6-#_iQZh2{5TsAx)`1skUV@p-0=ZJL&!BB8ZN;MfoZ_;w(<k8L|
z%OfK0v|cTFWh5u;yqUNgN>BbX5-yaCAxqO!HS=i^-`q7#=%D(lbw>9~?4Ztf;n1&X
zc#}8b^D4nz9SvjsAswOmW_hKh!5a)7HPQ2Ctq9ryna(ajE2so<4$&DICpx0>tQs&x
z@sJ&C%=1w91blF9U)E25*On0aWKQAOn3(Giad@pacB<8v>j+8x6%FYvL}Xjdezu#F
zPqwSz3>{eQ`;c~Z*C2DVIZeWu(JH#D(sp*c1e+=>w*G%yfR;M9Hd^SiP$*-0+*XEr
zoQSgDpo22O%W~h}J$=h7YwPwgx8pMAsR}DAhxo6UZ8NvKj(&OF;SdBzpDe&4Xz4@n
z-}YOPT(MfCtsMt?oE8Rj_w;bE=Tl>Ztsp`x-8%(OHeRf)t*J#ZghC}0r8^asrD<8p
zshOG6?SI}Rm+HAy+b)p$zhFC?Iy&otR&>2VGD+@_{!MP|dOLg5t?<Wb@S(;H{p1nB
z2ooP)#ri#_mI|Z?nh~USRdSSco~?xyhqS$oS1nF+&VTAGzvYuwN=>=GPN=T#6cQdz
z!@-f!(P0ur?2**a;C}0gFt&s8$NP+0IqmiZ`76nC4mC|pF@1f(H*czuR|^@Jb7a~g
zNPxC&q?5jsj{$akENiSo$mit|;Bj+pM@m50*_WN;ET@mHb5Le!UF69l;)@uc_V{Vz
z&ELE0jfn|pXS}!XJ)@)JNzEs;HDu}Imz2a$y9nI2o~c4CExkWspL$kNvufZhH6DDR
z$2d1*SmRU3=Hs5kTDpV_zZ6;YzY@LwD&1EkJmT+5W0hvwc%OxPO{!mpVHoW@hpeW(
zDC;RN+%L!XQI}-UDos>~JIKi#w1o2?wFKU5I;RJN2MR(6q8-BKSZJPa-myH$Ey|Ai
zvyT;r?fmOEV}5o`;&i_2{C9yLg*KV2ZK>yz-epu4@hNY`J*-fbE||_;F4-yKb7p>g
zU`i3rnu(3o`s_+#Pi(|M^>5KARFe1nR?Ymh@*Bn>QA`iji9D1FninIEL}$nNXd`}I
z{@XKSQdU;>zV?~}dG!%@8@pK_WnM(P%`jsy%8BGo@kXB;jGrM5#?2UHzT}*?2E$>l
z7caSv$oDH0|2UAXjum@Cu25=>?Vey1`jT{-l~)oBdd*0wjmffD1swA+NL6yn1Ou*?
z_!Yak<h$p^x^<M?_v2=bX2*NSt_*XkXahscK8NIe4dEvHFhiGWo6!q(u-xeMzvF#V
zI_Mc;{<SXN<xR%<Jv^56BvlRXsB+1nBij638CGX#gY?tuOr`dmmd_ve(OZhbuP5<O
zidj}kMWVGo#eSxKK~5jo)k}pkK)h@I_tR5Zd`wJ?jtbU7_etVdRbAUMUZ82eMW)|k
zLxBC$1%&3w9=YIY8P@x%ywuxoBIn=p?n$V#@M%GOe8PV8yIyDYg4_6aqXD8jG^d+|
zj2|K=46S)nf-PV$=af=JBF}4vvb>WdP38md`2Cr-wa&SW>!Vd|g5sl0hQ^rh_RNkq
zJ5OZ|D8khy_#Sh%nqYF(#|I8*g^grn7k=*smcw=Dei+hfB^z$6W$&Ij)liB(>E_>*
zBMEY{O?OR0SGNl+ptJ)qiI&0X^x-E93;hRAB_w;CA9yOC!!ZfBo%d%N*Mq+O^PF0Q
zooV;Nw?hxUbcdsHafZELhv?_MWbkl0H}kkGxjd`bk)Iunra1<)hqk=+Rs?9`i}m(u
z{?MHN1_E1{?Hc$ZdN5)WWQ5$sk<CX-1J2FpeN|tiIwdJ6NDd6Za-pH4+Uq<*VzT^`
zr^k#JuyVbQ7K3_rB!tV%)_W1Ij|4Kvp)`DVi+teK5hO&eqe@paKM0<Wa<trB(xeJx
zboNG~XTAb@(vWk@RzCr9{WsVOvPO2e3bHH-QpJQsl$52Pqo$R;nZY20$gD@P(<+5u
zgLHXCEm6Q5aJtyN%knPV4^+z@YjaP@)jreIF3w)fs|Qwi+C;4RBgMr#Sz6h2H4Y6;
zPPK1Ut=8$uD)bv+n;baL^$#<XGrh?e&!(3TFOpUIomW+oxcVqYj5qOV&^#B{n8)bp
zy7m>PwQkBhKxyA=<{OKbcWr%d8&8;_OE)W$?t8UQl-rsY@Vy8=?3CfxZ`vkiWL}Qe
z7`B^vt$bY;DspdFAt;A)7$0yuw6+t>;N|O(fN~#MQ~BRv2lfBwdxBKtjQz%lh@lrI
z^dBv*Rdm?rGvA5O73*vo8YoCH*4O$9eckG`tsfnmm-?vD_uU@Qj=M9*7~Qi>m^Jfv
zY(gF%35RTrjIBgS_sDJb?$EY$xC7@xTQ25nFrt2p_m4ERuP>0UMQUH3?5^VTdhKFM
zBM^qX8VH^B;;pggK``<R(nf1-7qBO#I2$OR<w}Fw+{zEE*q1qJ&3F54tg|OdirXPo
zx}Li=9Ru7iHOx-lYnZAw6o35u?;GI{Nnby|RcJ54dHOV*fyyd1$|gJO{<7__dP(rH
zDWVdNEW3_4_@S21KpxIMe>b=+FJbgl<q4~DGFU2beQ2cj!Qtd_D>iA`(eese|7MjZ
zLCK)yF^(4M74OvlDD*{0z|C=W?})eI&Le&9l9#OY22JQqZH>Xu>i!3#)9t?q?mIhM
zvv-r#-X}}JHF#R8r~T0k%uo%iUD+cSa*nVEs{-h8rg#rjp?w=CJ6i|%3p=iu*lR4j
zyS=4PGnD&(8u7_rWtP>&f*t0kpl>4RMq3tPg8CS;82WuCElu)GLr)V5S;XGB!8eTl
zs=!=m*}jHG&T(r+=&V6$wBp0DPgS0u(Vgo(u7O<Ej5xGc6Ps)(>uX2Hm)tX3!hL!c
zmXnuUFesfNbcP)3@a@F$lOiOz3x+T<ePCezW#I8~Oe%P0<&4`evb;ln%a7l-(giw!
zI{}fm;C|U}Bhfy?i*6$R!`7RB8sUHnt?#6D>FmJC<`s~$MVLFgFaA^SLG$!DVpijJ
ziH)M-^jA*}g5KYEf{eLKB=GFo0_FZo9cs_5P|W%R?Q59PdV|ZV5bgeag+Us|?3$Jd
zezCVwLN|>TxdneU)U?92^15>;*z;9KXBK7NIdUcM1fGAoT6NUVu;9Z-{z;?#nc-lq
zvEVQKZ6S*kB)T6rSHIsvv#i~MV`6?%+0$CM)u5H5h@_N9E~)yYIf?otDZpD+`kmZG
zMBg7*WXdil>te!ZUt=v#ExWXf&_(sFPh$xESZzN8_OAF?Eug!6uG9`TNxz~QTdr8>
zF)GC5pGYkgJ2Ad@jc*vV=soFy!vx}}%T}_JBbvy;E6B>02)$cedpU6VmQko#UwWp2
z<zVXks>I0k)aF{>72XqJ+DGKCsk<>G$@T<4RST)$lm9@KXC-=-Sl<u*FUqCa#jOZ8
zF({?-fjvJyWV(TpoiC#_Y|$87LXKHY&4tEfQEr7r>d!+bMJ2L6c4&bEt$I0j=jzxQ
z??o%;%*Ob#q4Ea}%w<342$E=_5cz4z?&-knwy3%$@1UllAN0x=PvI(OV|V4)m7g$4
z1?Ak2;g&kcerV`F-5Ic1QkJ`Z-l)M+XCLS<C!;QR4XGlh2`xoapC|c-7jKe(Kr<T~
zr0N-`I=}!eBW_7g(8d^0#@v^s$xPdN*c@L|-@;<2VpfNzp`4v}<khN&%Ys6o-A17o
zKL$*<TiM9HN!*0wX2^E#J=Z=i37pc0jq~3+4|p8(Jm_El_41quzj>If7j#;FNEPr%
z{GBa7e>&)X*N(ZwcS>k>k#?Ri73+0^^mV5Z$545_YvyS%=SoD@&5Ef_#K|0tTA1NE
zTH7-E_~VrmCf2<>Y?c){V}=9-y_mIG0+NN%IOf}OwRpvgfYvgcF2sV3k3W*g)O>t%
zfBo=CAkNDO=iucNp$D@~ELM_^fy>1N_L8#=4TK6WIL^A)2G(o>?v<ydB@6AFP)26X
zIXbdbU)#4iISDv#O((4_KOTzaO!q(?PQNPh3p9B=)S?3^**i-c8>!N1$Ft#->)k<n
zOn=iLhj&)EAfQV~)HI-h77R!+e6_Y~vce|wbw~vc2j<JK_uw170rBi~qB0o%akcye
zcXG1eanx!?EPRg!?y29Dz|I7<_lx0Kx`m<=ai3kxIRnJyUL4BtL5f_EQ5y?I$?1GO
zzH({M{^tW7=u&<?vM=nvNF;87I$Cz?g|tdP=Yso1D)K}SO?nfF8pZiamCKqd0ashY
zXrgBO2s!@KMV~E$<6)x?d5LzhoYHT~9Va}41B1#wCTiHP7PaOUI1hAHN<wH1blOfc
z=6W7;d6s{zF4o-^#^}ES?VOkt1M&Bs<iJt)Ty09IVSy`8zU5h~(*u5jxGEweE3Sh?
zmm6ccDUQ_{hmr^)A3gePw_KXKvM0HbTAG}_xxSg)j60Y?&lTsnSX8v~JKv!|+fJyd
zyN{>vo+iEKAY*~h1>ZJ_Ws@?zUbC`se7N}aL2=;m3SwuN5hR)hi}WGjcvh<OQh3SZ
z45RJg7#CB5V6_si(<})>=i9}X>fchIh;Y<~e;~_Xa--7VshoMhC$e6xGi^rE%&3dU
zU!ET4%Jr5V|EmOA6=AR0CR}NqM|%8(Vg(I4`CaSW%VQYG+!6NvFwIJf;UN(xq5p3-
zI0X_Dvt43>jvGiF8jM}#Mw%;ldsyH{qa+xEdvJq+9*T_SC+Va0LPex5?Y0C)dRO;V
zk@d!?Gt2Rwwo%SeQmp3=JNO^0lpIN@9(v5>ee>iNj`Q;36|3r!==kB4?BX3}l54Bf
zDKZ(mj(*=^pWDe^e>F~v-+L+ZV;*4n#eN5C-r^kG!6_9O?PRHRP$s(<#WbA20q8Yn
zTTF<5vLc}WR08=4P=})eb0s*RPq)Pj2(T(Jr%0a?DpaXH;E&O{gKTmF-QNESQlyb3
zAA8fQpjR9SmZWE@ltwKWWpRzP)&x1~e<^YlywNXcNjRtKM`xz+iD-%vbgQb7Lc_xg
z>hfb{c@?ESnZYCH=KVFToo~E5EZz4x;fj#vP!0|!^Sw5}X)aAul+G4+-?I}JXPt)S
zB}M}J`p7`N4m*CV+nh?#(9Tg2GBd;V{3?E@dCfInaa|tzM0y>1M0`l+lcgg5yO~s=
zAnkWOCU@9yW&$51jUgVN%6FHd)2YW6HL(d=v-{?1b{y0FR=J)}QqOAwZkt)fqZL}|
z0@3>3=EIEjDN`=Haa%jfobqOSxxw=vT35H~o;CbapLK_vW<E{=-sh<50-)K_<w?Dr
zrH(i|TsIALP_ht8vo!#3+u=r?I;Sdmi=Hqq&i@a47%~H!<@=-9X1v+qe6H9siHCp<
zb6gfHf^fBHtvvmDGwkD#qxi&L?kbKj*``z`uv<XN{r=A#EF}J)J22OW(fq|mJ}=c(
z0DDvyti)d3gJaKj6Inp<JA1L8uckG!Q&2sL6Z5WMQ*KdePzKoQeb^-6Qv_6uzviib
zb5=rM&C-BwiYN}Qc3?{?a(O=ue@MMOm7u`BfCjgb3%bK7tOtV$r`@)@TVugIIorj3
zY{$scW!SX0PKDs>wR;<vu1Ca#yeQ?7k$mszVY6J-w4Yk8$?X1xl~*+^=CQX*^7xY}
z?}L&*tOZB(N$rtHeR8IT)F_{FdmiOV`oo&y1LM2VXX}5G%!gJOmcI8kH&^l{OM_no
zX#~Ix)`LfYa<9;djo(VvtEa{TG}0C~?D7K<S&9FTtG58Ef{VI_6%c9Z5CkvX-6`E5
zAYIZa-6?QskS-|+0j0Y^K)M^GySw{8Jn#3;eBVC<GxuJupm_E^d+)XOS|%KxE{7tC
z`n@-endAn0!n`uS>#x2w?v#Sg>vGz(XRaoEw#oU}q~-DY42O=;`!-M4>!wsUUJV8P
zJhY<bSABr|)d4xkpG!=+hW2juuSwaU$I&8@T=>GAC0kRG+F+<g1$2O+qA(EQ_W}&T
zpxP0<UPgvdf;8E$!KU$_yfYiRA4p*nQc>2CCdcgB(dL18ai~zZj*laiCubjsH7W2j
z;{Bq@ez91+M{&vT3gtU=3-NurQ|gjPfQmrA`Pv78@0sCq`yQy#!xM7Z7+f88Tzj`9
zqqjU<1_Qr8)XM|U0ChcglB98Q1s4oLPHRd*pVz?S?<G(eFq9*2eR|vig9_6LOL@64
z-^Uv+Fk|rUF(G4tSi9bQv>cpwT~fH*cTX8A5hR|gdHx3gF=Jr^rB@)@?(J#b1v5bx
z@Uk0P(!p0+?oMFT6hnN{Z5M>P3&jnpioB$s`n(_M`YeCZ7k1{3Gg{Pl#Y_@3%3q)>
z6pY7YYD+jMqrGxB`J`6OJRuZf_({}Oor%EWRnJyEh6@B@&6R3yV@@H!K~k&R)T>mg
zHazQN=Jq)xVghF3%y_7T63b)3-@Dz&EgcFY*e>#3f_fW|?N&5v#*CQ=2@~lS;gvVS
zOCg&i<TEHvfB{T`vM4paE@y)m^)?y#wb33Da@#g<XUmF;uVOJ9zw>y{#AWt)hX`{+
z#0PHn2aTd9H>o<y#a{<-oe#~sJn{le2D|k^{u%>nLGU<m4~yG^a>I1j0(+<biYa5!
z6QO1QH8o+ra&iyb(jpp|ZQw*&iK^8GoF&LudN}t48y84)gULMzZR(&6@Dw~SSEU6j
z3a1bP-fARJf_-TZ@sjH5DI=PLV#FzgTRO?<3@2Y7UH4F%1`zK-W0X=1J-lTo;3MHd
z$rh;`s!;r`*tX2|Yt1Iwx+rTAmIS*@Iai{WRFH=?QGgoR;ZihxjbOS=pxQ4nL2^;>
z`%BJKFC2{sA4kzb)%wX=Q>>H%vj@efR2shSDbTRg_@#9f_owir@j&h#pmn7ta^;+O
zwOhP`{X0CxA(y+w#5HWAw>KydYjdnXJNrXG#vM&sWj@C$cL@;)kms0j7T~Y6BD_eL
zh10e4pArTspiaW!gixENuYQ0{(WaY?<!kkp6@9w?s9utSgBA@9feAKyPXSRyw_x0C
zLUXxXOpTJ~KHE<M_3YMN$87w>wTYgS4U!H|d#1xPCd|4f00$=>Q|)(nKZ-ZuU9C2r
zWBT>q*=PE)@DBUjBi<eB&4&vaEX^C%t<%AnQkVv0BzC#ndfu`S{v8fg_?cbWm>FZh
z^L=~kS7{^3>@u@LA&*N$>EWc#1XH9wIXU@beJ&?qeY~ckgw{)N3@aZQXDK7V{~GQB
ziDTQ6WRkadpxsJ;CbRP7fSrjbil#G2BMZY!`WdFVS*QVC5eIMh<-}!h7w}lO6$Uo$
zQ%KxSdd--l3P3{1C1c6_9k*q1&l5P5ZAl!qB<F64*30Bo$4bynC<gIr>HE5Tg^uaJ
zKl2DvyVww@ZM)EZP%9+nsLhn|gBqH-;0@(F@_=SxaQKaoOViZPH`pT|JstHI?4t)l
zg>8YVQSI4rhoTXuHW1iLFLze3Kkr~liGYI1<@sg*Y~9IAw0G{dpk_=M5O)X&g05pu
zsCa8ME3}J51Lf_<t5znrqXna;yCJjt;|>yP>>MDl3czrm%&7e$m_@HOYG55iyyWYO
zmOA;iAO3M;3)$;><pjUGl^f_Oo3dhNRpz7u{mjlR(Wi~#TEW$6eMUoO{F}|a%$v(O
zeZ*imr2#ltcCPBP$Ggn&u`y{8k+<D~cW(;^LuXfh<~I2$3JDC}ob?h3+~R<LmaO2@
zD$1{4^+XTba1|^J68T?;i2oX2oz8BV-Q3iYgX$sx{wX#}wX;lWgTLs?wF8?@R~%?h
zjV&!mdRV?x-Ea=a?J%9&{p8lW>*A0lAvu-+1EwW%xSsT6^$L`Nt_x6VDaT6Lf<l{i
z6E^)?Uq{51LUB7utF5B`p+GP5<kQ&i&OA}0zvGSbaFq4O#k}RQT+a9j#zu!59CV~X
zvEh-PAtm)^$1XZfMasqHCBcq6^?DA-^FEnLw+*<;v6UYStBsA<<C2pV)YM)c9O$|U
zj8CGHuAo!qgzoQ)_}rfGTm0fdLG5KBpz4tt&Z*6hveS4^gc*%W_x$w7kNER*{;_cf
zBV*HbECjfbo%7s0<Fm72JZie)_8mKAEiDeC#q%m1Py`)&Gyyfypx_O1$~=`%pNO#r
z<5rke6P$B@nvO3n0);0kBFqsBXXD&0Ll$jxm_=vz12rsZ1X+-y+LfgsokEl)kE3xQ
ze+5vGldEMG*-+uVrLUqc;{IX^DuVw;o<aSlT^4L>j<d(yMQ%i^{NTmf4*y}34)9`w
zC2{S7|F~&hex-VvY3;JJUTe#*1D!^BGpCGS?#<!JTs2>U>kfu$4)^lKudH^T^tR4h
zJkvRw6bMVU`Mno>TZr3FA+rrf-CiIgYRFeExwleM4eEMd>s(SW7}bX3HPHsA_gJ<@
z_I_5mLp=XNWfui><ud>JE^%`+KnGFpPal%JJkA+>o_5HE(jS2K7yn?W(Gl59FpHIk
z+fi{xn!p93@BJx9_qUcokcM(f_>pTXUZ{*y;ae`{m(``Mnrm)b2}Nxceqv+w&tGiR
z+Zwnk@vMS{95_RBVd1c@u;k{WqMhD%O)Rzjg{>TVetLGbg%OK3kjhYGUD$4&%qI$f
zzwz-|LcYi8OUl$fOh!V7*ja{1qvx!Wl8ejkSYDPS_%op?O&R2)9qYa9yb4GnLsEjC
zl)E%4XkSpyhsNi;5y`E6e1I}e=k<b4gYBE7!#UCR&8;2zft6y|;QIRm#R;EBvcV-i
z@|*4@x78R)p2x%2UZ+!y`(D>9VVL8iPH3lXR<<XHG1J@+qb%Q=&t588FLdD@z5B_O
zA8Tvt>Cx$d;Ojgdr(<4YR2AATYE+Rmru}h;q2L17`tSv#FMcBz)TZ6<-{;O9<P|*9
z<OAY(59GI%uX9vBAY3E7dI0CFNR3XdFw%}23XBvC%Lo1(xP-%SlA|MBvnXgVYah75
zLIxCsyx(4-BCn+N5i@SM+Lh1xwXLF8!Uw(}u6-Tg1Cu(bz`TrCc_N~2vKCm<H-Q`s
zyx#CpC`Cqn+A1*-B`Y7Gd&HR$V%g)OAfP0gG3u>RYWv^C4FGj%Ac)n!BVyw8`2u>3
zhygt&_xlJ3<j|P0g%Ko=;mI`kA@PYX$gq3{4$(PFLuQ+=QC8Z0?3<Lvj(%8qtqg}u
zZvIejeq4*2q@@$02#RAg1HeScQuDD}y_sEFg-u78U~3wu0HXA(_-g9yPec5R?%u1B
z(W;{3ck}ZjGMe@m&Uc)t=)~JQ`iTe`?OPSkID>R+mGy4IpS7|uF4i|;${q#2c851P
zB6UB0e4>A&KPM%HaJurkyZ+(wH4RhgbEDwCa-&{0yT5%wN$h>j1LUqVMwKXP=POd?
zY&_qqJ^EZ7l3jZVQc{uS=5IJ`rN40m?wDsIqKb~skI%Q0fE#R$jdx-<i7!U$a4<Sb
zndg;3jrDBj>!&+XHQuLZYzI_hhxKNJNS*kgp@06-?w|V^pXXqGeZOZbw@e<ruhgC)
zq33ac>r!*VV5+NOL}HHb-e43^>nR2*N@T!oRzw87b!nJwm<Yh|8B`f=h^@o2<m4Y!
zHK{J&lf**cysRD@iaGzE;z#E$hw6VPQ;db9m9)$CdPv0-0_n|MRrfNwP+b}?#=A_L
z%#zNvs**WDUiv(fq#H&n{2z6?qDJy)L7T%PwZz?Hmpm;QOvh-MW+IdFzMeb=MyQ8F
z!^e@ipT}KP^fRP)H!^!<9#O^h-$AVKG9F0~@l#{2CSx<*L)W311=Ml|BC~#uRWFPl
zl;q?ye;nL8FAlGS$dw<rL{($R2zsq;WW}K^H=d6*ow+d{ba4ISJbFBLk-sWv<V;;K
z#;GjF@t{IgMzjbOf^azCJ@Asidc<gT-X6vMU5XmmzVh0to9QpltMD7DVFb4dAR+7J
zb6hrCa1hvhK+;BZ8-U|Cq<QjB64FzGcrh>tk$=oo{h;s8@Jdo}Mfu)_*GD$1u`Vp!
z%y)HlHglW)SJtK+3`OR>l)5x3!4~65e<+&{_ZgYIyNOeN!ZAQ9)#czbXUoEEiQNK`
z2hkeh8HsF29O6jod!yRd&5RAhUUW$KTL0^TlKiCjQ^51puzk2}RI$2UHoaYbWDB>`
z?hhVA?OTQ{-isLy1f{&EOU(0nd+xLeIvY6z;EhMU&FPpmD{P<-MxDGYmetsJYM95o
zX6WY)2p+oA0*9`A1-}dO^DAAac2xQYxdzwDlr;4uLDmv~m5>}6#8b<c>#US-H_pD9
z62}|pskaHFXA=HYt~kl5M`>Eo28%<yewjFT^_{jEoH_uV>cXE@1z-$$s7B|#;0>UL
z5!M3z(XHg~nr)q|JerR4L~h0CSB(ejTZxdyJg;+Wkvae~WDI2x@=8#MtL~|BdW88c
zzI?l<wVAQ?7NVo7*&m3k{yglZp$X{imG*fOcphid(pvTo43L3y+cb|E(FL@SX9j>d
zQ~QR)$%3olo1?BEH76~B+J(y>)ZZk#5D;P1!f`5R+t-buMFU;{tmz%53k{v2Q)fkl
zhq?9^yccAu=MkTG8mGj>RPOER3BO>&gTBwnS##qj29q<rs9@3HM_I3X7b3La<ab1&
zpUXAs_DUqL&*S2(XUbBlCUodc2?aAV7lw&VwX6Pm$v9BP*hzsV99^$98d?S>x{%Jk
zE^8qVVaR<HUi+T+OHmP#)gxKcBsaeb?fMETmcEz`#D;{=CDvW`Ik45e!kK+-KTHod
z7<?;yntf`$7f}X<ko!gxXzc5;n-u84yKQT8tk8e<`q{LH6&~$JEdE((i-UGEViGHo
z^Lr(Z{82}E(8q}Nmb4@Hi{=e4<BdD+;SmX-%1<J=iTuHedgaEcAdZyyZCtL(C+O!H
zU6C%;HnDk>_oHbe#Hj6b`THVHOdH^;UJYvll8Zf4)_MmVySL-vxQ_R1-p7=`;YG@d
z2BDoJS*M>}f|Kon%iKiHEt}8Hn>6^dw%6MGY!nYV_tBKNR>il_w?BDKKj2H<KWOZt
zx~V9;En1gT3r7V-=SPLqhKAI#NX*R1?YS-;cc=5I%Og-(`()e)ki^D6Y2*Gc7ohUW
zd+6!z*G{)<lgtnyRge1_d8?2YH>IVo=kg1SJ0ZwX`uKW_do1#t-o}2hVoAY&@Z;9f
zqws$9oV!tMX~B}TVJfwrd?F!9txhU|J6Wz%2+WsHOeLP5N`MrMjr1Mc4A%$mFXPTp
zcRH&xj&da*3YCZIoBB;DIe4M~7zdEKtwF)`vJx+v)josr($k-~-A;%HIG-n$bJbcn
zjS~AHeD%dzjA{`vDpY1=wqFmw*#L0OqTq{OObv_XPGGsE=)2-{<DYn}26aBoUj`4r
zJjW=NdDV`)KyPL1`_xXd3c|39g5`vzlp;eiq|6KpluZQHs;K>ff`Unr@pScWL{lcE
zMie83lh~UH!vez`BG(hWBr|pP$dXY$q3_}B8~KyvOo3$`jmweX03ZgqU#5t{!TKem
zKW^ug9=pw_3EUxrzTU~nDK0Hd91QOQU;Tu_l}}VHZFL@9vGEW9;nb7ASe~;j5AM%1
zhq;=Aw!Mom92imqK$bl@;p28Y{sR3R-POejLTDCDAK+gH<>0((FGqq6e$y%n;seG<
zC~gHEuoLR*JD<bpdn)ftwH3+TRkJiVwxI)SyJKV2@ufD&*?mUREOsmG8C3KCA0;{>
zZo6D7nUv7!Q_?^%@E3}!QaCXjD|0bXG@MfT{d;S>nM;+l&T^(V!R2H%!!$8mQfo4^
zH2By9>9RAM=v~KFMR9Kp$l43<1d>rb_=h(1o9eZyUPnewBdpY)xcIiz-FPT2@ACNN
zU%?F>V$}r?vE<^g{oTABaCRMtTluU8F>b0iWOYNjy20CuZ};0?6Y0{1qp!TOoQfE3
z(kNn=fzdF$>5=#8Vi5k8l)N)_J312phW#jSVeS{ryH^nhlUsfM%6AlaPDM1{V$^bb
z|CJx-IAf2j-<iDqs0C|oE&L59g@yaozxWJ-ey+&+Un(I_tuaM{p}w55IPGYAaP_kk
zPOeVFY?&$1`DQ_IEx6*3wrQ<r29I@TEZ{R#br3gW^-fz|?T|5eqB12OHFT|+@BoXC
z;vEy`Qk~QObkY3LYBfQ^!-97e`;h+Vnig%p<<8-@fw6{ynKs@e&c(V(Qgm9psDdd=
z!iF=L!UH~VfD+do{`(yVPQj$~vDM$=3x9r$@TrTj<6iL9&(nU}8myTlu>CEE#@nUt
zN*_1JEg@pbGwVJ%@reU$2#QErQGt99Xd2NmYGvj$`xPk`MOJyO`Mwf6#v9wzpxs8f
z3{`y%?o-w=q>o}0<=qBAoz$;lb(f$&MNMOM>w<^oUD|`28cL&-wR7|g=h<d>&8ExS
zz3)c8!<0~YUIurbpZz}RsBbx5)teNa5^Es=$b3CFt$sMa1f%`Arv}%8&mG6h)JbBx
zX~Bdn&vE(Gg5O1w=x`AdSYR-=3HY(=8J;!v;B_D>90ypa3Ym{Il<J<Ix3g6iudn7S
zBh4}e#JFkg>F6w<ZyZKOz5NqHoF)<GKfo5VyZOpSG-s;o?@?*19<ZG!UQN_K+&VK_
zT0ZmWbhrhF>lg7BkooK+i{cOOSXpkg^#vpW2J>oON-8S%!+Nr&%iX8#{cY2Zph2&j
z4NaM_XY$G--mxt^Iplsz?0>p7t!@#KnZxr(u&L>xUj?`v*JgJ0s!hpNV|bvom@0j9
z)Klg)WTCD<kV(hqp+w<1jov!<O{wuxpcsbuwNKK!+TO3;UMO?h2x!$vM?@x@pvU8^
zw3xi=-K#3r=&I7o$vAN}Uti4@E47Ugxz>WI30%@XOF+PpQ3RxojP}PlViv;d@7?LG
zt<1WH4g2RscN|6EKV-QoQz3p1#ra@_JjQysac0QYd!PWSaF5^*)$^i;sj!vW*zKT_
z!m{y0to_<c0WJl6j@O1uXS7!6m7ctXGt1ap#fkONDSsd1DU+@>lDfKURn_P-&@aer
zcqjEDMsF?@Ac^Vx)n5=pe^y{atl0>A0WGMo*(&3P62Vh@E1?a;mh7c0$JUV-H*H{T
zNdxvHThB5Zp^K8TP|a$oflcZ4+o^tA>wSY-zHPOI>!Xcok-F+%>5C<Sb9r^|aKXU?
zF;MSC69;-UOIkv(wq__sX(m#d3dsfZ3)p7EsHyLL@bGu==2kZO4cQs{1Eff&eJ8wM
zu<<_8%OEJSSZX}h8T`}>?_@P_9;t>Yot^vy&gzj<^vLe#4+6vXvArN!=;h<YDfAcU
z2rHT~fwr%Ty+%oUK}ySk7{na4q$HTVX~@9?INi`lzfxFI%>!~!oDNE%(N9bM!_MA8
zS29iN`2|F{nO8dF{Xu`HIevP3+z|%{4xEc1o%PWS&{6Tw1n&=I&n&3`Y+Cn|?|OZU
z<C$ZB0hqrUvM<+YPwi7qTlEezbQYwy+_WFnfbAx`*#Wn-8Um5)I7NlicH~mfazrt6
z@)Gy|xo~d=5J?<W=6vwnL7QPYi(tv~;p9IXfGqkx;n&VP2yskCB8Y^@CMg?IWJJQl
z()4Qb-)`FgUt$8VGGPD#%})gYTKKP*Rlr4~F=eZ)EKx=8d=l}v3hn^fgzs02e7JNh
z0u<q9#t4$_)ZLTT^L2rZVA2JCXg3HHS#S%5hVHOH?sp5H$S@JlKr8h;&GNZ^Oe2R*
z-@!aa29ZOb(*6h8(Ad+6KtGJz%L(YcNUDiN0D#|hq2obkZUSI~p5Q^%zTbEtMB(SP
znr$_3H)gPUa!&mYF6*{7WN(F*9Qo#-_PjQ>ot3|BbsZY=&3NzI4LF$@xkoyrK{aUi
zHhco_xTad&%eU32!?o=X24NN6L1wRz!*tcV&14hXghkh~FMA78bst{`)2hqEdou2K
zy6#Xs4=S7M@E|)MtiSI?;h7E)#;dXs557o*EBh;>QfSArg4wfUA2YMLT&Rq!)ky7G
zTE$bK<~G9T?<C&Ouih(=R#N8hdtO8<KMpbJLsS<i>pP*^KYlEUyF`T_{VvwAasCVt
zwCOtlJg;9ga4VUvbZZgP9H6l_q{-F2`rbXCtdmXt*wEg-gGBf0fzijd%1Cd;VG{F+
z2$v3;FC%_6NOx%seL$iV&D+B`7c0T&{IcZREhUW;mMs&e_h2sm>bRcI<z)Oz<F&;a
zV@tEigZOa@YU8y*f7XnBrlKH2Ql9}HMSy~XXFB#}Xz7kMju~#dVPiSw*z~uR$+fj-
zI#D{ao=}&gh7rY2mAJD4>OyfA`i?KP^ge0ZWn<&BqAK3VfI1P;hf`kB5#SB`98ov;
zpL%sB=+cax`Dh3olp8<b1cjN`Ty9JyFkm!mSi8LT-X$ctTNe*>89ZLC;loU52i4QW
zG&@lFlm<);K%!XRidWWElGJv54X#Uo6{8=Aa9N_gK~d8AC@f+5@_^ypbb`2x78Qt%
zpM}kyZPOOT)Vr=j`%woNbd>njZvj7}FGdOFt^EEGjm^2KQtO<8x+fR7sB$T{>?v4+
zbNe;PsWzg&r%8fwak2bC;UlqCkrhOML#W}+EV=FwB@azfRlJu&g$z2(V={V4vBi(#
z;&9O8e@)W&iTWrNVsdD+a7#aY<ennM4R$0%3Mb1AI=r7ppzzJ12XmQbcb8k`vqWG>
z_)OB|_PTxtRCpo6z(uw;TSVhMIUFF7^WW`5YQD^gl51^hG7_$oG!m~2az(A4d7%3X
zi}?Q;i6&|u`oK*j!l+_*Hh2YW%HK>Q8niAcN}<=;K~lht_;`0o<#lqyMZ|Z>akbc(
zzR>uFjUZGGdBqN)SfYQy)s{lgC;0zFT9>{mf-K}e{z*kSHiZ8y*ZM)cgxn9z4Ijgb
z5`m;d?5NhpeDe@Y#*Txx3La5OGdEw>Gz+ad@L<^4*%t>WMByhO^0|Gm3sBG~!~nDa
z2`q-Ksqon!W;!hGb%ya7LwfN!IT17xfM5xVg|X>{sM#Nq`N|MNA~0aY3sCDQkn@u+
z&B?D!T6u&-@S>UqeDlljoAHn|Mgk&KrbSjFOg6p%Bm&<^j@Lf3S+*&4!7BYTH%01i
zGLiuXUp(olhhgRGDV8eKLD_%78)eG=UTQbCBvkD83t{mQ86qR9j2@YCl?kt$=FnN6
z8fjTIq<EPtb(~^nxMniT-avL<0L<Z-oak?y9r|8iz&2y6s7+LQ4GWb+I(txzhNf1x
z02o6Jam?&|ysMkB&i4_EZ_V##Kp}XDNP*qn7jCHbQHa+Bm)|HK+>n|kco+W2ow-Wb
z-c3taS3SHZyS4_PYgL9?;pnxLlmSgCC9ME2E%Q8!f$%9};|Zb<Ca9<4p($w9$$|Ht
z0qKsYE;OPVhO_Y~VMgEf59?c>7F_xxDoPwNPJ5EEtGv8#x$iCySN^o%8KR(8VVqnk
zARFlOVHt@M&7P4i`CPs_Xw_Md;&Y|fe(~gSmnr)=Br#@&_bXOD>de7I?W%THrja{Q
zujEHs8DlB^iM7%7<DsBKMVS38gIhXh7Y-RH@18?IQ<|fq4Wc6({U^N5AmzP)^I=67
zQnRC4UWTLTxoPOo$zD=5-`|QsvY=lkxcV;M)dZSAA}!m8N_sS7!sBeLhHGR_5ukw;
zZ3a%XlMyWqDq#E!<^@K|Zb+5Fik`BsBb^!gJxX$ds^1+AQU(Gc;r^gGn>HKHn8etq
zg^GsBXnr(0w0<#mS$ESeM<ZQiEJ{Z(-$<JNT+74lDY5@LEmObGm>d(Uz0sAV%f=BM
z4G|wz;(08PpP2@9jz{Jvx`I$sdAx5Wp+EkdteMsC<jDhnIZhB=9bJ*yfCd_eq33%5
z3p$&dVP9gSvrVd*rW?e=)+a>4+if~doB8&fD8c6<a0?WYxy{AMwf&I`o1dQ^YwNZ$
zzRXy=cnJy(9|*RCcXS*$bXKGZ-CV;Fa?W@6^vs|@h!BIX52j_yPbXv1ACW=C{l`wu
z{R(v1X{NOIWk>;+aJ94xEQwyw+7lgf<0mlbBu)d!|Kl(D{?@WwVnTf<#nKxDj|-?*
z2lU~c7|a*aM;DQnmvE)uznYzF4C87a{>xGu^SL!+<q~l2AicI!KAacc)s0d)pTJm8
zx#?$I;3UC<UuZIEOY*n)W<CE^R9?#dFi2J+7+w*Ro$+8*+jsba^gZ{-3d`BHmT;!Q
z9)y;+zS-3N3y81nb+Dh%ba|xgKJHiMrPP)0QzC|1?M&V<*TX5qYmLnKR~35Q>zIjt
zL3U{R>pw~}Qi{dqHOw{pE80ET4q0O!f~mFtsh1yRTb#z)4hbB0(;oZ}R&T}%FUIoE
z072xsq)+Coj!TX6RwIU>Q|xO@=nKHB=>3r@%W$cYvfa;shIH3CuyP?Nf$1yX7yOq+
z-QjM2=}9j?0dxSbe5kC&n&jn>;L-MdW2)lAQ7&scj~mX#ymXZy^M7-HY&Eh`x$lmC
z@w&Whta@??J#)2r=ud)XMB3UccK%9riP2@0%yS$Q-26fH4>#8!flf;<fw?4(!B;Mu
zl?PYXJ;y=AOGr1(1Z8P#M#9Au<5#bHJZ`ABcj+N=Beu1RebYQU?V);Sblg5M6^^Jv
zQ1vQ)LsK>oy!fV>q#v=ZSL_&5Z8*Pe{P+DLIad)*RDao&pU&0?3!T|73D|0k8i{i_
z3GHV|Y5Kez$i}uziJj-?jJtSuzId0#ij>znRh-p>H+uTWlqeou5|cf~NU@mXJ9~uf
zM`tSzywcLWq(Y@oDRMb(Y*Gq};Q4t&A~Y(saMY+dc`$`4E`G;SuJuVn!b6MECMor+
z&<9{*x8(J})*Y3(aeqVS<a~jN7;Gd`S67gB-(*O-!W<WeAtOsGEhCpHtqkvQgOHMP
zlg4w#wlz#Oy08#6yanXEF;L(Ns7oOX48b3zz~W)d_gHxg3mmYI5RDEXE_?z43L2L5
z(HQ$Mq<$Kv!f&R0uk9Ok09+LppZu-YTm->w`k}de43u>LwLF2?Psw#k5PruW^^fi9
zv3~%r?rWOINU3Y7c@u|!6K(xYG0|3Mj1e9n;x|DxCKT(0$%%g)(Jx)G&gl<r&I9{&
zJ?SZVhwml21RB*o!70YLT&?9UR+C-2whaYDB+(1<xv=1~f5*|DzV6wcA79{v`$7YT
zWz$K%hkPw%D8%(re*|mRy>}0{>knD7mg7|W(OPQAo#e3fza_>gB>T`ulRtjx<F7ef
z(#P~wlo)(zocCf$P1C62(l{mXZD8<`)nDS)16n4)Q;##jy}j^386|ENnvgR?h|+{X
z*?#cSg_PvWuKkqR%vR@P2vePU58nAQAagi;5EO78RoT`pBi8xKn{7k~O82V20vRLU
zByiLnc1x|6N{c%UB$WM0rekYHZ*)Ig@@iva?9*%e>)4nn!Z{;M{+?>}2t&NA)SH)&
z`+a`%&mi@0`&)BZ`lmbEM`D4;9ryNILlphXOE&txJB`ukg3V{JvHwg72({E(_YY)D
zI2a|e6&5}-&pBQ+9_0R9HyB~GZOY9+r#Lo*`)uDB2F(>=WY;R~Kh_;M>p8-T(!5#j
zi^O^wN_Ns3Q#m`~-W)zXJlOqN?&CiD$C1TUC&fzhmA3+*9C2B&e;d#-Gx!9Tbk0<Y
za%XA8K_D&Lo2umEDSyIC@Q$F{um-sQjP9X8{e9X+&~pr6nunkrD`NQ^%TC;gz{XZs
z=(jy8T5y0AKuwV_F=1Fv-l8EYjnbmy`q!l~ev)B;Z)UmGcmY`^qlZHX_9qpImeL4;
zlu+SoPk)-VWMP|yE|^k*FCjh>?1jn=lITiGA-unCF5kjVq4j%**qs;bKYbLwd{uPk
zY4kJZ|FAodXdYS0V?kF;{*oR7fw06?Ku$>I`uJyQ`%MJyj)$g2-6&FMx2l^q2B8nS
z<EvaVisalM$VUhs8o6#Ye67DPYrAQmna~%~TK0H49sLejF06Mu>mZ-6NXVTdCflj$
zmZ}HkDpQNR;ukj4oR<L-0frh1zOF))&58D%2$boGkB2_k9S$gOQE_uJ+FFEf8}G{T
zFHqi~07j&}236VM7@=)FKAvOwM3(3XHpbgqQzZeYsF5_>;I!;QC+Po5hEFr_wKWbY
zNhm+LMc5q-L#=#BKOM7Vt&3I;c!qqOrD>mB!s>ep8A%A>_VxAQ73Dtr^86CDPypKw
z2NB*I!$xLZ##_r>&&j>Vca$erqFV^cT&onn1~K}F2KQYY8rm`UPPBzqyH*kH^TuRS
zWd^PfCU1Cj4LX;xx5sZs_~3r86Ejwa>{$>wt57(0=6Qo`Kacr$8<Ts<cx&2&5FGwQ
zmhy@78%iYvZGMO)j^1MupI;ZQ@yxdVl@a;LwDE5<^9vXO(f+VPrKqT39^K=f5Vur>
z+X()8tJh?wHqbwC7;R$Y+=770uB$P)27D?oI|AP6+^%g|L667!C7x0$1M;tLwtn+e
z$~USO`r7DCF!hzR3o3~)xq4MZ%cau_XUuZkodUce{C9F?+82F!_tunl1z5cA?{b|(
z`seo1-b&!se*5Jx=PPk@Wk$ilW7~EX)qd~5e&!WLpQLpY=^JFamoI2(XIL3-(h-?>
zA=GuIq^eh2vQ-aX9CRA{wolgbZ>nIE0*oG2;0+G2lKW2hkC_m)ygQPYp)*i*W`NRP
zPksM{#$OLlxD+{QK}6Pw5Dd7eCA&@K8eLL;Sr7-KPR?+@E7n~VOql9QMD)<bch&+0
z(@DdAWy#*IyV+cq$Q^TlP@AU_#s71Bzl*qWlHbrlASa4>Zoo@&_yDBQ<OJ%UO*(47
zTlYl(2+v*IPt#^bwSSbJ*w&73If)K_dvZbNV*aq))^9x;-kSYTMuWg@w!(VUM5wop
z%k1GTl{6q^klL>qkuQ}$G;~*z%tZdKaMA4k2T<{)@z&J}Ukf~^eK>kiIA>M-hB)*t
z6^yPpj8C%&|5(e}tM+bvY-EK6$r~9(xo6V(T2UAU72I-(-Bl1RT76|NJ4pzv3g5GS
zl%qbFBsdGQ@-=PB2@4yLg?4Kr=<={Hh;nb3kcMgfuE6|QrM6sh^T3Pf#o?`b^FQaa
zV;{F?-$9w??6Vz`5+dPpy0uDCw{5~eU@yf8^X|r{`oR8Tw4qO0J7Xamd4v-4$qNu=
z-n95P;d?2&XWR+8UL|cqZ#Xz({}Jg}x_o4%P7ElCX=LVoWr;(qkf<rOV;4KVw%TaP
zGG3>0p!?tXB+rq>)^GlO<NNyit~NoM84=d$Io1j1nv13T{%Ek<<_^`&!+zZUTx0NG
z=+be$vzXTcG(bWj^FA%23XW0~SGgo@Yo_r?mjYVLAPt|{X!Kxm<j?9hmwJ{+Qp2Yv
zBwHs#X&Rt!fmhjvr*h~rvHW)h-6Xk_^Woad(4~bCWdiivCfGoJag(I`UnefDME}4;
z6(7+AV>$ovhT2J86d`V{^-pVOI-G}e>4voG&$5Y^i3$~C$at=6YnV#gw)+k09_Ni^
z`pu8s4m`kN%z-t0+FPikYp=qd;^fu^7B|i>q6%ih=uDmd?LOgqf$FbQd6(i#`}?kQ
z()F>j?$R8(2Ma*89^3)tsq(<&Rfm&J{1pyJQ^j{DH*}=WWYquq$a^Eh;=r<J*1k~6
zFV-(Og&*_2EGjn@4ruk7H)}<9nroao_`7;Zn3kCsrs3(&5B5u5vJr4%U|?h87?*j^
zsXZ5T0k6d#xv$6!3?Ad0(q%Z-Z1W}LXBTUy<=_=#oaSnH@-H60mldrQ1J}aHV(XfY
z5Nr455C(~d-%a@_ZwD_#>MoP&P3(3H5&F<t?vEKBJ=ZCG1Re;MfKFPJP(|R_#2HkZ
zQGPh}?xlh|TPev*$B<+VI=&TIyq6gL8}A*8c81W24c(QP!7ICyJ1n=iSX(&lVg8Q)
zbNY<h8JKNQvt5xQzQY3WD_H=tp7#Pi|LZ)t>Gq|BEFWF5@U4@N6WYr-*$_nSO1{6z
zJRyq^W>d7kQ~G4CS>>--cwc!q`+%hYOKtRY-H?O;;*oI8Zqcq6NGdOKWIqpJ8n-j_
zZT?T;i#tbEol_lGa(T#;AIuLc))Xm+^tS3ZB*NnrXJu?giA2WI8H$k46Gxl@mH5q0
z)6=3hf)7@le^5N#7SBzmnbSjz*jRufgC@dLmHk8Dk;r;3``^FolZMVn)fQjC)~CvB
z>6!G3;6;^AArY>)txGMnho`Ee?8<BfJuLBSfI_7e8OG-zM|CvDkGA{?SoPVZ%*#*t
zBFm?yxnTHfsqn6Yaq~u&9yMxQMn?HCd-I(Nb&nLCMgpP9m&*;a`KL)wiP!vSV4)0O
zJ)-E&M=n&oSwcWmSy8o|)sh2yJt4+{B5AkJ!-LP0#hkr7RUCjg;x{+|v1Z)4pEczi
zT^tkEa#)P$E~MK9y95+qm%yUe9k@Fb-Lc#j{@=&$|M2Cl`Ym;fSaz%STwqMJa=sLH
zcO_9|c02+;(1+Is2L48w?>2IBj!ym+1_SPRL_8hd_2wQ^3d&pxilP_`1|k~f@j!Zl
zmvdL4YSxeAP*E$!fbpm1IJ#Qf)KS@MEv;|qny2=T8k8T4>}+?fUfmjwGCJ1Z95)_-
z`9{f}AA@l-pKXv`9amD@Evdf|19UDf6a_af?ih<nusPsZBZphRuU~8(P^veS6uj@z
zfS8+I5ISy{pyZNDf6IcR-F*O;^!3WRzletKhVS0v1I5Wzj_8KThoc<*tsH<bRS$?q
zNq7}0ZsjPjFc@oh3!LwHms_ZqWEC1S@=lKL)vK*e(TZj9|G4T*JZd$)`Sp;jb@g>o
zGFYY$Em4E`=jdq*K|1miF8BoxY455Y_vCxR-SLLH&4svWhr$`NPbHO~oqQ>X&*8sV
zR|rF5#ZS0mrafBOQ_(*j4L%xE(e98EXFyEN&;&5I?QA1@>k*FUT)uPI+CSmJi*B2V
zvP+!i&HnZ3xvj(!m0=^PwI6!+4?gNcv4Q)Jv(IDp3Tu0yWA6c%B&pp)u0Jl)RRwM7
z-w<WHQi^RW4Cr7L?n}_=!X`tm`3UmNx@pqL>{PYk+>t8ZFLnB-Gv)*wpA#lVsHBO5
z3=-Y6Gl>VUXB`;u=l0J6Z1s6%OW&0w(0v2U^I|i!{(O9T|1!$WCJmgizfgK4hkhxA
zJ_u8O{P~1Gg~{>n?(SdorDR}d5}-~+c_~~Hp6P1y$mg|*8btpwVE)7Kg($(|38)Oq
zYd)a?oC-&AK%Q=<(n7$K4)qeXq}OHN6pL|gOh)3hK$nKgv9XlAj}2|6*S+A4yG7IK
z=}V>Cpo#m-epj7_Yq~fCG7Mn_@);~`h2tUJODiv9?2T>woCDolfwJJ-xth+~Yf4Zz
zLbYpR9kyIzk7l|yv`Hvd5{tnVETFc@10LzLTquDrD4a%^xI{b68R^t}&#6B6)#_F*
zz5|a5LkUU31roisE`H|Zn?IiKQM}`8oofM?b$v<;Sx0|AeFkv&44<}WWNZ|4GO5w~
zqaJffyAo!LVA4eMsOyk+Ss|CP_=u1N;>AuDW|Ak#{VL(XNqwWjaSwJ}g!{nx{uEx&
zdrOsd$amPaJBpE3bjD%jxWU&~`gzqFCz&qwObbkHz-rGH!v*1aK@MwOYDno9Ewnq&
zogM4t&~!d?t1qiJ0>gIO%ZvDYHMScu!L`T#=w1^P{HEB6@%ByKU#_ebl9ld|?GAbO
zzg&Rp2%`m-{_>Vl<=XzA@3ms`ojz|qp3_Ggxc^*e+nBofxgYO#K=d&-MNLZFV$eU^
zu4YYX;)uL?T)KE5ROd)6%e4!7qAVTNx9`_#F1;+o2J#vJ>uLKed*ztOL8+&<vRCyT
zJZ>u49f(}k@Qd9`=vXyluk8-i*~;}E5UzE2h}u&IP>yjPUbYhLw6hSr=W9cOpW1Kd
zsQZ{C3qP&8&ar?kC~P(5Xl)4vH5M?61_x3_dm#i+DgjM?hrcGjGI+iS6Kuo-#^v7Q
z+xvz8yM_b1e~4gdwmQE+zv-juOsxYIOCe+cw_oNeB^^0Op>aFhMg>97r0UZ-`rAo#
zV2pv5;{!~8Pm|FzP<FUaCe6G&FUjRmH>#>X8C6rKpzMUe@gm-A3f2U82h>IKhGp<p
zFs8IsUSKKAUvH<4^9?`N<gV3@{p?B7mMASPwC!9{Y}Q@9Q}c1gt(xO(MQQmaDt3Fy
z<GP9bt@)~9MzU@jAM4?Q$Y;f(>mQwxvzla}9bMKs8MLvor{x?=-{+bWvhXK6u<W8;
z_;=9s)@sB5?Ct&KREj3R1Ck>=tj|<Cm{vR&(iXjeJQf`n)Hr`XX<^AfR_o(YPu)9l
z`pg6_Y&6Lw?Q(|gJPKYn1Q>1pDhylgzPOnHGHrK-u=+4WyxY53zw<y`p-l<T-S+%o
zi+k1C&=Wfl_<(%mD3KH=s~K74O#el$@-0PG{=d;rXvK&4{LA*3#}X;FE#mT-t50S}
z%`K^QOV`6k7l)lk_d^*1tpc9aTl<}lFJUlaqb+4bq_z?Luwg*J1A+aPmt#^dW6=>P
zvbcb_#*uuDiEM?(kvIEqw%8?4mWncau8LQ^TRdCN)=?5{B#{zp1kIc788pP1)&f3A
z22bq6+T_&vsGu7_e-r6@<V_4rb{o4)LIr6pWmkoS6di8N!HPgr8mknvcPEDMxZ$JL
zC)7}LeA8yMoBEBo%csF%21$9GD_@hUeCCa+L3drSEEhhN82aH^BbQt%`uzzL5-AiB
zh=1}7aC(~5;5#?u>V9CD>fH5Wg{FK(8vQ6F@)G$QF;B?9UBd{m{cZC?LNcg)k5p?Q
z(;M$^BrQVU0$vMtZp!b)q}abED?+sXyvsxkg%z3bb>ZJ3b@LKhK^+$?p)N_gxRgCl
zzdjo@=Gwt(_3by}QevN|X}4q*fh4pQDET$iv!Qu=;=x=AiX1;?T(dtdL@hT~BDXX)
zVpui@X5}e2H98Bh-@{+`4U>}Fc7%#%W*;BoFjuG*c<z;NM5<$abb^ezA@&_=?Jt(U
z;#4Bc{;i;Mzd<-(&#et<s(ZjkR1}P4wQYi{?7{w!^p9)J@w|k2pB<TRP-F{<Y5V$G
zONbsDmT%Ay%oqbEkPV9R%OXt;atNFXq(}_f_X!wcJW8!jjaoAu49a}b8RUU6eS!ZE
z+sz0;&d+`yM?$Zb=7KtcFITR8TmK&F9<6N0z}ji3>RcY1Z<e*b8;!=UpS`kMxhD|o
z(1LoKR%JZgk;J_7+B#e6`f}8*iXfCmVeRVvXIf4m1D7XKA>oa{TM~HGmm%^mr5J>J
ziiCUUg{A0)3*JGfi-b{7_C_Y@M3UxTQLewnIt@U5-HjfCWgzmoBkOueSr*+=65mo1
zfz=9uROLnN=!Hf=w6^F7Z^sCCd$gASTC|4$_9Q>`&&(b|xelMV7+~|H|NUD7DiiXz
zol@-n=1_5{$sbl>v1D}8oM8h^F{7v`igwnJG6S*Xk?W00dQxlr{bZ8}u^fDYPz8;l
zx}BV1<X7kh9rGTNN!`%$k+Hhk@TdvTn}T9X5q(9Hcvc=F+%qV>QU}V`2yMOLKdS;U
zUmpn}tm@UkIZour4nq-Py;mNM*WoQTKCUEy!dGt(+H-)&g599(qB_(0s;{oQwAgVi
zR~=)T^F?A(<YEXyT_Q7H$7|dT`U=Z;*&T=hk!8I;?$5`$d|Ma_bT;3U2a6%E+$65b
z!vX7Jr75;d;`Rvr0E{W<K*Zej+PsAr8F7S|wYe?fAi4`_-!4o0cO!fj%<`<9V%)u{
zX81}acuwvMJYL<cQYzgSLULV|g!$h5M+slb!p&S=n>!2@%%$yuJNZkueyxW=4`tya
zO;1yi&ADbGnvWN6nKNDy$t=L$PBD(ux<cY_Swwz$g2PN0Q<M7fa>8J^(KhQBH7bS=
zC+WitwQOsUE!q*R6*h#{HYjN6Yq4!hShNqq%SxEnLW`kOV<=+I-XWGAt0LUwwyzhw
z!i^EIFvI>V2dA5k=ADafAc*dvbdv0S94qr6;P#@IBZePzVETv6zRw;m;)nN+R%n2j
z60&9<@1ErtXq24<7<5?U5{meuUGI0v1-BQ{yry_Nwx?g)HFlr|N4=x^fB;QN-npk;
zcFw9RLpos49ide{9;|pWjJI#MQO$0xeYKE|I$|Lf!ip;v5U^(Qe71i8ITsAZU|j2v
zJAJI&1?pMP)zBfdN6#~i2}Iqs8rOu7xy3+OtXfUr*BIbrm}u9t<>wMczW@%pUhx|l
zPXtaT*r?1v5hDp%Pm+c^G3HqsxD;w4Vj+0=pUYR_BTQ3&HZSd2S>L`CSBmb(eiKc%
za&@<2@3}f2M1h2YO1E+fzl<ohd|Jt@v0#2gET*1`VEXzMB`Zw8>`Ol>46~0#&^R<v
z{6>4q(aE6pmv5C4#nsK;JT}>VQN~8Xsi+LMyEx+e!A~rf%uGrTTP+h1?yDzhA&ny;
zkzF=NROhgP3*L*G#JKQ5LP8KKYN&84K~|>qrOx377tnFm+BFI%S5`asq~r(v+CKkH
z=&$W6zUxcSMi2j4=d=Uw;22iF#R3r{qenvSKiSHhexJ~TZjzEx8Bg-E&qCD3g(fJ_
zFn56o=oG(xYpMM)S>12oob=quAzPUuj!dYQNE8-}Zr)ATrHbA8N5KzFcODa!8Z&|k
zip#UOrQrj%huy$g&hS?oRXGh6FHx%*;!L*%X~7@}*s%c>S<F#pIBysy*K<;)e3T50
zywc${F$paQkmmv7rC|-<O+Tq~0>?)*lTHo*c?U@JRujF&4U0+A<;+ht?3c0pp-NdJ
zgJs|W{CY)_;Se#&A36Rvz${r@l`^K2lEah#i?clOJ_XJlCr8|{m9OtibBJtP%5jCf
ze2Hpp^xBG3)$R5RMcwv_<?Ec!kmxC2Wg8eYnc1;Vgd-Sr*VJ<5G#BGqkMQnP4BkHy
zRNCXErs35r55+q7xEu6Wov9x2N4!7CnB-*Nb4J|L<yeX^O69TF+(!E4^-s=`^Nh{S
z)*FHH0SoR3C}uh<>Y&{jDkodCz^f|06I{4Kdy8~P#`_7L(~89ZH*r(-BL~sU8L^L`
z4?=4icSO#eV7nC!(`w@rao2{>@Y-OtmEGz{{`JORgZuLfi1pGvrHjp6gpjWwqSh$#
z*26<w-{-r9;W(dpQhrVL{w8Km;DiHvT{7?uKIIMN8!Fw#NkRO11M@V43ADTA<8qLA
z(YGJU?lkUam!Ts)CVx4kn$6Y6&{JTd=j!NdMk8u`1gNZD1--~M%Ip6k93uC!iq^cU
z$Aa2gc*X+P{Q<j34<3BmKnCmpAMY2%NJ3RZ%-@amG@4QRpzNo&G~DJ2YJ>|0D5(MF
z(H^6P7X~u}k>Zw!h9k?Fu1E6iLQ(TR3NUCE`9hh?eQrZPcSEo+p3sv}iLl?lT~@?y
zGeSJ~zlds039U(qsa+eHm~9&-*S}ThOsKy5xbQQxta;CnVD{Gn2;L;xdJ(tZdhPMu
zuq__<Gg|BH<eTrU_26aFUuBYT`<Z39qw?z^xiw*1FE$X`l#+P+8_?@EAc5Bs=`};u
zl{weCB0oh$h$-nWVP^XF#$p5ezPBNr%Aew=zooW#-4sUmO(H;Zqz0+mWtqN&2(_3F
z&M~JHU!ScGUb8R8VmDon!E2<=+t&%-{zxhx`kw5VWA{~py?qsgnnsN^P9mc&f&SCj
z&%)ygmBP`9iJ*hIE5n_!gpoZ|ohhdNAB}~0;O~M)atlvJrX)pidTpg!v)=|ZDRwA9
zpreP9FP|tMpL7RfM3#YE&~!G`?Y8@CvY^z~@AC(I-=T5E;<o2cIwo7_taaP%#nH-6
zzJA~*T1obHAiS_TYc_3o@b3$7yG2ff?AK@myOywuSgq&CTVMOV2&@FVe&$Y_NGhmF
z-xE2yNkx2{DmmF|v*b8+>;wKu$U+-X5mHeXQ$+r6p%j5w555P|jCc>s!v7*mE{VaP
zZnsF?{AXv4c*+8OSmb`AXj^0}DzD0>^__QQauL~Q_yrUOqlj{?ZtM5DOb-QX!8#I{
zA8&JLC7*j}$V-^3T7F8L1{nea)wy`&_XIUfQP8-lpI*+(1N(2<TpJY~1>;5<+!1-V
zoIq}0j_>f7-gHr40~Tc<f&q}Sj(#t^st+tj!P1$C13rUAasl$$e?cEUDLP|PIZ$ux
zG^5zI#`>O%3Ws2)cJ2Oryw=TXPa-#e!GG{~x71(kxOUi(px_mk-7<p*-X0TJ;AV@F
zUqz^T^iHgcZQN{)GGKp;i)?LHo^6P#C6jIMpg{H4md>FyYkb9xNgNd*WPKv{Qz}e%
zA<kPTggf+x8;*Q~u5d@r7!YuE^|hrLd1bS3<buQS==I#kI8Qt!T_Ms1ix74_k-wy(
zlHzE)XGfjAO_#5yihT$IcWU1gE$7rwBdgY5eT;K`!%^>Q@3bVzeL5>?&e$vVVHSC-
z**gx&K=krTTF3??gI+A}1&G3=RGqrXLy6uWc$`d0h}K#7)YcFkTjw>2R6+(M#<-bn
zG|?lZwR{;qa0eTzpdZM9MCvz1ATh`sX<Gk=RuUif_Qe1;)-dhn9?Zvo9p<q&A8E3)
zTm!S5gCMN0KA$sFV|my&^!dT3MA3!rqO`3TjlS*IO9bWGr<>&;nmSg_S-LyH9o^a5
zSYLboB5nwazHs>-I71|skSvk^?@eKn-x#sX?Ik5Y@xbN$@BBDGK>x<`NMavwBAtiV
z_UIyZpZ?ivS2}5BbT9gDs7*TXI8%{A|6ZYMLtRMRB-~+Wu1PiH{=uMvekFPs*3Tsy
zeTrMe?oM<6<{BZ9K|9hB&*t-of)A2c?`bWy(2cW~-=G9^%eF-cJ%!$G5?jwb(j+qZ
z;=l*cFhXq?WI9HEAczK#0%emrbcN>3cbSK0uSX}z{-}T$x+B?_G%H0<Zx*dfN_<0!
z*-7H70~?j(zgpqpbRxdJ8oqqWa)PqrVPW{wj{5^yJL`{Tz2pc}6eOrdgA>kF@!ZRt
zHn_Onh|ljso`bwMb{28P)zu5Bve!Q^j}x$;w17joha3L{H)Md-AdUNx&8;cEj+r<F
zab=;g_3MIZF!<;={J{QJ+`xbbq%0yn7o<^hI3ZvW1D+Y1;DCa-EeIBoN8bxSY0$su
z+^}Fh%wF@?!n<Z*?dx7P%;o&q{A(lQTRP}NJk~<GPU0`UhvgaITow+Z_4?Pz){Kft
z#c+}b;+1CI+>YO9;`KosJro9V>d^OjLf*mVDF07Tz<8oC$>2wlyV|)8|Ak$*f=?b!
z1N<0=M=TrTWO8mg7H6Y3qFLzK<x3V!sFkzu`5l2@g<d2YEZeJ;X&x}AezD_O_(9Ed
z?;}KyJ6C5fsR3`z&23Nw3VJCwuUQw$D&|Z-UtSQj5IKKvb3c85FY;{p7Ar{_c<d#6
zLJ2cl=A<;WW<Rs3`ZfYp3&RBa&F2dv4+K68w0fma(TL?`uTA5KL<4lW-B+ofJ3s`s
z8`hsZoju<6bcaG0rem*;jg5<E_>Fe9{U`aB(@i$NM7!j)x^4=Fv#~4@;youM3D|j;
zy{5lT(JsLLX^57Nci!i9)<o1AY4YF<^7D-iBDv<8+dA9DdhVLH<=&br?C>FS^-f(W
zw$A|DnY4WvUd0nF>$~IU@1?>Ww(BwyR(Ha+i?FKh#3iSWcIs)OpUYr;9|sa5&`?x6
z(w`RMH?n^wT*dhekn;0X(bhSP3?d2HxYmtQpFyhUKzo<1+lx4__vMAz?|0OgZlhV7
z>wD&1ha0AN>Lr?dw6-1GDhD6*gaVs<khb>H3kdSET!Y)D?OAUObFgap<_mDg>&90k
zJl@m_meagQVSw&^Vbrm8%o1M-XdC<^$5Q4-aIawyOiB6em4}cudq5=zTF)2Ar#Itu
zi<?2c9VR$)O(<H}K54}+KTMOmmKYe<FO|y1t;cG4AUE;decNh?W{<7Q`DxSxrC+sJ
zG85rkm<0()9|gr8-mzfJBTiAhSW^LBGLKL3-35|ucaoF{D^|ml`j3JG`nE(LR8u|v
z9SEw)eKTF0lI4zVR*Xla8pgEoGH=1<L5-t|5H82;Pb}`j3vPXd6Y&Qt<ZBp<8iIav
z3>qzZo1z&b2xdPq(kQT^3GlumPVga?qZHo_wNp~!;aV`2B<J;4$saQ4jZN4lzz<5_
z{MKqC6wb`&@93-Z3IuN+ryx5#A^4d0!4(bq;585$-)_*Fgr!i<Is*2no_}%|DhWTj
z5t)+p(qnH?;BkrWYi=4`l+OqMT#wJktv*-(TNAnNc=KlYve@a^jfUH9*$V0}ES7_T
zf`Z})GEIg+@XFN<I$9u*q-AEs6sN}jJ7?<)&Ck>e_}%C69QM|;_Ykm5LMn$ZH*(dp
z^;<<r>ytnhtui>5H4QX+wEuF)v+8~zL6%@4)*J*t-Z^ly%jM&ng_(cT<5AzH4(-R&
z4*&Ko+h+ztkbW)bkQg*N8q|y%8jYAoC#k@L_Vj)tIZVO_34;=)T*E((%BL+9t9AMM
zB-4KNdYIdO6>q*VDKN$y8zZr8wi54TQeEgrbu|`7VqnLLzeG-F?NWv?VA24I!PViX
zgX#W|GJ2n<2P8)Q7J?@)u+zO3OybiKh&*lQ;Iz0@=PsUYkj8t#cX=oPe(^q{`b+N*
z7y7%(jq;B#riJX+cu$ZOGVWhthN9TizBY`3)AzoBZMnNdfq7~3^i6_{nx6XqW9uz|
zs(inwQR(h(4oFIagmfcP0wPFD3ew$m0BH~e=~O|wyAIOQ(hbtx4fo;a|C{;l+&iPr
z3o_>b@B8e%_S$Q&-Ep)kPERk&$r#a5_Lcqe{>Bi3iy4505`Ui|5{3&=f^q>suW)M}
zh-wU+_!X$9z4u>H)*p><zW<A_qt5w@#6;9H3fc9<+moRY4-K6<0g4>~q1x|Qd(~?4
z^t~*!oSuG<7~7{Dr%}usClt^@zfWfmJuyLU=ipQjdfntp;%GQ`J@qA$y8ol8%VO|O
z<w7)egvW%s3o9G)-7Uu`3iPmH_fSLSu<>TOYVaNzwX{Ea8FEzAO+~B~9pC=3%K&lT
z7ZJpXGKNK%;8ge+Q_HWdczJuqt}Oz?mD4az$X>ow-agLd{z34;y@9(^Ogrm7EI3oe
z|IJ04&jD}A?TL-b@%7Bu>vSiS0fywm>V?c2zp|`)#;tBPSbWeQd}!Ev`;tMlIF?V6
z(zr>fg1xi3N0NJ}?SG9AHNH{3cuQ&?9snbTj`wFt$<Y6Z2~0O1E<9^jsqEQ2vu8;2
zVFS2eF=?8X3o*Mal(rlZq;rRysSs+LC)hL*a>+PuFXqd}*sfjDKDNxPNTq)6-y8=-
zOg$`CTM9&)PeV+#$k|m+W2`bbre%XfAydE2o<3-P2>pc*-Uw11VqY@@N0I*3pc~4R
zntY8St|V_QaP5Ucyhgche9Ixsit`{SiEilq;tJnAVdo%2#wOFOYfp@o@fkG6BJ(Cv
zJF(1I$^37}NmWn1BC6RJWdLzwGv2@#Ms#I&EG~}?-ADM`#B><d<f^uzEwk&onGAKy
zmw8`VgGRIUup}b~v>w0Ty3BK2>(aZ$J>+onwAy-6l9m)EPXjFeIh)WT;tTU>`H`}!
zLYFXP551I7IdyBuRYj|jX?8`PsL}>POpNC0cD{u*v?n~1???3c#I=kjB?#jo4U=1c
z3Iz|Wjb4K@0?N4`7Bwdl3J#_GQ~WTD<s`#}PZpUzRF5yj`t3!=njkAQ)6?p?R>@r8
zmuIy=JXva@lZ5wYQUHXku%y$H5?hI<Fn=s0T!S{p`euFaL$7N_(IK|qr7{l2MB6`8
z!F1853>7h86#M$CVL;O^PtUK<XhRsIwy4*LJp&vR0(Z-f>oFbW#}3`AW!d%RRDf^g
zvNW0e#tji+#(h5-ic)6My`ZggUR$=)fl%jugk0OIxb}!e417NzU{i}kgEQ~z_hf$l
z4*Z7gZ(Na6QfA7n#)%&bpd`+D2|oPx5G)#_?&#)Ea`gE{MI9Apg$~QG=fL~IWc+9G
zTvL)AY|Yttt#3fP+6trPas`q9<K+`Fva84Ua`kb4QrdFO50J_3R0~O?n8=ejHTabC
z<&DgTwv(aO0ESmuImN{oBU2WKsdg&e=MUAfy@a3SNb?h{Ko|wnO!QLj8UH`Wov6Gh
z_&8g>^%I)=Jn0e+W6|V}-q*~$bm13Y$oa>-y?STx(9XN_>}lk*>E-B%Wyr{KmL((0
zUI60kQ-$k3Q?9HamxqVd2bI@)`C?mAf_`hlhtup%GecFZM0s?*O*}5+=xb@~7aAOO
zABjI9<~TG{S1S@xCMI79XLg6(8??`fk#LL&lI=F1EeDCgbZ&6B6lI;u+$r%SxutI5
zWv+yboNyc}F76G!+WMj!?&w1=kpQF*Jh*r7-5I<hzi*+t^g3SdyFW<anR2k;Op&R{
zqp3tyMF!BDKSlD}*REcCihC>9<soDy-=eAx6<#n9k?jhl<wJ7FZbt)PKy^btG`yd(
zWp+!h5QdY>6d9o1wLfI?v}lm13un!hbWTsJ6d?FkG5?dZxe7q3{Wd`V@?NFvSJG><
z&^hA3(XKCU{2nmN&o}lzf(W{)6v>g@NYkyveTyBIH0!DEJWF<63Ili2g^W;_^wJ5i
zX)r271AgJdrpZxyaT&8Dw`Jc6Fm)A0C&!#6^hc)^sjCf!H4Bpv+z&)LNL^l=d}c^H
zpJ(S&pjK@cek&JTFuo-j`dO;+{mPD2+!&Vzrq%Xr`|7u)u06J|R0fnnp6IFk2e8i!
z&$367SESre66dGN9GJ99JurBRiJY0kx8JE~-n*<3r=-pRWplK>AmtEli|?J-<Hvvg
zMB{d>j19HGc!!FD2X~<(1R<l;f$das{$X9bP~M7Huis3DY+s+Fk-@M=Wei@ap<XdV
zgHCs$Wh&yixYT<HzrlBs8`I)HyVj+^haP7yc<-**#|WN4AYtx5a%{?#at9B%py#PD
z7%M;k>I@RO_Y9sojFIz=*nuFu52oL=0|R_62p1eV#)!B(VUSit#pe{3!MEvU$x*}1
z37cDgbHU-P9#;l_&;HioCm##60|C>l7WLsr4j<=&#eU`=4R^vQsW8wGajtO*ausgl
z$#zFBl`DP(D2slrftGyuoCn@lqgYLcu++=7q!ZwXFlk&l!;K&H-cpV78C+&`TpS)S
zIs{8L@3DsYqAdBq;){juXeuuVB|dOQoLn7KjiDpO6yqz!xm|z*KV6-ZFcqjBlmszD
zj2}@6U!NH{r%nYvd37Siqyizw4+`svreNt%mG^ho7Y@gNIX}tOfBv)R?Sx#~+CueA
ztEl7t&X6944@pD)|B`G;BgY{`XtA)WSvbkXC3-Xa!O(WZGq-fK7$;wbT$-gP6u4qN
zgc*Sf_D_r#|9q}Go<}fI<Q<wT6wrBu=7m?k3Mvm6ZkZ42XN`mVZPU+gr2<e@3d#0?
zU+;5rBkoP^KjMgA^x%pWks3P@3*#C;_&ZK-q&E-#$v{XgCt0qFsaGGtF~c1Cm5<B6
zFoiLsU-ED`)x93xa40nz^9IU<@=X*m{aNJL8|>39c#zd_Ndqs-1LNy}76p{SF6uO+
zULy9F+6wILb#<b;tNy>q14pT0v2i;OUO!>jL8$?tp4F0Cy?BR0DMsvFOhe2W<Oqps
z@-1<$?C4$rX9gjJmTwSOro5;&lXb6bM6brqy6C|ET@1?ejx<5r1P{=n`HQ30vw4)I
zsI+R{D6G{mgHtZ#uTo9(_WfE>vBCcHxd<~lCa*?<&#Ld(2>$S3Kt$STBy^oNa?)CV
zL*vB#=WI|`%yK!OzD6|kJ<~`abY{A1RsuT*_eF$jhj<H6slUk%&d26(zc`$8+BsZ6
zxiP*#lt7}t+>5a$fF6!hY;96}UQV`{SP7*W>KKxF{bme5iO1w7CK`RYt4qt)6ZBM^
z5o>KNz%wpsE6FeiN6aCPK|+O0Ko)j^ORV_k5V3A_T!m&*-e<RtU{c=QRqFEY;sOBP
z08P48&mR?-<P`57PkCXfFDVn$ZFdTzKr?#MU^XNnVStNlU=?}@?A)@|f0lcm>1wy!
zz5!)2$gitX?u#uZt2f`G&y~!`@_uYQBIs)C3tTguvg{{PzUUY%(4Z=cX|m2kL40Qd
zw1H}MVE-&_M?zE84Ojoc0cyX((@!IAS&NWvGtbOX6gX`eezt(s9ehaRcN=B-6f}zB
zD^vORer?=DOR~lpZ;ig`8RG2hQ6Pj(`FifGyF+$Cqfh{(G2PnzuENq5tisOlI7>wO
zk)9wAA2C4_G8kub6`X+W9Lieuihuy%#|MF5zE)ub6)zodEnTfxEF?c1Q}tW=@|GXA
z=W1dKC4hmo5wK}ql5*3R=-`*~30LLG|F^tVH4t}`6wC8DjYy{53sC$n(bnj$uD$WC
z{^9><0fq(Yn0Ly_vFxYKGY4J}8MoqnG$I`_IzYgq+?9OFjJP@pYAnxL9i$+qL6|b}
z){xSow0lCI8_sVJij<Al*Y!V~-X}M2C6;OwSfmZ9)-%pM;cg?5;Aac&H2OMupRG{{
zDeez?*x&c)UFwCFfs0F%3@;}VSaZ7mOK}yv49t`@gMZ{Mk5@f)3&<I+DV?Ryu@#Eb
zvZ_7F5-=U%mDf-^mQ4UPl<jEW99V3C93)rrqjbD~X@eDI=8f;E6++#gO)37&_*NTq
za_p4OJ#2w@U-USQb3?<-aCu4jQ2?d%nCBY$;Hrb3sj^oiE+3W)8XiDt8KWuk3_zy{
zB*tv{{;*AOtYY6u4R?8BKHG(W>b2V+g4)92zi35;n;OJb*YR@k9Qs$|#joDhcSon)
zSN@a1bGzzON+&ns<+zB=9DH}_!5Bl$sgz{5r@{*2E+j5=Z$}rqWq96^*XjxS7*2rN
z^NT2AZDyxxs~#c<!^OJdurNE{&Msvd6;`Nd0IILJ9~Gz$r8JyKtgM6}xA!+Uhil7r
z4yQeC!ynF$K92~CU#6w{o_c*%CjJ^pT%=czG$htYjDq76(IM~K7TVY%!S!n?<|GYw
z;p7O9@^(d+@@|`HO2qe*5)RaUfa_wW;wo$k1<W6gphg(_is1mPx$$sG!KVx+ZkDIY
zHMkuTL*gu*rEr!jM#1(g?*0n!rZj%uq~PmwavVX7cfXid#luAA=Aw-h-#_zQwTDk3
zfPonYy$N7m%?t6nea`lGqpF|<OMS#%Drw7MYItJqF$tZb5=I=?=O@`qUG9skp~k%D
zCsos($CPZv%{DS>!i^4_9ZAL6pC5SiO<EtIS;>vTHh%g-4s|i*9jeo}fk~sza2GX}
zaRMlp^395XB=F{@0UY)t0ahSGodm;ymSv<8M=kw2$~+o<wF4pUS5t@i_=ZOm;zpUF
z+G#(CiP#D(xSOEx+uh?L+y#NgDV+=|lQt?!P&Sl30@WB)f3XT50W_q=MU6oTYwXCB
zhQzgVhl&-(1o{wv^CGCAu4Hj=TkCe9|C{QwwR-<bAd?i5R^xrXR+N5Rf0m`yzoB(K
zZTx)b-TDm+iSu@{*`em8hzcqS^u)6y)3H<5x$e}f#O_c8T6VEupmuQ%b4aC6JLk?%
z6_%WzLpw+pb^6?XokkPy>kSB-Q!8(-*O)w>B5J}gHDRgE@oUgPVWv9n3NBk93V{*B
z(y;}OQJANE(gYK=rI<-ZL1u9-@Hsjjn@@RSTUGy>^DO(#vV3bsKaXv!BYv&IQgGj3
zm_@KC;eo*K$!ji4)V39~*v=o1&CY6i%wSQ(!X!yo8l>D%f^IBz74wY?jp2qmv+<YS
zmTw($bh0*lT|dCrO|D7G#h}1T;{r?>)0K2;qv|fAkeO$=+u=^h|936H*wV;>HSITY
zVLU<Nb8mvtmgX>wp<Qi0Jnx4o!~Fd}40p}CsOlzWzbNv?EDUOT>MKq`QQ1KuV_-~l
z?(2zp@NqFhG?TKk{$z4F$2*qQdCKqbY2VM3rPFdQp{C32R`FF>=H$qj@F%b(y?f&(
zX0<I~^>Sqi&9d6l+3jK(eB^-b<ABeYO9pU=RW-4AW<AtxaW+)H5oh_>@B-JIj+wQf
zy=5q-Tgds+Yie#a*xr`rVg}kEvm3;Vw#=2oh5%NCe0la*PPK#HOB=>eYx|kzLInnP
zBLaxmh>tAl?!#>>C~nj=HQ|n=rM{wtmb)F`J;EP9PKv;<xCS*JpKBFqhY~%TSYAsK
zfUO?UrkFz5XcBX>OUxt_ZT@_CZ8%%OoEZV!k4m3ib+;gOs6r&XvSL}Yw6<u!umZUH
zpZ*}c(xNU^Jj2%$E5l>`Ioo47Dc+3inGQz>sm)xdiwn2pdr^S9P<Mn-RqguNbXln!
zYJu-}{Fa47bB_$rRM6NKe1F-I`pB0rF7E5ellGT~wR*jqFQH{gIfuvn6stZJ@?K^K
zix1C9LqM$w<PNe(Zk4?Pi)rluID@^=h#;+G;g%GA=voM3lDxS^)1m&Sl!=@AN1#&U
zY%}N`G<xaJB?X4nmEqxpQ<wib-c{=-ig3(6w-kjENP`U+QJnp^bGv;!OhNTMR?F$X
zb?gvgI`|9kn{zK&ND@r0bCu;{eGePQE#3bbOi7;*!ia<5d|6$C{J+}`(oMN#-fWT6
zJ4Xqe!!lopdAV~qU!Z>e?~H)%;8YVPB_9SxCosIteYqZGffjR)yRUv@bZnp89<5DW
z-b485;>kok%re2DpOCbU%{VkBO5FB`&ZmL2uUr~RP0&ghabWuTgq?Hf2-|8!;`3;=
zrnD+RalGA$;2hgF8!lLZmYDsnNH`x3IufiuLd6WYyaw+G>LamY@vYhP!^=3De#|`$
zRo^DJX*Oo|5=l3CRrR4~avtut)$kM*_dT6oTy99d^PQ$N_lTqhkhchJ9lXgYh`FO2
z$Qszm6cetK>_c0&t;XqCr;Xg_0<T@08O($mFgpa>GLb}~&kCGd1R#mGvyC{FvquKc
zT>f8!e^pT~MkaSvktQawFsh5kfGjbXsjVxC!ZasK`gPsit{|m}qTFPcfv%it&UyQh
z)YPljmuI`Ow=Qe^OweR5x^mwlxgfk++waRu?F533e}(fFhC;gc<etLJ@N|C@r-?e@
z0RzUP-S<&)5o13%m(~aPHqYeJgq-j|us`blqDbU>wI))c-w1Z<1o8fO_@yeI5#e-w
ziUizs>u`xNF+oj!FY%Uy=5?YDAB1g_LdL5fmY8A}$LT%2*#P`^#W5h1dGkQN2bTVV
ziY6AdbMt^oLf)F>mvl}Zjqs0Osu0RUI?7WB;h{7sK~w94D^i>SV!H&cwc%{YK&rS5
z7@6zqx3<60dI9Kwx#m<N5?HP6H+n)$ux-RdFUB|(i++UpkvtG~-Ie7dZ|{tl1lTbv
zuMVHBf2C5jHT;aeCSZsptD*uMISB8wF`0q4gD4;z{{96AFnoI(860UruX8%^CTa#+
zQJ`JY<}_3s)cL-nH~z=!<GDW^kvBBDI-XPrIi#0@+QSEz%}QsNRlR`p!-M)oG7vFL
z1_ciW)*>EWs^RT0>4~NK!VD;2UDVJoYes)Njs6DDshW|&La?DCdah-Xg>Y*XoSR60
z^eSaHUgapt4Ux>ePoY)k%}CeRSvTcMDzB!zbC>{SZduNcAaOIh#ZZUY;xTkn@wGsM
zV$i@0(4$LzQ?QwgixakSOIbS~z8sp-UA2%FkBj}?fgy*gmIhV-WB^5d%IP9rsMkoR
zGd+(c2`q_QerZ~zX<ur!z3OY@LU8SQ9q($u9o{F>{Did>kA8JSQ*Yk$H16r)A_X?&
z?vH*#qWHZ4`5ROgLQFNwSar+K%HB-|eQ1j?IP^Dk=<4*ra8W4mQ7As-wqC?t=K&4N
z$w<2Kk@2u%^k{yhDE>84LcWGSV$S*0N)*C|wKJjM*++usthiw=$t+%sC|iuMZ=<+L
zr5AZI|6tTGvn`wYSuXUmt|}0!`QDXtSM_aOekIV=XJ!P=U+tkc>yifsiEtF?foRvO
zciOpe+%fW`K)o`hM!T@;Hs_SA<~^gp*B4f%T|b9Pk#T<HAPUt%#$$w{638V)DO(8X
z3?TYwV?y-w)R5v;YO{brh8QeYO0d{#<@!S{LeyC?^Rp63piBXtBXLO@Ar+s=|BUnH
z7JnnS-52{5Dg(S4q~Cbl<-GZpLI5mhEOD02`n6W)>RWNqLx$((&;Y>ldvFnM@w@UC
zD|%N=bkN$06BI=Em@RyS5&Z5ws9q%&Jz~L&g&Rz^4l!I99<f0<SbIaWbT(PL+D$VQ
zm0DX;g7hk><QHh@mpN}K=H-2q^LsFAGCjRI@mnqUq16rLdYj@2o<k#^l$Feg(a%4%
zLwp!oZuZ}PoT=g!ThErndu&GnxMcN{;uCHLlMHJ7=aK&ukELk;DIS-Pazq$|p9RP3
z6}eNPT5q?V8%pHuO+}V9x6&2;guY}C(kggYhLPX74UA>TEZ89=@NZ=I=)aixer<YN
zBWb@zozVFlcX2@S{^wqg&lWr1{sZxGlcS~eJKBC0=?)8~*qc$^$7Wgh#2(^9ZK2v*
zJ_-G4)b=l4%=2{?qia9Jd2h;ziWayx_KXEmjfSm2F_Aaco<A;`s|mB^Hnx;NJ&Gl@
zZ6q>Cq5@TWLi{tN60N7}>+m3tZ1~8QPS7s-<a^gm!hJt&6tY0S(ddrQKRFZSx@#t=
zp=h*V55k&W%ypPbKQ+Mzf;f?|-%p_^Hz==PzZ1yD@!`SUw&3*NmgPtwJc)DRK-v1S
zzcd)&RCm9RcH6v+p{G+z<5&CuKUqW5oqpF!zjrg+b1O>Gd8MCE@B*|Cp03=TxYuQ3
zPyU{*bp0w-?Y_J=qb>I;F?CNPW@!7gZEIa-f7AQqi+`?Jt}Gf0g=k-X-8$-(yzDa~
zzukZ--@}W`?);;e&L0ke-Y}<bQI&2Q9M#66@>Si-p@P>xWMBKP1=8>)@XpbGMzsnR
zf~4K6g?NB2PRVz&bQ{q!QmiasPGeZAMk{0BN``!ifa)IaClbZ0h01G;h~SHg90HyS
zK*j|3n#!rFidVgpzU_iq^1+A6gtSZIp`-WJEi}u1Q7hmh-K6;?@jxpBTXr`z>Mi5*
z?Fclmkgz*=0tB(h$RVHygU^MD5T_6xe*B`U)}?*VvD?m^bfAs|6B9y;*_HH+62H5z
z*hxS_jT#5}8YO#-ENf(wn=P@6_aYaM`27eM_#~LO4*UOq{!FA)xn`ou8puC(3smB_
z6a2Ejaj;CWgZ-Rj>p@Cjl*G4VWd33ETG2?gbE*0!Ml<osxIsl<!pEFiZ2CwH@y%Jj
z`-an@Ut@U2sG@hh1=s|vA8L~68=di4@igO(qH{+K`tv8=7Rdw5E49Yx=32S#y1!KI
z55Fq2S^CY2mTB=<T_NjIkNvf}y95mNIMW%AzxXUqbCw+p@sU0VfYRSK)TO<mg*{~2
zA_1j|!;(;Aj?Y*ls8{@j1&fH*{yW?K;Jfo(-XQiZ!)%ws%;}*x&|fAF+Jcsin@Sj{
z=%^P)N19b&PWcIg&XS(CdD_kSN0pWHG-dOKS>AWB6sh|s!5>>tY+}?H>)c~?Eh5;i
zZjQytKoFnVW+YsDD^&^#U4GsJ8jS9I+`(O{*8S)STc8@Il^JsQ?TWE&o$^{;6RXl7
z^YnuC?}-R549<?NQS=EvB_aiO=c}w6OU}RQ3}0hul-S~@<iRAaFpUWa7>9k&QnSX$
z1cfND9m$T%+1wM+9LA*JxU!#E_8~M6684+obXRWaFe29WV-?8Y8Fp=+P)D+m4*6On
zt9_h?<B~KK;mtIYLPbIt-ikD#zUWRoF{;<Axiu-f%j5znkRkW~*2}<FyDbgNPN{LE
zu#vRy4^HsgaR@BI)Yuz47-yE|!)I#PyafkCk*V`qBMNP?O_%(vtI=NnvynHN0qY&&
zQhH;bqDo6T7sWG!vnsIPsy>8cSsQfND-(nqY%K5Biyuui2)xcr4vmKK?D||Fq`mMa
z9F5G8PaF?9zdDm4K!+0WTAP5aub3F21Q%k%woqmSm@Nxz-xw-l1>G#L!v}fO;?0aI
zW1@<9j1Kbmr9vSz<4I{L_Zpt5G+#^`guXnQ(Erk<IV<<Z4?WPChJJJpS-q!QI&#m_
zh8~xx(iP07;noOmwCKkR?Qc&Bd1L!sbE8+SE?&&&BvfZazh;?J%sULsjqOp>(yIi?
zX7jF!kr7(iz5ByQ^bVlMfT30IJe&9={gBT&R(#K^jQu(N-(~xcox3L_xN0k@DVQB<
z%(+AW!+M)H8n+Jogc8i8ZBY~#4m(=pzvx&3eO2mI62nR~3c2~XpcCuZ2}u)lOogVS
zXMG_ImbM@L{vM%x5UAh@|LhrbDozCCOud$mh41Ag;y;|?{&{3a@};#nd@&O~U68!-
zyVgJ*wZvfz=0=b0`?4^ZA1WodwsQ~4Qi^gUMZP3ID_(ee9lp}L+?W68<%G}>&PrS7
zNOLh{2)j>j%w{c=2X``ywYZ~w-phXDLVOul@#ucNn7P4$WM14*>Lf`#r?d!pM_o(O
zU@;t4O%tiBx;^GZ02@tP@vtFD8h}4|YN!M%OKr>$`Ni`p3ge9@+ONpyLWJXCDHUx~
zv$)66izHF+*gaodY3vL5_90D|5pGY<{V|&KXSwm6kec#IB4~=9UG+j&)n$CKLHG{k
z?4|fUE-E4{eo#|tYQuq!x0(6F20n!5Exv2j5WBIJVkmRog}WNlc^jWH+IqR*d@m6U
zl*3i?TWP*&*l$<5g;LM(zlXXCn-k{1l~U-Cb;dkZv4AbF^nI!olUl!Y){J18+p>og
zzKLkRm*o3Xokd#;PaV1!*G+xcVDy}vmLf3+Xu=z|8G&ipV<Vp9eZ1@&4^h^>?b!G?
z;R_sM0Dg^3%;EWY^SuJyK~!Xf;ruhB_sI=77+@oK=<S@NbM=J;9U&NlQK?rwbv}k{
z5-17tgE%qq9UH7cG1g`d$#e{G70!B7(8XTckOTK_99A88T`L9UVj)xhztu0)s_(9R
zxU^`3Dmff@+!NHs@TNi(30&c-wMC)v`aBJe-S=qt&rj-=orqy~B(`)1+w8kHMkERB
z`tCbXXPc}){VVdxnQ*`gZ#&h1hnqKlTk42Jf0Qn5Zy6qq|H$lMjx!m+;55$v3HL2k
zTyEi+owUYec$Bq)w279Ol`D-;zUk>)7h}^G?$SN{!-gykWwvyS(V?_tVFKexTy2xC
z1Uh#fQe6c21T5D|G}dIgmY8c16~qq$N-wAoeS*r8BZmv0JMAECxX{fx*r|YHs_;x>
zg!bh<$@C-QRyArEZ4UMzve%A}FRvlJlcYh}W(d>Os*jbDD@FMtg>yQwReP`+>ySP<
zwC4psa9KWW^4U&7o?RjNa5|xo(SD=YwGvM;nG)d^uBz4<wo_pOh8?Dp8G8Dd<vgt*
z6}+z=^~nGa0@-j@b_o$N!dvY621kc)X?;oor7CkR`lBL|HwB$NJ;l;)@;HR*WXv16
z{YzVxHro=?`mfZlF}*0YFtISR`4Xr1s!~SAdVwGk4M-qIX8yos8=(TZfk6@iL_Bz5
zUkvjcr}IV&9NiG)5U@@gqggHrG;uFQ?<(K<*|>})uqOsqQ3Txu_4IQ{8>)&w%`whf
z=$CgfLwNiyb+mxv9X_8xRd%b}6CjzkpDlj*KzTO?O8A7x|Ed%}<^S<sG*nV#lvsux
znm(A{w|`+QE6j426&tqG*(&}<`qMU?qn9tl_8mG`FJ`DHu$N5x`heZbL}j%4er%Pr
zsHnT7cClSTmL0QL)B#ddXw$jiCN43P`F7ZIm*nx;7zkB`TpUnbF74Uio}DkBz15N$
z9}c;FBOD77Ff)2#nbXc}PlGqsfZ_e6LWSp{=XO(V)QfWlls#98T+Mb{Zb?4ol!x>0
z`bI_LPWbJ)&}sommVN)4{?&erVO!8w-5e(uB!Ix3N*n!DQGEvWxv*dgtiG}s=_O&h
ztCI%2-ow-H@g`U<>@R!EDuf=U1wg8=&!_{>!u6jyYu9=LruJu0LdP2sW}0J({8Vp>
zei{Ub9?!2mFRYIET`!Ef1y8gj2Ja+Ow3rSno~+UzG(ckxW?#UDExd4ypI|!?JkZ4e
zm#tV3zeiV6+zpRt_mKBo+dfpbz2}lB)yi%DMgVkkK;`jxHwv3AMhsu&<k^24juNKg
zAjD={m;!AG<ue=0ml9ilr&|t+!DtQW+^cA@05!bP^XO7N86g`kOTJjt(2?nhsGs4;
ze@(y8ayDXqxWHHucmgKT!6a(-_n&y^VVGd%si&7UV4SZ}QQ^P&ry>EXYG#(7a*v7Q
z`d8L?R#iSZki<9HqJ&(Bs>QyIKK&yF2J+%|myiNcmp#ypL0i4hZZNB?iafx`9!^gA
zpG4;A3y{}wQK8)ta$y+j>tpu(ltI;r1Tf82_?OGkcHDD|Cp~M8U>7VHd;*#F5zcdy
za<Nf%Ju!SzIPxS|6S>j=M{<$Yv_t)?^9w;X#!sQYaIwOds#3Bw3XF#>A$Tv1hAoYU
zt(GfvAW1!02`o!BPOUrRR$tFv)a_~g6Z3)#!D4f8zrly##y`GLF)_H_d`=Et5&W+u
zp<@2ux#QoSqCj`2>4*d_ek1#M*INbS+lCVH$KxRv6SLOC*ISEAOoR{gxVzF<XnmBL
zImW6R@S>U?vXcXs3c4+DkC*FCsj)}9a(V2F{zXKo?@#RH_P5=#i)>--`d+afSFBLC
zldJ-}4&9xJ+{!Y_>n`lw>3a?yPD9xal12KPtAYIa3oOTnmVk?zrr_*-gQjxF=Ls&w
zJ-%D)rXr1a$4%(ob!RqtcUL4SF}G0g4zc%`wfptwxW0stqJ%!~DFMV}?QkQd7FM&9
zU3O*R_LPWqhM*6fZ!QVn*7J;pc%gbQwo-^2Ti&$uJz(*lR07n}JwKGi+#FIuEjbz^
z^j|bIWrgh8dkiyfD3)tQFl(Z-e8QUZ=2?aLF3(jw(a8?`uBQMg?hazjMj`ILJSt=(
zFw;zqm6A*)AE(2)9@l6+FCQw1w|8`FF)5<>9=ka7CEnLPogG8-y&H!Tllcuvou<3*
z$JWgKX7|s@Hs5G7yU_|PNr}u{dce?~-P^~}r(JV;_yv?n(S$MJ@9_?#ssVRV(_t&1
zChIb@Np$L0?&9B^6uTDFWLY_n$8TSW76pShpvVD(HyAA?4cq1**%=EAHP6S+8p~RE
z;T${lzcw5Tgf)dbkhOrO@Hb8VowYY#CZ!n@e?6QFegs<pWqei0G##(<hJfh@pqMO+
ztYx>Gz5i%Emt=q2rpm5YaO}q`gF2*vTFDlnd*Nt*Sg0}Ob@<d*#0iaR-Us+Fy_~8G
z`$y#bLjE5>f^2d4S1yyLVRbL%Z$QhwnHxjx^Y%!+eI~iuNPZW8+?W1cYYIf3^h++C
ze$nTO#~x{i;Ex6ez%g}HT9+(LnmkC6FQ`ORD7>ke(zG!2_%XnRWi35p2>YQ2a4xGm
z9#ttsvTc0cqL(y)pW2Pq_W@z8s^dfTFJHehJ&TX^pa=#-E#PZpb;TqHF?3_^Zq5IS
zv?A#|<9BLpZM(~;e(!X91VrTB)L_2AV(D04Pxy{P%*&4Ha_u?pIDd9+5jlmSenf@v
zhcaeO!HNgklFTcry~PY^@M6QBw`}{Ft<ac7ADnPW$VAg6Po4`qv-_Tpsdy{db~y4Q
z&_gd>l<c^-izCoA1jol|&>+LEck?yye#LW#-dPfMy%Vy)`@L<~QQCkl=jV0nY{Dv~
z34cvG1f2|sZ6aFEVB>PxXeaazHtG_)R2L7v+utb5qX}v_gb%T<Xt%SIUoCsK)lCkB
zc$Z8XkUTXmiEL#RNn6i0&660#rr_=NYr!+jlGMC3C)px4r>j_$h7Wx_y6JP)apd(%
zOEb1Yz<9R%Wlitn7zpzjU27(+nM0*de0vA9pH?1hClQV^cWs0f-{I79in5K5$19x4
zwAQ-45LMVQSUSl-lFC(sy-#yrFn>-y{AV}>j35EG=j{4yEc}r}=ub}bX6n6SeGptF
zfn6J4UqK~Hx)v|`3G1+Ue?==?DF%ou;0{4DQHZ{|3^S8lc6G4ClCtm(uAZp#%Veub
zWXtyXn18=1;v^L73j@DUXAYx~>TYA;CEZJZ;i08qM!HJ_^$S^@RRT6q048>**3;sn
z#--|q44zYiC}{bG6%(U#$?YQhTRGJmA}p}}TTV-k+o~{icySg7K;Rrn2r%f4OV<hP
zYS3bST9H?ye*Hrd@RN#i&&FTex`+~GQe6|@VEdsg(w*Zjc-`yY(mY%|{5smbyKLFy
zI@iB`@^JESO|uFR!sDD%-T%mbns>h#1<CIzNMM5@CR~&D>Vi{E;2%?p5GlIMT0&xU
z>TJG4%He`PWy$NlNp3mJ?gtS<7Z}tLBBhj}V%Lbe27U;$3v>Q9cD8M^c17Lc-&Bpq
z3auTMf0x$zZt=8;dlSM^lOJiKkdkk!r{$}cYf}z_L{=a5Dv52781nCzZ~=b=&B?|p
zZB7epsUS~iZMK`cUQdCr4X|Wf)EsG)u)LD#XW&uj#0PaA$PkayAExN;lzQg11E$bU
zBmYUW(8WHK!d5IfH;i3rM>kgQ@IurNwo2>~1Hmuv0wL4gMBu5T{T&TPg;tc`M7y&Q
zGllkv@Jh|E^elOXkv#7p><g*e-SEXiN)CgS1w313<Bs&hLgx)OPbN{%McERi#<bc1
zv&J^Hk5gvr+B)M~YF}BP-qeS0(lk|0tvSi^Vh8-1?l)Av6gLj<u;Z)s?4D)m3i*ov
z(H1oKEES>N|IzW~>q*v#`qmvey2qW~dA(7%4?9yOBCtII3O(spCc=3+#$bylM4%B9
zV7{z*Y>)yKWIMnvIC%pVvd1S8v|KAz$O+fqN)0plTZH)55eHFU37I_-!*>lJ^Zt3m
z^!;uym+RdpS7+t_qXkIxsS<Z_D#Dixj+Kh@m#Y07-&!eD!VX5*1CB=@r+1_Z)jLND
z#!*LOTD;*5!QSoQA*l?EvueHX4i1t;0J*My>$m<%4$7CX`vo{~6E?@k3=cf@UBM-A
zo~0MAL<9ngmwq-6pt0mD1KD-dP#9wAiX-?@ezEj2?S&IswwfShHRB~}Yt<gv?ZLyU
zUx(lQ2@U1Y3J`Y0Qyf09-}yPP?Ntf_0+SZd>m)$(0E)TQpu9%=G)z~3M2e#cU?tZk
zpQ<tef7wd#&GyDYra=WVdNu!NrFQix-TV*St!rPHN#rI+U=<2_*vHX(Io@*Z&xwvR
zpFNqJr<26Hc>IMN4W@Xu7BvROyv{i-w`aSuZTEla+7-#0xWXyTBWxCxbR<^q&=!0M
zd0LDM?BG6np1C9}Du)&nqb&LyF{sc8!?~Ez14gu`?o?pm-38;H>f#>NY5wfcL#0*n
z^u!Ywv8C<|-eJR%%d})8703;UO?neGU?Qq*C)~_dn5hYeG2K?rwH7?BnJepWd+SF>
za+8-pP~k{rxc`>X|2VA_FpwuL(Q)?VoTaqGj#+L>Jt$U;s_K@t>9`edbOCDULM5qB
ze%pmU+(4&RQHW|~+g92T61$J>eJut3$ZkZ*j;gCD`OHoVk{@6%fg0M0nJs~s?SG^H
zLtV01O^O*;s&qsG#6e?jNkLkuy8<TAL`94|0ntS&02kmVt9pE`TsRmU<S#xM0DHUT
z_?x-?<ID-e1>?BbsIPkkp59GK0muzaW{EiSEhbX+6N}9k%Q(q4^6&RfOl4MxBt(3t
zaypd;223>#XE7x+jZ}sl>ZmzCG!91&G);6@aHEiHAqRvO#Jk4<PQvQqPja?Z|K9^u
zpWXV4hV{fZR&E}Q1E%a$E9a}`WWg`cn8GVPMSFfT!|g2(;)Djj2M9xwj!-o<`-4C#
zEj7O653M09CB*_vPyr1Wm<v2;g61Re9%eFSAutaGzk3ZI3ZRc&c?`Ju<6_4Z5$LSO
z6FZ;p$-7sobp8`DQ0}jX$gquVIM9OANFDlotMuSy=p$5KHsXSsEM|0qE~&%muMdQT
zZ`%)Wo;uHgjxxQQczf?00#GLHWHtq^*&W(1ZI@i~{Tn0;#P}ck-ac_Tj|kcQD2V*3
zgJt-q9HKJ9r<55XILi2@*Jcn>Cz_&gj=E}ZnE|R#s2t+BEw`1QtXOfm&fDn@pc?ZL
z`8C%NmRmz;(_H$gGy+U0X|h5^eZ~d?YGnJ_c(-<4pKW-6Z{@bfcH(NheVUY<XO7Pl
zd^~-cTJ6C&cii>q_2mIT53BbYc62sZo`0Jw*i`_PKRi+M{w72jl=>2T`?+ewlS^{~
z;!EiQ0xPLOq2)du=H3^bc=@apBV`9qq2p2Rc4Jz*i}e)p;#Ziu6D87}&6v&)&L5<@
z4(7kvDUqTGoMZKP+m1oYcb=+mf;Al=N=G3-7H!4E;F{UYQLxAy1Z`%sV+XT^r*vp}
z@6njF$E~IY7{PyoRgk16Iqv+k0=t`Q6`oOBpFB~xd+a2<G+1)}v|Sb%>XO0RlJ$j;
z8a+qFEAP6-O0B@nHrw3GhgCmoUG7@k7@mC{jLIHlXc${{_g&-aG69X@kqJ6gddokv
ztY{E3Q}H<HK>g>FNEwsly^0*@>ZGj=tPZaVkVT@awWKI|ULB55&{)Y3EM_JvdTex7
zY=)Z0DepUb4f9Da?t<j7C7Nc*KP}ob_!oL8wO3hT%<?$nlqzpH-3ttzrByBLM#Uo@
z2*F%`_E%}Ug<dYp=b#`{xwa;Y$aDndAPSNPQQ7aD9GIS^-In54qk92q=%GlkJuT_4
z>RB={0E)r&p2K`r+Pw(Z*LGF?c0>H3{o&g0UiH7LZ5+e@<?HwV#*#&-ow2Y~S%XAH
zNhByP>)h@{T$`$?IR+kv7QB1}99oYu-C7r~_6&Au%1FG*-MlKjqCa{nv|P<d&_ezU
zOTUzQB_*W*K@)xSvsQpWvQ6d+=e!PN!Tj6!cJl>`=Rs!=tczc}GcjPuX>iA1evFSi
z%6$F#(228rh4*y1qbAWp*NA}IYSg4*M~l9${r=d6k%n`?Rx_gclG{{wgZ<sb!QuMO
z>|s~N<l%H!u2H0q22WJb&+k1*apoV{Mro}1e`(mV1D|naC9>aPIY$Rx+({9G=ogf}
z?sY}^=;@tnYWyx)?qiY(AH@(I_-Uwuzx6a<<IJF6#u91eeB5a4@mPM&mwAhPyv>-f
z&=is5XKP&5fajC+AZsu)$Z`_>-PHMhd%ki38!QM?_fU{rG?J>}Ebd1#=|Ne;r@vWP
zoN6}V6}vj5D&vsUMqWg;whlB9@*m6e@jv4%m6LZOBQ-%I9l$CZG?;7gMUuzalYYIx
z{&%i5qyyz*Wumn;(BYJJiS$*U?@4~f7f^;tXlrXm)I|<Pmh>jaI=x<Z=TAUOubb>N
z`)Z}sEA)^Y)_43OzdNVDLg{?t)mL9}8s6Xc-rqEP(AFy2lf^9>O<a$~OJh>sK9DAH
zr#RFasRY|=_&ocSGXfnLGUuli=DjzlMvRW0;6O!r-&#_Zj0wcSZAO0YOO){gI`idU
z8Z!XHz2%f3#kcRi;WNl$yz&<ZvoDnLy_ON<(UH6FZ|^VCU;cjEySW8Dw76L8WU7r>
z@m@xwe7Ir19eOwuKWwkA{nyw=`$rgIfP%K7fT!*T{dc&n_xXtM<>p<7cH_0I_Fw%p
z-2F@VnsVEZ9%l?yZ#Dv-pLOJJb^M^AY_B%t41DtjlC{&`yBd1b@iw!A_5+IbF0#os
zim(=U^~WkfyW`Gpib%zd>*~5<NmQQI<N#B{;Fg>8@);UK%M2JJbWkly=fWe`Qomzz
zdagZT#qmbHx0a{Dd>G=_q`t((>K@A79*Bv(S=@{N&Z1X~<8qK8cjsl%zUb)QWoBM7
zC9-p7eSO)lV}}x?#k<w@R!WSZHaWf_<Mr+3yodLBFZb=)%|(20Svl@IS@DIbS^_uQ
z+Yow`i=5^HJ~pUbpkr^D*9P&at5#5TZGek2_%xw#tsVScVnD^yA4y*m{+l9lU-_!N
z?WQ35Kv&7iw#(C)`)ouw6R?F63`z3Ol`F*G!c2e4mZ#??pw&li5Qh=$RiOA-n<NiK
zxuPhd6fr+5kbLVkl(t{F#%)?H9(^>r<y$Mdwb;u<C7DUP9ci635Q&$KO7yL|2m9hr
z)O!1ReTboE@O{Rn;*LC!*OEmxTop{6RRLiFrPO6}4Cm4>3&YjTBVNI~&KSY-5u_%s
z70TOt38@KTV#uw>1b14mFtx|t!~MfO=dMs~@;^!3lmE)zGBsQ`Qx!Z|Nq`^suvT<y
zsW--&{WAj(7A)is+Nf@R81-3jsRlX-r8P842RKG%vOP`rV0Pmc0m>#-rM33{VZZor
z=cYZ}HfZZAV~0URndW`NLtg?$Zd`WU2eZuik5Fe#_#ZC5oHYZURFuRTqa1`p>ST&;
zO;oA4zP``)<sp^??ek_77NRAGU3d9np^$dm5R^~|$*b&y?#UqbB?nqdnl)%yHQY?O
z?`67T0?}eB8?@T3txi7s^BLXW$>m}JS5;h?K%4thL2r9bD^^E|*%y-24X@i<V{$_;
zg3dlkl39PQSj<=ci!AuqA}-Lx9y*W~t)|!0S<t1z#*Adx@V2M{)WLft)(EQ<Q@;#o
zu&l8Qrz5#p-Iqz|=e~MBdrpDW%tPNoxng89hVjR$?3ISFCOT4F2R9vYR91P5i`Hr%
zK*9jI-}rKqTcvU{erdn>WH8p7lUt18Gk@pQ5D8rQANhSze&m<%yi1u3pKzmJqgq#a
zQi}Q_1Jz1|U8%pJ0ZQp)Xsx&)Mq@{E>{+xdDyROCbYIE?iN$gB>ipuxs^5L-LjaB)
z<^OCdfWHy=iP#7efFHL8&$Wg-gY01;x$*1s<u6I2S@F*8V~*5Hvn+^b&4SnKwsW^9
z__v;Ld^zS#<r~lWzE}iQW3Nsg3@y);k}L~gn^gTko&g(*8u+=I#g&O*R3zV<1uKAp
zr-0D{-79^<;~9ZyoM}?z#LtAy#$&rkhTMAJ<`WiZF5a+K*wgPeqm$`hnHGX378G<W
zyMCcq+ezy<bV)Ph+WC)|`E!2>I8$ImGgfq=s``d!6ZK87%nqf3_g)T!)h4IEPeQIK
z+TK}7?qI~%96Y_b{10CSzufzTLDZo_cq;sw-Z4kF<xtlCZ*B2+G{-Q$pC3L?hbEUD
zGVf^8J}X78Jx+DVwXtRRIb<f?HD51GQk4uAm7~!)UM}x2!B$^CBLu!5Uc2r9)rMoR
za=j3Nzo1MoR(bkvd@jkEpTZg3Qc0m!;?CeNn>+iju5WxtX{7|^AiK`>4u9{)%Cz?`
zcRZ0f9(<{u91ey#;l3h5(>c(F9)?chEdNW>|HaVO2bu?p8t=O3(|^p8{r^HKg7R3*
z*g0;^L^`y1ON7lt)P3z6-zJ0p@ML;u>Cw}vksDG1{^c_&igKr&!l`-}(S5@QBFM=T
zZE2<jAuup3`hdpa?MrExd4-E|Vbk5|MAK2Y1vhroX$qNhwd%rn`ePg#2N}sT?qhz1
z$Os=gp71Ba*SHn83r_O4lzYSH5vSgdUZ_b29-QCzfH$hqAI9$@I>R$(64zF?{?Fek
zb3(ffFCtgKLCP(T!^wO>1Ggrgg@trDvnF^qjpA<8?^&dOV(5J`&T>hG&eerKeBA^s
zvS#}~_i0*#ZK-c+BF4Vk-YJm5yt*fBPK>F-OYq9Nnqi}s#Q-qev{Xd$qUjS#z9iiR
z<gPj9Pp@|3l)Aj|-=c1~`c;!UGymqyJUNgBn}L7>=28`7>Cch)aFt>y6?3$Y>&Y}v
zT;C}_Qr<eHudc5L6PqaSn~F<;r;@KN8Q|o(L<AAPNWrB}KWP=dnl*+<gRsbu+j_e%
z;C*&yM@k*H)N}L0VP&lJ@!lDcGD3Dlbs-{DnHJO?^?^9%-s%6vLy?Go*oqDF&p;B8
zQAb(OOHI-41ZMAxoW98ncr8G?vrgoFdk-PBFz85Djb2`Ap;ALn#dYi}_qzb1IuA^2
zGXZU7dcAGxrn?F11k*bN*S~|(QkTE!IX`2*!y^2QVg^U_IuTU~v3DO*glf^A0B(qt
zQ0m?7sVH>g^R)R>oW<U-4_-Z;BW6gV;aN7cR*>8E0DVjAzfKIf)wS()@<;tKhRYi?
zE&lx?@K=^7Vj{kX7GmOXGYrT!%m9m+l*dslK61iO9e#`jQ0!rUEsl@b5DmZlcIe$(
zdX-hs^8EX89*<}*E;Uo@Vwi9`b^?y5=xm-V)XPv7o~aKS<7epBSa*=RAX0l%sLmnp
zBHNM1(P7NJJXkCu_z5!_4fxEb72$){L{@IK^^BIJ%|QC5RYb{<eZ`h#`c1_ML3s)$
z;J9SK=9!;;J8_vB;f=K?amlZt*D33Hb}_-IcrXW4W7`GdClYR@Pjo!Izy6+(DR$M9
zx^w_%1*qyQxc~Jaf&-fN7IiR;U#)s*H{46P5zyE*-IMQ{=o@{jH^S1dyPL!j^fn?P
zEhP&*Kag=5p(^VTXsb#?eAe3;CEn6qAAb<=MoXC(roSk5F4enHA?w-6uv+l(Y)V@_
z6B(4<2KBkqvfOCPzc*@r7vg3_`47HYM2Zo*Hn1WN5;LA|hl@dg+tAjO`sxs~RE$92
ziAsUa^=I)DRjCbhhyy8i2+m}s!<Nwaq{{^tEk$CQKx5&>JA4SJI^YAi#KC9-tVWBk
zgWHF##>8_kAA@W@?NXgA-ibQi5_l4U@PmKmj8Ao?Pib+xj1VyZSFnH<W@}D-d?oXx
zC+yaj>G+yzGf|l9XZn1HeKkGDoTb~6dH38wX-80prA@|-Sf|--N}i^=CpjrTW_EEs
zf=VG8upNHnEx`!_j>BNVbb_OhW5p##i_&R_<rl>S!a<wq&F*DaZP1MY_XDxiY5DA(
z3cn1hJPVX8L{it{fL;fc4EB$G`Ss@?El7-<Qvw4wL3hlfE`-<NX2vY->MyCbGQ!tH
z)%Mf-Cu?fF6D6K-D)I2*-ahC$0;T?6NP<3G5f<eT`rY3$aQO7z`Q_k#53&8d{l530
z#zcV&+TPOc(W>U8{aKf1=KZkKY}*IvqY#1I&y~HKkhH70RWH;FgBIek8U@XRB~)AC
zNpW{#DM7At9OmxBJYa5CjvJWq;^Sfs9(5|BuMPL@3l&tmnL2DbN!})6Jm{SiCJy$H
z?s`|2)$&5qe>I@yeh5-}?~BIOrjBL*nZN$t<jDg0jyb++G2{W%!3cU<Wh0-{oW9m)
zRTm)8E!+PY!-I$<E6{AgmBgI-j|Lb7BZP#W69os%x>8jHzxK$>a($BQ@%#}N2zOF}
zT+!VVi)z9{#(Gm#nE}w<zOcaLjWy^ABYPq_wWL7;aFx$MOV(E`46Hj-eer#2Kn|>9
zq62i<#Q{-HRUNrw*wd{YGIp?4oXic~C}tTlr#)i*r;PNwn1a5RI#!f=@~KV5Fi1v<
zkll0lqlIpg!^gkpC>D>2Dc*hKmr$MP0<=ir|E=C8Mn-7HdW~jmv1n*n$lg}NUMe9x
zias%nHZvSE>v#7FXTbxZNI5bfQGIvrnl<mv#VATt4M$+LEu(lde*lI4)~f<H@yNob
z{cjoRYu$0a0}?C#csPz!p${bCFgWAC54l1kW@t`Q?yF7c%epaJkhE4$fw_>)SN6ii
zjNm7HWR^O!y1y!6e^bI<_QwSv-$b2^?Xh*3=KXxfMNPqUxZn+-lOP1IvR<<qgAu)_
zq~X821wSK{-rChMyj`CBl2f%wEhcuvZ|Nlt-{-fKXb`OHNHnqhEDcwz?F{$a8e=K(
z9--6*Q677*Be;?#x3HR$YQRj;?V3JK&=;{vH_$(I)(xBlfF{A%{a%Y{6-OjR&10?h
zm1=dm{dq^&4SQ@DL(jl^hsZ$G6;nEJ0te5Jtf+oyB<gZ^9IzdWn0K^Ion{hokKI*T
zR?xC5BzsYf?ihyH5hT3{b~*uL`k&7zVlxec`|hXb<x@Bzl-5H#mRtZ&46Ju22&vlp
z8|oo7zY{g9>o*S>I{Ry0%|B6{Q(W(4kZ2}AF)}&@reX0dySlzNEsQTj-DmvORDRd<
zU)i?lCN2_lBg9}tij3JoTUthWkS2(dq7wO$;U962Pw|f+g=M`q^)A9)sI|t3G=_Y%
z5k#tOplCH{@b?iGSnZ)`w6|ZxrW9_%8NGkOm7{A^J;2;^iE-m**PiNCYdmxwRp)Vr
zPwGSRwPq|HYTpL5(K)?Ve}--bu+tTZdPkL!r329fMCV;KcSXglg;FCwkJOU1hVO1z
z_=-*}v^VSDRZ>qL)TrWb#n4&OgqgyPbvZ_2^5-%i5NmI={h@~0;_WZiqkpSHi7Y1t
zpyKeuRT)`GT<R6hp!Yr8V8%7BY`wrTPmF)fh043c$q&+Ry>KXr36x&2W0F4y5$q!)
z0%l5qK+gMY$+X*5bbxhn&4=7M$3l5|SItZnPBj&m2Wv`n9=cTXGH$`M^7q_fkto3N
z*uuI(&QQyz1#17{<?~ak@w5SPx}eaU#_x3Y+EJc!t#2>?eBlM_Ii!VJ%?E>Px{YNG
z-Td-?pDVqoCRArxZ%8_i2bqc+-MG0ulKvo5j+rop?{*JoP>S^}qiOU1yKh)#uU37_
z-%MEYfa$CJY<FAivU;zKKP|9&|LJdK!*=$<fLHSv-^$QlI0%zUlYF%wGWvc;sqMkt
zG$Y0wtZe_&v+d{4HfLWUP-Sc+aqA1dlzD$Sf9}z!rqN5pwUskusZ5BIG|zK-K45@a
zn&$TyC5iw3riDJkN&B=_$-7lOEce>{w@s}C8+rQKWmOAq<T|pqiGV~hMcd45`=-;6
zb6kGH!0OtdYJUHbxxlyQB$fj%T-P7VCXmYpeX*@YN%a}w2Mcy~9kiEgobIZM<V2M`
z*}-Z|u>MW&hKwcnCE$8hsc-FF?Oot2gP3?k1fj>HGkNJ9O6@yoaaohWS(9fylRg~6
zKcA7)lHm<mT^|_-SqY>(rDRtZnE6Xx)hlZGS>)0$buNf_E9mHZkcjgay`M5Frq05#
z(*tH4-E@IFa{BrBUt?bjebVjJ-`tC6xpn6=wMhJ}<3d`QVT#-xG@cLoA1on=BjQFC
zv3L=3v6&j=8inM^+JVuB(gNsVgmUS~)S)gRYmsyUsWDv*#8baR<Oe5hYH4|MEe%SS
zGeKJ-nqK-6+(SCvq!=}3DEM=mgHGx3z_<0!IS7OAf5=1H&~PVG2R6~5YHTfnV0~v1
zXS|*g&!v?K{kG4SR!q|F?Av*UpF!)DoEUF3Gw8q7fcpJz?$6{q6*^|lm@OE{bkdM7
z1GB*?^B<M0dM(qfthCzOXap?MA;4{*u&#CG$j663w(D5A$Jci!VY&W;un}=*Vslok
zLN58@YL(n1XMX{FZao^Pm8ho;HDnJlhqreQ`yS-fu7(mOnVnA82F|RW%fL2k;xtud
z9xFhRf=COLodG8&Y-3)s*i7BTDyOfZ+3*Hjd`Kb5=>0sX<!ss^@X{JtL2z7}_OMI7
zU00Of=Fct!lmoD@>m5kZ*`&q4iiwEz4<90teVylHGcKYgU!cYKkx5~DGFs+gsV&0i
zjE!zCKqYC7^Il;?x^XV(yi7vnTuj<N+x%BB7@XP=|Kjsv4)~G`R7gJFI_4%|7Fo4&
z-wYGF5qtBN|5pP010TU@J*-X=sVNIVY#5Fv-ybJou^$WLS`y_B7b^^s#43T}Ggs!1
zquEBW++MXhCUTj2?DhROC(mv62bR{2cAh|jA2=}-rvcgUaV}X1Ej=RL8~s?TU8`MZ
z%EBc>t8#9WPbjr^p#Kk7UjY{7+HNh~-AFe`cOwj;(xP-LjYxMhbfa_&2nf>M4T7X}
zr=WB<{Lk$Dopb(ku50$SVH^hLeedVab+5JM#T<2MJlo?^0B?wR55v;tfD!LLM<!rv
z1!NhFynGRHnL3!h4nzQ43xnHCBv^k=oK*746eV~I#7H-0l=NQT=mev#2}AAO%8g%B
zuYsaGGU*}<`u+a~TH>a@Ln_)}3v+$!bQ_f}9ig{3BZy1B*l=2V2~(z%quL2<<D@m@
zvr4hPe?2(kW0Y3hN-r`ss*`Hml0Wp^6Qyr6>Rmkmpo*@Di^#<KEY%b4U6&)_yk_<7
zs?<ErQ_32&4of>4?&w7yihxSL)dYPXnuv2bRCiM^_~oKs9oF7=O+#lYlU)AqP+<Pi
z^qsg^gQMla2rUSGya&V#`+!AdCx;p=xdGxYv9?BcG7>JsJ|UAb!`ATSEI9AmVXnAW
zX2zB(Cnt(*NBi~d9j29CmfRbmitTHFcqrKL;}Zx<_r{y`zu7{o=bjFKCO*brPfyp=
zz2I3*p4!;7AUPiIH(I?|5>NT5dFOro(ffGH%=>!EY?DZ{>*@QoBk(ez)w4Op2G4z}
zJwtLw#U}>uz>cQ!XY|HH!^W|IrZlE7X!t0;t9BFs&^>8y@EmDV1)3Qzznj+Jl96;d
zcc6si8jn4tNoEDQNDZNiJ2aMTsI{*Uz=AklJfbzA@kqyF@0N`bW6DDd3Zxy#cLcKa
zP;FwvSQPM&*rD{|T<EUpSm0}_dNFpJAi!P-2v*ew`a5{}N!f5y3v~-Zmh85_76u+&
zx2Tm&+BYw8lShFsz+<ea)>wy_edu}NuXk$Ph?y#}xI<l*{0e>PVZZ($5@E^|@~Jd?
zN6vM%YL!HLS%#p~tzJUDzwX|04#d7uGZ=qTpf73G++=IMBVawygO7TH{O%x<gAy-~
zrXF*O2utIeu|y;Y_@TH|IGM|+nae3TwLZB2X5q4?LI3m`wY8nGFnbuF?-IME-@el)
zQT2>YdqyIRLt_171UKu?55Icp&?<vNd7Tjtz616-e=$WN8k?=8u$HZd%(SVe7?)iq
z9_tm$MrFNc%Lamc$hUc;-rRp{c$R1|biMFMn~7_2&H05^we%4R9!Nm^fOGT4dA2k4
zmy9oi2pNU^<&Re&WpZC{BpJb;9#(ff5>6$PJH5bN+Q<p=)&5Dm=X3wTcEuN0F{uTb
z_-y9g?L`pah{8NMRqWU($StX6rZXSOct8fbFaatS{wgI3)_>WK+^xX+m0raf`|7Vk
zPSfs?8K9eH|NE!V>hVN{`LJM3jdN~(K48@(H(YSVEkE=j`BPFSQ!ufX{;`}!z=i1H
zc4e4_wInFpbnWEVZ0j~<e!<6HC-BRaYyzgGbB*>HWv*E1=<k+(r8HF41FRC-LVv5u
zvm395tZz${5>7WudM{S?gS*^axs{PR#t1Lk9<X1(o;V&?*zW4bKvxMx;A*LWV`csG
zLfIgAa`NrfWp*=au=b9NXNIr?*uQMSq~gK?{|v~xBoKq7YieCg#=lGrjBW=NuvYL#
z+sxR#1K;DuzG^hV4BnkNq!kdLguSC?BoezaZ4d9&PM*_?moNJ}gQ)${kvk^{5fNnA
zbx!c-=bMi1-4=OR85t?{1gW2M<MzxL-9rl$jo@RGLl_mOS1(r{dVhQ}g3gHfOnB|=
z?7$824m2c(PEI<PY9I4{e)abKwUOUF0r)VLPW`l3Eru2R!92lL-$Zo&3kv|)(aPlH
zJg|0hvWIRmyR&9MsVkWb$k(?>sVH9EJS5nH)lh%jtdjqXoc=r0ge=CB)e~k#Q+!4A
z>vdV%bX%Z(n)q`eShvax^=U01*8<b0-1oa{JNf&k<+L_i#P6j>&q><aP5BNu7Q(!S
z1es(}EhL3R2paDrvrT;uU!{tFeQI#*ZLVv@%yOQYl3$_m7Os6EDQ?t2kS+CWtUF~q
zfC-HiM;VrWAoQ;7t%{B>W-Ac>PUcEcVi#SFe4*by8hUodA?$cX&&?mL7AEH_=_gNX
zTd570fPQ`T(Qa|a0*fikXlt+|%WVqoh_K%Sz9kb>Rq7rc?BWM2S^59!fBw;x=0&Kn
zi+hFRR*C!J{jVcrovT20D4hr~hi>#x`$ME$q$d5ddQ4)WXuP0o)U`rr_*^G;2^!#-
zN3)TmrzE21DkMA?7<Mu=7}%(w;d^&5s4i8E=)<Yz%S9@R8m=7y-oWJX;hlEnx>-sT
zQw1hM^Ki`8(9GJ=8qWCKT+qk}RnZ&rG5+ZL+gOw1b%BPHT>;eKZc8gW1qcK~hCQ;b
zjuV`iPtc=mKSPw*<UTZ$5M*VfN~dkwy=5Q7NRo1Sb#<NmjQit_Lb@-Fr8OX&L%3<c
z>RHHik_zyJ6r#@Xu+J+aiCn220kh}3>T((i3V9Q0R(S<RQoQi-iNzQkDRB&7)?{QJ
zMc=JLI*kKYw)^!yQuY5HzCB)aDqsB_9d&d<mLc`%Bg<*AID|AbMykOA)-H2vYS5j>
zV%NJ~IoG*L^YV&XWUB*QAiyalw3V}i#OpuJ>a5iNbQNgmv5R!e7?jZUc2&Awd*R;<
ze&T+UDVy_$Vdvlw&t86f;hgr)4yEtC#*p?fqi7=A-;?g}O$VW3+t+BX>Zz4q9Ik-2
zjXhb9qTnisoDI#+^aq?v!XGZ|FHZFwKF-N68s4#0Wi14PAySu&yCMUmVWVV-r~PAS
zFX9J6pJFD{=)C*}!|x%wv~Xs2@ZTE+nhm=`@DV9^uk-~m(eN*8nq}yMm)}DoKZhB^
zd>=Urfv7|IP{4#VO3l}6kyx-9sK+hww9zo_;YINT%mh8p-htbiWJVQFdxu|2tS5_V
z)aZz1WtHw={K%u$*}*_-%j+m})rF*jx-!J_1l$>+714m{5x9msOmAt|1l$WG9rqx1
z-`fr1Bz6xp(_rESH;TSa2zBRL9*;R%ju)s%3j=`Nz1=zom1ne9`*g`$mhBl(UxFTi
z$iA>NS8}6h{IO&i4i3)E;@WYc3g1K8ke!@?GR7kI0;Ied_pAx`NK}Nl<I-1>jEiKL
zm;d2v!wBXy0LMs$<v82scA~!-neZMqyHOi<p{h}ocn&^#B`!8LJ#a=Aquv-vW_0Dz
zmqOGeU2b+3o#xfxvDQ!hm_h?33zN-zp{%UX*Q&oa=R~Lw>m7wVL_-LmJx@Qjges?l
zafFs@_aA2!{4Uz0UIpsRZl}>!`1%E`_!m*1KRbKhjf>2FxIpol29XxBaeL?&$-Z!S
z8SsULCDEGQ;0C`;zcHkK<pHtTl@bo30UR+fLWw#%9|SR13K`vb^OUHstTNh#nz=0P
z@FF^lP8VbXlXb?<?hJo!2W9;Ko7*=P?H^2riOB>_)$=89k>l45e;M+pR;2UZ_PdPd
zzh+sjNcnv(Gi=V=VWn*N!!qdi@xsqy_1wSTW7m_q0A5%Q*cZL&<;A)deHAQcYpAu9
z0G0=wn-J}3<M5|f5DTexB3OkC+#MZofv68{1T(i;e?sPMF9~Alo7%cJKy8PD^Q7TB
zsxHd&)W6cZC(msT{ihd^zc=FyYRBXhAix!xPn@9_+iGUd*>dYrzLWxxY_O;2Yb~!o
z@W*A<H538z?OGz%vgkv2<I1})soEnh5xC~0o7=-Gs3gQm>m!-Az*!6oarCAB`h{T<
zVz!2Zczl~JbbNPO4t(I-tCQWKqZ`)Q3_}%EYN_Za!(9Y96)wB!?mmY+I~*$Br%N9J
z=Nm_lBgYvwIs!QtUYDvcL3NOqsF%79l~J)}^IX{P5W!9JV;)g<&&>vqow1QZM|Y#2
zs}r(BcpkaM?Vb;gIp<SzfMTLy$-YrPClIa-#cm8I1iNFywcE6^)3mPRJ#Wz0z_sNH
zIN&1#CAB8nPfz`#);zCYcRs1J74e6lsQQ0p*_(C1MZxiXl4Q2(EL!P(En2G6iuJMm
z9&Oq8mH_h%LtRY`9XPB+B9{uC?^k=(<zQ)h+y3TE&Rsk!4A&62e*kERG#i?Rx&DmL
zM2dK(WOp}1E80zGj3AWjw|WwQ-P>Tz5(o=n7x0}GZiiyP^~t_^CHio6FM8vN#D{JY
zVgmFm7{L|QZoLs$934PVR>xDn2aG*{=%_nIhU^D?o0kwuaq%Az?c+WfK!JB9CBsvI
z9))0ejn7X6^hRoJtj|b6I5m{;yCCqi=%<5g6+I76E;r)B<N?Y#<IKm5_J4Fre*U|y
zRbgLDT?tusmB@XqJ$3TbvFWT~?!bSL^j7XujutoQ#$iXY7T-6T|E0a-_ASK9B=J*z
zF}JOdnC@HpMr9@V!t0uJkEBZwLcOSCK+``a=1%cRvTY&-{iSySLM_|dpE8~lbU{E5
zW$ll#<PbzvLBVFGbd>RTT0h!aS4Etaon0jA+9&4rj)?-UPHP_;Xk^6T>ZxbthXp<D
zdRLSf%3Eh$S_<?^)L_2*Gf@N;Z+9w?tLe^r8slKBUB+h1$6@CJ$O^cSfE7K6#BkPs
zYp8LeZ06(dj`ds~>oWq{J1Ack<swHMtx!7kDda2YfBG2sz#7;fa)`(D8!?YbQ+qbu
z9%nz=MvYBR2d4}1(fgGfG$R0U-Vhlc;&@-;YNQg)550qlyPexwA;CPCOFIXDdjk*-
zP3Ed<wX5D^xgLlk`o46hVDrxzl?Yw2*shry(x0v-kzV0X9W@k!ry_wjBnez5tNPM<
za8#3pa(dL%{Yz;i1>3z4{o~*v90Y|H*FLo#1-m8G$oCp!p{_NUQPD6^w;<rxpRSXw
z-3q%U74N%aB=3jo8C>j$j%_Vq5)cOm5ll~nWuI+^>GG9mV0>M6ZnDs$8KcLji3zsP
zNt$at;e2?sN=QMoH4fAhzv|ZknL<zTXge|p3SO6vAa@zf$}_e^?~m~b0r_+ujXsl~
zC@qDl4mW>r$c_2lybCF~)(_X)oXLzo$AFY)2}qi0lB4BfoV+gEg20b})pEc7MyD0P
zh1Ctd#YGRcf4IAJKcA8SZ)-8)9R%`883zX>kR;N}G<<I)=te7b<p&5vGM&rFRVT);
z!y}(C@&0QT!1pgBdRJFrdpX+Io9bgTlo=mn6F0f{S!7F#(J9&m73w7~cjRVm)ncPN
zOH~bV)-0<%Ki5XHEMNUzj94SH6n22aX4FcWIIQbG_vrn_+|+JCQ}&@O;n{lH@`w7K
zDYvwNf5Pm^OL>o-KcqX9FJ9;@${q;=T1rxw4UJ@6Bg^NZ(bJo@)R>D2w%mw{+l?{+
zx)%O4@`bpBgqZCtFGf0OEjcADW78;XLzbcaoH%9dEQ?wAD;!)?SdvoKM#L0JIVw?4
zb=Y!C#uCztBXt)5g3sN>_J_q0mX7F!#urBC<gWW3PhGi?3Itw2j|hIcyV}ctLU;SP
z4JnNI&hg{<;S<N|Ys=D)!As(|lAXZyfeh5fZv}SiR(x+!e6y+j9vl$B?SU27*?u<!
zAnV#{BVdoj9r{vKL7_-o-nm=e9t~m{^qJI8-Z3i|_qAZGe>_WDVsL4xjO}s@HOS|r
zRo$dW)8MzV#b_zc8mT|O$$D~$i!5d)4AC$y0(CIukz7?ab2I^_KlV*wX3|hZmN*vC
zk#cipqvN1fTv}Sp`L5f$`x`K4PBZ}4VZUq6q_08(m;%U{RejOYr|@(RD|v`uR|`i{
zc=)ATQYVSg9k(2+f+s2;jwh;O5AWHz!(1EeeBGRTRruah0X`}!U|s|VwBF=i7Zf1*
ziwi5zZu6$Bvz?Rrj_caEc;wy^A7xxW6f9s<2QV42^n_{b(B8b)pb+ORridi|4kGpM
zmqRPS>WgRuUZUD`-;VZ0d&Q?UvC%<6blGT&NyEBZXA6UNzkF1F1x8c<q4XYA`ge@3
zii|}^AZsAUJ(V5)8qp8iK|wGrq>yUpU1Aq7T{b!IFPy}09Od*KxeT3o&c@Gmm3Hp8
z$N@L6Bo|$S^MX1HTVc}DQ>v(Y86!SouOB<{xeCeqUK9y<JbMoBg;2!x=d26FZ+vHD
zkzvT=Ps+T&G4}7op>jm;zch;Vw-BXmaS6oz-7^}DksO!SgbpfNX;8}o5_b8?nfi{c
z6CjXadb~cx!dkqFNT9rNb*up^XRUrox=R?gT+FA(SCxr~$O*gd@#W{|zw3=ijt6%N
z0VSsM&k10Ay#(bls3PB9?O*QBHaJiV+AgA`i=jrQhb$>>Or{=IxF1_%Mr?8mv(iDc
zjd|xW8{SR?-IDdP3_OeUT&X2LFJdq6Us|~431{bYN|Z4$AaHNt|C~HSLx{c>TY*a)
z`wFx>fKP;;?_T<wG_+MKVEaK0nz1)-+Ak|?=X7_@k)bl|ynLthbEWK%Zu8o_La!&F
z#%-`)!)I2y&l0)gbdtIHrP|(8mKj=Uvu(1s?1FfIAGC9D(0{O`Pyu@eB!AQtQqg;R
zGFL6jVWj3{<lerFutaU4p1S8~3>B0^A?t(Yex4^7d-EQog(^Ojtck-D{OBjwv$dz(
zvfX((K@Y6Eawzvlx8Cm8TL!ar`y7Dk0Q4~nyTg+W=VO+dV>{OD0W(YT@egJrn$^qT
z<d*?vq~0eyT5_wv>NX|{Rw_JBA5w$4C3H~zoQ`>cm!l=8LZi-Z*qHkwS3>)V6~IuE
zavfL~5mJD^wy|MG45YQ4Jrac-ho3*;-)K&o^v48U{VkzBzTP&X1?>jk`>jJj2nq<6
z)=bJ6&ZbI)U>>FQ`?IP$SY!a_{pJRl8TPKnqf%~kLm)*4a&kMiyIH3z@C8aSfh~>z
zB;QTk8$_fEo7?=`aE96S-JW{;lWEYm>*)+b@VVaySS;xkcL!ZGTgxl_gcvW<oe#42
zVdwFuk#EuaKM9aOQ?YSWlvlW!>+^>c$d1Np#n)TUWQ47P{*O$?Xz0p^Y}f1K&qYz&
zK2Kea%@V}e<w^OEE%JtX63FU@om0XvVf%f|Y4dm_2d*Oa)k|=Bj3V1uIC&byU|B0|
z(kaz}38Xw<$CjsqX>-E}82Ee7r3zTX6c|@epQ&rjAXfjtOv=SOx;3c;<Ztt6pT-IC
zsDNwc7~bF6r+lL9aB2&RRzUte$%eHjhyoZ_)%4%Qfch2`p=yM|Nz-<3X6p0WDiMOZ
z@M`K@^0c_&(?dhLDExoONq?KnYigr>r^}~g2Mqj875ZQMTRWaX8&RGyG5>ETH#&#a
zzV(?y=p*ZpG3Mu5UP3obw|UE#)XdQKyLFTdNf*50;u8Bmx6e?6WyY+}VM*TI!$N!9
z%Pm+F=l1dx55z%`9G2-<=);9z1193G_f@Oyk4u1=HFhK&cVzHqKj0aLWt4~Qe&|e}
z$Z7=^y}XZmm1i4IaWzX<2g@I?HmE=Gdat-|_yEo>Z1DSzx^db=snO8_&B$!$99IKM
zH?@Le@%YOgetam;%6hO0=7u2ABn}>5EM%{aWR||TwoO|5>T|jDNsZ;R`(f+o@u8Gk
zCoey&7xUbl#eLCkvGr3BtPL=fgy6mreR+JU>PLr*`kaMu?I;&#Tx|s(uWQR}3bZ^R
zQPIWV;|N`y{o;~F3Ibt)G)=}r0SB8>Gyo8C-d*=&>9@FxoJf8r#sHFhe6St>L<Y}p
zaiAj?!fd}YhUV>gqR6uO%KPNl!*=0<_+n2aLdv%tyM8FznC40Ia6q%0lf&6gKVT;W
z;{#5^mZ-~>M+!qOEy46$R!lTGVdovhh{z#_OFQh5tb4(eqv(aLu2AZ%Uhwu~Q*#)i
zJE1acat@%|Khnsx4OC5m{!7r`h>-k8K}G<M|IZN3f(fwJ`01M2Vea~n@?7zhUgpaE
zm2X}|P<Nk=8%d7a;tw+@B9Xdk*4hg0g+R9RjgQB6-g<m$;{YNpboO7Q-%EcQ@JEg(
zbD<w8+IA@X^r?$!caJO0neFZ3mUmun(JzMcA6vPIXAUR2%A~_=vP+e}928gY1iZ$s
zhlwop#HgAVllrhhUp6;xFeh#hkj2vMJnb=V#|7eo<OTTn@uY!m(mRuE13h4=RTp*L
zTXc!S0%y&?A1;``O|lCP$BjUpGk(Nc|KEK22lMhYsgs<SBJ+G2^<%TdjJ?b((%>PM
zVhWJg$^X39kl}G904~j|;(&4E4DN@Z>nIG;G;~#xq!E4jb*Kl@eT8l*cz}}c2qn<|
z$`VXt02K(s*C&YN)bd!qEbMSmItXgo@cE%2KUrcDu&bHN<q_c)WtY)_ER<dV)!^ua
zFR$Kc@pqW7mm$4z6k&U1^Y1a4DO(Bvov5|3P7vSjKo$M|{bsP--@}0sPFdY~;=Pqe
zPS9)OvuFb}!pOz4$l#2aR71*z)_O^VOb?gcejB2C8N}m{fRe1k>>GACE_!8Au@&et
z5y!`NL+C-fO#pB<qD7$7_3(nuQ04n$atiS)I76>}<x->er@rkt>=0T);;uh`^Z?h9
zF6=p#LOwbdYDOqEr^xV_e(K+27pzK5nOt0NNhx?=zXpn0Fd#xmTOWMQhbd4?Avh$<
zMiw=Cx#kgbd2B{%m$gBcX4Yu?v22o$z*mCXN`&Ax)9Dm5R?1|yVIXnnt$nk8ypmCp
zNki${%b`mtZAm_p>%Fs~Z0*42$}%K_eTmbP^wm1OxKwq*DTEqTSf2Yoo>}}ciu`VD
zHi(7N5%R8(hUbP>2qmWiahzc*|3k}ATpE0ZJ8UW@>#4%6809<g6Hec%qI2^rcad_G
zJ8-h9lGpe8T;+DxXCyBG&Kd9xct(>02!woyEWjL`E|1QX&h#2c3R3~T1GLQSep6_a
zQFz<4$1ex7R)nQXV%1L`Mg@=RspNO(6iM&4sm>%?)eS0QF{680vZ~b4O25v^w!9!U
z`mu97DuK7Kuv;Tp=UmhKn<kMTSk4+6fOm_PlaVTpTzBQ!i?M@M-EM7oD%V#`$lsA0
zb-WvFe>eR8^=mFNV7b_bw;vPxg|iBO*r#?WImkYXo1uXS#XUlrs@O(r&`>Zoz^w33
z*NR`Pp~iLxmetvT(w`PDT1BLM=qF3y0-izN{RXtc_<7i2+da`xa(Oq1^V&(hZ9a!|
zpz95L0#+-%|3S`f*g}rph>wI+0Ma5*Die+b7L3hL03I!@LKOp9Zrl_NKnvGIcXA$p
zOO?tF9krLy25gDzy(N_n-G<yI*B<wt$RMX7BuZL4F)J%|u&_{-wX>UZe6mpA8XVir
znBn($Z&ZPKstw*o6z{Bw4zXqAsN%>z`>AyH(|ZZ{s2`iC@`i58t849zC^}zb_&l<3
z`W#fW%WO`B2@G*mJeCAp?n0AFW-P&O=*3u*GU*J-#z}vDVn1BrRMhPy`uNP05Lf^C
zmq2vV+G8zqPkdULlz*|*?&e^z{#xM!#uvpu-4?-2{4c~oqP9aJJsBy{u(0JnH;lHX
znfer;o;kKQhUWe6C!$1I1Kv<wYW@ovaJ-#kXq;8hUu!%u&7(FKiU!Nj3`}J`({V9R
z>y;0BqXos-smPgxkP<n<TpO8L7eKziPBGX#)u1C1xL^hkNWk+d%ZL)U&H-b=b60bo
zgC*AIc7oI(nVx(j_=TpPy)3JyGGULZ%N%0bvzZ4}xb4%=>{*B^hRp1(-yHRMR12&+
zbP$HNxGiwR+eQ^}mEFGMdMn{T74E6)Q(**F$oThdG@B8kRcE6uKtq&9=_@;X<|~v>
zPG#IrYuFeatFP>J3m+vsUxV!ySqnWa{nM0}sH#17ZqL6teKBgZXWVT-^}T{q4DE(%
z>_qzkZ}fOg0|1CmhnbusqhUxIFqB0<eWun|9-z-#OB4;DhhW^Vn?Ao*qvFS@|5hER
zm;G5s6a>ZFUL>>O?({9_$6P%$8?8Au9c@FYy1)RCt9&8cpgG3a-JKBB8hzKNE8Qmb
z-D~zamAOc;f(*0{05$Vei4oX4tcFYGGU~0hajS6M$A+~)o0@NO)OW{b=>0VdGSUy%
z*`Y_@-s&CSWYt$XZh5lnR3Qfkn}H}u8q!y05L#*4JH(y-bLWu2A5_@aPAhU%R`sB3
z1;~12O2+9Ve4c5R>Bm;`Y;6P|vHv;zqX1hEinSP@00D5>1Gknq2pd5Ai&(x#UwiJE
z0K5hNVCBnh{#W2SUXQVDTS^(M;?lPG2mhm6@(**ZcsqZD0e2G%A)5YGb8pBqEJ1B?
zeVx)hLuP9Qi7^qDn!!cx29_wDpd!M?PLd{CL1bfRb<5=DaR!IZ%`anlCnjp!3Izkv
z^XftwzR2<<!Sm`kBd5bGWX>ip4nxP~fa3y-{}MbaEXO$@6=9eb34FQ23A&Drn_8}G
zz79|Ah}`nNdEnxY1AYOOHkIUSbzS}Fh$_)2>{!|RH@@PeF1oV`DYW7X3Edd+?s84~
z6boMU49~v+S$X^m8vjwVAeHZFyo(3+IWJFaSBd~M4_XKSs`|w{?;j5&VS6orh=s{V
zV!hLf52!(6E>Tt{^Jhlm`jXa$4^i3SGe5d{G2w|55HD0OB&`GTl=^BLz^W72lJOc9
zr6ClV2%mNEx)z{_`;S&}!4*v-*NxBCLr+{E-?swFkTn7dml9usB+o8!06+Z_o~Wp&
z{h=MFpzSP1qY_+FuKHV@P*4`Fwq8p1gMxQ#ex8ieiwZik3)FZN9M*euD%df?wL@SX
zF<=*<WJMoJ{thuP(8%X1lVMVjHY8&k+BNs)<}o*?g&Mh=Ab{Qv5c|NAdc0%SLQXZ~
z5vBX5RID+7`f#@)>U;A?6^LdKgGjjQ&<r|0-6iEgW|oUM$s>|rboy|!t0@DmaDEdN
zGXFcDdh|;{ei6Fp)TB*BBUt)<ZbwW_4>{H{!jF`<-`1ph74eN`hv2y|jVw6wX%=sg
zQN;fzkg4I)inlwnh=X8tw`8hNvKV<-!jAj2@nj@<x0G}u`ceVi^e1^wfi=b}WCLJ4
z$I1mruk>(bzT;#P{62Myq)em}Lay}{zQ+XckL!DtJAE6u&@Pl<M%28>-KTe2)mSsS
zdqo6ZadR6TM#C9#cApvi7QoHje9f_LXTEgkdx!K1+<bjHIRh7hszZ{z%C_@LAzS=_
zmxapKKX#ZKTQ)2KRvUo|1(V!G=@;X-$B*J<BRKCStO^&SY~q<7zw*LB4eRe(7(N7Z
zU$-~M=9T9E4)-0ir2soJV8b5l+{hY8dgi$Kf5LtD&f$BI(joM@KzsYfc*JV>!1?HJ
zk^W(HJUfe-4l98??skgxwIADGbrbP{yh4MU7&RCM1Dev<r6jP~0Vbg8AN<%>BhUOP
zLw9cn<vlxNF7wTFkZrF7lFYg!D(-Q<;#{Vf>6BfTtZYM6TxmgR>F{@Q1{Jv>YaWCc
z-+D^01Z`<$tGahNwhK>*DgGKY`{vF@`=@!SUOfR<TLT*4EzZS_e5UmP7n>}|;Zmy%
ziWNNCpWOW3l3cEP!eO9$3}fLYpo2#1Vu3rG;L9F~+}s<s_jBFju-<0EMqOV!99Tue
zGo_=*5)h9<>waUu`8?gXNVQ`X@V_P<+av*fD4!y`3anKQh_M^ggjWOmsCtAFiFYyy
zWj)I_oit+!kPtXimh`z+rP6IJwcL5~PfgTzgF0WXiLXQnHj*%rAbpoWtqe%7dmlH1
zDA>%(@*QsAXTZSKcgHeShyE0jb|HKisWw&I_^{bjQFL{?yW`wX0P5`IDw7BP+f&qw
zAc07f5}=dqZtu((q?C-@oXNmRI%bcWUGee*_j~=NQ)ut!3dydGFuA<=Pz+DP(cjTJ
zu$kLDDT%X$I(n1rhSMC_9>}Zvh6nHxMJ0AJ?+l*7gk6^>!hiSGF{}8C#{e}t!p)@N
zZ>=E!Cq~we42EPCsRYkx-=EUx*(j`!%2KO|f;zj6?-a>zEPR2?tmy9+7565I7DTGM
zJ47=1gXY4R8Q(i+Z74vikG)wz2Z&Yc;PpxzCdAeev{pkAmUfcQE2nBWvqwiA&>5z)
zfPy=!gIa$Q&;b<PL4i2XUH_d*hZRI@&ult*o%2I07VM<$1pVf%1uF5+8aufO_guy5
zK1!hipD;Crg<6RNJ!-682{5w+x}dNi(tMZ!T{-Oks(cF@#nte;J?GQ_kJaTR3RtMy
z$vb_{0_D(K4nqY^2H05P^XIcL;TSDcuS`JzXG}SJr_CRQ84lz)6F!>__27f&Pz#i(
zX1oEM@v2vK=1@%>G|~Q{`3Z$=mi-qN;DtD!H1z0>P5_C92kGctG?BRwRwa)=@DV$&
zZ;tdDyla3x%qed)zrqM{_9e~GcRfr*e%h2MiTTGnE)@Zn?5^R>hhR{=7oF$YO$NJ)
zB#U^rMh`uoo^5m-+t~2aG7Eo?L4vM7u<O>f`8A=<05sORjK!<JI<nMZuzper0(TC!
zOpsxO0F+d6;f0c@y7D0Oq@RA!?vcnaY8flB1@-2HRv3k?b(*ALiSA6Xy^u9Uy$uHV
z6+oCbRx*WqfdN|;(~Rmg9W!AVVPANUuNv|l%yxToV)xfY;lO6aH=|n3Vg_EADj@Nb
zrB^t}wUVganASc!8Xn^%C#GuMSOkCWai89kPG64~p2*-*NfKt6Ki`*Yoecua4=S--
zbk==l*p%0gK_&!7+bLImqxl~Hpw|xL%RLORiwIvi*PMT;*Lza?8Y@#CBl<N`fj(TL
zYzSCnL-s^jABivsJG(r~d*CTB0?efG>BIeM893i0A{vRmd#s`0coK!{tQ_Od;%5>l
ztNsa^2VQoutzV%Y`l<F>q=4rf;<CVj8!4}@F%?#N+gns_6=H9UOSi^7uP3Umt{DoR
z17PDkzy=2hBaRw>vqb*d#f;oQQS&_v+FR$wgvbG0?}q>T_k;zEQ)qgzU>3qE1{z=8
z35+&lGtZuXP=@sh^&9M26Q;b^d&pqscClatYpd@s;DqoM1c9LeP_}!fRn{NLWd~g{
z@1N%QXbkWb#!T;3{M^@V-|MtGfD_Xn(2_BcuNe?=L#pu$v(nPpF!>MQK3g0M32do?
zCVu-(q9sl1bMovh1N{H4{*6Emtoz<@ao16n*U!(UVr@lJtjbG7WTE5)7|pR+DjB}U
z6JVGHi9<A+!HV*`6w>@*5)D%(p>xW4Z-2`#6=B?4b1B)OuW0Jh2sr3;8oZ;j^A1O;
zpWm-=Z`gVmA26ecReT4WO3_o7H9O|yW8<n3?@s=QH0uy0)AofJo>a{9+TnpVBM@)F
zih5PUkahH>0M#R?s!X-P%7SEP)S2sf@JHlf&V^MgGbN_j>yQ+>n1rOt3o5F9D?SKA
zRJ+!+GcFlSU;qQ5avUc;G!SSDfyWdj6i`AB5<{016+#yD^#vF{MS^}Vq@dpP&DVg=
zzahhl5W8Gs`w3KJcze+d@Hp~lHDQGWVI_x}k&(aQev+w)(yBtuc~4GE_lAZ}qQwxW
zhMYrRg;`59$%O7#vp%P#fUdg)m0Bmwq8(0+E<y%2GrKv)q&1d4r&j(QJLM7WjuYd(
zw=pN!%o!MB&Abpu|KSfZH$WfRWgWFoTRlgY+0DL|X775GInub4BzXJFCCjmXC;;Xr
zi>!mEiu&)pf{#S0jqpW5k+4xABg!TZ3+4wTfaDM_Azs~`f=|lXTIeYc!2bYoZh+i#
zx_lBcBf`;%CL5xfQr1#KoPdbd>p;7>z~|o=lEnSJLf4i%ox{@FHdu)bWyro?DsnEc
zuTOAtN+7Se5{qu!vSFr@>os<Bb2Cmf)^~7GcK(1Q+Kt+c9fO)$SzhD4j%zce^BBpD
zR}ouzcJc*e+;qZb{LM-P2!>}am(u*gn8C6UrBQUk-^UXNVo`=?NkMA8V||!<erYZU
z$|b<}$Ngu)<NwTEPa}UQ(-w|~|HZ>OQ$a^22}TY_$tETrr`y=Ht)9e+Oz#7g*nyka
zSmDK*bv2eZt(IgHWG(#j=Q6^^T({RnBu=L!mMx&}(`OOLQ`icc=vz`s6>jT=bnkqz
zuk3<v6nPRpo_)3tmK%w&tN(<4<%WJ#ixzeO7h5zQ0eR?bqiK&Aj6VSWltw7BIWAgo
z$SosOQ9k`l7a(eLN?Nz$C*KHsscMn@yX>k;0Md;FJcr3&WVLAx?>$?#e!^2JbPdU&
zh^x*hYr;b4M0^@NDSqr)Fo__L*hp44Si%039@zOZ*TNW)>&}8+v(%kzKNH~yku>VX
zl>6l@E4$G@?Q)>$W^?t>-=0%@vx>o6R94m>LBs`{R~)ZLK6O~_@Y=CFln*n*Gu0v7
zOg7z3LVz_`!JPZu;qGBhK_ewQP*XAH_8&@ql<~YF&j0##1N;RrVILV5!oY?7J`xhn
zHL1rre*jv$yKGOl-x`!Mwj|e$#-{dlCmxl!L<f0Qd{!Hgl>QACz;I$xW_)J6s!2#6
z&KCT|#ax0IDB0Qay<dO7B(ZzZ!_jbMu^pv$+COmcAm3L=&&)20v|-O19KvE&e;ym$
zS2nn>HE4LfCs+GZ7@rgf2wTmDE#p*<L^BnWMAKsf5@i#?)UhSTCzNN(Z1s0f>>5^f
z1A5;F<oJ;WKA5l&y>d5*c}dn-Jr@H|<{lyime!U*-BsLGYI^DOwD?S4;Z;DYr|i%g
z!HoYy4f|0U1%Y5tmv8N1U=hOU%#B-|fSXF9983*e`z@^zFtFV#Uen?p`vL6D{e!mK
z=8XZ%2W}`@=dZ?|b%5H%v-xIhellSGn|zHRV*}3F#zpe)7!eU)eA>Gw|Ho~Dp1>46
zRhTkp2*SsufL;~r`%BT>3VV{bE_s|qAEb-+rH@byfUw8&>Yo_Z>0L#g)Tye81JUaA
zLfOaHZZQs34btnK!>(c=v|H|XzTD6g=LfDh0!2i6sr-V;ry1n&!QHkuU#yfqeXKbS
z27rBsg0BK!Qw#Z?I>U-~km9|HEa73mm1nf#K$ZZ@-J2gj8Ah&m4eA&j5pQXUt8We9
z507=IO}-Y-YWo4~H3{)O9BY0R)DGpJZmEe0Eyz45D1j<6Y}CE6cTH^q;O3r|`VZ$u
zu!$om+~>t^*Dlm&>+W%rIE+G99vXtbH3?EkIbg$z`a2I4{_Zb;<sW?GdvlDl*y2HL
zWu<rYx5Nv8X2#~`VAwqqfJiMWEs_IZH$zV=F(7&N)>1$e%(@;Pc8Njk1ATA|e!;r+
zzH`hsnv=9(T-Ft=2t#LrnLYGtpQirxIXO@|?BvG0IP@b?Om2g&_&t&gD}R8Y=o-#%
z&dHM#DUO)#^^MDlORNH&olg)f!DqcZ*c{#UeBtbLsYm_sadnQDom9r<gIK<&MSlKS
z_gM_%h0k=9{Y10&s%-Q?co`24z(xnriQEL^pJ6bPYV6|WLn@lQclO9+Ac{Df*7SFT
z7@<Q?$v)c4!ex%5R}Uiv2L~#>3!X9!1?ud2dO~NOko-41%1E?$iaerh0haEBOG^l9
zY*VOL2mqRrGeg$FOIT$8)rVh3cy$fY2rLSM{XpCcoIZnE7DKk7zd2c_RmUUTv7R65
zHh%73fXzZ$sY1eGtPi9+M9(?nyT~Cgk7d>4v_g{lT!l-&=6~;ov5g>!xRmWS?OJDx
z+DwU*XzptiUd##Ini`cx)^fQfrU?)0W7Cl<7{mV(oShYZ`gDVvnRH<mnZPy*OR&yl
zK4omoc|>G8Bj2uA&$>9Vnx8);AMZRXGFQ`L$8NG{;i3Io;dA=C4eGp5{;pfUL!tPr
z7%Jeu8C#Zss|UPQ9XY=^vTAR515mqU|J}KkQo@zKdf@$Qwuas(-y9n<mS1RsVQ)V!
zzDF1<h!AA`0T)Y@oZikuM~I_C<ydW@>)7*!Ikk|awXbtkj+ik<H<{k3^zlwD)c7R&
zBV;!Wya@a-yD#>6xAR0S1|a&-eeW_fhqF{YDUX3@KGMRXss7>+J*P;@AMP}hx=9Hc
z;jeXCTvk%-3E+=?JGqhw`#-4Aq_mP|a*bmGxrY$P7N$Z=qrS-f5H`T(hC6JrhHKuh
zLz=-hPkj<735Z}1maw_vxqixL%KkI2E9jGzzDm@R>d1?gM8F{mh+V7L;JU56yspnx
zV;P^H4$5ki&d+B#J}xxsrp90Wf+XyNDfnSIy0E?#RT_6a(EhC%CBw^}TnP2M{dta~
z+dD8b;(PH@C$<w#`6rw1a{vV)L}#>H{s}*N>V7ufzFu5-5f}~KARbqL88`#9Kyhq)
z6}c#*&~(JRa=C?*x{r=fHA`px=|f}tZCvELXvMELsl*?yoL04o;k`cAeH#jBJCLjq
ztW|A%Jfhh*U-mgvyxdvWKh;<;lb-!;xcH!@HT_PTul|-LGgIc1oyn~ivl|U31+>Fy
zw$aJ2#e8qZ$Ot-h(DQ5IqPOt=k813f)@tgdRs`)zQ;7FXH;z>FA(tV9yQh2qf^N0&
z=qF#fbgtU^u+RhXsA)lvwD{SW#_>7$NSqHx&%h{Q`nwlqwy&qColOg_v^!?(uNZJk
z2saa%OR;xlwCx0(NYd@cP||-Oe)q(MEs3y|Lp*gK7%Yl<g925=5M8p#|N06b-%Pz|
zPL=wQDu%vEz|pmF+F#mLZ1usOZ#HbjN(>UD3wU3Ls}{R1TdQj^gv!id0Dq7QVSL-Y
z_xj(~2`fZUHHt|;8(}WlX5Z)jvD;nQLtWME-*XA+&$*`}b@3#1ZbCAtPuV`N5aQ2~
zHut10{W_j6<<5jmaurAA{Q`lO|A}Ni9Q8zynK{+C9WN<v?)LP>fW#!WIa#COYU?yE
zu%tH<-=LIS)i%er3;^gAP{GZF-o>n9*bzbWbZl`s_TYiG)UcII>dqMpJsAJPKHxUu
z2$0E@m3L)bta*|b8k~%GG-yL@I-JIFbbaR_eYF&%a12C~D_!@ATP~NG!(QQM`CPb&
zp9}~>A-V1nN_i%P;EfcdZtz{x5uRz<cC0*HcqsWt^z2$+Tztz>V{v$BR*XZ`$@p^T
zi^wY4Hhi|w$b+HjkqHTv>>EscYEr*IYah>Ozf#elt(?cgR+PdI$Ugv$H#h4&8sety
zT2pRMX1Nn<c>=24%3$_p6d%c5<^2cJwq{}d`~<~z!b=q6Y`MkXGLDqC>BBKDyHucF
zX^m8ac8?~PL2}jT0EAoOn@PSIA&`g8E3tS2{#v7~8!Do=%CoJvM5Q{_WSS*d2@Iz0
z+Mz%t%J@+cW$O>|Ga#5qnSZ=3B^8rw<V(Uf_2lLj#h5<@@WNM`51V_RjfX=~yWZ{8
zKn9e!WHlhWKHrgsc;TQd)OH2GnYL~#G63;Ju%XzaqYxi$#YT|VI_gOWB@nr9TZXel
z2{oar?btmIKv%0Ya}VPwu~lECLF>x@LpLgo@7_ou{f6@;cN-Q@2)Eh7mlpk>F<ye}
zbxU9TUkGEyE<9UsQr%Z9y|1)+>#Y~K*q0dt7A_)il)zFl1Xv7alb4^XUJR~u3ToFs
zdLW@_bTCRicoQZ&*MT{lYP2Rdy>@XXwv_{=2ZZG}rFnVa6ZDL&wpx@k;V?thsPpYl
zOHp$rD}HY7A+#@u6gIWlHDduT6Sd3YHHTRfO3GjrG0eBI=&sddAtn-wu1`J1ZaWZL
z`0Au@C33!Mf47<fTTe_4l!8TGQ)-vr)?8<e`BJ${$7QDS0*CB^O|(%$d*Q*)yG$vg
zRr6Fgh10<5C&lRSKznOls=5ygp&CX8J;9M$l{S|p13x(;F}ggix4_`MA<>WpqstK6
zP`*Qvt39;V&lAWJ({PSRUd-}o*B|hJX*N9k!;>%LEEjto2sn~g45Vo>7+s!AsK6&k
zUT+doxH1Ek<uHJK64b#>LOeS!29DI>U@_LgAp-4n4huOEQLW>n2H(1X2%~z3*dayd
zx3}r5_QH?2f%ai1wEN~%GM~95hc_w!Pb0%0A14olotMw2?M>RfWA%6{+<jcMIY6n^
zS}5rKklK3$8feA)ZqyAwf&+0qh-pJQgK#9n>sKV<)uYxYw%)K1zPh`yVUx+_rptI@
z_<23>DE6@dNvL=IbhJ(WRRn%_x2J3#KBwUwk<E-`L|=#|IJRiT#bj{|c>Ej~T_0PH
zY4-%hK-srr3>4$N)DcaR;tw_S(ih@C>0rigJT#(sPzWx*8kRHD;Rs1SuO3+EEh2wz
z;G!WjkKceA*h#~g(H>Q8^ym-!4~*+_D|3mc>Pf`=Wmew@%xpOVyrPq^!`)M`<f1~p
zs$uXp_G4Qk>hP+XzB>o!w+^5H4-^UnN3vQ;KR(`^JIm&&1GrQESM$}QHLj!Me&+a3
z28ivWu_f&Vy~&vamn57)*n<c>frP;TsMk$mlp*J#gC*<G!UZrS!nfx*!fpo&S3bUB
z@F?o5tFFz*OZ8HDP2aE+Sbpvb&vBT)HzUk#EjY!opjAd(V`N8NSn)ub`PSB3xd@4r
zx4ZoQ{*Vc#_P$t86L@r==lbF+Q|G?mU(2FWlOkIa{=a?u+0DwdMITHsXS+e{-w_NR
z6Jb-`t&MBy1Y^??!s5+jgMx3V)M>vb`l3?`vbsOrg|-wo><hwvZ+SD<AD>h%ig!(U
zxZ*@HWc59KJ7;LMKMxMo0ZeaLcy!ybL#!ag-cR+hrQU=u)tJ)2UEXbMJH}#GSRAA$
zAfJYXa^dm{bY|5@f99;kNP}i007Nu|yp(&l$g9g|+Y^!a)PCoF6c=^KB_vuChst}0
zRs3}CX&eI&Cu(xi8(Kbk99Gs>ghYw-<k9P(r1A$Y+sjK!yqQfvfB<;3YmWk4L^xHc
zb8#xKJ)P@<JH(+K8loPU$!%x*VbF#IjP8aG{ec@juF$sC1_<b7k6Tn(>5-9>+q>C@
zV=fSYr4X}jA=>iQN>2bCPK8o~oec_dp&1tQ)68g@dx|Q{!q>&|D9VN(F*>|Sc+L%X
zz<|pMV$(H$dIf*n)J;hb=RES7*qluRY0Yg}gf3FwkSojUzy+AO?MfTY`S~!295*-b
zrQK&n?g2g#0{#d-ATEwBjoWc5UiZ-t@Aje<D_|Q4@1@T+Un+}0Qq0$DyR^W01z!0}
zT^*WX?8kA$H6G-*2*6=Mtu_x3m<WQ0%;f+i=&ubvz54?d*^X9TLj^DG2Q+;|>`(##
zW0ZY0=n2k^h@G<U-IdOZFQi-uaY;!8_0m#D(<>WuO$jWk0Q(aHE~bZ$0E0T{iXmv0
zF9Ud-p*+L~L(uLH1Go;&@AFU%=5~bsDu>835MR3I1@ty|RrN?N4txlnY1u{Tl@{ig
z_Jde<JV3A7z2ykOmjnIX=ecU8=YN%FtGBTlV=LSATdr)psoNwjHN-XC-L<(a{$vXa
zeUwfy+uZ(|HW(t65zLPV4X4T2TVjC8jNKB;;u?C3%BQ+Z7%7yxmZuYQ??o+E3+v}$
zb?t2%A3Jg13Ilt7V-vK)8@&1zsU|ig9!O~pk_T`xbSPtxI#${L5-+9%uJvFrT2N=q
zWrSvD#O(gothiq7&W_o!T5)W7BL1xHClTkSe-9R9-C2V)kkBrj2GOl2=_&XMsefR4
zKD;d1weTl$^PKp1$uvVT@xu?YmQrsd*g&MV7qeA6F9InoO8GCq!Gl;hj1K(z;BMCE
zc>ccUk6<AeW6^b?^t>FFg~W+7p>@ekSy~=|Yuy7&MM|b~TfUJ2%jNhWf$BhK=y!Su
z(maG^uSdQ+XI7$S*Y=3dpU+>k8iW-wD1W2<S;-Eo!oW_QfA?CTCSMfnK7?S2!9e;M
zl0H;0Zx0};SlKh7mT$VYhN>tJ+I&843?`-v``m~F^piisOW}(@WWXF-ZvNf^__WQ{
zdSo>V3k&2;!cpgKe_TQp)gk2#Y5PM$M61_w)D+VQl;LERJ~w|wVG(COO>7<EK>nN_
zW_k;D%AW1!U0YZ=GyFm(4cc;R@_J9??oT`;=gI-y-%jXnztPW@=EP7&Sw_4yHB_)!
zHCtsS1Pm)`*^ua_A92lq>)k>f34n;I%$B;!=Dim0ewec`>i@yj-dmP=3ue#qJI?gR
zrh!Kw{g(AH;3NN=&STBrxqbR>IBodqsC#r%ny50$Cku;N36}EhnG^8-!XV+dcgV%G
zsgcFaLMogJ{CU;|HM5IF>jD<qL!c^-61xy|QO9|=?I+1&XT=$TD+hObLD@kcD<18(
zEEy<u|3@7x0eKk5F~A~FAUF~_Rz#Te@~}(~mRXNs#nO-`su`_Nl*HcCf*>m@<_W?l
zkY+^zz`!*Jud#_m?5vH|^Q%>7;doy$5^!&+z3nkoLN$nk81d9!_H+g*{F6l<_l0UV
zIs$@~GoDCm;NPTRzu~AuGb)OdCcH}mqwC$>ID0-w3lP`-f49D#=OWAfcgwzNGN}An
z%hk88pgk&dJKg8?R^l4<W>EQ95onA$^1giPJlciIxhQ#N9<6h_%&`Zk`@pLJSDYLh
zV5B0gg-EA(Q@p7|ZTohVW5s}&85u0a4yrw2oxh!7p^%}02AV~2nY;x;nPgVzZ#+6e
zkUXV|p*7Vy74>QsqpiP+%#e%U3vHQ0y;%h0%>i?kN}fgsF(~*JvU)ZGocG?o_>eTt
z7kfGE$klAJGJ@~(je@0DP{Q9rFzW-&#4q(p+}S`vRkOmkA>Qiho<?I!&ck54u$F^E
zJBU%ggj_w&vS1QR3Ua2gnI)W7S5nb^ZVHXRO3b%jav)EF{@BrH=l8^Ly)%>g_IG|2
z8(O)24KRb>yHTO;lL9U#3l}8gbKj9E@k|_Uj)&`$k0*a|JuhC2X&t40?x`Y@Aq^Ku
z^QEi|O|0$^qM`AWLA@i+m9*KdJ?fC_4q@C9bPs&MC^B!h#)=snsAyG55u~6_((>zp
zO7_<u-y3g_+|O2+pt$b2<9T>6hCy{245;p|Hi&G!Zjfvjk4W~G@6kcm#FVUu(D&{b
z-PLvlOxWw+9WD#Sr|TioCQbFqr7+raRbK6chNv5;<D|bNp3BfwoVevDalV+dIVA4S
zaEiDgX{W}UkF81fK)pHm_+cS+RYp1tUg!re`8Z39A$1QB!?Upo6+faCc*copbiYr`
zAEaAqaLW=y{U|>&B6TVOD^n@O413B9ZY$sQM}p+>>QDa)$gw~%+z-^t5(r74Qdg^_
z@V?fshu=ubFgqLhaH5<zz5?7VA*iiau8rUnkqz$3Xv&WVBFB%wD)B#s*`W;RIYImn
zH#1tm@^dw9a1&)o<)gG~tqGPT+zFAc3mjW-&K75{g*j0z-fx;*9wdXaj0~1PdXW~v
zGH0XjeX{~yG+1<eh7;(1@<W1j{Ar&JhT=wT@X)IgP%0hwZX5O6JjyfT36@aqPD_ON
z+%C(zylu7Zeb`8JH|j%Nb6NoiKAG?!lvo+19GaiJe(V@lAitLuo@;&yQv$l=2%~Aa
z0tPNB-`$|S9YjCSy}EYfQTY_%0u_1RWD*C3=kM042_kp}g|tZItla5w)QYqhsa;wq
zc<JWG>X$9s4Z*w&A6u+}AsY%j?K?+39SP~p3*<HQlVeOXlHqQObSWm5bng?3>g*ta
zj_z*Mo%)bZzKZ~tc~U$v7<iDF^an>-xv9}iV=-z@UQhpr-&lHdfTVzR33<YDY%?vC
zKkS6b+hd)e#chW}zulE}B&>`CU+hWvuTDG4u9e3N&bp6Y@CA%>CujD2&^TljJySks
zna?CKvyq0$Zi_MYv+}u$HbH&s+58{IHX+RcG9_6u(MdA3Okr%wxMm216V31}2RI$S
zRrDXt2g_bwTt>hu?@!~R^hcqHh+TB>v~$R!xWss<kw?7nceHSCv}L*Jy2v(73f-?r
z;e10vLlb6dk=!vwL=a`f8D6F^P$+w&Q77hKdB>P__FLZ%YG&BBlvOYcUgX*`&{;Tn
z+^=d2E@yR|uFej)FA&r*mXjnc5N^482!0-m>MKy{*pT(ql>{EzM28sRfNA3bX-tUL
z=E~0O4Sw{nt&Fsx$3!f`5MoF0mhM-r@~<XS-=e|kBbi@lJ_1p}WHd|Y=m&G*5m<CH
z0r`YlF@T(RC9teFANs=TXElvq{@?YoJ1_RR0&}fieDSvr>)eQyiUj75D5rjPnoZpg
z;^fgmXP$$!of1r3m`nI*+N8znh^6h}2Ia+<C%$;d+GD;rU~v~nm|+bzHw3mU*vWxf
z()Ra{0}0>uyF*ipT&}l+iZ)|&(}`n(%;;U|LWeRwK74JD57d=Tp3I~n(jbZsN!j%b
zqI~Z7<GiK{YBP|}QBvm|U0YO{oe`++fhI$bO?fMI`!x6)>*_|(0xJ-+wjFksV&4%@
z>K$(-Z?C#G_LqzBp?95}r3+QVO0%s&Wo~|~0!J`IUqQ**SU+zdLT416Z?3c$eF|%2
zh1~pxqIa?LRR=pmFS?6<fpI7mlE>C%E%K$QG@=O|Dzlf+KXP?#NO(|^<oR5h3~4H)
zd+GPCLpq&yx*b|XRL<$$q|UNAZq*gY?spS={d2FlIH#}U=9F`LX=ZNsd4?_kj)fn@
ziq!>ct}0I!cTzZOJ;b^vvDJx&DfjyN+9QWJ>(z8ZZRO{=uZ9NT9pe-dlRAg78>t26
zX`&2?&8b6&qJ1+;PS(NCdve4#;KCN$bt>7{4p?jZ=CPazpr^N+=QjMXV}dn*C=E=7
zrTiHvI4Gs^?J>Rt5-DJ}$9@}xe-Vg<{}I{~J#aA=Z-{tj-g127`+l)40&>_EoUmTn
zK=TtR-S~xl2<S8BP*F%{_GQPNa#ZV4Js%Tla_{GzTVeed!S_-%Z}@?`>ioa30Kx|e
zljbQ8k0a{H26<H)uZIS%&SGXAiO9+4B&0F5E$!FPpqsjR-YLk`UpwVeW?NRFTY)Ez
z1mVM%UW-Mgmj1)Gsguk3AC%^%Ypil<W^oxmo!y4_DomAhotNm4l20<Ua$OFFK_1f2
zNe@>9Z<}t%CML7ad@RUxaEaZqjl3TOu&M4)0lFBfS6?+gIU52RL!GByD?QDJRC3BL
z2wxHq^E#oI*gk=O|9ZZFkEM}Y%ZqL6Au;lXZ83$|%uH+r5VeTo0yY?D@2gG=Zc=%N
z&4KVMLD<^@pPXZb41oQZDA*J+s*it54oQ@8sq*q_F+@^(BRQQ@qmh9`QWsJ6o5Lsx
zqbVGYhx?<~`PJVswipG_KDvFO5!ZAB-X6fm_E|WJW!@yvpu@W!`XaHi?yBqPM3$8q
z!pa*^Y6OmRM_9gzn87uyHs||1_(8kb730mffQIHC25IdGosv*UgYUke;D>oM;J?A9
zo=RPA7Ar(pP&<5ExaDj@x-m+|kjK;W<_PTE(=(b$+<3nIgt!J0#`$?sSVp*aH>3y#
za4JPK;(aN>&VXr=*N!9yAjEXfY4|J27Zp3#9}H;%x$&T%TGL^jABUAd)UHUyT~q`d
z`qgA6DeDl@S$Oepp`_kAe?v0YbDb*ff5F?iy>3`0_U9YO8zt|I7bgkPXP>O&wuPgj
z%rnX0yzJPCM>4XA3l-?-Ts0a07`<v+Kw>BFKTjMJoA%f;8$GUlQQkY+sf^JuPyW0h
zBp`Er+~o7EYr$M>DHVDdTIvrU;(xkNsS(mTW36+N*SSCbWTsbW7NklHxwDQ>jzuhw
zEazXo6BO>lW?hUbS_NH~mYA{_(HDV4_)_rU`=Nw(@ksBM;p?3c)yHEmSH!qq;>IBU
z?LhpAc9_19tQ}vg&1ghmQ8NDjxccj`s<-b86c!{lodVJg(nw2p2ndLjba!{hrc03S
zP(tZOx>Z0xK)SoT>#lu%-}^rAbN}Ex$N>cR{H!(S7-NpXXInUGl{adVlzMW#IkjXO
zPz*4ypiiEM>YK(?97%-cA#gM4eJU3~T18Q%8!_s?Zu;WMXjhpH$@_o<cvdDZVx>fC
z%S7KpS>!nBUFDtT=H%0_KNmS+Ba#PG25xyt(V^hKfc|vBo_1uxGid0Dl__-2JVC#M
zOv@o8K+r0uM5)F_|26z%{|2sQILnEU|E5&a^_;n=QGWo67q%B!;r4jrxz197f-BJ5
zOFPfhC@c6hDVZ<D8r^FWVq1*)_n|Fs3X_Jp&{7p?TlqKkVjZ3tP*|1POL55c9poS*
z*MS-7fws#t#vnim1YpOab@SPOq2VirfMy%4>7nrArgy#8iOL;MWb8b;T3halhXJq$
z*2J{(S@e+T;AdgxAi}lE`(pFuo%7~7qEz9Sd~g*lD!=bFKbUkeDIVcLVdF7DurMrD
zbX6kD&Lv#y+>}TdSL$>=C95VK4;|j2;6U*hA(=zGSx+Z?a*0WwE+Z&`g(nJbBnCBv
zovkeeTbDb2jn3Zp!%Ei;F?&TLVxC)#BZ679#mB$_!an=$g&O`cw;F!^)s#M?w?yPJ
zonK|NRoqpCyoa1O9cyzyZK{@<IkvGr<73TJmF-zJ;xvq3R%}ML*9o+iNI3zAc8M(x
zkr0b|14oQL=D^$es%x+91(sVDs&j2gmv0yfl-Q5_^ZTC=^*+0thKxs;*lTy2Xy-n>
z^-OB%F_v*RKgmjo9rXvU&D0FFL>pguK+H<Ww_*yUZ2z%c<`b$AU5Yf1)zGcnt^rxm
zUOtNs5QOd@-JU})7yMkUiA=5Oh1wTF)h=Eo?3C`|Wy#3zD}o8P+SZ4xNudAO(L43x
zGE8aAuT@%<xuFatv4i{KHZ-D9IhZ!xjtgp%>Lw<V&TTeSZy+rYx$qXpwaz{NOBJpa
z-<gV<dT7^U(3hn`7CwM-Fn)xxbcmuRO@*F+ypcbW&8ptN#71<NKzdl;nJ63Yaeel+
zkB4Iy1MH<{x(Tz9N?G{uIoB$v>dgc`>c5bYMTgu9kN;~nczFeo+Vq`J0N8XCyWjfU
zs%ogk8pXQfzIb2*@ByPOsf6}b_EJkMM$Lm=Bvy?c1msYaPSuW$&7#a6$$Q@6A+8kX
z%tnh*LW+CH2GzH4lBImF4n|;2^>!iN&!Hh%b8`_kgZ4Nuu)`pA0J9K62M51(xsd96
z-C%>d0)qo3acn_zGa0B;2MT_4slx5ueQDrw0`OX(Y5J4fflrubfeW?D5a-A5zu4OW
z-yG=b);taTTb$8sG#vU1;~!tJ3@YP6l?u)8Z${z=Lf55Gx<P2xODja8$@ux|2Hp*~
z{IV}d$!7I$3m$KLse&Eh5m#=D+*{qY-$Nx<pmnkcMzCa5Ia|O6IgK@Ip|@ydF`ac1
zFRv7Bc(-eahHE^3Ue6i>=Yzm7XnOKbdJz7o?+t}eOyD0?f#@sKQe@CWD~e$HrEvUE
zq?*7$Hqq|zS0AW}w+RbAVOeKp^>4C*Q}QNevLOPO{z%k(6{2T}T@9;iqd<(qw^q)(
z9gf>_BkrA@FBE)$m#HKAo~==k@pwETfV{We?eF#Q+U=C$@=yw_PRU%{wy;gjk4Akv
zedDR;9upTMwooi%^Ii~$<wt+W5d`?kQH)?$lrl*vyE8HUc0P$8Tr#<;uxm=cMJs51
z#da@)XrqfwK>ZwooGFf|lgCT48ju<#E^tO!@8{eQv_uiOs4VV)l{d)IcsuguZZ)Dz
zx_Uo?X?W<28R^x$B^G79@UuHo8!UDWga6PQ(o+ITq;Y>N^fzPx2~kNh2m+%S%+20I
zmTyRgMk0xC=ZbDH8FC<N?~bAv*7p*6DND)Mg20x^v-6OKlB(Iij^4SSHTP!n#RWjf
zrDbil$_7ikVc|#G_~OU<$IYa$55F~;BSWm7Irho=*`x=l92c?EUl2lGWtc@VdZqg5
zV_3`_Vv`>;1rX7XmLQ8S6juF25aQUCHRPGgBjNoSeEiv`Ym`c=o9Y+`iFzd1L>usv
z`ej<x<T?kAt?le1F4OIH6l!Y!OdM4N<*`$w;3OsAz;Fkl^X1QsOy4?FSX)5TS?zsc
zo+aP{CotnoaPq?~-U!_MuwGM^d<N-z-<#prx6{>Jpr-(g5$Mdp@jCYJ-^-(DTGZ*r
zBRc>u0THJnE_7fsUg_-@%6Y9RU;v*Zz)F(;ux+^`1(r1CFE>7D0&=GJ^_&0ynXO6d
zo-{*7qG^6RKDuI<hTGcs%uGD3@0S{ut~fb8ML5?6`TFIr`fw6AZlRd0nK|>M+Ry<h
zvt(9uKGtQ|W)_0@CT;FrOHhJSbMPe*+LBY2Aw&_89b3k$4&kZ<g&!Iq$|>H<dDmKV
z@MUmpi=v<#Br<7WF-l4Q=)Ub-75mRB{F775vyg8ywLx!mTEL48N6+yf&3SM|$?%<M
zHmG-MXf2Jix>2cuaL9_X`gz1@p=AksUxOX6>|i;)PounF%zw_vG6b)L)qUg;w6qj#
zU+6WvRHQ)DVaP<0_2|($zU0UB>kS_>kNB4cWZ3z>N7}n*dYKHH&LZg=H3{T0!ngdD
z$cRTNx!SP7a||L@LWjAd97j{n?>;Tz-R2wNzfh-bqZmvEPLJs4-#;(L&unx3nrZ$J
z;_}g7t5ACPf;8rjafj{epY^V7Y_fl^?C32!ka<2}FfvylZDi-lX=^S(D;f^d<D=~!
zL+~pbe_d@JdNr-FAPXtC=)RjV5B0Yss{arRt1`1bz+ROu*Xb-b%q_dku3Yis07WlC
z>u3KK$t1!eoSB{cCNXz!u+9-WY#cJO)x)=>+xs=QQUVtd;)|f07WUJ{Q9utyYv|su
z5JH5I6D+74alq{JH&FqGShlq>sjE+{45gzHsbKX>PZxAM!^#dYJp3-3@XFcum|#sh
z99W9=teva^g600fA$M&wKmG))Vs~*{r`UZlk*L%Wj^MKRQ&^Qp$}$Kd+y9#h0W*Vx
z8EWi@B8lt8&0Dv8zH?@2Yb$MH!u%(z`Pq2MEAx>*fO+J9S{UJX+Z9yToLs1--1iVn
zNYLOoidk9_X9c5b>IX6}Fg~eZV}^E@I9R`v`}hn83LB-U$HWm<`ue2Le(qotsL-Lc
zzAsO^V=>|n7HTiQTrKvdux}V75IZPzmT{=p(66*l>neSX<!^VnX8oOlO($?{(0F2C
zMJiG^Uds$)fGet_;y7=K>7%5kO~~jQYDSX0ghlBt=`+hw5HugYjD8B9hn}l?5ips_
zg7%X6=ZMc2CXgX$@@a;(!}TE3_+dXoQh23oI^wc|PXFq+5ocjt32La<Mpay#a>mru
zLiqfCqF_73dCu-X<Thbjbu1^1avpaCK4m9xu5{pEd8T0_hB&In&wrz3FT%~Sp?l$e
zXxA-+>^a`C9)~7JmZz^BzH`@j`qjJHzZ~x6%>dP!B5Lv#5oy?^B}Gl2(E2+GSUG7h
ztz{2*2gC(E#@zIvLKE`gFm}I@z$%o;No92I)j83YyTiLX;U>55*h(1XjAaMms+HkW
zR<dAlUHf#DZD;=e@710?5V=qZ)_Uq-OwMqSpo3uI3@6H0g9wJMe*!+Ork$zviJivF
z7QmK^tW-bTyF{FJ<&A^R@+G2|8SDgA*5CwD;Knn(UQNjv(Gz<!a&0*wb(zf|hg`<P
zhmS?ZM3*JSM&s<WwLY3HkuD=6T1PO49XW;3`kSe0uanss6Jxd!iS>;eRrw4JE`FxS
zYMr@m=<Sq{R8UB#G^HcXOpVTRmkSFiCU983`qJ)bbey1K`|-Z6J)*iDqHF41ZkN+i
z+#w52^58xA7Qmlb5WpgG0hpIJ()OieO$u8%k5X4fEp%#805!uL_b>VX%BuRmvU;&@
zbmCI=UPz{GzV7Ctr>3tK3@T1lj{P;zY;kg8AB4$SN_7nZyy^8dj%`CDjAO?!=LaL%
zGCe+4!=EpMW=6X9w_s@3zi07qne$=&I6-|QJp`Zb-j`z(xHCdN$A@HYa;_V5uA8nD
zY#cD$HQ@kmZqW8}tkA<NUsZ&%GIcTi9=W|aZyb|~xeZc38GGDJ1}>X~WL1QYyTf#}
z*&uN+I55ngDx+VCuV+P|y35V0ut-kFoc`5qZ8{Qwl;Np0A$EyzQ77yKS4~d3ybHLR
z%Z5wBLg28)=v@2!vO#s5OZ9EHwy`4qqaEhUVQ*s+7$7j1al@}wrT9!Hn;h1vSsqZ&
zbY4Z?W)w*~Dc#V3Bj{76UgEj`d?c|Qw!Oi#j$tE?oGu)(tw59y!`Arfb%h0G1Yo{t
z@}ePZbl6-N%eE-ZSH%J<3T(R2WN=1_E15k9`6MuSGwz@Ax$C9a<XpV?<TK}*sQldz
zR8qr_nYEvmIwst2u10tVoL>z_{w?^1IB6R<`Y8C(``vd@VT}--ida^zue=vAJT)O}
zdm}2yKDHu+-y4NX7b53!jvYYzdF!M8{vV3+;nu=!_mGOo9r>;;vJji;mluJjKM3Y!
zMz>_lyvSbvMg8Q?g_YijHa0hzdG2CMA3>QVCeBYB+imVa|AjU1|AY$(+knbl{cCTU
zSM$5xi^Pp<YO{Q5Y`Yek-w--xfg)*^{8UatZcsE#*~q1_<uT;$ZF|G^9%8RU5YEia
z?f)&+2D_2uC1`Lh<0f%5w0kUbRA`#q86)i9L##9B-Qxwgty;i@$br|#soGQ$a2hhP
zP{ZcX%kn2{uy-{E#d8d7?SX~^92;3Kyw8AmYjz^%cnDKuzcZp8tN5LN*!?{Bg!+qB
zAP?!R$evUAkbo6APD5lFwzPzc2VIhJa&p(jK76f{=zqw<`+;~S=iYj6A>N|q4vZ&2
zV980rnRe+j3VOW#A>(Pq!Yf}^`XOLN{)g`FG@x|NMc~tC?JU>}ZbTBQ{5&)+VP^#4
zeJMqep);amt)H_@K*Z^=)<=)hH4i}}uGntw*TD(-M(7xp9HYfD1|AeYW?MkOU0l&E
zK@!0SDzI7CsOAFVLqVBlSYb-V{<y(X%d!hRJc6qnq!RUD?Kv}USJ5Zb$(T)WYQcsZ
z=?<Oh%L5>Y-7wkOxH)cSapy3te>mgyJX;kNs((D%O|#i3)=p8xW^JR#fEjL62cWrA
z#!&XyVI(}u1$gC-kg;g;<fPY}3n_Zo2tad9Z2SPoNP@^Han#a-)9CC-w~vAtwH*^_
zN^<(U*9(8VI?7Oy{lF@ptbvEY>Md>owlRR0ehzpn<@Enz7wxP6F4|+MLiIZn=gaKs
zztMyU#1}6RiC(IP6d@bBmVEaAGtd6om|%)&JUiaP1DCbp|HMz5G)Nz1V!=5o0ZiMs
z#f<d?4>xo~1O}tYEmpUFLaj`o46lvata1ldXwaJ=Tx+MkX$g&Z`CZ{==C%&IgVzFw
z-@i3dlq((l65Sm9v_T0$hCf~Yv8a0U*zQ8Gx6MgNl`Q{wNZ+#bi&A1RU_8j52N-=Z
z41bg(Te*28VB?$c0|DOZ;6{j+4|pdELu~4s{T6w=kC2hFF$J{yY8JdAf`3+HOV1?g
zWEuJi|0>eKT^m$1ElB1iiR?6Yqr}COTp!r4o!LoQd_PN`$?G4BO0SMjAIwo5qbz3t
zyOE6r5OAOYq5#nsig|`b(@C&AYHXOe$N=&{?ksi(A@N6l(o+XN;Oj%$ry(BSUsYcu
z_C~<rIt2ETP&vJkN+U;rXLaJ7K5~GQb_+5J6Cc;nTJS3wdvtnjyp_SjDPda({wa;L
zIVs?1mz`EF%YDH(Li^xvNNvJibEBp7HfXC;h8o)wv!L^r8?`jmWjaMA)vwps*C&MQ
z@FT#?PpW%Go_*dcE)z-{`ALfN(d!<uMR!SUc|+vqnehd4@kKQ9NZ95Bu6{9@gx%!d
z@{pD!ZOs4Vk~WD)U!A?zkBYp)j?4>{*;o_*y-K~1bI<*(r0S1|-t*(yBHG62YP;jg
z;@fFr#!`7tpt2zJK1;1>Yegg(9d_PnO~Joe4rO$-w6Yqge)n$e4(%zzpw=_4Z|D7%
zs+wA)rMiT*HGQ0)H}ODRc2~8D#qnAnvlw^OQpJ4KJ5i5A2JVT*;8-baV<M;|6;W&<
zY~lq@KIkQ4Viij)Q6-F(U6E@`og2>L_)XK#7ytmm7-0s8eAo*EPZ{j^+LDU{2u_IV
z!a27i3_A&AD(R$ZyigFjYc>=H*KwYdkFpJH@%!}+lS&hx@>-_TWMn?2>qi6*q<6YM
zU`vEVj1EJt8PK}kkIis{*W?5`Qo6NnOWTqQjxMn@lC$BkGk#kzMk(F;b*lH*I3TjY
z%i|v}`s5n6ISVRh-?Gt9oI=#ZVHjocyX;i1!lsBUR=U$XE8<i(y`H#(JK$z!qSfIq
zh)E%WDULllIT_9R(cR>1Q*XM}ix5Tt=H&Q;k;ZV4z-tz;$l)FUr+sXP16m*3g<D16
zo0yo^rYhg-W2Z7r`vHqwKRUEgUDHMO71lx-aPrVSq_NAUL{kd!V%IsVv^RDv2zWhC
zbBW&s3UwG$-uNl=f(s9JG^OhkF|>TK6Yq!y0Lsy7puo*tvZb%Rm!X}c9hV|anBWw$
zz6{VFfcwgbm-zEyYKyqng5@^{X?yoqt>hH1|DJ(K3`}pT8ajyb_?^`_z-EHX;*YKv
zH`7XIP>0FnHzhEiJ=6C+AtM!ZM~aX+IUNiKYv2T}$K7y@$#XD-H7Rv6F#o0JyvRM+
zG{3hxC<MeFjY1SNWfXitVuZ_<KU5+gI>w=Zu;LTjhYv+l_~y7d_m<!9&|;k+1?Y0<
z%a;BpMh4O1&?EM?6pnfBcq+nZi5IaS$?#`mjG8RTdn)Aq-pPV1;LMDLq}KEI_W5GV
z^vUMcuf0j@#HXs3Y1euW(8DqrvA>qt$KMSLwj68WupRGQv&p1|_wltGo#6%_N%Z%p
zjc!Km7XDvD%Kc$BRJ-s^IRU<6wYeUu;|k?9<axrDVeKsJcNDsq(1+3Z2(M5R83R#O
zJePyYua84aoWwm@T&|A-?nnVF1MqPfu-nRJ@FUE?zc~mz7{Jd5U^j830zrFI_AqpP
z+SYyIA2&>M`}v(R@MLCNO_0s$2V_&Y3L~_;+ZiUVxcIjOG?F;63XU!F|F0<T@qTMy
z<-(KdG|N_0I6n25yqK(6n@%2_s0ka?5Fj|xley8iF7mmnR(m}oeA*h9uzuz7O3X{|
z^ES^d!TFsQ4&JIm14BSA!5)99_nj&LCS&G8E$!^X=i2LPt&jS}I*0*`Cx0~Hd)%Dm
zD6r7v&O>JN&$izrUO1W|cmDYsB7}jOafFp{3V&1}$WWC}ibUzo<UIf%1r#hW0G1&Y
za3(Ea>|VPx9*85Xe)<~XxtXpB?0dr3*a#xAp;jHpyCN@yJbwP94?Y%#bQ}1);W&`r
z;%^1qW5C`V$Zqim+V6Rd9>B>Ay8~%?BPe~JEO|J9h@AL>3P9<3Qc8vHX<bvv<fiWL
z9mgf+H=D&}CD$T4*Vha$TsXY7&Oi2){6iWmDa?11F}!rDx)#`;XVH<d1T9R-7!qiC
zdbX2oAS7)pGHs;j<OH$a!~iA$@6hK84exFNWyGir3f;psXf8J7&CB#{mbTB4zY9*{
zRs2Irz#*BeXn$Kiwe%c-C!o7*-EyDUOpmuZP<eLIBQk-RP&Q?KFpp>y5<<!j4i>F%
z>Q<(l*Nuo1zv|Kz8QFBbc^I1=vEfO=7*CthGa^5H=cQ);4qU?aR8{q#%j1fxazVP`
zv3eqK01?vt(cytiLXk2@tFZd3HUX6DuZ!8<)->7$r+8CS327qj>RKTKj2E9iP)<|Q
z_yVL;ng)IpK3?op3@z9|K`dski~}R^@9z`S>|8zd*;iivj;@=S|3Y!L@zWU>s`Tf?
zr?k3@#N6Up1xlQF`a+H4j9||h{K_Gn$D!2yH1X#SifHc`Qg<NDE~qJE+ws$8r1~8_
zbS^PHy!qwIOdrY^0S_Fcbz$0H!hj}tK*+omH9!=U3_G5!|LAzRM{)dc^#sIVYqaA0
zMCb*j)h}Se=3k$esF~zpz$H+X%{L`PI&`!_k;$h~fkzn-9q}#w46f=j)cr(BTHp%+
z2N^Fb3@}N9YDICYL{0K&wdXpx0?=cAFvl?Tcvet$1xsbTs9CrjdY<{emUkMaUIc)5
zzK09H>TZ8tb|~}D9`Tb=el1^(^)Q~!!X;vvkhn0`&YsmRmHhk!7)yyA9F8+uQfP#A
z%yGk?ggy%9a^vZ~ZsikDOq}a6ol0kxoX}5`N=BXJ;^T4<bJ1{r8=^O<EZB`i65F*h
zFs4(UA~=&^R6xNR6AuEtQT>__+W5VkOEmE20d8XcYiy|L1B)zUC7Sk2=}{~U_NLet
zZ700`^zVS@SWg3xcDGud?<Wa=icnmhP<tB0dVxST$!Blox+~HF>0(CrmL2VFL$o;+
zst{PgVHLU?vWb97!qg9*SIeqWbXGFrTDXY#_(>8#t1ViI;K~8E;n8)Qo$(s&&1gt5
z2e_b(_I^k$9&Ir&C8J2LC>tce_nekZw<!kpJhQhtJ`)=0F|AR=27;?XTz#(%Y?wMF
z!I4Pt=@eH#;2;F0VeGus_RYBcW)O-ekSe5-49dfFQ@i1%*H_mHZ=YF_t)=&X(UOVh
z^;c_DzFBxiRaOmy5)`nTdS<n?c(-V!n`SdSeKuXMoipJ7j_Bf+jum2q%+1JNDn7cE
z!#lE8m0w><2GC9UqpenOwxqxGf?Xa%^l18i7k)6!72NPLHt?O`1o$Bkk_<H1u`kaz
zQ>>+o!Q@%}u>nA8Op>o|A8zl707N(zBl^7=Jem2E==u5WfNNBk|B;Llw{|kADGFqT
z5|g43Ufh&yrlO_~K%<I&UJ8^n@imFN@_v;d>B2<s?S1VpLoq))JfN7D1^Qngy-4sD
z233ak0$NHbtaN{Y%-DMQN0nbU=l@%LFV+*5D0(OVJ)5r!#H0xUwep8D{vFx^5EOzw
zX0$~c;FRqZ=hSV{5}=yM3Tw*GBQis0239he*ik=-ub(41RRgOin#Qdn#Ptir6TNyu
zj33xA0LV2R88b>YUH~CFR}y^bl7?5pm{PtfMR##1;Dk;aKKsRhS~@jmyL51Q!3j{p
z_4D8Ckvgt#m%BW09JPjE0M3+E?$wW=&V@d=ZvHcH$C^7R!=|aeulySR1tkHGQ~zc-
zcF#*#47|JHD2ymkb?0B7mGeEt{f^QRdb$TDwuhXa^W+Gn%dVj45^^<RkAC7RDnFUB
z(B*V3?0=W(wIKdiV;z^XcQ9cx@Iib{L=W^r6u!suuoL5BqX;l^2Nz@p3q+Pqiv=dk
zep%UeNzTM<T^;Zw4*L!o-&yTRgek=N0SHb$aDU|UxXr>RuH`_{k;=4P2nM*zyQeZO
z8Jk9<mASQU@nc)Lit=F>>`)>h<e+FV!=B|CY^j{=*YSt|nGt_^zwYMAE9B)B6heDE
zK1=B3-hDd%Wn=B&q)f=unEcL_y@E%Y=_ZX3Y(hBEJ^5;}q|{K_a>c@?e=xZ){$vg5
zvF;MfC9eN~;heo4Lk&y`S+@l^b`)`-ddiz0iN628S^$Q+3@X@<f7IcD4kRAkJLB(J
z3t!H383&u4!=%LDI~FA5<>}_x_zF}}NC#F=2697ztOK?v1m0lp0@0-;?tl%%rv6RZ
zFt64SZwxW(_KpS(Ukg5<l)!NLEY^*66zsAy^YDp4N<lnJ@`f7(xj5C%7+!yyTk`*w
z3?eCo48*nYr6(pD^NQLLDg1p=!!dI^W9xKvTarVrz`NlTxxtK4C_7iW2rE;6gu|b1
zm!2?W?I}8eApCm!67K#;_VM}Cz|)PvvBA?_$I486?*DG)Ucic9VF5~f3yI=CO59oI
zC{GwZI=5#4k&Q@*RQ+ES3+WZ2Q#mVam?B;VAS6+o+0*7ZQo<~GVC<^umjWl6hOEV5
zi7j)d)?SRl)R1r-a2TKX*(q|6C$oO%`oXAMb_GC8aP=!EHF54!2ZOAhG{G5R{2Cv|
zb7C{j>5aBC$#q-af%h*-Rzx(Z90Upg2E$%#yEyaOqjrg2(OhIJAz@kuC=Vt6GVZ7L
z<-c|_u51i>cn+==Wy{RSKnuxFQskh6hy9ZS4bU3syw*(#l?b7TGq~Q4ju3D&pUhNq
zMJP~v=JXWjX64XBEX+1XEMI0Pr^f@C1x)P<m}PKltLk>-h?sQP7nw`oo6T+CK)S(f
z?>JL-wK45%MC=QN8woR|MsMPH9)uye+<meGPZ)`lQ@4NJdJMhTNed(*56`aB_ibKo
z-P2i&+@Ocl4z2r?Qcq?deROCTys|=j!S2ONJ2&9W0_04N7uLk~y6<E)EwHqB;pMT7
zS1STfYphMpUgWj3u;=WsMZ(L(f)yZ^o)Rbgf=<bGpx6%l@dG@3nv}RGG)(fAb~|E5
zMlVs(230gPFv`s#@FSA=fSJef&ZZLSsH#G@o_t2D`i#*0aEFKust|jhmGbYEXrX}c
zFHv^fUurL)!k8p59o9>pU^94_XBAjw1^L;WLM5Ri8*<(hN0G0BtHyVrfDrdO6$G28
zI027mYarHyls~Q~)8P>VCNp;J@lKN&uA1Bb%u;xhCK*Qib1C<-p`s~7+TNbi*(Lh;
zc8|gk%o{{xJZtmKxiE%kegX-sNzr)Il!!gE<wtn4EbSu6JmI(NX%LOd1XFsB&4v~P
zM+u0!;E8+Y!1@En;~w@y$S@T5?@<d%H`alEbimD2K)>k2xaf);ICv`kUL!u)EOe|L
z@h$a6GkB~RJYM9UEGBCL*({8UhcyztJ&^07-_g7#M1Vg6+9$BgxUk6qN^+&Z>s-70
zm;?UL2d^<J)Smq<6;Z`PfBp!1VGQtKd`HCsC;YN;HrC4pd_Z{8vm<{DlpMwm0YWAq
ze*$7!8NSf0MM^;PD}S~Xe2~n>D(}Y@s(Tg^-g9EiM=G8(fdiHvT#6_!PaB*K53v$m
zUT_cWqGF|`cJ>@mtG)*WbxykgyQrpkHpd@dWCGfj4lvFh%bIe&4jHhtv6r31t=q(J
zf*|Dd{K>vMnKl{eHm~nmag?Ye>5{|}4%O5b0OzsCk^jp^dvhvQR+3OeGi*dSAb^Mj
z9<3{Y@L+sZ(fjyt1nA;;Qh~U-I@>Q_&3f!z6oHUjhI;y{8_ssN4o|rl?d#VMFs2#k
z;jVrC_h-(KVEP=JG6R_&MsQgNZ2?Jz>M~eQyD@`UB+oa-@aJGi;(MyVp{_W}9kMe=
z2e@)Tn8bdmsLyBk>~js&)C7_zV;f84!Q(^I<QSubB=W1Rocl>6$B(_+3@yFY{5C{u
zD1~e@?;dvB{I3RVr{c*Ua8W~@aVIA)05*~n*<qb5RI&m(1muC=>0Mww;oq<#c)0IR
z2V+s-U&k}#OoxD9v1jiDbfTVz%~K5Z9mah~_ZO9wdBrVQV<pfsmgddN>3cLnHc4DW
zflU9LyNxRbd+crF$9DSYuZ$2F9&14$Sx7GDZ9ou<5`3J&^U+jXYk9@J8P<M)^91lm
zR1o+@&oy9=uK>DpS<vkYolR*{MNz{f_#}Lfh~i9;APcH0Bk*{x4Rmw?J%8RLdLPu-
zO9dwHueWK0?fjh_X~4EGw5s8FCNZ$RFl{3w-us~;eOMc4&u@51Ck<nN;dnyau3&t8
zP|Da9%^^Lc<7w_Yf5yort@!oRUG5Y6W$ulQZ~Bwx@>2C$o9zFmxMd3|`mBlBbSiN6
z3%u^tk0j0c5c!4+Cp$Yq<=0FAG9O;BuZLjS=+bGMG}-3CUw^+pQ11`HB?mlU^#KqJ
zS{sQE*o`ePRUeS_0nthwk?Hqsk+%?cg+CDT3n!qEnvKc#L~_aunt(0xxL7DQeaPH=
z<k04Gy>cJu-Q4Y>J3elaBf9VgXveUXc1LbRG8&a%&U3U|MJZPX(3{*14`bdm&h9JT
z*Edi$+WwiEy^HLu9YwdU2J-(bp_}q7I8wZlI8X=iBDb387&|A|CL=&@M&@*R;6nm>
zLEcO<3O`qP;9Ji9uWTkpmfVZDveg;FtyEZEjz_|~pH`=DVZpw;r&DFrgPD|~E{=<c
zj&2E}9k}?N*AYNLzcjc6EF)|MK}7I!@{4~q|04$YFk+z*_am-<#a$+h+!*i*h+`!T
z>$B~HJz-}{dc-40$x>if!pBMQucp2TLR10x{&ClJ!<il{z%MOm?m*mM{}s8XA+xhf
z6lD}x5yo~un2oo{@xsW5jo96=y<@Ph;JI}`gSX4fAc>vxj&*(}CI7H$NY~~RX&Gzi
zD2J!xUHew$<j~VKSo~V3B8QDx@82DSehYZ!*T$sVk`g9HN%?Uy3Ld}`NT62}_E`iV
zjFg85g;bENI{sSl@y6RJuv!u?`nVqx?5L_Lpp!8NjN1fYWfw1W&z*%yNGsnBf`4FN
z9WU|*E@+Dq^}dz0kRg##wF!(Z);`ayvf-xZuZ}$It2uTr09S%2$r}4(U9mH|yVV)&
zngjh}w1Ogb!`%M%{yrQ@WN#&wqz>8a+z-Ro=>X>-`nx+iKM_|{#LLZBpI=-|QNSos
z{x`3%jYL15q7aEIjS>J-c^X&+ZRKwt7mrz_a-<`SM#sitSEz(p%$dRWp<g-iT%9Ta
zCN$_6)~kL8)<-fjI&k-gH+mibM8FDmr0rhKMC({y4mViN#u6P!cM)Y^5hP0U!B~k5
zJ`NB%KAJu~?cq=Hfdsts!+W}VItws*Sakb8ED8mz#rqo<d)5(40L7I!IK|oC6Lr*I
zJ2m`8vk44e94^oyfo2joe(j3~QYG|RZLmnRQsh-)=X`nm6^X*$LzSqm){-2hi+DNT
zNy-rIxMYfxUvopcgC}@Dhq9gJLhQ(#b3aPV4$Y*KylX}QYrZZ^JZqdp%H07QJYGLm
z)+uO!+NG7qC&4CTEn0VqbQeX_D!6HpzHzTT`o)Daoz#uvod$WZ3u%4Ue#e>f7h@Iw
zUum=cjca?zgwCBiT!kaH;(HNjlRDI3JVod>evdz>&#X%K_{OF&4NNs8rBf~{I=XFN
zta;<ic%5x&*+@}zr5;naR@1);4Fs9c;2Gj1_co38ai9y4vx6$7Rc%NjkT&}LCZWmg
zy!Sx9;2Ds0J7u+!#UTz<V<V6Y4GjOSoW4E7hmMb<Zu)k(91ZZIM{759ium2$)A|@j
z&qS32F%oPH_}+)aB=(=!88(H6B7VKTUV~XYgI$3oz?_5J3^dQ%oh=+x&Y!>7V1=u%
zj{-Vp`&48sp{f@?m#slOHoPDjrGJl^J%w^eR)TBld$!th4`(Gk{fZD0L5qHoXdyoR
z06q-{%|t1=ME>?6sCRQB<6O(1ri1EBYAV1O3KyQWgl8Pp_7W9z=64uifI8O`yz1Gy
z=(}=>saCuPkpOu$H3Xm|Tnpg<IOa#b+D$qLiA>DN(FjBJ*~V=BT!c*F&tI>=$`25`
zvG<P%^5VA^yND%IhUYO2cgLTp-}~PzwIrkIu(T=*0&_YTdk0qB0WJFZZ#?Jjw@kod
zWlV_76H2JxUzwqc;6}}y$QpMD?t5Y!p~U!A_FFrk=_1Iq;kfaz9(%W*y85>&iM%#n
zp!n$U`^U*aEfwID0Mj~Z75;z4ujzBudX)gWbV|t6!RPVoIfi1@4|6fIVH%_l_biKo
zzSKq!`Vo}({WopbsR0ib_ajdaqQ?$T2L>nq{b!pQ3r{=^G(ogt2rGB;xpY7xlQ&1&
zKa7d0neo6#@dfb4K<zy-fS?Ts;a>w(#e5OW!~RJaf5FP!k74Jc%CSKzV4PA}?d2Xd
z5GV{^F8PP?&khE4InA?r*5E`fUS}}H*0ZA53kO@XKIdcYwMOUKZj=U~oxG?B;7YvI
zz7#kX>iOsIrAcOgYo4$n^Ko*jzgRTTW%&S9_IYHZLsm0V59PDy=;{qszQPe>HkiY&
zTv~KUqy{0+H9y6t(t-QxErx5RS!xvL6sqhe*}<RPx(wc|?`I1<x#LICteL-mBp~^L
z!9}LY4viqkoq8UbdNTfc(U3iil%|B_a_L4$4}J-z@zJXI(r+EH$Z8Xd;%USa+ik?z
zV^-U}R@HOl4oF$CJ7I|Glc>+pi-q2qzK6x^+CNu%zE@kTEdqoV**598p7Jk*u_1I~
z5)f<&2-#mb8ZW%RJ~SJC?;(bceQj5ZcJdW9wBJ3fGQPYbei-SKtBJ*EG9vN3)agLX
zNyvE_`#WiAzwJ3>%s&kSiF>k<nz<0Wd4>*VwP5$*Ikz4$;D*KK%Jq)@L`PJysZDO@
zWtyD)tdsTY*VsMd!2-c}i@R;^{525&%*O4dl8`sHj^#8Jwz)E}Toqj?C`VU~<K|3N
zY*I=gZ<@_5Du96;u7<SlPd2;p)*nKg&t@u4RQJ2zw*dI0v%1j`aI?YQYs?AOXeGa@
z(FihAd~7`IsU0B?qCAf1Gc~nfrVD2NZBylY144ol!GsURXD9LFgI3W>VWWhrsB48~
zk%Y>ho<@m}D-`K*Gf6Caox9qcOyz2x46+C018|cd8iRBIyaNv!ONFO7&sY18?c(e6
zjJ;Kh5r_76&hx>+YL+~0%QQH>#;?77ko#FZSnN|j;^dJcIv9Enlt+?WSJc0AxRa75
z_oa<_xO*q|RSg7s=rwusJg16_Mq6RL^}b6;tRZ%2KXHhFk7xaO3G``tkWl_!<5Tp|
zD(YEgChI)4Qm6gt%+4<op5AQ@4xv7%eB;W=F>D)rntZXl$|zyk+}7dv;(9NS-usq@
zN`yNZ`OEewJ_G2$c1F;3=G(s&8$lSi1g>O<A8cu08;@eZ)|}ebv42fHd8(^~Liuq)
zWiIB&uFR<aNL@dbglCvUTER<FfeSV%Rq&GZ8GCM=`#5^}y3{Ok;dDFb3C1;6kPSrV
z9`)M<P;@;#K0P|@d-<UKUvfDdHFPU8r)fe7qD{yuaTJ-SFX~<0;-A(R5g*Q=k2~AL
zIMY)viB24*o%Y~cqg$7WV|0F6GG1FU$;IKF?4_@fzGX%?9Rj}_uI>6!^0<mxs0^Vn
zHJnGEceW>DyE^d^EO;Ban|d%4y3Q6m8s)i|T6?r^^}qc!iNSU+zo%PBL6qg}(Bu8E
z&xL@bi{q({LgNn?+mCI1L0WeS5h{aZ3k!Ya#4SgEv_<U}j~t!tDWNc5F_&`H0sB=X
zouaJx;B#W_tWDy+j&*kTL|BrbtZmIct7uR?cE<f-(G>rURK*+R$?rY85!Jes`h)~Q
zz5Gj-=!Ip8LbWtwp5w7LOCB%#mY6a&V(B-DsxT{r@qEff@`6?e)B$umy{3c@P|%00
zZzWMPv=GgtOT%7|+j=40mW+@IW<C`ibws;H0+H0`Lb67lh7j-~E;o;r)vN}iUK6M`
z9EWsH4$jp6m=-0oe+BLPh_(Wjsg2kAg*~_PF+fL1QKms+T!XH<4A!ohRlYY;(V6k=
z?q*<rHv8#}A8zmlY!P8f;Ct>b1;CGp25{%74l|ntA0@(aUqA@VLX&?3NV*BpcaTy{
zF(TqM9y#p6^WJTDJEVyyhyc|~3BDbOnFE4hDQctr`5WpKHa)cRA}ouMR=$;Huzrdx
zJ$8Nm`G|h#?dZfr27b4YY`#g<zzx@pu$+CoXUBHnQaotw2tZpHQ+dP*W;F2Fv_EWW
zmZ$^NV3TI~YAxF%$-f7-UEXJ0i`$KHF|1NL0TM(skG^4V3eb@>nn&?DEJjLXt4aKj
zlI`*e&va@Hnrl>-pPw)}8+tlYh`^+L&>@E>pK4|IaV5KN^1kV>dy9uBlm9@jo-$Pc
ztYc^GSz(9v-k6e2Ow?cEG>rcBC6QFT*b7#<j-2?6-$>I#G{-I3jykMBu{C;yRnRCK
z{-=SBo3Eh&80EeA$|D6CQHRJ<3&mx56N*PEE2GI$^E>bAsc>^K><QyhwL0(NmQ5!H
zU)3nDrStKv1w2+h1$q2c2F9KLP4W`|8OOND_67d^c%A!CaLG^P!!K=o_E*{^de@)-
zHA69OKe@AF<-a=b{3~eAK<akM(V7J<&?hiRx%>1_oTfIqzi;+g*u0Q8nUOjcQ!)!~
zdXF8A?&%Xsv(4$rr~vhK#qV7FddWk`d`v{;Z@=xDFe5Z3KAL*PL@Hgb-WZKCM`(U+
z_?V@NeZ;qME}}~yx}t7pJQKHx?;XJX9G{NDclCw93yE_EImM~_sF9NChElftlQafn
z1BvbQGyU_ftwt*Bx)4G?OJ2^;i~A}(Kl5CqUWyin%NfB)Y^KP6*zaEnW@Kwa8W(sE
z9`?1Uvc#s!r9lr2oMbnZ)I@%Az_F{bFQqkZDA7X;Pim&BKSEZ7Td-&@tmzkh*Oq`h
zH+ISY;Ui9mDoQK{E2sdl&%jcUsFpHkU2Sx8dI8dw*5s6iySqXdszC$+h`f>d>bbMt
z!UzQz8ej;03EF;$obTR_ecwYKIRmFNEP{?HnYgmen_NeUU9lf0DfNSiqgcF_q6`qN
ztEp*#)r$9@q~O4M5v<-GF0jBOlNE`!Qn$wkyzPUYpX|@sOx3JZ364#cimMvERA=I8
zuwMuVktnWi)?)8}H@qv`Q~w6HFy#7{m|?w~^n(I_W(*C#=P^F`%*V&OH&WtY5E9N!
z+Jucnf4|x!iF7yw#AvaE)zy)fsPCF~?36Hy;d|OnSCL=|*TDse9jDM01~gwYfUj@A
z-QD__6q6%JHRPgDy4ie>Q4wKrQ{=`t(0IwIHnm+a#_zkeHoG&AE|iKO#0HjA^2?gM
z^;3PgaCjpwQ!q_+M`Qtc(5ieFTrtuXQz09^8K$ufJWLZ(u%dr)Z)iLR;@GMT#j14K
z{)4HRJggt&WMFqT;q!->f_rD+FqsDme>k=rB;iOn#ADt*ii6vq8fx+W_3fF1f8R;%
z(ORSE`;$9^DW}!?fVG|x|E$`JoJef{hrc-Y9d92g?sK1}o`RlkIv$ZP4W_;3wt(L-
z@I*j<^<PvwLbvYwFNF!S6>_?JtZe&=vd$X4Z{-Z^+d35FQeS9Fj(=@lLpidAI`&j0
zx_#v8UCC4s9eVV1i}2)$l-k*H=R&4n$REcI3sI9Q%f`*Gmt9_?RmXbm_?MaqSwPq7
z>#`Z07Cbz780bwPgi&plWGFqu5uohx{uP=>1kJE__C#%0OOG0(b`jvO7~`*ir^u0u
z+WMSSg!v+Wfix`q1?PI)(CwKgT~1eL7`3H!S#Pt81;|ou0hU#B$ESnr1>b70t4r`~
zry&njm=5hXO#0Iugg&`TAubMWVfiZ}6BsU*qvNB3+bDcow6AG((4|meqtAhyY4HoI
z0knvZMx5y?X__L1e*2~pX<PW|;2H=8w}fYQ9HJ;elL5+@e-ge%K{=2br3j>BE1zq|
z^{vZ?9yjxeLP?W5N4d%UT+uK|`Ag5OQ+mGyK3sS6ecE6&cE(SAk`Gb%3YIPG<r5is
zSO*4Wmh3?M)t*R%L@QqvsWc0HVRbbIcrr$WTp$UK*G2w6RKE_?(XJ+I>dPub5%ch1
zOjoZ_0+$^~NLK`?RxXRhP=&8DHa5uXCD5#<_50(VO6=%YiSt6nVc;*S9cdS;V0S7A
zcMRS!ucKFxHL%N^y^K_#E+b$@M|!XJSHB~tTyDm}UtCs}4^%d<gEuCH-#HJP?lscZ
zNI)1MqE}7^8iR|h>Ka_>Yoi2Gf=H7`7Z*Wd-#^2%qAeiZFm~pC1r0~K!1g2uw}a<?
zbvZ2N^7bwaJNnnp-@i2xPEth~HfpfVx6aS}8vRr8=<*!gTuchPkjsa|M8Xl<+-+LD
zF=L~^t2tQi@zkPpBQ$!kt)i|HbiU^W6e#i<AzGGcfrP+P{AW{+DBJsF4lZw=Hb&NO
z60`L}rWW|XxD%7CJbU|aJ3VQCi28i*)^Q`(c4CS*Xp3>w|ESJq3Xe(%jSBr4-|5>E
z@WZSXjs!^b$5QtiR||YRDn(uS<$1@e-SuBM_^LR@e_5tMj*X0?f1BnN^2<_#**PA+
zFv}?&b<1dXIFGH|a{I)vnrCUC0dIOoVID#t4F*s*bP`m`%O#tU^^9gq#q;%tFB9R)
zZ?&wXJEP>O_6wxB(QCIoWDL<zud7BghfeJ{ppK=|2_3OW1o|4?lf0-OLP$xIAjotD
zOE0=MG=S&sjVe!X*RY~Kn|EiaDelu4QEvcA$j|+P6SHP4^Nv7$St4Z}sa&pL(ahlM
z>NkPARG9i2Qd6XL+>9|6>6yOhr_SS}(<(vOTfv<^s%pN^Gx;0>=gbh;kwChU)BVX-
zB}CfSke?42AdwfpqX<uJyYQw}Ak#qqzfic(s{bnI8Qt6by!qTGHF)wg#|6Q|P!2tw
zj{ft~>IVE{)6aCfC_*s`z)Ene+wj?s`D%&l=B>EpyCeUetEGpqvNCvA*K@<+3^J`+
zb7Wv<AvO?te0hL;e8AVS47`t=(mipU)p5EHog}nmxQYADeBzA{X0!8N5mUuUc2fLz
zI<ru*M&9cYcEiqSml3iq*xSjPg9I*}@6*E(xEX-Yh$!WtDv;q*G898V3LGQ*cMbjb
z>cK^_;bw2AKmz&#?6cO_96qZFP(jg7-;RFY>&ch206ly{LIRq0oJ0x~MM4XgM!{hR
zo6G(oJbPS}Ug5lHQaOLXP90ZOO*aT6N}CK^KIivbriD4xfImup-{}dBZ-+f#$;>-z
z>(@KuM_`aB{PG1Cp51V%-30udz{G(M@bQc=L#(8v$)=Qy<W>|)Dkz_wHyf}61_7!|
z{w+`~7NpoBLNF!4PK68}K~=pE$O25_5Eqx*o1CMi1La!0KZc^gWk}*0A!7GSl;49=
z|K(5FD=p&hoGxS^or^gHsA2w_<nFTNW}98wi>lFyK_?;b6+UFRCnt=N^oEI@3hQ0e
zehB^m6n6Mw9JzYZWWl#q%=8^Z#^054{u)Jp2XY`Q+NefiI}Ab%uIIXaw$NjB5WoWF
zdn~p8D+Xwbl1A$ntyHV~$SHLn6itlRzgk8shkEq3&y><oy6t%jfs_>>7EL)B(V&Cd
z_I5qyKgcV3H8Svb4^jvUdVo%(>E+ia-v>tsq7K2=hp6>~nlO&ltuec3z=lxxW+e(_
zO)3?Zq=rTlj9H;{4JusM%!i9uAkb4_mFwXQP0d;*^$pY@CADAhRfb0ssPg<=nYtBI
zlX+TD%=eairL?f6(tleVDiN!n(3KJxsPi!Ii}Zf(Rhpk4wiJWuFNpSp7(qQYB8B_@
zbkx6pZ=f`ALbW!6-giGbp<$h27~8wn{W-!TfoRC~f{)4nZaP$83bHHI03PPQhTrb`
z@}@AxtKfE~PK&ZPJ})bSD}fQAl`ScCf)Xfy$&p`O320ij)C2M`$HR#R#fU$f4Frf2
zffQxM(=KEHDtd@0Kl&XGV|CTATpkK%WHlV!m|Wi!i*~+NC@Nuz1mp#9G2-xldY}OP
z_r5zaFm{5p%Ow>OB(p3S1l*v3fac&aLkV@<LqPSfClpsXEOEA09T5R7hMQbL#E9sV
zlX~E9RZ>xZwwW~#Q1rhP^#zz#hQW0N>dGYEE_8e)#zIy0vjjh#ncHbIK+{OMrTc1w
z7zn#1(%?pve22#$vKgZ-P~L59j+D@L8+j~;T!{|k2!~hu-N9uEJYW*<ex#HwgoP-a
zoUUjZRcqlSBYaJ*qb+DC!U@O9?OO^kkYphU0oms4gipPTZIy-~><`B50oEQnR^d~j
zLg~qf$OAd-b60vSoKDy0t{)oT5)qRso9CvcXwYp@i1-quvNPlA#LTxyOs`i5qF@AJ
zVo?9IT)}Ydl)R!1b^J6Lxa!Th%9SrBTR0%(u~Ci3Z>Iqq#Jayw<Rp%Mw2VSyGHgsE
z^c5!O25U(>Q)ghE2tXsC{{omyLF*T!Y&*S@ZzYm$W)EZoV6G;R(3%sBz^i;9kyUPs
zrYT;8wN8a?@3}1Yl>YPdmm9MC-xF{{sfx<xrud3~jk^Y!X-(q#$VykGUDGH;gedIX
zvdpGGc8D7MBn5f?jxuv?Q#dl8IiW}2?vI^teY2p%!r?Xt`2OEeWLy{v{$DLX=YYH=
zj}vJ1qwci6G`#;c@Su(-mdb-(YtR|U4F6WFlYvg3-wNlAEWft-?H(#fG=j+Z;=Pq-
z0N<1CAJV8PdY3e_#I-YX=x=dph(}-O*_N5ed5b4eYa_W0ebOc33c5Q@rzMrF-KRqL
zUQ_m6>$f1;e*E~Zd|8^J{rVIScr4!KSuzAC;cYDikPx!_$44wnTr8K1R+>G~3c`jW
zdKy*f{5p@_yRM-+c-{7-Q06DoHE-*~7@+?{R=Qw)ud^6ffdv*sK_i->@->9R58R41
zuTeMsK1SUSe@$H5NHpR6x?WAH^n0W_AfApXQXycrX`hT$u-r8Iw-Xp3$lp+De;y$`
zYR3lIErf|?iOKtmL=^@daLEd>9!n1h&fHP$i~e=>?#3{IDL7JToz$ZmxEleyw6;HU
zl~|w|ryx&t4|~XR-%gDILoJmEk_Gy4{BEutx~#F%d7-}+Z4a07tts+L4qo>@%qTb!
z3D^bHqPI=GJ_0K@g}HF@5sGgN;-Z{>4J{eBzwXyfiE+QBUrI^W!+-r_Q<<PKQxf9H
zV(b2VR**P<tRci`A@7xNs}q%?%ku~b+qEyRt2<9&bNNepLat)r&tA$q%z~3k$9-al
zvAEO2U^3+cH3z({vpIyf-Dm_0v4=6rf0Cbl^kxS6e4*GP-kU;fdc(nt3fR&pn&ZwV
zzjv-E2T!xg`2G*Q;cOI#0&xQ+_Ga{8`ETi*>W#wUv-=%$q6PMAUCbmKA+FiYwm6PA
ztVX^%-%KGs+R~Sc+eV)jdOC+A0D^N|gZnr~BvqahlA6r1zUd^ggl40X&}A+fkNK8J
z^dF;fvmG=#HJ!jIU+xvx!d9zWhXF;gDWT0iPLm~$y-e@a3;%6Wobxx`M6S{ttAxk$
zkyvax&_5#8`{%ZnudkQ$f8ZEm5E1`fZZrt!Y<8(!ov!Y&v?~pw{LuwP!hyVjwHiWq
z`&@t#*7v=gk%fdl<VikQ5?!)idqjZW>X4`A2Yn^3Gczdx8k@myiOM2E(u3R=<G)le
zycdAMr}Sd1T9fTR#HFjHJuvndicRr#3}TF7ccVi&1Ti_gUzx??1%wYg2`k(;Q^^>0
zYnkNW8B;>Huh*uX#<y1M=bOWiOJZXBOw)!nSPa@R<AqM~y?@kyD#X<a>jF)9Iwf>&
zHfgcBGDldHZCqeRvgzw{RjU}HjUMc^Q=d1mbKW(r$fHMBwRKoF|5Et~poH9)ek+Mj
zgfvtUCdHxn+5(SltM=ZDrbp~9<M)}1TkH3k14e7FJ?#;#Lj3O=NasA7=Y;M^@G@gb
zhcNjTz4zSq7g~@l{$zDVvmXvr=n0PgRYObR3fx2z8)NgmJ4l^wbYTCJ14wuSL5zdW
zXN=zVB6ld?nD_FJD0Hiqs&)zv{!y=ai+p3+1)c!}zJBERKw+V(uO@88lK>%+f?`l#
z{KkN$&rx83j3P;@eOE81^@$d|A_`#_@*bHp-7?<)mDa%jue9ngrMEF>WZ$)Or<59W
zda8t0^$DK|KJoB=6+L306Ir(=in&Hi^M!B!eqLxti*6$(Hc9z;2vR}5YIu%vU7Xy_
zm+bE;fI>z<_r0+sRoa^Y1B<ypdBnJPK++_BdCxO_$DPY#@B&ti)~M8)J)H#jDkUbz
zK7g|H%r$%~Ce|V##Af5gCh8O0<Bu?7kI-xsqjmmsaIjM})qemuRs>y*bRY(FhH*H^
z%39FGQ3N2SR^9`;(VOD#QaF4wMF;9hvU}dh{@<z>G*Z!HX<_ki5P<JSMVDT4{!w{)
z_ImtuZ0xVsyQEioWz($Y^FLX1>K;T01sn0YVNrVj%I{WN0~2u2jB8>lJ8lIQm)yyK
z`ygVAds`CAOJP>3`PrZnT8VYZ!UCc0VL8a%^KsEIB|A-juA*^=d-2W#iVoH@?kMaE
z^1M8cA$`cy?#rr`XBinbVzu^C2<#HA6dezbT;RH<gZ3yN2Lo@F6BJ<I%-YmO0RDv2
z6;ib<lg}2hs!#mDi+Uh~`rz^Nv>i`-2NB|_i`KqS{9N`Xe{YP6hBdd2Dou7a1DKG0
zK<^k3*tsW3mp*P`$W0A|th_{B0Tbbx#geSDxVE#7krhu|jsTWw(xz$K|58Dl|2N%m
z7?}3gLhCliKC?$#>=H&rxpJ$`y~4M8r6r6Oa4KM6SxhzTP-K)A8jZubz3EgM+U@bd
z|6c2008A$T@&c(E6DRk~rMNRCt{eWwf49Tm4VPp*{BR4;N0b!c!h=3LY&0FL;9$VO
zT2PkTm&}W*uaQyb;RtUdhBKC`6MWsw8@NZt%>oDaFEB97h`?S(DnCwKMpJ@+<iMiR
z`;*M4gRtD4p!ms<RrF7V=Epc#;1z#4Rbdb|wbvOGa+f#hMmaRs6-}<Lj&C&Az<TV-
zYS}crM+2<syQNUqX8ikplpdWqJ0t=37V9o3$B1g4FS)wrKN<k=VkYkJm;iTu4p%I*
zYgT%CyzVYTY>Pjw(S@>0a?bbHnN@S7U{nWImB8FvIoBUq(1WxWv_Vd{=Yl_f{!~g)
zj#HpM_kJEn=7ZPq^!QE}!aUO-aPNf35SQCCnx~J`je{vP5V$21S~YOcRr=mx?aY&6
zLlDIXWY4F`M5lf0vNA;x4U8FX`g5q!@V+HMVuaKb!iRY$?(zVUF3W2YX$lsGIGa!W
zO9AWe*`K~pW>w(WE<JLC8>qV#PuCLxe<~b|0e{TN`1Cg@L;i{o^Zl?&x&n)PYTF!f
z9h}$hxld&=-7Pg3A>yd!e4$3gHOkrasP;?qY=x!mh#73d!2$Z@w64N$fJ=&EMz$WX
zq>3K%oZA9JvJ%yhGgX$b2b{%-US~Bxk$#qXz;2{t@RlUfUFrWU4sH0C_y5v7U0{*R
zFyrI)pHT))+pVRxrWf1;uO`NtW@YjL7QCW&jW^mdY}@D)9T~#P*g2^1D{)L;BRCs(
z)KZ1ExSt>_oQ(C=LG+W&C3BlESyEb-$SPrC0K;!ZLB^Gay-`a;BQ(@sPHklfwFYAG
zJO~WsF&8#^&xVVzZM){;dERG<<E4#a`?_Lfb=iYMqqo2wr0tM{XgJ}FkHl41H^R$(
z&w_2S7&W3Dd&9E@8}sYi5X)&?GV5U+z!i8&#*DINAOGyRQi5w4pv`DZP&{-jOe(JO
zXLiE}%ZyLKl_PCoZoSZ~{Z&MRc%K9m3D3WeKTYH=Z?dN~`Iue_J20G&#g2ULg%pgP
zj6_EXL63>3NH^)vhhk-tMSe>}^k@I3dDrObO8s_vw`kRbnUStj^3$~=E+?*nGU0%t
zrh;C0(vHd7Fj<LD*P}}DEA(VO`@WpG!L(3@Tnd9f!{ebGBuC{wTXx(pgiLCnczm<&
z@rqBn*01Y$Nx)19iebgmy=u;^`+H?hFFRp}B)3BTw;%Wn%A|-r-eaR$p|i8j*Y~{O
za6D%lPfB?&kawOkvXeh%oi}Ep@drcC<V#t505(rD#{a|CSI1SoecOtJbW3+hw@8<S
zAPv$YT}lW@H=B~~6r=<dDUpzF6_ApW7Qp~y(@6Q|_MG3n_q}&Nhw}$)z|D89HP@VD
zjxnbGXAW-xOc<fFC{$p`n&5xFCFf(eQ#a>C?|FKD9p+dAeAyMEN<qWi%fyY`Y2UOV
zVd@(kyB%oUY@$q_dP|Wl7(Gt#WR7F^!;x7GTR<+f30WA!QEk1*Wp6+5_3j$2-!-HB
zv*jr{FPLNuy$pr&AF3U$m%!89KoC38iuj8$3!<C{!LFvLthwrv!j}3EIv*$WFC-Z#
zbf|S$do50c&ogtj%$#>Tn{u7aN47?bHNwCB`y+(V7fPL}kuPbaj1X7+M_!#?SxS_3
zpz5(;U=QMz71-<2iluTNeo#55EAy^%5HUJ8jl=&HP2i*xPu8*C#n*q1qTWZe+x`Yj
zwRrXYmy_;#oUCZ$C+mTaE`n0?@9|ey=o2=7%{o}4g3S5HHA6eOEj$gE!s&_Gh|K;5
zKgw<rG3=}btgHn|wAW)XU%J)dis?o!kA^c+&fh1eG)&zRLwBX<J{xX(?Di{?R(-$i
z$)*r5f|z!@CBSpU#(Stf@8p+<C@JI|9Dc6G)SldR6RU-bI}eKA%BN(iCkh~_ZYg4T
z7=$l<i=J445sLc48LKjhzi(m4RujPoTF9k9HfiqmNNhF*KXW$HDEOv{6%0lkp0?Cg
zn=27rV?vk19-ilxq}FZr1{O|V(IrkDw4~;cs7lQkPJ-J1hD@ZCYP!v6o$T7tq|~rW
z0M7{>1%?ShcR1zJALMlic)-kd?FKOaQlcj-%>j&>X^tsTz1QEeUC?tR7nrcO-4SuO
z#rtVX`PGKd0K>s*I?LqhvXqxax}U6-Y#JZtFT041R?z33o_|_+ck3Ic+_;`6<1uY4
zLJ(boyQsC2#;DqM`DX_H*LARj_OYzjZY~WBc^t=${8ngGG<n!x9=B|a<>Yk3o$oqc
zmps$&naoV@uirA{GwsT9!#JP5){k2XIlWRCbb?-G{=OGkLsFX^e|X4WTDEXWbHb7u
zi$9u7EbeM>A)`TZe_=@JmoI%Ckb^tD2Tm@_Up=9<YXml`W5P5<*+>cngh1wU@V1B;
zrA*g)E`qp<YI$_~%ZinfD7Ay3R`UpTR2R?Fz|fxLyy!fVZFQ&hpUhYvEvW{y=%C}h
z)t|x|?T+lDtnt}qIP?5X1W5o(IPDK=Bjo(z0tg)K=w$q<PKl(G&bkAsS_3^QU%Gs7
zs9NVYPlvJOh|@@=^~nP#TZ^k#4LY5Lhg*mnay3xhu<+Jhvoy0PsKWr(A+w6w?|Z^+
zUqS-&bMV?3j%dgb$e>Oyv!|u~NsXHYW1Gtr?^sC*t@hU20Fx!~mhr^4mPXf2d<;C_
zPM|f{LL(lmXR&~iPUbMuekHE&v7?uPY}qq=>mTFSp#dqQew+I$8vAZ?i7r^EQ9}yN
z0NE0ZEuyV?xXJ)pG)&Mb3gY9v@i+6hSWR++sVTQ{SA7<LQ{B$0>gpkKi|VqBcd+-&
zzRkRer&B@q)ar<HZeZmJEpz2-la*)worotj*;huFro%owR?H9B<CQ(#ycu&j&aLAd
z^m4x<rX7^CeZncvk59M%EWeo^=^R;Td3EPk6gfZNi|&}Nn&qXINH%5!5uJD}3Z(=1
z5d6DXQSGC~dw-(n5)>2FpN1=d^uQ3sSF3K__1`_UZJe!zsmajc4BQ*;d${!amD!O(
zrX9d2c$DpG!P^ZF{22b6Os6%SX-irQQUAF($}(<vKtJy~k{$m=uvnKQmw_JjFVqe+
zK-UBz_&1yObr1g^TSr=Tp|*5-tEsRIX`UXMcRx3Qw-OBvDkpZPr(4hTKG53}$~26o
z_qrD6zlo!;I^1)-zR*@TWEw#A(GtV{C0bk1lhKVw%iR_TKPgVFm+3L<Tb2?xu&}OE
zjo&A+JsS;RQTuHs(Yai0kDF!6`Mokud+IN9YsLHY>^=02Znb1aW7FpQFmE=@J!9ho
zaUCdUIN$L^jBJ@BZ4d#G-De)4u|ZvGv8TG&dvuX+o#?i&)gcB?$aA=NnSt=Fsrl+J
zh#8FP3P8!EHZ}(&YpBYH^9q6R9vuDchyfZ8u+6IzczoIbkCHw^a=`!g`I5iArF)Fz
zH4?4=K|+1E7qlO)bWhLJ|BygE_1|mSG4F-Bc{WhGK-3K28?NMvsY<<HIUOH&!zSwM
zCkOy|c4wnH<Yr>l<a)V|VSwb<b;GA%!C*qbN>yN=v~H&RX(LKxCgPS7y2)lVFCkMe
zVV5-nAbIz#gb7xll|B&7SfHxp&iu|<K04~@Sc46Ob)?Wy6*0r9U!K;;>D<`Fa|O?v
z8{r|}C{k+`eW7I!ZAma_2C)e}s`(;h62+^kYhVDTTa&&Uuaatj20XJx_->4IQ|wA6
zuSo;}t+&nEhih<^aVs9XC}R)UQcvC?fQJUAFD`H_;2|<JUI`A7C+TJk46_@YN~G*A
z)+1Ps6A13jos@F_H6Q(Vp6p+si6NiqpEmT~`&S>NN7k)X)-FZxxI8YUoeTMCF(4H;
z^rIG9Xkf%vc17@7*KmxZXbtcr(#`{d@-Zm+KKh%qCAxc1A4=_CwZMLHg<6!F$~cf>
z)SM9#pzsGrn){*aCxTzzXf(M?7`hKlVv0kUYhr9B6`<TI=ngiSD1%`rXi$XvCg%Du
z4`H-Ithuo^aO4yK!r@R0&FyeTo_W0ND1vvlc;tgL$*@kbmahq)C(c(Z&d3b!_8ZM{
zn!A>*942MP1#h=$qt2Ikb1Lf5!7L|6CRKJ=+}ym+MX;(rXZN7|z8oya;Abns;P;iw
zoh~|?*T#1yrtJ3gm*X8z@!&JMi-YQG;CP*C!-haYAg`lSwo~SVji^-+NL!non$i?}
z&W}<L7$k?&C9rU)g3=rZ_U3lSA9`)s-@M+x0!fOQdQXL}eNY)0_QoGW!{0w-JyOBJ
z<(9HP4|wufYek(0)1pQp6F*s*-c}b~a)ux&03)x!oG7A*a?6E4-0vq9ODhri^c8;L
z@Xv2?H|3Dh=KJ%FfjMr^=8i5J3Lmv>g>4tf8e&(&b}3`eX!80Y$>8sZ4pT790K$b%
z-!<*_NH`~G=;slr@S&$K!aS%uv-Ox5rVz*Z`c6LkI!tR5i8TAhk0NnkokTNXON(b>
z4%A^sE2iPD*v=liQ=$HrMc;FDFuMmB^8X7pHyXJIujdJom2pix)6Mm$6){>XrX}EQ
ztwaR!Mf?%NTCq}gd;kMWSlvfiE*$Y$+R~zu((K!K&2;4RB;uiO<SD$kP}=u3Y|$<>
zdYr?qCVE_PTe!II`;&c%t2-mJ(3J{X{<5)+%9rE9q+jiVQ?dK$Ii2e181R$A=Y=ua
zs=n_3rT|t6^MN{Hw}$11q@$K65NK5I_|bEAICLdZQ%G5qqo2Q({bYE91=4J&Xe*vO
z%NI6KrYAk<$ZNhA3DwzmG41o?2Kn2o9y|$#WYHDxB8r?UCg*BwPSI-cK`wu21*a1`
z`sOMES!?6g{q3NrzLXSo!6a^7$<SELj)zVP1}uMZv4^e08j5+wBO<`>y;e$m@g<HC
zMIQq{+d))Ua(C}G@Ca^=Q!#7ks-*<}{4|HU7vr(WWY3PWfaO5H9nCEtj}XjK^yQ^n
zQ|&=+^6;6o@m5l>=H_v)9K<vAHd_jQN3KL~uN?1Wkz}03AY{b79OW*K_l$gl4Do6G
zcRq~uGzG2+N6jC#6Z0oAek*U#Y<~sb*V2TiE=O1C)}o<L2on{mEIz7O4z+J7*i;g0
z0lgxcaWNis09K-JlvGsE)n?;2&P9ZrZ>X6cf4`3m#Axwh?8iGz<f88Ob`U1}Gr)Ke
z0jCSbuW4q+C%zZ92>yKs6?|u0v}_%&E{~};E`xNud!sri)R<RH7duW}8<}ap)`${-
zx@P5}1{(i`1bQRL{w?B|E2ya2Xk~PN&MudZIhX2|7tUt;l>C`c6gHA^mf~Xu;+EVL
z2GZ#{QNz<vD<UF5c%Zf)=(Di(nLyU4N4cL1;(5x4W@V(#_5i-f!HQ=jT{1JME_kZS
zxN4WN*a6qyb=h{2f`{|Awouq16R1bj;wl)dM<u(v7|2s6+A3qLh&n1x_b7UmRs9%A
zx<RtyE+QfG!OeDcbnECL8n~jsn83>W3NeRCd5y%1$13(?^&&>B4~PL`1=d#RtfM({
zH7X!BbRe?m0?okaQ^|{B*RE-Y+J|y@Rt0&BLaqgw3JdPo8pcY>egqIsAlnFl$RvA)
z<bjJx^m+peMcNo$mh|n+%D<Wmz2{(7=Urd##W~xS8sp&I9s~XGt~D>KUfcfNwGH?0
zqfS8Ms-3C$yM(YFs4Ek0x%~qI4HkqG{Ay`eB12e2Fl{FVNWrcw_0AbcOm8NtCnK;C
z#Gca)4qDzg>QY-17i}NE8`!!RW`q;lTL~pW%V-e<HUU5zb8S7_jXOTf8(H?I%^0$J
zkKGc4P01e^N_n{5SCmEgB}pzMdSOKK`JJJ*&Pm^G=RAim-u&<QZUO*};;_-0^a15w
z8N3Zo>f0QhoNrnMOH`Gw7dO?AZt>AmQFF*31~TIhPtOIZRcjs%%2t{k;U8ls4QZ@B
zi+^+98|3;CzHIyn2~i~CUlhd!8mSDDyPs)}SkE<}gOA$6L+WmLT4C?S!`l}X&i1rv
z7=nF8wDNuLlQQ%6yDca0T$~o7!20LI0jN&W-);9#ZxO}6g1~}^WP5qL*?nF{_yVKO
z)7IYS?X?rRt3N0%*nAs?CdC-sl`V0wkBf(*-MG)GJa~j>NQsd)nwMZNj#^>^K}1KS
z)b_XO<;!|=oM#4Pod7nusvs6i(x32us&y3MDJ#lLU@r9;-Kn&(Gc~=IV4;e^Dl2P}
z=|9u6s&|`MZW6=2IU_tPW7LWeZq@HTJI60$yZhc=@({(Jj~AX&3=wlvWyve9PfAZf
z&6&ZlS?k_9bo*=gi8<<h|JsudV#OwSmSTJF;tNoO`3&6{s0VR8^4tRy>lvX{4s$&4
z+WF&RPw!%DmwS1=PKj9T=^4Hy{_sQ^wjgRaIY3XH4KAms+woURAqzzudn7W7pylD=
zW&ms`-@RcX=0Ra#5k9G6<l=g{Q=Osx<z33O`!Ui4mAs>HZJ@>08uM}?Ha2nvt%X<1
z3oq~>9#UF}WBKVZ^Ri04yabdI@Vk#FscuaK-e9lt?(1dN6(PHl?T?3a40PRZ_DKy6
zwdbocB0eNE*`4F7pE{=Rk5@313R&u#KK;&HvKo_;Tvye~NVlQHwuv>E&7^d~6eok5
z${;iwajO>)7NRtPc$J=W=7^VA)L#eO&MJR0b|e7n6}oWpS6X9g6prV$pf~+=YpS@m
ziaM8{V3T66o?CN%d!82|kr_F+)-NJ;uNN?Rw80v1CjHBxk^OUa1(hy}hg^uj0X;jM
zD+97XqWZfLp0I!VnrgT!Uy5;2S>@SIBN$V_P(~0L=in&LSU0ec;zT4NElnt18o7ZF
z-6?X7QVxtY+F2E|{~hSQvyAaK%*Y!%x@OFp$@J`aT>s#E;PXz)baQC(@cJpHmudI0
z+fCw*8yI6wy1gz{Q3_R2U6gjR_|1O!0ltn~R=&n09iK3D#s@f*J*q{*0dauv=xT-m
zUmV?tS)Nmu!?!>qR7ZSdh>9cGaf&74=m=FX!T>VhrUD5N2!X5zn^^Gs`idQUcA)f7
zu-zGjKK6QOXyJYI3R=RV>Ds19_hK(EZ)gZXK-9S|?q8x&{Bz*d=%f3Pn_ZfF_iAlJ
z5ql-~1=jZ~SPo}_V&89qql-sf9Ly4<Jfr$zp*a1D-K6`*!w!gnCC|*)n-+!u3lWqG
z1OdGW@DQR8Ad!U&cBaYd2Ba`D1-{m_RJm%IVL=CzdqBa1s!0-Pr4hNgDnRWHJU>u|
z$6Zl4^GrHql|g!^R}8f>=hJT<D*76`h0<kM3YpbF{s&5K^l+y5ZDu;kZh<y03e*Oi
z-d0a+ah~LWpQsmYWaW<CsT=cg3z#y5`9tkw(yCowa~F(*OzGcBy(Heh9#&?`v~#ya
zQ9QACqsvnkgR5+KSYu?4g4O280U|ype`W8%Cv)Io@gE<pTUb{TTQof2L%n;Hw*~N%
zmZP^rqWi3SAX4x2(?U6z0f{IwMNrIjKH`ZK3_^5fyxN_Lt-Jh?Dfo3CY!IeFVera@
z91{=Ttafk5G@P~p94k0UU?)!Fd?1FZ4VD7;@Zj85nQKL}#kx03|1UXwT$mEhk3k#t
zTW0ejS;hKof^FG3aa*PksOBlY8-Kk|ZTo1VV$xI4*YC`DRTU^a+P8z$4Xb2Ojg_qH
z@zp$M-y0%R%B_%h%NVsx5mO8*NqiUrJYRtJ3=B90o4C%t7)Rkc_<8&$-$28k(A*of
z!|8(Cl<sS)Ol0&t3G5`VLqTBJDbmMn(5v^?M3bac+a)imm5emQewuvh!Fn?#@o&YN
z{Zn@OfhY^;=+Q>D0=W4R#I7#R(G9mnHXiPyqdc}lpLrhI$Z#g}uEa`XEBd~;Tsub-
zo|KWCc?XqqO)s`yy3yA&fV<pHk}t8x50B=<pfilBNg?m{FzANl9pzY(rY(yH<8g-b
zj`|13a+zW;!(|8}W%y>8b%_1d5g250zJKrnclwCH;J8M39g2iCPG@Ht7@5q$d-p8`
z@IVFgUI8LO53<n&cg}RW8wbwzf%zk85W?0EOV1eq&F-|S9rCXPOJ6Fi=uS_x7%RNq
z7!uOzXmTNW{JbvDMYX~kUkdy(%KKD`m4_zlWQ|o-ZXHBZClhyPTz&KI)`+r-Kfi}7
zd2zMdr8>IE_qHnVIo8P)P&e6zEam26L1xvtb;tzKbe%*5ls>?du%%OgZvqb^NbaHF
zyF5}-R)#JY_(uw8Rb<T)%7RoHAbjwu_qmq!B&8s3XeiLYaEh6gm6D;+2?Im^KU{z-
zvei(`W&AH`nNSKR^Mak87Mp{ouGLSy>?mUBZ_er}@*We5{B9MbjHZvKT4z#GTwUK`
z#yZRXrhS-QJE*}sNNYPL+g%idxH*R%4LLOjdK?97T*L8xZz}~^v<iBhWE)H9fQ99K
zF%O^<Kv%B#5nDXa6art3GroLJrTCf)u|#_rUNY67Ge>Qsh!ORm;}(gST{ObX&`Z$R
z2{uk?*D~#`euQ?m`1F>=le;O6-s<wN3VO;Yl#yc8CXg>0nR2BQxC8CeRO7>mA%QTm
zmK4g6;$U$Msj_`mEte7qoBSvEe<8Q{U8C1^9c>eRD`1}ptfi$xq2NX`kjhj2q|Khj
zn+B3NnCGqAR)$VTrWUKCO!vM&5;#`=9S{aywO`lLt)DhBUP#Rg3evY~4TN_z<RF=_
zSDs(Af8VsyVa8ESYKsJfh_#~v<gAL-X}}>$$uf$EFRjcsCykDehh60n`?A%@&n80n
zXRj~>B~gLA>m>?KI+O{~NV(0zD3CO?`lI|F0B73PP_9zmla7R{p55<Dtc&l~o1+zP
zzfNIZP>`nNAAK(|LoWDqSOYcsc==oa;*OoUTIi&64^VOXK!1rjC>Znj?C#RDXIAL0
zwiIC{_SXbn3*)XFX;hb=G>y3Fyr;4F9yIabIh~Fvv$=E8=>44Ehk-gIiW+AD92)YO
zO7BuJOh`$tVge)#ID5KppaFtcb#;l$uANOuWguBei5-oU(XfCAS!25SG~6Jt{gO#4
zafYj@tAXN!p(d3c>>&=2j{J>XDBkb2e?fL@))uprZs<QMIIri_WuQMkK5NMd?+M6D
zn-q+zVB-*=W51Q3t(ARkFu7z5Cn@Q@uyrk!bzOdbX48yU%K)cR2HBV6I+kz@ZZ>AB
z)a7q%unQ<Uz~_O5SZ|$uJ-~!yD)iEmn?F{r8)EzXRg<(=A$z{+*M)?<B3ia~xx`?o
zq(u}#E2B>F@KvyA-m$3^0pm6HS`3VRDOO}1%ebTyG@}E}pmh)z-6!zWIawFsDwQxE
zOu=uebdW5(RcNTZ>u*A0Vd%#v(?A@U&w{ugB@S-_E@kc8ZB$-+f2*Bt8AX=37xhOU
zDWh-W@>pHZah13?_bT>?qTtWw=anwzPX<#XKeA<>$Uyk(M0Spb-^;#N2@_mU1BjoP
z!~l!#li_u6|G0ERI8Nu@97fO|rttP3Y6sY~y~s}DT~GCt%-p!TFV5mFQ<x#ICRTze
zyC<GsE`1$Mg0EI1el9rMihO-}Qvpr$nPAlXWhya@q=C3lxl6j_VB*y^ivP8OCI0vp
zhD9|Ie-^E5wSa^GbL!U$81_h1J%A_M9Z~G)E4|1@H;^c0apV{D-cPoW5x=K%;~>mN
zqD)kjF^Y|I-~u`V7S)t6-7yYi8n^_Hh8<m;3wQPa3Ur#@T|W=97$X1SXzrx{nN}hQ
z@6UO2Irdl@3nH8Cb&i~O?#LP#H$2yiWV^_gO1LkSt8-UZ8-+gnLy_&m`G+D~GgCpQ
zQ<rd&=s-KXPPn)0TRnY$t5H_>YBwElkr{)J>8}vw_wLxZg+Jp|QkL~A`i_FWy3nto
zda2lv-7wV{)ii}Kq|r%wVfFN=1fKjjLgjuy7EN7y^|nP+eE*A6;Q6F75J{Io5b*w6
z(EgYa1XQTH{M*pB3;*B)#}39B6D|+EWPDoGj7OrYBFJ0x<~7lF>ybo*Y#U=<p+7_U
z$9z@4M<U_O$`#HJtUlo<v|j*w7E2%r#2B!t_8A!5)|<xQS{+b3*1k#1$I5Js{`eDQ
zfBP*g$ECf|fTl<jL;zVmEE$85r>MTL@7}NiBz|`2kHrt`)V*ty(vbR^mt-2SRnDYe
zU{Q;6l5DLD$_gA50U5%OlAtX*8d83RSRlHu0^1SS3qQDWr$oN|*4G9S*N?Kd@y`8F
zwZ&;p?Tv>Ezlz<nah8E(Rhn}jR7c9cuL9FK_m1J`2Q_)aoc!6R7s)W)44f^Y62_w4
z=R52Bt=wzrCMP_B3j+s*Ry<c8Nsg9pDc@0+8L$2ZgH$nq8;v~{W|l~4f0=6ZU`54H
z2sEaaVl*W7;om3sSy*3Pn#?#rHdCzcUBCOwhgtfG%_-a%Xpp43GQdYf6}D&tnEudl
zV@Wu=SltQ~&xz&4k!F*{Pa#r>cPA#>V`IOsL+Te3=vePh#HjvZ#nF6TT~R5A!eP@U
zb&oVD>&r;2oEG+L;xB{rLBUkkh`cP9L5x=QLhrp-r}ayOue(C)zWkIhD|Fp!E9A;&
z;%V>L5am1bi4l|l-Gh4h&hNFqy`orRi=n@zBinz|^7?MsXXypkIlCWHl05eM@IIi(
zdzY*W0lcbx0#ur6;0%U({e$mukf*48mkcrv;P7HZSt;m}qnNqT44*^qwh*EwiPZ!g
zS>bOaI99lIfgA)m|5}we76DfGn{z(+gPB#zX7{f>5W4~sHBm_80K?p4kfIRB^^ML+
zg~Df-;fqg3=(_h#6K&Qy3VJ8+-(XU);e76hnhT8*6pn2A<BV)eCBl_~5`kT`riaPj
z3hx>$F_b&`96%3*2^OzJ?AA(*8?40>G+Oo-&YL8#k)Tk39aW#?4$8ZzHfd1JnW}cX
z>!=&nMPEg2S*=*4APZgkZX+rOBmm;<_Xg$VV&#2_jGgp?9#Smx557+*%6!}lS>qYZ
zsDNsooTu8xi~wq_tYLR3kMQczTWk3gve|{l`Av8HZaglwJkk?<`~CE%;#E{5?8c8L
zA1?emy-(w+yyK`Nf3K}RQ=VZ0HgQUh;a^<XLg_HT{9XI)%ZVjtj!qA5daJDD?;o{J
z?*y2mEZP(-sOJx#9}sxYx>US$RkE`9jS!w^mJEduYTl9>u{%x!mT_uJ5%9Tf=^79e
z>^_?e><ypuBNi^2-_x~?KRdfft{mPmj#mMufA?xl#9;ujRfK-9D@;cCY$mzx6(p%~
zG*atrBA4*V8`p_m-|4newp+NxjXDv$@`L=7T#kQ{uK#(<mEKYvaq@Oh#HG|^i5$RP
z0m}zmZRs7+#gIRqWnW*j6<5^YqcEV)Z=|kauYkZ?fgIt>^`k<M)HL%yfX2^B{C~j4
z)e@o%jpc0K5^yAdx&d(C1W+*nq5b0g8mf%}@MD)UhK>~u)@!`>O9U3_wcloqP%j*<
z@nT4j7#J(6`JqD{cIAz~lzA`(+*Fb>d4UTFSY?cE)v#*!u_aq}LlXG#UC#ah)$eDt
zYT<<Sm(+;>`VXs+oq6qaJW3SIO|ZFWh}M<rWgD1~=w6*FT96KIWiaE+>6@1o4z`Gv
z5ZyXzs83SyzLAj6pnSQ--d#7jIQ>CJ?d&8}mGVs@`df_i6VG#W`s;zp%^p`e;+l=a
zbnqde<!wAk1RAi#Q54V2r_J}ElHd1oPR=pBq?u)}GWWElgce=}Ln9#Cet!#TG><$W
zOzODX`76U1tssn$?>`8vZ}bYq@uduG(ddVz^-ByN&>lW%;*qncYcF<Nxi?~sB9KE9
z6Mh=>lsA%tHQ(0@@K-9`QKqNaFa`G>%)20S3R5utJNFuxfSrQkM|QvNZ@;$LRBAzZ
z?9Q4QAROfY*P1^RQc#yT+B@MozWhP-zt^7Q-wY>0u|P%QVKp^Xh@QA1_RGmR_vKDC
zl*kM0?4Vu&BERKy)y<jqb5Qphmv8jQ{~-o!o;ZVCX!F3g)^$O|_iX1CjGnqSRlS5+
zIFhxgFg3P_35Q?*+L8+Jp9j|rdw-G5b=L9*R)&(u5mEB7@V=uGGeybbq>B~_eL^E-
zI6G;GiScjGoSr>|0A(;$-#r|&`t{fO&@17N144hgn}jr`ae9lx>&<(S7<)nE+wmx>
zq*!EQ^XyN1?m=fOy78pEsoAN>j}29r9ijP5=l-(aTX?a#3a`LW2hJg$=%paHbb$gq
zb8ntqPq1>*d$sSA-)GEmE(qpK$tjshP$Pk_oo~MPSNkjtzxb!q31DQ6I)LS`9me(6
z@!m%;!73>--72#3^`0#;GR?@-lfH-yk%^<`SdN%pgPCMeR=1L5T~I#QWAmd?06(Nt
z7_kbJlN(*U@7G!C%okV^Q8ihKiyh*(W1JDGLv9OLrGMg)z!qtA6%d>aQ2V!=!L-x)
zF9zeAe9Og%pC*BC=aFX=vT^AG7oO_JL{|)SG(fiXk1tx5kllC#9M~}3zzJRgtDY$0
z0rs-(3?AzDezUWfAH38;d1J{C?mmquv;mrc<Up6`8!4F}4Tl<9kWTq#T&nKb{G!d%
zZc+_dh8_lnuw=xIk3snG+wT9s1bQM3!zJc?+N{%qh?4D+KFuQk)By@elU($BYbT`M
z;NhfY2v^eSsOt&r-$z-`^vSP<>Qx=+4SwPlDZM+0zI7CzH}!I?sJZA-mjJ`HcO!gH
zJaATL$LC65ay;5eJ)Rl&scVmJaQ$^3CXrW`TI^{{TXaVj57QZ^s}^N>9ta2WUwOgv
zGbQI)D`gzJ=cxioH;%o&p6`pGAsl_sMXLn6&fcXCs8Wv<;Hc^!%$zHCpWw0zhAj2c
zqqv4k<jVi`P(!c$18n(@HksfiUF{~4Yo&(1wPDpvOm+JSHK^x}>ud?$N(P`FDa1I`
z!~FC~!`6PC86e)v0`iF}U8*cI9e*$Y`ay^1b7S%NlCBzpH#W^4`{<Am)Gn(z4ulGc
z>h8MI^@oC3cS!_OI6q51LLuPotI8NRNr!?NR0NVNZ*{+)*j9j^%$^FDbfwol2W%rk
zjle%Jr#vy`y#SjbA?F&#>$hA62l}Jg<-tN-tL2s+V^nqe--VLw3#gtPX)}tVM66tC
z3zm;~;!mt#1cY|Bth68^_d^tBhj0GV;(9FBo+v-Ff{``(U{`8*e%IdZo`xwgPDFiv
z=I0mW^t{<JqMcf1+Ud>H`X*e7**?Mf^!M$=ycEnsy1|H?-zi^3G9a}bk%6(?RIPX>
z(9Tk@X%0y&iSrVzVsn*b52~ajfZ&7_=jdqOF#PuL-?9nxF&cnj8$W<dn*7JF!Ze7a
zHOCcHI{pk6PIt8M-6*>8HCM~BJ}#rGMxba7fNg>z`7!7OPYzm`VikpX#5q(+(n^{F
zB~X&T!k|MLK+f^FxSYu;(z$}7O2%x7R`homx_JjtPJsQ8Nmw;X5r0tzS%9qJWq}Xa
zI=l=4XHF<uMuZA2<PJov-D?gIrTBSG-eP?YW;NeGHxu@sSI+W%wjFcdKL-m_lE!2~
zl>0P;bUe0QccO2rTqmgTKoO{ui08ue)bK!1ateEf9KjK5;iCE`XVgB1OjD(!%FQB+
z+WxPp8|-CXj)`!$i00740G)e#e_kIgcIoE3wQp}%FMNjo-rfo5dH(j!x6Rqt-wFao
z+U|T?Oz8}LP(zKzF&C;PMpdK6L9KyxCBA25hKjaENGzK--SeYFLa8o;ofDfT;R2b|
z$D@m}5|Ya}Y(nFlt=g02@-h=LZb$n=t>?ifev5j&DrFi!W!d}fI-mXsdG1otBAJq(
z9hu%+8QRXMuZ;c8mg4D)V*hcAYJUXnSpl4d3)P92Dqgm`h;%&x=R9f~8FYP;wdZF6
zf!G4tD$e}=Erna2f`m@aMJtQi|8;4Ypn7A^XlA)-h4UQxl~LR9t<v<Zh}i>~5nQX5
z;izaL7Us0~LLnC(XD5R$F~x$F#F>NBC6)E0cOKIiaHYG8=j$BpTaOiAH*U7ZtE9k_
zlxjhKzW<Vh<}HKd6Eub-P=;x|v-Q}V_rrE=#A8Uh^6g^~dX7dS%w4>!Y<HbIV>m|b
z9imPPQwzB~U%sTkk!Evx8l7xZD(_?`lNhucY2fUC%540E&VPs(ch0_mm?67d_?5!j
z>_+2zRjrn;aResAqShIr*3P90O2eFkYDDt70!vt^zr+<EKm1#g2XX7$I;==P_8!@1
z+uJww0#!P%Bo#im|8!mS*TxSO4Fg>6!50NmM=J*9WonV%V{8pF?`WR1wwnC-{rv}0
zJIY7(KJ6Eqakx|PT&n%YlS)(;BCZ@+6EkEI>##6f`!W{Mq!u)+nnapx@{;zzhm@q-
zrdO?lc*^N!uxo5O-=F+%HCl6cjKDb_J{Kczn2k=B({!r|Jo$_ed{p74%i1y)AJ0Ma
zP@Sf1Yy9YDNv@(3Eau-bG`yFW=$|@NkoLWECjS>ko+#WE<+!PC*Vjd_OYl6u@hj`-
zaOUP3z<@!RPe~j{@oEQWB{})d&2?fzT--=KlcW+=In?)zkJmB#ibT6DwqAi}FXGUy
z=;wEJeK=sEadCjLFk)aeOu?-;kv=-=fj&nXD?1+%{x!u{*KM}j)36CGgum|ii2YL0
zHzUILX5f>&f&2M#NMJdw1h<pCkcx!3rQlD6XljF#M7Y8&dY=gYh<Y&=C})Z<sie%-
z<xFSAFPFwJmhv8rQJUdta}iEoq#as7P+nh5cq=JepF?Nq1jd<fJZ79i^w7RE8@sLI
z^b&2d7&+zfjh;D|#^UGgBx5A+-wpETemd&49%UAjyh`|iPRCqqu(ZQowZl(iNsUe4
z6JOk^hF{8eiXhCU?8k%FY3|}qg=J$TFS_osm2hsC@c19h0?d)OOvp{Lk#Ee%{Q6hS
zb1Tg5_!zF=J*hKqX2phe^>=;wYV~k;bgs!Mh?OU$TR$zF#8vp6VZxckUlJ6`l6xo@
zI4pus-tF6aV!ovZUa&p!9X<l*Mn^X0%F5?A6@qcZw=by$TL{&?-VI_e;^BFrlYH-T
z!7AiR9(9nG6o}kX;jcHP2mcpccp>atAUcayG`)lbCiHuvOc$c#<IR`+?d))Um4Mw5
zYGYzx1pV@!ThhUF(XHL;*__ulUC~seh+alSC_e8#SAEzNbb~aq?7HAA71frsWCA|9
zOrldj`MCj0vjsQb-C4B~P1d6CbP}gZZVYBWoKc6ON?IGc<pISEFNbl0f3_FRR|q5x
zZ@qgJ%(8~VYoZ_iU8a^2^jYfPXl|;WL1e|OX}Z;wM80MgFtuL!t|omkORBEf-7Aej
z9_xAZi8PTOio&h*>C|r~-^4t=rRb#lJLZP?aoTe|VM(3%H7Tw(wN#JV>tSw3=>uvJ
z4(7xdgd8O}KHCVZrS?^j1X6({kipCJiP8RUQ@{<nYg&O}v>l5(Y8JZ7BqR*cWY^j|
zVfgnl2?jPDUZNe4td77SYmbwgdk@!|@Cp50@t~92Fbj($ND^;fjL?uW>E-nHayhu-
zKH8ly#s1bn%tgof2@7}YbJs@wu9m+Ni8Kx5$^R7D_L^|HWozMkHT1lE*C`by@9U@6
zw#3!U-NNSTXBfUG+`WYE(|gJgV%^N<?YHDlx0;S+(L_?P8i76{v~1FU)Y$1cIze|*
z$qT{B)XUW?kJ^!w5GxOnxgMBw=RjO{#$I)iT)g4^!8n2RRc-7^LxO~<U>d%2QPY$1
zd(CTM!mE#DdWbZROX9CXDXL-jMfjz=oG|4PYh5yNR^rTe12{s=XS&i1GBJHUr?uDt
zRMAM)ofzNz7<g^p%d5EY<$a}YMs^K<r<Ig!b@s|(EIz%o*C`nVH@Gf)v<~n{2$AJD
z`3cf`p}A?h8Btmn>v3!b)|tfXq#H4Fv*0}5<(}c~$C;yKL8$&|OP}Ojs33iY9oSMX
zSvi3fW}~1_E>^h|+w7TT{il5u1zSPLAcJm4<a@`<0}sW6&2uyDcfK@Ql{jHb<3&BR
zIr!-Vw*^p9gnX6IE{_zox05I+6eR-$JyWY4WYTqg@=^O^m8GB%bi->zFXIM2-ep{k
zAW9m>X3n2eEJfPN>yk-f-9jMADZ20VGUf@N<sUqHN^}Kv^jf|CZKltvA2wY{b`)Uc
zWBgV7O~&Et!RI%kyJjx$+}<!(+j(JpF<!4IO$`#dPVRAs{HLmkho7XK$hV3IzB<fm
zR%v!$gI;Vg>w)xdNTWFIvAY}#UXt~0at=pIMoLnCW%sw#yt|0AdD5@nGGY4Q_nd+J
zdb^q59I8_H*3vd)hi{EgyGnU~h)*xw)E&wBUA*<%H&y|e%gqj_WNdDM9*OoFjV_%U
zo~x27TS-~1#PXJ3YVnyK=ZBXZ``0TuWYpt6kX%hce17p6hh+5iU2MuX3GD(IC8;NS
zK7;5>zn&9r)F~`Wu=SQJa-^*uZbi%b(UOp$V)hjxmaaNFnCV8k-TE32I+h%`c<St3
zX8O^;_lzvz!M7<IzkPoYy<KesE3z}~7Seye`c>3>$8c409eq}u6_+_8>#p#Oiu=DX
zwn**si9fnfw~)I|jJ~^Ht1zp%;!2HKB7yuiVBo;AB=<Kz_<KfP|EH>a!2WzOk9nT%
z7;ipB(Da$BGUCB@YfH+c9@koM&!@LFh1ghF0pqj<9rq|+vh8h5?x(+-0mu&{gqS2P
zLCWuEQAeH@jr71Vw;8@c>oQfA&u_~~yfB->irlW>FI;ZznFteOJ|C*6kEgD?Nb@w5
zZEh>tGw@hcr@Jg&EV%zWJd63NY=L8zPw-H?>{hZjLC$^8CKtj7Ndew+CRqfPgNNgK
zP4^ZezQ40IekM;*_4XxR?HCt~0>ZQt!)TS!zL`T1lXxpiVNPzP+HTw_IqNQ>BF0v9
z@_M)3-o56{S$@Qvs7*_=t0luqpl}k>)9S7_cw<eJ3$So<lHa|%(7r8D(iP*kx7Zto
zUfu}{QP>^>v@OetXA4cpKK7XKP{#I-L?XFks=OOpnTQ%yj8$)#7~-?@zE*o|zElzJ
z;4iCs%OuK$#Dq!eT`#Mvy1Q<ElOO5CUqQ2AiySt@J@{Gl&AZeGw`6^>vyf5$No?Tu
z-#~?pnmGE;#gq2Va5j1I7VFC#TL+jrMoIQEo&U3HE~WPi!K<$w8SkirLC$J&XWAnx
zIb8%-X^_!|YDeMSw?CSzA#X>rB{6U;YsKOa@nCf<8J80jcd`P_e7fp9tQS$wyr*ez
zx4!cEjT|vq+E=rWp1i@QTm1Zgka&<@wEyOqGnH~bKjEt|cr`9uplXtHdAe#L9HPLg
z_bSAMChskx`Qroa(o);*r#CuRcbJ5Q(NMn`W)Cv+@?s@14t#;J2#a>4)74AiU6!Go
zxQ>pF-D`}&UE4Rd6^MNyxF>O<e#of$A~F1owD9cC%K&ghYb^TpLs{M9nOlI*FX^bx
z+rn=<?nMmBorS|Vk**)^^2<~;{4Mtof~!w;jP#>FmGX9|57aI<pu~c)*%jpbUfx)(
zZu`=?Kl73^^JSc>%eOX^?M)fJSdRnZ@-xeYlv(<4<9FDF$u`xA!|Mbz=D@E=lc6Uq
z_*fBR0X78a(F=)@c+;TszPaqDM&mY9gD3aLiwyksF*U~kB9TH}UW);49Y)vzI=U9@
zYD)vPqt5ldr&~urYr2N?Re}rrCS+6{6}WO2fp`!MZ{7OXRYjEe@fL(U7PXak&bZGH
zB2uR<pXp4<oJr8@v))ab^1{40%l@hH^;G4*S`yY%fFU4q`a2^n6S<Kt%*5FGd1%b$
z*ZU%ozF2)6sreMoMVFq`WzAJHobRWXqUVfR;r^JX){Jd@e#n3tuweXNS2sqDOZmkO
zbnY^XlVDonZq=lMXbp~m7kA9MnihzCDR_Ip%EBf2{a5f15>?s`Ow&vl#wH}}qjhVI
zjJtQSJct|~=0a$2s2bWA2=E+#$XH@Zdq1`?iB9Ws^VU0cUh^ibmxgU|%ggLQ2W8bz
z5pi8?jmE??w7fW5J6=0+0X+c2{i)VyqkDHFpFY*8G(F&-s#=Ju`p5vcg~P|dNJwq1
zf6bS{h;js{J2K|-;g%F3gg(1Lv2JUzo8;mKhKBGkZ|a&vWPeuzbt6Sr*KPNmK}IHD
zkyN)O|Crx<nc#nfv%B}08A&JJ|KkSpkT~a8`>Vxu53C27iK5fQSOr?JC2}y`b)JPD
z#i`sh^$^SbNqg<!`sCfax70o;dRTLO65twkXdyOCDoHxt_aR#`G0xf#3i`b(0MDgD
zk25HPz~F@;24>`!&Dm;Z+;DB|mj<sOM`j5c7`~U7c&JrK95oOj(B6arZ(PDN6I^XF
znc+R5F3zAJ8qNaZ?sF_$9z)l@w+AgXb{p-~Jc#HE*UuK&m4bI&bqGZbg`<&!|5X8C
z$Rh-;>=kW6AWcPpZc;^Kvn=3I813{pBSGsh^Yce%|K{^toU(M0Jf~i6r{1YnV?r}7
z+$|daUVJoEw#P4RBKrr_;~%9Mnc!VGXB<GO@aBX6P+<ohYONx!XrF!%zxR6w3(T5b
z^5u>QGWmk85JuA%bH<xu7m8m<z?`eq8Y-yZO3UnfSRcbkCnCTFagqjBGe)Gf3XU)1
zQB)#kA7p-grHY}f>$`f;2(<5M=oU{NpC6qr>P>*-vs_r?(zsJW%73^3!HlSd`@LID
zjJbFX!NYSO;vyYbBUE>^Q}CCQG3Z``LA$MfH@vqb<AH;|^69w%xG(xnZ5c6Zn8nA$
zsw)@;oR%IaJfL75*Y|)S;}kWUUw14&9kOz>P^UZX4x0MZH!#bJ!C>d+(ft<#ZxSHB
zQx6=Uv<q1@8*0|^MMpkT_r#u_6tn!8&kk-w#6LG^z+pW+C?JUy;=PFpCNid28{3mE
zj$p$FirY6cZ#D##!j5pP$|qvkZ;M&(t;>K^QrXa+;o@wM#8z11mt2hEB$?vOPjcd`
zd04RaetTIXxXfoPkLQLtUAI*YJp~McOa&8v?9ofj8a&e6JRtk;=Jekx93?Ys5MmM)
zp+ygQC}sLg@4ZzBe#7M9kTjR%l-~G)BrZXlZ6YuU1Z84hq_pqR1YC(kLdgcxnY_)<
zfBT@WAb~%R@3tgbF1)3;VCD_Cng?4N+C&DKq+MZ5c#pWdx0gvUzpf{0VS^C`mgFnK
ztdQioc@V&WdoWgH4W}Y`sUJeSpfwZ@ZFn)~(pk5Y(`<YE66_M7PZ7b;PH6@bFp?$(
z+r5F<)q9p*;a45qHhdF_y}MW+J32cnxFboG5Cba%jBb|j)M~Q%h{Y-L=T`n6M8|;1
z7<_F-lZTjI=RstjkDhAyv-Osh6dRBrgGYTKBLxRB7N+X01~Y(L5pa>i$?dL~h<6HN
zK@2QyA57OnLx0L?FJrGG;7Ev~V@C}BCitM>H;;H}^yiZ17{uFrsiW&)OiiFm?!Goa
z3uo4MUl6yLbGhy4&}Msam6Mk@5<=cWOA>4-s?3O4=Lqw51}Pr~l{<In!y~euK5fEP
zk-G9aq3cvCQ68{}qk`4f2G|ph-!~$|oI@uq@K|3Vrd}Y1ixBU)x&YwJ?+-2H(T{!K
zl#}`2)RszA`&cBW(w=6P%?wgaY2^lWZojjqEJ(^G8>`~&cm_TJGycz(1(F_fj9)9*
zr~|75&-SJ;{TWf4KpMftsWdsWY|qYo_N(O-IcbyyKHt&q5>HU~%0rl|_F(=vj13{f
z@`C(2{Dm>`G10TO-Q#83%WzOuc4FQQ^U-7w6B1g4H+z<im&yf(&`S&0T@YehjpfBk
zrxMG8vt6dZ5`G*wffJPwlaoJ=in8~WW&pPgwaw3usALwL!L*y3P9l&Z5|h0Ld!=#N
zqj`BJ2JBq&eAhC-3Ti_>#VEOy&B1q2rR9tpL45`DgROjmV(iR!@=^}FqO#}IgdaAi
zrv*3O#3X1bCn!=QFGhTIuZxv5J>`As;;v)=$#9wl>JN71wHlg(64NAXD_r)i)$OCi
z1CBP6h%~Hk-iph{F_(!xI4k?*TxMs#DwsD^ll`h@?g3m2;9ojA^_dV=+UJbUjAGDg
zf}wtWqYoHn<3Z1yfIt%*mi%d>UCGen(xU5X=?OGlo;pgUKjPk}<^1kQs3MhA5KP8>
zKUZgI9_O`<H_l42H=gJeg-)W1@z#Mh&WdTwJX8LCYq#SZevK*en@ZTHCfF?t@k<R?
z9dSUT0Og3iDXMaOk3Te!IwgLc4HrVKq|%)Lk-Se~9i#MohWD5ItPEf8x6v3%T%2<T
z$D*}AS7~_MU!smn#KXByr0;KTQ#x8wKK9HnGs=R-j$Rbk6upBHvNS;k;XEf;{ils;
zioP3DK^2vi{rM8NNiM`G_SX4S@86z-AQKTsDF7ECD$%cfFsm|@cf>)#XNvbSLlK|{
zI1#CB!gt7h%};)DhlhU!c<u!8*OhAUzziEVm6cicDuZrd5%DuFTn61x1ve$QyHP36
zV5W;wMW77)Jpa9mNgjl@)wjf(FcYEU%!3vZm!|!NHzbjQ19g!1(1wRAqW)!&HYwza
z{O)|-RW}w)(R~wZP)ag6?M}=)q*D4-Bl+#<N~;n>R8B7X39|6*Jz;}81~*Oa&?3DB
z37_vb6t~jolBj_R#$^}kp-c5tUa(sf0Kz0DT@|^!_)C8LnP2mTwc?Xc4t$O{XYCr)
z`J%><>(8MjJ`8s-UpBeH%OL`0?Ybsah&iV#Bh6i}N$FNEkEoBVQfIl*!*~H?rJG;c
zRODybYo`0I^|Vy`CMJ$tgl!ZQTUc0{G(RM^u=-WwKFZujxVu!NdpBZIyu=DRr>~hk
zaDVNuLwGemo}~URQI;pCR`gYv<2q$Wbk;2L{`+uRfQTqbcQARkQx4{g&sXV9!t#3!
zl>g7(kgiBZB+V)o=}UQHV4$Fdx;B$1MBM#_lhoK88~i^~sG7!9#w6MgeTHhbzYKBE
z<P7g4hVB*`XtUPkDw?#gC7ZR?J2`%OM5QxV#Aqm*M*0bYLmibCcFSF@*5B(u8ayEc
zZZ!s=NQyIS9#*sC2{486n(O&P#zr@p&Pcp0NY7GoQzN0ngj(NnEsM}e>#%3{A`)oj
zLe1L=30rL330KJOg?=+exw97S9*jC25M!XhRJ;DSkEEE8bkfDhO5($qm{_fFh?;!@
zA)Q-hMD80?=#^%T=r4^r@G`A-##GB|YzCO!4(TE@cp9x&y05pBPB7^9f&*EN<CrPv
z%^(K`Sa%f#0nE*{pI=%Zxrg>j1&Y5eNf)w3IiwwdY8eyjb)WgUvBN_aNnvW2VLr6&
zy;fe#<~~P#%~$7eQ^0m&f`IXXn;pvQlM7k4YqsHHv{B33mD@l12XR;CDQNZD_MVh~
z0y)|<nsl|Kw?8G>`W={LIS8)fvJYV`G&NFwUn+U7QPLmzEK?<4$_IDbWiFi0Ow4+t
zB@ekbBG<VlR&sAH;YrKlK#SQ8LaXz)*JB>XUm6id4{q0>NaG8?!lXEpq&TBK7IXUp
za<JjjKZ@G!CGZ%rdM0eHX55yeDEqz_#I4$b^tV6U(e9R3XWgmWtHV4wFW~<Q2!t_L
zM$uGGflQ+2LBa@Mgj3xu^yh4+a6xFWY2&ScqsJ9pa^$Q-2<nQ8I3*!g?z)DEd;9?)
zm7Q;eNlduXN(IphZt`$mQEVc>*4^4KaNuZS<Cw(y?Pc0Po*fe(AI*tdGbU;g^yn%o
zJuB{nu02_G`&(QTv<CW5Rk)*3`76wTj~rm_X2k_D-(^KbL$y8Y$1L94vX7zQ>2$7@
z|LO+?@V$^`KAd|n*-=(9@@Pqp^Nsd$N_zIMJRAL@imn7&ALIv~LD*#vmpi$DHhmR-
zZ*jBQ+MI=of1&|}lrRHKZ+)cMO3cuyW`;c0J!_hR$prFVw!)w8-bLHqIF3j!<#qI*
zL~|Rc>6q~6+x2`*4B*IPJ<L=xVf4jk&sD0s<j(tt?4Re}R?0AFW*<GhdJERy<pqW9
zvv1714_N?C8LR%aGuVKB9w3^b>*V6-Y{<eTfkplbvnO|KaWVAK#*(6|g(THS!i1_T
z9IH(9TL&|BYxL<^SHmAkTn_%FAsR;7g$}`7UFEOmL+syN%wD)>*pvGErX&R9gP5w6
zcAlU9mqUc4O)sZl=1%PH?p+zF$6vvbTj%D|KX#>#%wO+Xt=QP0zr&?=j-OYZ11rjh
zg{b-1Ut(yIR5z{;H`${k8j~D9L26A%!26W#pp<~O7dsShPDP;d{1fMZFQb4e%q7B5
z2xUS#K5$e~@}(pFqCYk{yOs8uZV;^hE*(5dXt&GAn0z<PrKGD%EiAH^oRbnao~m9*
zTvdHv$yJNl7{qlC;r3T_Qj0YBm}A3)<n=P87Z&jto0y2p{Rs+F3b-i&s!Oy>F1!~H
z|9G~h{U>f()bD{$z|*{_(jcs|GSHnDPA8K)uj6AyLqplWRYS1eV2~aMI^bNYzs+SN
z&E|?Ys}-TI1YbDU^YDK`OkIF6M^=_o&hob1qLjmdRhpN1*(K-k@kR@GxgC;Y^oIfU
zyL<cIkBS64FjA7pV3Krb;*^-U(_ngFwLJ^pXIJqBXZX-b#4_G`WGRmRF<&A~ZhIbM
zZ8I|QMf5wr75Kx|x)$47Iz3ec3Ga7~6vcMi;#6WYgkoFi3FrP#m?U;rz2Jla*PbWx
z#U=YmKuVr#K5i^EH@&$m5U+ZZN$H+Pn^$~YZvT>NNcx|=1Zlo6cg1)BMvZ@wZ+laK
zK$$XOoLbaJ1TJ+NTd@i3>f*7{?ZXc`D!FDJ%YWKCObR=%imT;&#N*}9NgM|jM0R=-
zi>r|nx%SA2JFpKB`aN-I*t&afxwM(DFt8n7^mBdJnw39?llbtr(yvZ$$<HlaP5Iib
zzm`|W?+cE!@{b5FQ<aMfd`sJMSV+?o_P<o36@i%9cgWP|KtBoa2WTUyb(5u6sf>wR
z8fP{KQ-?cU$H%+N^*Uy2$f^Kcy5HwpQ(>uNVXgxPy@g9g6R)cO)KR^mfy<VagB$aG
zY>uPORD_uJ5CQ4A3Janzx_=!1WgCT-52JY{1u*hejmV~6h2TAYL7MI2GHRMZEWxf+
zMRD1o`{JCDMT8Ztc$8r3Il=L7Q4)<ZS|bqEv6uX#tot|54QuA#Gkd0`ng-kc?z1^*
zo9k&_X}1kU628;mCUM`Bjmu3JWMI_Bv$|rZV&F@P|M^0Q{*V0j6?ncTwqmzC@>1@E
z{n6aNrnW;pA*OFQ_fo|`iL_357uE0t5C<U>KM)Zh6qBT>3bn&$13tkGhi8^l@=Ht6
zrMd>=*|=Z=C2U83v9&>{5hSdCTXo~~bkuk*6k>~#D#uM-3(N@n2SI&1qh+i&=w*q>
z?h<_-!+2Fi3-}aF<keb<Ao5;b>5;PZ<JmW$uQy~jR>4Wxmd_|A1}_N2#Pf)ElM$W=
zSZDLQr_GX)w(hRrI$vrF_dnaM<ZR`?!9UGdm0t@mmhaTr4!q_<GFWjO9u{69k1hKZ
zx~!j=QeI5Nmb)2(Egz7@-e)gG5c1I{d#s|`N5cA%?%pc0Z>1zJFDC9RKOJ&3dQ%MD
zm(T4M#`u!rPIz@9xT6ze)W}0kiYKpJ-VJl(`%0;xlXSDLZhsKIsPHCpgm?(wU4Omt
zDYQA^#=NC91TvM&&@#Ab9f<Ym$rH=Xv<Zf|N6zVIPd-ppVCf`s=+qOM%yPxVCG{p5
z@vrnONR53mM}Jv@Zu*i`ESi*I3?Wi3*L8jxB2Rw8<e~0f^}{b>{FcUbY5?gGf?U-9
z7zf(x{sYKkbnAE+j7!`2402YKA4}W#i$war31KhnP)1%VHQygxN$b8t0}Bx${A1wU
z!pqqy^_3<x3UhO~5pj5fPn{iceWlLcS47sN1@l)<aAb4_|J=ToMbP-sIFraK|J1Cy
zQdRjm%kn^wC~BRz$VPnvb(rmNXotg=I#S$cc?F%Xe}8aa6&h2I@jfIMq()T4upy$^
znb?K!;AvD;RVw7Yz=W72&MD#*)E1Md5jD8J^gAp%$gN)V@p~_}lH$1;EI1Bg4tSeY
z-s0wWEyc-#&kr2(rTy@=`k8R79C!?dCn2-q)981NF=tiM!s(ZI^G%TvFQH9;FCT0~
z)8qf?C;bO2zij2(O+FqvW{}m5u9KdQCdr_XZ?4U1s8-UH5MG?7czbEEvAn#5Ol)xZ
z5*D>6O~I$AFdOZXuMz{C@AD=}3-n@lQ`I~2Mc&AKl>wk{)!`ZL%FhoppE#W_FA|0b
zn=%iHRCW1fw|NTgZIbQr?nx^tQ0158e8aNJaafO_I1X#hnk|}Jli2odva%Q<__%dx
zqb|V=7ksUs)>aAq=SkY*tsQ;fK%Y?Ol0@$a(f(38Tmk-3kS|#gt)>v?CFT!ZHpt|H
zxh#nGU#>bFJ$Q|2DVcF%cLovlW6otdH%}66o~e~YE=;0*7{h+qHYHV9LnBnX0^V*n
zs6Jx6x`T7grn4`u@Jl(*QWxuY*hkn8f;vYuLxfBw=o7B6AkNK&KNphxUr94)B{90+
zu}!H(sQA6;yr-0e+2g7HaIJ!^nab#PNsTfM@kGwq>4|zIX{|1o@0mD`GP^qYa}Bf*
zfpaxInS?7>$#G3fH#5YBkCg&}7%+ByT*C0wKuk<o_xsfCoJq~L@zc^N{qI}9RMf4f
zY6jX2`3UkI<aBXsmpEOZQ;Oqor-RLn=F^D4bmo?fcIr<@PRX)qHz1JAh&{UE3GeMI
z>b!d1BvZ#7{C6pM-SMFug_QW_eA_9NYu4bkN2{y)DXIB5U|ua3+_4Q4w$K@punSgo
zjOIe`g`ATu1qNXfF{%{3DWiuBF8nN&c>~(J0DrScwOk503ubJ*@C}{GW&=fy`sEy(
z&gRWkif)sMicOHmjYJop-Ag^z%JG_TczTrZ5dZNq?Dntrl!|lHc#R8^zqTIvcri&l
zwElQaZ_6RjD~GDSeyYdPAYx_6Qe4FU)2o?gPbmi3x9F4;M63((hac@L@4hBoxSK#M
zk<n=GrQJEA8zMM4_?V3Oj8yS>v4kqnYhPqj$|D$?+-2`}3p!ueKY?EZ?;l=*ysr?o
zrXGcZa|BzzLGZh$PaLt<9X_~a)G?F7!)xI(@X>sbBW;&Kx+CNSNj#O8WbZShWnE*^
z@t6MS7qTZ2Xklh@8WJuW;_JGDPPNQ0Olh(o=nyRw^mEz;H99$p?yLXFY|!_m$_!_C
zV?T4$@*++J7MgDIU3Jc9dDb^8zqbMxEuE5re-583gPCU`1eF#jL7(UnBfXE)YOz=9
z>eK<dgbyW^UIlVrNNHW>Ks5yJ$df-|wvsB~C&q0jGM}cehuN9rOPyYa%9a`2^7<1P
z{|{YX0aaz!b^D6a-3`($-KBJQhlr$fNry;xgS52L-JJr`(%ncNy5a8ge*bsx7<b$|
zh7RR$<UBsl-fPb_=Ui(+Q<>0cxxj(VuGA@fOhA)pmehZ|+`q20p2Y+LJ)qAAKxz)U
zX5c~TRM3GYY$*c<K?pwDF-jj{V4$!IkXP2rgTV;v6B7mJMyn>T<r^70b-P&<M?^47
zXK(DY<^mgCE<U^6x3&2{jii>lr0YJMEuPHP-jW_JHIWLs*?}Ry`i_6^?cdJVekW0M
zXsl~IUE~Jk0=tk<DSKB3DuRI<d$ezi3ZMUt&5*{R%H{RmcB<VtBaP_I-F8V&trxi)
zYK~jIDHxIytVd|Iul^INI9dK<7KJeez3<-%5z>PWED^E+mtnWI5sRNpr-|dHY*26R
zcUaYkECV&wWURlBTex5G{V5p`fy9A3UllDCz2A4xZ>G8FYgJ~?rv97}2{}E>$CydY
zSJ-roN+jhVg>wZvrk7JasIt8SU6xZ}JW3h?s-VcHw7;ww<dQ(}5+c)Jumb4=CK(xW
z%s@b7qyczPPzKL3{3|_#Eqw&!F@SNjP%`R$xE(fTPp5E)tpSf?B5$|KVV!8shD%^U
z5O|Z2!02_f+|B@tWw2F1_@Xr<)AY-<mq3U?%L@`yjeuqUX(q#PKyd8_da3U3E-|4m
zwO?GiPzi9%S5Uft*$JlIGQGPlOh#k*dmoh&{s!KYg}GMhrGP;C`1~|Vx;Q#-3H*^|
zFkt^eTFABZ;8TVX;_QPudA>M)gLz8zBK$q`m(vUbvwIV#+vid5@cBmlpU&-)1_+xF
z**^}Dxn0YHy({^a0Y=*~DU$AI{5!u*`{!eO2>H{IUst(3?=6|vdBE(c=%f8}q~BeN
zU++d4GQ?v^_1^@O{osGv?qIx+{%uZVjD)m~gw)patLrbC8OLk7l7Hq?$LLsSb_of8
z^O?KybR~Rj{HYyZkd!%=jXX!b#ibv&Y}y5Qrx-?yD|R5rs;7WG@+kr{Ze8|;eTXPw
z3<er<1e9WO1pScQCDxn7Za^tx4|pNxSheTKwd-S5C-`MobI%dDJ8Bqyf8C8qp7QnV
zte8SfXR6|zq$KWp4>Lkg$1GTZL1q+OIsHRg!Bnm@=GGFlAHD!62AYQRl)><iu+Bb*
zooacjy26`_g0z8-IwHkU#bMlBBABjgD}?!0sZ66FSb^~D45xN}e7q>6ul(!u``vWq
zIjf4Gu=1c$MwZP~JT^4vPEmW-fG!1!4sOVRcP&5#N)*iDlp+Fmgx!?bm???=%A?*<
zt=$|TaFIzR^sye1m0-MoutRvNxP6XJK)*6MPvyQ@?6@cP#`D6tFK-R$cx>tD${`j!
zJtZgK$bQ-;KYi+R0~_Ss*WS|qMmh-k1h<-$ne9Jt$+TEedQn@w3NCIgLMexl-dr=>
zLN&hMS5pRG-}7&$(#8LQBhno){Q?Y8uY$qdCLFjJVk1S}#Owyji@o^?(w`X~A#H?{
zIY)#D{EC;Gt`r;`WI#sg1dAM0#LtRQFar|>Sm02J%VNwI);*{asBR$be+3`%aX7hc
z{K7gve!_0IG0?%tjTcBDFuuQ~0W8fE|JMS@v2V4nvV4@?uKZ1Gzoq1ItUYVk+~a4H
zw{*9xer!f;SaVu4qVW6aByLc@Krq{EOGE@aC9|W*d#2C8b#V#s5E7Lpz{&7Y1&9Tt
znKGqQ_m@Hludr2{EORNuZfJHev@~WZgai=ncmp`Ijk=|!MSG6C;(V>Ib%G%EtTUVA
zQJFWCPXr<nw*-E-!$uDK>(X<l(}Fif&r{EbUMn4sG0&ljMOy!paO3}5um<D5CaOkk
zDfHueteSF{DdGcclj!)5X&L!Z-}Q5(bGh+_QljQ^$2(L601{w~U4ENVkPv4gMZCiY
zkv`%S$+)f=9~r;A>&a)J>hr<Mt~tUO;JhAvh+ICqf_4b76ckL34>!9a6hgqucyW0J
z)Z;IXEk1<Z=eree-Q7VGnoSlG(I@^_Ss|V5YfI6Ni0jGy<~Z9apyV_Lk226mLEVQ6
ztXiL4hlcDO>`|?G$oH?^0Z2bdE)yzr^)%if?(GZAl|3;n>+5NVFznKq@x0~`!mRD%
z+xh(Ragjsc!>Kv>?~qGkR}%{eO!^3%C=q)%wTPBSA6kEBbPT(7`1_?iGPQ?_2A``+
zL;Tv$z}V@h)#t!xp6gXe$20l!3yU6f%zuZN=>G3pX5^%y*5B23w$6!GhzzGlj<c=#
zYm7l`fu6(GsRnsseu2kSS1{Ec>aI6u=F~+fD%kqoQ8aMPdr%!<lCegJ@7@m!$W&*+
z&SuhpVO?IJv3VWN?+SL+yc}~z^~rKuE@}{6;djY4Zxz$QabIe5gy%>l0Y1Y^L}N*_
zsEX3sfz5XxKMDZSxcznqsZ@)JKD-;~#gCB~$0t*rb`3r24k!$SN0p1G5Mvy0wt}+3
zOEqT%ZS9%wQaLC${9JmW7-WPE%i%*Dup1xMj3+;Z2qo_pomBmS`|HJA;Onp`l?ew(
z;_<7iT(*i=>&A#Oa=*lYJr@+e!~v^LMkytjMVtG&0*6L2=|_2SKy@=2uGus_Ynhm&
zF1J;&)x`2VYC{0rL3K_^8@4VXtiz;Mr4q5u>_4uRb|DuP)_YFJf47wu)ejb=9x`z7
z6W{4_UyX@<_tQ6Likptd(7J?us^KLAeyx+wpkWJ$@I+-~_t6=kml5{(M}~f;fYrwf
z+lQ%+2de1hl_=JYnDxAp#Z&a>hijeMPh@!ZhF|<{b~^?_QtCmv1PW3A_p@VT&*vHk
z+|o`8YVU(7YXmqX9VdPQ75eMDspsxpi-O&}BImsi&gtfNXeiJ%zkW+SD^E#N!w%`t
zeWDdDA~<3xYwzIiM~pUux+Iiih|pR{VFtch5Qf5>=qst?yaLQbm4g5Y(9<O>r0FEy
z4SC|il1b%Z?q|LKFT-=lL+t7KM+6+WomKw$-9qrhics4Mpd20d#tDB+`#{-#@N~D%
zKC5WVbRIcvZc^<+B_p8KQ*yaL)dHoA#@C4JoN9x6P+@=ey?zwXY=Isq9$2|})D0bn
zv6G(uVVw9iWOMNum_BQH8eTn+5P@BQ-Y2WCqNy4M(j8ElLCHi#UT<7&@Hju9a4NTc
z0rzR~mS6Hm2^sU>!)o0%*M%-;629aY1Jxf0c@31{b%I|EvjMjH>ua!&!RX;N*QU<K
z<ux5NF3Fy4mu^e00JHpb(N|f-5^L+2k_a%*hfXo{K7KdJHSH%@&=IaeeEr;qRa};L
zfOCAci?DrCmUvMyarihZmQx&YvHVi9R80UKH`D)_Bsyt<>^Ymau1$%{%0OJ@N+6E+
z#rE$o46-7OD|exrt>3dZrwg{VwXV5sH3K07o2THgrwS0gvEzJN&weJm_g&c0=dq7M
ziD-BOd2Dk!`S=jS`y}`u2I2Gnw5UeFRtCtH4K^sl9I0)J-ufF4aco*f6!4Dm{oNfa
zxN+f`mOw@OH}+YvvAG*^qrz7hNl1R8*-yG`@9^k{1;cd#-411TC-UfJM;(|wr+wTn
zr!^6fkR(0zcqA$s!(!y$0Ur_`vyOk39k)bQfHV%|a#nO>T3cIoGQorb!dzUE_>I?|
zAM8{1lO$eMT~%Q_3V}m=7bmp4<`$zHp)8Z{vwxw<O<ouMAf10eaTD&KEFnFU`j=`o
z8Koh}#Oy434E@(#9r~opMn6`P>*HY1s0y7Z3J;_}W{S(PpR23S)-m~~Hn9Ke1(2l2
z;g(SzdojQP<~z6T17hFoJMcDBjzw8Nt7FxSR~!?bd-{LuM>M7r{?>O#{idb&oXmMX
z=V12x>kbq}RL0uk1u1Vb$wifgPtu=?NNGr2HC*^r=2=u17}z0hk|{6ER(8>Zv=)q|
z9a~6)Y_Zr^PHHwhWpf4S&to4q2xK8-A}(;C#`f#f`j<{;u*g4b50!;RDuCoQrOIhr
ziyVw|cp*dvIzQk7(KHe;=;Th$zXlWVL2o}T@9Skvpqv^syV(A^^SbthiJ=EgH_89~
z*5h=H2<Fn<c;s}+s<`537I#;7s2|0&U^l1k(_Z46BO;<8+W?;nAQM-~O<JIH$*!cA
zI;9nL?z*G6D7}^ZvEeEh=}I=;_GYVrUuAsftzic-oM4FS%gyUqDlzvAv2XSBRnMEs
zAwl)?kCVq$Lu)bR?J@sG8vrU%b=$WdXCWumetq*0aXx%Ugy%8qXH<%Vo&P%yd6<^u
zzqo)f{ynyDV}RhFvI3N#l4ulOyJa)J6Sqqtuk<Uhy~F+&hhNh9zYVDWY#Ik?tW19J
zeL4vpHb=d&pVtA}E)^5i>h<*(3^X7{K!d<CIoV}cDg>ev7+4B54aqstO8AG+L*`np
zu}h5_URJc#6Zt*eBII`VP$AuHM96;=besQ<u>)k^n952^kO@@S>~uLt8U<D^TZu{N
zbR*jzek4(&txc?BW>?u*X!xBT#}`{b4>^3@zFYM^|8p;0H4%J6585)?0E!Rk$*Rfn
z^TNJBKDAjFx0uwHhG`+9@#qo62QI6Z3aQ;@mX7dO^kpcFgzA^!ZMd;hh`SJmr13Xf
z_xxQXA>gtG2GxYjkiNm5E`-V^Sd}-3>H6JUYdLxRI+?8}?0K2eB`Z;9Z{UXnNa<~A
zHdSeYye43O6k8FvcD(Wz7ZYOyfiX813utIphy1~P5wl&UT<eha8lB1yuunISB6h&8
zbaSK8x!IK^JWvV6dWg&ag!G`r?S7xOtorbT1a(stDfs}SO#svb%~ZkMW6yiMaa9%q
z%}J$k9B&|mP&f$uQYtflKx+F(V-|QuL1o5SlUQR>4K`p?_a@X;;)%J7xPVokY~5=c
zgtC|*vbN{36016Fpn{*&D1@p`%9PfuhuC0$OyVIpYCZAL6jtK0Hnf~>nJ6Xg3@Rq0
zORIhJ!^I9nKKkRzJXNa4<<ieN-);8}Fe!wjC=?bCKM=UW=nE2<;C4U1xz~Q!X7wZN
zhF`Vq|6BR;<^=hv#D3ln^=^#M!%y`8ig^AMHDOYb@lvMTL22de@4W^8cA=oy7rwfd
znCb0o4Gu`f5#OaeACbP&sP9XNaTcFx$jd259NLF#Bvr21{AbrSH~$A#;yf4iONoi2
zw{;6)M0MC8Mr)L0(w{heFP7F5c^l-GTI~k$NLofqbd%L3ncN(uIM8qvRGDP|HXkSY
zV!H>NtNv_4{EWoMlK5-B?r<9>Qy9dV;op9lN(9kSY&gP@iG~m4!8^KNyvB<m>jm{f
zlxqPqCSA4-loULq%cP_qNW_C6?QH{9AG(nCY6ZaJ1?CbkIaWLX0H*QT#So}x6gb#H
z5hjDpay7otSl1?IHfFcbK`=e!*XR&%;7OZHy?K?Dz=8D$W;N*R#U<#1{$BzU7uV1X
zl~611>GqMv{#k1OfG>N0O6b0I{Z3B#IyGxPcxuP%2*1t?(1Ur>V<zW?%OYUJ2ybZa
zmzVHLAHkP%&7WDLN%%vy@?8L5p<VtEJdzG=goN(6^^4!2{ox??68=Ydc^~xhJ*Mnz
z=Bx2TqBEoo)OZX^|7n{DKRO}r79@7t%#3QOa@@3&0F=fK-Ur7scL*PueMcL%*L7xK
zU)MWZW7TC&`alzTFUMz9B&+7Ewwy1Y=RtJ^K?8C+?@9jx_aZ2R_zEn4OHJ5tU_tkU
zjBQ-bu72$~{z5PFb#W878|aHrn|ThXD+0DuS^-R8vFzK|JVC?k2EhHDZkhOusP_$u
z$lT{wAZ6+qB@OB1`28cWa-K11CR&z7+%<uFt%Eoa-?>Pkd4h2~d$UTV;;I8f>+h0^
zzK(aQRbcSOhuU+M3(y>N5hXz!O!<6#11cu=@0Vq4YsCvpR2FxoDuRM0M#bfw>5t-j
zoxm3>{W+D({=VVjQ49QAmjI^bVYHLuMMU_u!7Z2%&{@!G#YelLt;g|^e}1)_hZbXP
z_@9Iw`@ac0jIvW3b#P4@J=bOXTKA%Cz~}ic&NoKEsKadI2dI@g%owdS3?5klJ?sAr
zH~P#AGH(Whzm7S!AChJz?C|6<ETs5!aiC<N!ILPjyK+{}ABrb8WhjC3h5(gz&X%Xq
z@C{&_qLTb4MtdY$avJzP<Y%x6y1S(7=wt}h(h}cAaVgXiKPI}wDe?0Yl%jpJL2=;<
z(P|^EYkT8DK=_SB2t|tyyeTpf8ICx{ybReaGvK9%zb`pr;JlPa(aX<1Z~k01sVorA
zjeT%zc}$H&@9vG$nTWVwC;avEC`7g>sPFqrv&kNF_HL!rwR{$b#e&}-fW{+ca2Jd9
zd+Nn!3pxPl*Q<2_19raK(UmJ{4a8$O#ST1VJm!G___%lsr9lwN{!I;l_o}V{bwU*p
zm?>d2oev0tDyLY*8Uf}XK~;PqnuQ$(hy~yc;WVq#O|g~n8{BphtC*7a!ME=(?pgn`
zxP4~E?99A*Bq~cd@$w`lD)~-MXm`YYr{LBU{!Tt%aqYDO3SU3sjG345qD3*r`vyCB
zG4a{WGxUx%@cT744RY>laPqT2t*h;~cSz8}2e4ujleNUAmx8&i>y1}hdE=5&V;UPZ
zKv!jDF!`1h#Q4#S_Ry0jPh1w3BLvjtFStzgYX=p+y$cO1P@P>vV@9lq*Z6qJOsByY
zzy0wT|KW0ym7YPnyDRj221&ima!j3lTMYOdjTtU+X=lqlx7)k8iNU_c^cAi{lJbCE
ztdQ1LN^ll3>(_%eQ*FpCBXBX&y<oZ&yW6Om&2lsPNm~PX$8zK5FvbcfWvy?!#)Kwf
zLb+dj?xQzLD)O<Wl#$kfB^P?Vz^N<>jS!tofxu23>2=)=aDLpk*x>zL1mlDtF-O5c
zxU6W2X&JG`cceFCXXh%!^nVn;Adr0@_?_E48^pwKzGpi*LL9@$&`bXb>>tq9k!_BD
zt4;tii-OIOe$=RL)mOlb{Ra<EAT1zy$ANt$RHTGD^jwd$QP=de?0M@yhlYWUT9}XY
z=;m<8`yN16o<1sfhz2Z<+!QQ7;dQeDbqgx3A^sN_tA~)-%l;ie`k7xl!}nXV@jvb`
zU9bTRI((6>wK_sT<e;E7r4hM-n5fi}CWY&@KHceuMk&J&I{{D`hk2?~Yso@HoaW<9
zVs5@g3ErB_JpWId62PjIEG+O5c;z0!2ebB@U;;Nmwavjy8zhucDZ4ooI3d;`>zoc8
zLU#;!i3tO7dD+H*6u#NIfgQJdA&@3sG5VE8e&rotW&))PI!$+tKO@o8|Lo44T@}-?
z5dh%r2#%NN&Ty}$^1C4n8ks;yY-|#r#~qVSrckp23S$dk(=qzx-=(9HO2GkFlCU|P
zrtqk0h5np*$O<iL<KNcj9oX0Eq8-!0N(nA6!$Cx<Uc`iK3J{0NR`j+d>e07I^Saxx
z?_rRpMuG&on8|v4aT*u$;%EZnln;|9!Z8%1-SrY3>a87!_6h&-%f0md<(r{l96&K4
z!PMJ}et{yjla7w)F_C*Fu$;@E9t4HR#vn9#k}u|UVX-L#sd^GVu<yh8GSeY}0x_Ve
z0_&d0Il->0j5B-7^3CZ0u}<|C>F?AUoSdA4({p9st}5mgy%tisXusoxrZN^=omvM}
zs7dyf|MduV8$dd(R|{4+TlnG_`IGa6gaMBQ03EIOpo>bWsR_8BJWQ4jKXqS?nNqZx
z4U_#`s-f?s3dd*_bN`PS4VWMRWq)(jZwSI5iI6*yed{UDl3l;H)ZI`FFVv4dJq^sC
zomC`a;=Eu^;U+M!ZR0|1l8w&1-E@ItK6j*+4gUyIbq<C*R8d+HFJh9kzUo-@jO1N$
zCtme=W@1MBS)n_zJ%Ulrv#CVLor^*C3u}iTjojBA2T&hXRf8+Uj5PnUNCu4%;r7QX
zy1#Ik6&NefQnn5cbWrgiu5E!23^kOzMG!&?A-7`=@26Y0o2$ia4E&T0uup*n%0P*Z
zr~Ui|Xyf<wqV^Co$RR!W*V<pXQnxn;>!V$7O{!&fXC#yn6IZPQM*ArWx}qy4BX1aH
zBU#m>LVpzIG&t^Yv0MIW9Jknpn1y4G=<zC`k<pMU84PjVmQyIAk%?}n<xH}VPm;8c
zapcGzNM$Ga>~MpGb%3Osa6Sl{twPCBZTlr3IKQOC|A#DK6+f*Ye~!vTuOZA&zn1Sa
z&zSAQh{{1O;zTCP!0%3y8fj!N@+BQx)qoZ?Rv1Ycl)Qb<;eT+vhx!kJo7(5RiWHFY
zCE9Hfx92HTj2vV_W8wu?;yOAgZw#BEuKuZ_b_wv6mDN5Nlm`p-Fj97J#>U2m0~r9I
z6?pV4=z#&T`o-vSEswux=mQ55iSF(oYlpQpT|R;r=I}A!Zcv~LPrv@SryM=T-{}k>
z^(|a20E4N780X#CD<+$aD;@VV4%mQ3V6#*UPeD;KzD$>dQF7!AYC2y>VkeEFvW(<3
z_Jk>63qHKo?LhV<h7ZUT&+FgTFW+<R+*)(Y8~?h52Y<n1Cnn#(Yh}PT$46j8vVRZ1
zm~)sk^rC-y;rk@J<zzE$De9{*65ObJ^aO_@2b*|R;7%Y4!UEniz!~PKUcd7Ga_=#2
z{xY{ap_4B-IkMfE4yB4+7L0vvfONr=Z&vs{60#I)RbY&YNqf=l{MP+CK7I-1UZ52c
z&^T1qP#<8Tn~gDZa3Q{<H8M)Z80c}eEiYy5IV}@DhHz7rAu}Y;6ql_obZ8<(Wp?zw
z<t~JEm`hNQ9F*LMX_<@YBufH!Coto$V|Twi*&bOveuwi40Vd@BnhLUCQc?+a8<4!a
z7DKRN)8b*l0~${8d#9tr<=X0p0T%xCi8PoM?O-?XLj<2w6QKh{*tv!iK2V|&eNjtd
z6bx<W8XKPx29PMU218DcaqZL{3VLM`ylToM{Rfhm;xUeo_v4B;Dw&~s6IkeFltw$d
z0*ct(j@1&i>3zi9|5iuMwO#XF9SWmKett>tzIRO9ely9#KDSLjA|}QsTC-#&AS`)k
zSgRy69>X^}lK7i%5GX12AmjCY#0D36WJ`+CHtm5%E)p<n<cIvG=sY!k!t07eTs;p7
zT5<r$b<pk(*)q*j3Lzx0^p)b&SYjk}KT7yZs~R%^-lNLvdID@mXbtvM(iYrblHZmn
z4;HD8DwUqY(fGAWEBu->pF##lH?Kb;BP|w)ybp=%Yao>3Iv@aI>tCs8JAB{KBsm%4
zBcaLke2>m3kiT2efz5e6R7!v1N?GFpsVdI0uqUAwb0-la_=h04FYi|%lmvdI2lF33
zJQeSM_;9vMS-bC;npCK0T$dBTN53z^0-Tf4nJps0eWPEU5WgG1Sf>1gFQ|b4J`H?C
z$0G&e`a&~pXzo7&D__7#13I=7K@l?;t?56!4XURC9KwgJpjv1kD8-#2!vy(d7_j<x
zeqeLYrbE>t1*Sr1896}QnAwS_CF*Y_T#%Ak76YeC8rIixYCycSOaZt;*|<lLd}F7K
zt@UguUFGvd*9am#V{)K_sSAhA8#JX9Vxa@Lfpd2pybw?TL-~dsxyw2EwGbmAtsr{R
zXp|F>jsw}%myAQY`YG}TqZ1rGsizmS;+hLc)$l5-$Aa*LU!wNqw8|67SWh<Q<nVc?
zS-#bbLADxJNi_fkwNVRU%_8_X!f2}*8+}Is+0(hMg2i4LKlbBxkSY$G-^~kN@HesW
zB)ai`sB{L1f85S=T)B$=Joz5{xbHQNjqxT@hS~Ro6c46?R-TzJSZ#%|Wi)>{igLim
z;BJze9v>v{cyU{CzaWSBz9*hick1NJ!tGA;MTM5|fHkJ6DOdYr!CUNR$KH)bRbA_E
zLL?|!gGRLdeF1};4J@#V91rJ;K<j9x4AEzn;^IU;k24q$7L`bzNkHv0%s_iBMtOOu
ze{L(|+JI9o=qV*-pulLOHB}jNUP`PK^3v(n(`Ml&rvl~T?acm{e~%WOe$*_Ji9bK$
z10f?`7?Pm4b{$&MaDAKy1_j^&_xH<)c|bnB=GMgOzV(m<CPUYBRB#pzq;a44JGK-s
zpI|N=SL*^g?VaS$kNrsNeG#kuKNIjBb}l4AD~>ykzyLt{fwL-G=-OQ(G&dBqP;S>j
z;EV@#1ZaIrP4ZCvdmv_W?W3fnOFYK=s*g<3**92pN`?|XCQJq>F%7dvy^9B~xs|nW
zt48gJ;C6hCw}PTYrJy5MVCmp^qkMVji;7@8$`t6=;%K2mL4s9{Wo$eV8YU}dZk|<P
zdI6Y_&MFircmR79GTk?f;eHGr(-4#WMppnrZ!a|k3-_Wnhv!=aWTB84Q4vrUE0T+W
zc47Z&eH%et#w>68uG2S}fst)jO|b$SP-Q0^ik1`dxE}xzOQ{)AalcPDq=lPjL0e*|
zlbb@CFYx_PKlB2`|4POE&HmYW3`6lvxoARw#e{b(?7e^60s(VL%$<XB91FBlhE`$L
z{?7=Dz`x?rL&1@>#I;-@7o{J;mRf2jM&vx|XYCN~yiW1!Nh)bDX46&Wh{Sk$e6~1g
zU0tNFfxDCDr)FlhL5?ke6TAI^{35v;7DirI>^1Rg=GbxLl;%K}>lLq)<Q6m8dQaj@
z)yz2Wc5<oYBR<eFCH7im%;Rg}-^>XavYp>;*YJu6=#dJT%4YO$%KvZ#576=7oI8TL
zm+sP)#1_N`IRp!i)~5x*t!>+#`bDyhXhAaLlNDuSV}DY?m95i(=l&_>leIeSYm6il
zq3gqvL(hYk^|p(ntIzG&k|Q6gtW(>w{jONdYl5PP?bp}FZkbIvE-oy^8f$AAXB$|{
zEPbBq?fv}W$-RRexCURMKcp6A`KGEE^c~7`Sb~wWulckiSE#Q(gu7W&i`ZZ8a?s(K
z9R_knYim`)s(b%gGg*pzJGA0*kRHQvBF}NGP+7ASK@%%>qO?^nY;H8f=o*a6;zbo9
zSUR3ND+kjohNPx3V&>M^y&#Yk+Fhy1WF&kfx0Zy<{DedP$HE@Xd|*P5&LqAzJ!mDg
zo-~uC-il<nfyIoRTK8nrk48Ng`CPr>`K!DhQQ;*HE+{w35}M*Wyq;W{lvFv(aMYiO
z&CY#bJd4p(G0;);_(VF58}(<lcKpw{lD;#(;ZfVgXLPndqLFr%iD46n=CnoZqrX4$
zq*bPlG#>I$rzCveG8W@ia+A)c#Y=F^t^O@9=n87dlxWM&R$9o<C*@mYXt8uyc%IHu
zW(i10fZb5UVj!9~Y~W+l`x^BGPB1)_Nkik0<Ao(V0O2ttW1`oLW@g+%&r2oXTcYmA
zP1*#+nd5S#Mu1zDBa@4;(z={}EO_0NVd4GbttQqtg>&d*&J@1?m9P0H@v2f+Pg8~_
zVX5}^eR<2VmR-wH4oQTVJ4Helo3-g?e>%TYV{BCw;@KIGx~A@!7;TLh0&DmV@9NTU
zFe<MxyS_G}@!+-uFPEISA=5xivby2KueT?!U58nBIrVfo?&g=c&1e%w5!VOE9+AQ2
zKU_8F-|ilqnD%*j)?tk1D>DRUd!9-5OVKr+1`E!&-HT8Dbx}g-xSa_J-29X~$R+3L
zZ@f(HLCmvDy-#U>v?Bew@MC<u3z6A=5f_C4U#n+_5>7Wfnq@&z3i7&N`x9En^P@07
zSZ?oHq<l{mU0ZKxQx(#{oaJEA2V-KNwt#%ip!?&+(Ja3s6R^OSTSN`2o<KSQIxwD%
zhBLe7P4t#Ei2OS7^Fx36*uxZ9*+&%!NmAOZbtNMs)LA{LcFdHEQ5M+zEh~Ga;YC>0
zM_5BgKOs4{x;KEU_05%rO;+}9$K=rZ!WcsPGd+G@pNV~4f$c<oGB;)op}>+;;x>O?
zxliYntd=u6cUCAyw-^F41+!RSXbEi~1|F1OTpP;md2KD$D2v_weBXr8z}npt^AIFz
z)1HD#Z1-_=;}_z3&%ls2;=1uNPMk#Ak#gH_RNkeoxSk;ItG~QyAD&Lx!2ei5U}UZH
zmuw(}jK{V)2+YGyCT|y&Ffk!U)}?ruGw}oLve*+O#5QuDwsAdJ@JEIHPWye<RuH~x
zb!FvSUtb0fkMvte04x13*6n2d<J}4AEV@jk3asu=nh9O!=XlVcT9m!=&e4%3M)Zld
zyzMGxPtnzYB8c6~0KwRQjbtw~f^rbaEDy8Y23ds<Yo~+sh4(~3y4i7PcPL92P$VmG
zylzV8$NX0?+J6j%atAY&j`Lw}2Y4El3mHX-bcbp(oy-d3oA~9$wAEq3_81dc<R+Tg
z|Ek-gx)`&jDT+Y}v`mds<0IKw{VXE#<C=YEygEkTqONrNopnYGk$0=!#(E8&s5E@7
zBZ}_FMk=I{JNoBg^Dq>1FNBzdI!Bk(kKU7qyKQ=5K2ajH8FVM)ZgrE!v46RSTnNpY
z7342QKItwBJ2Mqsk4iF-MyZrWSXQ4==YPbEufpDymNC;6@p1AF@4s`+UGFUR5PwO<
zHPfJOI4?22OM@G;R;l;N%Ce}cJnC*iYu{S$N5!X{=IXe#V%n|mG2gekc3n5>7eV{d
zZ;G^$ce)n|Qwq_FYyv_<D$i^_%P(ErE}+rISzPe4Zo!pN?tq@5v~bNG_U<R4q7#jY
z{70s;c-`L|iY2C#@`Odm$jHp5lWC2ztRi!Xzmo{w>-;jUp_ppA#OFvo^i0J)$zdE+
zM_PBM4kfw3JoA8f7`T(TW@s_Z+<NRpNkwwjB;rl8@o>~1e}#O+K$J<unPy9W^i~Qg
zrv3&hWrUyaEK@O}D=@mj5Hp15$FXNHdE@27{o`12AViE-o9IT===s-rPtcM>59z~Y
zMMYI*Y))a}CkAmoFC~z>lkwQK5~h!|%OUViH%!dW1k78CiAZXl%Z3H1Zm8NW$*CO(
zmlak&GwQ1TXwyoPIQDPu+vfOW_V;r%b#c6eV!vv9)lyUQM_)Cs4uz{U=Cb_S&6LOr
z9W7brqg^Ko@7>H8742CC6LF@z<}ic7y(8s^Oa<DJb#YkG!!R{1jTUrz21AZXc$XaD
zYdrI`<Q}=iZkl%AQzXcqKVHK(?WCn!emZ`8W+iqLcEqZtIwhxQNDP;kiY|H=5B6Jb
zVS7NF<I5hC8lkg2qsG5G_m1~whg~?CQmKWh2%?w4e1H4|C`hI}y^G>|H`x<47~R^^
z<gBLfWNEROnVDmMD~;t(FL_3+o=XTxaio5rNYJhGrNp!_Hm2YePSA4hpbI<XkdwR5
zP$*~XF;`{0OA+g9qz%$niZAp1Y1t8K`&MZnpL4X9smp)mb;!Lq2`PdqFOA7nkwXx!
zKorMjG~aQhSeL`MY|pPKx|<r&*651L{Mfa`lyhGh;8+}2N|Gw!)V}3!F|4X17*hlW
zVc=1S^=e{+paUY!TL-fV<5<U6>I6HP23|+x9#0j|)Fj%7bd!hoH;Wk<WRr>sDGjO0
zBKKJz6le(4Jx(53e+@7G{(VS7TN9u-YiB%Fr+;%<VZS@u(VnT8UJqFd82iqsr`)5C
zxPDO45v4+3o7*uTO=^F(M>WRD%{^SGs1HPDzbdogmlEB^$1Nwa@4b!bkW*2V?fm?$
z%bWPGvt}RnwaS}z%*`#L<i#5Et>#BAQAD5I16x~1nm+qJ9xOVW!R5)~wh2-MR=#yW
z`}Qci<IUizEgLzvQA?cbJy)rA*xZd29os$TlVk8xSpRj9wiZFPW%Xsz%4^YUSnd}#
z@t=4l971q|%N$oqA!^`mCdT7L2YS?W%O|{N+Mdld+E;u~it62E@fC<vRZxqsSb%w$
zYpYdsljtJTxM^qlrER;wcleGa!u=OkA6<#}D(-JHJ~txnuD@aQ7r*=5OD5%~6cYK3
z!VxWCq-Bg}s5k=g3G4bQ@6>N{7gobmu1+MW<7jg%&7Q;^xuyAX>S$yb<u^FWsGY@3
zPwo4h)|-UH+42~fsI_Rzu#)m#y?m#^T}SCWMF%TWf|T<imOlYkHyR5950)79277nc
zKfV?49kXDR9VJQZn-$O+_M3*5t98cBs<E0Q|M27mjck^ouVbp&SMN`4NmKY{l>?tF
zD&0aSH}s;(S$2QrU`3NK(md<%OTua<;?1h*YAGvfVx!iTaq-qp%}n<Fx!G!tSd5UA
zSBHNT1}&MC6hG|_kvBY$qYFWB!rTF4#lp-)*!ImQRaMix(85_vM-%6`#Z8cycO|~%
zsqt!o#lUUZw$b1?NsO;-!?mgDcIV!GFULY9>5nX!tIg&1em6T!E>^Z=&c+pu?6<{p
zdj<WQ;?8X+?3g}&@5V3wPwNJFKc_!#cKVzA1|_4y|Mdcl66xyvQZbtS?f-Is&tZ+g
z%xrqD)U`~yy4bX%2Z^U7>ZJWKwI>9LYa+F5a&l^U47_h||8Qh*_lsyJ2oT?PS(rF9
z@Pi;P(S`ax&n~B#?2fjXPJXJl^NF;0dT`RR>i5_m#BbWo8t}N?ZfH7gUTi#W*7pF{
zE^8s02iivZuRiRQ<ARyb05pS>GhVi&H&>O+=fdN-<C)>Yld9u>dHG?#S>O2q(t~;2
z^2`8U|McL5<fhX_u6euecWdDHc*IqAwVsq@@HsNuv(BlF&KE91j1M>FJ9RGo;5RAC
z;P}v7+RYz7ZzeBHnFU$=)AU_$Jtvl|xtX?7Dq6hna%*R2;+zloU$RGL@dYH$H9wJJ
z8j#@0OE0#jJn_yP7<DL|tLigfvz=1{Fr1N?znJf%yl6r7`#!#D8}IpZ2rfw%PF85V
z*IuQaTt5?2(`V)2{~svfJdwwW{Mp*LX?w<FV?Hq4a(gR-=;ynGtB8<J`fB@?{)uk}
z6lEECUt*K{T?u#Gju<ZaJx}#wGx**$eE~Z-QL};l1kJ?F^LF+)rV+&6)U3&x%2<BI
zU<h9O&4Xb3<IX=J=(v@!gO!_oy#L<m-c6yqy>pv62ke&Br`R9`0lGjIJmPd7TjSaC
zYs3(-z@GJtS5ITJ&w0G}s}-%)>GmD`ouFB&g0?m}y2uSm!}1kI*V``+e36Ss#>2_*
z?iUlgvL#4eGLhz)Cd;D4{%dj{#z`dOHKWmjZ<M9~k<|jA&ZA{Af~k~kecTfgy<l>a
z%V<;&OHYJIHHhS?{PkVL46;tVCcqrqcXf69RD0FDr&qkUd>Od4$Dv<G@pj4kvTzF?
z6x6WV=mwek$gF71sC8RB+!{rD(T4*eja1RB#b>e!*+ZuY?{(juD6xHr&K<r=^{UXy
z9l_`$oaFGsH#@)ojJ0ioNv+$pH|;r~`|wj!IK0B#To@6CJt;UDw2}DDWYc!<nB~1s
zW3|7iGDY~_<C660;s%+&{o(E(2AYv!*0#Q@BUVuGE+<eHtBSjSkmhkUuZ{5P>+g|~
z^9yxB(9stbnw8Ntbaal7)2Au~|6q20&_PrdZ42-^_Q-&~o)ZB3D~{euOQG%QP7w5*
zbq2YAf-DpL;Hw=ErZJ&&4p>;Td4(}|rEvqxisj3<Xm<p}grH}2X3mrG4hr1Ycr6jZ
zt#b|@4k<H_mo$>oD3|D)p9NwAM6jG3mIvCi_JUphXz*ahWZd%okS)7_43Iwq0c+&p
zlC{F|LI#uk<T))qo-q-0u+`HXA7e&bKdoW_<4%4TWk2w`Evp$$zkR=A9!<_Vg1FA>
zcD&sK)VZrga`UM|mOmQ2@k&heVU~8x5j5q(X!lJgZp;dLvJ@UPcI~$!&~pU3uWzR-
z><WJTfRUZ#Fj@7n@Us(bZn>*HXssr~!{ZQo{DbCuSt9CmQ1(0k1nAMa*{3+4`*tzS
zWU|ql!zug5r@O_u%5~cQep;u3ShwRPd2l(t&-Y#qEkdS~NWr>P07QSXw3Jk&aWXN)
z0fW_J-@cBe!V0Ubtc-0*)+e!G#-kxXSwEF|6+i*w|4-LjmEqd4{4mM9S1>O$%uaI>
zxWLN&wZStfcbpS1LHUl2pnDhn!}Ti%`FGuM^zovBi}+pS(?jAd-AF4cDCvS<cz-;S
z0t8!>*p-4EFWTFvX$oV6`bWW1w|jas<w=OMRK01ht`lGL6Q>0KAM%a#=zoqYt8>c+
z2QkESp!h&C6vJ^k5ThGlgVz`ax-JB!g@$Q|m0n-HYoCda8#h&b&(q5uPG{gfo>-rI
zw^1>a@+TCDZVy)7&hABRHh1*N)`CdwjX4%oCkfv_4cLL0_bEe-z)PiT18rhvWq776
z#_>=G5kS_+XeEd1Wxw3w>SzT$V~PZ05ccPqFRMtP%L)L3lf(Hj(Wg_M)Y_pOaoDA{
zOXZ6zl-R+1kEdJh`5FsyT--~W<vRjWQsMc?M4T{*47#ivLDr+WzO^+3H~Ysa;6|9Q
ziSasF9+f8dNga`pk5gjuzFALM^10qrP~2xH8qwgnD7&|y!Z0|l-KUy^VJKWieA3<7
zE~)<~<WAgsmT+qt3!RoBbvVl~vG}?8Y*H9sU)5aqMCk)!{+#Zy*-{m?N7M>+%?foz
z66lObQ+boXC(hux^YO44vVp>&AW(NCD8>L<i>wr1Y#=b`ywpqHryKEQq^nh%u&u!?
z%+R~tGsJxlKw7DPfg^#C9(fb*kg!5aLX*>%^LFaZ=vU9o=WM(3#%Ed03TxBR^C`U>
z7pE<&%Oja?!u{~%k0BP>UQrL-a)~a%W%|#((2TWZWo2Nr;R=*<1QZuGUCzJ{0<=cz
zCX|88i6k9^2l|5GQ4bFE25J>-R1G|JX9?fC?`A&!-jAaHiQ{*_C<=W$m<RTYF8d)Q
z#mF<lWFS0_O0|^?@iEdLO6?S;A8&U(-#aV4nlE+bv1w$uzFw2V?KbX60UI7ES{r07
zeM_bO>;9N&L<<azKQ{Jq)BsU3zC3XqvCq<iH@CA3UKJ>5pB(%_OE+Z|uERCNyGpWl
z+){Ubo8?7TR9=rrQvlh^8#@R4nEBFz`x{sj>|lp)kLSQZ&*h1UFaxFt6}DgE=)yha
zhR=mfO;m1eXMX5HBUyevy^z>9Dg4>t!_;{c5AS&aps`?f^pX2$JZTkvcZUZhF$^`8
zY0Ea8n!|>i0L|bGNAWNq`b0h`0W-*SYOZxwU+-EKI~WVPsvndOxIZ;%H*P22&o`Wu
zEcJX5bUQX1PQGsfh^F<v{EDmyt2@FhN!zTY5KAv?e_OXUj9!j0x|ljOl_QrLyNPTp
zqM$9w6s3dOxM3lM!!E^Q>W%rlx%_+9QF+>r?qaf~{y64-;ks^L5v4PXts~i6wBlXk
z9Hldq0u;I`X#<OF4*bel2gt`?87>MWL2ygS`>4`zW>Q&?_}yrbjlnrp-TyZ;W*voT
zE&!~vA|vVlAHpYOlTN*)1{nj4YSNdCZtPI3(8AjI>{G7M*st0%a(;3-eC-aDysTM6
zujwWOKQcc37;0q=8{F^0j>L>KljpYJ&|~OIxR6)K?i8aHXT#7_h2d&gsW#(CRj|9;
zP;4nMtDBsPIBDWj)SSwXXLxve9X}i5+aEf;@tObuGbt}WUiObheAZOr3v7f}L;~r_
zm-mL+vC3(WiTjj^(NcUOI6Gjk33$PrBNDdSCwj1ZCNOzc=)PnKW<Jf>${dn=A0gWJ
zg@1I^$+o#KTP$7^&3ssi_3Gw`%Zji|8eYtMwczrp?oORg3`uaf4Ml%b=OOLJFtNox
z(W~l4ooPsT5r)BY*W|GLY~y|MvJG<K9!H-$IN|AX+3aGbM2Puqn>tHyBSa;iAvjRl
z<7Vmv0o;fUDF4Ku322z>ac6)5s`9TIC^B)op?n8e{9(`Dk5s8HcllyBe$RrrN#UdQ
z_<JYBw5;}=EpC2|%$xRzG5Q<BtiEe^2lktQmI?z2PT1d{gdC|{Jc~&zfsbUoZHA9H
zBo+A$USGb<`b=)S1T@z$hIrRu{*u#d>2sPn$lt&$TeYpvZz|3Y9jGO%jId>Jnx*+f
z(_kP_X6_}NecVj5i0*k?r>50km_#i{DaA-ev30JZr_s~9*L!>7$0P1;<&*}^%sO8x
zPc3rBF2*=xb{EG}<}rR7!Goq*Pq$-kx;i=^EFGws(uwDq&V@mkH^w^ULq<-+@ZIaO
zfaYtCM|Jw&2(kqVFhq>PkxP^r?yMQp!MM4?3a>Bj)NeV6C@J7mdDF&~0Z*o<JfGlU
z`E=N))i-x{ZEG0aMOfJ5upQ3dwcz0X7Muh}EjYV||Ik?V?`HRHrS)#5nf8lBjD9T8
z?C>?q9}7~|M+xBd?<x^~HR%XPxRi_ke@-Ucp#Oa`)s9%HH4alx@#33xl9-KSnf<~t
z8P9DatCskiK1;yGIvT<LA)3P`ET^WApz00FDkq)#D!bflU;v&^Vm~2ak!W*ug|Pu`
z(vhL-hD-YV(D)a-pKcpr2YuTH6}3q|SUpYKb+=Wx!{1P7gW(2bdMSV9{BvH&pTR@y
z$X{E$yOEmpfQL}-x?oNPg1(du;tKP1?lpCsDXgrPQ=7M7q<m^8;IogL2)v4EgfL;<
zbc`1Y5Ve&ha;zx3>4vH8BYb7Y+f%``y;AVc=5>#^Z$2O}=qEdmV~r&Fm#2lUMbYa#
z$Vwd{uF#)<K+XR)n0)OVtXBJ5%A-T+z_FFychS7=QqBdl-Ez8rLNuFH+V#+0%e@L7
z>;b)18Ck7V*RZFq;nZsyNBG>O8e75i^5t&p=cVDT(o{<hMGhdUT;F@$93Z#2-xf3g
z0tAqXhW71a5v<2s{lv$hgv)75W}T7Z0W6#IGkN>dA*L3`7GdwRQ$Oe#@xzWJW)XPb
z;8{jUT|Qq`SAG{ZxafRTKE0S?g(9rhQ#6ss3u2B`6rS|WaGY*HnO`Np0S5%fA5pQn
z6XByXw1}Xz;=<45*V_`zB%n39|HOKgvp(-^4}bOkoy6dKuhRWT?}dZpU!N-UlZ{rH
z+d*G#=x)JxMfqq9f{B7&!H>#+lMP~?rQTuI4lr0wfR%z-nsUi~GgIjN_i$xpr`L%O
zlp6J)TF)=8&H}*l;tCD0o1LSXUQO34M{~AlzRxW!x98bLAH8jy6oVW-n^C<<=f3t3
zWX8*-Ah&CYiq9nigdMo{VkRQOL*hdEj_`$ja{)cCALW)?H<)Ebu0FQN!kLeaNA*kf
zA-^r?G}A3=$-3cZnrvLyT<j?IA;adU?}BC`?!Jp*&<My2%qY^%1Q8uk5*)tw7ai|O
zT$YJ=+Q>?eu$4`|#z;0z;%D%fc=A*Je?;=vd~taJ3kiE#W2yG9Z<gMGeaOJ~zU!j*
zPulV~9cJXe=Z&LQx0fR3FkRcDmi4R0fWJVyw0`snVP+35)0=@<u;|6ScazAGtUz3U
zlc2TVWFgXD%jB=EwZ}6EqT8w)EPuViS^ZvJ{Dc(4;6VWySY80Wv>zZ<H_S*Eu?L&z
z#u!P<tdBUciqG(sSAJzGRS~7B=}^V)=$Rp4xuc<IZ5fj9;E!HO=*3ngV6#@c6+P06
zF{vosvcnnm#L{`muu^_;){*u4afc6eibK7;H+*syrtG0XSu3^1bFS&&<-cfqGs<mp
zX`v?9^y1vlC!piOmJSv5h@avC%+3AyjoS%WAWj#oz4%<%{E{%*Pul4`PWv)jFDBnC
z*`c4DJVt`Y4E&B@L<y9608)qfVm+OXj?P<Nj!~dkoOZ!yb8>PHQ^g34&9snFB`IWT
zAXsy}@tj9o4<s?QoB1+eJn$pCpuK)OkuZ`D3mKlzw>CqEuk!fbvFXE~F*UCsxigQv
zxU?Z;5-(^%5wBXuY?@6C`WhL<1Fnp<<Kad2*jOFl#z1=NEY{domJY56C^q18#`aO6
zd92q{U5vZXXfg|W<)<kYD70Pjz3<VZeO@Hr353+!Dg&5%d)vtl;L5pdJ?pt1;(B4Q
zYZ|d27!<y7GvUNIwEwfjuCOF8W@3F}$qBpJ5$--X)?id~5kZcO+1WV~Ek-TTNK)U~
z;#k1xkCQ8wb=$C%*8_zrkzVE3!ovV0`1?0A9&~ZhXmMem%hn_)T0_-|3a8dOEbm*~
zS#CjQ%BuJ1J&*U@fjW|@RMT6x-Dc4y@G8OENDrUC??H0GqRtk9f;q4fqnlD9w9!fo
z@ckfNKzK#BX_F;&-An>hGj?J2pe-jgRV`(G=Uu{@Y$Yka*V{7*21?;b#SZ42lB0pM
ztWf@rw$KnUQY}8fhhoQDPq`1TO-o8QUX#e&R3K7MODaO-tB8K`)7*z|;EG(*xpG?R
zKgvr}0jiIGa4|QA%`%#DkTJ86z^Lw1?#!B^8b6uwXiE1t7D3^^k$|jltYi%o{_$ZX
zIr*4P>eGbv;vNT!tT|Z1khh_%`Y%y*YFGO6cx+4in%PXQl5!g?l=_KPzd6zHfz&8M
zOBB$p-}3*2ll8)|i1QJsBlg#+O}wO1U%E+exjD~%_D=&-L_{t~avH<6wE$<z6zD*k
zu(SDS<UGR7TXTPeuKb=uplnA@3LjT17A%dSA%Tw*^kCMwG`UBX?PAuKAXsRS1W&o*
zqooQEVXcJ?>&{w#>X;gCjr=5-jZ)WAlb6&LmPSir;}-EyI+)eqfd+L*lOY)KT5-=e
z8uDdp=U0xJ_wh8$dFkL41{rZ?rzKlXe!LEg7F5i0J-XxlsSz%C;++USuk+v(E2hug
z@1zL2D;yk5gD}uSdcG+*Lv=$a7ehewXJUQ=n!`d>vuxixROs);df~2}k!wIiwl>iR
zPBE(L?yT4<JAhqUZQP@1okC$SA!DyC>Keg+%_gC&Ejoafk~#a?jBCrn#WJz`K`!_%
zL{>`tH{U38kh57{5$j{q$J5XQ-LApgpW0q3#z$j<qJMArQhVnZ#d2PJ?INR$Q>BbM
z#g*wI6hP^UsIG`Wr}kaN?Ilw%zM#GR(Is8P(4Vi4-7TPxqHOweD2lqIDVdU%p(#<9
zMAP{kb^f-jW+5OTzI3M^@WW6dD*}UJqZpAQ5cc1kHX}SOj1A;>8ZjXdSgn<}4vV&6
zwHp5!+bQg$dI9zkJ>!pV0bXh9*V}xW<{Bzz<Exx+*H7ib&q}@#WPWd~Oq>6kTGO7&
z?wwrl5A4?xLdEZlP1VC~^Jhb4cL?TwSh6#6XCoF~2o1zsx{W&Z%JH};S+798XJ8C#
z<a!Id^AQSsT*fUr8)MiL$(Is|2A}>Km(Zs8%vYi4<u>{DM3}w6Z<sZXbw0-%VBb_4
zH;Z?)7+6oj?N=rk_)Zfp+~_Tg>&4dh))fT?RsXf5MMX4gyU1JVYqragW$4OucN{3s
zz-T`x7o8ZN6c?9g1=0m|k{OhGy}pGeGa!8tEywD%?|6J+nArwS@AU-lMgu!v=grI|
z*MopR(>&}PLj6A1b`~ITs;Dv4uUrzitv>Sg^yKYH^;=rmfQo>0kL%@_DvKZpGV9@Q
zyPA}+Fb0lKnoPt#VcR1=5$<V_&Y7GEBO`>B$AX@+-Zcx}z1ip6jQb~k*#EO{mgTRG
z<AEau9DJ?K>x|Zuv+eLLS2Y8jk-1;|$;~2hr5GYWat2U2l?AW~ZXL@*6%`%Abl%8k
z!*jKtkfAyb@3IRk!08^3m%{WvsgVg45$u=TkvkrbK&wl4PVlFe@53nqAQ6DulPsNQ
z`RlyR;H8*|Q+_B2#az5@ke$)Cr50PS@>wTmXRl-9sD5sY?$gj@T)*n`@dGD=@p`Hk
zVd2%D!SGTtQgtXxQ;)Roi>oIR>e<B4jXfic7tDKV-*0iWeq~C}#XNc!#6G-`6=G!*
zudyWQXU~~=^qD^xeo>ZI_}3YiYm0w<{T;3jGbi6eH23NlT0o?>7Cixyx-jNMIdUGO
zQ3L!Qmz9`%Ctx6PL5|`*vtePBmmThCJ72F`RwkPuBG>00__FPth!sRtq;TW}cp$bT
zH<NIOq^N+%d}?d)_Wxi7&{6h3y3T7pY(-9EITzz0DRGq1pz)D8r^#zmUi?Em&h3KF
zI6K;J99x~HodBH=vJcZr`_S02h_R#mochZQ&sTRal<8t1oR8u|*Vh;V^nQXMRRebW
zlFt}+q%x7pAC&8*^H;Mrt^5PTf~$0Ka?XoK=rw-Nvp`(e;2509>jMu08CYcLltR*T
zx>TX(dbQ)`2=wuQ=OJb-57m4|Mvj)ePM|zO7<eu=3$;PJ*?vju#<rP&xBVK~ocIFJ
z=3`E?hB3z9xE;Z{zgyn~e#pa-eT79(rMK$#$UMfCyv!RqAejQw1$b;?zN~fAieQ*j
z*5{vpYm8m>l$}lB&1mXK1l6Q~Q{yu?%NBXb_p0`&pQo}gE5qu|^*o<5oC_~K!8uRQ
z_kQs3&%EfGt6a4h9|6Lo%4)aUD(Tiu)yEx$bJNMc%#4803qi++bdbl4FHeWW%f+kW
z;&FUhSZrZnDa$P_O&g6S6U)JXitn_Fwu;!?+)+)D_qA!=N3QC6dVM!HIA9NPao3q~
zo~!>T7V|OW1XHI#!^1xs4_~jwjH^@(=iMhnB4StNKRKeBP;FA@StNJk*VwqoT)^XH
zz|#l-7td(fa?`hPfx%w*$~3yB$19fBvzU(aJ8MDr$2wB)i!L%XS@fzol2zY(8gvnN
zQBXBUB`q#aGqK0~=v>adJl4m^WmFHxCxnsfE4Q=Tjsbr!t~Y2YO=A7JFH&$2kj`-S
z@q`V@@0bS}+niOst7m4mN_a$R8Tx7k2fgazuQ2jBv#|TK>u##x)D)Vq{xvTIRw7_h
zmS+J95efoex|-CuHwyB{-W@1}uHR12_s{{Y8+7e7;%+O=zseV08--ogy$S?W08Ez^
zp1hP`0UOn3O{DVJdIWVC^(1v7%DF46RD@v26!GhV{E4wq6ZS<%zNNWRw1@V80PlS6
zjF&q>5EmLb$QJ`hhC$PQJ2!B!RnLbY$uWjaeE8@o7qhrco2eBhX#xUU1{$vu^;f9C
z#3U0RxOha7s<7ee;n1|i?=7-wmOx<uFp4B_@gzkBzMO=$XC*@frg&wKPs_0KdJW4`
zwwl=BTfYe-W$fq>`M;%;qu!=+68yC~DPZe}kFG!dESfbuu(C9+^fci#6mA_B#QJQr
zBPkbQ{f4iHn-DcFGDtPvQE`S*c2bTp;!01EMnyeL^St)2<D`|<{KcW?&sW8{h?|kc
zrYW+y)FwY7P6`U02zw&VozIhP<z;){SU$Um3&7n4zuC9Igfug}DK$5DN;B24=AHBm
zU+puP-<zsc<k$Y%g+Z&W16?NgsOk&+x@@(syZJ<!)Y#<aR;@8b*>~7hY9HTK?aK6<
zhYheCu0D$lM3cTwI*V5jkf9}|#&Ydmr-&T=2^I*V1&OxKdK*z#nrvz_L+W!ayk$n5
zGhustsgvp3gkHl!g4NG(Khwr{4s7&b(||LhXNC{>H+~3rS+MwetK#NqGvPkUCK#o&
zmhg$?n%4gJ2xdh3?-6W(Kxd9VHmAMn@GUi?u%^sn`l2}v&t~TqxjA*h8tdOxG@62G
z9m!ykL8uMWrf>4U=z0sNs={t<R0JhNK<SW1y1PLdq`RfNyBnk%L`p)sySuxQ?(S~5
zFW-O8`OmoH-Z8dgAe+7RT5mk_na_-OKE7>N5~P0VoD$njUL8XjYQy=F^1o<6RkDV}
zgk=zefn%s-6t?d~z9q)H_{!L@27CWte|Z%_$3)k283z$L=od3KBQJkOVyjCj#f6no
z>V$F7L_(T7HMQ<8DM~FO)+5@}fv)&9RkZKKVA;6Kl4YZ2;nYn7hgZ%~R-Cq$$x+6-
z>1|NAt=0i>4dE^dZ3z#*cM(DS-e1@~+UMPS6y@u%<Y|5GAxKXI(9+|u!B#vonJ}q^
z(hfAp?-5c+AE0-Q4|M+AtcP?~XE#<x+AQ5RL~hvTX4Ifo_S=uI^zJyyDadp;jpsEZ
z`0vscwL~<HRg4=t!T2!_)iHl>L~8S8)-8U3$<^c5|D1K{$a+37=w-wo-$#4}{;#jQ
z)J3ETrqS_aS<J(OJ=j0q*gnwOIqFAQ@{clX?LSVEH#W<O`V;X#ys~I#h4qJ`e^{j^
zta0jwuZ0%4FK+JaEaS&-d=fqi)`(m+ae5mYr*D-?JKK_NDgM=qER48tcL~<K9R-LP
zI0VJvAtSi|OO?6$?|1>sOiY1|BvS2&u}4W*37xzWFY?9b<{UadJAx2sF8eA+c?Fq(
zQ4bx=4rG@9EQVD%xz}X7M8Tap$b&_k%1K5Le+DNlNcNp*o?(B175ztzmeZR%k{?&G
zX)6OhtfSU?T(PeYz+OgioX<n@gCgq3IMi7=O&c5WWtOR$iKX$NK|}77t1EdUQa|+I
zz()mT7KUHL^I;-y!4|G!a*XmS@*OyT5B4YKY<PNkwnN*2p$4mzg(Bl!FU79;K}Kz1
z`hJKo2#n{}G$i>f6M!&Qhv$iy(CK<jhi7o6FGb3Z3l$AXxv2O4fbdsg(isn`M8@0$
zJa_t2wj;`s4EcC#p4p0VB10Q)in=-+%&`%%+$yw{fHz4h=t*5rAFKa@49eK4*#sGF
z`Ho9LUegI7LJo0;J>A}j*7LiahrE39zxDN4xs#%VIwTl}L>PxTimi@EZYcx-33FtC
zxdK<cB~SdRYDn2aE$}2th?4xtq%s}Cj;j_-(|2~{p}QE6gm7ymg3o%wXB7nwLJ%SA
z&Ss1tiCRxJg$4TC7o}U_OC*qX38V9gP*6kiHIL#IxP2wWbUMkPBNZkl*ekxWzQ9Y_
zKuY1)Vb~|@f0tuO)FJ4n7>VkLqa+a5(&|=l7`5H~K@N?mET^I&t*1$uYQe4Yo%Dp<
zi-1ae?P6HC`4`HT_AR8Ok%WN7fs0WR2Nl|DE@E5|k2)a)=vc>rb+7<TE<eyu?(>sU
z-Z;(|RaM)|S~vMFmpr3V<GWjuW_4yMC^N}9H^m%BXcgJnbrDhae){lGo;(aZ+=<1p
zRtp=R|IP)FYCju@4O!j#9xiQr`vW%K;L0A5nb{UiI9HB`UE^kVaVzZ-jl<`5(oRDb
zunwy;Q*MIg*pyjZ?}rwUxqaRx`c@wi9S*{-<p+B%dmcDkpSVTdthgnM;Ch0pCy!{+
zK4FTjt=#k$gPY@2_w#;ekj)-yzEBgtzMj>!Vd&d#Id24MRuc(u(jLF7SJD&VI^ed3
zu?>WLax}$KGEjgI!1XC$W{wPx`Ic-VfSn7eV^tEQGO~Rm7Z)Llixje*ElIDvO|mh&
z5GkT3R$V)|e)FoyaA2$#g6%?U_L?OK4DAfdf8`1CS?A|rA=;IBhUCzXVsS6gy!zAh
z7*&F2f+!%>wK|qz#o^su2B&Buc_2`_PbAVRZZcOBLGs~lkx+lY#0sPHT>N77@Tj~)
zbcK&};DTjVQ&mJl4}xzDDeIFtZox!_pV7!evj7jGyk0EjveOlVmhgLFvZ2!KjFR|)
z3fGVi1-l1WZI&$Qm1W$rSm~lvIII7n88lcZsl&gZH{TrI{a{IAb1#EBSe)l2JCoRu
zyF}!{6n>%tn0U)wvREZlzQBdbbx<+>?fnND)cB3xNS43VLQnWu1lWL1X7Yo-JX&nH
zGO7aUJlSRaEQp+%U6{-AYjjzRs7i3}j@Vbtso6xkn<c098+F)#`&lLd5S0gF0=cqp
zzWD=OX_3MCb#hkKF41?64bh5$BGP_ul8E-?E_6jqr!Jd76p(XV^8-#=kP^1|Rk{V4
zi(xuu@Z<}u&i}BCmJ`<}4O{=qdVTBqztp-;foa&EodIcG#tSCM$-;6MmVgSWh<fQO
zrjww~V)SY%Rxs_t<CJ7S3PRAF;@TFUmFPjeVQ8^RsfE&k2qzFG!0Y(uBrBd~`S(aM
z!=aMlbn6}vqET-43L@yp(_9$wCmPA4&UrG6++m32g#XlYIPacH-6MF-En-0*-RusV
zmp)-Bj*gK2=)_I{4ePuFU=n`PRX9jwZ|@L9-@^e)Q4C^Ze8KHDs7#eb+Yht{f%nqJ
zDm5u(5n4SWy~Imy;EfUaaR9G2uhb#~q!xnI-BOD2W}KkzZzgAV2GHpz7?Ss@DKi%b
z4(>Dxanl<%|6m_TfaYk&twW2x83ha&8z9ySicCdO5pN~;oocSYsk(#ZL<awcE)EzX
z`pd<{Lrj&pPGwej#64|@sPAF6^mIZTbcBa=;76umFsbU|m<;gb*rr-pcDy)dlH)r_
zqZlskjPTA+yjo)i-)a$~?2{su+3cj&(sOhB^0GDLJk&jM*hYU+4@2l2*m_Srjyedh
zR&~%1aWQfEd}n<8+m6cZBl}($NR9(ZxEeYE2zp`CV6S{rdEGW8Isd~?|7N><?HK2$
z-ssq`KTXCIPOQTuMJgh(YavGS3IU8Jpi`%*B4)5+m$lcqc&amwvb~8mNj<lhcmw8d
z)ewSJjENKBgId4X3cVW+5H|;;lAq?!V@I4VIU%<}(}QbI`4T8JFF0+5ZnUX{FV$v)
zSX{6m1|T9zX~exFLBBCmA!_au7uA8D6d3%5w|b6!QCHX0J*K^dU|zi;uh=vPs0>*_
z5`gRF)D$EE@fpYxzp&D~^3u0}`e&GHw0nU0C$lK+Q4h6>#eo4RZKE56n>Xt=|H?;(
z^?uDv&QFPnEX>6(g^Rp}M+{r7SfKgM7b5Z&_&)gf^|L}h?iOi^>@NJDK5HIPc31W4
zXqTIt*^x5F?#yuBif3e1b0*$_7CPiZr5ZQ%sUaoTS~)$WvmQ8!$bKFIz`0s?V4rE;
zyaBnYz-Eqp44(je*+7+B&u-b_B^4D$sz*2BR83)5CTmjv^9B`}BSSwq!x;fX@F#|l
zWaa0xx4n^gg0gP`Xc9)#cdY4T%5pO@5`nmU>a9Ck7|mn@UaTFz8$Nw|Vlf1d<@tq$
zkvFEa+<#>!5UlV2kCsyeEdpH~lZ8$ZP}&2(R&YkwO{DYNXvT}mR~t?9E2fwd$k@5y
zZ$?yBY2TF`vmCR`bRmR$DTv8Sjk5_tRl8KHDPhe15f|gWyuJf=?Tsl(i|GdtcnO==
zg;%Xgvq<eBJDC=LY#ixTN7Yg@%yK50cWek#Gd%ZaY!ABPSuT!tZXFRhiW_<s<^}nN
zbpps85i%i;0&!LxkSGTopm1U1NSqeX<!F5a#p{Y6N5*6IAfYYAulImmWlC7u2oG2|
zjGU`~)P`@hZphz7dfNU@=!rm`{KkU_xX>$M(vT6-@gzYtxMBk22BZYHpNR_x+IJDP
zqc-~=86GvGX+t+zg4jepSz&JR--FElESId{`TcDNbklxgn8xn!!0YXVBmx<}fWXF-
zTrV%4l@^+`Th>3`)0V!=QH2b+iwA59>D&dtI+sPwr7HtFi<q?03LvMtQBi)*sg5{1
zQK-jdYCsnwbPpUI#G86{D3%S4mIt}K0-)dlvf0nx;d0wmKT^H4<v^l6zC9Y^=p}=u
zX+9?TUAOpidAe}{t&yYa&){-go|j8VT<0IyTBYxD?IIwdTe3<^Q|IPn)znO#_w#wr
z0R0gqKD@*zEeaw9A&UcKZ3Ur_0zh~oWW@i!<{#aRAiyD^a3^p{*YWCHkHzUX{9e!A
z6<+1)fG+WZ`q2|d@Mld7E5VFOvdPTI&HIw0;&?Lb(AEBsMNFr+z|GnC%KLHvtNStg
zbO7$c^JpcF9aDs^8%%Er94)sUeN#n8c{`GJ^}ACcMYYRM-{;b-PG-b$zQC`+n|Z8W
z&xir$+zYHpmEaze>BM~>-_Kf#W~T3EwyyuMc0fe?q6Nj(Np~r7i#BOH2?lVt$3^sx
z1Kx*~gX<Z~ufn4(c-CB>{{Zv_P&^=UK*m;La3&ch^;%c5W+RDva|8eC6a4GLi1rq2
zFAqtXQl;$hqy=gRP;j)Awt^)>&GPciJ2uLYKR_E>>}OZ!$EvXLDGEUzBUc1^iBWle
ztyYwrQes{!(|DAd-tk*9Z!yOutdn`fMF*+mu8sHkAfNy&_Um_37qAyzZAC?bh}V$t
zq)Fn%y+FM<VnFA-!)Ug{(Tx$%QdGsL%TM<`7gGZZckbn^4P+TJ3}BTbwQrs9Q_sg&
z7KU1Hj<;z?d51&2ydu&O-9tNd@X;8Ng4x*JZ$-3RwuI6=uF01@A3kDXQ3UsD{wgUu
zT-^ed9IoF%_s=6N<^P%D|0~xPk&?oVbhnrT7vlZSh&z#9bFWu^UJ{I5op$5h#+k_j
zZX8!w<Y<chUB?<y&_ik329XN(R~#EEAC%HW*WKhuoe$YcLv{hEj*8AEGa@!1gt|{u
z*8z9bgV9*n1ahPSQPR6+6SjH_46HYM2uRG+G>XD&@N*`Fn>;4QW4X;si#i*CJ9;lk
zr!3vqq)fR6PYyz?^}C>GAOhalBa}0o!4J*CEuHD^u7TTISqZEp4)qk)fo71Dk)!bq
zM%#R3C$MVL^l$d=qU-!UHx2L^f3ae~-g5z82h4OhZ}OMJin+0md)8{j^$u#u9OI?3
z`I{>LMt4uiUU%mW{O4;4bjg}jL=gT2DY-jZq?`Dl%xG%1Mov!QBJ@PlEHxeYk?|2V
ze?LzoVuQ8vTpr?p*Q+L@y!2hq0~<MO10YN$0WVK&XhqC?rCMuk;Y(4)UvAH%`@f2%
zSKqnE8m}KdM=b&&yqKaoElg{9+UU1Yl{h^~!=O``Z>aRz&+8XyWV6#hf*dA>{N?3;
z>QrPjvOnATcM?JQE%|qLcIny?$4bSBu?GA58QZ_lWfCrYPP9XSdkqo++bgKS{69{{
zm0>-~F`e<`h%n3TTjikBB8<rhp@X4`7U^(lu-b(rA8y5FL1=(8r)TgsCuj9sZvs=~
zMCx3;Jczz`fTtbJD+bocS6PB9jPvs^53vSGhM1z)m?GH6AQseYcOGI9!MP4HK|nbC
zPPtm?y{mRsWM(woaal(ZDZiHzme=w+sTW%qvDsWZ_+4v36UZ88`}R8}&6cF<DBf)^
zbyobPz7x(tp5Xz@1JK4Y#kjB*6a^!%Tr*NBuS#~TbG_7LJ?9_(z8k2&By&d*xW4GL
z3idhO%T-<o6FD%O#YWEoXq3<sk>b;q0_r4SyZ?p?2fy7oAX@M4==#POE%mz4)9-z(
zVsT<%$kWU7(qHPeqX2<1&rj*yb(Se3HEF1mO;XUni80bpMz~}1%ziAYyy5ng98%*p
zy76AEm(!l?*gf4Hcml`p2-2drS-2jl)KwzBFS+>#b>OD;I8~^)Uw3*U@P;{u2>E~z
zym0qG$eD)(?S{;vvbE^qKLKWt?DxMzBN_;Ck%rwJn-jxzLUS^9aOCdnM%G2|LP;{c
zj@1YLT)QoSGB+9dxvtBUgSZ1U14d}!VFEQ;KaWoun1EpqJ;*gB3?n&0$%Fcto+BG#
z)hz&sH>Q8hOIO&QE+hzRRnU8oWp^3+;eTgcj*5VI+}qh*$#d8IAWu7x@)1m$iQi8F
zk|rEG<?{D|F;=^j1+2+PRA=n-PP{H6<1z79vDisN?HGCy-_$KFu*GZm;KY>f$~pVm
zd8lLS7Klp+&l<7F2cI2pFqB?|Ul)|>a@$$f7P#-%io7{}LM%1SGzaQn5no_W<rK%g
zCk>nbSSZG`uGTEj>^qMp823dkSPsg{DcH>y{R35g?yaZrI!jRz#}Pd6jIQ&vx+l9I
z41iu<5u@gQO!;u}8taHq#t%x!E*Z4UYN$91J5bx%$uBffz3~8{1D+lrw-@F-yd~g(
z*TE8AnnL89*<!u2e|sx9^KheG)&dGPyu6ZgX13j;Lw<|(-h*;D?iL7pw84gxo9_Q8
z`~UArqM=&;M~3}z(qKyeB-4DCC)j+K{>e7LdRXw6z})BY7VnzYjRqSaQRNwPyC|L7
zhB(aIU?(B2AqLVlc4BC%u^(sLX&>7lYhZ+W`11aTUcGTrTD;Gs0CWdr9F7@|`CH`5
z<~T|9pex=12NrROAIN&rg6-&v(faY8c5!04N`bCM^@*N#INA!s)VT&IB8m6Nvv+x^
zQ#E@q<bX{XImM&DIzyjwg-YY|EK{QI%J>K0*WAk2xAaQhla-Va;`-KgO?~%g=g51~
zqULFO1)pu@^@@d&e8EdK-CyH&n=<5Dxf@NjHix2fVh^EOrtY}t2HmgzhFq!;YaZtj
zN4SH9%J%k*$02%Xc{DxnMWZzkfa^JpYLpOj(64KN*uSN5Q?3C6e9_(91n~+^3zpy5
z96;xz6z%TF){R~~2p$&;gmxI*77?Y^CdC@DWNgw+LauGJy_5g0zBm$mQ8_4TiT=^S
zf;1H!E`Yq)Jhx?*FGzNVuCHoT*f@21K&5nR<=58RI;EWqy8%0Kh^GC@I(W~QcL#&I
z@g&JkM=cvHk;!7o!6uD9;01origjDMxzZ*4ugLlTO0|WdAuSModYsz(>&WFji}%e4
zmeJ(HI9)w4mS-?)$8RG-rtd-dzhUGVKjpY^_>UAF84>Sh<x~VW>>C1O&N0{@V0k6@
zOIP#P?=z&%i`<rRWSHlQh*Us1|EJWY;Ig8%Uu4hN|HTms<gflUXYwU3WM^OCD1@DF
zxx)ZycWgWuIfimyy+jAma4TuAke=&V`x>i1D<Xdy=pn>8Mg&qJsHD3b>aU021eLl4
zU-dorKb{LHN1Ze>jW_+W0WkyUhbrtpF-7a}f9U`msID1I)K?5uuTE5Gz|T%Q(c8Y)
zaVa1FxMy5o#d&fCsl`eXFrBDh1k3(YM_5|fjW$*fS>^jzApM+)zUiz=1AZ*<JVs5D
zxl=uMnnvQkd5z+4kvP;d3@MAJFHfvvfjy`WlN|olw6Kz7PESX-B1{?%6p~2jE1)r8
zf)~RcQ&N?98y+!QDD|+mN=hk+*i49jW{$@%rl>#K+)n>l5TztXnJ}EKI1#!a)+5cq
zn`Jr(Vv6m2#?y|I1t1R8p<9C-QV6As6;lMnnpfOP4j*H2dzQPk$7~aL>MR^kNsqXC
z9!4+XHA^K)341=Lq)UbWuS%=`Rn^I7%`Q97)zeO-h{K^UFy8qWEO>D2tcaumGFZt#
ztlGR6VL|w9g3)}QrUHTxvAo%^+F2JvtcE=x>S}c~(#%qyU^xZYB`a#E$T#?5Y6IkS
z*huX~QIwRFPiF9?ML^+^<t4Gx#}}M-_BV0*oL<CmAXcQ}xtI|jiwlZWabV@?aB@~~
zMz78-rbXx;sy*9^D`i2|1E9ooYu^F*dZ><@U6b1QqkxKq5Qk4dN)c1`m34ay7&P~S
z_9D9C9z!>V-D@H#s2KsNtA-v-$^)*=k!#aZs-^LMA_aNaHybfCB5K_o5U<igiMhVH
z{^4U+V!z;q3yi_j6g-&kxWpM*Al_;^FoNd>itO0(yrh%JE31XS{+NZ0^$M?G;$Jx_
zdBLk3+jGw{Aa2U;S{K&|En%%fwZjzwHvD_npqZ^(Z7RTPiicB~rm8=&XP{d=m%|Z4
zm@M@=pI?ke&Ka-wWyCn(4F-U;v+ov)vDX}EUq404YtIgFo*ZhogL0s~6TFe;<?4f#
z!?{Y@8&_xNu!;(->y{hXK-H|TcGD<Yk%>1eFL5APj){f_dh$S0)^M`3cXoUWtSX@6
z%HDWtPCu`0Z5cTzJ<2H0h|i<i5iDEUUVXaZ-AZ-3z5wSj-rX1C?Hzm}E~XI7qUX8a
zr33_60Q`fzKAh`4Jj99FB#r+*F|pWwV0E}vy!24k@W>_rC}h~R9ZJWJ+*>smo%Xv^
z`O@pCMKzCJP`~$o<P5<_UxEKlyGcYQX`l;&uEI8?vGR^u3Ei|^uTo25#o9aC&jmrM
zz<DJgcjw`$rsG=e2*}rvo~}J3v5d|w#fkOt14T#qs!U^XJ75tCt5VC8)g3TD^Pu0s
zgI4Cs$Q~E6-?b#y#VeGS=RmE#et4?AODc6BbyNo>r8Cj*>{R<6JJzAsYN9%3pT;_F
zkfz&LapZtOh*9|z(ERBgD88dCT7{$hP958H!DFE@5|!Y?Wgfl;{}<HXJ*PJ_dRb+<
zKAhsk^Hr&2*z3d>^SwhsnS+W}e0|NK@Pp35sQN4FY6)*G$d_&sEKM3t#C~%pU3q$m
zGFTY%%d~`)UTDnj#H1wIZKp7j#=0K6q~&(goQ@UkAU>1MN{WRhezrq2*tWE#;=yHc
zKD&Pu)qNv&O7Ol()R*>hE)wI^bf5M{DDDRDCTKIX2>F!ozH{da&yMq9_jnhdc?(xd
zS(}XbaBNf{u{n{)%t=sH$mHD}`#ai4^J22%RaqsP=F~6t)zuR-i-LB3?<6$29j2KT
zl(}*;s|ca|Ldj{!avHP3XL7z;=5qfuE^IibM`W~po?>jtC`p6fLwvFEzOC3SyN<Gb
zLWrz5KdpZsM9}K8L6ho5Z*(~r(>N*~Tkq4+L^vTg!S1xpVM2aWXMOy>I6VBt`Q^EY
zLY%VBl^r#g`c_w~?V#)A3iSAt#(=j0-OSjQ-R(YGwXg@HQu1s(-kF7A(EH@&oq;#O
zOHe3$C!F=G?S?B>x+m!4O%QQ-$n_DXmZ|m!QxButwXTdJIM=PutTep)$4|Y1xO&hk
zG=mHd9OBwz9A@;d%(*ArO}!CRAQZK2*=JHPfHTIxRpIe?0$G=T{T#=LY)9&K3W^{K
zAp{LY#s^-T6Ln97t?Y<IlPr6^=p8i}(PsZ}keIT+>t|_9hxONndc#Zp1?J$Mu|eVU
zqnFS5cH#y1tWOz&zr&;?NcDK|GUq^=`74nKIzibtn>KtN@KQI%bj|8mo)lWzz;dVI
z9A0{f_*m}4?&Fp|8Opk9^P{AA!*TzKe`^hAa3}Qnw{lzTo&U-7dsfCt0fM3v1<v}5
zfBjFtcUEv3<ggZDicg$t(x4_F*J|!~>oEUH%(iN7S@3Y+y!Fru-bTO<FsSCT-0dRm
zb6&*d;B44E+|33Zhxw7p77jB;`5l~Y{uEHmXi=tqNd>***K9e6I(i+Q9H1i|95$|;
zW%SumzOrE8&g@)F%uk4$Nl=DR5x{z$+l3mNmvN!Oa9VI{w7Q0xDNhjc={XwGOveL%
zx?W9LQ)2r`gjS=pusB`<U2fOZD*RBO`{IWG(k=Qe4{>|Y<hY2U0d?jIvO=E5=f}Rx
zKkZkZci^p$CD03JH;F;K&}l`iWy5^>E<f5N-e8TLl+wQc#`h9z*X51azVkH&dgjE@
z`bZqB`yGk&mxs<U9Jq@RZ8)U6!Uk)aB+gn~895bkb$Mj1+*I#gelvOGM4IeN$Z4<W
zeKX&T!6R<Xr!6hg82r<x=yZCF_1m=|ZJWl$x+Tj;9$wr?bhFa<h--w`HCSFg2`Vl#
zOG^>?k)DxY3JXFq`>3><-h)M#nJK5Bm;vB6i$1OHpI``_1kziGd9{UK562Affo!0m
zo_7Hm7Si*oUp!l?6x?|zNcTAl!{z=Mx!^|z^F4_xQK$2>aTU{=eVq(ylCT8w*GUyL
z8Wo}MLnvreYN4H^<N6<E#x{fBba=gc!<&x|(V_Ivx^bed`QrB1ze9M%MNB8l0lx@R
zXUYC`nLXnrg9W!Y@t<{8`uiCMhBtpbN7-v*U8omD$@E+kYj``?a%Qmv?%P!04h;8`
zvcU;9d{oc`o(r`)N2<VbrO(xKXtHdB{nLWt>{0G0rOoYwcCe@2=l23QIkP<#77w!;
zt!aV%Oo8COF_=x^sHrX7ujdls@zUB(*Yq%W+~FCGXx=CqOczLk-+6;Sj3y$je9XGC
zcXG%opa30IMLE&1IbYkQukL=>c^hBv&YlFW<$N(L22TIM4}E)7Y{4}&M6wDSC@a<C
z2`%Bl4I#}7PcuOK^~v%57ReS+^9m^O?5=OjHg`~3PAe<sbk|0Z(^^Igdt4d849mzX
zO15p_-`#)tjfIug*g^#hdWKRZ2xASQHE_83mTAD_OAv;KOIFp?06-X)q*lSgDraJv
zFgEEpxyT@^K(nlEEKJVqkP{CX+&wy){?pXCHntxyJu@FsQ1I`_vAC!{|6T0@Y60oS
znKR)&6Kl0GpLR5fnz~wkeo5B&M0UG-`vKvq&4jTf#wPbuc1jIyiAGa!ea^Ahv)e5d
z2<h1!iO<VNqHm+xy;#oR)oheGP8zdZ)MbWbKI&HBa%Gk@T;pNNyV<=y&Di7|uFKGY
zU^KB*3R?gGB_FE@o!U8@dJSi8t+&r_La5el8Zp^z8EkAOVQ)RiDt^AMx0WPZ=%7xY
z&b3t=#o;&jMSmz51`|9&+L1(DR7na7&X=5e!HNf6sT+SBuZ-P${)+blmwvpX{I**6
zx~xegW-|LeL$s#bY%KTaV@WtU(S~HwS<Jh=0^~@9RME^2noVR<DLuNbXm_G;#X^>|
zd$SEX)|&C7&-un5a=z7F{1X!%)`o18-WT$=?xw`p5}M`BO~homZ@p!$18Wq&DA}@M
z?>e0xVCMf>t_@nuPngd4WzW;gO)!!9yYG6YmKV7;b8JVwA6wBw{jm8Ii@jEQPAC6Z
zoBoYu4B)5TH45m$rSLi%9$0<MR(y71&9dLSuPw}A<<nC~BohAqV|-n@k34U6@vj0d
z4+SCqPjJxl8}M{)dr5f(1ElHZ23<d4vsZ@kIXNT2MwU?oz0TY6WMk_S)B2r)JiCD5
zSZO(tQH)PwM5l8(Z{(^=??zv^(V^?I*}jp;3-JXopjP#JZ*qrGw+m_{rQV+^6vmU*
zB>$#9-ZdTI&yRf8Sob5ATKN+*IyQjl2gjT1cPKPz(%Z|a--np1UqLe^=<ZhIddE}P
zv9>na{b?lKvq!Cwqt15k>k;+vlrnTPLpm#B1ywM(&mX_&aRJU`iAV=}Cwb3q5ExFO
zpwVgx;3NGQ`jw=Hu`;WTC#{)^si+7Vp{#CfVPnwi`Z~IUhty#6LRC}*TTS&tCAN~>
z#5Wnm2t3}u@tEPSU=%MsYtd;~Evun`CTrCbhRAec)jHa%ZZ+HvMqsh7_RN*LPnYlF
zbBhz{2Rn-=yolD^tkhRPKRUc!@I;0lI62;sRl)_vKg~5_bXsH}yip-Rk*l(JD$f3R
zsh^OQGreNn))a5n`fgqFH+4ed%*y?5wGu5UkL~;Yqr=sSfVhkcl_2laQQlO9<~;fY
zV1oO=fg0WAdabJ$_cGZ8-ettVMyHo71cGG>Z2IfO{e};$gTa3s7dgP>;o^tvFq?rA
z;LiP<LnJ|{+lKCbmsOk!a79$~mk&M+7E&6I2T!fll3s5_slZwWuV4ZRijd*`<sIM|
z&JB$XHjP}j9z2G_YTxZI)j^k4OAYDHA3ryytahReK9R4w8Q$KtW&-quOmCL{p#9Y3
z5|OTS!(SW<?LaWiqe=TvyXm#`JXvz(^kUdD^x&9JeCuSdI+^Z{_SoIp_%h;l-5T}(
zx9C4YbtFiUa<f4Hm3-6P^X|WM0T9&EATZs6yu(UkIx<oZ=F`0Fwx5@%3I+<_$0Pc$
zI2HKWIkfDaEM3;zup1xlBfe;ie{RwqZ4iM}oLS@zbYrHm<V6U~X;Gdm^}0_3CgGra
zY7Dz=ak2k({MOd1nVeK?ZuJ)--bwSV?MCvKHWn0MeS{GaX%$j8<HW7SZe0l~pa93C
zy9!69fga7-)qhj-@?eWJ8&SXUId2cWBdZXUl>7qh0yyA}yP#lfexe6ldE<eIx6*jc
z6tvxCuOKFbg{WY#&8I31b4E~%SC&=6f$adOy!&PK-JYXLf78p)<bEgUEewRgjj}Zx
zmFiIhGeiJ-kAIC0i>Dr{n3><D*K%uS|IN1BnSsRdLNaB8_wO8Yn93uss&)7yN~jeX
zBn!-o^_r=SVgW^AaHvF=aoEoF(L-OwcPA%Ay<TFlS<8*bv1qg#+V3uu=PvJPu&5>T
z3Ocq1`!hBQ**)$FbEUP3N$yzkD0m-FDZ%5U7cF&^XSJSQFND$ojBI^@$;7w4vxNh1
z#eQuT@bG{vAj}$IaB&I1B4)u@cm5TR3^>+d^O8o3HS)<DvXhD%IbebmUE&iW>&aUE
zeHXvQl&-8z1fXbKFSlMfjT@Y7jTA$3iF*C))p6UduQ?tu@-=glMo*;8S-0c#J*Ce+
zj&QWpXq1!|dC=Z3oSf<G9MZ7-y7KpLc{Ha9qG)TX&qgq_<;mVUxaLr`PU!(DpD_$f
z`u!0Xk%*Mx^JC=Q`C#c>g#n_IC9kt3ev^K`T8-68FBq2F&Ddf;@6!UsbYx`4_<{mc
z1x166o>aiBqo<Och`g=A)OQAUGa3#J!QgYr$mfoL-ueu;pM$9wt(I+bzPlu*9pe&<
zWrCa_07Ti@@AP?xw$=m8Fv4w`9*!qgF9h9W*CMysF^;)lBGVD^d1;X>ckR#r%m@jm
zh7P%+t6tGC9QdZ=O?{;ClDT;tJ%g@p=Rh2`tQfY$Wv=T7$5lP(h(>;U87^>&RXuSv
zl-fd<b^Z=Mb)=?xb-aq9b$+7goC1D?n1$2g-GBx9Pzibq>!+LCXY!k)cRS2DEccGn
z>26>3dGx}$K3pSc1kGJNUEF3qz2xdt{QvF1zky9cR!VGn<{y3AiyH7{ij6(*4SNbx
zq;G`;>gO6b>#b>A#&XVOtWFVAN?YwN9!d)`D)GpaYdHE{yPKN;-?}oNc6ivk5IdZ6
zLIDHwuWs+rdL14?`b}$|^=42z-@hL}i8$`5U&&-Li$?(dPjHSoxvcEQo&J&1vZvdp
z(q@(j&RRTU+ztTldK*UC3=aET;ICt5maSS-fx7}VboKGk^PaFXC^DnnoIe2y*AR8}
zxbk^#N6|!<{FNun&4?SBeNfy|)Hm3)e%hxVdG-ts-H9b9r|MoZ>fYJk7|Jj7+PnMp
zJ4H&wOhQn#r`eq1xlLXrLGU=x`xN>@`3Kl3CX>o!6-;knO1~+hqNwW5PyMJ{{PAoU
z5KB7x`nKux4vdfYc6;HL4elF%L>xAj)n8#8Z(!1SJU$5}kWm)HY*}mi6cqd#4u5sw
zSWk#hgb-%r^=mAb{Khdxs|#7_KjML72DMFfvIZq6nQ4!`Nnx~NOP5~lp>5>_c^`E)
zS?jNfOt}FGiad%^SIfx#L=vzyW=pc0WqzLhE-;NLUBW$AQB*|@|0pRM<4qO%Taezn
z)3A49%zxqP@lUz7l$yGFy%%jLI6U-`hql_m0qW6nKzyLymOMV^{fC(nDXjhddPjEZ
zOTqx;_5-09C_(x$M0O7v6tT?m@}#LL`{R{C!Dtd!H;c=;FSkuvn@C8w+^$%9J;Xw9
z)~?bmUnirY@}jDGYH@0)Oa~S;;}wML2txR>vsiBiGIgngPAd!!Zto9>enU4=g)T~r
z>ffG1@jRX)14p5t;C-wKRizQ_*Bx0N=ILs`nX9=<Wl^#E(7`P*<Oq1ru;Bf#lNf=B
z(m(!{{n7IBpt^D})EDEsbW7(RU4FiUTVZWKxEB~*-+9-8I4s3*pcz+FXL5qPYZLsd
zv3b+K&Cnz?St*$>Qa(GQS0rt&xV=7?0*d%zUvtXIZO<Y2(&aCV1LwPjl($>VXdDmj
zRdZ1D_fV!B4?6oYKTcelMDV8G6X^2CCL0#w6{>e_M;ljuh^u|ydqtf01x|`5lHprh
zW9GDEu0Y#yd|87KRWlD9wWTfAB1%<VzZDK$3HoV_r>z#_fyU-E^a7Q!wfxL}&K%aC
z1@iY7a;)!r6RjNe_RhvPKATj-##PlZ|9RosxUba78qPq6Ph(LAJN-O)357{yL<9pW
zv8vAG*!Hw8BjB3Hhoy0B<>fx(WUlR+@j!Ev_5H$ViC0ARJ@h@JSL-g{tu~au2fJ#O
z7hPyVt*}Vmlb`CXZADsR>dcJe`FSV|lz(no78#sY>4^bw#SOLEJ2M&^f4xjj@pDAG
zAeFA(<u>L4LfWjG1E~WX^j8mRwlMD!3*89rOZMz#Vn8QcE)S$Tn(ARTYR%)ulb0NA
zgIMfMo_9ynI{y~60N+WOa@$g`*UI+Ii})J)8*qiI6L|+CYof+c%ILJ{-bI(eSH@j=
zLzh`(OSMU$p`zwj1m$C`Fy%aw+T0OvG21^(E%-4Y3>?F2GnD>9FRX_ng7D%$dmw})
zXgH$L))yV?Vl)y2_LW9`jBf!&U&T=435~&KUq24VCDDSwTDI5YnzBEi_j$#BE6#Rx
z`SMWrML)52tAL{t4RidoeQoWU(~Zu-F)=5jGGyn@h{lTqZbAR-$=K2|nyg_ytKE%b
z592|9OkZ)88~7F+&g&11hVHLk9T^Rc8v=e2120rGp5Ye$;AiS#Y9=)-lPabOWDZhz
ze<N^vY1~1;o!~rPal?S{N5tdd_nYe|(Ol7`>pI&?T!DYvVG0A&s7bTFk;@3&h+B89
z<)jM&0CwHuvq8jAea=yS#f=i!di<83^85E*Zch|d*65~b;WAQdZ~<QiTi!;NeQys@
z^fx!}H@wovxb1DF7{k$>seC)<C4NMO#3gYj5l+dEXuvg;ms1ECT|!^e#5v_KsbGpt
zO%0ke=SO;*!tL}ai#+g9q#i~KJ=MY@`)jTpBS~rzH2V}6!gd8(6V1elfw4!F!Ke0}
zZ>Npqw53z`v;Y2uRnLms$x{{=e}RGEzd%Z3+WV3t{eu4%#%k^n6&T#Fw53R@pQA~9
zYGzno57gTp(F`mo=!+55)P!`q`9f&3t&t-Mj=9tJ5)l(4!JhHrHxy=(%8hMMV?1en
zq0bVQT$`Ux&I|bl*c3pSa?7O}e71ydcU9f^C}?jzCng!`e(V0bxzZ7o)qj3O4a2@+
z*%{H=Qkv&JUThhip>D(kZaDADrQ4}cfcMGX&CG#d4Ag|>lEGbw!}nitUE9T+E*hGl
zt2Z}(Yd&y3Pca>GA3?uX#HiWe>0{!?cFBlt$y)i<PJ=?AN~XJEBGTVD_gh_#9ekc^
zazGcW+_5`eXWnmY)@QwR>j-RS>s&6M+x~-on)RMFa)Dbzx}MSah-5fzbnzxZW@QW|
zrPM0I`a+2Vd@xpCM%=|L8{Oug1k>T!eKz_r=mTE4EaXy%ovgmvyU|K_(@a7<k}|mb
z6tug$msK(-Ak`<&UerG8V(T8Q2ah*sX)Qmym62Z@dX;XW*O5)UoK*Yk0=-n%A+&1l
zadR_KPH|SyL1fbbk4Gqp!0M3nA=<)G-q=Qd#gv4!HSRva(p7^n2mz1O<l4Q3_nz^K
z$6J?hTs3ouk(Ac&6Nh)^3oSt`jcr-{H^arlJ8kuS1x_}_L;bWa?I1VV?7YAFQm}qD
zzZ$a~cgWIG8G5G-+@XyS^*a(prpw#D^2<_iEMW52!gSO^mLE*rtJZFJr&-MI4LaDV
z2tFF2A_v+kkSDWXoZ>BT3x<lp{Z5SSVKQx#_C8U4tZqpY;Xry$e4{hERK<^fE9P>X
z^Q6Pc8Z!x|`)7E1*tDV7zKb><TSwnGGQ_RztfwcZ!|~tnErVamr)69F1q3?QD(WRA
z6B%W|kw(+`U+SXxfQhyI!dCC%Wa&LFZ^H5$hb2#nd5=w&dortwwTruGC|=#RAdFMc
zO$?mT#T_4sO?PvfzjrA=cbwJ2snXj2Rb~N|0(;C;vo^i=3lCK@#1J=xX~QFv`qPx-
z9l6<++|u6U{g^qjan<`g<C~BBI~!7X0mHbq)cgUx_N*u~ci-18EIv0LHfyjYa*^5V
zsYq{2wBQV2E8UY`1U8%Q*Rb~$O}3ZOXuhzhx<X!Zxc}3Dz~R9xoE!~H`jEtN#Vx41
z_U{ZIX@oYvowlGz6&oINX?}vg?L<UY|07Iqj}*|i%K#ba>XyuHZieJX`bED12|yC~
z#5yA>B;Qjx5ECbbJemW51NbvIY2fy(5`)(hZG7B{-fsIX7cOFW0-FDe?DD8j#g%<@
zYSLi7HtpoZzuVk}de5twKh_<`Jd^++y$pHu2v&FQtJPmow>hT64;qmkYs2NFc?-CR
z!r{NqQScW-3kuZww(mI@wIY-K{hzry7iy0JAo!dCO~}mbK}Kax<90(3@(;uPMd>`=
zF|FcO41|L@bIdpXs0u=B&&@?hOwU+C39qf+fQL~#F=5lF!BtWa?tMq&Mmt-&oLTp0
z6Yr(jlqtF1o**Ewfp^5}G24}6zTU>6EU2uwF}63p8Xy}iKsGUX!*b((aWrbxexr1&
z+?*O*@JsFogo))DAx#TN?j@x|7S1D!R3L@RMJWeX&lb3#eeiiRv#fRK2rVoRKd4+J
zporSg;CB1`Pr6P+3Mw6%00~2;w-kb?{bcrDkEvTmMZtIXhEVLY*{sFHfV%p^-FoN~
zG3iQX%d#)kAX$a~=m7~cbL#r~xs2)<<0BC5UmZv_wfQImSk(leu2N~YL<f9O_9>8)
zlWYGi&C_cfLI42rv(ZSmafnW5kA+5KLJ#YT`)Fs7OI#xF_VLnpU><!}P6TB2L20~@
zkipb+lB_<aSPasWmSB4%aR`^EhJ=I!=L+6K@OcOYRf3^Z8kdBN3u*-wkmo+V^#rmX
zP|hS(RY@wSh$K4XwdiaJp$K<Ohi(PKaxlKjmMhFo5x_wR(obBdBl-TRtEh+>xgL?J
z_s56wU0vGYkAWf<YuiFDuNP7?_jLFDc9~~`AxYoFXhkoT{#_svQ9?f1@yQAi_wNGc
zrDt`65DtO#N&^kzHZCpq$RAS6bmfj?Sl5A^WzV)u63V29<<H<-GeyGn#$)2$t8~A3
z@~{7kB+a)fI~}w#0z1DhJz6q!SlUf{Y+(kFubO*u%S)N%?Tq1N?Pc8$Q7agiZ$G{`
z>QB}8u{7>Ez!qsW$|jed{>vdA$(TLP9K^(F<et(lRL^c%kZ9=^Fh~xf3HlSC?AD}E
z?P7d_3>aHchN~um&%6{ZLV6!S7W&`1&M$rjT|Lr0#vyC-;R+g-rPthNAK;cop6``v
zMMJ5*|IUh(7JBg%&U0<5`C3=n@$q80dDwFZ9xsh{fX_^w?0hnak1u33-Z->#%|AF_
zJCjgLHyl>wOIOaUnUtuNZ(BRSQ`Srjvdr}!CNi-bUnY$*vN?0}iEW&Yh)QhW-26*J
zAokXG_OBQUWM73pEB=qYtFt<fQw;zPaW(g+9~k66?;xS3dgGJZbKH-XyAdx!BxSDK
zN~Q7yW#$P+V)goqiHTN(0JVG%DevfVO#f<f4~fpnE#LfNY@GCmLvS4=gZ2@-_c)4x
zWOIO0BcG(v<`d4p-qSiaO~UYI&)>y9s|}~(_Ls16HBHXHY`(y}eDE$?oW2X9W234s
zyhyU}s557FyY_qtnmyb<&dAF{@kTA2u{&+lqcxzS9Yo;iX1o>qGWxhtzMqq9`SNAb
z2Y}muXyk#S9Di&OPpKfk7&GRakUkGZPSHTv(icFVckO{7YnF;Ial93itd4R?@d@&u
zg@+2(@4kNO%z_%&WRc8Hf{DqUEgdOX>Mzaq>_QwkgsDoTdx+pLvNEJbkw0@^#|{$m
zSZZUEl?4?Im_w*^oS?0ph4zy<`i5u-Tk}3AYUlK0EiMjF7OWrpX$(oGUe*cXI^7a_
zze=bpAAHwRI9=1NV(Xf+Q^MR3(_0{xQ1?h4jRd-y_XnJXc^F?~Rj#I0@11|Ci_1+A
z)_A#i(>i)eC`>`|EY!u;M9_dH{GmXSYq9cd+d8W>JW>io#OpLl_vpX2a03aGQ1EX$
zJkuk$bI^n%Qig!+KqN8YjnlzE(!B+`>Z-g(=s;u|$A8#GNHo)%4CZjb2?O}gA?Fkv
z^No20&X2X+t;fqFf9l)Ma}Tte<3fsa&1CL|v7JoJEL}~TOGa=lmz!R10JxUXB+;mp
zEP!y@?AKm&b(8Q+3OKKIC<5pPB83plZ9O=K2b<Ls6Q29&ZUhL2TM?z@bLN+GN6y^K
zFo<hF@~&{bG6X>z&)c=xA0<D8fQy?L)B!<R^g#Se#BuRoZ4#p!EHddx4^TzBL&E==
zd$1jP@RtriY}n7c);W@dPh|2Uls>e|8K}N{^~kUMNpCI+s>`Dn@^7Hy6B8B2X67^a
zyOZ;s-pDAT3ds_Bmr)HqIzOU=%}c=I$*|D+&u{jiXXmQIZ4~0`cX8bb&<=pz^=)Zy
zZ_}LwvrL`i($^9#X#&qf1vt2nXoFx#=vJf0F3hlWHoud|r|bX@&(AQW8qE+w(R&AW
z#s&b<dBE6jE3sHDi9P<y2Y*Kd6^v42`4VzlE`PVZ@TYScV3LX1!JopypvoN@db5$Y
z>%CH27sH&!WlVM_T4;F`OH15X#2-YCxvWp!B5=5UR(5jhvQyrL@)&OJ2D^h@k*c`_
zjz5m;Vy9AnhCLZl9~!D%G3qY33d2nQxo{+$U;t>k(fp+oJ*&!3JkEH$$QR$<jjj2s
zWa8m8Y4b<@8Lyg;$<2tW3H7ej0ZCS^rNegk@I%ncyrsyh33Ni;x*;Kdo12jp6`72x
z0LXwaB>;odwTfw~C*zMqBGUQ~5!^67Z<dynN>)U}>mu->%9vO_@j6nt-QelYq`Z5j
zz}49Kq6D{SX<n6oF`f7fN0+ULyvvlM>g{O#TrLt#FQ)!Yh^4asJ5I1@{KfL5*%Kzc
zd3ZMnKm$O$vJ)a0$b%Ux{y2q0+~E5_!`C6Y4c5N9no<Q=j;n9Dfv(^3d=0ZfI`RWd
z+2i$t%YD;lmc+;<x7IIZXkM8M<T08jGv1npsi7fCi1CWdz<_|KkDNRrz!x`PZukJq
zG#Gx91BcNTKY+wvfklK15#MtNwZFP92eYobLCUzZ6u>n=+3_W6uEB#9`74Rd<}NJw
zeWm4-q1u95c~uoK&vX|@HxRqk^K<2Pc>SzayjN}&cC((s5ovwJjhJ!DN+Ly#IW;sK
zUkFnLF0*>K@hLbUz*pz(LP@38|AEl?&u!3doDVK~oyt%qGaErb$YvDO_yDM5w7nEG
zY<c2|JP$by9{9stWzmaUWa%>{j=mF`3d4hk8XsBB)AG{JF!T`(2r|v1C090J@E2R$
z@Y4UlvnyL@HskQva;?9Ew$roz2%b5Xegk=~`2>HV<)0*2n^12F$Fq7~r|s3bi_Rjg
za5<o9@(doF^}V<y%Y|ta(Z8Ax2XiTCI70-CHW<M$9Pa4#3Gs$vk7$pk$raFN0(q|9
zj2B#He0+K^31T!dJlS!~&_Qlu-817Qa?Izn^$pBI%iVsxPuWp&Y1;hAb7?CP1&7ZW
zvQgP{rNtWs?h>7&2Fan{mEObZPCB(W5K*z}ZLBM}5QILbf#C}vsPfa8k+xKZ(~*ch
zyjw!~Y&s3{jXw9#>!;kytl1Mw7WovX6B$THA^ke{9h`Wpzlg=Kxo@&vY||Pnpf~0h
zvO-#)C$3cUe#75Y<sOsZ;3^T4P_o?{_*kr=sOZV-77hMeVSDxdV*w=SY*usfuM>Dx
zr$_Bsx9-nBuhD5Wy9cJRoukfVC}}B6Uq^&W<&wTNmE&e&TN*@v3;(xzk=<d4h>$*1
zG>2!pEF`SQC1ypNQ(pZcQM>0j{&s81AgqTiFu6xYO*M!xm@Sp2<yMy$5YP?Mp^WBU
z{!;aI8;=h_ZCu+AZ&X?OtW?`oAIi#%n0x3;(U3yuOMC%ZiGt`Kz2VUJCN0DYvOj$>
z2?q@1CZE#0aTYJj8-9i-M*zvMN78NgLY(RHJ()4w+qF#@vYktG_$>`Jg`TZYR`#0*
zW{?#UG~|ZqdBOd+qo1}O;aK^F5qtebLa}OBs{@3glc$V7{xCV(j&;zcqqgA*p5*=U
z5CLg_^{?(`_0vgntFOyR>5sKc=Bg?O5Y;4getC*a;`Mq54!B>f9Ch?Auw8AVS1P)t
z+GVDa&}gzw1?R5G$e#Tg<z49y{K#4LnBE(araxC9ty+I>$D`E(+8$xUf1nJGONe6x
z=V!&lS`h@lb+R(jDJgzXPt#_fyW^rMy`Q|I)f8>lIl@#(OP9Z$8taNTh_`pNkH#G!
za6j6YL{ZIb85#Qd3HfKJ1Tl-_d=y_@VIj7n;_cne3J`%*TAx1%%JRwTpI^WQL3OOS
zUpyhR`^W#p>7dDtC70hm-%gIDOQz1-e}lMolK_I|j&68BXV|`)?PYYE(cK=>>Nr#l
zbpZkMrn4Tw{e7$`A&B-JT&86nGgf8V+~?8rcMnS*OjFbHs%rfFmISJZxHg<eJiwP&
ze@r^iXtgyHHGXMgn4OBYp>>mSQ5*0`K?r*PW2dPx>LYe-xy}YliIxP&I8a5j`_^X3
z2%vAKZEloQ8UW1c-S!vv7ME9N;oZCLl=~+x@Dsp2eD<w`_m>O|mF(vpNcTe?R<I{t
zW$*w`u>132c+l71;Nx6pS1mlSon4TBTnC#M#9wEjBY@L<x)hDaY_*(|gT|v#qt<v0
z3=*KEDoysN)6>;hZ#X^Il>x{C%kybSwU~^oVrWG3f%#XB%_IWu)+QJmgrHb}UjPU%
zhHFKBhDg04a9%+HL=G?|qkD|#Y-f{J;QJQq-S9weQx>^lRIh_4|0iMju=hEgb{I72
z0OcBQ-g9F*9nVMN-(q3}DxWswv9f|&E4$2MCJPBeIVBJy%*j)sJ~ytj!lTj{0b~<g
z@zMSKQoa=VSPz3D$j6QkrlXb)Wf|blv$v>%y|1Hm3%7Gzge9fyIP8%7gU1mMFw8!`
zIVxw4f!8zp$3RtxnVJRfDD{c2Zj?xNb}Or(!K<a}D)vg$%<0K!L8ay~c2y(S2)-Vz
z5*JmLu1$iia9K#NG;-32=5^E#tc=PVNapV!<KmQzJz%tHDLD8qzDI^g@u83akpu$_
zee(k%y~zL-7`+BJ*J=k=5*vidZK^io5ZIPO{K9#cS95jpEHE{#j${xopW*pRBe2P9
zZ%OPm<rS!aFPN2I@6hK!O1>ZUWNczG-I5-fSdy7n_Z_mM{46$!$p9?`?gN@f(UPC4
z9UA@s1rU6YxlM6MJ$Zx_?B4<y&M1)97O2+rJXUDjt-1aL_&Yg8!jU#OcK}raKz^R7
z7v8K_jpPH5vXUaNLrF!YT{W}g;VrEKqDo|FLJ=`(sZ8MkBFudKD}0Kt<A5jeygk!@
z`2dAEcPkW-J$C_Cim|cz#B(#Sa`T)G&t;L|&R&h5Vk9&#Z_C3o6iBnt>KJ{v2}SUK
zdB<00cjvqFz9SWn*4>m-sQd4Cv6Rk+EA>9tUjow7v|x?_83{LIwTxl2qZv%_dfPT<
zm-y?#vaHyLj|~_K-wxg4;jSdRdRt~yPBieWuTE#?y4+EC5Hjym&l*uLy->I9_2OS(
z0%+g*hbG&m&yN6Y3xkm-dNWSle5E`HST@3tb^Ov@FgxXzPiSu#DsgqdQZrbf@#JyA
z0t3H8tMTqW<Kd>)b7EP>w2WzDZtitF0Xggh%lY+Ek;<NMZJmc2U_3@rTZgQ2M|46$
zy3K1=ZR@M?Qo-$i#^z13+o5fZyPK4(eJR-EQ~6KU8IYtYOz@FB4~m`g3oO>V`ab|}
z?C!Kl>?zy67W<3SiXE5;!^>ThLr!ZP{<u@;CUDkj;_hxO9oEL(^%$%>L~uhOT3C;B
ziAHO9C+Wti7?nm<Lf0N%6y4Y0(rfoz3$EiOw_mIxQm-i^!j7Lbr9Mfx;brOO(3wu5
z#KfQx4#MHK3Jw&*gKMDCXi1ox6Mkuy0^tX7_2$Jq>oW;Ux}B5sC8}$-A`rv^$y-=d
z7aX4;d58%xDAeI@k)Ck7ywO48Bdm{%Cs)P`4sie94-y@?5Y5MQ^XaEryO6Cc|FM<D
z7&D~PcM@Fb;**iC!5mmZf2In2SikY_V7so>ad_A1m{{Y=TzXLCdc)fy41#yeRi=%P
zmvw$?lwSzunm?y``${WV-}{Yf=W2h&r>J}SY}q=6h#HTtpn#%E8B3zmMvp3#P`+^Q
zOQ1+1OR22L3>7JOlr)1#=~w^F>Mzf&#G4Z#1z9<MPpP%^60fzzZ~{A|M3gugIW{(h
zisIZ*%0xMksT0ko@>y0t*y91gj8>IeqYg_^R#Z}QXLwf(%t{KIjabtY+<)f+gm|w=
z8yTV7*aTx$J#8mvQN0*HMe#Y$SKa(;x}#*VdJZ8H@eF~%^tcBHo2e3R@Uy%Iae@5;
zdJi;ckp*&I>goh580<u)TE0MyrCW;NTDR6%&V>WdsoqXGn&i{?$rszS!)8s5dgs`J
zih)E=#D}7#l;<NjkS7|K7$*->`ONf)K%S^TOWsvx0Yxb>E2s9uq1~0NlEw(|$B4LW
zvoeui3I3~Vao-jV;|<FXopTcLm<JJ;+IVfZWm>U4Tx)bvyNQmHRRD)8?L`JC4>MnE
z(v>JAtB<#L@5UP7+$gAtgtv>I_-=#nq)lJK!SzfgR}9W36tR%dgrc$gO+bV-3Va3F
z`J%0f`93&y0z_|s7tjSTMcplkWdty{m=xO&Kp%Rvgi6P5KM_tKu_Vr=2lN^1=X~V}
zK4#J!*5y)*UgZ0p!)qSuP2hux#)yK^1(pn(^=ORG(bAH?%RP|5+`2^}M&8oqVT9X)
z*9~|y<}084%>Zih#rX5{)m2f!(6O2?24+HCd@L;Z2DT`GdOoD>fR``0UTnU5GPC&~
zeHI)JYX9UJdpA`T`R>YY{EA@<`ioaQe!US6Y#Q!^Dr84yk(^bH^<!5lmS`%ILBh=O
zIqHFoLY@8AdvHIkkB)(sxuOei@Xc?aI?)l|`9qhaA8}qAuQ~xbS&w7N*o1a*9(oFe
zGNAU*c^~L=irDLCcCdei0(9?TCEjhBk@YRg8IxH~kL|Z1AuI_K72-$T{@@Cy?Hyad
zh-EKH&CY1LxuILuia^HuW&;VE&G8Z4VhM`C@vCK|bYo6-9u^Xh(=&r_wsBgMbV=h(
zO+?0n4Q1*BW;;jjhz6hBy@2qG^<&}~yHm9b^Z!HJTZdKkb!)?*B1nUTbO_QR-3^Ke
z3Ift0-MxuTNq46-h#=kFNVkA=OLxa6zPX?CzUTa&=e+-Z>q0Kvd+ojEnrqH6?s1QM
z%qiW)0b)oR>D=0>?n4tc^WApSkoL86bBni%V<j*Uv^h3Poe(d450p@*5OPFUQR!o&
zUj>i-jNeD+4g`;3+1cm2y_Y>NH~P8tN)T8KtBUfKr@mDuqCSyrXJhpBE@NOMkX7B<
zF8{)X)M=0Pq{C+d%TEQL#n3UW9_P*0?8uIRfdMCGsb6lr$LMJ%+uI2z*WLoJ`&L~?
z%3C&sjuAB9PPYUP0M<n_go-_^&8-oA(u?y(v?$#s_?AZ=uY7HDUcAjsy}xU^xDNcN
z7MZ9IEO{wGhO4<C;5=7BmZX}Ubfu|(<WUFQE%gk0%$BdlaF82s0_z4Ine#Y>X^+zQ
zfs*c0+n9l<MH!h-dMkKcBqKvEu@oLgH8eE5ycwM(zKtQoM{W)y!=$TVegMN9nChng
zFxBZoM&y_oQbzJG0e+vWIeZhP%xFPO1VolSp0{Z#7Bw73J1{<BM0XKU&DsMaAZLQ>
z(SXGU3*7yvXF&1$q-32#&mli#1(#E|zz*oZc6nWJVb>v=_4NLXLsGC!bLWKF;pzJ4
zK-(+BlH7R{M@wqi%7m!6s*k5d8jTP%pm`a%3)2F;NX$6Lmi;@S3YWfohcOG-F3InU
zbXJg@>o(h!K5F=A7~C-HhKd#v{fn|Fo)!_vXPf3FEO|(}q>cV=5SVgIX?`?J&hEfH
zu}8BzJ2xYDv?|`mBftX+YlXnr+a`%(9UUDi4-bzxyu>$Ei7A?GYX!t^&|>h}FO{=C
zqcXT==9biKwb&U`a+KJanVEdqI#5ky&(;i|+b<g5G(Uc)Y{I!C2dZM+olmN&nEqY(
z)6KXT!iXm%Kx_!Ixh0mBDXC9uFCM)q>5>FFFa63u5Fxo{9op&S1ZEqv^~GD4#MM)u
z5TlAXvzz?5>^nJn&09OpVLMy=c$k8+v{3YL+xvzkTz*~_dQ{uC?A`M<w<I0rTzT(!
z2ZR>e<`!hiIvUFF6g`hKPk`PXRe}NUU}@wFaH#Y39->J~;<#n%#qU!DB9oGS7HM4b
zOHhh^S%v-j^`7>XG2^pmoa|G`%`O%NyI==gG$4DI9e6GTM2D#YPKZFd2iboGvZa$d
z-M`+i-(4p77My_1>EO8yplafN(d+>e`SRsQg~e1Yj?>2QT@aAhVgrSbptFw$MoSw_
zOnSQP`$1(9^+qIVOo{5ep?Huu7$8*2zo+nf((1<G^pSNlk=8+;Y;$CBxj#2${=>-X
zY&_TRL&M)wb7Y8q8TcFm=xRQStj^|QFMMp-_JS?Ax@_0YPdL9GB^?JRWq*k_LQ=$I
zU}eq8t>%7W1cRMYu4Qdp!_PYY&5eQbn7HiPWjzmstH+d-^MA+<F<0gr3JR1ystv;N
zun-zRf-Fg*Q@b7O_9y4Of%Tp*@exvnN?b*L{8(r=MRnsoT!e~!nqIL0R8q7N(b%DQ
z0`1V8{ct0iWSLq>(g@3(&r0wBQ^7|(|D7ETbMxKm6JUEyr}(ZGUe7Dgk-za$uxa0w
zz<vTy6NU^^NRg{J8;G67{A$Z4ji<b4K2Grih6`i<V8$6+T&W7Xg*JDc7#maYv;SAa
z$u%I1`>d>Lz=b57;e03za4gRwlv3^5XVU(F&69{a`AbP@=@2?0^cW@ZaI+0&yM5wh
zC>^dA+Nm44-hZBw1Qo(d@?FWU+|d%UzKlxLE&3{>sQN4jmCoy$3_x{&9)D;b{$Agu
zXPo_p1?>;)Aym~@{8@7_zlf0i-E=p%X0hYG6zh|gQbe|dr+7IeGX1F^g`uIr>Dzht
z{sy$tT#)(H{n&AbtbQlvB8Itgkgl`eLL~pXs;bINObwgXs@MxeZNPU0A#?z5DW#az
zGus+qNgmw~!D7gQUatk~epK;KNZ@(*u77*K+I%ezKYqSR0`%2|*PZq+t?RD)dY`PX
zN9i8O<*qcTB4*gwn4RX0oxx*xVUE}>US_q2S^1`v+C(URyDYOV>632~>BO9BvGP8=
zYRxnqJ<VzUKv{TyeTuRRlo|+rnz4&+)-UG2o&DjQBS!JVmtFyxh*?6*WfDOz0u(GE
z0tgH%5Q6dmGnx)XSec8T%9vHKN>hhP41>s$zaGiA8$BA1$f>A{9Hxnx!(YhX@smHD
z?O_rPPYOM9pO{QJb`hGTcn+9C+x;7P7OpeirKggSfLhxq6h@}*c)tr+dN%8Src6OI
z-bAK%*RZuv+1((&2<(cDjt`_PbobiBgKMq|YNF*n`z}h?Bdwz#el6C#<N#AsSw#gd
z{QXlrC*wPlji|4pcy)Is4Zy8=!ERk*dN7b%D<~jl7Xdz3zdKBRwK81ywQIl79{Jbm
z3`@X~4l%1YqyuenHa#OxVLb0r>aT>M#$z|3_o;k=@r68Dy|`o^o=-A%bFGLsjW<6<
zX?{msG3fEszdCw7G5N=0(E+)IzaMBWbIQwupFKCW$f^nNc7YrS0V17-X0Q#=)IAY*
z;%v;afB*JzO1)|I2P)3GI%ewkwS8O(pj_sMyvGL%CU^Jk-%j7Z&p+GvHaLvtw$q0z
z=uF;bh#Ek#zr9V%XznhhJACVzd{Kk>{zv)Vk{4gy7~2iboz75>P3H}p%YJn^O;~d9
z!pe`4m!q@0ug<MSh`2Aj+{1T(<aB-Oi!A$ttI@!zC>9jtEJ5LqYow1($`An>ro|=a
zZX8~M60Gi9VdAHsr9ba7#FxMBSlhh3zS$SmZUq9CTr`I12Emv810e(SgG|JZp87gC
zpaP)17bDwyWLFx+FGuo8MzKgKR>oB5$gZTyBw~hdjAZ)s%4YreN@h;;<Hm&uymuLy
zjHubzLHV1fZq<neQdB3i6*NyrF0YTTZ?8P=N1Z&bJUqd^H6j^oC?(Q}V~4pT)_IME
zgtbgbXqS=Rwry)|vy*+GDOEhe!mTG6&Bz{JWi9swmJ1+}s^V}kcpmk+j`LAliB4lQ
zJPbU3-U^QaQM~H`lLBUty*=9WeHS?f5NO^B9UJ7?U-x5N9Ekdj;i0cEhh#r3LPe9K
zmXHb5|69WbsoW1;0JtobA4+w_(d~Ud?-iBn8uKmt3ur73IXv(t;&-FYHNw}Jp7|<v
z<?BB%Q+b&Av|^y2iTiL&vv!=@1#eiFIRtSCcD-wZY2ifo{#|xuAqg-t07$Rj`!WNX
z<r@f{k6oG`dzaz)&3;8N8P=I-n@eoGz<Si7-*!9P)HOTr-gE-6!{VQ|ZD3R0ryOHy
z)_O_X)W)yIppt+7GdepF)?+4#_n0_8EIebdTVAkA_)yUK@Qq*Pz4-{Dl@1_3lpj~D
z?7{<V@GkYu7GdDij*x6~{p?70uhgAy0>ul3Q=fb?FMDFYU0#V%T84zI!y&&AjbN>}
zaY{x_gf#}rWrI|KV3V@S6vi{ZP6H9Z9l_&W;BQj-or9Os)j~^KquT(?92;B9tjms=
zg%Dx^X&6u4w%rxiD|j*^oJ>lZZggV)$JZIa4qvZavCRs(d58dhp9X~UaVfPk&6fzk
zDrWwu(Mi$G>-nIEfDLJcW$j>zrcZQe9ZuI{wX&aG{uP(u+4n&FHrEiK<;+^^-0KP2
z6s@b~10Erfm6_!q@3N`gDWSBb<XSZ}WMOdOp+b-CHx|8Y^ndD<UZ7xA2MCZoiWF?-
zs)m?Z9PQQ1!MSTdThXYGE#C!ad@$2#n3<`^aaboo@IwwrZt;A{{Y7|I2sZ*zjE|kt
z@a%#Ns@C!)4Pvcm_p{~#vNxaSL1-jBDG_l9yj9-ZX`qK=-JP<dOCJL>#mV*9`oz~G
zN?7gVmBe_-7t~(?fN2CC+BGRHbZYk{UF|Z~*CSwWWkLK@O-Leo{Zq^ZNNWJKLW7z2
zDYj?LmBHbp!X8EPsF<^ICi|}U;zC2c(fYY=z#_+EwOY^6r+#$u$z5QWoA=Pjb{t+>
zP^B|5QCRdmLPV5}feTd#m~Z&Lu#zg6NGU9r9FPxd*ZBbECv4ENcz*3T%9HJ1+<%kP
zlx~^;D2)5?&yuB>r;k?hah@k}!z2^DZuuF0ULJ>{ws`*<{4NbI|5GWftuWlq0}-<2
z!wIDieTCDm&MSGhH@@FH188kQ^c#Q?N=Lhn83NZUzk!2Z0D1h^2YBJ?Rl9L8rs%?w
z`<e&cfxeP*O&<q9s<qX4t_0S(HlRFt_LlK;$q%3ye+`6oK<FM{ZV($3;fZEpW5d3b
zwRHNMCzR}uH5~Ek?@A{;DWI78!qx4t`pXPYT>|e3?(-#+#iqz8TDUDf9TubjvI_;M
zrXVDROdLBXGGjPj@e{C?cFHQMIlZ`|54VD#L<RU`AUiKqojSZ6A6t}_b6^76I?Ee(
zLf~|$n3w|N{<e#`^bqP=T+>6{++HVlS6DCb6bl1&3&6f0D1cs&?jUy{QdH24nj9Jc
zUA%jX9UXX`h-gMU6Z;5kgD7pUaq(X~$GM}?pT=H`vnUEBfOy|fm9BLB$TYFNQcIYT
zf0vu$BXjvYy{+Ueo4#)ArtO9=sgm{ldVek#sPgM`i|S0%Oa`RPm)-4%A`0`hu}*i;
z4;!o3hQn#~_q7Q6k)0Qbr79|_eQ+|MzhADOp_hy_q=CIO=w$Wep6k)qkMv%x$YYzB
zGWsZ2Tzy$*h>vM8i%x%Cx7*v$OMBaV)MiNKpj>qy@veI6X-I`_r@db}>gDNV#2s0I
z3KomMv$__R+`#r!iexJ2Z4%|9JIql0@J0}xXI)sls4YtL?rC4pBm(Sw$ASq6N4OCL
zKLQR?x-BUrgc0KrCOXl+EnoG>ih;1O@Y|T)TI5K01i5g3GDn25<tjuzlrsecC^IJ?
zY#Te5<ei^jU$`}E5R0iqbH4=<3fx5MO@0*POU>W|nc8z>v=HiY*Ik8T1(3lEk?Y59
zA|D!W&8}d~wgHsrdm|O@3g&40)0(H5fSGo9$&Vqe$VJI4>+>gq<!`tJxG+nor|2Yi
z^{jhAK?h(6t6JWF;|K+*T0H6B64%5aJvf{yr|lt}P0yjPgqz`UkCYJbszkS0T3wc(
zJTeeY0U+1_1q&eR#bczDxu<KVulh9J?mKU=bnio64%q*4f-6FP)F}8iHeQndT8Za#
z<U<(&E#;yl#m0}gKXPD4cQ(PoS7{eOZV?XYT%SCdi6F{&3)C&3C2|8)seBG4kRdkb
z{hl2H28+wlX<WaM4C`r`6k##hl)#DtphPasfF(zk2{z+gngTJ)+4O?r1z%M)-(K~Y
zd)bzOo27#FLQ5c!Tu92%VeKvm6*();ZD%zP^aG0jrM+09it-v}@9g<TORd!7nW@-u
z5PzEQFcXhP01|(sMe+*CA5bOFDlqZ@iu}C;d*W}=XZEcY%ExAB@`1vGJoxbv=6(7+
zG)i7RFA&n$7EbqPp_;^OTKIR=U0H+FjSw}6&*7q?2i`z#%K6PRrH{%1pfx+ijZdU<
zmn7Ac)E{QRwh1d`^9R`2p7t30+SZS<eV8cM2x&n4Zt4*hqCm;Hi<A9b&$`TXc>xc9
z0Fbv)Dk>>VwLOt^lok%T^r+6`oK@#qI>&07kHJ2)4}4m@=za!kbQT|-LGqJt!CFf8
zPq#3wUBpv2Bk8Q-Vo4IYKb=}TgW)(HLhffz5X&DtFZkT?xZJkvLM&%-uW#w;S#wI{
zMyP~(@At*jEc3mrDVd#}L@EIReKi}N0;Dd1<J-R%ZEs#uHi48SJkcUA&oWE$GO=_X
z;pyWQIOp%Vie6A?aSXe&oUf8ZTR;B1@3K)lg5(=%;t3msB(OaAQFsakXVc>aEb5q<
znXT<q;{iQVPE&Ts-WyloC)8^_Ik5+ylY(3<z!`k03P7ASxoo#OSkJ6c5fc%?I*1Vt
zPJ_D-|BBw;L75mDxLXEk|2Hu-o&v5RMgyW$*w|b9)wqBn2XuCB-S;q%W7VskJ-WVy
zCoBu6tlb$-^MFuB<)1>C-?3CVFd+$cirf#~O!RRHQ}9Y|r&$=YT3rAV+7vdSsBih2
z@rpfky1|L<`H~x4RU?;}_S#_Sm5BaRz<9={x(7aWV4pvm_<5?<<bn}OP)sGF{|Xp>
zJHCaz8ImU*3p~8BuZE27eI|c}rOQAgeRBtR*c~<`q|}Z20(U{V+#@u?k}vJZg-M`x
z0Z<+#I`U%(8w2z7EwLBg3Ee+FTI+oM{@s5ttr1;1A>WfUHFn8UFp_zI7`x=>&zzc?
z^hKS*r+!l&72#t!c@?H(=2D6;a8W2k+<j(e-OMd^pFMe$<(^J0Eu9PZO^`!O>u;|_
z>9BPwjXA5cTBi3sBp>O^9s&38llKrPSwKZz|KC0b_161Pz55TXi80yszimubon{#<
zAopt)DuCAaRhj<VzVU1W=iv0+v=Ht_I$Z1tw3K<J4@sSL`lr3qO&p%$D8g7zn#dzJ
zqKPrzl=g~`sDQl4z;<?SJ%&1g<mOuxL`1LYaYt`F^^X0mHDJ`WE_5sxygpz8v)+A}
zR{|Dgymurad+1s8@OY!bYKib5sy1(H_otqJ>4w$E{+GSfqaF#xCwF+_Qh3ipvgk7d
zsHJm#-+hW(d`uPYhx;3PX!Lu|&}|0#VTRMSCA80yqmSnM2b2+;ViWOKoY2J?&b?=+
ze?6S#I9I>8qpehAD;b(>Txg<1es<+2z!`cvUq^uC3vn5VRxj-ew-|dlyGh_nK*qun
zR7Vur@NL%4<5u43+yy(sFJ;Q$=t^H;@YScwA}eQSE!+B3TY>#3qd=3V#hsXmasiX(
z{&Osy`w7B{a=3;wh$%x)f5HwIb)&#pWivE<q&&S9ou|Sn7?^#i>JYIQnxO3Oct0Uo
z&}Wdw;vOejBXlw=vQbCVboUYKz|NI=-CE6n0ot6x!XADZtBZq^@n?ZFZB(w^e;oz%
z%hiN9-K5K5E%Ie(#(YwRCoX%7b}osDwKL21eeA^H>2r*04jtQj$1k36l4hH1n~oIe
z|7_eN$k_YPhZ@+4nKzDD+4Wmk#v<~y8*8GG$z@V%(rX8vlBK%Gfi&&r6Ot<0q1irP
zxF&cz&2jWNl9ufS^lIny2w7|!wLciM4X`E+CD4t0D1{x*xB4l>VhDsj-<LsVoI|Q2
zA{%|iQAI$9zTj2BMXiB>Y09E7VL`)XYBj2!w#6>+u{1uD(9kqYH3-661R-SRA&OV|
z;91{xVB4-&p40hP%rg{!+euZq5XrPy!7+)H-m->T+eq3f4<)VZS#j61@R?_6lflMm
z7}e(OoaCVxGKCl#q0iTgAAyT+6)7YYL0+)%Y!xe*4nl6PFQq>qzwCSaNj+N2K>S;O
zNCm+NWH8%A(@k6^O-3rPFAJ}-k72tE1(HNV_w5{l$Agx?k0%7{&<jwH88dbi%f%Tr
zgGiX1r+%uDVG%Ql&no9r%pn-ftZt|5A0<XoqaiYneVkkT=$!^q6$#m>rsb&m9=Od>
z^;FZ**(h}rX`M9uZ~>C{G3eEQP-1Cv6ip<>KP}l+5tGuJ;(VNC6f>}susYhqYNnJl
zamv=&buFn<9WnSh^=?#M7*?ypByM0QW`M0%-G{x$nj}S3(J1GN!JnouG0B}>RfS8G
zj1;A9ohsyk(+DB!Xod!xnp;ak8;MyH(Fz)5fFuT$*IFhAD0O9GiFg9hp0*>3m*s%!
zy6|uob~Fx+aLl)uL=}7drBDkwLFEFsiHQl<SC0gYfL=pNda1{z_0C^I<uPdm`WTfY
zHceIaPbyi68tCUj<+=xUe1a5oK+z=pfq*ww90gYF>lJkrLkp)4GF4TuD!Wia|4KC~
z`pDXgTU2yV_nC6?W$v8ewP_SSS0PKEGEl6<CwqlFnEhP97fD7j;N44Vc_V3DG=1F>
zH!2|O>%7WKXovr{HknM^wL7@QAK^g~zuwQ?<`kkE_SB%#(oxL4O_1;X7Or-5@Fu8<
z1TE8sYR|qt&IqBY6=Ur8ZyrXNq$A3-ok^#+(NTmT38lc(^yt*Y&p|T|1dIkkZnrcD
zU<)_K*6q`aCR&uaIt<O$xm+RELmL;Dyp7$)5m@2D#8s;17uawHNPQwAc%?OdzlHSe
z@uMB{G2kQUaeXT@J?2>FDU{@;A5gHl*+5=Dsoi7|_mEu6-xJN=#7EN)(0>u2|4Qj5
zRZ=Z(?2Bz?*RprlLC06gJYhMZ%>+jOj-Q-~ICywr6BEp!cKjoQ-+6XeA#ZlPQACab
z`SRH|8VV|^3`8~E1X9erHs6Kv1PN)ay%Udgi`5T9RnT+Z0Z&}Kefn%DvTRxlWt-J+
zZgwJx|J2HIvFdTf__JaeEZ;@%hg%aW)zU?-{B@SVZ;j5YS-Z-THFCC%seB$cLdJtG
z&%qJ}d>%Wb_X~H<paVSy!B^IK2+A;k0=z5y&0%fnk004r4~5S(QJ|;4<!rKYBr$3S
zkYdODq(fEp`c~u1l7_bI8*!dHczyJ@9kJTjz`J4a+g})vZY=Y>;{mls&-QpoF7^d|
zrgXgs1=29XF<A2H3w;b<Gs2`S*r{5-cCmN9|NfUZm|d3DuVf}5id$1ZM$2@9|6^Wx
z`xgiONx~F%uXYaFR#HC1zU_cNdR;$by$r^(@m=oDoy%R0-`!qsN>9_^Xj>D4iqqpo
zXvS*urHHhhB9UdxlUlj%i2YW*-9HOaMnr^ci@$u32IAb0+QH6_#(ewKU$V(FtIf_5
zo_lJ9oP<UTb<7kvaaX(C_FfA8TBkMYeK)f0u+aArg?Do5B^9fk)SOFF6uOF&e8vFF
zQx>j$E0M&XnwnA3-@*egV{!14y)8Z;tZtl}{*n<EQ@2xZyYL+{m(rGJIp`Adk!NSv
z{6%i(M^1FM-rTbZ^+=iY+iJWV(^^_~CRtR!SICoO@S~MIOI0;!gI!eG1f060-@Lfh
z;z@#S-#66PBUNrP`^n^Nb6U55f8$|A_WM%>j;kQKGxY%#<B14Y+J|8qOZFGY<!pm*
zi>s-t|E$Jx#ZS_u@2WwyFZ(XXRa6ZpTw~O2q!m-VV?yXSBQ?=64JXmwesVQdeKqAW
ze3+uND{CJ);I`y-2$TKH>Se!hMsAQl^>(`Xk`j|l_^WZ+V}=De*ej<cU5&_cH=9p+
z(Y6Z7KT`sBFh}@zV2u<@9$${1FWvoy4hpwsEH<+odLAA4I>zVmeK>5<4#}`{u}S=G
zk<v0U7YjT4(Ync!C+@xFaw3N`GlRrucOq0{Jr~&dW>^g3tiNz`c%1RT{OeNmHcUm=
zvI9IbTV6)QaCs}W^DddeZ|CHmqORm_p%~$Af(3$Bqsg?OI@sRw#+a~*fC!%qQni(y
zI&1{UNr2L5?_o<=Q5m{VLTMzc8q3cco55b4*Gb?-AWcK|rO(N)A^>&{=Qrnx9**#4
z;nLX<tC}V2t=$FVqTB8RHW>_sCyxaD?6%$`%897?FE4k|vldF{bp`ihKD(But{{2R
z3S;WpJU3NI59OMS-87>YZ7jp~ltI-;h~oG(R&$agB5ga@A4zHS0~6Zl){N*wkGTyh
zv>e_}ai_3IlKuG<jG48R+~M_u6lzX1AKR{{95R>w)GZa#_?RGc^6-+GfQdAsrFMU3
zN2z~p@rmLYG(s=X!197(>@>)qy^|fill?ivqQq5g?55pOFA?w(;cm#v3q~Emp9sq?
z^K`Q~=SG1ivw~z7H6YG8lmEIy?h6Ws1{t*8BgN87T0v;D9nSx+7C^$JM*pGx({#%z
zWr!T(@zm1P(b~bw(c~v6JjhxVkDbDcr^|P-vw?ZK_cbIHxj_!ge$EeA>m@q`1|lSO
zIo8zH7hhxZSTi&8Nd+O~Vydd-0+Sk`oW5;8=D3G~(DrKd8Hy^CVW5?=C}oQqKW<DH
zN}jy893-<w#-C6pDHKTS^k*tQ7HM5OUG7nh#Ei)$diwv4v5$*a$^2BTh`Iu_Y7%%w
zK#4a}rq@n)wKnK4;(v6!=9O7g^vK94zHG)4n4@x=C7i+3YaX!3$})t11=1MjfRgva
zklz0&Qk48xDBC?@nt8Yqip})V<NkL{A5~Qm(^Qx8upxbzbqlPH1>7#z>#i=a{m7%C
z4KlSBcMKmNAG=*+E@or2R7l?;a@RIvLI*mh;wp<DA)C5?mz?T3gC8NYRz&UMJxVKB
zmFIaL>vDSz7vEo2_trb_O+s59tDf-PXrRp#gd6drmDsHv`<(CJCHN^^)uu0Poklcn
zb_$2o&Rt(<RiJ^P`!zFDZ|`B9@BV7-(f$1{2aTei%tCN}ub&;$8S_&X>xH0ghx?_h
zA4PR|Gej+wUzy$wL?<UKY&OJZVGsBBip#F_l1s`<<Kt4?By0^~V8F3#P)hk|Rc-s1
zQEH}z$}ksD+5K&2Cv)GFWNdJ?yw~@NM)|Wck~`@KIVWj+>!lD$6;~tCsbjnpGBUFK
z!othJ`*Y0+5nmjZ{=ud8g>H03?2n2%;j<d}q}l5~Vc8{}dkkRTLE(2*T=DqTWU6s0
zlaiC!(sq@3rn|z0zoD95iRaD~vfOvN=>UpBVv(GPpA{%P<Cp&<vYs{qY3NCrGxRTz
zj;sJUq&g*fTw4q4=01>pqo=ub(?s+NcAv>g(SDjRuk8u>wx3^UA*G~5T%y(dIP|Z&
zY#+10imj9W(5zLGFwDbL9+z0N8n_4l=_*%3!_R~f4{ii(EqsJV@#pEQ)!Gu$ffyRG
ze*6vzdP5C|nbrOD7PUD#YwAvtrBeofiZ08X5A~Za7xSi@VU(#AXffmA;VI6momj2E
zb}JXVzBw(m(+fm@R`&OLfU(ffnshKv$M4H@y#mt7+T&BU)=u-wqFZInC7(oHPvjm?
z;m~D%Ioqo(icvHUb8eo$JShF|mlk2)m!?894zXS_`(<QFOw0AZ_uoF@Ph!m=QN$5a
zH!V)1HyxBPY*(3Q3w7J!_YK~<?vhA?!-=HexYVbJ#G&ZETfyCoIW^+}jMW%V+fTm+
zDmscAoHI+#=2uG6^|FVsP8;#=Rgk>uJH3+u>uv!&o{e7l*GCc}=~$Ol*>B3h2M81O
zf@xYo{px}K{h=5%jY5;3pCm71@&HByknFFcq<vkcszuhpXl7;3^NLP~d(B$816IDY
z90AGcqN(LS=PyPqN&04+EvueWc-`WQXqIDgnzV!$ex`0nR6fV+$ndDqVR+v#&zd1I
zy&n^ul;i_OHCWoJ;scfY^>6tR1G~o2$w~iTZ+^P0_}5?ET~^vQYAwt;zN8aeau{A2
z-&}$8mCadRosCx~aqkMF_+;XB2tsa)_EK1DH5vT8?zfXTT1rY-rRGltH}1h%D9^5+
z7OGmcfxT{ht1W6=jBy1mJ<;@i$Nb`m;S&~zBT3?FEjNojn1h*T#7?u2cV%*lK<_$l
zmuf~>PHN5y7py)g2jcH1AZg}*G^P9CP55I(+)X0^KqEILl+UWFot711rJQY+HI%%K
zwpu3c8^-Ifv@XGkzlIy<3~!kR7y%rZ{MR&$2&+T3dNUVPqtCr#yWg)Jho2~+qV2mE
zrZwL}6qwNclxw0usOu<P4Md|IUq+wazQ&5X*f5rw5A!$WdE(CeAyjoCqId2Xpb#Rx
zrn{kO4^QfE7;oj|C0%9LGcTph_or{&W5HZfEk^Q}C-}?j+Cr`n&69e@%!gcAWTSK*
zOI@GY$9a%7jF84GTTtVo&`!w**1t1rI=^@`U1mmy`p!bHrd}_x5xW6Gvgl%fLr!b5
zb{U%<AFYrofR$H>))SclM}O~_cE|J~+4<7Ss4KjSYJLErWr0a!Q=21w$e$+n-tiGI
zkBZ7_KFv@}gW=S!GBsw~hK4dAqIIvZ#K0sM@dc0l*TM&JYkgX9X7m-`W8?M+_%~e=
zcm&K;F7^EW@JGx758jySM%#<SU6<po2e`M=CvnyTQlimhE7R9}A4i!1t`T5`#rq#|
zs-Zl`83ScX#$ZakFsAN;%^fz!s<Y9{em=kRZ0Hx*I?Vf{VMjX>#^h=|QOH7XT_bdU
zAzXV*nTJ`sdWxN>ei^q;^k(<5lyLR|O=i<~Qp~<=W)hE!JtL3-dZlx7scC9urZSv+
z4Vd<|>L~&s_x`g6{}(CB+A&jzosgzbq+N*wz_JJGia%NcL+#K2(=VUv485B(ezk@(
zruCDfqYVApx#Q!W!efA&^(PD1-LF;%0i^FPH!xWSE=hvV<pS2fzxss&_@#M%xwwJL
z!v}o$_$``R@}DvEnWL4&lPc1z#b6t8M<&}ROLsUruheyVI$q}y)yMw+f#^Ne?T!W7
zQC~&%mEnxWuP!=j-VujAe%mW_jc^X)>U6BE%LD!}(EG}tC$sbOi=aPYZ(KIhB9Fmh
zbYi&DxgZ@i&j%Si{d$Hhr@9iGO9hti)E;%*8J!q?QmDww>K~~%7p%$qMeny$go|ch
z@OFN2!9{&hLldqUL$XH+tcbAV+Xau*Vhiu;KG)RL+C?#+VeTd+!)pxnZGMq18v|`J
zfw?!T0+A-T6yGVCgpp&6Ruel^b1;9(CI<z(A@~}*4^M)<ZYo{?UWM^@4D24Z&qmyA
z_C9jzZm2Fb-}O(opeln!VrF@-sUis+%z#a{PvPCUHXCl*yTIw!%w!H6s=?f)Xr~^5
zeqy8T-c`m27C$FdA{BGN3FDCvF^fNz?I|{%L16tMsritTxaLTuWqW7+wI69$t&yrZ
zk|y1^*8@k3*&|0scE%YJeDw4$N}D(+9<E0uCMK%I9P6m2wXa;v=n0xzadYF(`5gW@
zyi2JnqIT3srMF3p`tgNI$Q(WzaoYZmf!^f2WD4+_o4c&A-PXq+HcB3y=NF-%A?7mw
zHSghlk)Uccv(?@GYH!Bjg;#2Q=HPosqamrVJ!+#fg%Yk4FFC7vcXTIR^ckN@y|sKe
z{N;`;UpmSVYGRU<GJtE=A<#=w8BlQ=aW=bnun=eqR!eepauUy*T)C~cn67(GD(c>f
z_3Suu*->B_Qm^+qrQGYGRHSy`?a0@5y<cptq?h%#rL85)ThX8DT#jWTPf-PruIvOZ
z_V~jJ`pxSMH@&5yR)S!8<@cFurP$WLp~H{ariJ}&ZI8a}O}nBrLMX&l6{zg(Lxlz;
zDej&V7lu{vkZ=(YK`-2f*MQ8*-^T|RJd~F&Um`0yA5wu1HF;?It1iEM%AQ$>MyGJ=
z4@RWr{EG+=Xyh_jVqtU_z3f}~ntf^w+AG5!MlVJ4^ptDxDPSm8^70~ylgg@8+zdG*
zP8sJCb#<BFM^2_C!_`a0e+^BG!1mN5)Jvt6z7T&oSPWDUuAuGhVak=xg`=JBh6e9Q
zqwHVC+|=uK0!rk0oyKIh$NBleqEqZ1pNeY$fx`}A!`Ids_j5fJZNI(FXj_RZ{{aoK
z1+|nLY-#}?J{JYfm<KLwcaQ1#+sYPB<YDuKaLmec6hU|e1pXCi=jvS~45siNde1HR
z%cltYm#N#YSP#C0kI2q$GGH0Ncl4}HXo0P_=hPm~vC0Is^YcqO(bxv}EBDhx$pggW
z6!Xd}vB~9`{epu~^r!~mXdaz&La2a!Suq}Iv*LYSlCUQQz4`21l<nbb`wG;LrRILB
zIlek3-a0m7c^bYzI03fuPLd}86+O9>kVb8Qexb}}`$u>si-*o^b9;Bt5y$$4JNJ>v
zW~u6N6G7IQXP=#ucWt1}Jtu}{=C$_qau6}V2=MP?BOz*plUu8k+Xj?r!`t$l>K;|U
zSS4U)L%qgprDI*~MwWgsrV#2X$2&nRtmElQE}~nF1E9hmMoFuRwFi+KRGX%96pdnX
zTH5t@RC{G}$1^6oIHb2CB3F9xN?;)$r(w>Vx&~E#86tF<{JFWF^%upTYS;dRCn;)%
zTwN5`iEy%56c$9E@HLM((b-d3P829=D2G7HBcrerr%fKV1O;Vsd*$8Yc+8D%rQ}>?
ziKwl+v$Ly&mJPu2`WhOxFk{ja2h_(R3BgfSf8Psv#tD2+UVJq^J&b9bzL3uanV6_u
znR>n%m7wA`-+|gxyT#e`aQ}|aFi{D`LLT?a^O)BjH>9_&7pQxfM1sy_Qo#GgjGySm
z7*3e&gD|5<PBJ=1(R*T0;xA#s%FX#(IGFFaw&)%12kW4ax7?U>>Oid!s|0+NP*P|J
z&s32`9=^QPaX)SaV*yTV)YKoHetn*vn|mnS5&YZ>s-WT^j4Es9>XP~`G%_(j@4!pc
zZ<aE1a!X7AZDp)eA}J^cfuI9ECOX+WhnhJ!fjO})b-Wc(o^XO>7S}&x2@eMgg^T4B
zV4hbq<`-CuWfs8MfgN*mu<$@&57s9t4RqTe0zRn$?*Yxr%e#APSd|s#I%IL6DRJ(}
za}8pW==kW+MrT}LfQh9-SAGuIR$?0`wdI*m-Tu*}Sm{4E)oR5L?A=0+vczQ8sv|w!
z@bY2e6-qQQ#214&t<14N*+G~29r6X`*Y!+a+<kyMxQjGoDt@hgem_nQ`(;QUJu|(k
zh~t4aN`}xeFZIhcY$77$oH4(f*&9245jwgbS#_B%$~8un#CGdSG*4m|H|<rNFk+sM
z-)MPJ6Lbunp9e*H_>oLyN2ka5Z``>3HC}(Yqu^8Vy#{zE!P-?BEl1V3gqJ)!h%^IN
zLr*CVw<h+3Kt&Ei<T%~!b>zN}N%w`XAI*HE7kaG1^P}S@j6^?YTpUGRdpCVHM!4R4
zDVpu&D^*kSxx5DO1Ww4!w1?s(Mxg@;1P}WiHaroEWqlOmj)!WY?9dAspZ#Ah9T$Dp
zA0IM&K@^c$uHsAJ3+S88LG|pxi8K)pOoEn1(n3}Lm2h5yc0(>#&+T#AmmC}fY)$Nh
z<#v%}PP^pp74F3+1G@Z3`2UJE0sejauFprk3;-xvwZ?mB5)I)j*DH{mB0Xf$_)04$
z0@lyW5VHUm<I5s60ty~{ctjJ-z(1;%#_adzIhsB-^&>SD&VP-SFd7{HbfvoQ3`Z0K
zH!$oIaS0BoN)a$gET6=Z*INHt)){;W#8K$iLVogTsfwNKU&Cs#b#D5ILEfnG-J<8F
z!3%i;=4-w9k@c0i%T6litm5$??Z!w-mtowdt5vVpm#q|EmPT5$<So9++EdkLl2!sV
zw^t-&q~f#Ch_wQ$_qrOYHNTdy-a1`WjMVu066XB;iSJ|N9-#|I5samz)%&@$Ce-|6
z&cQQawMH7@cl!<t!Kx_EHPzIs#?0SHh;NvqHRE*sdV`=_re@s>bI0@yq%(ERoM9R9
zwDE6n$G(VJtCE8-)mKsQ<WxEG4XQmFjvePk@{PJ-RZM)kFYGvy3jMg8B>YxAU|V#N
zHfOHd_%FT+wO}hcnZO7%cW7J204#P`K=4AE2)HoJG$bbs7E^1pHy#E|1<FJDB^F;5
zZ8K+<#atWn_)3(kGqY=m@T-TwK*`K1#~&K9GPT$}N*(Uf2dOUa$uHuc3^*O#o=*^y
zDTnW~2XV}XVS+E7JTK1Aw+a|G_5W*|r8Mbtlc4b82@yy>SOgL{oe$;zv=Xyu+&pnh
z+f41+7eHe)PZ|61THGQ&TBk?CWugrG6*aZ@|KWHB-*QBw={M?0$e0t5i%90$`o8l=
zK9+qs8_;Jc;rY_!5Bqz{m?@ezke7HN?MVED)~ym{W)dk!T8VZ11=0&<9u!PME&{r+
z>@WpiZ_o}$VyPEWL}bQvj;bSpy(}7tK8AsEkTzPu<uYhOJRuUIwzhRfskAt7GLO@S
z5v=lz-)`=cS}RX-yPQ!PP1Mk-hrM-=3JIIoqwDF_07Sz@b7ZhG$}YG02*07qU4~>$
zQ5||B>%5HkL2m+Hje2-csAtegOog}T!SQ<y`&R}1jE_Vj+Bc3nmE-V5bw?BxjLBCG
zD8$*f1Kc(5(L2%OZeQWx@8cFs@=Q3oDdpB=X;?}64kN~QN0?V{R-7E{a_^FvatpwT
zb@5GEk4yWpYx!(@s130brgFi4zVaNEpr!4sG@s?8R35|%Z7{d8x|YR4+a0{($#~+b
z-sSHdEy(07X1Qz6=u1jB`gI?aR}rU~{t^5L{;wYzRKe3{g1)|w3-aaP{t5727}F$g
z`Il+4QwejUVI5ww_*<#Il&VBjjm0$fC6Ljk3u|Z_=IehuB%`jloo^Xh=}%;Q8>?s{
zZI<G90$BoHh--&5e|$QApg_Pff4?f{$9TkV)n~ND=>tr&v~jhrEv%LVil7bhd1U@W
zxH0BZc-&BtILNFt?IKnYw3}5uYkyBl)s59!JCdk+Jrx!@ncoTWmL3VN<g#FXAKL}@
z_6_=KvuBl;U`8HXviJd)I+m%_&YG0@CwVmcwfLm9j8$YDPfFBh8wrQa>HWu*;-MhW
z^ksZ-+=<SZtEa5R4$e{Q5M}zwSSqGrZ`{`NdfKt7W*InWsx-+<bp>lxkuN#qZRVtI
zM1vXHNx`^>4|XBM9=bW}EU|}#1nC13(+rLJ&b`>Q$nOb){n>HG9I~r^ki80hqG;cC
z5Eakcuz2|FtEa=iqPKwLAXfrZ_{es9M_{cL+8th~SO>XgEzxT5WlB6)o{ev;vtuEK
zn=KGuXtm<vk78NcEQOH7$Fz|Q6BsA;#Y2sZwfbLEl}tQI(?9BYq-}znP5r#vJz=#I
z)|X%SlWfvTBTPVQsX4OYn}#FAJX-xXAOz520?Hq(36gAC2mC@3#=Q1oy1f1Br2ZOh
zMh?LIe>7w8mc9{9+{~MVR8g(U?B%!UMmUkbqKVvz*?G<l3YUT+nna6Eg-GO?eUpP@
ze=(xLeKX65gTik1k3QI`qgO__D4~BDCBNP(x;}OGri_`q;Co{npA3n*O{hfXQYz7Z
z<%hnc$4gAJCh5I4rAl&)Vt(2>kO!&adiiQcysg`00<yZZ-Y6+zbENlsV*8q%sc?AS
zCfL5UBTP`*m?jQdqS;HGtpCc8Tt(fMd&DnvMlxl8M|jE-DtDSh*24(sh!Z}8iCWDm
zW3hI6ve;}np+iksl^j8^<umj5SK;>thio9(jde&T`iax%4JW|Pbxtn{W{B$9cj-JC
z7XM86fq}7B;SSAIO8V@VFZis}Q{)QG68(A7+2zdDcQ!vVg^`m?<HGR&e#pj!7}<Z%
z)Nykz|NSO&C9cfCa*^VyZVF;O9|5ZCoxAKd>P{Rpm1v#~3&4CHLLzTEb<?VoGy4e}
z%Y=u#lieV3?vB}n|0D1Q*mj%*GW*lakv4xUY}Yi-@{6i6xsyKf$jCW#$GcuEH2)rR
zo!=jluY=Ng&X0U9J=_!fyMJZZJQ9o-Dju3TC?qu>Brb2{)YfxaMKdqwS5WY3dF@3g
z9wFY^LE4r6!)-@yHqk5F?Ze7rS#1=-RO{(9)*v3b_o^g}yAx5`2Vz*UK|$S7d-gdM
zIvBB&PscX=7PehQk1o@(w|Gtd^&pdillqiV=tSNUo#%p@6HuceCH)HBqF&nT^)7c%
zq#S9y6;W8KFo4wzmkpsqbyRpM$!0UXBMhXK25Rn>)Zcb@13jQBjYL1I4ZOmF8P4|_
zfAvR;Zh*$)ZG<m~?6WPN@<d+VDO3R%jBWSQxMKvb<Y!TL@$T#VlKj*o1G0DTzyk5E
zF!Hd5mAmZVU^!{d_hM_{jy5x~A?*jY;uU>mC_G$MJDJ>SkA>e;Qxi+3xiNhc3<Iye
z<x&5C-OW-Rfv~<v=Fm|88_ToDRouMcE<dzgWv_!0URxCu_T<1AJX@#od8j12?345#
z5gmff)$E_v`Z<D`4D5UN-c@{JTI3*ANzLfA8EWq}QR#-;FvENS(TqWh2NUMEh#EVu
z(lYh%I(r6tB{s<-5DSRA<0{2+L}h&P?*EO-^=DFieDP`f_fI8>vB`mZVe{URwXNXx
zZ8ud(ImYdyZu!V~OQmy)>lv2Uh|T&#25jk8$-`z>G7i2}CHR`WFm^cx!_+|$JW<x^
zJ&qzDGJ!NCd?)jKCxT(TSJdAOQ!7ZwG%7cFGnuKun>>w0O@vp_4=86Tod3eygHnTr
z41R)h8X&ueUH3Z3m^R{oMs!&0Yymka5*jw~m-+8Ho&-C|jn)X2MuWitJ{oBZK9L!}
zsg?Of{UFq1306(7$VxZ}@`gSM0bqyF=!S6*QOH=>sxcGCPC8AVxR`?PvO_ZOHlszG
zZY??|(V8$hp{UWbZ9iz_*z7dlcZ0Y~p}*4d#uGIu(b^_5b~(?GFkYFSfy7?8fKbo}
ziNE_UTm?Jn4f4%YM+0M6CIL=|RlK}ZHwSm#&0av+f&q9O<GEU5r?>L`Vmc7SC*xNv
z!B&;T!nEd6q#<bUK7La72Mfa+em7nlyEBw}^J@8Kk{*1{A0#KELCDFf+w{1&L0E4@
z+H0&}4j?Q7Ad&Aks#kZVXQjuynwE(P`E5Vnf{*NLd}U<InHXZ6<lVDmvKHHdec(F$
zR@}bLlpt&DTbB8sY^}+!zrR7?d|k|UiOH`4s={H$I5L$e;`Ub_m21#P|LXDoign<>
zIn_C)N4n{psP@#Ul>>$j{8XwWZK|?ASx8v~V#-?)bJaky%X6P&u%wxqszQHvu*Wim
z7pI|fy8iy1rYe7#k!ET>o>?s!s8EdKmV>W4hMBVPtWom9b?tvH73THm-V5blv-d?n
zGCEQFzuJ9)hmejdR>7}_zsIglvlXUldQM>KXl&{T`rX)Z=RIiLASZ5k3+$?xQ?jsD
z%%rNrFdCd3Wf^g>&VJJ}b1eK7PSyY8$5oYc9^8uu)qEvFnV=!CEKkM|3rz#1%Q~s2
z_3$mrP~rWuksORc(Ec=3FA&@+HW{|n2hUTpOkSZDx_{9E|LC6)<A8^MncrqPf47IK
z8KY@Z4oe78%+L&3GPtg*@hU&$QYigWXc+4(py%?*zcmJ2XlAfige2n(B<yk9bS3Zq
z+Jh5}vwN1pmKGDSUVW(P`(Gb1{$lbyBfJtj9pMA@KN|Aik1MRT44b?oW(*RDc5y&v
z=-j(t_xiuz{Kp^fM_t_H1ILk|&YLrpk3CAzR?;!*odX#*L#qV!E1gTLhyL?k;UDIt
zTH8C|F`9OJ@8ZD`dd1J;*KAa_KqVPPnr}0f_1^>QKW-CbOH4S{3os{Yw<zCX8f_ej
z<sN-!_9GKc@F%duRG#=bR>IxM(D+DLi~65OwtlR(wWH}!e!*wSDt>5O$9-aCdYpe*
zEndxx5m(L5m|59Vw<M{5J91=lYO`}Y5mL0tkF+{sORz6$mUtS``!=ME(ug@so&tXG
ze~vL4>c)Baw^#7TD^2UZ7GgltKMam5jv>qC-rw5UK|Ny+4*KUIqXMu)QH=KXn~YeA
zX^h5kq`m{c8FNW9d1z+f+ka~a*UmeOS^b(>%9*q>L1FD};G&y1u?T1hI{y7MS64KB
zMf(dV`HHMM${ZQTlRm^8bwjH6|8`ca61Xmyq&|PW7pO#a{mbb2^(x*n`_Vni8xQt_
zVP#G2J{HFNx4wIp^<O~m*p(5E4W7kH_wjELbtEUxxU5g|#xZNxJnHef1M0eBUt(V%
zdQh-l%q%^0I+-A9I@uu!3W*^5y)V-bZC!M~8soUVnS0h-Ayl&V;;o0|V|)8kpt?ao
zcm|eU>Yp&X5^?XTn}4WSXFBdL1YFoS#_k0zZEkPhknh|+`FiyK^f&m+)x`uQ^ml9t
zc#IUm!LmslPQ*Xnrv-S8xXWKdN6!*R=jTr*=5!l9pMUzH(D~IjFp%rQLv+6<?&rAe
zdVe+5g7x>NOW0v@ss2IAX<SdE-D!dyS&vu?=A0kHr#vcJ+W%4nJ+x89eO8VbxO*`9
zL;5~h0K?pAv&{NI^g)mee6KH!Y>p7eKf8+>i=ac2*>9?34gtZ`%Bm}&c*y{MYo^=w
z>u%db$<ya+I_?c$@G(h+&|~|;Do#*yl|4W|+HM`aM(}ReYpXvcEZ+&m_OqG}`}OO)
z$R(^wg75X~XLBuRJ&A==%cZTuOzYWm``yjZXVVwjd=e5<EB)~nWg5i@2$eHFKq^b=
zxIZ;raSr{})g^lFIZ*DA^XC6*0hk!U=(Kj$yG-{$d8Qo*!y;cD$1lVtdyWPcTfFY)
z_VX+0>>koQT3&gHAokvp6nr^DWvY>S_pB2McEg3m+n6V53V}->QaeK8b@iqqp^A#z
z43428Avm}Vn9<HT$8(2t<@S^2^C5K@jSF9Ud+BpOdN_|E2So&{lz5%bVyt_XXw?Ud
zR_hw9ZLo+`7B#Ppu+d9R2MkS@JMfyDo5S{y)e~@ti2TD-TDsu3d+RS}Td#$1L(mb4
zOJOkZ=dk>SX=zs*JXNZ!UC{8*>Rleahp&=+E?YqrqODrZPgPVVAB&j$+o11kmvBk)
zXGf^2u4c$hXCCP7>+1r;;3(4TUXH<=u%+?EHIhHdw|iXp0D8Dy+P>PDvjVfW<BeP*
z{NW|>J_z5gWju6%4@G@TIB;lvjNeg9ZOwFf*n9^@E7btUy@<1Ta=VZXpn1SR1Qj<J
z2v_#!#P9)Q(_Hy6d7qTR%c~6r^dbEoMB%S;(a&EA3L>Yp&J+mA9J)|jFNy1Teyw0b
zpoeWQNK>?#SKq{~FZL*@sDwi=aox#Nct4lw^jxDQ#tl3OpK@z8xU1CPUyAM_AQ%Y=
z+dP17M-*akfO;N!-8(lZt-9TTX=Y@(xOp_Xk|Q$ru}~1l4i+&|bPPuJN{US_A_8dP
zKIgqbkC!Cq{QfD2rPRRH)fmJK&VP>O>=ivKAs>ks-b(k}JUm%-bx)>BmZUy?;v^;}
zj_(+;tT|KX(1@XtlJ22qWhIZHVaQ!cZx)4FdSyyXYi4fz{VRbdotw$b$f%0i(+u<c
z3XFrHAs+65=#wMEpR3b#P*V$w&f=gsQ1^5OZOyW1?e6<z66bSL>`d^;MJa$>@SX(J
zg9B#%ot-)Ri?|+9(7m>e3;muPFT$t2ma*ZF3lzyy3%pWQ51BROc*!_>dVc>nFwW;P
z{_~PICCWR*7RMP>1dqh919cQ=&nbA|Xisx+z-B%o>&?!$picv7Wc#OFuaQJxD~hWI
zTFq``K9uwZDX<Np43A7zXT}j}Cnt<BnOG%zG@neN+Kdu4q{2zmyz%W*Ar})Tth3aA
zvq>1pXe&5)9Rg_z3`As@$Us&fr`{@@GroO;*I^BI$he0{FuZHt7JgaPDlz@VmBXO6
zun-NQ%%dl=->I_F!QHsE1#U9K8<7$CU{m}VFn6!M2e4aI|KZ)mVAJ&>C<(x5i{+>)
zZeB2XxC&(+c=wDHpDc8y-G%|ywRHDBc}G29PV>lm;o`A39cP6Jax0SFvc$AtdVHZO
zQ)Hi@aeRToH5B>=8G(MlYsqU_v+dQqS5WPu`W9!+!{E1Z6X>1rMbqu0T<nOju#*|c
zp@d83X4pUdmMNba3RWd{0?jk9O!B7$k*D6d1FG}`xSu~y(fjL;NVtHxh>*#gBXl|B
z`c_uHGg)*P^C$KJT<IiPtcr%9R^v_!e{A2s;{|1d44yf#QU;qP!teS_t2Oj_G(oMi
zchH=3*_U;~B#!ew`{Cxp%h45sk3V;AQU_`-uN{~enc|6l#mB4U7ZpjEYY3d6p^i;X
z=BD~yfqA3XuRQYm4}$H%t@MXrl9tEdG<v2|F>so>g^EXlx3z^0g(H=gy88O3#r}$-
zy~m+lzfEpIN~CciYmg%%BtlxoIAKYmE=RIhh_I`R7Jdx~1QYJ2sx{&z_yjik_`|-o
z_}hAo5dHJPkJ*-ElYgPQ1ztg$L8sYB-^`2%VYxFhK_71VcMnge8xILHh&s%+iIO-b
z9a`pqW&HbhgF)Kz*S_Gp`e|J%xaGJKu#AlvRtUF`n6I}P{**v+-y`~f1Zef}lv?`r
zE&tHO_`_#Dnanos7o`sGj;9@7S&hKXYn8c2Yq1lI)RXs{c6*xp!}M&9=T3RxPA^T+
z84;nnn$f8B9@vAT`+f({wU=+aJj|)~SpJIMni8Fypt+Z@4OG~B{#DWS)9XW~VB(Ct
z3t!Tu0)?g(OVlrO;!c{JsfxfvfO)MKOkS;xw8E_>+QZdmYv$B045+1m^@LxmTYgER
zaPk879}|KQZAF}*LsphSL=N!*x?wSWJEWS6{?z*{?0v3ZDzK}$>=WCLU{b4{O9v?}
zKWYP>CT`!q<Zjl6>UMkt`Ic2$YiSfz_D4AF@-ik4c{q^w_cI~5Bvk6un^$u<oG)?e
zelq^Ou}(<O>C{{aAt5HdTRfaBoVq)}Iy4wJt?D-dv;AEkzfr+vYW*T@F5+_S(ubQt
z<qNmCD>a6n562^3`oOIKxpTbFW#Ca7g7-xPCLnZ*i{;gaT}Ku(U|Oy9^<A5Gp1^4X
zL$GvgvvA?NM4QvRUQ%0k{u#xBOJmxSCu7rLr7<-6TLLD+JF0o;^(GkLxl&$nS1xV;
zj|o(PO^zDdH-C5u%$uRQY72q%*yip^lu`Xi%&>6l)RK#oqTi4)$(RT1r7Z3qq$kS8
zghvwy3<BK+74hOv>0t(yGXdP>Z0ZSAA*=biQ*zjTB6Bacxc|-Taj7x;^<=^c=YJgE
zP}EQ=|NXUW*${trc(UOi$G7kQf1hR&rh*;)`J>MjkS=;fg*Ex$sv(t+od563ngoFp
zkJ#~FU*dYi9I;n_U>KAD&itR#4@X$?1ohobT>Ii*{J1Nv#Q(gVY`d{ZB(T*+FDoyp
z!c?6Mq#j7y$0oUtyLpq!&+#58>z5?>?!_xcoYeobbBG<ZwY@))KTy{>r&c_yI#Gv}
zww9m&(IwiG|G@004p#~M&k<fPHi$}YDsv!3mI2P{mZ&5A50L&9e`}`p1Cusg{}r&K
zkN>^bv)fP|$7TheySjhq{C|ElCjLL~jGFl6S621^)#~imxLg1G<ZRh4Q0qrm`ocLI
z_hXJZ%9ff;BUf>$jnA+ix+#?<K8>>KR0TFB*T1)!OKIxmm-71*3PnW~!M}6&?pt^r
zHG2mRuFyAhkUK|o3*LRHt$_V2>rF(%O@i=lTSNp+=e;*?)%YYjI_y>><q*l%ObLF_
z8pZQDZP;klIg)9lQBnGrsYKZ_t+FblU6U}FB{TayhLg(wI50k|$dh>rdWbWqqJ{J$
zI|(KZ_@_2~v0QSHs<--JwQufcJslBMW_t_Tb3x7rIDciO*Q<7)RSU6k2_n*<krFCP
zPb#~JM_)%ki1vokdZ)edI{JPRiLAXCQo1rzL%HmL=VJfo2(Z}yk%sdBQTOKIRJLu~
z_>w}Ap-^UNAcRonp(3dyWzH-z%RDSoMM6l0%CJO585Wt6VM&G%GG$)ImDw^ctcCBm
z?)&|o=Y5{{{eIi`+rB@(->+@Ex7)N`>%7kMIFDmL_I*FEYd?L%*98^YJ9MQ*B_b!Y
zeYljimq>t%!;WLq)XH*-Dmaf>j>_I&{h8J<>0Q2Umij6=0!DG-)IFMjr`0eumCYlC
z!RBh$9MP%=EGxf-UQ2X+s(G3sEgFip{MTOWyPk=D*m}&3+LI>^euM<h;kWOk#GRZC
z!s4{DjiZtJ!CO-9fntSybI739l{9DuOS*+EcH=s)YF3`49I35W(XYbIW{zKN=Yl)_
zb#Oq(ME_i#^_;Un{I?7px>%e4_EV3a>$><wFxbY?^?A!<bL|vlp<LAQvn2n|qSn_o
z#GBlI;V@-Su;8GEJN<%rMT7EvnfxG-R$EBQPuwgjRR7-5(z9DqaZMxb!l4bHSc5p(
zYbyWJwf>Pm(&J`K>G*c$MZFi4`d$6S3KehmIY_@Qux#eFIZqT1*Zw|we_bI)L1#a5
zYhl?wFPl#!9h^N+ya<8RWCO|`x@~d3%`T=L6QN5JYkN$Q{rzHRKJ!A@zs5+kF7YBf
z_>1Y7Q}aU5i{ymdLGQHB-A)Ap0VGQTcU4l!yt<C2I&OT?B|AI2d2%_bM}P&U>URkv
zD&r0vlh@N7hRmbR_Rgf!M%oaE2er-|7ki{p&b*#b6TIWqelG`t7INsnZBx#V1!j_*
zDB({I$i<=u*4NP~EyKH^Fl7a81kH~|$W3LuWB5;>!KTLLG90mV+9<<%>{uW7;XLLW
zn$4>mlkY`j(qvv4(#6vL`<}}%rE@IuKl=2Ka?cQY#0LWKQf~X^(C^f39Qlk3R-;zn
zgeW(h2tsAtrepGf8!5Hp$-d=VR4>zSBSAlEY4NYIcKlp_*y0CgG%{icIl^b~SO#p*
z$HGv<J5Q5`e#a;2z}Ffz-&qNgr329|!}BXfSN)|AjE=%0#IfdC>l}#vy>Ypm0TzP+
zv9|p4pWVC5FlDV%rn@b%vYV4Ol)&kPTQfWE8=klU$vZiQyV04?l;G!s(SadEa9}{d
zwVIdZnz;Vs>hF-N*KgFP|F>7K2)nPNS@+C!V0hDysCLrg?`?|2?Qf^S2g7Y9y0)9^
znYpIXXGU=wgA1$X27!6wN}2cl^@CLFdk3yu>)5$E3au{fJLc9F5$+d~ufi53{w-i5
ze%>un&FE&@^gf@&1CPJ5mPoI9tZ*6IE_8J}zGh$8NvhMKvolHe|HOJ^n9+c}hvr`w
zOzpurW1EkqtT7Sgu@uV$Wd8v_ouvydZ62jh|J{nP8fF;1icz2DoLT~!jq2Yo$M)ak
z@Bd}8AA3n{UgSUilAMrt*d}17{x=u>sM%iv=RXtbzJxh<+6t#ND1L%-8<gl=ng6nF
z1rFro<wcyO?>P-7-g9RgdWL)bt&a`T|9h31omu`_dr)m@=A}}hE3L2z^|`8VPjdzT
z>-EwbABNo*|JP`FV)xnNzg$z`jp%<($WKnu|9|n4k{kytfh$8VF}>}a{+lcFZ(W)^
zBp~2#mZfkGp2Z&mZx8bKXaD4=`+)b*-zxx?pFl<WuthwE(Q-XGEU3_tB>v^dE_3I-
zpEV^!pMCyWYKIfPkE(g!P;P1xzU)<QoXglJw`u3%!qYw9vGOsmiVD7!;M5Ajwe@gC
z*BVv^`MV~nB>u8^+D(?Mwm!)c9n0rKY*^(elnAUB9sJ^T1i3UEZKFbA0={x0M~(Ee
z=@*3}o}`MMmOBXF*X}%O_<Q)A>QJ0OupP~4&>kBiB_jU`?~bkp1#bKx!e{o9Rz}Zm
zsz%#=zS(_FXxIC4Cjnl}1|LJI*qzF9NlewAt=eIS&%1cb{mn3OW$p6uv-(&Jet^(+
zQu?U%S{1{hp{AO3+g(ZPt*1uFnN%0`!LUZB`iK|70;kSXp(G|-NXW3Wx>KllPqVal
z*43V}fIscs;t75WDxICA<*~u$!kcuYi8G;SVIk4_nO_IL1P~rClb#Id^ad}=Dw6{a
zE?lmATUN$4P&FL3W_br5#ho^&pWQvWfz4c+Zo26-ym=U2Yfw)<*6uO)?R!Hn#aXtB
zBFq4X0QV*~M>jP&<S-6}m@_JFGDE{ToG<T54NpISbAtCrJI*1$%8v%a-mu5Wp}kaa
zK+t0M+xQnQws1Z3yoM!n?MvC+-+)(}{w)5I$yq<#C8U`!Bb5s87n$3hW=_Cv96+!0
zsG-Y^H_aT3Pn8fU`<o2{!Z0Mhu*SQWHSOi_sikVK4~}d*_wUrx`6?@J5vp}W&6n6(
zcLMio#A0gUcHxP-vr>;Qg$LiZm06?s?0jEW+VHdy3c?4oBIgx%U9vwp7Qmp_=M-d{
z+PYS<ag**aMnj&j7fx4Hkb{WY;V9qK20qeUL#D_jw~=4iU(*Lssfw|sM78nWrP~{G
zE9brhjh}}%y9l^wSpLcOKvr1PxPrkaV=SP4jJWoPCmh!kLaGuo`TBU9Hr9GG61zx_
zP&wB8`LkB=E{#29m9+JhizmGME!TZPNg5P?v*g7dmy2+olUe=aFlpg|nfW#k)<0Ho
z%$v0epU;+EWimW@ZfQ~HP}R^^YD{1i4K8IPV|adD(af(Dz0~0qn$!0LW}VqjM!)Y*
zjH!yH*A&eJfz2wgmz|Oy$n@!xV}lc>vzo$Fo_r&7d8=@M2Ng2)$`@IzJ1jo50d2Fy
zO`bXO=Np*~OT(!ZzdcqIRlfTVuapu8GfjMEeaewVc3(L_srp@Pobow0cX<Aynb~L>
z@gB0cK`V?%RK;*BQ0ctP-yLzw*>YDBSWpug;IK2lX|bxzYhNsnd{*EPvFB7F2Ru<h
z748*@t90wJ_<?nwoV6;k^=(hO;M7WBNval&PWh%;pG8fr(j;$_4}p)6=XbdCx9=L7
z$^$%ev(dY;^xQz2Y8yP>;{I-IY#b1Ct&)CpC+Pf~ecEmtiW;YljxBv{R7Pi1$TGaW
zcwCzEOrA-3Sevr>qZgUG59_S-O1@jOwNLy}I#nyESi8(-KI)>I?Ec#4+$UU{DY9jR
zPM;wHTv(TNBlMp^hW>6s+G)6q>8+#8CdJ)DEB8QnEG32@QdI-*Nq_s{_ezjlSDP5E
z2g6ALf%GcK(2)B^Q&qnB?J8UUaUy(0QcN)ZRVF2{{%7BP+2nk~9A&;&emDaoBc3!3
zjkXtDGRNb4CbF@(uxTk<%T5^;c-l0<{Q@(;=6Ql+6uc873HMjZTInupnx)jYT(K*b
z$6>e6%~m}Sy4n;jiG0AoO2WoVtB^^Rqxb>;-Q>*~6GKt`yS4=3MD%V;1$pNdgoLm)
z27c}YCw5U&K2K4LqYWZ~^^;nD>hZ&8E4H@oOikSs*)6HuTpW*w$Ca{vXnPg*T_cDV
zMQ{{bk@nw0i^cBx_ZMQBxT#Uxa^4sFNJ<zDV!;~D6~}aem8^8x{A&O;a$4AA2P5-m
zloFP$Y`sMC=bAeAi+papg=v6<n%W)akH+knnZwiOl%)hK8`9LH5)W?Rm43};<Hq&0
zVHfL`%vR=+&f!<q#)fua4{p1Zl4!5u8~Qv<8e%Ye7AL4zQiqe^K6czMq8L2qw(O>b
zuVc>A!)bO@YDMDv4>pV&sXfChjs<kuf#&CdNp`H9obT)?d`Su*cI2R5_E;Jl+hTg|
zwgt;5mBwStrL)K!Q<F0=^~eios;h~+tVb(jHKL<iUMX9%<Bb-Np)BAic09JS&CzLa
zn<};#-=p3}m)<+6yv-9;{`Kq2U~PK*_LZ_5?pL>-nYmJeO)MhP-_7|D&*pskR6qHp
z3xLqnMt`U3E{2LG2(#`}F~8j}=e6aEQq*TrV)EZfJ_k7j)@prIJsx&4lH(PxUY{mS
zk}`P&gL<nPh;G>>C5-Zw7dFEtQ$={+T>o<{&|9w8S_sPKTHVDjiH*i|I3?HpbKc?0
zmj?g1eg~=@891_nt52N<qa(jV$zv{Y<GOxIN`P2zg;WhFS12WU|5V@LXV_1lzU>zJ
z5Vf^Tf(NTHlQ_Sfke_qcZ6!IS(gdgtg`eoMs;O_JUtwE%oUUuEt5zf=9LW|R<(u0R
zsTUf_#;hxJATsgO53MxSz0WH!d>u-*m%Lxx%wikHzD{Ae=pCE%!h<{~msw7(JlZuw
zBsN6GH~!MRY*MNJ*xVKW_=cpFk%>TmKR)7y>OBLQ)MDi$)DAI^Jhb23`PIL5kwO{$
z{%qj==@&ikFA8!L1Wxjz)|I|}xW1yXIX`?Kw?K7+HMM4CQoQb**YkGe>{@%HtGUuU
zn_JOSy%m82A7l+KS--gQJ#R=3#GeiCHJYgt$KBT_BZwvVkth{&+_zu9^2Y{IYJ$yf
z2?wH6e&0JiDXy|BhYATvlRyUr4T>r^91hF;)!7-f#x<WZ0Rv{oWHbsgZ*Ol43CmHZ
z+*RA4)S)WOC5=Uxe)LFQPl?FObLqlkk8HL$6gvdb+K<^2#Iw7FY5XBn3g*ez;qzm5
zJZ}{)cqifp&t#zI6U}w*R~&`wja9hwCazplw_y`yr@#2;vQ?9Ga3Ueix_n}O;JnU)
zmzS4FlWkO;0L_O3F-Jsr@ovd1s=JK2pR@C`Smhg^bmgj~m6mFEX<&ErdQ1q`s5cmF
zxxZ2CqhV3Q$k9>DILvYOdOMm>GMTJF(A+e!9Bn_!$ypzU!CJrv&9&l*?OvYGSzL!p
zB6_YXKiF8br2BX$ION7>m6sW7DIc^OOjQkev#J(X*ed+jIMwSibxZ@z3v;}F9wC$l
ze}`#ocKj+FMN32D_Ghl`3;Y=a14HD4)iZabDw<s98Up>XW|jI~FIoxDtw+?e1H2~k
zR5J9mn|sKcV|sCIUe8(D%qwc+vwPmYcuM!0tMPN>6#cQp{jZJWj&e(Xw=MMJW?ui0
z{A{*>u-{QaQSqssCKvqW5B!TL5GbO;O<{WLd?$*{gVr48Iyxm^LhE(eTD7+kUTxR>
zh?kb}Pt=9Gs(mBZ21+g^w=L1p$MSj&r46Eg5wkq~SbHd?3oP5D#z&2LF~h{}NdEiF
zUv=L(;b~ItB13Ykocl0Cp19Hc(tc-5e!27g&=7HmQL&jP=Id5?hMA*-zkscWEH4jF
zN(N0zafhMzc!Gc|wd&qcPR=AX&KW+%Jr?HAZwqp;ka4bcK4`s;%j*3Ts&}t7OHG|1
zzxXVzT%>#r7ItC#QTV|~w0Lk#tHye&$&%culbNUu*;hh1A5k=2Hi2r>csb|L$auAn
z^|*BlkzY&EXY(549t^yJvvd2Q`s)lmpYmq&g*`QiSQEbZ;6U4-`Y-$RXQy758&g?s
z?sAj~-Jnz|9$kA^rcNQRC6%K1Y2x50sd64EX|Pkce4<iPOZmYU&&?wcqvzj$C~s*n
z{yT(bX&HI;p^8d<R0aF^#1_x<i?(`6?DCmr=ItEwe7=3`97@1~WV&^ul=M*fpbwR0
z8TJI<w__~GTLeTM2?3+Me>}ak3~UOz9n|&LmE+6_)|alnG1zQL3gXscaNSd5OvpZN
z;MZKBlA*7yV9pdG)PNe<jEdb%wP9;dydZXXCt%yQi#WJ1wDPpzM9AVau2fn`DbTFw
zaC!OgakuU*ox+gdD&Owxf@|8%H-TW`jHa>_G<R2(C0?O|kaq0JOn+OjpNaSUh`!(Z
z=DsjmVY89l`t7H?<DL}U8QhpNF+5^7w)34;VV_#&NYD_qwDkGW8{JBSm3N}6s&EpL
zl6y2=A40-7-AOq%ttFAv0=IVP5y$eO=F%n+WFIh$$TKpQAD~lE?sh2btNr|L`T2uo
ze1eTkQ(Qry41__ga(H<mDdXdG1l=b&not4<hp|0nocMlXmB!pKSD)eF!6>5VCF{cp
zwI`l19zspbDV(6$NyZI)zT~HJL6D<P*;bCca%#1Z{M;@u;e66Tzwp=#f_;fg-I|x-
zZ}*N^n+b~wtHT8x9A<7B8HLHX_FoQ+S<Z2r49OqwY>jEolAn}ORe~J#oVJp@wR33G
z*}~%Hio%t{ZKgZ^t64g6xGJN3R+RLti_d1W-cH;~PdL*htHq7EvM4w~cZj+r#%6t>
zbiJ~BB{o&Hetl?amh9N&$J2RiSA{?|8yCkC$Am_cFCV;qmY*_h7jGJaZT9>8p`_JW
z`S(_UX?JsVgQA}-PIYe+3Z4sj!{i#{&E{+Sy?t;;Hk;1!i%x28qK^m57#pV^vnIQk
zl=+*k$h%N`)@7<I%`ce!%5(!+9QMjn*J^y#3l+hnmdEf=sKM+!b+<+%omiTE;f@K#
zdAwIp%709AKW~_M<<be@EA$=&mW8YDtenF6b;f2yjB2U&nr;eD@)-DCTWG5YB;P1b
z^{(O_VP*FAWqyc++PAXnC}ria=c-^6;74hyUC@1MhQ{$$H-uBAP}eLp?Qd{nmE#Xs
zpqxahPQRuX;7_jXscN}3w_ByI<;;^%pT~V0K7!*aC=4@4nZ1`!(uVS>*t2~5m@^kB
zaI{#;1KaGVKpV!v@FCdBuZ9zDD5qe%OoM+~>)GllPj7E3)Nkirf#vdwp7(WDEK<U^
z&Syq(ctZaEBp1>#w9TtjSveNKq43$V*!ZjnKkF%sDgzT!)b`mm8gocirylaPVQ{SI
zle|sj{dYPfYyITq<#mF{GDwo4yw7ZN{LpSy@I?A`z#ca8IE47=j(nHz>~W73^hmnY
zHOoKkHhtG-)^Ma_H{6XeC)0w6g!g*el*y6mZvpK~d09E`T=~ttaR*cG4j<n#^EzWz
z>3>ku^^nx}l$9iXd2SN388e%R?dzbmwE)xt?vZrCAVFNUjMVe7!vmFOgrug{&4#nV
zYfKDJzKwTC9Z|DT<F!jjbW2(|BAVbVbv<Q&Qp@?7ikRv9q9pb+F&aMxuS~s*E$ltY
zyhHpYTpkjet^Wg494K*9fzL6ps&!4$VmR+YN7Ap=FB~l`+I6#<jY(?C&q<hs#2-v_
z2W|%#Z2eW~2xYg_{0wyij929Gd#4mPZ*=0?&SC-!Ek62Yx$3J5J%0SS&V2(Z5PJ3k
zN9yb$kouEj{0y>1tI(yK@{PQnVq$V4%Xy_#mab$s>79!GbdK@Z<xlkLC+|s<rLa2z
zxklP(PG(yp^;MhuY|J~#$FCKQ63#NFNXzr*=-rTw&9K`SN(gLw@%;Av6T4r&q{5Ya
zoOK~j-D(KQf6>UwY*uO+H8xz`aJgH1Ul>Z6aVlX*h}L3Q{3b759Bo*5cs$uc?)jq{
z2AWQlbFy}qA>P>h<b`CpA^FtJ`UGQHu<^q?T9m5dwXmame`~ID@C8>vm&(t8f}9h@
z@90B9Z~T09@O#&5sOncL#F$uT4ps?(R5lhPn>b$Wp`js|qb~w;ZookI@jVMFRoPK}
z^*KRebFYAn$5*--h!rZ-XVOHZ^!3+&V$+{Xp(JL?=dUdMY<!^1sRFTrDtP&2rE<7f
zK_egrqOySX<I3d5R?8jr>IG04$28{w1=Jo2UjE#cx6Cyn4_W8{eJuNCPg`&d-O+M*
zmujs?BF_6B@d#F~75IqqA%gfMWjq--K}+rVTxX6T#w4B8Vq05>WuIPpeU>Yh_uN-S
ztcQFm&iAx!eA8|liHJr8aOe2<;HgkouHImwy0k_57;lP_kdP2kz9bhyZ#QY}gTY!?
z&V3O~HW7sBHJDh_`Z#UXx4b-ni>S`CepVW6QEg-72bCV)u6y%zn~P3)OgSor!r$XF
ztuTbA-|}2$<a>l4q1SY+!6!dTSE5DXhO_lvYMTct@wFLasBelpnik9PtmKt{?k!j_
zWlx-PQ|*<*`3=NoES;p?8iE*D*3J!3^7&T9=lN~Ps&tzp*S~+$KZa^FQGAz`$}$8=
zLDi6g=4>w1)*RItZX`UhRyE8k?`qng-TmpPMjUm`k)WzQDA{>tW*2miScyyrSHM!s
z!}l3`YEolN9g1~;alXPsU2{XZG-Oe2dV1cgOgv2_k*mM`cY}pQG*eXF!<`3I*kKu%
zmOW+oqZ}OHM$(K-2HfP#UURE@|L*L}_Q!v_u#&ayncTTC`kk5a4^Lg|&&s1mkE&^C
zWFGB`dvsiK64PCz=*&j_x<Q*2y~?|cH-zn<+TNie!JjZMmDG}9=JV6l!LNGrqhs;=
zw1zF7cS}-#C<OJP`5$L@Whb#vDq1K|QXk^+%B7Qf=s?k3?JZLD`#H{7e~yr`;m`2%
z?utA%lt;WE+8?dX-<ve+Yn?-Scq#_E_w7L{bmgotkt#K@*nwzJo|=7r%J6BiSeo{C
zz0DadyqkeG`VlgbjY;9*Ch><I#)TaG{TqG@di&*_UB|)%Rp~O&DOjq$da|Phz#uZy
ziEs&D`s)s~8?|z_`$A&|ss#d-i<U$BCCC4%6ib(#<(~_svJ}{oF%s1We6P`3bxHRA
zl+c3i5Z6kX@f~xEdw<MKDm<g56md6={YIt>^|>Jp#}D55rwT9?RTGkbnC4$}0fgyQ
z?cGoPZ#G3EiN8PYA8HYN@kSJCN=?YW2!JeF?Ei5$|CAb@04Gcnnj*pfZ>Gk55Ew`Q
zP1SCE2uO+HUj^FsyWjp7!;BE5vgB3tT^#ua?`;0>zt|AxZAFI3@&Ah(`ahg^j<%3R
ztc<I+#np&Y7$&~QH*enw|NZ+2begbZC|#P!>ZOZ6?Q?ouXSLbY$PeFX|FA853t-f1
zjY-Ap))f8X$9~K<HTCY+xrnJwOXyd8X+po(WVr3r5Ztsg;K7QGg7>?0yfaKz0>fA6
z7XvRRX!LBXtZ}J{K7H^`<`@(Ku<u0nL`7<UpEyic`Rxc4{$B$Flk3TB@p^Oz7{lR@
ztSlMKaDF0YvwTOZmqX71*0@fhukUuWi6s5uQ9hMd>K!Po9B}jy))ZRu>7Z}$2cp`B
z<0S%xhN8Z!Su84StX9DbEQ0{301ZnIOG!vPab*`(hnFcdkfz4ha(Z8v9l8Bs^OEbL
z`YrbZKWz(rxBuiG*t;+M67)QhGKaLZw52=upyF{ua632MFoQ#vUbom@f?nY0ht^Qb
znd^6Lh_@^7%SCL*JdOjvhW;-iAv4#^+*(wWJ$r-O$96&8R-X}?ep*yOV%6b>1CjOf
z#%gN2>PsTe)lzs_xnrEC721FGo-o5!n#V%xo=8+mHs{CBN?D&D8#5SR7;->m3>;i8
zqor*TYa{&VT$Tw^KLiEOXVbX9gy++=xBl%rlkMMCRm>|QYxQQ8<ONyc1jWq0J`Sxd
zMuj{pi!+QbS~{HhL|L$yG|T4Y3?;a(;9+{(&bNmR+Qz?rueWC40=IJ5pbrx~e?d+9
z6fD-W&vM(h1uu06d;Pq3=_)5QA}sXQJMpuAxBtXU`a!Dkmu8nUn_ekun{0agQo61;
z=VyV6C?CMRE$tWb3q>89r~5IF9@#=ScD2pq7e%4LTaqOZ54%e;m1-1L;?xNtrvgLh
zf{|`p(YKdB2I`>naN_Iuaksj$NflZV{ZknbYtT8Qy?8oC0k{B@D^#u%^Yv>u#D)gI
z_&1Y|uEdZVl4Ah!pv+qWEUg>4Z$fcEORTy{MP6-H7363KgoU~f2>gow;XE^uOI~Y%
z8=Gz4N{CWaD6QBe7ywWqk3KZCAnW#Jqx;kJ7c%<biOT&*X;g7)y9mv!nz#`o;Eyk+
zZVd$V4NO@Gv{LF@N@W^7%`WMgrAJWrC5S>mJ7j(Qcu7l(=L314^_{I7sP&QT0DMBi
zz248~s3F3lLVV`8{fkPfZoX@9Iu8+Vht1c<kfwO$g=NhcAo>9eeH$8fOq1D2AMrhl
zvheji`uL+%!Rd26XSDAi|AX(&Dk{!(pR2#PBT5Jf8YqXu@m*9X{haHU*YSgHWsEHC
z!Fm8aovsZ>&@yo?&bAEnK6_3BK=;BZ0A;}HV#7(V;~(WO+QF2EfDm=ow|$VJ+wPJT
zyhsPM$mpbsMq$-UKjWRpKcho$NDA-iMZu1wO}VS9RVoF90$;GAH`yml{XHE9*PG#S
zh{dm_z{K9piL;wVutT7y9r{#gkr)A9S}gBZ8~d~d&-TK|`&pORxhcj>@R6om2|L`t
zRsdyaVPrCvdE@b?-I-Uh?_@^x{RlX3CD*3GB}Mr5?asFhHx(?WHaQ?qH0oOIgG(A3
z+ju0z#?P6_r9yl`?kN>ncyiY1++6TsEncW397Ls1K>;CArnyggPVhSm;3`CoxnmKy
zPAe@Xf`pW{&w3D~p9_ET_}YiIgSyCMS{mj82^wc&e;pCp*_XpR2T}R_!tBtg)Hwn)
z8sBI<)FR!}_1m(p>F&}>=e>2+tUjm9fI4AMba#{LW=B_!L}ea{#R%2!3?3gV2F7i%
zyJv+8bvmh&jqMi18|(pSW;EWv{kl~}cbEF6=TDK~a)4s)MoV~T(vwPs^G}?*us5`L
zp}idUXn0v^ldy%&sx%kh5fedUu6W?%_JoFMh~(XSC4U%avJ0+tm|9BYiMm-BBnvxl
zG;DDJ{<#HS`8Nwko>t1y*0rHM7$XJC#LdeXVa<O0phH>Qy}K89wq}Dov{!TiFh~e>
zX+L*$Fz?GFh>UzkA4ZhTWVLPKsM_dh(FjddxPDjH@95^W2*vjH_6TB!k3hhV6{OaT
zsoJ6<#qSA445CjW)nRua?SIdNyPxLuhhvS+(AwT5wx|OJbh@JXJxRuStayty_SqK)
zrSwG6hJuFzI<{V(o>sRV<OSI4`9;ut{{BT=3#*&R_RCO7(WSU-*GvCAK(}v1nSW04
z$2epHpbN^JWL^#lh2M~@aVQpUx>LO~L4vG<N=?KqHyr{bB;4^Vcy;fIO3k>1$MvUj
zuJ%8H5P#=%<A`${Btal-L)*+nQ@0Xu$LZn4M4$bVd<80jc?23!cB@lUO)T=#I^G1D
z*s}7viTCs>=HEJc<F8yXiGsC3sY>BcGd6FncQmh<i12RhDQdoGV2|o*z9Qh$)x_WM
zAdiwE2(R}MM-{E)B@Y8nX#p`7t8bRp*r>-dw4TQU^FC`MLnXA*(ZBXFGAQ0y8Qp__
zn>BofT_mCIWIDVE*5}iLrEBYjiMh7#53>v>c$6QP_{_u3eQe_v5h-~)moc~p{{Xl{
zWJ4QrmLGyTxtOyihq8dmHgynaP0S-`QcQMmSjcdY|BxNi=W&FM%CbRT5jY7TJ^Klc
z?%OVfea~K2Xs-5XT)w<GKXdSth#O1XWYL})2b<eEOZMu+C!7Zu>wf<9;wllEQ9}ud
z$z>nKadB{5fNLt+yR?f^^N_g_MyhP{qpvf7Mj)BaG-bn)1dH}D-*+zCRM6%37Aw%k
zMUCy4#eWmVXP!Slb3L#5_>nqG7%M!%6P%PVI@Z7!7036zA!+40&zkJ`-T8Avw{Lq&
z=QvOZ51)jc{o<c{orPK7F%kVjIhUN#J?YVX#LktdS|8&C3;8rTFnrFsP?*ZHSTPlr
zJu*`JxSy#oyINh1RY6t>E#d3h{U9o6hex3<)V+%8?~Tc{j$i0FU8>TPr(L)9ISC3P
z3nYVapvjhethLIGRa%x5CN&jaKT&r5E0KgqES?ooG=rG|e)ti<5aQxl$}11L=lB!C
zy+3ofVM||}RDYYbAzf3G!6GkywcWy<py@#m4WH;zj?9J?gn($YX#}<^H8y$MFW(s6
zGcX64<W;~PDx~!agVdTp-`HDqXDzi3d*u*yD}-WXUn4d3BM4SX5Z1ekTr(+NA4eGn
z$?b|+;(?UAtkJI_wqbMC0S@|PZ^oXO_3GH%k4@fl=ah8zK0=|XC-wbKLKzxU3}1<-
zvV<pDLs5avLxlpiBbTmUM#+W!fg`l-nWUSo3NhNUcwsE$c$hQ+w6@s8hu_(V`=PMH
zmd2_Gx)OMlfk9U5i*`q(2s<ZPZ$?R<Z8{7`p^mQm<)0yF$~zmA4%LYpH}A{BT#OEG
zUPGqU|B*OYUh!4V&~8Reoov=I)QvQvdTS*&0L?0pfk++GSdP8ak#y6<ot-^uAKbVh
zGh0+g=VSq-U4#~5eAC`TIs)kx(wo~t%}JOv9o+y<6f^gs2Pe<&2U~zVthIYzs%EX8
zs$r`Nzzi&Pjk1(&lz&^<5OP^4lvGa_2K99HBTkZ)&IDijb6LP<<^0r%3@a`gxC0~u
zT=7ApX`#+H&fY>kWN*0Ilh;i$u6lqO;(XqX5MQ^f6My7{+~ig<dicIT<gCpb6?m%W
zfvBqh84TGIg{nMaE@*B|3JYh?W#_YE>LIlO!~hb|{?C!z&-Y<-z|QPVL?7iC@Bt{f
zv}%-XYm}8hlPmfBN|ZjwyWi`&&E@Vv!vGE%v=c18n&;b^KRhK<EWeeFowSBmOrqwP
z*53r|aZ6uhMJ68B!Zan&{AzK)Z%~$4?(*>RLJl8mNjk4{<OA$HjbQoxknDlw@5P|^
z!ql+^!o^IKgYRG23!`R%A_ufKToe!3_V{VP7tK3sAP)ejl6~dFiVU(NNzE7%1GBvN
z0jOyit3UTax~G1j&5y?s+jEAauC`W7c%7mFkp$olfSjoAPfzUTiXPr{u<5M3)}zLS
z1uP`rNcWcn)#Hl)n*3Bp$7mm*k8J$5|H^ro?C;;dzp+WPuFRI%7&BXIkQ9_XvFBdv
zj%ZW%4|O+LJ%2`6f0)Jd@7|4WL|9$%e?j-gJ~~?7f2H0m5j&8-FY{^}(l%VPHmI>J
zjG(n!iD7+eyl?+a@zUZZ71!p$2%&Ne&Ue42>&2PheD{H}&3R(DI}&GGKA5y>Kg3t8
zjLCLnJb3UpzYqfy0wgwJhq{{Ev^R$={;ljeX*O4PJIV}}(1NPtwv>%be}L^z_O&mN
zM#|BnTJk(NT0nEhfu6rrx?^FkQ-BNpY2P!G**GkxJ<zDO>W3&dYWqSb1EqE#0bg1O
z5PK2{FUP4Hb7kU|7v2*9vJiABEEV&!Wcug$cV*gYuC9E@d{%}NI5MDGSnpGpMK1_2
z+`jkKRI<N4Ln9jgo&qz7BIoFq#hn&W^7uyBxdbQ-eqIsi7;NnH)qF845NR?R2qHaf
zxI*Jx<W~WknRGSY-d<4_b^tvUgE|BrcI9R53r!)$y@5@cPIX4*?a8*6t$mnqjabgO
zm&tol?s6Anv6Nsy*bT9A;V4xW=Ji!xZ!a$-gePZXH#gdPTmg{7*{RD-e^zyxBe76y
zU$#t}1>UeeHc9_F`+}Stv9w6>aPW~bq1J4Q#;P`GFHas60}zJPhRAPZkJu+h$syb5
zlZjeLIWBPy_sv}oQi82?(}2Vbo44*M<?UO`f)m}@23Xi`V;?(GQ_Tu!Qxt#Q1NK<f
zj&}vGusS?0%r8ouUTNTq9ij<+bV=ZT<_s^qa_iVSI(UcjUPz(G^*Yj~EftlUxcVJp
z_BKF3Em9YOf7YGb^&+{PgOEIT&MVSWC3xvj$o8?Ualvb97MwT5`1D~Q@{K|>KVcln
zLW*GkYub6A(MGu9KZW2&X6Mfc9t2X_8pOx5BIWQltq|`Z9T9p0<#^k3>N)4cKYudc
z*t|97ENc22CFGW5W>=J}ke*mgZvz~vrB+-e=wxR|l@RNnzuFs@$bFB&x$n&b&;`$}
zye<#PZ+qG|Rt()pB<;R~x9^QXL)rpc8OJ^6OD@r3nP@lWT}|3|4ff%9S^(thxZlte
z!Gag?JnMF-gQWE`RT*o98*n-w+8T8c<UrU{3q4BreP$zmP&-@@%KfYvgu)iD?GrOE
ziy3)Fr=!fu9v}1OI;s~p3)AnmX3T*iJN<%XebYl#K~Gm&>VwL64Yz$IfBPpz%cR(B
z)wQVpGS7UQQhM(_eKQX2)b{L>qJr|0T;t72t=9@VHY5lhW<;|S)!u>L;!2_Eg4R~i
zLhMRl_g7o!kpOD9muvx{D+MS|U#v$5%5ki}op!d8(6p9-(qyaoA+KE6aWY8Zp59Qp
zpZwZod4DaWnfhe!+_NGL#ALzwy8>GkKyBR>NO+n`YN-|F2!sd#s11Pibb@9VSAcqm
zVbDc`g;%z=1R>!-6dm1x?`12ACT7ro9rrY21&9z~RI8u8-M^`!{RAgcu9J84XZP|l
z0W-G$Y+uSJGz4tj(|*%(4`xZ3TT6IAaT+Z<2VZl2G%UGqXJ<IbrGYSSfrf`(gkZ$Y
z*s!2Z=%8_Ca~?VMdaAwMN*x{0eKwCBs(aoOvc10$at#xdWB^b#ZNZG7{d2D2F$WHu
z9TGRxor|He)F!^={^e7lvW$i_{0#cEUw%4~BxDI~^<x@(j*4jSsc}b{whp`V#%>Rn
zjz6an@IiXosR|+W9Y=e=#{dy^`3|&m1+ZOPZ-nc+zs3+O`tyd?V;+L+KYZ_Q#EoBw
zN-eW-(RHy75?&;MG_~?am_L9-;v{!gQ&YQ8*F49ELT*4>YzUmL?g7k~#DRm52@8&$
zJP3);8gRZZ7RWRo0+yRuOjMYS=|Ei_wmu=30}&RdON?`W^kHbB2#f{9JTPha_5eB}
z6UM<G_TDCM$Bbq@TI7=}dWMH%p{T;%MiLFIiA7<b^h%Vmk<cWc0aLzRe3--E5c`a=
z%`^RhPCdM7YJR;9KCt6wyknJ`gO{hFuXI)0k3)Wq1#P}d9p|8@Z~u7@<l`8E8w}ft
ztbCiI2r`pFo>@=M_mnm!)wtN=hX?#0Vbfj3NJps9eG3)OyP$_~>U;Cn2uHmh^!A3N
zJ3JQI?HxPwZ{Z{q`4Jxk1wY_Q;E~lQ(q)t7$WkD1^4}Xime|wO8yDTX8yNNNf)u0>
z;KPQ@8j?ct=Rk0TAUmw$3RUDom!}(Jae<Bo@I3hnXxx|&K$P)*aonDpOmyXr1E1o9
z@h{5`>v=a|uK>#sOFq}Uc6IxahD(Exq88@&wp$g}xJNPQ^WCmW1_(J$<`@%J!TLr8
zdHK4v6jGLV53gs%pY5--W9NzscwFm+m9#QFc(|a<?`w!^NcQ%z)+c>(RB{nK+&+m&
z%Htf&sZT5<(kkz+LV_UkQh^>fMI_Q%U_F!XRdar5tsN@w7Q+^tI7J0GAw&2+;3PJx
zZgh8X<m(0p*j1Lx`?-t5!xS&+;jw%2RW##YCZ~TvAV`xQ;pgzX30C!IcY-8`-DpHD
zh*z4UanN{K1)E3JDSLc@<PI{jH1$9$V0Ls@=RkHZ?Z%(nNFDOSnG?tT(PX5X5e_aF
zF?(_EVI$fR+THQ;)f5ze!uPYAdut{R3kgroDV6aKUFrjT6ItI0bU>Zz!nD*8R?K_F
z!mZWU^k$~kqKf<Jnzgg=SajNtaqhhzf-g-DOU=b%L@yW^lupSOL)TienqpWaYevcK
zc3>l1RK0nWk+6Nj3_6?#(9;9d1;{qF5QP2FwtR^%M2Y{lcLq1GVr*nDCMKo~xC`iE
z`AUtpR;SAj(7E=#Ii_swn)oz9u9RzHdyMe)BS5CQ&YF8|rrc~uxoM&reemD{<X$n;
zow}WE-~LZ@bj{7z^mX+uEi9O!>HA0%+U)WYfETNj3Ybqo8rAT+0_!9TbOfO6KjS&3
z(Uf$3_NL9r_KeF*{h(@t?y;05>UrbQ_1vc?Ze{4v*cU6A5{8ie+`rLXy(<2mY)4`P
zG@c;20+hIx7<?f(7-zN4ZZRw(;jWWxtNem&vFy#TEGmJR7rZu9_6tM1T?ba0Cm5J3
zmPuhqgRd$XPyn*VEbuxlTRi#1+YZ1zK=Y&jm_I%EaxOMa?>yCd#D1vWmhcNmg7<UM
z=paV`n*4Ofr%}Y7Eisvm5K=xXOH%`&<On)~dc8oxmAb~*IwPj!JyF+50S>qUALYB4
zPZi=1!t;QBE@kDz&y=jsWLSAa+|u}N8NojL=&VPN7)d(NnAEUY<zU*`T?uKuq3CWA
zfUM4Seha2gO>5<U*9p8R$NYwc8ZZysB0`)V{l)b;6OMi!E&^KtNRd#auCW{)=VPEL
zqOKY6S$Kfi<)$n(SVK#iGyLkYb1*F{!RB-fus9=W9AFtK7PlTt*LnG}Vn0AqMSusy
zVbaJpnfF!8dZZ}YRSfXj_-0h19l9q5vh>);OepzTc~vSi0fB+RmLSbSu1L$yzLR`=
zVejKG4QsH8L7d;*Bn7!GzqkpcGTc09Fj>CCWRem}S<Lws7#~1Ag67z>EHhV8YTXna
z-b+gu47+yaDt<4Zf1s=igzYn|`eg3?wT+~~NObVD{n$!`*=KIpvg_pTb;gM7-%-_+
z=EUHOf_;a+?o<1pUI0?dJP_!>da`{>p{8AN1HNLNy!eF!__`<7Fk0v^gc5YRzJ^0{
z%68!~Y&H;3$3XuCRs9^&Q%+Zd`bMr)eiaKL%`N*1YdCXxmUH(d6oTp<&nak0k*R3S
za|!(!%}RP=Cs17JcqD}rETGikF_9tplt9Fs1G5bY_t>6O3R0w+d-YCT-70F@uHp|b
z2`qvI2cC#4Qss&a>2on`HVS1jt+0?D+B+a%V}RLiA0B3ctmKCM3XS9Tw3fDkUD|FH
zuwOs=eCWW|gmArb<T<iwBNJoeBREiMsf`URQ-?SQ)5(QzqgHKcGOlxvn!#eE0sbWj
zd#|$aeEm%k+E6MBV5FdX?`i-^)8mNPH|TU=y(DDq>VXP^@k2KYJfeiO^wWg}5<soF
z{**^BBcPfcly9u6qoS@kOa#^eA?&}0AM^C|tbr>;UTbwgy1|?HT?#a6AU%cwwK;dW
z?5|F+Sn~M~o?OW*+4IxF#3r=KurL<k>JU2PuFJbIOPVcr+28HX&cvHKMqz0q_knL?
z8{k6bcfM@0%^dlFAYq}sX{l`}w8TXCyb+?U1eE)O?9754u2_@h7sU+g@hpgC<tthq
zeBSdu^1^ufSSQffv?vf`*kOK0OwqJ&cx9r_JV!l|rx;#fc^n>Iml}64TI<bPxuOER
zHx;RQ_sw0>-JSy;*{4$w85ByXgaSDcerrNGQ}HpOBIQ*f3=Xm!Voe;jH*F}uYndfR
z0*&LlLpcc}1dd@0$<X^kivct?I`_Qkmk-#G2nA!wFTiMJx$Mj|UCqw9%WVUaJ{3(a
z8t(oxGrZ}Ah1ce=cm7lNrrI~z`PKH`y~Lvp38aJ`P3wV6y|A<G(abk#^t$W42Zy2x
z-rYXKulT#jajo;;_Wm+&*|?SnKWGm5!uH2Kp9k_igi#kHXAPoW-b;k?r~C6pe4}=_
z9N)5Jn{6QnvXO>0M4z%ycbrZtJ$Bl!Gs~mtT8J#)a;hrW4514(`RVU97<I)gre*UP
z&rb#6gmJ(!N67RFcc8*ZGa_{dauFi=fRl;^xC<cjGHlruA_2Okw~sFH%K4K^4kGL^
zZa-K)=0w~mcOy2gBic#@C42mN`@+H~)GGlxB?vkwrUFX)BOKY9Rfj)*r3Eztuqjll
zNW%N#yd`ZvPUfH<{IT`CxI~LMu35Fi&ex0||3E{2u4A}@l6^^fVfe-Ynw2H#oH{F=
zfJxw%F82%<@+{zU^?z;*Cwbg7xyHNLskvU+fGJj{wFtg?rz!?NlI`pNM%fi~t-5<I
zkmn)6LqmVkEHTl_Q;*O8Ff+}ZU)z$;Kvf&-wTsT0&CFhpGYPJMMp>9$T!Mt<lR_l<
z2Lb5;7h6aAah5;XXX7Yhi4gS8oJk#15FmQghAh^icdKYYY%veehl&&Vjjx!pCo3@w
zDj?gY240)-rZ|0ZN1FcSL-y^$kGlF(jr~aXgC6`Kp2Ae`pWST_#(3~-1K$o-wNfkZ
zXVyx>(^`@7g+<GKfGTUB8f_jUmbxk>9TO#vf7B0G3EsISm9<D#B0E^PFA4$;0APGi
zK1n1ItZN=FS2S-YHy1c1((dvQ6Fm^RR03K>3f~0nGm|rInre8rV%Lu*L3Z(4s1YEh
zXU{vasKAkrwmyW{)^9Az8#g4Lmp*?Ct_!sn)*I<KpyAYrH-L`j*51(0l6h5NCQx><
z(elj-xA^N>GokMf^rJ%i^>(e+63B|q1M&&M_=K`?J#U5PCcNNI8_YTY_DG|4V{6vb
z4{bx+ZVM~+rnm7QZteuYI(o~oPlGuOiXjTJDQlonZUK*WgKz`qUzVnlE{<#cRBJ(R
z0?xR$YN=twL0o@I;;q3nEiOtxf-|YIE$my&s~qPux4!>NamKz75l3|zU!TPkVu|9h
z>tkNF1%`E!#tvpx6hHvTrj0}iS(tyln;y6!@$PFd4XV4X`HlnWmtV=lJ}36VD%0ud
z>9sA+-48nt9t0CSj=TR>kx2U*kOGj4XU{!8WrmLlx1pGRF|l&D`{88-ldOxqB(0y?
z>cADd43EpWlcPL3_dWcr&YCCSwt?K!c2=uQ3|~wZu8ZKHF@W+Ky%k{NfV9_LNPAt>
z#DC7gFVRcVFB?YOEvb73V<h_9Z8|vmJ!7eH?ihJY_#p7AZ|-b(`rr%#qt_JLgTwXv
zR!`?i@iOf=0=@LvIM?drMOXV`XJC<Xi)2f6cI^A+n|}Ow@~2V<Na!TxV)FQ>woGp=
z3nx-XN<k4V)qFupuw#yU4nq8FcX|NEegGKz#Yuk3N7$9)hn!M{a&yI*m4nYhe}G7d
zz=)54pqrSE=<5ITU%F<*UlxX4csKDEv%F2*2ON$M3_@exbv#fk2)7&m>EcjRlRgdE
z4)JmP=YRkAjTQfgJ_N+g@}K|xzx02k?hW<(fAVyUd>hC4$^u&4fA4?SDe`~!hW@t=
zE&uH>5txg^S13I=eez8J_#!TXw-XFL@VFr>3ya0uf`1u$swAMmu}2YZ3qFFGS3U-g
zR8STmdw}iZt$1~&L-0Bi17)`7M7nnP-<=~PeQZ5Eo2Wr4T0ff&GOvyXG)pZco>uW{
z5{D75={T^0h>Qve0;;O6zW!-5abe|yz#Rk81C*+&t1D)}0~#NMy@fwQzya7Sd~<^>
zP|b&bt9B$w42d5#z{a1(C;4o=`ho|g>@T~YH&9UkwV_1<3==&N`O~Uk1X>}A?#(A)
zKE1!9zi(@6rz4=Px|$!c00Sk;JDd^QQ)mVJJNW$&x<#|`G?<>pz%wq)%*qXds2V8b
z(&v=guhXM+cf5}PzOM^(_hGUDkZ9CLwtzwh99Ud@rS_74bEiJwtxynv?z)^XPA%~d
zj4l8{X3S#{TqD5azLIR=Lm|)=X*o(ASy;A@AaahEKZqjG=BUB>4c|(DvU?uZm{cKk
z%NGmO-jgWv=yIQIs;4e8KPGv(rOOo)k83v%Z?I`XbBZT8+7EbVeHbv(a!%1;qTUWz
z5<X;*OPWenQ%n8gJI#6MP|qF|a>PQfqh32%U@I9MT?Spn1-oQ+@Rlf(Y3X@Y>@VCI
zP>9`G2PYTUWm0?hvb4YAZWUJr%2qptL2tMFECyN!fDoXCZyMwwoL%bVYc}SYcEbtZ
z_idfZ7!j^p9jw-ck_|ig0Re>;(<)jsUplW&X4(ZaGQI)cMo7uy!U~c5AA~npf54gj
z=2=>PofW8CV>N9CizAkgWD)Hkz#QSP*rK52$}xQX6k-jO&PO*SBUb?O!sG%XmIK5m
z0I>l&gkvhUvXUC=C-f;`iwOl%i}lfWsDks~el@iG$HA4(aa$C^(?b^pVj%+v@nBt`
z1thW;C9UKFtVDX&1Op&jK+-1wlV^VzUmzmpp#U)WQu3AP`_S$zm3QTUVn=dqB2g~z
z&mN>vohD82nu?c40N;zM{#KCzT~PXm4~#$(zXEL?j5<`kkFd*rcZ^fvnKBFzVd8u6
z;Hqf{NhXfBu#e$|c3NePav(kfJ(UF}4v7B2?MfPOc07Ov;^BB5Dg;imfN`i6*dfU9
zb?`sryT!$PgPx=Gn}si_w~*fd_H9~}VSyw^AKIgVAP;6CJpf?^X95Lz6`iWVwFPGo
zI6>{+8%ER}0(r75z!fY;AVn^XSW*j%WY><Ud#v16F9#RJaaK0WW0?4sty_QWH@U#j
zB;S}tXF&}+k`J)hxuI6*7J?~Dz4OCt?D2@kAKR*_HnG3K{r%eldtI*ND^VsIDqt1?
z(9Rm4`~Y}FfW~m9C2(dUx-Y$MN%nd0U<NLp?4h<g`~rFeKs^|Fj!!$;*2=Ka?-1g5
z``0Q?do-*l!neSE*Kb!iD9*2xeHImCfj*mO4UL4@(;i=fZwJJeLohz?%kldB?)+UX
zX+Llh-mM@3ag~;@n4hg*Fa&l5Aju2BO#-$eW}aW5#Udd!)JH}HuGi&3YCa^g4w1-r
zR29H?5%i$APObpNNRFxoY5nfp4|c4QV_*yr{nDK#V0mK`c~RG<jp?I)3po)E!N8u-
zH5fjE4Mz+EW{N@SM-jQA2RW!^VBSWH0#kv3?iGkP*aK5jQ{3^7XJ*I(&km}#pT$z<
z#ZFW<+SH*zS#ZIBss?JGh57ea4dM=CP%~*FaTb@p9#pwejyURD{4@?Qv-9SDNd*fT
z#eLfV6#`QWR3R(&-rSGNKyShphrY8M9;N@)Tw?tXH>(P<MNTMnq6+j+STlH43n~Qs
zs31iHi@yM-AOTTDuzWuOUe&F9j1kP8$jLF(%M@zJ@4&%=$%G274?aH`u^z!?FvSX1
zflp|0GpYbmYx?2Nj%5Zg79i#q*d1r3rA5tNG!sB@jT96IFKb+-%n|T_<pT@siZ6=j
zfs;WO!Qb-)$OlL}YOlM&B?7MGCx%BK!Tn85x4V4loJ6)Ca$;<$e2uFUurzB3IV69D
zKNbQKTn>Le58VWY4J1Rb2n)GVkzWi$)<OB2?KFv8%Q3}#x^ii!{V?oW^{-r<Nl4!Y
zAs+Wx&a_A!k|3O@V^Iz+@SVA{6N6Y$n*KPCMXc7O-$K~KDQ!WPG9gCTKka>ega!5&
ziDHz1eb8VC9CJGZYlA|y{MBZ}YziK8%k`b2|0PCm`kv~h`0<EA9g#=ev|pEFQ>))M
z<50g^L8Xm_yMh=~GWL6LO3=W|6P#Bt?|F$sd((biL;NROdJda&z}Tb*l^W)NJp2Ss
z(hYw68V+upxIz^sMCO9#rypO8>|Aht2sd3XmZw1XogkR=4cXA(#X+RU!rzmq5U6Zm
z0z)){5~r5?o4Zwz;UNDNz>WcKQFm`B&+OvU`SPWiZpTDy<61e`5pOM@YB%QtPjqRv
zOjcg4x>{=I0lMsXE%0=)1->Y9R$!Hq>T&K(&pJ$%_GKc+isAx>Ah_nzyE64cIEv~4
z(;W#E)>v`MYqT55rC10HQrZLcsPVY3YqYDY>sCDr+~AWTqxERAeKGyLSyE+Uu_mnH
zFjkB6NtT6u`J!Svt6Ix3taf;r;*wmC%}M9Kgdk8a4NEQQ!R<3LQ!J^jYMA>UQjk8T
zP0u_HQa$2g0-)@^&ht68<<s8K?qy$Cb|GQq=n1cn;0>UUs!Q+ZeL4I4`{uqU@R3j#
z*sR4ItQAsY^uAup9NaM}S7rk%9u&mONHPFFQ|)l{xp{|e>3@-lDyVC!8`2hi+Yits
zg3SxkQN{O$MeEjMpfhJ#NENz+u1S}2Bn&tbFi2fSRFy}K@q#U9ASV>m7D57t5GauL
zK3TQpuMA|zH-~QJ@IuHW;K$mF0@DUNq*g<*6JWUMMziAtG#O;W!M9~A$i%<^!Ma4Q
z?AIaEV{k{o|L`457oaUb29~x3YWx{&F2F%qAN-6=(ybonAD={bb*-wgFzlH-m<%}-
z%24DAcdG$SsPlO)C@Qdd;Hf=pGsOaS!>eD6_U3_cJ{5mSjwq`<>YH5wIi3!fH(>FA
zk}#+cgu)72x^gGEBL1%yoCO$(rFG||^n%e|xgUdT$3fw~tkcMGmU?07MS`0qb({jw
zWyoB3Op05=v_ek<Mm`W94}!k~NN^2Hozp;6L=v2uU3Za#hET`28&w!Vc!xtxhNA4S
z2dyvYieA;mG(g$~2M4IOm(7RGVJaa9*O$>JA|^KQ9HCUfp8y=w$a4HFtaY;u`V@-+
zm8IM+*gz^7>Bv7{otaUZ^u7d_g+jSk;;V-NP!I`oq#_CkaS<<D24K}9osS}S02x4F
zXnvjtGR6t)wL16^u#6nD6&|k8qXO86k9&x_cYXkOyl~G&;9B;>nJ2_90eDVGR2VP|
z9OX^lXqBTmIgQEA%K40~xfQ?(sSO~8oxR_O*XBh{HLy9L7q>EBu)OOu42OwoJMZQG
zL+C}cD&v9MXNXOkfdCE=;|Lg%-vsV|GuSmVg;;^+6-cOjm0m|sG9zkkBNGpa+{<e{
z@O1aGk>f1A`ZF&ueL@b06L4y#uVCkKZ%?0qzd>|2@K3?i>8}oT&D`Il0O1RxMtpYQ
zT!D-F9tI=vy9q5Zat~-;;G7->?j9K=*e~pPz`_OLjCiMj#6;LYpmcqAt27FO#Ni+?
zuu0(gt_8RQAV*X`TOhrl^T5TA@mfd3O%FR)02YE|2W%k<1y<}?cgf3e%oor{jz0<f
zXfWAukjpXQLCjhnY!P%fUvn}@${?2&3SkiwmhQA1tUo9Nh@ov<FcQ8Ju={ZC{LEAf
z7uvK6PH`m*D}^KcX0$1sqB_N!)}nAr!h!9CYUSW>;oXWe9)js}K|5n7p_7I~z15?X
zJp}?*Ae6nCcX#c`^a}3U3dqZo1Ck89(?}tJ*n}Ng6&SBBPF(}KGFTT1PM)DQzz*FX
z;O)}93`cS5Vfq(epS{yH4rydzAxvi4lfsLf4+2-(m7%Rif$DWTJ7+UZvoWWFCl#Il
zr-pWzjTwaI4cbs1rm~eXD3oxFBnqblG(O#;jV%G%7`4R`AR!>3{8479tPDivbDcNg
z-cyjdV%S(mK_8U3o-*y-Xr}>f{>6?Y#L<VEE4)Rx{2>R_qeL<jpfKd;>$%(Z1rR<N
z>wh&FKv^45S{;g!Ux7X?KsV6Wedgg?fSyYmno)GO%G24Iy{j}FkWEQbL<vn$ye)q(
zn3q?{K@D8(p3mL7s;ZWEk?u?75BDCFIuJ(a-tKNBgfUo^KjUzk`~iSw@FIe3RpX3E
z6%<=I!G~Uxiw;W`zne!xn5Y=;SiVj%1t}D}%-62cj>jLP`3-(2Fm)l7Xs%63z}9Wg
zIx*hl{25pUu%?d{_mkJ)0Om#0p-ZrNS*4c4;k?>&T{uh)2t6|MD%#(_j@NTp6$7q?
zku<-bXyUKn*zAz}ip(~|Xw1dT$QV%#I{X*^`NzG)?ah_M^f?n8ys5B{T-&+eUP;hI
zPDLW17V2Ux$eIPaJ)mMjNP;i=bjLQO?iy-6JS_%ftq1n1WdVjT5HNvdNx?V}V~;-^
z(Lt;7o~ZK6-UHHbX=$=FI45Gk-d&e72U-TIe^WhI^yNyd;x)$nQqwm{7>5K<rhf_l
zjS`CbQ}dP=!1WvXo;1s+c!+87SE5F4Olxly*EOp{YG&@qXNzncY4lGzcm1VJBNnwD
z=te|%S*78yJv5}!v#^!j^T*+ky!tZ@N55adzSVuJh<&sS`C8q0c7_)gyw+P4x^75X
zI{sS~wg@YUShT>m20Q7CIjMRmS5SZ{Yv0?Vrc;|#6>x?FamazBqPBU{P*>hTlFDK?
zj|-X%I5YvFcH#E<Oh+@?MKS(CJf5n$isuag(6cKtZr%RvxOPr1uOh^zf-&;5QS`fv
z?eC~x=r3^~U}S6-)Z&LAcrHQ!EEOtlW<YPz;$0>)-T76em83WO26`lf&L5Zo{i6j?
zo?)4ZMy}y&#hJHCx$9}~WFl6R6@oRpiebm$pCW~OoK)>*`xQ_xq#3Ti^g3>wM{3cF
zh^du&I9nKDDCv)vIb3*m6(RtjHgbx~@RW}0A{&*}=6=&M>o>3CGqP5x_<?N&cGcaF
zr?BrSXmJ1$1Z`RF<gPnT@+lqL$pg8?O2VKSG_gp*+Pk2-Lcp>~Irz-CUH~GX4vkG5
z;yy=~0m;RxuLkTsZm!%)_AV?WOU>(hf~tJ=Dr})rfqkl=t$-6MlL6_<HRwJO6YDiI
z>UF`N2pWKr3;^l?m>y(xd>y*b!NNkdo;VAg0tK2-rOI%3)#0U`A4DV#L!Sn2$<z45
zu!KM$@S0oaAhI=;r(AHepW=G(aLhH%Cxc~x_};Fhvu<MF6F2}O>I4d@xi0F7_6aKJ
z_%_)DB|Ne(_a0C<0Nh0YChnyC1tjOg`97dKAmNE53}>_@Wrr-nX@WUzY9LP!(p~dE
z47mYmu_17D3|xc9%v@xUOb8wbB=G^xAFBj1Z73e+uKFcEOIJ~d^$3phPKhnNI!p82
zfJ3nW<P#_YPgdk;+<9ne5qpW;{o|Q^Zefx4a@)?$-d{Eg4pxDp3VILnIj|-VTWmXj
ziUU=f9BiUgovz3J>2HW#WEX$I*jd}a&j*fdB>Iswr3~^m4}I)z2Q%mf96_Bp*`PcQ
zULPRYHKZ_Q^mGad4KQrv5fn=+u+5P()`g5d$|@*z<=+Q{5gnweY|wn~oK5-4)mzX*
z<l8ttw%umzC5Op3{?NPsq(07A)iB#>&m2?G1fS9az?F#U5jffV@Vp1az5|wG6EhKO
zjq_H!q%$<MEl3LKR`EphfOz=1a8gWwU+6le0;)*Tt<E~RF3_=n=c!qk+m0OG{P`-{
z5l1<os>DB+=bWv-17~Ew&dh@o*x!d%Ug#0+5m{s6E#t{p{D+LaveEclha?Fh=b$PJ
zqWn=o;?xvtj}Jbh-xU38=?!U?_eoDzy>|si_NsJBtCtg$c~)+5UXT8vXrrO*ytOYW
z*VQmG2$z3P)mPx*w~+Pc?T{em(R)|dBQt<R4yo*LOQmuIF3X3gUtWQ@%m61m{Zx%S
zSYfX&QLjhXmN$EPYAO^tqs7bqKgfH_xGcYIYZycYi?C2y5m6Bk1nE!#0|AjzBm|@d
z1f)|%Da9gGN<jokk!}oHK}w|a2Bf>=8JByXbN1Qq`S3iSp7-~@`_q3b-dy*!)|zw7
zF~*#0YP*_K(bnR%LuyxS{CbEol1n4#qzBr5cb~RgtZ*&c|IxF6om*%Pg_qx|8~5Jj
z@7)OQ#FT{Xx5OyD8po8CtWxw@yAagmMz_VII36ASifSfqWi;7QA!5tn@g$;E0X~Hd
zo>!^M(C-DRBrYs%zR&p%jUn(27lRV$fISpBu{BzkU4y5-57is<IHFl$;t<<$skhEW
zV|Ncev88>vwj<o5=A)GRr;Xa$?NPlAs9Ia=9Q5HopUhH6PwO`F(|Uy9<!FHl2Q@vQ
zE+AVJ2DluQs-kftoAbN`?h>q+`bd)mBy@ZW)Ud8?Mt|yK2ad7jW9KY9D$wTF>~FJt
zI`1Dc{2q{Lx6(FDs<2ii(hbyNcr}RF3qgB%zSlJ2Alq?X-fIwPA&sNxi)EnY$x{Xv
zzVdyAY2QAtMl<Hd1BTL$J)k4bL0Wl|W-mDP*XtAs*JX)0BoV!vH@`)H`YE!5AENO2
z$FK)C&fN)eC_;S>5A~i!^@#5Cx-2L>(G5)${Mu`qFm%PQ`MRfDN-?anuNN<k-LGin
zD^DxVM~io3_xhnYqTEKy?Ll`*_fIks_l<V`hZi6$fe49n{A7ef{l3#V!C{BuLZuH#
z1Hdg;_uunb+n-T*PrZ5LZ_dNOQxEVLF#mss#)WwC@SV^H%XW^GcWPQT>VXtvxaWZ?
zl>dkB2nY4=vM>2Ns0cx&CAd%}b@b5>BXCpQpTBM<8zQ>KuV+lvgz`H?RgPg7=&zPO
zSsy^7oPJ`Bc3xXOVb2{{j>o8t`72fv%=OP}2}4}#eNTzFV@>1#$QjOQH`9CX6P;+V
zo0!0K%aHawh4do_38MrFV{$u{_k$-MC-(iMrn2hHp>$ufoq#!1?^I~2y8%PyD)Z&Q
zkQiYwI&c&)3EycbeB|pdr;N%O@N^PTA>X6(KAO;OoNDFzG*Xa55Pk!^I#HwAVu;wj
zu@OlBQMpTNanrN2s}Eq2BjN_id~3y=UHh=LL40A)pCxrJmsBX7fhiw7j@`v?qkG(-
zc9AV)r(ZBM+yluCg>o$^B6I5dZ--H4ebzv@4InS?0?G${^)3G0V?V>rFcIQN)k33#
z723Ck6V@Ia-{0dJtzw6gHF-Bo^Xjg_?cFJa&TlfXo~j!isF}W(fv@;I{<YWWZ$BNL
z5EVxBRXOEhmNoYj^^N<{1rINk4`$Bv!r4L8l(7`(e;S!zx*<u}y1Q-^>VIHNGG9?a
zA|PL`e~Xgz4Zgl;UM@Nzue7m8`8LcYYu_=05uTc`GJlzx@2(^1f&fUxv7vf7^1W>v
z(IB9)PK!nmDu6fipVu}vCM^_7pvAB97Y-ZItWsUggYu3bV8LvkL)Jj`R$4HmdG+{Q
ztdNBE+q-MaV80H+Y6r>g9I|cSNZPmqhm`Oknp0xG9!M0-k@gmBp@P2^UUq+p`yKhI
zG(5V6Hn^gs2HU=Y#DcLba3^l|1S5r#Q<)WcxJEmBBPtytF2UjhDhSVyY8E_V@z0+p
za`QR~kpX>BOO%^$!%>LA6MHGQQz_*WtOE#pw8;Lft=)o8AlhPxYVeHH`ZNl)pJ@FA
zm+*;^^tTfH4^8r~<(F&R+70D6xH^K)fK$cKd;efn_tkS*83kuiMWN{eT@UKFtO$c?
z`apz~2k{FQKD?pzbe5zT`TUeM)3_Vj3el{C?~(65{j1mWqpQ1yU3T7^FEHJpHRRal
z$LOH#1&vKch%v<b#l|vmZabcNegoUk1l;8NSXlPD$U&Jl{WU%{(uHnE?A>Cw9N*Fl
zz$0j;IJQJLHLsa)>pAPiXUkzz`+}$K^{er4h;lG<a=ORbF_$^d|Hqsy*5dUK|21Rl
zw<@iQH0_>l@@FXrJ4}?f?%nh3*u_0EvYU?U_-SV7?|FMhwnXfhUt@f^>|GnW^Hc8b
z=jXFSs}7$|4=&U_xlD1WS)#c;Ok%*bn!~_uZ`1&1*PnXh-?};|*}v5q2)e^I(jphs
z_h~p|nA>sQa^t24VsC{u`nk5MNbj2nvoa@nto7&Y3Uc78_+x6C^LT8GCADzu$8`sR
zD$?3JrQsE_A<@WRe0g~;GGdwenfZzgoeW<pJwK+9PD?YZ&NgKBj%q#P43F6GrB@+O
zT|z-JSZeujlm{V{U%DxMRfpXn%5;-gk~&v#Y|4E_o5ZuUMwvc;WJnv{i03w(uzPQI
zC;rkHbANtCy*NyQ>=ug*lk0<vTcS>jPKPqRGj<*Qq~x@fc0fUA*I;7;wbv_d{e}b^
z?t@OErv?-<^KM4I3}F9$i*6XUk&h>??WU$-k-Ue0zHrK6n;CDzXC{`%92ZP^*!_cc
zu8(^}{p=oPI$Ge|NG{)SW-{XG$McQ3J1J>c>6&h;pZBV%FFF?cXwIJ6)+Wn`Z3Z_G
zT&Y+0oq6{@>52k{Tg>D!s2$*;@bco{hx`&P^_~)BTggoW)5@;&`5^r-U&+kbW~ZJG
ze_#3C>}=#Wlq%f$1RDcQKSv2AHkzre_8(W?Ry#d!;{E=;QKQfLsBB(IYTst5@V=`q
zD;Jhk$O3d)rmSZkN~?{VE;($AWaLWDLFzcfks|GOHri1;!mqY{`e&r)iLUJV!1b!;
zm%Q)2G$X?~BlZ{e7tu}k$Ve~LMwdl>+7d_cg@S^@C;eN3`?*Tb+ZX<jqh`CRG;*<5
zt<g$GXTXQN`^ordE3RlZ49r&d-xcCp%BnQKtxJS=#IgNDu1DW&A6bplTXhC;(lZ&&
z^eHwaL!~5_tn@^!w(<9#KcA?tN7qD7pIq|ijeeSC8ftdu>68duBk`}&(#O(vNrmra
zHzFx^r06W3I&)R0tiJx_3O3~H(+@gRM2#q3+?P6__v~uM;ccGLIypxUsEycK7-gF2
zR_1G4u4qK?4h-bATb3n0rJ7{!qdq_Oe&Eo-_3Z0es?}2IQ-{f@wnp4<G;i`RYX7k^
zFe2>~Q=V{BvrJjiVZ6g!_WV_X>XCn5hxz8dy_||UeHxtZqDfn+j0bMX{dzb~W|H+-
zl&kqVPs{FD%2y@1`JU`jw=CQS=WGjuErJ#!i=4(}NbS{Iw>tQZhXv+ua6bEH-=3sK
zxo-2N{BYI*;uMe!w~~epd^HC%x$7eTo&hqG9H;9Ih8ZpPt`-SQR?@<Ud6bWTI2n;n
z5ix8!mAcX_M7Qcf_$Q;9XxCyN1q4K;q;!s&+vhQ-h~-Hx>^pn*D^J0XLceQ|D%s0Q
z3u@NZid;4Qn_e}V?W#9%ni^@21eD&rdrWncG<jJA2WxAd13ODo4O!Qu^I}!K$Q_m>
z3`9FF=ayHG#{YRf$(XyJKP%a^`-JV-PVF34SdBKHt#>isPfomF#j0~IH(cN5<~KJT
z%dA!j7H^Y$SLVi3bc<F>HH>`AUc`@SMbt}3SmpC5oMtU6?t0Vur#gL%J}LiW(K>I)
zFxPY-z4OKUvEt9m8I#1zcPY*DL{{{r;F-ny-$sm`OlUlHU^Zn^{Hw*O(1n6*`LA7F
zPy2UDT6N^lE-*xn%S6&7<^PEku9ms8(qzV{_Nn=n{^2tora=}NQ-p6ML|IZ`+}`-s
ztxMBwj>kflLnW04%Cy64>iO<YhRa)(s<3QKZ?%_HyH0YfPgYY}{^_=>wul0gEe^{|
zFGNNOZB#t}anZokYMmlD?g3sKHu!FR`a=h9l-^R5mHk&M$cvqS=V7d!;ML8IOkT9b
zR0B^jhp}#()jjDFmc}VJ|C>c5@c;JgjsMZA@PF6IqPyWsTefv?>0?GA%m4X5=0q(2
zP6MI)|HCwpSLL3!-*K?4u6nqAYuKs4Gv4vIt7Ud?de%BQ)Wgr8-+G8%zy@5uhJ)`g
zo)JarxA-xSBkCTto0xxHTUI<3mYHScQrpn*Xe>f#{mzv^sT((LbV=E19bCFYjD2`U
z-W_S?zINm^(U__t9ap99@>X%$HpY<j`=v%#J>Qz^<j&gZU0~a(PG0}{^JkoM!Ka}k
zm&o7#WZaM{DMsVwwyHCKt@EePiL_0CTgZ`)lT$&C7B_Cw9{oVfhIq+xv$WYZBfcg$
zkcGDFIwCZ_gilj-L_*078_}kLA1m0ak4!$+mgBuj+Vfj2pPrt#(WOA{{{6EH$Bg*U
zfaa!{R`+5qmiVmIWtwm6W1SwJ=jFxmuMzdL9Y5%t+(Gtp;`%N;SG)ld@!j8>F5skY
z+*EV=N5x4?sn)q{=5AX9JPuVPqkm@EXpdlCd%(Rf;h=s0V#gzGAC?k}1{}o`)kB3#
zgI7jzHP#p8STav5+bmpMPV!=X;WKFaJYPUty#DL=y?uR_pW9uMdS-`(EO8@1-KepA
zRb`1W1>}w^Q(FZD1u1TG3zaXkFfh!$KCC<4*%$NY>c<n!qvp*bp%U*~n*o|6?KX=#
z4IQrwPMI`~6mT~`nFj6JCnB<IQUcK%uu_#Z;WMU?-q=dD>UH!GLlLg-`Sy(?cV!)b
z<+!5O=7IyXD(^QL{K&oajQ8lYri%2Dy_`H}3sfY0*Fr7R+jiFE;^DsRruF+p`9yVG
z#CA@6FUPwLWI!J|N%fSQYRKR4>?*%rUFu5KGXHkvdy2TtCA$%g6jA)bl8KK?&EsPZ
zY~#@dt2B{?%QeQ;{!4?%pMj%dhjd=lJjlNmwO8N6>4Bs6u!}Pn{n47myHgjl2I}$a
zz@g{8Yc@*LGqyfjxWK;^+X8FF;BIc?)QQz2K0YRQbK`meX;VktSlC{xrtkHFi>pI+
z1acVC63c2Q3z%cZ*9nLeCY@TH^uMCo>5)Gl8D^>E6epB+<{)Oc{*0Y}?s2iI^4X$7
za@Be-eN0!wAKUn;Fd<#n{SOdw-5%X^&or#y996=a6Wo5rsNKQs+o^k6GJ>}>hosDM
zk;O@>-+$D2O{Y^x`H#zNJOvGF#^d3%Cz0s}&QGyWV^bejlEft0Vs<GdSgZr&puk5V
zFnOWAZ`it7PJU+mFB=-czhtoSL6SNnFoGawP1mo{JbjntOpR&V#Z9tTBMPfy4X_J8
z*BS25c1hVIn|BeqnEram5CcwBT)}1U;NVsqECTTKuZfD~;cpl89QKa^cU&C0sMdQM
zyUDBOvFz~ub8+G}u&*9D_7kMKCu-P{98CeCPU*`NOv?LB-6p6&4k6e7T<W6xGEjQ(
zsMCY8I|8fjgr3S<_~?s6=+?^%ZhSrTF+{g8Pm`|o@~h}FvlE7zAI}%@nqs!w`?y3>
zpCzhe5V0jxq0gQv!#qBfHCBv+_gg3Zx?Mm}WXKL0ny<TQhmO2sUA?d(<!X5xAJ{ck
zpw1-jia{1}Tjw?u4-Ot7{5!*mTF7~2P1kbp`h9C_mC2+RKZ6szYqGS;@Y=nI*uEsn
zgi^bJGI_}Wrdwl<?MJu1ln*g{bK7O|AE#}nq|jcGoa?uT=d@RxC;5LF84=CU6g@$u
z2{_zYkw18koI!NVvh0*Sdp4S?Pr`ZTs+wiC(=he1gn)xb90Qb`a#9wp7TT@?smdD|
z>*`9~d0uOf8~*1|bo_K6=boU(k22gd#OZt9(N{+`R!v&s8XO%y>$1%H^Fpc8Q~oHL
z`uge3kZr?n-ZAwFL-=|APN2;s=Rwu12JLR~a}94*okpz`u11Cr*cQsZ2%Xx`EflvI
z>s?+R=cqJW8;PofjI5<~op#m{byI3Dr!~IJB$Hb3mOcf`H;uV8B;!KZvi`8vd`pd#
z@<4H=x@nX6Ds`WmFlBnXh)XiWYo91>j_g{SZH?zV?sd=}Vdx-D+u&2QimZ2GKVcsU
zJH}NG&(Fka&7f>>l{|EO=WyEex6U!q;-t=}geg5v)P{+hJ1aHmHv0E#V-(oLj89^}
z`mWDQ{qq<m_f-i_-%;Rc6qL52+C2bmj;`oP329$wrYj8|yl~Z9yUrtHQPjpJi<sV1
zJJ~X9H#ygyF?HDrL0HJDeezF1U*yWYgU2siv|aQ#fA!tqBesx%{948h))|XSUa@q=
z#@B<}verMA7fBHZbWzJ=sx;E35}!<$$5t`CeE67~%f&hWfGcayTWQ;^L%dfPd!{uv
zTuHF-fcTn0KZIUHNz>P^5<IOYzH9Bczo^mR#6rU>UA1wLcwy#LRj0dsdy?+i=d5i-
zP5AZRg9@B*ioAB}Vr4R|+~X9jTOAHKyKf+Nbf}P(wxrYvVIQQcLF~J=SfPzkV^daS
zo-c80y#>$i6bVxgzx&=#Ox`ad-5%EtKCtG#@{Sl80-qTAVeo!x+g#7)Tl#7qapq+a
zSAC#e;!<MneawA#!Htte6>5T1LPDLGfduKUm1D<`A3`#0jGn^0o(6qM@P&<TYDYr$
z4;e~DrLxhhAf_2%6Dfj>jiHMJ{xL5X=Z-fhjKpuE<5X=~#a$;jD~I-3up>f&+9of%
z=gL})WJFZszql}PasYW_A0s0L*`vpg3Ds}<)ifDX5bof~D_PE>AKfc4x*}4>da!OM
zv64OC470U7Hfb=V=nrQeBpdqj5OvX8KUO@+o(lPT>(QleGp`R#$!cf_75-@7fP(hj
zyJS_h#Fmzb8*cV2`aL_97u-_g$uC!j&~v<tch;Vtn|*uRg%1S54GW`FI)x*&Ded`o
zl%`cpZ0^cisRK3q#Bm7_qpmUOAl^Qzps1`SmzeN1W<)8!hoa4|?V4Zi*-2jPBK<q(
z8Rrp4>Wdd?vblvCbmCw|#5jQuQ`gDRj<y5&k$fRyz4GMcM9t_iWu44%T8Q02V|nwM
zsp4+T2e~K9R}O0g$|AktCFo&cjQXB>u=82_;?K_ssKVvSUbmB%fqQEfeRN)4S?kfm
zQrN7!nxb!7iC}P0YV1uZd^>E$3xd}x;svic&J3o;)8UGZ+&afS4_f_G?LwoKbCO1V
zjoi-*)Xs%yuzkPv8R5V+>(A=;i#DDkD7Ghyyq~mOzGeqQRlYrH|M>bNt3nV;lxX-9
zj0Uf4_6oxJGfWT9<G*`pSTZnjQO{@_ks{R-q6`1<u#Nn2=rWi7ZJC8Qr<!I$J}&l@
zX2*^^?mXAfJlRJVe=SAya?>O6M!lQyEW1;6dgH)&NR}xh%Dm%iXz(Q<S%M=k+$(#I
zOb63D%I7`jZTgOaQjtGC;%#(vG=2c-Fy8Z{?Gi`9mH~5K=SxMro$c3IhDNHxU9J|`
zOAtH{5(@@+TpQEMI4s{d7v;(=Xc07cz7X%nes751yajK|<GN2aS!HV}lN@ZvLk7so
z-UQ_Tcz{s)Eg(wbNb~go-RkwN#kG=G@gn~0*Tqze2d&Lxn<>3N9y+QZSU1u4AuTG+
z=hLG|WIe}7DZ>hERps=AjaaKAM<qN1n!>M!z9I;gc!5RD(wRFojbY;V|C}~L^0*q7
zeW_7>$aVXG=r*zj?X?|M^-Z8@AMA^v5gxjLasD#))kfcVFMb9^^-<GeVY)<KZTY3v
z!1Go{VuxPu=BaI#m81u}_0fLn#cChoduoHjEG`^t^m|@M;o~d+Z75?HaWdo>CO5rY
zd#|+k`cqP0lYfZXfEvsBn2gA@0kdZ);z0-8Uio$uf@+@lh@CP0l`9%i{eAmg_oVFu
z3UEy74NEETA^jQtc<0*YWC8S`J5_q;yLrzKbWEqs*%^l{6qsr2mWkwemiSiP@YVDQ
zFNui?Z?0dB39=_yXUzTZJW*TJT9PaGguL6|Zs?WKK3W!I>3w8{)i&X;4fE4k80<ob
z0XT2p&5+se9#vNRIkn9X*um!|y?14NG)NkDeVs5zHpi(6WgrvfOPGGMQ6JwPxbY$2
zz?s_QokcF(%;K&xmnf!}8;5y<>hl#^#W&Z!2zl?ndEmT!zS*6rt}a?+i6ULQ(IgW*
zV}T*1UPjB)RMBlnh{)cjKil4(*Wto>V&|}nDHGtuY1$)hW$M0$%Y#2^@23rZ91ze0
zlBT@*B@O&8Dtclbg|na8=|0+1Q*rVtoSRwMsFl}oPl98aaBYr^Tw#u#Sk@0I^+ql6
zpp)Kz`GUxX!7JKC<D7cJj}+UL1BeYsKgup|sZ(_9;^aJzZev`$?!bmhT$M%Suw1c(
zqj2F-BcGK$Mwx8-I!uZycNnliPFqoVA<89aFyjCquWdr&N6b0!J}oJ4g#c~{PWo2O
zL`!gd0FyUHiUU<(Gsa0S?LtV<17HOey|lc34-%@C?E%GxF#AjF^A2bIM8p~VcU~bP
zF1C)0SxdafRN&8zHX7DJ<E%=L<M|yPi<84$Fc4vz^LD7*ny^ZBiMC`GzE!@|JZ`?m
z2!QjdvkzZMEiGyz1k3MMHZr+lVtGjF<yXTW>=KOCqkgiNJ&0E)9#giWZdxsNvWGGk
zJ-c>*PS|mQ3V8o3iWF>g*g4?c(7$ly^}>&e9WnxZeTozuE>+f8pTbsEOvby17O}_J
z?;qp>E7)ZNA3JK!2f3~i1%qLuGG>Lje5di1e25osxJ(UbxeeLnLwpqhJ+VsZ>23BO
zdW8ovP-dd!aM^DE)5F_V`f6S1?SX0uwSo^zgG!bmmlu9|ew-qr8uA^0<q7Oea$;WC
z->9~Ljli?qAj<nGon$Vv*x2d$k(YGPio6^9HR^s&FtQ;iPz(|SaHFPHTREchUm>i?
z^W#xA)jMk;;o^3CiJIs0mz!$R!pJWj1&pU*nZ7s|oY3N0>at!DIUDGGOk%ZnKVZo<
z#=^6v*K%G4DNs`lSnzlqW!sGmEwlEEIbeU2Ce!HA>r+{0t*E|L_gv|-Xd(P^y_};&
z*ngSY-=8EFpxmSs>2&F<hc7SY&x;H3^ZS9?MF|##3ix|>ZNUENxshGtm@@5)EnKqb
zG1{<slkiXyK$&V;i^?Zf0|NsbNJ`{Tlyawm=U;9(1Akvir(s3nj!wPKHKNM9^lI-T
zfQM&UIhQ9}C$$Fb`~O5>h!ZoeEJtB*+2w7u;gDOBXjO^)EJ4|g9{UW)gf~TOSh4`;
zU^GEsOS=C~qXE)idMGzDzaC@8Iy^MAcXY?FP+xafH#^Gay`v#hIp;6x+&#NT>L8BG
zt(GYXvZke=G&~4FWT_%Ma@cVoRBZH;V6N|+aWdm_!Z{ww*Gy9Xu^J}g!h(-)=U65x
zm6yJ?%t}r#T|FMW;s*BIS`)GQCnMk_RvhcVZvNFF;M$IL9fKwn$#=8N4fBr&jFYCv
zi(6;8TXHCa&IO=}_x;PeU;i2G3PwZ8^`bmd=3;9kHhZ;3N@^5@kaySI^7?4=g6j-U
z;lcZxJz4Rh?-m1ILJB<+I6uFR@kMo7(J?70x{YbqSgt|X7QU=Qu(QO6Hyw=*>iZz;
zUf{Uj(_kiEEAE9FYl3y&UKv?KVzf+(j)?P&0u6s&qBTFtpM8tR(wcAK-HN-+aiXN8
zGxa^^P{T;Kkni4m7{>m3tpu6<v~!$4_#M!LT(okmIyUy<A<!=;(qvV)V~D$g!jE_t
zJ*Oqn#zEs^KHO^k`aL55Q&gsdB?)1Yq#Al&BEJ1`>YWx@yIieOoxP2!YTo^N>#oT{
z@D%Rt9x|*%Tdja|Mux;)Xc;M=5*$<F%hoZx#IIA~lGedbwx|4Y19-MC))!~-Az=-&
z(T%vcc18QX3E6WOT!lFI*(_s&XWU@Rty4J7%lRy{Zfk97TBO;0a3x)WY`3VNl%j6J
z0Hb?Xd)IIl4~}c4@i0QQDJfT4Y#x)B{(b##JSxK_^QiMvBQE2<alEaj<czpFZY6J%
ztXAuZ2|Bu$n;TSKXCNRvDqqZ_B;*VnR-cYSNoAI&A(BrSEll-~rj&u99lU)?Sa>7K
zc=tp}@*A$?dMHGqRHD=g^wh$V<=<@C=c16aX6WGX<mCo6%bzdKZSJSvO>D+nTx}1+
z+PJZ8A#3L_bIYuAV}uCV$7mCp_m{Sn78iSVlIsnK7KwiXh*CXuqAL95cw5fEPTF5f
z%nJ;(YowJF9y@)90a-W<QSxN=S)KcqFH9#hF(*-Woo8w<txjaPH`tUPcPIh^nx?kj
z$n%^3!o<S;FA*owbAork;{nR8hz}4!E~nelfINxc@TGb{Tf|2%f1dSCxc9NqBQ4Pk
zzDGRfL$k(w#uLIG8?8PRKdz+9sq^C8Ns55E{UX0JfEq6`L7O5woKw^v#a(%n%@uVN
z^cXsUAmenE&0h0?BlOGEC$Ed=NYwp@7eJNy@J%EseeF9r6c>z*=`}Si0SUj^Ks4V0
z0_3vW3};d0b0W1gJ%6qdCwh@Ek|9D!hVW&KiAcMc86=6yW8?VQkI{`wV9nzrV#0bP
z4D5mjyN22%GqJzSa#(Y|5_hb`(N}a%ep8B78z|K->|Ll<2hm~KUdXjZZ|X~5B%frk
zglT`7I|ruYGa^&;_Zm1<EO*}No-cWgHCSFjoa|Y<Qmx;W6rl2He)TxTd(X>ZqHc;O
zS?iXlho;AKEIJn*y8bL-U-IR;-@3K^gK5G<(H?Vh$HJoYx@7U>EVq+vmuAN8m#Zm4
zZcL2kCD&}->?M^Z=#?U%LsTKTxP(Q(7ov%yPkBL1ALT{&)6c3jX~FvmPu81emF;I?
zk;CeK<2k=`2QHE9{fz|XJKv}iry|&I<}^2=RJ-lMVU3+Z^$C{k>RuB$sqr=FWTFax
z$MT9nQb=9!!6U89YKpz&!g3;21A5A5jwwcna_OAh<khqEI8;B}Kq-)1Pq#j?kB4o$
z@cTi@)oI?J7luAW8ZK9HoscL$&awtA%)x;MCxx<-iw`*hY#WjMP$0z3J=4AH<>O=>
zzb^aT|12JyYKp7o)yisVX{oDZ8Ea*T=ST6zY*&w}`RwV}iZZNKAWD%jVsqC~Zm|JW
znO&6TC^+zQR6rAn>yC?5)#vo2R;D0(oT^j(dwjNjdzChTTyO?S3=C7eY4%{}5A9yP
z`tc?viD#6Q1)IHq^RZz-L$G1-9sA2k58w6eA>cJ2f!ZD`@a-K_x*}{^%GbC>&v9_1
z6ff;?0#l{-t`$S2O*FRLyEovodXyrka<e~DhqG3Kd<4Jd+`H8e{U^gp&pAnGUT4);
zJ`;b$eCSa0pqFq25P+c7;(=P3%2q8Z_|8Eu_TBnk29#oH+=?kFCD^4@Tl{5!D#!xz
z?JLu7@NvW_+GvY~uZ4;ef-WOb4*|3-GShY_r=M$>CvM@16G&SADRMiTFNKWQ^v_<{
zNM9W$YNe|Y7cO1nw0F<}ibI81GIFr;sB1>yfMb<x$A&Lh5$&PU>b_=YLa#A4D12$J
z#$qwV%{vin&!L<A%JGScvAYAgUP9w$Lf>Ef?o@j>1GOOs8xv3>J9{*4Gm^v0d;?*-
znFM%oG^grp(DRV@(G$z_<PSh<(WO7D3a@M)Q4E)aS6ZY;P$^uW<QXY`<^@yVoHR*r
zbZDq_hAj<3QrFvKS)&k6KYr5YAy#$^|Fyq-ltDUaE~;HWegUsHcl+yWSejYJsZ#CW
z?*M>dj~9E!39x57mtSLeDanNzCK~g`YX~3U_7qmy+uM7oSmtL%hOYT_76Zr7oxfwr
z`r_QUsK*mjqFO_;LYkINiMmHCnC}O&FHUET(T<jCmd$XwX<Bep52%^LBO1QqYF(zy
za_ZEne*4E}R(4DzzUTqYH!C-SjEMXlnBFoM?m-!mYz3U9o}x_ykwEypD~(g`KhAH{
z-}9T&)U-~|k|p)Ecg}clnl|sI^luC@FQeK_(XvOtX*3x5A+@6ZS|9!HoJXF5Kui#;
zv&yapKHX~Tm|k_3fFx?tvu4wFjpYVPIPwJM#!if1uZmVCeYi_j7RPRw(w^`mpd-q-
zI{sYDd*hq&_u6b~xJV`%#gms`Y~w;)`S!X@J;9)FVwO<|z&F9@#&zWF;C_(LpfaMC
z^7+|TRu;EuB^O0GOW2=&zE3u8B_EjZc?Yso+|X$)5F0Pu<wOoTg6IG;RvBF$Ol4>k
ze17f{>uR1x2ljA$N1D_~Gw0Tp!iZiPl00rwc-d)^6O&se5_8CHYrDsj_fml6&dwb^
za{if_oaGhm_cm>NQQ`vOvRsVxA@wF8AzUAFqYp$;%sNi@Ck?p=i+PY07Z;PkSD@$o
z^xC7#WK25_H(9mGtVHep@oLLpXNh)iH{L}L!?KuR`uChRwiGVjlt?wVM7c)u<pp0A
z9^4|b2wM#c6VpBTc>@$Jp0uiw>p8`z04{8&rtSuL{ba{pP-rMC^zVpw4Q5!RHES{4
z#VshpflZ*h_b2?i*}XVT|FLxx`bfflbjPKHr9|=)=lEkY)7|HR4MF9tT0W@qA+gJE
zGzAfUcbDK$^{1xfEFU?2LmhLtpLdIU*EjAWt0C9xS}o7U_vUo1G#Oa_x%f&7VG*YT
z3dl79GM8l{Ne6d2jD_f`ty{qxg3^9FO`hU#*rEc@d&*a`KTA4~M!OxQcfyFfwmXmd
zUl=pL808i_@_sfkQFQ3#meKL)7vRH)NDxrhF}1<URAY+tnmiyg^z{p4)kyB65^Nik
zZKU_zP7F6k-AX`QCsR?f?2TUGRgWRSxV^5tKAh)*ql|rVPjI*+@}!8c-SjVJTrVcg
zDI)i=s&bC`%*ee%%7@j~j8J0G89toOpqHgJiV{m*4_!QIn4V9a?W#z!KWQkvV3sxy
z^TZ(A>moZ!;_1covAT^^>SW+5w&%&uJ<dD+=P28V`F@q*2ntL&(zFXk8KJgpYCe3n
z_S68AYU?$vW1_91Sx?+T^EUleJKkoc(AeX~5-m{8F-wWDnA3Cp3Xez#)F)Tt|CW#u
z8{)+$fbo%ylK^{NKlGLp91c7T|2VxXulQT)XIDkJ=s`6RvRP^>A5Nju_Lj=|5cQUz
zvRUI!8389)35=x|3^v{;AN4MM&)vz6B8>QH(4C3bLLP?|QTR{o=A)!h)5Czh!~<-U
zkAmt>7Cyx3QCfF=2!)ZTYX<2wvkUgs-~aBoRCe-C{+JB%va*TO%pl+EP^;{b6o~!b
zxB3=Gd8y9K<kKw&Zo33Z6CB)G1VRP|1~vA(qz&~nE_1#$1#Yd|x>nQA?AY;maCo>3
zEL&E+ZB_IQT?hMa2t6<Px%Y9JDY8rSnggs5jPBHoUA(D8*iniv9d#>T$N0n67U>%Y
zg2=l;4+4A>TF>3P<daT0x1(2FA*N*8EhqmrdLYB*F-(2uPX6BL*YX!>-ejdHUGh!?
z%*53-#HZHB)|@yYJSgm)S9L;In4pV3ydONeQn(KwN8Dp=1MWuhL}5B}XnK~(;|Ox8
zrvdY8oE31&zK~mSmWFMTQC5S|it4(R(K7Kh!VRv}^@mF9E88&BC)NFIL|ndQMQ4EL
z{<K<~=~K?jOE&=2vvRKgte=*f&CADQmS0Z+^2hNR92>*cf+wK3u))rRy-M&NS{8-W
z35|Spbxr#j2B+ykD9DP<cl`*>GJzz7|3vc(A&h#??})54erv;^qD%1wRlJ^&|J8vd
zQWZ6nk$o5Vxek39W%!~=M3K!*LFX{lxMnN1w#*MxP!=*+9^7b@Ds27g7#nz`sHLkr
z<mBWg`+r;qW0Gmf^`*Fr4GEAEmZNG<@@}QG&7L>6Qpv(0^n27kRqKH|l69d?p}Qs#
zPoAH9apc@!#pl!^13|1UTB6>foCYGoH{N`qf=g9?;>fh7lbax^;r>kLyFIj<J8HbT
z#;Np3Cv}@^TkG8hlat<nMdBN}F!m^BR_y6K#O*}U!aV9OAU|B*bbG4d8VtEz^9fCK
zCk##@WsT2im7mm7V-^{kby?EnvFYb#yM>Y43m)rdp`JmkjgB4I0kM&oi90(<Ktwx7
z^0G8@fD?Ry6sNmc>0FC8Kge)*9TuLTtUiA}K%|k^ZVF(zTDJsR?5-y7MlFX{JbL(_
zg>_w&Gu$T~$EB>C2FEp0`~}J*&HrJ7gO>1i=ngB8XM;zCq#J=d^bZTzItrk?=)rnG
zGb3Kf+!^N0n<+~~LtLt;owc~;ipnEBZ(|*h_~G0t28e>TNG)0+oD2x*gKsSp8l_b#
zg&G*3#G1FQph<M>(>nwXDFQVpa^cn}<7fA~nVC~?P<erde23rcp$#5B6+rSxj9bqu
z=myV*MIg9q2<3bL1A=UciMk@&PG0{AdL0iVd*eE=2XlSojA=$td76BMMZV^8^Ggj+
zY)!}Z<_84s<vOH)X2X}l2J4#$zY}3Jrf!rmn6{Im`QicST!<83t3sGhV3ZOJ$uZha
zS{`!>GB4;UzVvFHb&N8V5J*%{IFk715c`+!d-=jm+)vYiek(bmf|q2;b;zdX(ttv;
z3EJBJM>}86hLQYslblUxz>KHB{@%A5uSI_*!t$%ri&36t&i7rQQ?#6yD)%10w0F3N
z5G>(qn6MbzOGphM@<8bdoGUoI*14`4ZIV$p5&%oJ-0l$8#48Gu;YD`d@=y32!kTC$
zp`%0J^qYPjF)2vo29?@!m3z9T`IxE>3!igUz@tZgrXPVvfk;#z$m-TidQbdy^lj^(
zFnRXt+xl|k)w9nB4PG>TtwYz_HxAJaU!Js*3m@~HvU0|jtNn;+x@twdpp6hF$-Ax^
zsEJJJUVFCI>6g)S5~QmPMg7{;R%@n$1D6v&%dNXtW(44Y2*uY-TRw-p=^u8!3HMc}
zMGq0i>5`crkOO7zM?nfD%3#{ySmD6?C6%5N03DD`;ya)5vuRy%CWE;AYxp^%5UJBA
zzhgJWm&k{T&QcPj3KioLJJdr2M&s-CYrA^z$-Ng&1VBIy%(_z{5S28ars7d!14#%G
z+l%@9ztHQ-`7W=*$fr7cbRhp!-Od`4e7QLi@^>ndrKYk7ZB(D->e-xUI>VAP4eD$T
zH<_52rk2ERXC-6YXYT024&fm`BD=4+pq{Rs7#-7sRgJjR<<X-@X6{P5m9i`pU;G4F
z+nr!M-Jg&q^Qr~357m{bw7V6CuGjv~P@n^G;rL@)evEcSi1}t=(VUbY7#D4WtG1Bd
z{7-E(#N#~rt{QOum*!bVy!M;!FQQ*3yNLg-?ECvHm19!h+>Tw4L`Wjw|Lmn8lHy|F
zbG!U8)u0QI_#QNxeFZARrh+heBSZ98%&O&!<qu}-<`_>uRgkjX9p37P*!9@%`i-xT
zW1#~u=qy8%;O_AM8`pzKk|H;@+-Nhr0AdNcf_6ZRT4_V>03m>V{}$W#p;{jsVRi{c
zcXUb$tEc(pQSWxc_$e=Oj=cO7NHEWgUx82@E~&Dtk*)gC8lPXA;~p~uh}(EYlGuFF
zPN4E4XUHR3FZP*M+0`vyqmmdkzIk&uIO~#}z>ovC%W%2i;@Sq+gx+$TG_)V8NcN3t
zl>_nz{b|T8geAh)UI$eiB=kwwrraX&e?7F3X!E0osucCK`@3aUZ-)NGr;|wI_OBF|
z5?+=>IdnUMixf<@(}Aa^srENmLSh2=>2Af42y1wN7Thj1JJuhES)wUc`lC>Rn;Xxc
z%Zk_7JDOSttXVOVJZk6Q_Ym8aqlBO7ryV;(%H7YW@2oTbw8LyHnU77)gk{m=Y{b;v
zXLR#UIqjD7j!aRLQ+CcBzU3YeP_q-?a$@AeH<Czu{dDPY-R_ym$B!Ssjqc6RCGGWy
zb&H6zp{w=Au(zgOh9H@~_^c+oi{ER)+bx?CSv>;q%$+qo9`|C!8*;QxARMNSZoQqJ
z<#<e<AXsxA3O?3VQAx`#15zN|4!<W~>~aqivg&YltC8V8(DN7VO_!>KliKs1SqB~M
z6Z~e_Ye9Kiqv*=esGWt<4Cy6Y&<RQ3a>Bp0@^L!%tve10^D8a>j5SM3Z5<sPbd*TG
z%il5elLk&t1?ufo>;4<QtnV&3aQn=?AFT2)C_rw*jFxU3GTJ=0EyQWbxc8p}o7Vgh
zu!-z<u)jnPI<Jgo54K%YUfw{YA_I(JZfCYrVZ?J|Rmd)>poucvY4<Na#eq2X|L`d;
z)eIB86VD9baPWryQ@gmIW`($O>dAd_y??)T?76=5%YPq(^===n(Z5fUI=b0w|G(WC
zcERue<sa8wMDf32Ol0kuI}7q^;m}UPefOXLa|`(Y$Xg(mTrwVZ-rJ+j+u&;P{9yzy
z?oX-kL)a4Q$6=`h+y;)#>|e(IlT!Bc@fqwi`G?;y%7Z<4ARWNoAEp1D`TWJ$7iS`K
zJmMu@jK;|b)b695JITfb>fK{qcUOem|DGA~h|V%>V<85tV(xXrl0fjqyJ@#VnIy{D
z_B^^t&DLIfNLZNec>q==f^=>o1f$ZS<EXw7mkAx+tjM^gQ6Duh^bJ6Foo%VG9cDxF
z2Pv!%i6*<nl^G3e(<hZ$B8eZHAD5zCA0BhMj{+BBI$<DkTq}qvg8GZ%hA?I!_+iB6
zgVxonNvCcB+k<Jt;X5e7z6(LEXBI*iolzz<KRST*q$Ha5G2{P-S+XgkI`)^{(q;7o
z1ttgiHG5QSddN{^#i$H!zsa}x5+ExxBXUvaHBUqW>N>b`2ou)i5||IVoqPYxr9t5C
zNkdS8_P*)$>(}Jj!Hj)wgqNT_<T-G_RNbB9S6`0IWsHRVV5uJ+fypKESSqJdxNOUm
zpycR_QY&~l0AYZT#0!m0Oo-tJ!0Y&0n_#hwJn=xLHzeYjFWfRA>qW3zLd8as)W;*D
zTI8PM03iSZ2VRpnjfNM4ML+%rGvLx2H|l@-@h*0kMK{V>qZNX%XGzQ(OwMKlE4Agi
zHIddUJD1@T<ySZEb{&<Cd@^qSsx&;ZChQ!_b5tKF;ojWpd}}>we2~!CN{13XMivD4
z{!g8Omu_~9E9vwNkGn<H%@3(jvPhaSHW}lh-7=7OtxaJ3dO@_ruRnhD2!_g`xmUL{
z7IRI8VF<G~&9XZ;oD+MiW+l*7A~|+|h3?tO&0edB*s9ah=eBIUo`efd*v%9pJ}0$0
zl+2+_?jL|y4^SPhR7Nx&#8mMUGP<9A5cWjL8rQJ|Ea3-Hd*~wlYt<2XWPmK-g-t9A
z?*eHPS~}T2W@e)O&ow;AA70i46!#d7#wRMemF#NK0UE*~+2%??*aTrMgLi?PEQy8%
zrWj?XzI~dQ4}@%vB4XlY0Q5XiLWJu96y$=X3OR5$T49LtJu9-JqMf*+8r~7Pa{S=}
z;3u?EzPVs#Vm8>oc*H#zNTRY*YRs2#sR(;A>AtrG6vnq^0vcn+4i%CRJFQ1Gw<T+v
zf5rl0i;~^mXolN6q(*qoLi<YWeCkbb(5D@)!Q*(Yc;PcUG<@Q28<gidHL+R4GjID0
zs>lb4;@L9?J_;BOl*+9!8BYTh%Ci@Fn_&DaNulR8z+U}3bqk6Cj(X1OEffv_wy5!W
zfJbE6#?inMZ}Sz+M?`r81T7F5!Vgm}Dm@6WYGjOLOG`^&32+iFL5dGg5&r-=ox|*{
z((=2>7c+;o;>{<P3Ss&C+1lhiHzx(7MI@V{4C{N8jW{Ht6@zuOA`<0~0QLx<UdV6?
z8_b7sXFp7}biV#5DONM!>VLQhtS&LcPVHPkbPVZK=AJRU+8&$LAnWmIm~SMd&aPk3
zwAhUh0b3|#=#RO-M$_4c(x~vqraVaFtDx~lj`I+sia!m-DV4EWb=;oQ;>H6&aK0T)
z+8h65Z6kso3=s<jDZU@A*7YEYES(Eb*u`1&h6?44)*35XSYQ$*%jd0e>ir{hl1{Se
zQy*c$Gs<-R)T{6>ryvV<AC#m4!)Z2*QDS)EsrbCc^@rZf;Vfa4nP7L&Pfl3K+KSf6
zV0jT1J;$_qVR}KcM#9jgKNcQYseY@MK8NWydzJAS&S0lk(J+hn42+-`0t%ToqNlQ3
z;$~10p3!94SY5o3GY|#(tlIAaM&-J?BPb&L{G7~HSy8g0l4&P(l99oVI6fa2cHcYx
zBP6Va<;x{c7J90VkOg$4AVPuKA}jv=8^dhrq#{LViupuIJu%Lc&HrF8smKU}SR-2-
z&IW!MEutX;fg{}B(D<D1R}7R`W*NY+yus+ZJ!4xS<Ilf7yz7=7uvNr6H><I(Zb7V`
z%uR#&#RtwnM}>9xzlH6V!W@%6eAo|1OhRM-r${)T{NTFwo8P;8Y<Fh?tYt)nb%&7W
zpeL%Wroak^59se_?D0T1NmOjyuf-Yra7k4-PVnc5qqpH-gkz}WmxU}@1Nj!@R0so*
zSdI}vsAaaMs7zde1sns>iiXawXU}u5sHK{jyWB&Q7-2$zGPiHPQ)FcM;uMHBwUl8{
z@4GE|<?wD3e|#@R{oRuRxssre2%i*O+s};c?Cg5s*OjSJk_J4VnR8A_uP?fv=QsR+
zYR;30*GN*HKf>GUfIGR~U7W`&B6teWd?>HDDi5M6!Qny9B&2xH`J!jYAo!d6kYUM~
z$h%=XGD$zurZbXZ%dlt+GfOrLOe_d&ei9tZbh|=)K(WN{ms3xw_!52Yi5g*IX@sba
zfAI*i*yB+P3nhW+vr)d8Mfn?$7K0DPbmu9I8()4-QG)F4w=Ut@aCn3C*i;K>Q`oGV
zV=oB1W%fNZ9T0WycyB@U8hFk-#oR)|<qP%Bn`(yuA3t<{%2tENwv^}mm*k!T{a<lh
zk2O*YOoR}x*$(s2al}w!i|&H<lnQg38t3fHB@d7x*m7|qPMdX0j?19|fgnC$jU$!^
z4P$Kq{dH#1piDU2g=`qmHvrG!7DPprAj6u7ynk_o9ekN*_SoRg7|6}5FtEb2nY+q^
zS14nUJ(aDw{A(+f*m?&^`fiw!N2NeSN5ajlRv?m|lb_`6cEHcTm*=150vjn4j?vRJ
zK2}~GT=cBUERt;YVm~7zW|M6dcZ@5Hzz`FB30k~ew7?m_Bc|qAUY{D2a&-7C=py1<
zrGFK7TiT8QGLf5BMOv;e>xJ_1>YSauJz+h;CQJoo3hRge9K=f6AhmPPK#dT(^wi#F
z7y*WIDFXJp_XX^z<aftw?r~cS<Z$~j?#gX&Z2GyH`6rpYYj{V5+TTG-oB&menCi0I
z$!TQLIP(PgM0}K7Qt+slmqD4*L3o!5(>bIW;HwlT4{U501~{fDl3W|Lb>1O~Ydc-?
zsE>73cqIhe_@|-#%F%w!Wx`91S{@d}9k4jOe(E`ao(8yoR9D9d7X`(<46=B>Lq_tG
ztfio$8i{|}@aPu($h)nR4;-g_!0GqvY%E;Dc(s9nEX7#R_(~b18iX6dB7oF_eJ=Ce
z|9)e9yTM#{G;y(6+<6dwcft1)O=AQx521Z^jT%l{*=TDVRUU~^<lNov<Dv&mVRMGJ
zsaNK4@5>*ym*oG$3xE%WJL#|vE94zyjQNBi%21~Ke2;bV+&q_W=idVqP`%`1Bop8J
z^d?B1&u7)(ZM$pnAde7z38hh06-tBJiE@>tpg)DS1B8cHO{FQPRmn=16^3tM=3@+z
z7poe`^<b8U+HCmxMQ4hR!<L%^__dM=c9N?(ioMEz2_m1CZFZp7&I&Hc?|)j}nM(nP
z89i0b$G4$6XQ%v3DsTc}K}5G^DK;(Kc6wQ@lfYA;EfH)^<In@J`2?IK+>7`wh&g<r
z(v8o0alJ9&S;TpQ$^8tB3qYBK_KIQv85)l4Z@#bV0oeUYP5w!h!uCuAgobpr^}eHT
zxAZ0V9P5-q-;6t@7n*QNJ3igFtlEKG`xV^|WKFf1vpXK^#~=Mi(nlVkM6<%sMtW4p
z{6!UXf5t{eAe|jRqcgmH4@JZ^AE_2Pejp<9^8%8`lUw#Ha(M7A=q!Y&gH`%!mhm>~
z6ETnjNxw&kQ;4?q+f%U}$R}lpc?6V#Qw0OL1l@mYzh}61ROr|d#>w<CuEiy8I51&(
z!?&Az$-2{RJK_}7CLla|paT`bdnZt-V57W=A!SyTpBc#ig}ek@9eHkhU7y-DJJmam
zbKi2vf5EO2tYf25I6S^CuXb(-GILc(0RI5otCI$^Td)qqgBCC63&M`|J8S&}HYs78
z)0ou3+f;3&kdUY+xr)QVjQ!#Wmjq!5gL-8R@;tG|{<{pR?U`o6<1dTNh}Zw-8}pne
zc}9i1Tn3sXs1FF+)?>uCt?011X|Yhvm)6iZOkq{giM>QC<}d#Y4rTmyG}a^p3|n*-
zZYJh*;8WwQOlA@;MbGNQ#41JRG&F@T+R&halEzB|@E}Sp6k_-xpiNu{MVPtJq+!FI
zcFNToY6)RyM3BYqpku2O%~W?g0++I*E~)~>)2lQSFeb0>g-8J?O;jnW>dX&B#9R2-
z+auh1+yIv0_AXlZk+W?g^lLP%$1-+_$S`2NAHuCcq^H?b2Ke3y#~`{}m$ZXtf;&wc
zbHYjg-9>n9!*$Ev$rtwTjBg(Ne(N-JKQ&G&ve$NmnGuorNQ>G%w`Cf_Vu<}n#x#2z
z{8vZ+nU#-ae4%>izHZIeU2{W^hBpAk4SZp=!l@0M;nEG7K4`32<e*eGBjgq_^$@p8
z#8oFWnl-l7!0&+%{;mCq#wj$@_Z3t7Bq!VP8k3;#wEaqvxsf7u%t-?gQyq=Dk{v@D
zYm)PUWwSA3ax#58z_D+qq9|^<mTYeKC}icQvZc*g^GjM$algrm3CWF32ayaYTHqG=
zEeIh~*}sl=Ii662as3xd2Yw$ioOR*cL0G`itZuzDpzEsWfu;JVpN?ec{$iLvXcniQ
zXE+q92@&>SG~Ri71nO>xpdvPi{r(JR^sUrR6rk4t#B^<It9MeXpA0$CM`lz4lU?vO
z?*JWj`j2J`d+{iZ+kU>vo2mL`RlcjK)+txP7=?|@iR)u(a|;*pUaAiPHJ`632Mmn@
zQ9G0d$T$8ef>^oKv4=oav!ahfrUOsHIW|?$`D;!lpBI|{F&~8)J|r&R&99-)|GW@j
zS7E<rd{4A6d70?Ql+{s0APB@I=7j$4c9tE!D+G}D`|O}#AA4`?hWZy4$(hX2(a~Mz
z;Z=LIVFP^ow%a;IK`xTjVULEBM9T6!tK$wTY%8LkMft||%g+NhA(e|YC05A+UGYt+
zxMwc!gfU_LVa;P)Ko|?v<V>PSTSLQkRC*ca-0^p+<OT2wAyLSPN0QG58liVbE&4XL
zvvpk0xtY0H-%nm`K2DQY3gl}nmu^=M^Ff@fE@E7U#h&P{d(y~B_K2757UD^ucls0n
z(P7?<y2eKCF+q}OaeKRj{xOpr<tq_qPNFVA1SgU{(a?xmH=4T3D4ljSE3u~fth3zv
zeixA05tR<rcJGJ=7axPJ)$Ny|dg72~432CU4&Hjjo{1Qmh7B(m`Nu{wnTewa85_vU
zSHNz);L`Kw>WmMj(+Gje-J>VA{@{;Op$d<7G68>>wH#ZqD$%qaBalNcm~88z84+tO
zQcEGRlKkcmvfP##AV)G^?DGsrF=VhB4_dWZ(?}VXa?Yc~D)e20nSxM)i*)k0|HHwf
zA9xj?8j_ojOYQ;Ne+55E|K?Bj>{n{W&{?#f6Rzs&=Isbe=vsZ<`Rs6nxb(O7ekR&N
za6E9BQN4zCle_Uh9eKC$wnGev#u2FDp7Y_%XwdsvXTyjamx8y!GfL#yp=hZ^wcr_!
zqUnrBM+Z16_dg}}tHljX6-M}UkZP6FZJ#)fBfP85CN9Vx?a4sTVbuMEynNkeUl|>D
zOX%q*bvKDC?H{cgZ?ETDy%4G1(dDX>F*mLDU4I0^l@8ZRp(9i^PlMnmvRghN;-Ruu
z{*=`=Y(s%+YXBF=4)-Rxlg4e8oV0X@EM;UmPOz=KdQ4jg5(|X_?u6W1e`sjO-JS!7
z=7XQJo=0OMkNIgYFIi`%ZZV8nLdZii#5)l`VJq9WHRh6NT^QuQCxpELSfe`bkAx2A
zZR7f>ei3J(qp|m?VG((KMvf=$SZp1cCj}`eik}m(^X<Zrn)eauhA{Ey9QB8gl;D{}
z-k+4FWV)-FR7*Zqm(l>FOw0*+@kod3JU9tGK>T=mXTZFPk`QI0eFY~Uj<f9Dl|(I1
zP!G&j|8VV*rPsu!G@0hRVk+BRtHrh8@kuCYonG(mmWM(+q2uFKv|ERNmati?mF@pG
z*PKAkS3ksZ#_6px4_3ZkD+`o!KFb!&Q*~M4tL(bv*s)}VB3;{=%`8kaaHh;0CeqN$
z=6hJFo>v?pjKH5nZxce8x<r=S7Alu250d9?;t1TtO;j5Qmo?b8XO;*CXw?I!!#)?g
zz3&*~aX4cKt&@11DovWvM9IRq(PSmCDLP~J01}+vr}xmh9wkr3(xJ&DYvrlQK_a^V
zg+NHNIn_@j{j4+#C|*4%VzF98`xMzZ9WhvzUp~LWnUfr@xUTTm;dZh5KTj!|$bPG5
z%V%^VMOwpPqdoNt-vXo&?^*<Q>q%p*Z+&}G=VF&$=wKj|gw*Gl<Q*ni%ED5Nfi>fd
z+*vXrZ?dvz5}J~|VQhG(M7<qMY5XaoultD9RgOacJnH9_z0R#!DX_#xcR+`B4>HX!
z&^TOE-EW!6_bSUpn!31x=u3bZjVyr9fao!VAvvK%=%$VLenYlHFkI9sM%mp;TB4nB
zmpf4%H&OGnm4eh6n@?D>H+s>q#M`vaMQ^9#@_2%Lh*B%7ijVXx1X`4yORXgzV+Xp`
zv|G+M85tR@KFqfc;gBFX6bAE=@@1OmoDf1LUFx>}n@5ga)Pm66Ut3!lTYo4I37d9z
znn|9XcU*{5AkH48SHWsWM!+AXrSz%IgwGWtuM{mi?{ET&0h?V}RpMehK8(IlAXRKq
zwdmINTIVs$f|Af?wVLJfh;*s!UAp4HesJm`dAG-BhA&eL>X5VaU&IEYjr<;7<g7cP
z^S2)yFgSkkJb^?=2UHvug&NQQ{^aJJukKFXWtL`;+jG*mG1}n?OM>!at<1lcbSAY&
zs_jU=2u|^_{A9ox@%OTA##5zq<5FITYd>EJCv7MOuP93%g?2&PAvMDXA3#K_JrOJB
zBh5rSUqv^o?X{vN6@sF>kG4zSq9pY)2Ps{bT0<!`+2<wl9-{;@lal>vrO+do6Ll<w
z{lGGsrU(x(NWC?Bw8PC9HHk(RYQ@rYqwI^2o0qHNZj`7#%JD~KaLq;gGqB4W5MgMc
zla&_cbl67d>*E>Cw+@a6#+E*Z<fiwJ{!I|XxE47pe)(E+?adoE$lynVfi`jIvlQxk
zqK)2N*^jEQwkR^sbK<|--L~*bsl-2NjB~bNm9nnnU>o6H52E-2bcjlfF#0HWt8exq
zeJC7aWFRsj3UrB6R|!=g$gy_PGuk2Thmo!6Mt$jp-pe{qfJYMHM*yfQw#;I8wM;bn
zr#+>x&s%2KXCvE3PvtLY`@-u+Sl)>Gv@8@qoPB)MX4Ki=<dAxQ#@~C(Y=yNY$jLM<
zMdf@d(r#3M7u{X2t%z<8)JQ#oa1>HeQH)g)sS{rIco#(-+c`9cOH!UskN87?5^H#T
zeLh?b7sCyfhUxr|;negUpSM%zK|x56YRGQbJyZMAA4fzIQMM=V$Z!L6(;FCMVh860
zx2;B|=zLWQ5(4Cu$%IS2qXpFilWn|3@oSyPQt)BHYB=XibL3nUc|dLGl-ps-u!I06
z2h$odwrb;8{Uu^5LDXaE;oq9G2ND{I<{uzqL{e(Pd-i+A`mfQ=D8rStVpJ8z)hVIg
zqcA~>`t)11A9x>5$wZPIShlk6;YXGdBHSh`)lK~G#hLT@t+-kp&bKXV!jmQ{k6z$~
z4o~*;oLLD+L;A^?5IEA3Y&+KByg*H;?B)%E3TWqt>z)ZF+POKGCeim&f9fk4!)g+K
zxfA?8HuPi%LAfQa$8hW37aVRNr4d_sDxwa0hqkEbp3$~w(b%yCyhfx#`PGa4Rmg?M
z33EvwW}LV~l9R*uIrl-L$U%DPT3e;Wt0@J$1&8K_uGRl?wkaR@ADwMiISC;JOb1cS
zvPhW{!Eq+cY-#ni{LfvEx`T^)HIk`Cu)&d&QQW^D&}1K?cl$OK!RaWls(|K1o%ryf
z+@y%ekEz$$|6*#3P7QT0I()Ai;2IsPKIr!%UO#^NMQk<3N?Z|a&xFM=8+JgbQ&9W~
zHzybb=B9VE2Z)~4Q?RtKCe4I^#)R;MgE=!hOZ2m%-U4@{J+})sW+*A*=!X&&)%k0i
z36GFi-X&U*>W(=)Y{)YS_hi7>Sc7#WE8BenB+t*LrYCsVMjwl$=|7{QZhw7k(VT8b
ztatL)Jm$t$5`2f(Sr?>&Z2QB)UPSXzs`mN+R(<;ZUKcg%?hieR{!_m&Y%DWQZTFr%
z=_Y&T<1={FwjE2B{T#zHB6f}HkdwQIk8OAb|ApNlmDASMVZV-_40%-%?lL~iV=*{5
za^_25gU|cpoX*#|lPsdTMs0E?tLC%`+gz|>*a|bXH${Rvy-(%v!!MDvf|fgn(EX3Q
z3cqiuSm<oop+6+BC}cN)`45lzdYg-CtfzljeEX(|cf~nkPigf1wfD$_DqQGEhkt2i
zX7z<M6(B$*(9X0f#Bu3@Y(@Vlaf9~i*Uf>qIxs16C$oDW_Pt1aSgAmp=f|?%)A`K@
zf7zLvO;raIm9oGo$<JQd-#pE!%t@Hfx^LoCE^P3Q?nfxToQqc~KH)5m!Gbrk#7>C0
z-Hku3YULx>*li{pejmRCoh^F3?{{9cIK?DoP3#X0-@`toHKcfc)a>9zhmpHwy`N`?
zGY*`iGH=%?Y*ONqI>ewjWwO(7QH^@126M6;TrMcSf+(qB$)pMo*Df#DdZ&5s+^eQa
z^XX0T>p#nT?DL+jd33TJw&zdQO_4<#iMyB$uK78{@G<0g)!C_Z5fuI+_8}V3ova6M
zXBaIix)(Zyc;5EqA9x&Uw{PF=s5r-yGY?I$>mD+*k>8W5r`Y6mlApdi#KQ1)UVB_p
z!6x*~VMK{q<o*E9i8_+g%g|?!-@ZK{Aed3STaXWP+SaZc{iryjqOy&FRSL>QciW<W
ze6QRmt5@PtpYrl3Yu4NX*v~0RTlwt0n{vKV;H_kWYNk2yz0k@_EZSOfj&Gdxi;uTT
zj*(G0(ST7qB33cFyK?`7!{0cFA<S`l((O95R+%^SsxRVY(hWYRkkKsr6;CsIgsUu$
zFBKDtz4T@lJnOgBFYmd4qm+eYD!`8~@g*`O^@K56-X@a}jTv(BVp?{S_}3z)F5(OO
z8UI<OoVC&p-X7d3d!_W!%jd_2+G-*sy!B=rM|e`m-Z0bticc&5JP{nM4!0qjo%6$N
zY6QH_{Pn5f&ZbEElp9zUtj+<wi}AX&v=cN`T+;`2QPn3I$UT=#%0C^UebJKjS4++O
zCRrcf@JGKg?Hi<S(Vo=UXfu?aMKSX%n)60R^F-WRx=ADdmy@LN*P&7DbDe@h1yxM#
ziT7Ja<<5RJz%KWXc@`L{#t`6nTX>f1nlOmV)PwMhD4*C)b#5Q6JL~5g(#vmqZE|Gv
z6d*ZUW%_*a&{N)WrLL|-;KIY&UbX0phEwSW3PZK@OiWE>zXYmIE`8dQplZH!%tfTC
z&s54)sJYQx@Wdk)n(#jD1o>t$d69w#`4u$Q#bQh95pst*ZcPpc?QnD%__L!Ha>(&p
zr^L4YqVF9JZ2qk=$(0#0CYRrQuWkI7S%A#5nZu3cEnFJOAL>T(<}8K(u<pC9zgX!y
znd_hsIZZxa-`2LFs^L{nn)T#`c)Q5CF{vZTqh8rEYB9V#l3V0M27Fh)h2q+W4%4fF
z=C{2>BQ=};Xg^@2wX`tz7CCS&%zI{i`G4{D)?rnxUHd4A0xGE>9g2tof~a&$DheVc
z4I+ZHbcdic2og#Q3P^Xuq67f}0qIzPbS=8$jOl*g^ZP#E?>pBy|D5aE*LH7NtU2d1
zpJ&8<-(w8vtjqT|Yg$atL2Gy9A@OBvHSb4wU{abI1L$KpqR*=j%6;2mS29Z8*cvkJ
z&+X4h%~4YQj8ZSU=gM-;zQEXQOk3x2ND8lHrgY3tkJ$A=6G~xvs*i!niyEz7L1LZV
zvQUa9`Q@=YbXt1zY`<P*?@V%oV%eVMq}t0Xj3Yl+pDOQT+ldW8A#2NRi7mk=JbtY`
zXImHTw5wH9_JhB7YQQlkC@-YJq7`)4(Bf74B`Fyk>r;I|e9EyWoiUe~<-EP_o{p%P
zARKrOemUzfe$i&k7B`wAz>Z5HK_HN`CXRJw2mYOrp|Ceod_RgxtHuY*anW8bYTDmA
z2KFZ{-)^kq$+5R{<2M$deYtp<XkbMr2fwP+yia3^PV}-)dj<!0fU@vIiBKGtf0esg
zo>7IR2oY9sajE2S7L1W%9b4KdH7!=WzB3=&Q~?1d)r6u%O1kL-=ZhCoKL?;QEq~iR
z(5Nt`w0vo<bab;Eo&Bb5T9uAB+^sFbGzUHvp4P5t#~Awg;l+i*nv%$sd%w!=PY!_P
zP9I_|TJbvj%70R%hbCEtX#oq9ZU@y^?Kx(gj%$;VCMJtnOJ6d&-0DIIPv;O97Zo8x
zI-1|eVO5!?KX86;qI{*=0}dL0;*;Y`z|%L51etwEzV>W>UFh@YFDMxBK5gx9*d7rv
zEn?_0G#tfTyk2S5_Mz2P@p!Za>}uW8<{4}h-s#-JGA$03>SNfb&;0q&Q13U~syuxb
zUF9L8UcT%0G5J~mIzqLEHBDO`_2k@^3$gtV*>1ekmTX~ZH~a5fzHlZeVMw!ioVAhp
zKImy!Y_9sraOFu-hOoW;{;4i$)Qe@@UV@m|fYS5?n+*zf(mVQl?yB1**!t63XVcu7
z&(D^p38`K^xOU|n<P4=+61xVJw6p{jMA_hE7H^T&nDbO-Jh>uDfHu4<qo9D%bnBe9
z_9duMV-WnZ@ag7;qY#GdaRiParheJp_o$SZfDb2!{PKC*QJie-(f)o0Tl2Zcvm55Q
zJyr!nW?;$Pm!AK`e_lNJlXS`fV_)e#a~21uBMFtcvXbDbl*S+LwP79Fe23kMIP6JT
z&jyjq@$ldvx$RqjFYGj3;%)Fvz5A-0uON~8^yLe8@>hDM_-+2D?y{So>>PHCqsskX
zuQ>|EY<<zQQ^;PAZ-1fIJ33-fN~yTTam6Xs!OjjZTa<_*w3+EeTY$2zE^20|5>sG#
zGc4j|kqC{ff`a8wqi0DjVpIgi=BC8EqmRC6O5#zfCoK;3^w4ZNn~r)wfVz(<bFWq%
z5rrcRW($Yt*ij9@jmx5UwB-DJG@F(d7d;jYa5D>iOq$O(@nSrN?LEbyu|qc6<!a}(
z>`s$u!kXo)pF*fw3SMQKFJo^UiS?HiXKQnBmG&9=whjNvef}xI1@7v~6_Bu>C_^!X
zv9Tkq6<v%%%a=Aa{eT$!hPgG_f*&NpHvESFmUbPfor&?1=<Dz2l>RkZrnuv!Bz?lH
z8cV47``YET%)4eI%CE1sK?>akZs>5}KIrO_iTx0%8#g~~NK(p-2sg~O0zdjDv)|-r
zclUn&dx?Mb6Wr`uVBqm%7Ifw2ElmP9>|I9|m5`vLOfM7!7H2@cBwES!A}MLG7$W3*
z_+Oh4N+$jf0=rJo^Zq@;(C9x!cXM~XdEUbL@16BFKmMn#Z~q||;}6eU|6Ybaf4Zgq
zr^-!4>HnA8+qDz>@V_<;{HK?o$hT$f5jPlYE0`$xZ*}9JKa&-@@*tC^@5CFtQuo&*
z1xu0worG)b<vDD1-ahUzw!z<;$E)Yq7?)^vRrVh<y=J1~TB5mbVX+MB^?xfdk^hj6
z^OMHMBWgNDPdvWuDAIb3L6=Q-WTY=Rhn~&Mp5?FgzWYoPI-HXGsZ`C_qsD|795?8B
zmG`G^q?m_@^Wnaw{7X7XdKq4XvbbugCf5VC)80oo^&HVIPfPW%fqKi94He*9TElA3
z)}C9)uV10`X_&9~w80PYy8PFJ%oSeR#@8o3t$Nx++k#gs_k`~5yG8oco5t@3vSoc`
z=osDUXe~^Z@2Q18;x;TY(8E`aegBu%bKmR@If?s4{O$DDg%TY7u_p}HPQ1}o<toGD
z?-sLp&_{kpC=s2cqV(4d^u#e50$sfZZ+cgJ;Ja`-E)(!+|Ht;cS>>5G%=9|XI~ONc
zBBvjFxIY$uoTwZsaW-{$(Z31($Mbp3y>oc$UX~8ikgP0~)W2}3&mq7c#)Gdm{OcWv
z$myT)smAXA#LMJ>=X-0Mwz1apB2EXaXdIZw`Uy%;gW9h{OCetRgRVP^Rs@crdjf>k
z8n}4m^R(-@p}IT{NrjaRs<93}c@p_=t<-V}9q4QJ2l~DK+nY8XfHkluBC1=lt+#Nf
zf5G6{%j4;uN#~|2xW8{cS2)x)Y`J0KR>FI7Qp59&E8^u`>5zUgVJ&=cbj4?M-p9rY
zpHs&!DZ7wD6$a1{LD@@lZS0K{rnC4buO_-(s%Rw>6TPrmEJm^#deTn7_`}FQkEN^s
z9K<d`;8B?t$|N_PRvm@PPLk;DN-^$BpMQFI_P(G|Y-UdG)O`xouI5;yZbx$qD-vpI
z3<4GVKL>k#w>xx-9JZ6QQz(|{gpDzC;=_yC)hT$(@eNgbE2xxam!<ysIoJ4-oE#Bb
zyPZ#!xeRcB3Bs0AnlcRgSwsVL-c|$z^&+=6uQ48`pQR6F$+{Tz{G(S&FN^Qdy|PgY
z@X-6_FnZ$G;aEt4wX5!9vOX@I8k2jFgaC*GQC*q!bc`bgf?W4zk;CEqcL(gF`FN@6
z{y%Aw^KG5zadG1&tDBk?!fr7mUA=v7d^L7GRIcK^HQpF*=mZ}E1MSyM=c0Td>^4K&
z)bs&ZvJcV4d{f>(UljgcD5f?WthiWdkCAz_{0RJhJ4VQ9pTNN2$L?&R?__aE2gk$2
zkDyL}ZMg6wX;xHuKQlDG9wJXr7}m&t45r{b<se{HJ~Hrl_o8&LKePo1j$<yj;-j5B
zI`5$a0q!Y~twHGgt6%h78AE3KTPO8ExB*HUgQodAv&tCLc!li6%^WR`Qoa>PTVejo
zYej=+*jOi;mDnz=Y`)7+B_$J+f9&y3mQzD2(>_E9FHfh+14&-LF{s$%{#y&ca^`Ra
z)^BYTa-w%(<@gZ4o?7LEMw2DObl5vz$SjUy`9<-1j9%cna(cAyC(Uo${eGeSG~O$O
zPBa)Y--aO;Qbk52s0@!<*>Se9IsYP!(-R&CZYST>u;zPogi|);pYXS}hEl@*(mbWZ
z!JwNP59CaPZ0jAoQZ^555YKCv^Nf@!@;<!b>QOXwJx3=K#uVXZ&(?5G(D%o^3lem|
z98~8VR)+?28MG7##R)rHUi$5;nR<2#dOyj=Ctw591<M<;JhY>FKt-hDo0<PyeN0AB
zgfNuOaQgd^#d5Q}^y5U6*v^0vSHL16n%rY-cG*oQy?Ha6!BzC)<OT1N%QbE8-cHen
zucRzQphxJT4zYb`XZ!c2{NHIuI!J2KyKpLq`r>&YT^BY9pkD9x)LNvSy%XEW?i~OF
z03(6xq8BjEniKRpyZ(2+x9aSBJ&}@349q)K&mb6vS(r!NG+v&Q(naCeH^V8+F5xxB
z_XSe}u?DBOesmkmX#&1csmx}lW&p$(cTsBaX5a9$H3&#QTzdXPH}CWg!>^R*ayNjk
zT0$ikoI?^D0|#4MlNHS7#|;F&6tN+Kpqu2PAeCti=V>g+JnI2AsA<;>gx$VoKBhq_
z9SYqv7_s!=X&(B?Nt!R;gkJ(_!gXogeo-@|$K3k3KBSIfumPVx=QtM=V*UkbAS8QV
zu33S3c(tM83Y;%LUd`1d^ei^25F%69)^JC?Y`4bD>UaZHlRiyw*+(rS%EH3J^H^5f
zBWGZ=;M<2MFc__|*cDbC$$x@pT93@wM$bUP0<YeehIio>Pg4-LDKFM4E~4v1nXyS2
z{JyA|u82Eo2)|H;{o9u?UFgr?w0&Q~%biB)a0dQJI-~k{x^}rd>MoF-6xlruk&xW{
z`rt!&0DRYY$LPWC?|SB}@9ltS`6sPH?)h#r)f0V_omD*C5O-yyIusH}|E9pVZxKx=
z+~H%Vagt}xSWHDY4JT$$XO*4+y_A8)gSEN64atvp>TophNCLWNloZv^Kz6CW{NC@o
z8h|12{sDH8Aq>vg0egWYNu>)b<K5Glkd3o1JkF@v&Ru*OsSESFq!LjondkK&55yxn
zep^vdIiOs127XsAI=5y^1T*Ra+VxEX&~$-C;Bz>>GGeiV_eiO%xtAtcQOTtTV+Z0*
z!~~61;DGIF#qq5dI3AuMOzVsT5lk{{4~yPW@!n6+o-J9iY;D$Whnv=Zc`WqTJQc(A
zz+KmKfe&u+G94JOFr_OLx68n&vDt5I3`>r1%%2$zjuF=|z-fYoc<Y9$tCAahX(7$y
zK3LO++0xr_gxni4%l+zvgHdY0!J6KPa;B_oYkxjL^HOqO<9Qy7D(K*_<kaQH#^TVf
zVI8s({cIJ|wtt7TI+&D{#C>y<JZ7j8oR)9z%4P_OJ;5jROb{O<K~-W>p4MQvw_^?b
zRsigHF1HugGKkayH!od^)H{C7jI2;g&rFil?@j=_whwB0Um$>!@k{fIxd0Tvz+_IW
z+6qEZX(3i4ObyOJfnD0}PECOB+P7#WY)2OqWbaUNiiIU1Ap!Vy9JGD%EZymcyAQ;4
zv}pvr-hz?604ikA8^h@VF^RDyW>rpNzQY<~?PT9PR~;dGVjhr^f}K2t%R7y03t%4h
z1SGP^=AbuM@eN6?IVRN@9)kZ*uKg5wd_cVL>aY=jX29Iwie*|BsG~#oZQ_wCJ5AS;
zbjQNoVL68=CP?WcEg%utJz8SO=pPyuM1(Ba)yz7D594n*cfE}7d<>Wbv-%6b)VKuQ
zu#x3~*go%-(pfCK>Du3Gdb;0oKX9|0|F~ge^?N1_ZIB?s0J9Mh>@p8{bZ{Ihksq3x
zSYYRQMikkSos^Nw&&D1~c0?Psw>;SzS(;y#T2s&r6EY`KotjDc`c<mR;h;nKIj2?#
zRpE@j0`#sggxgvL%W+j9);oE!eQthlm7K^~6!LbM7J8J?AC>!~8H_L1C!G2k^6?J?
zE!Ri$S@g;gYz}$yQ41CK^Nud=x!>FINZgOvI_dLm%bic(AIxzBgQZe|5lwHdkBfv<
zNNmNyR7(9Sn+w=C(x|U@q;f6yc*Db^Lg3B#(a)1dsv!ANaKtxJbHYLX;45lwOJv|#
z#8kJRC`NTv=z5MjeOf<mY1PS~UQ3Onz<q#2A{2V{T=UBMIj~p=mdMao{Zafr5t*pd
z{==&6^iPVXJx@&+gY{o)D=8p;Z?*rtC0^5Qaqi3_&jcj$Se{?nHhuyGQ&swDm4z!-
zCTV@NP3=*JK=|QE<i;QzC}g93;9h{!c&J=J$gKGQ9AOB=4L`ew-jbK^!8Nm6CA@`u
zG>3<{I8C`SAPnfgQK$$v4%>0nro|pG1}4ibV)yv#Sj#*C0NSlphV_)CWYK=@xwG0<
za$7}x8!Y>W_!=x&kbG!GOZr2*Vnk5D0q{x0A*ki{o<7u!=%hgOh1ujJ+eg)q(*ur5
z_A&&(lBL22^r3hlbmHA#?hI5z8aCKRKi;VYr;of&K!GMzl<r`S*Vdtx&2Pi$0MysV
zH}qG3&$RU?+h%&WJ%hmj6*zuU<RnD)X45XMx5eb-*k)cl548Va)R|xa)&aKt(XqR;
z2e8Ji=$`=FCReAg*Irf`z3S2K+*@4^U@MA>;Pt3cC^fY=J>KJf{@2ry*2lK{Kb#;;
z@~`R@O-d`Jpy7=K)Dw3*Lalz<xd;2|)8X`7v7I7-tpSl)6XY0G&v6=i9cixA-L05s
z@xJV28Z{AmJ{quaY}IKBzuV1G*)TCgk_q5x)ohMcLFuF_fsv!#3I_~!RQA(1Q!j0-
z_J8n0o42RsLgAY);~BCAbdxH?G&K=?vEjDewFf+w%~|~F4Hrm4{NuAK5)bzG^Q&zg
zzJI|z)jMdoUY%*@<~iQ!{kZeH-tvQ1^us))Q;DRd!SmBT3@Aw@IbP=jy1bz{2weSd
zq*OX*m2Iq&Uop1`_pWb{$}F&3>(+(+9<eguohVn5$$IgP6f+!;tL~9+!Ga@^P-AYl
z@|jdIdhWY`P)SKW1GDEBr~t*U@={>x_^dZ28$Bdu4r#lLwGMx)!j8_^`Q3hr>|_ot
z_;bQa@7IT?v|qRB@3h>;f$i(RW6mQ8$H=2Uoz2#Ibv@C8J~<^tDd>3sV8dX=u*6g-
z&w@m1tP+C-(DyT?wM)nui7tN1&6-hj9L7pX#(vali>}<ky76*8<Llz7<urIn9y(R0
zz+rdo7NtC-BiVKo0v~gfns!_{ld8*DsW*CUO*?yos>RNk=8NDq!UL=vO5NoxO+Uxh
z+A2QLl!)*oti<$}n8sb%@+C2H;7{POt)}MAvj0#&TYZ@tc56F~;-yLEGUyY6E^_+!
zw36reY+&(Vv0P(IRexNw8Xvc`D%U~`#sdw33?e!y_~W7CMg3Ai;F_Q*tz_N)Gup2r
z*vO4in#;>J!CU2n*64uW@-KH9U41<Lq{d^(UZxRy0^tG*%`9uJ8@#+xbr30GowQC&
zv-LMd9R1_`!@$u&z_`D^uksS&$Y5Cq*f78+0601!yLI-%#qe*k(-5?StUuY-Xm2sB
zeGL5_tl`qA2T5TM1@czF_QQkx1Dt9e&P0gccXoh5pBo+2*5f3w-60VEIj}3a;ojAH
zo|g=%xu6C?y;xnvBY0#X_jTnvoCHz0*+SvhY1cs9X}{b6Nq|13unvej^&hZ8EGw=(
zs*MVJQ{x0^UmcJXRVN5j;7`<9w~I^PezxV={1>t5%9<K?6}qo5iTTl^F;{yy)w{(D
z_>=9Ie#q-$VNDKxDBZ_f8meZ1Km>{24HxCfvN%<Halm>diX2fuRf@S7+5rpHT8-dn
zpP2<w0jJWG;fi^vTtoM@c<B0+8*9%8NFokc-K7AXeOfvpgJs!@%^X{r0udz=caFK?
zHI~zGU%T{0uq_NOhxzd&muA^pST~}Xuoz>7QxDp4xO|&hj+An0*M3%ap;712!eUK*
zIUelMWC(Z*XP)cBm3d<6U<DCAUcK?S%<3!{IER}XswbZCJ|Dw`HgJ33h_5hafiC1W
z;vd$^!C1$=-e>xG4xb{6^DX2g+bV|v^}(VpM$MU(fxlTg{BG+gSmqi_;CQM%YRASi
zFdj9k3&BZWq^(<ju*VxOAdG`jrSpPcgtyOTy^-&L#)j^JbL`2zJQ-w532+vYam*oN
zK&ih2N7VWAC&>lW18>8Hhstz0O;uUnZb?0ogc__}8lV=DX{m6gZ?Rm(S+%zh;?;at
zIHlQ@O2wK><RJP0SS%n5?~N@m<bfjqrU6k%f>Um{cDg#>BOqG0;OZ4JZ%cFqSPVFv
z@MVaR*y;%3Bfy@3M`|GBCPgJ4F^w+;)ES@gnRZcI+&2~`E=mZi8;V4h+7i&3>ra@j
zFdpWuG3ylDekw(KxmRA?_7aE08%)?73?FBrV?ONdZ(tx%MU<U@%_GWAD8v9|C-6Q0
zC_A^dpo`qyeq<n81EBvV%M*|)<Xz!qfLgIy=;Q{$4BxBuoxC1hh?U`qYzj-8)xgOg
zr55OXDD1Xe#tUus-a8+Kq=NyB+wc`=fwS<u`@tI3kOLX-CO~8Zd5ok&XerAlt@|U|
zI-k_J6hWL(Zwe_GlD7bh17g6t{oVKx?t>Y<XC?)3S&dmA`N@%;c~zb^@S8>9ThWu9
z6=AWCa4k5;0Rg<3H7-E4Dkep%z<U{>yo0s8LA7G%tXb3Z>C8E#ks>4=f3`~oBTv`C
zuf9GGYGZ1eL_fQh60^}8(yva9*$qsipMcF-@6V#ZKyzvu*ozWy1YwI)q^!huh;uRb
z22$k0(<l3yD=6eXUDUD|u&Er)8>X|Y-X?N$KBdAj&Fyu(H>>~MGmrl=6*%#6@bb^H
zcfq3uR@nfDMMiFUsd{wU$b}Dk;_;p(<YI^RQ+#j=0=7`Vz9QUbQ?P(a#WXWDgr*3!
zmC)(wyq^czM1~@t{467~y<w!YV$?etF3v+IDrX7X&uMXYmFWZm;CM?7rvBb4pw!rr
z%d2`^;}K!XnE){{Az>)@M!nw4pRG*(_rjtzURq*Ec4DpR#zR8nxyXwkuZO&)@vbYl
zE<bACv%p3m*aE;3+kMz%ci6hV7qOzS01e<4O@U}ZwPqum$$YRvDTohu><8A?<Tp03
zgZ>>Io(^9b4V%Rw>@8cJHEcJk81c)dZ7Bls6bUQtwm9V@Do;zKAFO182l$4t7p22D
zrMn0T2`@u%SOeTzoZvLRFxYn>yQMewl7%eN-5`<1t*SfY)cVV+4TxX10|=?zx9oI3
ztw0xiGN(Q`kbt#(W1!%uo3?HMQ!k&$k5^0cc`LiEQi}taV3SAF0Irjg^da)^bjVyG
zxjN)tgqR|wv{Yfk^7916l6#bgL~B?)@J<Lp+=Y#q@9{vGd&CcH6ebt6TGnEXA7!7Z
z=qw7sk-S7=;UZj7<%+>Zw#IVd;Q8pl{b1GM^zc4m!qbUEe9D8WNE=3Di&7d0LKW@i
z(sya5>`^l_msIq$`I&9_ob31x*0vx{>`nJ@8vhPi8O%EiL*||BCa7f_jFl<kRbSTl
z5poL<$P&-I9)7<9?E}axb!_jd9^b6{juR9SD^xMW%SgMlf7*rKSeVJXnC(U=jR_jy
zQN_>FFpVp*DcZ4j<jt6fpqahpt$`IvNz~ROF-m+<Ms_@JbaO-(?9L?c8jw{yi;;w@
zDc4NdSxyH$)mQXK4{-tnAuh8kKud%~GGJt5QvA;MQ5f{aW#x6dL*|bnt%B_$d&v4|
zs~lWCU{%S^%LlKo0Fsiq;Pv4avkJHQryl<69l_nelq=qX7)jAHf}z#ZVV@<t_*De<
zM0oo!yn{gByW@nvOoEBvpnrjc9}Wok+_zbby`pBd5Fx5?ZU#mlBZd%x(;#j~Fc5G>
zDsC8v&XL#qYpv-Kv+RfPb7BXsZ(ZWYRQZ7QTfK=!uL~!Du7N;~+V37epnYJrl}0^+
zgB5OZn&xNx4hkP5$&N`@D9N4d_uMI@efVB53*g5|cm~C@0>Ds%q5-nR4=6qV^sH_V
z-6YS|EtI9BOx=LlWt@80L%>Y}T9Wr%J;Cus%k<lzA5y^Yg~B0J>0GutRsZQ<{Sui4
zs0^QT)PoH}z`D=F%k~J;14u;RpMHr=UT)+lT(h#Uo~$^k-z_~xlTPvtP&V=m_(85G
zOW(UL0!AD2uk(D$P7i_!?=RT+2{ISnJjtt}g!_PC{~2)1NS;1!Mgt~-1Iz-vKG_5w
zJWt+SI__(#59>0`mQupZA??$JJ}0UWEbn!chC~1eh)|E)G!VXZ93K1X9#=hAr|)ys
zy?!iwnS(S<KC#y|mCZZ7z&DgyDs2j4?Zbs3Py0WIc<-=A#X%+l$JyCAA2I=0x`53V
zrdU`t6&l0|UPrr#{huQoCAgryyJ0P981pzWvZb)_OpN)%OAGYxWUN{d5D}aT7M5rh
z+r9l0H<-on$prnbh3-W}ArqO!p?cAKV>-=Dk<(QlNrUdNy3*FYHe9!q9h`B1MEn(l
zTl{Sr!^&-azz+d-dIMXP?{JvwN6h;-u)%QXGxgl^(QcO(_`**67^3L-L&|oqu3>;1
z+vTy$9+1f^QDn|`p~j~tAyO&Xif6V4kPy-g{145b(D@LcOJx;&H<zd+QOu*zIu%t{
zCr<i{pjVpIV!x;(6yww@Ff(?9chq4BTBIasrFZSr7a&wVLbMiNxq~Ezn{VgxQiG1m
zpI18e6_+~rmFPo1YYh4jQq&Enq^%%=zMRj9kwY?$Fltil3EyDOwSsb-(Q2Nj%N_mL
z6M!VjT=++x;UaL&i7*pve|`&bVSVxiSn&)IORx!9no}-8>NW*>^0M15p1M_=(I!{T
zAPv9FhQfNRw76_%zfk17x$>!@HzTYKOcLxFiGZ+-;Rg=lmVT;R%DA3@QfDx(fE5DY
z=D3$}e~aI#;_9BIh3g@ir^8g<;kz+K)g1n<jDmV)x21@T9q#dXYiE~v3xNOjv(Yr{
zN2QpNhH4k$MwB)O2K~o89BJ)t6rlH$tygzpQ<tsx+pQ&NDQ;<ZPETiEQ^9c84tp!C
zwCC7~G?dF@uEcrfjYw>%j?#f*R9bJJL_jB(t<2#>+!jhO0+hgWXQ@|W1CSNaSutu6
z=Fs$wMISD|HU`F@mI$vS9tDl&se$MHqZ(~ADV_w70{oZi);N^IHMVP(B54PyYsyKD
z81@9>?6^a0Ta7<jmW%6L)NxORP);>?Zg=_nE0m{I`k@*T3@5b*^b>?+qX!3$hsxw6
zB6j;(l)*-YgRizU9{p_Uv6<zB0AHC&6!J0Puyx-=VNdL&eJLi4#3M#g6=%Leoo+in
zeITPgLj@4CvGMh+s-L`s1$s_b6>qJ7{{oS$A{^f{i-AB}B+NN(fEPu5(FVfiV(>s~
zRo}8blJKTwvOsmCIVS7UI{VXtctaOtPhnxMkHggib|5#B0)wuF_~UH#N^!f+7SoQg
zau?Ah&%C}n!jG9sT;l*DdbaQqE#DFLkShD(@9YY}Nz4I{<xR*B4mUa_5T-sa{i^X#
z9;YGNr5m}wTx+g}(zMhVdbO$=xt|~f&><Z;eu&~~(S?3mFCr^vg#%#F2`j#PV>qo{
zhMv5XSI|b*wR?ax91h*V^4l0peTwF_aSt(O`iVH)@6*;yV`g3;Hvva-sVm6kuF&gV
z@~M|UBT@6<(;B(a+B#l<U?F)#%3Eo;2TAD}=-;jM^GoH_$D)WG_4MDMldD^A1woC5
zdCCKgox3DLjI<eMiw6fWfS<rNmLmI(oKjxKLsT(Mp6hfhN__?2`k<rw-SoOuPnw;(
zD`-TyaN^~vFAM02@jb4&R+`VcNNlY^M0@z?M=GO-Dhm~k2yw)fkGD1M*NA9z;$#~=
z&$DNqe#L}Hr1<`ErxcD|BVH@?Z2RW&1GMmuw<S4=d;tM6u{g&pdw7)zZ2E7=$Lk?!
zhe!|Ev9+<>K07OdSe2t*x+R!(d4mf{k0T%@K>Q4-4!cH2y<y<#T2jk*t<!)x8(Ub^
zL1c??RN*(jU{x`FboEZ~bhxPnz%3G@AAyPj3oDB!cBk6hFmG^a*HH7LiF0H|LoZ~M
zTIJS{TovRCg^F7u+4_G%(NsCrAa=iL&G8N)DS>WSEHPYx?}^(ff88&Tw7y!}eF?gs
zuc;AhUkLDbHn(9nBWVewU@{>It2*!ZWk6}t2)xQGx1w&{ib7BX`e@oYAYa@aKMfZw
zDk|DvHfqXpf^-MbP<C~92LN~U4GpcOKp2i0dIAaui1L-s__Gqz)`L0%+Y!?SH-)4X
zk^QC{E!Ek@9e>dN`m^{rV`HB-3NEF<38IVF26s-~6)`Ponfayok+O*v2QNU?a;JT!
z(cS*<Q4O%dKy#4Z8U&&(x#`ip(dEjy`Q<kdasyQ+{xJU9Nh-ns<a50cI@sX{g?cc+
zmx#n~bfq>(edArV6+bj&LVoiP&o?%f=#?6qa*_&s;q}2PIxr;Z9s{1??PFUxQ$(WB
zM0k%@Mc#ngLTupo8siwud#&K+b~0*1zz0Yn^zLartL647MjSqYBaJr9-4POn0EelU
z1t9~ftKA?&0H{x_moWo^&IK#(xDIh-IuNWl0KQo~G|*HK2k;GG8*u6w5D*UtntC9f
zAvOa=T__HoM^BY*(fU0nw;!pgm+p$VpMxDyzCrOPs>hFlSl~)$R0=z)ReTaQ1FSDH
z^8=td<ak5Ci_kLvv`eI`65C>+Rv)q8?LNWKAV@#p*f3I~-clw6Zs#!om{^vch%taJ
z_q3I5Y)GnSTc%Oy$|8!ck`pVF6mj|e0^0n=f%FS1q^P~Uz4h^Yyv92>#exUmItaE2
z(D1LmF{B82ZzDRRlR!qy5mZ+{fN}$K9TTIW7Z5{v8+5uiy%IQE|5151Xh3i5grfsm
z*n0@inE0Rs+b;_dg*^b@j&y5;?P_alI|<A$lA^S!W}WhUw*#zJK*9SF`A>0*#`m-!
zgTEg{jr(i)4B#o3X0m*GUtEmem`aL=!md`Vb%8G+qJiba@V=+2_CSKy`*Lc%OjDk2
zkcBDsyMoA-Af?&B!Rd@AulKnrq5Bpt=eUcVfVBlu!2Hdpkd!Q&(`{_Pv6~hLv%Vbd
z5nJ`VMIwX=Tf7D2EL0R+Z#@S*o-e@^LOn3Itv43?U(M|s3Js4-fb<QvU*q8!IZ3gn
znOgMsA$}lE>R>1i8SLu1F_aHZq$JXLSnt#sA59IU6Y2G*x<MePDk>_`Z@G<Gcek&^
z0Y%dr8jq$zqcIdSfPsKi)tMCf^H{^ifsT)`u6Y&>p~-Yw^V-ln_CHLRyja=SQNeoy
zGjx~DYzUIk0;>XyBd0@~FRF^|0^B+#M_tUS370r;qk50Ush<l%TgeGs4y@Lmt5njV
zYQe0LE!7RKyyf+vKg!U!qYpS!2De*eb(|rbTD+08C5XoJExeJK`t5^+1*!6uo)YY_
zuG000D<DkO%{8kPOqR9uYx>$_q+d9Q_&(jVA5B2z02a#&-e}6bRJHegUo_H9u}=qV
zS>y|Ju|vcC6F3HKYBPcT)u!2T#AS()Lp@FHAWIAmRCtnYnGZ3-D|41c<_uOh2zj4Y
z2q`SFfV+`jmuD!*R@Q#k{a@9e6sG-Pmu&A^>&MTzz3(Ucbzd5Qa2K5VTqD{6oeIsv
zF_~b0@@jo;4vK<;=m3m5G&P-FEbfQIT;-8A3-2xLTA)GwFmP@z1-HZLXoP{u#>l{A
zOC=Fa!jxtvCYvy5uE_t6bWWZ6J_x<XTw42)a5^<YBT|=9fc8!7$u;-LYp3cVC71GM
zOd`V9%vQas{vsV_CF3eO35Yuh=K~L<j3V7rZ}VI|=m!sh2sv|lL5`Tb#xihp>U8IM
zO^spYozSWTS`s17Uk@bmgu-Rz00(*A(Yfa0hR98SXU0hWTMIx~2SoxIE0zC?5>)8%
zO5+t!B+|q3fn>J$-0#WvjfF~?t}F@)9HKbW^4}l^07J@U?gV+2lXj<G=O&;T2f_-b
zrk4If8qh9CxoQw&*>95ac%_Fo7^EZtx9h=^EA~fhUc376J~>Jaon#I`6Fxqk%fF%v
zYhUL*LE!z;1>VU#Nj<xzt_xoLvdPHRS4$9_DVvjP?9>9-`YI7Pz+{QnW=4ZLb62;F
z?G0V(0Dw{M34US7sS<ohXm7@7MI}bm{e9U0SW;kuze->3IY_HYjNE!67SHf~C-w;t
z>|K|!S3?H2j)HQ9rz72WKK8weunW<1`eJ!(3m^nA2S8^`WglaE+7G95X1i#xIN`aU
zzF;w^I;cZ=Jv0*Mji<vq(Bb=gx?FWC?sIn~2Mou<2BH*551%O)snST5&7X%LW6@Qk
zS;*ly`8%q)>4W}9fu3ACC410jggLaDr>s|ev$j&#;mHR+@kyGIUuOvQMK*z^I6)7f
zmnl~h&awci=~k40r_m{!ZO^<{7Pb`Ycbygi^OEWW@0DdX!@&D($Ot-Cj(K5(cKlBg
zTs%DQ9Ers>$DaZOZ!BZmb21{nM~aot4h+xD&l4Vf!UDGm05`X&5)!ogmi+j=R;47S
z=#GUtUph>;jTX5z4oXryPtShgpVU90)>XX!Es>oFdRu^y1;i;{*t5;@xWQuJ#p%S|
zcPvT;jS~QmAlR>5SXntc(Di+uATHWPC_%r)#V?{rK<WnJf0cuxhn%3;AY*H3t|82&
z{h+%7{8xQV&2f?`6K)%%u$Q0G-@i*6k&@<jWn#_o?xI}XLW0J$Ao3KI(4>*;cVDI7
z)W@;jUb>=VJ}n{o&<{7+o@jJNJB*e_K?Q(DBH`z>G~PKqAF&<Jf;v=jw(z(EFS#Wt
zo!)b=98*Lqx|nTu@-h;8t_O6N4EAp060}Bq?wLpki3v|LnHB~wPm1YWwm+D@XsL8^
zu883alq9s<T+Gs<f4ToUK2glBMz8tw6~Sm>VXriNH4dq(g@}6QsK(=bm<aK6jpYZJ
z3Xp;7GF@dnr0t9)Q<5Hz&l^Oa_OTRo-AcsA_W<u3ijyO;aiiRJj};*@AQ%7{c5*3M
z8vDPrg~=zZ*`#`~^iRVU<Kvf_f-8vQZX-Y2&!tktp2%5ohp}uI<42)zjhpZPvlJAO
zdy+)~L0@w+$De?5hQg<IQiz>91pd2pQ}W~t6AR<W6e0eOCf<Jt2lXX^2-`j5gZFng
z#?G<t`1ri1iST!}h|@vs{+B>;bB_`p;m>x}$NT$dP6v9}6CgQww#X@nW8t#HK$f@&
z9lSGBXD0YQ*ZzmTGI0cdVrWPcFpf)G#58Zs6Kg=9Hrn#n=iIhM$~|vk(PoSAXNmtu
z-^r`{Ng%r|$Yx(!&dfC$Kl!FW6(aGsD3+<41!Q|kH(k1{0m%}i_5HgorSxY7>()6C
zs`$n884f^hpEhykuZO!k>1vHVF+qfj^S4&<`{w<u%T>9PYHQ_i6!Z!Iw@)~n)J^b7
zK8A;kHTcQN=sG*WHsbc{>T%ouKJWUEd^NFtn`1>}zcDq)odIHM8=t?Vw-(aMVqi)3
zuQ8e#{Vja7WMX1Gyly2{hF(xU<0Gv1_s<y+Q&h_dv*iE&i3@C=!&VxSlA*Z2AK35K
zl~eW42q#wDH;3c$2EFlo{QsK}QiOtum2qSgT9M!rgK#qOZ>=bMFf`zSZcpy8bw|1I
zD}O%{+wEw$_8+R$J8+pTfKHOX(gAcrN>WlygzvER6b@s#`(JAyEe)ZNI+tNl!#pAW
za9l2Ue=N_xubUO*=egR@q~<s{G64ZobXpMo-)dbEQ&<o!^zOObn985SM!xML=}#pF
z{5$Y*>OHi|Hf!F?ZK^}+KiSkS0Bw;tA>=mWIcS!LmY-dI(`$}aC*s0Tlh%6}*Zbl?
z>;}>p^Gar~KyrxOrfwrl<A%IY3#AhX*>`9>*?yy2*7n1alnY%}GyoF4MWEg8Hwo^7
z`^)kJcvWx~mLG`?c(0zS2m8XO;buM1GiP53dE{Jayr75ThKpcp>zbRm;?rh8cg}+2
zg?8^y3^m>wX*yYrGPT&JJ6N@BzPC~c(g4U!??IdfbUz4Q19qSw3#s-2Fa(4l$!lv$
zYhw_RLGTIK5kj{?sf6P4&gMrOfLoAaHJ!f6cW<7?wuc~c79blD>XEyccfz{-E^1?H
z{ti-b2T5{3zkopHEl>ji>jnx4?}U@b^Zf#x4>bBE7loPsCuyWyw&`73L>jsMKS?9E
z96=fx^S?+V|DWWLmwWy<HDu%fw2@+RnOM);zHey>xFFE(uym)7f<{*mIUVG2I#rIK
zb8962a4)$uy6`Fmuy*dbyu77)0Nz4yfS4;Jc6Gh~u|EcCPvCF0h@PyZhBYtS8^9b1
z=t=h#aB+zL##?p!(JvFh)$&^WB2+quX2|A21VIQMw>H`PM<&J%X*S5-+;iDHFd#{N
zTEI>Wd>sD4?nKnfd+Go^2ef85j1dQ$!OI4ETLaZ^1a*wSfTp+Fd~#izRvxL`8F#z7
z@&2Zq2&h_NoCz>BmxpzH8?0uI!ltDDQCI4G?<7>)kBQZUlCrhznuFaIC3t0cuADaR
zL{Jx~wH4FDj}Oo6+36EA6q{UaV-_@+JIX@>{bUM+HzdyOl+`7;NJ`d7ON;HkycnbD
z^3&9=76jK^w@x3_l4J$kNNI>?ugJ|ksXqNin}ZkDw6|G)0-o#H;>t?bAwohz>PE0g
z$(8>ek^YT%JPrjg1n`FZlYmxM1hNPj?dtkkj_QHFT#y)o_ye-ddl2Vk?bVQAf$STp
zzyNgjCT!hrrB0@Z+l4e0%M(J&TYzeV5)6LH38(`~H|>)=Y>01Ly?qtozd#fi7FK@U
zSO5x<kUme$H|azp%^HXo1K_Yg-d|Vfk%)KL5mQV9f*ZJ_Ui^=ag=f(08eX6>gjx#<
zfJi#}h0h@E*%HRa-XS|0UMT{kLG(1m-Q}!sgUN;zIY`I)IG~q6)CI@-65nm87N`mF
z_I9mFDgf^wyEV)C^z~$73DIyqw6T<e+sX$u=192<16URx&>z93AtkGE&c+QNBU`OR
zQrUtZwE#K4nr`JL{cdXPn8nIFQe#7m)D=Rp+RVn2OCb3LO*ArlTMtL<Pv>(k;|jMw
z6RuTmfdmUwWmJ74^UL?0FCJGpGEdDSk~9FD5!(f|k2s%$=0*XH1>^{_Q+L8J*nx=h
z3J@Wy`E?Z}BeJ`$qI1x1m(|LNFNjX=L<8gTFYp2(QO#J#K>geZC=l8?5r|v-1FC(l
zm&J;Fv_udCEB-PSjj#&M1b8HMI~BbM-CRM@IRFEK!9KuKys<l+Xr%!f@ptrc<(QM`
z-2!qD5L!r=pcf%;LDZwQvFlpb>)h`&Oeo!yTLGi9_M#0>aO|J0jVQVoHiO<J(&TKK
zbB+cBSU$E;X-)Ht5m{T)9rs>SBHz*;Z_IcUP*A`p^H{LfiJk}{s@<^;Qr{30dfk7T
zx4x?vUO6}<yx28s2w_oTwTZZ?8YiM`r<Lc!{bh=ecKb!vwO@x}y3Q_YJ0+Ho3*ygb
zKq(@ED1c_JRKv>xO6e>QxurNll7Pk-#uy#dSQZby1FfEh#&Dx46rOVE?4QR%@_EwG
z)<KZ+AQbg+H3SaGImW7mUi<JCD5<GWVL_0Ipn1SmVvW(~Qyf>Z*9Zbg4B96gENhfz
zrU^;TpZZ%#7Z+b$>IV){5>P~2T{pEcx#pM$x-%#$B)e66gEvXe`8_^<|7gv5m@U3l
zkSSnGwzU=dbEuC9-Wre`5~;e2Ro~yd1GzDG?)~&dW>ZTHVg*aKqa53B+ojGiXV`H_
zXs1ko<Ozt`M#xvoAnXOncOB4kNQ+9)1OV0btS^oo64kok*hKeGr+wF=QipL5Q{Gw-
zYRwqlR8`4B05uhNY!LM*f*gu3-g5mSzb*&{<a!q?K&b>GK}0r%P;CH(t&IU`fxvl4
z$u?wnS2|5BF|}~$5#b|<0#edgY+;BrG~>{U{x5RIU?H$BiWLS5AP@o=4b~Fslrs)5
zVIhTr0C{3f%%ZGA7rwOh3b(e|BWT*!ZZ~k)V3{OAT@33AO)8;66n+uT%?;`L@2D`q
zumQus1>reX74`%$&Rxcehdq7o;(M;&wz*UAZR`4|dI%6mX0ZR@v!CTVAGhBwfSLtr
zYWhrSX!@23_Wto<kE+?ol)0IunQQV#h6{wHqtoO7#elGvMl{Rij(0fib@%nnkB-Yw
zW{Hn=rqvX%k4dPrX1F%7*%D5Z`d>tjV^fg@gl|Os2Zc^WVxWlPNpINHY>w8<!}tWR
zo0<;w6RRD&KxPoSvktxm3kztN%zTJ2NN*cp1puv6?Y;m1Lg9!lV*{tSsH8X$9URvL
zs(g^`1K1t;wY30J@@Ciuh+Y+H1N`(>x~Ipw$^l?PByeTU+1JL=;gQwKci*ywW)@p!
z12Klt&Pi$em%y=RXlMw5i6A;qEN~Kp`tS=-6^X6@x+KGbVM$1<YLf!q2U%fq{N52U
zYMt8c7(!mQjqB5HyFjc*tgts@j81^HZ&#-0^NC|dUjcB2)iP|*%pQ5T;3gsa!@K8r
zj|s%In>e4A-go5)FL++Ir(I_FLl2d^V2}o~bp+uAwO9Jkm}}^SrV;koAuiOle?^*1
z4*52q=p>F~wmxu~(i73;yltB%`nbaa;!7w?Y&28Q*fUA0l5P2)<d(KSWTEY(!l3Fp
zl&fZJ3_*HoEeeYz0gwWMk^&Y>43prX1OoJOD!E5aYXQ2k87JlEk4KcoDmD69l#f`u
zp?w?l_C&IidTt1Q+s%dN<_jB4HbRK(`FzJIDPQ;U?5e_utw)a?%Z!C>5rYEW2_&qD
zIu!&?j&l^3kWSKJyDHQG&)<V>jp&-%zCce(MF}SG%el}G+>yo?@F3{Aq=X!(5L#i<
zHS{}vQ5ofX0Ujd@{XHCGX5wq1$4ueC!XYY*FcS>dd-gkzLCEQdeo-g^CAkj4`*qjw
zZk_DSUKS7#_$HeQP&@+RV!i&S5haMn5U&h8G~!`FP?e#m2$n~=E=dpZpB&L`mY*Yk
z?8NwNj6qfV(dz+31?i%+s3mP3Jf;de7925xqJX?Gqf58dQ}Vyb5$Q#oD`C>}6>@Ok
zP-#ia?|ceDI3ae00$QkR0sQXA2X10;fFDSruM2b_y9%BiJ(EpdcoqtzX|y;f!rAY<
z1Nm=;gbb*Fi9nq)uuKFEG~nTo{fTsNAmdiND;;|=oXb@H63m4Rg!BE}kn`w6n$KIs
zq<~D<lY!+BKb(3f_tXa^zUTB?K=i$V62m%9G3V4Rzm^(vj`!pdls14O8s3SNp^m%+
z=&2+thKGirKnMx-kjuoqW0z*t-QBnicL-8D-B7dbV`)U?i8=O0q{JYxs-Lz_0X-eW
zG(fcc({OSXX*da|0s0i|>T8q2Ym$;OBzGTF{qGGY+vRmVL9wb=D)@TFR}v!u5>DXf
zkVpxrIkjL$Xl)Px0)WSA4*izTKUwMk?sUuKq1gZv?)-*|6U=cPpb4_X$$|oV_G+?p
z*Z%(g+zck*ypz7RXwGPrJR^6{7I+Qe5}YS2$M>Z(0Jwo$hH=%;Kud{~T>%%WVppfv
zY0J+L3c3o=;Xy6Vg+-o21b&1fc<Rjc^Kiv1T^W;Xo^xm;D2jk1O^OJj5V<EfORTX7
z98mkpOxHCakw^6bk)I8($wPMVdWaZ%?Bf@mT;eK_d_!!G#1`lJ%n_Di?R{Ft@3%t^
zWyplbbKtu`D0+pp$JkA^Wu8`2%k=`{i$Hw{2rB%P40{5~3PAPO2;eo;VHjc9U)VWt
zcX~HWctSn|I!^E27l4Bwshaa`qA$rqbBmkTF%8Jl%FC*b`hs^yXa=CKU*#5;6dx=P
zLm?E{-wXpJG64t*cv4)T>e2<Yf`KJQ$UvyR_G=6Ov@Vz}P?`(IsaYZ6iqU-zK+TcR
z$+kZ1Wv@CS`hWutUo=qc0`s4Ym)M8T*J^f#!!YP9&L+;`>Ov}=8ta>SW1OYDSsL1&
z2>1e$OF-{4JKjJ6`>a&W`hO}dX_r2PrE)&iY(a3>+1_dEmn*Zs<_jSJMZ^}b?P41r
zhImO{Ac-<6YSk^I?@Tz8z<(P_2L3dc{IsAJhBTKXOoQf<WDlNVPps$&4plgJjSK~+
zM#)zh&({Xd*b7;%Tb$IGG^28dRxz18LN4>8$8Lkybk0{h?W`TDKr8hEoRgZdv8pkD
zibr&gUBA54+T$TJ_fPE~&Mc8Ha@b0#Y<}yW>99PGJ^RkVXLS*D+Aij08$ikD*3ch&
z!iZ=Z4bYcMeZ$52!y~Rktqg?l$@<8^99XseeHro4USKw1r}Yjs02r+g`5ts-^aRI+
z$ekyrF#2goWfpvR=7nW$6&%$4M~2n6jJ}}vuYtH3YWM3vqeL#g1Yd#TmWNZeMN{q!
z9cH>#g~2KS3E&5H*-+_y<s1nx2Y35hA0v9lPo>elPVCwVc=s)zY@OO9zkZ}K%ltvC
z|7zS07?Q=(C`o7qlRxveubg0qy81l&h7nLi(=Mp|HUC{L&`PQ>#?HB!n3_@$z651c
z()+5#@ITVL$<tMf&TXhPBr3^O=NzkaTIAu-Ek~-7;An74j|s+mKXdM*;M9TWQOa@{
z?yW0RH)jsy6=19M)nkK12)$Ty)}3`u4mWPWm`>QF5T79CAYbPY^t)1H<*tSz5Ml*}
zC9W5OfCF?BydYafddGm~?ORL(6deMmZ1r0@o^^En0wF9C0`qkmi3xvEhlHT_I&GQ_
z2_h;6d9LG&R>E!wUYGg{W5?pxod?Y9i>fV_3I~^vgO;lzgH@$1HgL<i>N@euX<x~P
zYycv-&WE_>-ss0(nVTb15^oC*Unh%!==whtjHiMwC5IV8NNF84W#TT)#z>pxI;$x&
z1SKAnuL!C>o>}-7s0L!&3-R&T7;Ev?5N~K4@M@y7Ee0_~Y9Zme9||u(1Sb_Epu_q8
z^XFdai34N~co>?2-}&C>!DahE#n(uQMXOGL<)v(r*&JJ=a=rwx1wiXEg=A_C?|>_J
zFI4sUV`6HDKS>hJ`9P85mik~Y4Rk+FmdZ2HtG#jR)jB#O?vr8f!t4GN5AQ_0@pkq*
z;H=(q)3Lj`Phns2;z4^_0b$+iHfKw;f5xXYdganV2$)L93s6Y^NyznXV~r0M&VoxU
zDlSd|tp-q{>=ZNhm0aLrp_)lrIf{S<;QyenTL-6#(s-aZ4KQFS&o}JX1|gr$Tu{IB
zqWvP~rg{{MKpAf9L1etF1-hI?fY5Y0Q*8A{3NT|(5m+2$7H;_VJ5x~z6%d(24-k2U
zJ5m5^{>3u2lk@o1V%}*VYz#XC$hu*B{i(T)pS~PT^V4}{57)<AJMr;WrYzD9@2wKF
z!#l^E<(b#JBAMInm7pV7;bIO&=$}$D8J4w=j4?|RE^4Af0tZ!^GU(V758c>F%GSHK
zwp%HM!?86h^nw)!%X6iKwI(+8CJePuvyLO*znGM_2sq)VlgSN@DZSN$54ZP$oP<OJ
z<c<;#-=`y@!*?T^58N3ciQFYWh6v~NHjy14EvOj@p+4uX3@K>IiCo%!3uifYgU6AY
zLg?C((a8)_NDyB2nxZKjU62-+@*l!8{!fcb$Upwo;&NbQ1dcfX8!uHu{*TfTPhdQr
zL*CR@ENQdtRD85pQ4Zu$b`XKXl5$%+L7OL_%g!XZaWqs*Ba*1q6H817DyD2-)bm7%
z->9R7pZ|i5m^hK%*Xz@yXZq{ClkIek#cLKMB3aE}Nr`v8?#oVB$?U68&Q34m9Dkx_
zkN?ii$pdMkb^rEz$yW_Ki*cPVnOlBb{Wwy-<32NX0DY=^_iiTsb~-tF@iW9*wzJEC
z<<@qlR_|Va_d3a)bF;qHq&WByZ4;?oL+U%G0~_k{sV%%&PbZb~3(SIz-!br0f9U>h
z{Gj%S`g!FZtFE-0S`Ay1qR}`GIKyV77wf~jUMt=(2#ZR1b0#q08@F5z?-a$4Z{f*L
z2xt<rDlBB)lY}TAx1OD-*cYCZPC0yCeqCMlttJqNzqj{X)3tQpe4gTZ=F%#eQ_%3t
zXf!v*)UHKIx(!0Qtij7-mhyXUBh@YpN@)}U6{+I4eS>lWzFbt;d-{3(o$;;6><rK6
zMWDm6X4h2@(QkO)&`|;y<g10;LfQLmlG}~*Sf>n^^CnuJJ$T?vR$(vTmQd2)=UWv0
zdY;**c)_90{PXLN8+j$qs!b}_m}GtrFnGL;$Uc9G+yK6E4Fiw$YHIG)sHt<=mLO)-
zvMxO$|Ca2F=L&K3-F>*52iITc61Fbx^rkK*)BhYc{g%wkoY$BZ@caEm9BHN38QF2d
zuLMjSmM&nJM+n1PkEDm}i_YrrNmna*#0P(szc^oBK!;i)`l!uephd)Ekwc168SE3a
z-K7i<Z=Q1}DuDdImhqzjHMWd|?+C;76On1kun78alCgXnwSi*>!+THnT;de@7(`Vp
z&JCsst*^V=oOjO{@i|-Wgmr4GW_-i-zT%AsQIXZJw4Y>F1(t+--8ne5d9mKv{8Gvd
zY>Ja|_Ty1#>>^9AneAmC^{lVjj;6%V`bODOv<wCp6?)KqvtpVxDV`+C@}1H(kv5NA
z_07PA<vUTodluQw9&2rtTy!04af_RH9@Hjo*Dl|S-n>v>pp!|C1bkf)Nz|kCA!Bx&
ze3!GfjwDTVzd4U8t?<T_(2y!#Rb=*ACgL?CqA(+JU|iw=)?kjoDhWL!iT1=f!hx`R
zxQloE@tb0_$aT`H(HeIby~NxQagj^0+OOh>D3*vyDXG{|;?PMob~Jc}@?t&a3KhYe
zg52d?{a(}JfOlyT*L9W7%DHAN?4_1T=36MPiloYON;*s1f0vrs{D@Lv($6%tmo_^*
zRr{r>HsYI1NQMk%Wwbwux_oJ4kCE!;Kqh5&#n%j6c#8}2hFBj;lVl?sBQf+Y+lOx!
zob0w-B$*q?qOY@JL1*X-<bF4Miz}3JSufTT;)SNKl;NCGlDEtmdJ9W|T)rk?Y;Dnv
z1DU|n6~WlY+jStnN&jBh<@gkCOAz#y4nR#mY^880Sagf(a+R@Ui}A@53SNOtm0=U7
z^q?C?CYxy2!A6l*Q{x2<qAWhAZa($<R5HKWeOHk+O{A};lMvsP@cMsi0q7C5jn9c%
zTIm$jp)1c8u1mj%dAG=4F@<-lFs+YT@aAY$zlHtfH$~&NU(f6#7ZvG`;p@ARVpz9@
z>!j_tw_jkS>%EY(d<3Z6RUf8El=Zy<$n<V&SnckJN_uO4gu#*f0xm13pu<;(ZrSHS
zeTbf3%1Q@P(h;9tv4E3(IbQ4`K8mIlV<7oN;1UN%6U@(@*f|K};*jCJoaLZ%#>1m4
z!dKF}Zg!)NEZUFi&4yx0#wo*0);z0M`DJS}^F6bd<tnvmx~~fOM;c~#&ccieN_jN}
zEYDO^FVbgqg~I09W0zAaX?cXGSmYBfg{n^~N!_Ew*F~MTV7jTBuVL4*cjPWBeLe?W
zMsD|75)(tuahV;H_GS9hhXC%~YqL*NgH-8%!#YnMxoK9NdO5FN2J;Z09;3Bi+2ope
zA&Y$T_K@?Mj>TBjO?n#vZBS@u95oe~tCv;u=8GQth~G{r%oI!&c=UO;RX$FLuDet3
zF0<b68EP)=;`PGZoI(G%`+F6MI9Np`CE~Y14<)BOdRjg)6s~)`xXIt^C!Ndt^CaaV
z^tQdDaaNzv%G-F4STykEtk>%7UQw0$fU?R)limI7b&er{)G^HYp9=Vk#p+MGZ+|<$
zJ#}B8-11TRU1Abh{5IZU+~}i|(r4V)6yiTQ6IZLU9lE0|%Fh|I_&}bh%{A&!_rqyY
zc=5j;-8-y??9@c`q@AN{Z5Hj@=q3KZe8;a9?)Doq=89;g3hOP6@4@nsi#(YkJyy>^
zF}Zl)pX$aOI8%`}qQ*Xa?Mn9rm3ss8>-8(P4J%d+Gqw#Ao3$$hSGAXO@5$E>=`shQ
z4Nqefj!Tbv^9Ob4Oc_a+RG7WvSNc!r^H4exd>S9sy%Py=H#r5+xyPjUTMVpbJA`51
zvg>FBOtY!tI0{Ss2#K$RJhhRU+`9hh%dyv%`u+;vetRS)rKM2_3s*mj4+3BEom%t^
zr*6q)U4sl_dIi%sj&1nOx|MP^%|^7CO8R?x&SO#L4W0@$&v@JZqPgi&Z^pdA_L8Zm
z`0d{#<>x2u*16giCldr6uvJYNYC00>?5k%2PqZ$ztTIb|LB1T1n#f>DtsKlgt&lC*
zjh7!Y=1aV9T&#yxzM67IGs6^gPOrvG8@w=6D{i2PW52;ljt>2E;zQ|=0;S|0G|ndN
z#Lo$<qD(nE;)IDAt>oR~MQPx29r2Y()R9>`>eBlmxDt1fEx>XVRKEv(uVjqWcyBjN
zH{Lbm?}{}sH>DuA%<cCLjy09M_w-np?)Zop)+&OX?P73$@3iP;_bKDM+Lc~laOSB7
zcTwb-UA?{8``X&5SLflxukE5)%B;7j!L1~LP7p+9pcSfxH_io<9(Ti1UVU9VS2b2E
z>uuH3-j#L(oDplkxim=iR>n-Frz_gu1zn0eIJn~3e-`?c-Qy2_30@3^4lUYb&+pg@
zr0^QN?JjCfd-EnS7ptM!0JqOpt1ka#g3|)pgyHI15)o%7a0q?%1LS;qhwwlm`_idU
znJyV@6Y>_?rjhHwLW*W(H+r_emGBL%WBdqr-|n;OlDs5V(3qBN(q_MV<gQgUK>5li
zZ_J7O@Mt~~?8bfiN6A?Yt@kH|52*Eux8a06h82e63rKsI?k%<A)1d`fk^M90`;R|$
z27>t*^FWD%34t#{#yu^GTH%LxT@lEmU}u$vK*8~F_iRaTA6z}(LD$>jNWP}#OqAzp
zfWYiD+aoIh?WaolL~zq177oA8UJyG#j7gmCEvS1|X_(#kl)uJG5Kg6#AfzO0bn8O>
zc?#%xcsK|a!*MN{JZkrsANc+1hw(ao6r37e>*J*G#9*^jmwBVi+onh(VLLk>VlL9|
zF5e1DJsq|i@I^jlX9PaGcC^3%D(uF&Iyymzx)+58N-9a!msuuZZ}{=l{cctOtI}99
zBrw{Ejn5t%36FhMa%I%=tP|>P(YJ7t5{(0}NsK5x4*4UyOExn%RpNc~ulh`L+cKv}
zZ7R0d9WEDd0VqDH0karJd2{4UA|3L7ac#NlI-k|A<_U}=urxQ9P*C8szBV0*5$C*2
ztF@izrm}rvw@(Wzz2LAc)l?Su?kXcm42f!#R9$y>;Vq-FCj<j#SMqPN_-t)cwXMx>
z{h1Gal;k|Du3iE|y$yc$jd@k>#C-cfK0(V*U5341Yw63SS2zLT3w%Li5a)?j#TARj
z<Js=W+S@W}G2<J1KSvI+U?+d;mTjG7C6vC$7qcD79<!KWt($Ka>nAH`dsbiSf(pGh
z8_Sz-CxSXG`pda}b1H8ig*65<zb<7eIWh5=2>JHu1GR>TJwMgblWRV@kErP6?(KFe
z8I842d~)bobFNM<c=7IstX$`Xo=1_nUmJZ!gt#7s-{4TRz0KCr^Y(Oe1)(O^=@pK4
z%4nwJ8sq!^CXaNdwL5M*4TX-si$__V1!qtBxmH8FwX!gxNAvq--A1q4IZY?(u%gYZ
zJk!-7GkeNMXQ2|D4}4~;s>-<N#Z-L=cn7qK3BmbX-?w<PB1_g{tQedl?6C5B;e&TS
zI(TN6$&I7Sl_jhuH=^hvyB6(Jn!V{Z)z4py>KM<Y>M7=+NaqWG9f18PIy+IaO$1HB
z19v{|pe-Az!@=cMr6!5rHn?YzK#6_!G`0Ua#%*Br`K#vC{za*Yr8kpy>c7*H7JG+G
zDL8qM)|Wh=Q6DQMtFGN}3Ys$;Q`KbIHn_{24y`ZK9yytFe`CIa(#t`Vk71-MF{E<$
zC_RnIT0Jyt3bY>TK7FEb%_2FV<dE(_B}W#YmsgY|*j+51gr1U8>_y-6UX1LZlSZ+j
zAVIi#R=?eGJ#(+6WKG}g%ZKjYc|k&7Cn57~=Y_w5)ZzE80dPrJxq{?VTNBSUW>r>q
z@aCf7z#ERezC!kY75CloSodxJN|zBrh_Xw{P9<b!lelE>m5`YcPNPIALModSvN_4#
z*=2Sndz?o0IJ3uTJjb`|x$pbBuHSvXo_~JN>*=42(|3HvalDWB@%|h~djkFH))Y@$
zQ$<cKt7w=&4U<48l)q#`-&6lBx;R$<b-54e5t0{Q_470IzIUtMe-1oZt>+%p+J=At
zTsE>T;Varcwd&nOafxytikv|Mo<VzLaTQHrIF!Oz#Eu}_+bE1s+Hz7`Lz0o>O0QN9
znHLV_OWW!|#A?}H%$OYJTw5+*Bz!*Qx6_j@jX0sQH53f;EQ6DSoo;n>GEV2y!bavM
zV_S(;tB@{yYJes^+mS8&*S4m)px(e1D=+E_fa!h?+&DtWFW9D(r&joj&5bV~FBeGV
zc8x<MB6Hc`>*hULGx$-*oP+J`x0@twQ*TyFopF9-;HfBX`fww#DsZ?;ScSy9+5{F?
zvbsuI&K4KGd$fo@Q+HI}u;n}6SKDDA42*7l&55s$g`U+W+LZ^e^6Ks_5yGw=Ez2~}
zP9ovQmumF|F9e>K)Ls`|h|FFs;2F|YQBRW8y=7%8;tg#a(Y=zEqLR{;Xt}o~!)(=W
z=QQlZ_@fPT*6d!k>)qDM8afz)Y14kV2*_o2VS$(`#z9szV0tikBWqz8BF9Emy}GW*
zYFh|e_T{>3Udg*cIKUI-KtpZ&oSU6VDVbZbkNZ^v`hf3MLEZS7)UW+Dnkxx?DgIM(
z`MMD#o6m)3T)fAfQKJ{x_t-%?sPTnldJ8XaIpzQ?lJ-&U8itw<o3K%n1;*;mg^lNA
zl~GRv6tz5T+V=bo4bRg~HFmae52NalULOlGio3knb+I${gx44o)cS%X$#=;q`t4`G
zZ;#-8Bs(tG&AHhgl)#ZUz^k$c%Pvm@+V=ep6-_t4re7GG^CC{!TbiHmO|Yt;b9*ve
z2kOOK18lG)Iix;&drR`CB1i2k-fOd*tabvsUa@fhr0oiRzruktw<O(Uzw>Tk_Mnqw
zlKP7b6k~x=cO_Jc8hRPfgxg9fE?x>9oPj4aSNufLT(Z%4I~{{^EVHvhntw_{K?@-?
zIzo~-*#=zL#d%8;G<{lGV}5|tXw;||KV!~$x#V2S`Td%+n0tjHiFv|Vn#ZE|odzkX
z@_avhAF}J=#afnMo0HH*qdCfwIKD|*>R*GT@j3f))@3nAJKXQL_H(y}>sC3Jc=S_O
z4;)Hv$sLnRq}qIrDbD(l&wYdU!X49~yRWt>&Uxaqd_yKRn9|Qu^S-KMNm4Q!T3lA=
zhIzRvEJdPE{KL|9deIB`1919su=np<FLzd$O0B>DXN5@LOEB^iieb(DXqT0SL6tjq
zZ#~7ldDPjNN9k(=a>jKQc?lW4*gM*sLB=;yo?@Lm8{NL5S}xR5N4KP_+`Gcg6x%TV
zl}Tu;U~X|y2DWJenBUx72i9HZe+the%SKIj<~?w-%C@IVba2vmw)V?PaP6e1jFa_e
z-=BG7<Nlnwtfudr8`kwRp3=j9{AArK-c07N)f%5x^ed3ms^oFAk|%Na9lpPw_Kw5(
z^Q0;Xl-vB*Ka4e78g+dfshQPD9qKwp)X>*K_0(hcKR<~1TYbhZ>2}ibXUapAm(Gez
zH(sXst3q@AG{bt}&vdH4Uw!5gsX6CgHFY-6EM#Ix&Hr0q`p17~l4Gdu{{8tcat6l!
z?IGBM|9@X@T$j|GD4@>l5(D}F^WQc@0I7M{UmxM@@w&iEe|!0>a)Rvbf0Hs&XsD80
zVgGAEQ(0P?`o9klRnz~~<yvB>I@{x3fX>rnJCcfmPc5A+8hv#flk#wUZO5!|Kx&=+
zk7a@}WME*}&e^;vCmVppwLqH=jN4LkkR<KyF@Q@+J$}z^W-Vnzngf42QPkGHPR;L{
z2{<n)!~v0IF1`X720i@}&MaSXpbfy8Kp_4S2shUm{%0)*<!<NiVDX!*FUmTy_=X@#
zdIEdtNl3`JTScQKA0-PrAbJ3t;Hkc@jzxI3&$*e`C0l^IfQSh}*F6uyS;YLQmFEEH
zw_i+PU6HYYm<C*Q4mO`oXvnYbLo?4$RCNW~YkO8uf#bs@^xB$mN;Dpcx%z<s*uR_=
z&8t#}b>atr-p%E1S8RI}VV{i7ENtNm(kz(42VZJBZ*i-sBEwWHrphE~n@K17FmP2U
zk^v%jf}an0bS%9c_QeJSs4*?cX4B#tQRyG7&3A%(pk;5K=U!`%9XM=q{2+|ML@}^*
z=K#*~o7f+tGH`lX>QE|nmPNB@$_YYTcpSDxOVA$KvUudT>Bc2joSq$fpAsWseP3&c
z<Lq&301&F5JIHqMZPB?gQNm<^=buujH&1-{kZg22syJ#}OSLWjNn!AVlfI)qlB~TB
z{f_}!P=Z?qD+VFZgrS4$r@IYPZMOp40&!s`tW7&)(Pl5(J$Ki4yd~0Xw&LGLghKO@
zCws;_-mDRC!hjHkI%1g_TdWR=oUb6F%*e*B^$xx78j6}Xp!F@CkY#<E7GB(C4MZKp
z4=}N{(fcEn*vH^UwrUa){&8!0{{}WMs+5bhxK%FKbr0~1i07=$XKbPxJ#c&GfaieY
z0DM0A<+U~S7TUhBP2-@U3(lfJ$htVt_frA4a7(@t3v=_{d9!}YO-t^o)+P2mB29(b
zkktIXg#h3&#>c3QYVY5agK`(k3qXHZbXI-PSb{DW<aav_9syUI?BYuY$j!bs&yNxq
z2yHy{Nc=W33QRKlX+9Cu;;}P~=(F(gC^RoI0aD=;igG!u94`|040H<7{X`p0QaVII
zfDpg%PMCgAI>qor1dRdwCLr*@2>~F|sP$$=0?y_#Cg6{I#KUfB3&Dbf32RV~jQ?4S
z>to}SAOoNbk<#mYw0@0+5G-n<FF6%Fm*5xJcH_s>)5QG-)r7DlA;2T}1l`oW+7;Jq
zth5ak3@jpxmFNq3z@1a!ifhJlyFPXvi;rQWK(yc7^pL;7Mn!rl%vhuP!KE)rPZFpA
z$<ZgWUa{trZc=9?@=cPHV}1SNzNjAD76_#$QtF9yKyd@%rF1+AoX;!F$<5*^JMM^B
zq0>ML)|b1|%gxBUt`TZij}LCdXJCuzA@XrUM}M?w!@_l7a<q>!66EwsGH?`5-zUDJ
zbhoEN*I<5ri_LEDO-6~b9Boc^w&C||9MoT8VT84WUbCLO*X^Dl>dgXIl4DfS?mh5@
zj<Z%8(S}#oBYAlOxcI3N37lp(MNY0BWx$<g=nshXjE4rwVY_E`+2=NX$?$*$luW`^
z!=}Lt#hrA{Tv7RqjjY{TqvtmtdCCVP{v9{S*mFRfZNGi};WeP8y%v_f&gA;sIuD?8
z|2?H_cgx_+xzl{x3+v@uCAG?$$McI(E#BC$J4IvgrU5m^d~i<cUgUFw8BYV$sRw%>
z#eU%Av3!aUdnfEJ@W$nhNJA)I2dw;0fJJ!Sl7T7DP4SmJBCeZNvt)ir$pZpIU2^N3
zF;spHLV;7MKg}W-4PlK0`R=t3ti@b`zI?a1KE3s&n6S{PNjnKs^a)Vr=eHuvQ&M{`
zAdCL8kFwt$`5sDpPdLFQS4-MqB=`xTv?WVqq2&xe*fs4vZwS3Wn!7^q2pi56bmMZv
z<O%@+1hudaA+k8Z=DgLHS=$-h*Lg7^{G&D<!6QKR8T>Y(p}OWT+u@iWx#-iZ+~P}d
zCmWgTS7#=`*f}<wY7A#$zJ}rQcy|*P28pn7<&l6pIwP18Yn)S=_m<?~pct5o<ocDg
z7W8mf_ngdrUNzL%DFOi8;XysO#tieE#4Y@M=1{9#`Gri_`e5A~SWv(d1Auo1P=(+e
zph}Ltb7TTeWHAR%2Z<5HXd2b5u3!b#WfhS&8BR_2?t~^i21->sG$tx4=pq+i14Of0
zdu2!X`xaK^_@mR+1hhuV2keTIC(<d9p}HBYvN9o`?YRh32nJISs6>C@29n$7;Xq?)
z6VFRXWk47t>x9EQIe)DL7MB=2gT}tY%D3AuR8EtzxyXo=9Z7g2PNZ#E5|k_axsN8P
zE1lcP|5G9su6;z#^q}>MGOv+Q&h@ABafz_ZdhTN@eCdIckO$)mwovA~{BdgmFbe1F
z_Gs_-mF_XdzKjn_#zlpQeOrKSamDWPy^{UMz^P_z+sZb^cVBz}bi0|sC@*cN$;J80
zs2Q?%#;3TulIjP@w9k#Mx7Iti5ZFXV$YJ_*41<8I@&VTE5Pz^iuHursJ)Y7s;j|TR
zD0lRtk-iv^q1PO<{G^E0SowCQd&jP!2Da>0l1RG=2!P5-Dc|w;w0GZ8x40JWyisWl
z4LAptR^4^^tz9{%pzT<$v&hjae!r$h+fim}mm6%BY){k@@OUj?BjCP<+E4EpcMlDU
zT}pA51lqOkA*ZTrL)|$bh_=gJu5kXCe(yPODC3w+07)fSB#k%)$!73(pJU&IhsI}V
zyAPzas9C_PBGZawY3?l7H~C}AVf30HwsJnG|B#Q9_wv<P)^!>}k&cgHz2WL$WA3*X
ze77xn%a{WtV1QbGDdcw?xV`4@b5G9hy!SyPFITW~ud!<!vLb@O+z9dv0<}$^iN<_Q
zkA_-0XrOqsi*Kn!qi=_{8x^H;+#w1uuH4GrJ%F9EN;W;==NhuSlWp&66B+5U<F?+f
ztQvRw(S+5ZEV?I{wO8k?^=(PWxHT;J`Vv0V!P?|ITV(<I>Dwu6!j;{#%UzyH(=JVf
zdH#s&3-(jmk=XN^Cr_K|kWsdc&2UBV2W(%2x4fgT|5>s=vIpaMp&$B&71$_~eguLZ
z9FP{Nc`nL}w<UdRXSR5!zWBHGR=E#)H1%L4wPsx5%<MH?hmf-G(q-2wRV6((YFMT5
zD5|+LnLX&#y$&0PcmUBT8pu?b%P<hs@Uc{7>aU+MOz+yG0Jjg5h|CX1ioDSnxW#(5
zSV2gff`JTa&-uatL`POVZRh^<DF%)!Z)-hC*?!l!sod5`ZyKfujH1ZTq45~3EC7>a
z>f0-mM8Mf(vZ&wel4%Nm??DVTcOXCdf{?=B_wL<W3b5XqCgD^*Z1soynT&2OXV(B_
z!I|xo=VIag*?{3C_+49}UV}5xV{!Nic+r9q3kig8OL4Bbr}cfLa!dQmJ7I}~v8CZk
zY_bXo__$f$n$_~us>u~}_Y9bwpD15JUty<gKz#7LfGb0z1q`(#>8vK-?FA)KOSxQy
zXo=?B*zySF(i=7uJ#uk)TZELHZZ|v*DMP<nR^Zy}Ar<^1^UCkKwZtj6n}g$p5c3Mp
z4UYcVz%i&*ONs77#wP}*Rl@rrVtJ5Q@Q?a_0e2JzvW_#^h>$~iZuW&**JorgZts7-
z51VGPNJ>_ztoeh_0jN`AXzBs%S=w!c<!?NNH3tbd61JlIo=}xY(CQ%|J^%_}Hkbeb
z#L=CH@qurQm^{3_i2)Ws3U^Yv!5m@3B3jcAu9LxidwK_T&&3ngMj(SX89jm^z=o$6
z8WuL*1F8YDZ#vU;s#etM_N&oR=+JqzFlKQu1Z*JKs-hzC?-Hh9Qh;o)gVzTp@b}Gq
z0~kgYai3JfQ}>tyOinA)hJuyR>RW7tRSBW5Rw!FLLv+C6^KQ&{w{v&ym^<qOBo?&y
zyxb*)82*W;)_ir(Th?FL7YwVH?HWTXjI7Y_7|e4hFg~>ix#Vs4t|PE$%wgXXQ1vw<
zyQ-ta6lM|u&I`i!@-UJ;6deYA>x$tAPi|Z$zW&u?x&HNqF2vOdp5<aDreu~^wlza_
zj4@_z>|Xrgz#T3K;Q2xCelXDf2)BHsDvwwzZ|KGD2p(aQA>-0$EeubXRnnUb7U}4f
zo7MA0eHAqqw-{}QFq}xUX1KqI_p*$t`<dz)?s6l?)Kn`A8AldCE>H-r1!1;UQ|z^W
z<6X(@*Wco4eYh=pDMY`UVx+5X-1*bVq+qcAkdOgdx=Mrfgzq5aj16Xb-Z!+!F{AtL
z(fQgC{M>75%MTC)T^7L?8|s^l`(P4aN*zlLxAwG4M2lLHf__)HSZkL>34jBGUx9-u
z0JjcctV~}H?WCogt-68VpCB3p2hCo{c4V+t6u6lJ)2XxIS^yJ20?!Cxl03j&PfEy`
z04hhODdKGe1)FoBC7_mRzHOa#QU&hpl##G+kaLoT>_XMz!~WaGA)qn<08sW|Kh3dP
z9CG1!pQ1sZ@y*kjs#?K9>_!OoZcLvDpM01Vb@hdu06T9|B?=Nk8`8L6HfPu=)d2}<
z3oK-|&oQ#+ke8>p19fNv_4%4RgwDR#1xSPBC9c7lUclBB3vzn7zL59NGw}A*)TW4{
zjhxtiuBlgQP6jJB=;7hH`AKv(mhg*BU0bxjSWR$^AvJVfPVl-Z+v^ATDn``qNX@oO
zm6Aock_x5%1&9}Zyrj-S^482)zz)!H$z^?$Xqn>;<MW|=3;AXdn~5J=1M`i%I>7fJ
zUT1v50tR;3;Ea>&-p8>(=c`C;#}oeeWxDW@qYH{ak3zyF<-n0h_NSZ8_{sX!a_qO&
z-^B&2Z`W{Vs;%=Q1(Cvv0EJi>f81a!3D!uE9`oQhEV%$q4~`D3^haj*Aw|Zo3XMDh
zvi-#;kMdy)l`Loj4r{52xum*U=e}<3aKQ}3)1_iWRt}eUMFQ=NTJ4UGl)DO8$cRXs
zW1JB%s)tP{2;LQzLpZAxwbcwnb&#`B8(!i!9ZFFqQRIGjrFqKi&|j7z^0H3Oq5F!(
zIrwa}fN*A*p-FNbZp*Sopt5P>^zZ7dz2Dtrg^ssOxmW^5oGmtxH<np`DY?<74>5Cr
z-;Y$wu2JkId(V#<LvA$&r(|(H7;dtuHO2DH37ldWf)*V0Gu+8hRva1}5Pm;bv)}R2
z%p)8g7&xEy_*&e_-#_N4sx}}KjTktGCKN9u^nnK^bRcMIS6TPs2Dn!Bn|wtV<|ec*
z#XTNUg3V5MF3kVaXNz)41KnE1;YD(So!?xwg-^syoJ7<v6@6~yG=`$DY$0&l9;tj2
zOh7=3SC+e>b^T$92xmF3&bNgW5;YP)r5D#I_a5jm6?V<gq|Aa72h7zd>>B;7OHEX!
z3$`c3iE}2VZ}6c-OExt1(ro2y>ak}adi~~V1!D!q@6iYg!^V<Zh1{yFAG(#=^L$&Y
zN$5e(0n?+t!uIyqQd-g1tFoInWs`b$Aj|(ncuWGdE`THmVWUm#>g(2Cxbu^MYCAU;
zo_xKZl)xYJP9B^4b%c`2P^JuEinQ6z6-}dLh8;2QP76#8W`R-r8;|CZrOeQCJr0nz
z;tiT!+qndYZF6z|Ru!>m-QFr7n}WQASE6wrug5JN!<V}hW-)Ege4~q?>dlUBaq)?0
zO&z<I)GN8s+Gtk583+f`vg{tzgMh>Fs!k0(-zvd5tIsLf0W|dn*zn$eyHO2gxA&gh
z1k^95sF)tZiLp_k3Kj4gF)U|?5ae>|YSOEyOfQd&hVf6pXhvM&GWDRn57rqnehfVY
z(5IC9&M~K*IF%Rs+`1c8V2F}^Zhe?{;%VzOgZRCN`5ACCTHU8Aj2u@6E;^ud>FHoY
zQ`0H!B$FRYd-%<c2@=kbi-#DMir$v(l5xW5?4wdqKYeEz5xp{;3~nt_QH^KI11K9v
zKwZUP{DcG8;{tyM1chtOl=_6t>~F>2kYY)8hUA7n+&!za7WQL|hKQ*<6vzXq4pJbm
zaJeskrZ7SEwUb^!W4eXaz!?n5bx2l0LK2oe*b#r5oNws@Ml#!o_AABAz66q*V0J(g
z1v#_&$MQ`Rap(IO0TfyQn*qFvjxkU2uYETa=xn^tQm`oPS7!t{>jvPyn(hP9u9b(D
zfuOKJ!s@K<fM`DQ0L;Rxf;>(o-rKVU%Nr3E!jPbb$fr@MfUuVNDHhi!VOrEGv$IF)
zK^S6!?6F4=!0jr-NCO7~+(XN1<P<nZ(M5Yk{%A(<`=HTR1-aG<w%>bCFuvtY8`FNU
ziJ5WmcJNiI<ccwo(aZLuA6DRw5v8=_>CG--1P~OqzhbSlQ)Q+h2p6P3WQn|dN->P3
zuR4wAb;d{UEkk7K{lV1)Ib_doXdJr`7}<x*zSSo$@vgKl7!v+w&(-N#E`-}(jytL4
zO9G@$%7YgEk%bVK+K3Wn2N}H@4cvEAYs;)|IaHoK7#&$68jw)cf%%`P=EmPW!7TX{
zBykl<0rsokPXmY-_uG?O6TRwYd%kVGlZRltE6_Fr)FnVJ6@W$wwp)SIA(TThdDiM4
z->{qw&Uf_yPqFwQXjU<#C`k`QS)k&9V~(18m8nIl?VTBY!da=hX-5Z1$CccN#;_|8
zq`<t888)BcD1>TwvCg5zIlY5wWm`E38&EnSB=v5pWUx)R!0lMt;py(dbdy+y99Y0H
zg0jjy?7VCE{W8DFQ+H`QLG?w|^9CcO>v*cK0;-N;gqaekPWW{}oaKflM)fJ>`kkNh
zJNFB72h-8i3vvcx<u5aQO$t*sX~+Wa&u-d|!0eMrS*RND1v!SaRpFW4WZ;;YU5-fk
zPCG%5WWW#9jI{*LnS#!J0}(0n7_|46P=*3OEGSq6o7@VWj#*j$u&66EPZLb@UA%q%
zKH9jJG$55_<@hmvAD5X@;7PzNLza*!O5htPINZ}sv^fJAPq1i=_)-u+O4Q7?=i0hK
zF3^^UAFt_I2^vy^trmwn`)x)H?0(ke;`^?lv;Cpdm8W?zkWUxWLSHl1O`KdjmbUeN
zt>@Y9A9Afy8<FB7@y1oUY(ZNUf6qLyxmMOH2AmL)(1d%5|4%xtwf{+{<?HF?kOuMx
zt(5CqtRl3p{t#N4$9J57eL0RjB-xW>5x;#tFq}z(UttoCL_v(IT)4L0_@x^Oz(1?Q
zCzHD9zrC}P*&eY4)ye*{FIsVFK0(01>b=jwaFv&#__SNa*otQ|H(5aVjWlhAleQ6x
z{2hN#A{Py{{efm~3KfP#A^pwD&-|vgClmWyKlaY7u>%?StFB#l@uxrP+U55AihdtS
zS1!Q)Cj<fiE0GY6FCZdJQ2b<fiq>L*YOUK~EKOD;SupNyaJOi~+uC|vOnZCcE$6i;
zu9V0Y&*HfX&xhDkXlVdx%fsat9MyVN2JfmTgaJ^m=%b(Vvm7YlH5!?R{3%3hn1LQ<
z&0oF?)D|b^tbwh`hnb7XGuRo>?OT-VO!Wcf1c8C!5QzR@y0aXW(z}9m3~%77jvl=-
zck6QpLaM>?&95$D0f!5KEbgYqmn*hQgVm-9T@jn0-m;5~1WColu0rH`tCqAFJ5#13
z<DS@C2rlBY?pdh(Xg1JMjHfyPQBHy9+`<-bSAxsZZpX8Y)xT~iRj-;aRVJoN_#2W@
z5bcDVHv2JihQqag!T&a|rUK8Gzd%StfE7&iuMOm6?_0a8$Z<ZrE>Uc2%vmJg)0Qg=
ztw%Aoai(7E!SZ7$hz8ch-&VC=D;S{dDPX$A54K1l!-?tc=Hb5zuLeoz<0dusP2e-Y
ze#rxiLEs;uTBoeemVYV_G`65?E2xI^0|cKQb)53F*AxN~18^ofx6q&zBm{#v(`ihF
zejTp=cJK!XtMU!-Kiv-&^SfP5_hvpSJr&^Mmhau>68Y-PU|HJ=!OA2s^T6wC-QuEA
zjip*HHh{4OcufX11;Eyy@VVfDYk>3f${Ly5exvK#0i}e2oPotPWDr}fvidcH^yREy
z4V{$Zqw|t<u>4v;T?mk#&Vx(=wPY5|3Hqbu6Nw;>1rBg_aUNLZgcziauqJ$;tTDN<
zi>w1Bk|giq&MDX_j~d3MA<rIhN#FQ@1`?ABkmLv82Zkr~(6HcF%}Hz@tjtRgRfQk=
zKIYLyBP;y67@|<S1OZC>+d>9HLc(VtmX1Dy{<J_bynouULUi}46^LU&Lp8g+TsPv~
zkzquyhnpY9(jTc(BjG`(wA!ks+#<p6`$3%dyx7>ZiljYi1s^eKW9#({!qkR5_8eW%
zPMfoRoxAt4eFBxHO2P`Uv!>BmV2<H{8ssZJ%u@l6n-7x!g@8cs2`hQq+~GWt{WYfR
zKIBAP`Kd=hAUg^P2cXrT0Otq{;eYEQmUohMPqi*s)_7uqqlm-dFA*~G7kD*5!0W22
zNNYt-0>@|}8j;5VT;8bMte;$Ymz~Xsz)z?)*Jj|wT;;sPx?8pFBl%;0ixF9bO(CJs
z=cW08FbFPbBjR~Xn(anB5Qr>NevciB-I2ruh;0pPU!$G;&$Cq}Csg}<Acf4C9d|DR
zFo%}HuCtTdm?9Qn2BhR5+WWcVV`E=+95`(VZ?(EkzX<$U-_(Q<)Bs^ks%)M>s?0)0
z&re`HPoNbMX~v2-7=Uhx<q&_2*iVcc$O}+OAEh!(RKS%Bm=sOmd!(R(Bgo-yt`C5K
zz&`7Ek?@ZniohvgI1worGD13r>3C5Bf2%@-=$h^rg6Hm#W1%nxnqQDzSiL9grIT5&
z82ZQgrXQE*Ao~Kp*VyWQ74`Nv0B^oez&iZm#r|R)$ZZa%e_U$^VJT!uG;|@w<=7~<
z45B|h5UltJ7rf~~4QadzPtTkqg2i>owfE>hKrAYW@*O`bNU9*vyyxJ6q;0^{L+pha
z?1e<r(Kh_R(g|%TE~?o=)BFqu!fWxf=Y*B+!V$*o)+sZmc&gq?mRaL-#k-LJ?yZL8
z<S=G3+Z26NEcU2SKG;>FYf<%Vzx4|KA%OZqC+!u-0XTg2j?OFG39>L?9SKN`?nK&g
z@*3PuHlWe<iY~NQ7~jhudIQ=g<(wgi=rhvZze-1GJQa6fq+;;pQRjlOpmWi^M#Z3U
z=j!>f&zMOlXNh=?L)Dn4iSD%);Adgszn`t7%fei&1DY*|?8q_huvW_xCS;zM!c8C4
z>L*h5?(+Xoc`eRd1}R0Cat%<U^ecdP2|BP%+^_CCkp^Lk15~$OIuk$}6Q+=tLsM<H
z8uu6oDbT@N9OEFc&l}|Q!vWJ1QfXdof}R(S0#jFEl3V>?#Ukb2{PpqxQi7U)BYRqY
zo2DNBQC#>hvL}NxAbTQ7@NTW;Gu7u$djqi=jj)Ei;XxQcdyc^Pc-CjBZ12=aD9Ooz
zvHm#kk-8|JJNOZJJ>Fg#v4`WY=7rCi+Qm}&ZGrKH{zj8c9zuLhQL}rP>!t)tAM>FJ
zsr$j_g)c`2t=^9c+C)akp#a0k0Ex){&=iDLIqchD9<tV!fosVg)U2~|0QQ{UREFT_
zxv*2b+^4MG`Ot(c{zL9`JV!g`RTNiVB5Fg-3+1wNMz6S7r-)UN<3osT8wAB|3n<{F
zS*83=x=1+KS8=!6zz&NGc4x;Kqr+v&JH{;SD;~&xr(PB=efA*zP7#}>QP_4h(FF$x
z-k%5N_io6SWA#e-UOQz(o4%H~UolU#syBZX)g^I%^(y(d1)-bj3F3TV?jQjF*sNZc
zmKFCBcMF&lh<_K=7hFX)TaplRt=iyP_8tA$=~qlw-MG4}ttx51N}&nZz`ma1<Dxz+
zX-t1AexV<>3<JkT4k-$+fsjD0W2<wZ8`LHphbCPJHv`nULV#^#rZn4g4@jEkqeDs@
zvlj)(b(>qC%dlOtk-KalS1%Fu(ZETp4l)@uI8mU&Ah;3aHb94;9h?kV-#J#gv%Z<B
z%SluTYFY3Cr|?V&S769Atd81R_Wc1e{VrzU-mE*{(&M$F+Ef7h0ij&I;6EyK8*QpQ
z>hurC%&IISat4Yp>)4t0w}2YkhP;Xbik_*wYYmm&=`0Y&4B3V5rCtJu--zk|b!y;i
z)Xx4vsmjGx`ms{#j+F({1OB5!>rchiacgj9$sFewGF{AC|EPl~y?f(5Wq_nCC}^$=
z`E7xcs8AL3sd2Sy;GGNj(_XdF)$nfN_XBQkQgO|V(0;heFy*AHTRLq|qn3Wt-SX9*
zkJrvoRPB$->43RJ0hE=wsp-SdTRh#|WW`}OvR`nVA#cTK$`v5VIfo1X)GYOmuJ8C*
zH0PF5w+U5ORw}xa;~ryiigtEGjKy6Wc>+$A4ibOl8kXY*M@CZ0yP#u9$AWWem%mcT
zsMiMj<`sro?dlqh52ak18-A{+TFYunQvM60srz(}V$kPEajOuM72SgJF-TG`L!x#6
ze#y4c(Vv=uK?@g(hnUSv_wyc-q54ipp!QYZZfBFtR7oDnkd9NnFW<TG8AZVwf5p11
z;bhWr@Q#-YIYTNx0MWVoo-*{Gk|6kEHsF_T#`r{#tn2sTmNd{qLq-n~JAg{xcea83
z&x)GevHyKRO-9#c_QlQZF*h%>LZrf!_1^_Nsf=5u?@GH)#E<-z-bQoH<N6(%dcp_v
zDAB)vFa!Bu-@S%UGf`9z$_X_U4Drl=7s|YJn>--XgHA^SBj)KLEU!q-qlbvohsfd^
zLP!0Gm&I+Kv@GDiVt@OWv<be#yj$_~EnCZ{tKNqSD2^f{CS}7(@-qEo>1||{4FNSr
zh*=~S<P<#)gAOGBJl4;i5#2J>m3mvXcmvM$JP0CIixytIIL;mmk5}z1A^~T9lC!f}
zOAQS$g99xQf73!KyL$V04wyG32Ib~&4q&9lpj|Ds*EjYgDjm+J#BgXx&%tIPKY2=-
z*s-{(F%&QGZ?s3h1WA*xUkvdHtjy}uqjIjnUoqrYUhSh~`A9ncsR+X&lHiCOKboIY
zG*qN~TfNv=+cmVZt<T6J<<O9l?%=teDnzAz`cJYZPpA~06Z$8u(~HvZbo7KiKKrm_
z96Ph*x%rXCfms5%Vr>U$P&Y+-TS_b~4E4D5ZIPD@C1OU%dzW^Fb-wk36OQkzyMurA
zTh+((4z&GS1r_{|)vCy&y4B%<0S40(1b?_*6URNc>|7nkZ6M}^tccds{O&3Lj`8M4
z9Z&q?X?zLQ)+t23N{vY$K6?G9XZ_QAm|c?m=KRj-lYh;T3sCHuyx%Ba)Fk|P?@c1g
zoj_+cu0^^-cM%EaGI5xxe6eA4eZzlzINM{Zajiz_mx<4CnO^?^57X#eM!vI9d*we&
zNplO`{BWAUA~u%l?!S|a!Hr&YU4p&$pMJ@H26SQn>EcwOhs4Hm)lEH#rC|i{Pg!0~
KE>Fhn@qYoFzugr8

literal 0
HcmV?d00001

diff --git a/filebeat/docs/images/filebeat-o365-azure-permissions.png b/filebeat/docs/images/filebeat-o365-azure-permissions.png
new file mode 100644
index 0000000000000000000000000000000000000000..19a98e687ad02b60780ce4408929547b40181aca
GIT binary patch
literal 301548
zcmbTd2Urtb*EWhEmLS5T0s_)3AfZZCx}aDnq9lYC5b3>#P6P!+sv=#wv;;!00iqz%
zdnbf|^cs4AKyu>ye(hZ6|E~Xe4%d}Qn3=t2_L{xdy4St#3D?nn!U*61(9qB@K70D;
z6%7r*f`;boxeMp0du}N``Apr>Wviy9^Gr>RSI5oS%GSY>hURH_eBybK?gVRSU!!c=
zd)5zczx1bith`dSIdkpXyQtW+SDs(G`0(NSrRW)boxgraWar!j$b1}Ue(CToxKTUy
zp$fYIt3!bgoA>)<;;5f<BfPkxH!&^XV0sDVw>f#91`s52#q!50jRk{y>j2-Gy`SGK
z<j7t$XB2qP2)*uHeEKM|py0w=yEkOC(v(``OI$T))INbif!MnET)9l6bFH(`_@V&k
zLfmq!`=j5+G_e5%IFFYon=d7qMR(L09vyYu&5x<@|DxM={T=&mc$8Ik5gkoXw^hW@
z8Q#<^m@l^gSCrc2M-wmGSuVU(htru}&ggl}-oub*X)SiclD$)}5FQ>!u1PBFOmcwL
ze{Lg6@T+F3-0Xa_M9GMmgA2)P$bD*|<+5nHFU65IP@j1|nV}_KSTl{~!4KNaB+B*O
z+$`6t-Jitc1d_TgUxJ`|QdsW&unm5lAfYWP1Pk{0oSAfyRV-3(@%dFr_N(2jFBapi
zehF^)b8E0;-twf1|L_SuG`K3<5qU9V&kVTn#<sFNFkSriYYFF4H^Rhc%sS-zD^$-y
zTPTp&n_iS5V4?Zz%Wa_j+z#zK{(#?K$k|ggmZC59z6@q0vSe3k?7aD6?>@lh=H~ci
zhux~QC7b{Hqqoc|=UsUj=4tP}e)pP}M)iBwf(UoOlQZsFcTI(#E-ekRFAL5M7^p^{
zO4V27RNSJ;v4)+*dq3fnk6_-I{O0J%NTZa04bZys%xGMMCOVf!#V)DRpodPSk>{<D
z_5D|_)3uI!_s<9)-_fBnRAIYLtGk!_`ux`*&aHD~-V5)8o-#9h{_g+%jDKvDUekqZ
z!SR{bzXV6U7AiQ4{$b+6eB(^p!>jk{MBjGJ$kozs2Dho4JN_=jd!Fa}g|iR6KhVD9
zgSKCg2y@`GZl~J`3C_H5m*aWxt4xol7oKIQ+DL-{@ekwsxeLz8ol6TARe@xQF7pl3
zF{(OeiHXz3nTd?kRKMkV&6IQ|tfg#A;XYSy5W~z(Z$;xXke0An^+Q^Jt|o@A8OWA6
zEi=pe(CfEgAI>*Fy7|fCHsfEnx?-<<yHTjV8q4~Pt}d!QmTzA2Tv*nd<?Hg1vi#Ss
zhRwcq6YmmV6OT`Nm!z&KzbKP;{#KiR+pE%JeWN0_gb=NtdFE_p5oHVGr{m|=@2o=|
zcn;_;hvm!)yKdI%7+(>kt2tY9x#lV)#=g~a*4MSgTfv0QIfD4($?u6nWB+@B@?>$c
zLK7!GjPgi_@A_X~FaCIM5gc3kQAhj!qx(;m`S-4>e^`Cwp3QdebNijetFp|*zl=V}
zh6nuo>+`ve&+}>@?^wp_eFi@D{HF0u;F}i^2;>K*11rF1fkGf4C>mk>a^>Zb=ICu~
zZ1Q}ag`kh(5lvnEN$g3qYL>pviD1VU<4)h_j0-mx*cak};1QGf+)gkQWtclzFj;(T
z7*$|}`lXXvqL-<Mf~jugO~%T-#Hpqg_Uf7DndAmOKW#cLJqK=icI(wGBlEOhd{Iaa
zx)g6Mh8|uml+~w2lb(o_M$mh^=a#P?437*43~LN4iF{4SWz`T;LxR>m=;bFE8|nJh
z!x|3WYydYZCM7sjD>BP$3@RBb=PLaw#dI&_iRW$Q6{WqB&GqYil2#~3mQzT(lIEL+
zmNWHOsef3XT%YQZ>XET(w&$>CwI(u%&GmZbY=amD5emN+-qDSD5%7&^4ZHkgO>6*<
zgsZ{FzxVV0RIw<<&1C<G<?HFki?_H$%syy&cnk5V<kNSXhykCRL=Q)~cj=EyGHZqw
zejWeH`t@o~@mJcfTl@+9uKY;NRju@t&zg#wLz*>7)ybVbk=<4)EGZ)?iV^}Teo4DM
zHOXE{@XFH4r=|Ml0~YsQ7n*mJ3zrsE`M-Hwwo}nrhN!MLkE%E*?X8@)4d^;o?OHX9
z1x-v<hB)FJ=&R)&(RpV1KH68ck?Amev_o5IR|T?att@}y$#_Y*b2)tD^<wOLX-8Je
zEIJ2io-n7>)~21JZKjR<YWQ_p4twAIEAlIWI`@L131}&FL$Z^6nry(>-gy*gEE#2Q
zj5Ws8)uF?2t5fH2JyW_<UbT2)|IUXU{Uz7dt845tbyK^MOV(ntCB`LlCU9S@kF_t)
z4tJ8-gLks#_(&6;t31_x+&sx*IN4UBwP|uj84tE(l2C^!R33w4;L0s2pMKo$_U4+o
z&U@MB!eRT~8&S*Zb2o$dg6;&RJxqD%`Y`@sU$9p2&^!Bg3w$U(4OK(6vaH#xR8>O7
zCH)(Ej2hgF+|^P=ieGPVUo~MTD>U<~-WZU$n$9lczS}KO(QSRvTKaMDQ@#1c_WYL#
zFCV<jx1O_l(t}Dly*VjZFJ6Bul%s-oQKvg>{OvenS<GC~?{BV-+jiUTbN0WL`Oory
zxzm1y>q;WO$%{daE4QTu=Hlk!hyqM~7gH)cweiMdb*=7%o{FzE-qRyTzPlBR8PLq?
zw~aH805W&@7IZoxu-oVq#jl;uai4%o;t#O*OKQneB2y33nMxwZG8W_X5@cdG<C-1>
z#1h)XmY6Ok1wa3h8rdI-W9N~)CCOv~EWc8|T5)kga3cSGO0%XJNwp;;f(;h#@VND+
zK{TXy^hVu%;|5dOXN%8L+^hN*mqUl2AHS;<=#wo05{9x59}BSB3$uzgeR7V&$Y3zM
zwKIu#lJ0!H;~4TQM2NvJK_X$(;GBpCbhLWP!)IWpiG@$-GU|45xAD;$unla9oG#JU
z$Gx)9smv}QhQ;#OMSvq(TZv=dB@?H&7N7ixNwbHJI+>Ch-y69V50_Oo?5)Z5*4ryT
zI0bFTy$P5+?qzi1ggO3nyynzU)8RbyLn5j?xO}=tQdZU}%UN(@CvYve7}AxWNSIci
z<j3(NKNQ$ZJ5>kF9hAhMbfUp$!29xhUPZWVR{<|;q9_IGiDrZ)ZjyH@W|q$TsUAq_
z8G#ZBts6a9(i_v0rf5@zz`}`=8jJ^}hOU{e{N2ELto@X|-Q^XYNgal<=l18B`V{@w
zp3Zz)ltb4m?pGcU=FAlAEq9p<wrz4TDNn<i=N{pn?Z(M-6foY2(lHOrX$Z&Pw%4}X
zlw*M*id)gSvz4bSbk>o5ptKPs^z4ll<ADdQN5Q)-#o41-3@dEDSk_9#rX=reZPNNd
zuf}X5%J_1Vf7!bMSMtZccu7bjD!qQuwRoi-yZ?(5CCd@$d0Le<R9vy0N9tKLO0O}j
zxAI6^J6LOSk>5I4kS~%SBlOl|J;gSs-;vx2UED4_mlV2v4;Nof=X`1tN`Ia4MF9*q
zBx_O(_MJyDBVAJ#)_$~pP6{zT<l4j`(yCVn!IbpTM91U{k#m3S(tW0{?3cJ3_T75B
znjqPbTWYOvo0GD+s*$xg_%X#tE&VRR?^a-rH+nN|6HQ0R$2fCFa|9mnky_f@KEJ5X
zxEy$JIJJFeR)f->U2<5$f-k~U`7=?-k3JRad>DUopfB_`lTKTMZf4^Q&E01-Is@Fn
zQq~Rm+*hRnnXcd3%J6O=aK~}dcrHs#a@;dIbN}Pz2o{=xBRcU(*4AUX@z%!=$b!#O
zB6hunB_^S7lm)L5F426iq1n<Z(urIL-EGS9IycWpQ~Y4A@uc9=fM4qk#<$oTzDwRU
zH%=nRXR`Cz<ZJog8c@;gMVF@r?ld&4cm90NJbQI}i-zV*hAl|nLtjf%&fM8i)Xc*9
zjiso!qYL$H8X5&}IqFYGOAj+%Z$}3wcR6pxoBujPj{5u0Zn2xZ|2oCPUh$^BmJY9)
zvzsNaw5XJ*_)R4MFE6ixn}wC!t4Hep(VY69;!PV54;MKxF)uGKQ7=hRXE$rHdk-Ew
z5EGXWlaLUho+0Ay<K$uHE#l;U>))OHXFrcD-Ob%>T|8`^op}HBYxc(3(?jv*%|93V
zufKoar=_>;e_zST{Xd399iZ5sBVzYN#l`-sZ)#J8KYQhLY`rZV^dH$eS~|H?uc0I%
zBO|WxuLl30L;ror|IyUoznk6@m;8S<{U3+^qp5<}pCSB@A^qE4|JqA6m=Zui?7xh!
z1js(~=qmMj+^~K00!00${qu0BUv$*X-G6^mf78-<C04)vPD7(Y^X$<>koTE&9DOBt
zWb)T`;^yY2-owA{iNE}-RnI|leUp`iW!-6APx#vI)p(@--R!$ugS<GOrlW56MJ0Pe
z1#yM$0_DNEq7-DHeQ}ie)KXK$I37+((`)c{)fLh!N}|lM-GtjJGM+ihtU~ioHoSEz
zW!rOY`60Ykh#5=7eg{*B;s4f0P{W09xw#9u@&SMSA20Hn;o4mpv*xp=e3I`aTBP|y
z#jhr+Dd%0_eM>|84>sScMRgnozddVG%?lM_QcFDl<tMY%Z@1;PYyV_mf2=T`K>txI
zS>lc!pKeh1&wfkoF02GMG5R0f4fW)w-_J{Ee7QS|Gza>#lOOq9uvC{$dh(CVOg;HG
z^<L8CMj-8%)DptBERzs^9!e8#CwvB~|FoxSkuyB)k$UYQamh*>W=Xk{jqolrp8p?q
z=GSqUthA-tSv4785UL#f^b%A(F=rRc!9k4pr$%~2|M7IUPuU<;I3`p?w`Yxaz;WQ6
zM9e?!#zBKtDV9A{c+6#i&w@R#xxMG4`u(rQoBwPI(a^pOdNY*&B8IcvIIFu~m041=
zN=Yum;lX;>Kc7T;XZ?94%T%o{Ktl_~-6S!^nXVcCU^@TH0xF=)@kn;b!B_MWBlphU
zYmurKy>Yi*q{#f^KQ@pMZL3x9*JO|O9p>^&x<T_+fkr`dO8@5-`M=MsAl_KVkZ$Jh
znqTdfN=03jZX^l*#~O9;p|u}FRSD|m>34j-Q~WrB)o7aD?eX6m@pm|g7o}>o{kt`w
zU*f%pu9jzsnNcm_=R#?qQF0TRbcJ(=_{tuXTgkX?An>9lV3%#z;dih!>^1T^%y0?e
zGfBiu`kbm)3{9t-aSjcx|Hj#mqoTUl4)s`t^<RrM9cJ%uV8?)91ZZZ?^{oix_0P(9
zy+Q|9EJ}Mqgm{y|+ftVmRn-wOYCvRV0eF9-^lnl@oV^!1;}6<+;N#lz8y30G<Bth5
z>Zm;;9$w>wt3Q(NN)U-~FoW4MUzdj!#S1}tQ>1LmpE+6EAM(pwye9DQf4Aa)I;3&_
zvmbj>q=gn@7Y1T2lbCc@zNLt1*7-G^j{Tyb`8Q)*i<07nz}<#p!sh2I5i|L&Trw@q
z;m+NqOcWC<mgj6Wb+VNmLo8BU_ovCwx*rFQCexu`>uqVT`P6^Ex!hm}O&M8L9_2Yg
zaeJ<3<B)8J!VGMpmFKy=zhe?1P|p!7M$2h=|DdQ;%;fXLyG}9OdVNscAm<o5iwg=e
zZ?d4fE5?|;hZ*XkrTVVOisZ`I#h(7&pD`sBXix>oZv?lxd2fQz@fqHwd`-js%#J9u
zK8e;jjN7-Mk$k+?QSZ3DcCCHNJVx=vQ`EFc0Y8Rzom2Ol|MbM+^mu=?!N*;Gr~Oui
zV!{cx|JK8yz=6E2*K@z3ifxDTMzhqyYAMwhP6Llu1UQxaYbj7=(t1UUUEW1nwa`mt
zSGDi|C^_9k6N=2+qAw}}yj<;%_yLfR9KQeiig)Ou`U->WM;CQHySJY3@;M~iacsoh
zFIi}|6CotOu1GBIJ8-!Zk?M(njHWAB2T7Nh$YGlvSG^4CW+EF}v9Po^+;a}<<_B1y
zT!Ok;7dCPn@5UPJ9(1cLw)$ODh%K~6dvCu%6Q})7Nq+ky5a$G)y!703TN^Q+vHs{)
zmDb*wm;Eb8guZGvICP!Ky)CF}W6((&;L-kA^b)k#Kb)597DisosA8ZqLD(wy`A-2@
zShSH<Ta#Q1Pqk5;+rdP#)~?@2%2c3Hv+P%ZBXtJpHToVqgOPg04#Nd63+tT*)>zu7
z0*JU%X_S81P5jvLMh)JuFI~}`)R!vT2LwHZ4tTbNGV0a2E$CA$B+={T5jf8=X!RNj
z{mZdwDc!Hg6ceb2)DuaS^R%0iVU?ig4m>nNZ`QA!e1w?z+-Zw-SWG`k#Tqt+pWqbz
z{)W+cW5Jo@>k}12*+H80;yHZX%MCE5u8AINMJ@7JWvyRBk4e*yYxNGG+;7VLb`YrR
z4+LX1Ozp%q0<AgZNE)l|A`0uP2$2iwjO1oL+1fo=B!m(~t#+LpQqgG=zS7*{z2NpK
z8<L}WP&WsAQ1=<CJ29h|c+A1*QTWPA`%I>SVv(`OCUHRlO~TTbrOV6Swa2Fq30HS(
z{y1wT0(EAC-^W670)Dq2>rI2ZdR~xVodEf{v}Bns`liGKdji~i$NlTcdPRSTil2h)
z$ggfA^OD2wPX14OSgus=DknKgCKgqonNa4A_VFEkw&V(u!>03n`PvssM?d$L=Hp(-
zgq){DXa#lSVAvkh`q0!~XWiWAA!JofDI1+4IdgrsG+?Yj;Va+!&>+3jmsQ>Dl2+px
za5DRb9l&q1VYj!;(+eNqB^>*}ak6sU*XlPttBBz|G8VDAY?%nPvh2Ke>fAQErS(&&
z{Qchu4k~2&H!Kn?ouKhoU<tKliTpxs&g0v?OO(&QiI;-9xmFX(czT_=Yg~^eqYiMx
z@vx5AiG#k+-M|!C0;CIt%eOMdXPfZGCd-;J8km5BG@;?NP$JGN15+S`s%=K-6{plN
z2&)j7OQX1dXV@DW^#D@y0p@#hNqyI9`xu4bLu|VzA9GJ99S2nw&oVwE>m0|<m)scp
z4%Ufcvam8)sFtsJfSE0ZHj2|GYa|Gl`R=c_zO=o*M|I{mouD3k9PR$U!v)rdbzej|
z>WPDbdhJnlze?;!i;`F5G!ir^%5Rw4BVXQo_cv@oLu*v3Qlx4n6<fFl{&)OQ!??h+
zO!Y-0ZQa4txwZ}~Fd7YP;H6>=MRJ_7XnB`X$_At`WiiqoYZ&k5WOcP_4$QY(k{j5*
zb0oV^tZH?O+N{NxFqR!0;BOeG<<Xi-lmb}jVK$uMf6*}^j0#vJTGB+I^~2YGKXYF=
z2NrbKeJ}Ckq+;;E&kBKgUr`ULu!ft=FO^Ip^KdYg4HsL@8k#fo63!?7D9mTe8mCD>
zGQeVUYvvJr69VRQm#0ncFbVJ3W)wh27dxf}N1Hv}qB?|ywS#mx*+-sovU}RZ@kZfN
z+$lAn=~F{j95)r*eq<3kcBIZw3u9i%b(a=K+3`~%p1|grR%}#ruzM_mSx7KCiCv(!
zezDy9HzCk?HZ`avOA0u(yMfz5471O*a&`wCCwlCS%qp$uq%Dqo*OJtDb(iE0Mpk4j
z)+OMR(^zm>qVYoA&x21`@|-f#;UrkPdYaK^I!l|KCv+85;_zl{d?)d0BDTM*%W<%|
zN-xL%;@W6s!^T8Wa24XE+~|{_ZlWY@GNoQ+v0R#SV`#f;eGZd|U1hYbHa{(gt!jgd
zopSf=Ov|`%nk{H43m;!z_W}kBQBTrk&#^*xYM$DRn>xDeXw<<05n;iJbTz1&wD1>~
zev*V7G24?SEsHc-+(s+3avj1v)8}YQN+?Y~fAyH!4<!~=g@T_OES+0ek4!^a7IGA1
zeK9?9EOQ)BvcehZRjO~Mcr;NTq=V)2YZZP>g`71p(Wfi5mNNdUKrd5H2Oc)LjRjOb
zto5^=$d&d6i<nh|&3tjaM|4oCo6Y^>(Zw&P?p%L@k-#azh(=RU*^P$@u+ia03<Jcm
zbamnRc+nd6Hcl*gWv_K@U5$A81pkvo53Tx)*c)Hbf`wE+w=55hROZ4=Eeb=exu#^Z
zm(mW&>yzIaxJE^nhyvTcn=6Di1L?GvL9L2oZ<IVv$Vryfaq@kw=r-kwj!n|xPiPk<
zuSkjr)K64jD2AXvj%NEVdVTi3j3dc9EpIvFlzd|h>zxr#);@}UH69>;MNg{Nd5&}?
zR<=y$Gr1R?UM)d>(Pp)cfH+p>Lz!XSUq`CF_s<bG;&%hlGNJ^!A>}^(g_=eRQGysH
zO7v5L=_|r}4DYu$W*lo@?Tf>m3cWsABt$sweU&DAWxrbaUEN61dXVETjRfDTkXTjT
ztP5NSd|_2<Hb!DfCG-Wj<s(LmpFL2<cLaDHi#$KjKD>MpE=Z%$e42i`x+!?-mG^aH
zwDv2Lmw?B91g6K(5z}XADLp0cS>Pv-jnTEAB7mqPU6&%tgK?+5ckI_>>j{*x#|JHY
zBjlQFtsaT$us|jpPr%UQ0htlmqSBdCvzC+oi3;mJ8L-WiSr}JQ0O`QhZ1dBtCn=#J
zPSi}Pb7uB%drs^0S0uZ+wB2wiH5gAb{biD+8Y28CylrR;hYuj8362-=4WPXUP6MZl
zy=iM<yQ9o_&$ZDiDyI6$xRJJS_L*KJhcuA2-MG=$^E3B@lGV}T)YF|VF<AG#w(*=8
zrPY$heo*-7K5Vx~RzUG>WJ{yM{;=*dx@6^(t#=z0eM*6pnrYvz%kt~u%E~S?-}QOj
zkM~xd#bh`v%y-0T!KFaHV<@O26`7IQW3Jz8re+JaTyh>;y&{H{PpkbL(x%|#BkQ;{
za_Uo(;4s2EcKk}lN^=Oq#ycjZEkaMYK>9NA*}ATNAC!<6T}(;9+LtuGVNq}S13{WY
zFLT+&@oSY^b|n~Ks~t~Cg|-vr+Z3)Z*rssem0p&#)zr_p@iKEq^2reyYdeNY+o&AU
zeijCP(ZG~U*&j0{V`IUoGL8;ZQ&ojBa;m?$n%cKPynzj3|KDhb{{-28I0wM9%p?Z(
zZ!7RxNJzK1u@8)jKV+cq64WAk!#wHJfc<%ZWG?8_m3#-F#i{}zdjxG>Bq#;yVq{XB
ztM8_nVrFZS+f7TZ{<;5bRCKC16zBCctyT+Qv9UdGk@^?=WyMJ|Ey_Vz>zql~C5u2`
z^{d#W6+yDx8?Gr$TecgV{%*JAOToS&rKQyPf5grr(Knr&A~=;ier?Ndwf%UsEhP5}
zc6Hwt){CxKj~dXpB70;R(lYJ3gv<9C71xPb%9|LAgWSfwm>qKNb+Rh9vpTnGVZ3%w
z)<g+7KUS9bM5OGc=se40a4Pn=KQ+M=_M@i)=UKOIm2fb1Z+|1w%j#&~iwD#ux}tYW
zBcs_cOJ%H)IKB4nKH`f3C`(f@j6>7{L448Y-Ch{AQQx;XaoR%Juh{|P^Qyxbp72*c
z8rr6yD)Ivjlg4}YZeZ>s3z>-OvWo|&K06<dVRlPJgcp1I14oI0P=^5At}bczWU-o3
zq3d`wxknJ#Ce=?co+@so?vWz7)d-Go2>TuY!Y5TG;=(t-xtRp-Gm5M2sCIw2Vm0!d
z^w#s}Rjb1%hMG{;MpQVYdM9h9bmKCc+d5_B<Qw5@Q<`-&!ukB=ltr~nvy7jG(>-y<
zPbGZQ*EcB%VoTUYd~e@Q<613Zl=O-a3iD8>?+zo^d`FR`8iCfoeX5GGx=fX`vM3@E
zf!1uB+?0U3<396Ul-hnfJ$bHtt>VFh?Lw{J4wXvB^84YWv`N_x!j}eR#hgM<&)IGp
zU2$lTdE-*Jmf7~jO@nJ-p;c%7hh=jy%F}t8$)6WkefO5lc&Iqpp;7fUm1b*%`fs<w
z`V@&jNA0bsARRUrB|F)|q<o{sgrV55s(j28jtj$QbLO<!PdC&-eOGb^dIC)z4&c1-
zI8b;w6@eR63poU~ad}x7WY~plLS`RHL)}eMn={koy$;aSC+G*;`f;A*vcT!wFe{|5
zohB!(!K{<U@>$4K=~PxHsC!6TzK7@5@!0Y}PCz?o4HTk#MqQd-f@QA=j7$)WO~k^m
zjx|1<ArvLjx+ITFnz)&20`B~!>oXg1r(WF}VvQD5SJqP=qnchHL-jCnPDXplz~$?}
za6}yHVbG9GMzjB>X~2H`{`$m_X$)<?w7nJiVD%KeoE_oMEV&ts3!X0S62mA|%ZUZ#
z5I-Mk6&cm^LKL)E2EqCUeFj4|5z}q8u5;_%l6{qwQv!TIRLO$$J3?%dFYLyZ8YMBj
z`&6{>-=P6@F3^?%k_Y&@a<aOZwcBkG_7?*Hv-NMn+BJA}<u?wuZj-v`8?K!-^7ONM
zz4Mi5HNkL;jkK?Yh%eu;OOyt`*KNOh_S{uEcfRGkIUsX=Kw7zs{e&FJ_87>cslnO~
zG7Txc)~Q?7td5$T-zpUHpLvD7hDh}@HximXe$U#g+X_~`6f~fX%C^#g7`Q~D6K!5^
zK-r2EeuBF$IlhyB5#cwehBV9<AL(W6BCXWI$Hu>etf@kHm^ClGOQ_ox!$8M!?XnQw
zN4Uy(nJ(~_F1E>uowU&0-Dx(k^;#Yhq&vpH2DFU8-h?EJpOxTo;rnS1z5Y@QTjMpt
z34STH9az~|K$k4nwzJT6y0w6a)&pgA3&4$S5-%m^3{AA<OIM#l>0dsOLHjkBdc`77
z4j*Rx3RF6V41*p%32|qc-dLT^Samw`BPvvCYb5|UgoHT_O{O!vwC(1FZiNO^q^i?}
z&l)6(7<5BAg_ou)n7#Gh9yZ?7IL!jq6K%vGim+l*b(3ejm^9dL=Yub-9$Cwg0(`z&
zulBvdu<mztgrD<>5$UlSypGYLNzTqycpe$xTZx)Snnb5zew}Ai<J}#MSsX{hMXT<h
ze68-sOo1<gw1PAh(NoiKq@O?%?Pp)BVyL%)9wLvl*1eZmKHArm6~zQ(f-N<6r@@O!
zF8hrI9Yw*U9R3_5VoAIsuX{Q2J@yBq7k6OIYHjD2<ECNtUSoE7RImI-%BbszC>4YT
z<Y06WA4!;Y0_e>Q3_;?uC4N5(*KT|V@EY@6O8dRJYYl0w3|z=&v{?0xSmjKYbxtn{
zF0=~*jHgkV38lS!U?hMO5p3#2n+)LO_MQnU>rVn2ZI-ohFCuiXLobwzjkZMY-DYcc
zkgGvG{LyuKfb9!Yqple+=Eb{njQ%uxDfXy)JwghI%+z3q$tN2TVoh5tf1RpchO<!9
z5n$4vl!}-lZJ!V?3Y}D<oVd&H^{bsGFXZytzv<HAmE;Hn(f2YB3)%4MHX-s3spJ%i
zCL<k*kZC$vOueU;cIzIqA8Dh;h(bO+ExtQEfrN-TQx34sBtYuq)^-~YmP{h>pmAH8
zEZ2r*r0HM7Pqy2HgSwjoHwSpl_n@TXwG#8bN3%0?(ek~N3>Q!j_~E1tucTOjr}J#!
zRkcn|S*N{O9j+HzONujZ>HP0P`uN6eQh_;}wR6!a`y#$PlP~!GIK3%3*!r@NWz%l2
zd=?TOJ%WS~yL?X5&Ci>i`=5dOe<?!*sb1M)kx=v01h-!TOL(44ot0F>EQ5AKMp7=d
z-zYy>Vn|)`9>0oDG9%RX$4zRo8S9ol-8f;gn#gdvKMRSrzb?C16MBLptrRx(Jwzd9
z!%&E<l;h34<=e{e9uw*H13F2hwcY($rm3y@C$)C4to`1C*g{MCw5I!#6&%^Baej)@
zt>+UfPxt2}g%)k=ex#vP^N_3sdAt*pw2@&Z_Dx7FX4<7Coap11XIexEeU-kds+Wb^
zJ2K`x+@Qsbw?HXaQJ4IFV;ewW+JpOz&n+F<ey46~-h8Z8?1sT?^m12ev8bvIoo*cb
zv>-|6?BuFK_a#CNA>O4{>LHr@_}-AdCi#*&!OWV$kadq!z{E(S`B$bnTLV@=e&|6H
z17SZJbOuaaMK_CL*?W;HiK>qf7ra_oActA+TdJFrsxk0vEsrzO^y{qk&$F^T{cS#<
zZm0$U%0=qy(rN%$DJ?0-In@ADbmzB${#@GDKD0{N<hDG>70kwY=yMvMNX$=X7|=q?
z?4E{m-R_8_4Y#%gwGS`u*6US-T`peo3$;FNBn2LH90tnO>&(<FNk!l?fY{Bg?~jar
zPlo|}Ewpcc@E_@aaL`X&0jtEgj@&YZfp4olHQ*-I5*A*t9e{`Azs=&+B231<Jq_u0
zdZAsGG1ZUrrR1Ape}%noQ5s?`u7E>OF(lOH(Sa#?c6YCTs}nm(BFOBGN%?Y%2%zD`
zW4pK!#;fGlCB9{TW5=nung_gdSpUQRdYIGL-uKvQtwUKwP~p)}JY8`_(^bSHzn9-s
ztrDLIU<pq5VbUS8CD{Cgj4{(=*uIhMa^jxXV-{Jw3yZ9p#z`8-XpKS9l|0pXTzdD(
zCSE!B6W4mEGemb}06WD~MM=YUhgeHutOE!D*EM2(fzeC<7Q|Wa)x!K^4ah><Xt5-Q
ziE*iTMqlb~-fAc!)~Dl6;!kRVoZF=Hc>B{6?lSk@2LivcvJ&JySLYMO(CZSW8}}S8
zwGHh|SZ6pgDelFV=oc^icy}IqQQ&K)0sfly$==Y5fY%@)P`HF~N$6$xM%CD${Nh#(
zZ8FDYsN=?D)q}lgd=b9ycz=z=oI~r4P%6qR^&865(h91*6{9eCo@<V%SrTi2GCoG<
z#M-?H(cD00e#-*@?GO~Dm%8*CV1ptk8kR0(5vr0Kox_}|8k8mI?brYC{L%M}-omT~
zYIeFRYwzvIXjB3ld?s*YmjuW_*gkdKAYz>{M?^KX%r#8LaCRSvulElNmMZv&lk6un
znJ=C}qMYI>tw0N)FelI=-D}!M#-^Y54|juE)F}jw30c$owUlo7tZ+8s*PAY$rXuZf
zsr>t(Xj9=1a@r^jZB*lwXU{}wOJ5Es*hLeX)>=we{PG|#81ds&^u)z5xVZ0kx$SRN
zNmR@(-llr@nQ*i2E#=Pw+G=>0hh~2IqRUbxLESbg+o=_)lTJ}XVNbw1f*g+`O%j1q
zTJ9{Hpies`T}H=R1I!lX-$5Smo+t0Ly>94ZQO~buKj7GEa3Z9@ket6BRN7=}vxxgW
z2EGneYHO0gg{TY(Wu4B4#^}-ac%qJ9-(f2N<u(|KIuw2k>Db(!B3e(lv!5yc>Gy0w
z!edH8{`bNPc@J^m{T6w>fR*v1;OqOu&}!Eovisqo8z!zleoTw1B#nz6yHs-~_<b^M
zETl^of}kpqB~A4@bjb+A@zD^b5pA!QV0-VQe$a#6-;tfkM4ndyq9+LIBM$M&hsLqr
zzTDO?)gZ8%Lt|!R)|jxnLw<j%tCbV<lV33O+w?Tp?#5Dch+U4DlbIt_MRqcsV)-d;
zm+XMCt7WjayY2w)De|>H?%xDl?5l0k@?cXg`IxD7E_yfK%AK>_!GFv<wc<_Vf{aH>
zqKXxQG}fAT9O{w5;(Ua~zmV!KWI1BAxSZP1?5iN#!?U|}5Wl{0mGkK6C#KmsWmK%T
zuo&z%;x$6e%jt}nNjr*?VUnW<c;gG`wYfNHd)W=6A*a=Jvb^VDs^t2H^5DBoK-+4v
zLo_RGa>x;*eF4G9xp4#^9c*UV`4dBR&g{V+16#?>A3Rrww|_{0cS%(6{${qJ6w~}3
zzyjQ>dHvA$g9)~IyE5?i&v3nBL#sOzQbae$8XQbXxS+{2@W?U&n1om^e4YZZkG}EX
z70%6p{-OoqI9Jufj+&W59lTvdkZx8NY=Fym<7{-Pm9lm!b1NUv{*v!8<3ki6+?O@$
zcRo-Dar2E$$Y1RsdQJK_SB<1j@)0=zQ-t6pq)t&vXa&S`&_)+LC~gds>gG%@Jm%*J
zIaSN}6O#SH&q=VTo-U?3`%7yurlv!?G)%b!rZf=Fs$f%=Cd~tU7?aXrCWWZq_L2u2
z52oU4dN$+NObT0XO?k+J=;3lp4bxl@{%vS9q-%|MBl>R@$Ag-$++76T$}L3b7EE3P
zDy+coGg0Pzem7`yS6j-OUS}&*SrmrYzEBILe2xGl3!nkX&Q@o`@{Dnl9D0Ju3lgA<
zP7O%?!?vjr)Rjd$zu#ex0}EUjQx*Ea+q$~15drGowON?(a)oBXUy>HyIz1*pa9h>v
zK^?iL<$4c?l{mPKXFKMqOB_mSfyr4TkPuBam56j@2Zo`)P_#G`_V^3u>-geH>-r<=
zbz7jsw!s!%Y9(u|Hykv>K(ejx2jh$8fO-gMnKdKl4Dc1dJ%cf3pjVB*CBG;V7ZaMQ
zRH5Pf^y%ymj+&@_Gyz{89N^{~Cmi-FQ=>)N{=xzLR{YHzt|#@+L(xk2T1)Eltp_0O
zpjZvF8}#|8hMi7TM)OtvUQZTbHE^@CXgCwUo&GwI{l|pWh{nXBkl|xNY8^P~z)p8y
zdTr>wlb?R=!B8CxzqQAk7#dpg^{?_S0_kdWs@-um(4u}7VaK%B$#Hw+*iH6yK`o9W
z&nW)tRqQ1;k4<V4gE?NgH54Wi(^P}F;WLd&j=z;d3L`$9#oXCU1&H`U<4|@iNN+S=
zQrF>d7~GWFR3>12SLW<rElmT3w8>-e1QR~@kqrYO3-!LZRdP<-Py;Y5dO&tQ(1`2;
zhVhWhvM7sJGwk<>3!ac4ufVD~BFAZhKdCNy`glQMO?llEzt00%kpiKjHjzhcQ0WmJ
z+#a?9D&F|aS6uN}zG{6G<~riha<7>%d{G`$ooM{ntjaHK#FJgm(JsE4>4mLBkNr0Y
z;1Y>tzp|joj4|K_LI-G5FayEWd+JX2PWutKkg@E|VF<){wc{~{D@N(KAkD2)(BOba
z!s0`k|4v6>BjS&4h1-p(P5yA^-5>6$y&O;Fo@@XDz}gxYGhgt8jld}i=RFrCSo4Gw
z>O(Jq_E`DN#`2+CLwCQ6+G9JDvZ7UYQZ0p5hZ)QwIs%H)XOYU$;;W~UQ|gdAX=7Ux
z$7#_rRI0sxh2NA<SIu>)TF`-N1mFduI=7P=*619*5|(o#53Z$yb!l`*ZpA1b==&W^
zSgVbVgZ`Dun{vx}*c9zpdFKH-sCCeiGV(xje|~8OIye$BRhY*&p%$VUa)$?g;)*fh
z2jqpi6q&Lg35f+%8P&3Fur*zz*H_!uYaFZZv(UnOUf>e~`TSzHK6Dx&>BNGvdVl5-
z^zbF2np9H0?{u*turIvLg8lDc=wQI1N?vmkAJxK%W{9irw=By&2R6cY4MlD2{m1U7
zR!z}M;9S~oiP?Rco0U_P8esA?u7A&|D*x)Sj(ng@U>!qmPvwfnn1G^oRe7r;Su6QR
ziJIwGtBl$JRU{$QugNYW1-2<VQv5|eu##(yE?FbsyX{eN@(4pt0Ek7Wg~UAz#5TIW
zvRXz>bD5vUE~NP{OC2c!Gr_0Tdv<;h^lGZtLBSltM6|pD%B-`I$Y6MgNFLaIywrt1
zNi5MEukd`#>1Jp3;nkRXy8N%#vXQmG<2&{*ZoI@FtJ5aW%8BA~LUDdBqcg8+GkQ@U
zmtr>SKTFe(0g0q8XX>hjqKhts3CEnP1F=iKSN;rz1dbM}zKJ)Y?3gKlONRSL!Z#Ac
z7AJzioF}UoQG3f`T<Lt)<BVcN{&e8$o$p1o!Pb|xnQjJnX}hnjhIZ&NO#1}Dn~$iW
za)}eBCyA{v@GTJAgM6r+PFtCsDiuYqENrslH`4c!ISJ#1&V5@@xJL`lEBX?g3rBfB
zmXF24MfXRpCmwX2<YkXZA0bA|R2Gx!>>b*k@E_BBi_QU{!fN?yNb-G`J<IhJ8?fgk
zmX38%O^s>^RH9?)8H_Su53b$qHQRMeCZ&IthPIvml)2%}bC^DZZgTa%CI5^5DRl*F
zPr;u;(f7^UcXCX~ZAv%L-KI#?1272}QYEjP!2Ld8uhh3}cF=uSK9}$cZ@uUB9K#qj
z<?QMm=4sOCT*IT&=3CF~`m!ebB$Q=PFLRw*KZ?YuXD9_|f{*09Hg6cQSshH;i}AEK
z><wy|&q^}hnnprO`tP(A21jso8j9R_u{7ke5U#~n)5h)BT@Tw>MT+n{jfoGNEnDF<
zoKk3$<p~WHgcNMRumKAjr>r)mMk5PD)dVSbt^6UYG1_Jdj3eBR0E;|?3WCg`4xN1k
zR?>6;*oLa)p>EY^&9+eCChq)$3apsId2rkC)~-gPsC0;w8UuyvT0#p5tT~eIzw=Cf
zt*GL}|9(R7R}NKq1BL(qsZOYUJm(1$yz_zk;!oOSDl)F1a%e~Wg`1Dh;2Fdk`i~Db
z?4vlOKcas&?2Savnq=eOBf<`-WEYRu$>Da{jNMeY1Z#?n<0|soD&88b{U_ckQ%>f>
z{QH)<Q}2R~+i%7E4B!mMS8Rgu71JXYc=z?!-G7VFdP?gWq<P9ThKMaJBp2N26+kg`
zr65912NMBgFB2-nZ$_suh#+p7kqj*z_HtLUE-&0U;E@_>N-n<%dkE;2E;8;ktOYt_
zdW|h3^qebys^rPx*MmKXmnpKMMFk&|Ie>?6^^zZcWA+%7VO&Wq0=rWS^VQi81@;+&
z>NiDz<JQ(vTGdDqld1u`gBMH|CTpsGfMi?m19a2T7%?Ltzz7M>dNdeNRUYbY@LM$v
z%JHS*FQ<0*sw~m*5p2lxJd0tJ+nu6Moayx_hKxWtKE=osU~Hi{RWue}ysl;LKk`!z
z*S|(c`^>Hob)d^kO<t?AFIfOV?o`I~urulLU%!U;;mg1r?)_Eelpe6WXFft^dAU2w
zSvQ1mg^87MCi;F&ou_LH9JxR|eWnoj+f6F={&wf+Xr*Cctti56azDJob*<c}*1LuS
z1}~{6r`GST9W|{f$j%3N$~yRzvo;BW+q<=Rsqa#)0r3dHyr~n1;}a^(5JTI=SZY|E
zE8M-(t_h>ak%u3zIS}&sv6_%pS*g==QbopthNE}Q)!M{%&kQ)wB@5K5SbYX0^Bvw`
zwAegZzRfA^=Q)T+xCClhqt|SucpHJ6Jx=4>sYK+0?D?US6KxT93{SvxikaFJLA|mH
zVKS+tSW#%JPt3MS{mp4oWf#vBEV#$!_~eG`d&TXaSE)*j`i$y33>kvoy%v+L)xCOP
zCP7abAEOf1y$90NmZ`L=(*d<e@<jINh|R>CkM(S~W32=xNE58wKwX;^#%c%_4wTWu
z!Tvw$3xaB^4%k%~T3;zRm9&cC18}rE;F}twxE1A$pC=TCcIw@QjNR5{<l#Z2TdjPx
z2m$7#`%$ZG8q|0;gm`6B&U*YvEpj06DBurAL}jVW?QIT`sQONbG2_zbnqbrz)GI9>
z7=OgLl<QpX7an*Ov7UmEC`74^7{W;#vZh?SEBP4*i3zxX_x59$6)I;1H|EvF>Y<En
zeND5ei$xb-fq1WuS#lBnTk6DX2`Wu=$@OoUzg`$xu5YgY-f&i;4-QXIJl(wsUu7l_
z1_RBxe<PrXjd_I3^lWn^sitTdg)b?mGuC$>pJx$N(*_7D$-N1}Eg@!lyjpybg~!v&
z8is~OY$qV0r~QIwS7FY^(@l!`$;u|bO_jAwEz!!!+<|_DUTX4X<}7|cm^2iIyto2k
z72~Bp!%22^dr{{8;_F|u!5c^BLoII|38}BIvZ3~ggU*ym*kbQUQ8dFFgrLpn&h&Pm
z5}3;3UEAf7Bm;g7*&IsNLw6BY<J+_0fu1j^T>bo@cn#p_8u+@dY-zrq=&h;Um%5gt
zAQ2ER_^wMb^6>gJhRXdtG@^HktKw8jwWq_$7v%MqsCwER1;9^wCr(%xE!2fxhC;LX
z%)pK#@?W4r3rZZg-FJAAQlYTkZRiu|@L)AEmCSf&6Wdcqo-wA*`b%wxj*E6{MELId
zoNMyz4-?e$1yX<nU9-<c3w|^_P3Sn)-FFEgnrSSF;;=6GXrv$1ZEn0p3}B-fCG<^_
z3xzBKl^t_8_V=#!Wo;dP;u;ikVV(B^jsw?y5|QVQi;(@C(<_FeAW~nIV>#&ZWzxJ?
zePPqAO9037ld3V3T|OuJ!C@)T4#YIT@{UFxMTVat<1z9K`DiKQnUF%LyA4Nl?vX{?
z&~g6`XEy^$Aazk7wh%uc<2X4!-?2iuEbTBZK9O}=|2n@j4YA2?C>47|Ei#N#=N-4q
z!hI2{#nd8@ugnp8n7{yKg(H!gso!)TsmQXFsu4Wg<allbX05RI&6~x9xcTPEX=?}U
zkfz)L5~~liQ=~fnC@O|rh*^TMh0n7G60l7jn|FM<j`_<OY7ll+p%IX$5Q-l1G4aKv
zgiw1;miA#7)bB8z<@RO5x8NE%*dFJlze`PAxR$C64>Y`vG9I}{1&v(Bv%y;e!q&1;
zPDB1?QjBr(UG#6I6r5mc36yNRfSCOAj}c!4og|^H?QW>@^vP|G<HMNTz`)Uc$2VDO
znC8<FkD2?aO%{z{A;=Ut>XHF>^^^QWxI!DZTaZK*gBQ|?i7Q1(VgDXS`4l6mICkoD
zV26-}-bUg}z6!NFoHy9Z8&ILbUM<SV=7k%Od*TMVZ#RM{xfx#bAuBC$lzY}uo}Cw@
zO_oAmL6XD_A`Z}aa8<)kMy_IUXcTrx2*kaC*lk=;H5xcb=L8-njpdQRFYMZPpok-%
zkn=3HAU_o~L4m^9iP@lws8_Rw$a!Jbx|!D(xR28$$iDtRRna!>4j7M;P+`2JeQu8p
zrJ+~ogDaIGC*eLyM6!FXPh}RJetGi&27QY6vOY3fl&0h%ZdzT^<&xGq5FR#l3_C9{
zndD>dzf8@7lGVJIsBuHtZWUwd5rmhN2z{F2=DFBEGoaX6n@Kp1vLe;5qD<?7;dQnY
zS=SJ*!zmDcpHH@d6oR(C%y0vTsrTyxjevu?Eo-c%ot;oZH>^9GJ;|IeACEG>xkQ-5
zq3YK?MduOKlRgR0FAOa%Dgat~HMTc^Mf#h0dwi)(t|M=hBi}!iw(vodhQfs5r-z}V
zeqnnvklM{<`M*wkohWuq`y{t?!a)ww1MU8Cb~@*jA8pNsfc#lX#zsjfx0V#b3gR7k
zG4u&!Xm`v{N8eF5prr%lMJ4|NuWu!q_;xt!?Kg43#((q)`R8@UARMkEcn~Ss%^&UF
zoo70TKRi(tB|nEXEIY}?gj!BhL$9u0`=yZwEZ*H(L#OZgy4=w*n+9WuJizCyddu=%
z+wmQ$F!NXoFrrrwOEy_HM!YXPSg+_?d=OhW+fCK~I#yWcQ?Rp4Us_D5LV^f-MwVkC
z(<c7}MXAbTYSn=-ww7!^?p8$=a~;Lz0ilR1=1xZ1eW13E!WV%V=;lzWG&K`5T<5;@
zD^&PJ1B{-v>hvw$<t?=?`wQ*??tCDQjSOA91u@&Kk0lsP4N6P@5`b|_$nb0sscO*4
z*)X2XnuSFr(1vcGB{dH1<1N-RFG^CW#qAM|xPZQkP=iPRcU`VZ=69+@w2;|K>I*yh
z{LxQwE04zBueCRzkQt$_`zqQ&nvA-EBLeR0_t>_uN%wXRWKo6|HF?Qd5v;^WA`1^V
z*`<yF7NU}%y^SdpawJ4PcdNT-p{}MER_)G0ln9*{{Z~-&P$Z;HjbFAmeO6IcJxHHn
zSGV;I=n0&!omqtGW!E0@8pj91kM=o&1E!-kik=(D#`S}KY?I)FLig>K7pU~Y(QGGE
zzzPpuH=fbC^ZMZZ^~s}8ds&~VzK*FZb~yKzj=@cTGwqL??XOQk=jgluTO%-HPHCE<
z*?9>T;L8QE#tg)9JWi*OObgf=a}?$EvR7Ae>VL_&UYUl>Q<yx<)@+~pS2MPiex<p8
zdtfUqeQwx(Qor%}%E)2!k3dk!aOCU{qBFa4Wk4W4!(|;bG<Eih+M!<Cbx&6ftkUDE
zE}t%0{f&<+YH?y7U@QB5p0yW9XQw7V=N$Yu8HM9hRrGw$UO)IDZL-|x3Zc7_Dj+B_
zAVyVIaj>g>Qx=~BuX<p(>{_6flekn1vXu?gX%q8v-+XwazJ7KNqg+y#!32kve9RNw
zD@?fF4$_eVWi}3i*|@xQ{FCI4wI9(XW9mCIpxmkRF%#8#ww&$;Ldra+8klg7O=Apa
zIL4O#DD7kVt!}uuRWjEC0)|j@w+N8W(eQPVcjzN{=mxeFqPD|$0>!~Yx}-mByNlLt
zN3%7+1$ejMdq!|773;eX0{j7?f>V0c4hCGEH5P3QSg9UoaWUV>pGPNWB}fMwYwtYe
zMuX`YitI*)F`j@?F2D6Ma^=9=xy8#Cz;AGBh32-~;cJ@<Yg!pfIFN|$2DNflL8Zjo
z`j8SfRL#tZ|8G;O05TjrG+g~P-PY-No>;fU-+sN3Or8G%GM7$&w?=6F=mv>^sS5*X
zU5rR_L+a*7^Ux|8TtA?41hQaWa4NNcNI)J<O+9g<7Kx`n{B`ROWK4-7rJn-Gf9FM#
zOlEqrWKj3Hc#Y%NnVZm&+whEv$v;}JK#zxNV2rLVeFOG#f#cYQZkJdX#<$ka-?Sd#
zZ#Pyuo9R4RQeBe%z+n&|zn*KWRQt_wU~8~KxlRXPvx|Gcsqe-1R#*4>?&OQ5UqB1>
zcdzI#$~~s@1k5+Chu&sl+2t3}xBpXoTNE}Wl+1>=tYIghl4>vNd)=pWHtZ0Wjt6YD
z-ux)H6x}LV&CICh!;bXAz@pM8wUd`1e^rJfFH!5o+@m#hOhbZu6HCSHGUL=5q6n4S
zPu3VCQEAuq)#T-rzRrTuLPuOi@|&wu0U>%xRFoWYjbq}PnI;tePQLBPI)`NJYD97f
z6Q)LXr|X9uqLKM|b_Ix!9E^C|0LPlmUCGqe=BSKFBc~?~3O(mtsubVbNtfuw5(Q2#
zbWnP=c(<{FLXM_Hg^_Dt{WlKP^D@gP&k+r%tV(jprO8%$RyA(}tS@>MIm@-CgN|f$
z=d+`~1J&z+n*t2N-g;7>S`UGn@Giz{ufRMWSCg4HGk2LuYYXrFW`B|oF6NF}F>5x5
zRt+XjdF6l1U(jINjdyZ)r(~@b_e%c+e_vk-eGIAHQ<AMbsS=H4-{iX&E0{WnsxL4c
zvddi$+cna^<JA+P=eT7y^(XYCy`;22V~=ynR@BOnZlz5}%roF+;@gM1{;j6_r_00q
zn<+rM(V7#oHrHDE*yj<>byuQDP0=TlS)Ct-U^zw>iJbWREk`?&xMBQOam}<H;<xug
zJmmP}hx)~Zu0-r(HmC*Pw|u@h`;q4quR8{Znxul?IibsXYa__SKM7CS>kQgdDnVAp
z6MaN2QpbeIkI0T}S89o1el+Yg#!=G7RPy|#iYilr6Pz2i)pzKui=d6ZRU^elW9LCR
z@rtruyt)+8cGKBcJ!^7c&)uN&+*=ToT_*>Jq7-8luFU)irT|dDv52OItUw>?I|nju
z^G|uKrl?GR5u8FctGSU;D91YD{({9~Se`2Fd%>f`_~R*6U~ZieaH6xhfvu@gCLgxo
z)l819yu<(!JZ|lL<fK2c9K7!JdjAmw_>Z!t6=;AQ%msc5O;}ZGhH1soOL%HFmH?&^
z&4q?Ad<EgV>EC%f=32IjL;H>m75$l-g=`7b-&o8UT5dQH>>ll>pSH4m|5t_l=7H$2
z^f(xK$t=spG~`|jbBAHcma(m@LRoWIO36#q`yQ{^Y&%r_H^d7>;cu(!uZ#jf$r2!s
zVc33}2bdGN+8k-u)*ykKJ{1aR-^mpW6)yRF&*JD4igxie<f3Gy9Lg}Ww*-)0&o50c
z=^2G^W1HL*9X`Ok2l`Krn)ic9%^@0ULrs=AQ@#SkzN7Jn)fx@MWB2!gSVi#xatelD
z_*eyc-_)J$N@~Mh#rp+R8uF_h;3JrdKm(tB=Ia_Eq`X+1RBRbS(%Bh=E@)Vq3}uPd
z%2*it7H9@_cQKf?yV2L3qw11`hFCl;HE}~?l6n)OF)v1oxMo7_$m`vCfl6qM)cOgF
z)1gn*n(=-8*&hXks_$m&1V0oomjXYA!iJiv*7exrqN{_Oln2ZoFPVP0WS}J78oRKH
zCylHe^d@!FluTm)n+8uXi7ivHI0E|n8yf&v7VT#|MJo0)t#is@y0?mRHmazMN=N^~
zBqAI*4H0VqeByD3wpsg@qAiZbI-p9DNo!LYnmbxhQr+n7Kqqh6hDcadFoSD}QEZ|W
z4^M-~fjD$ZbRj+x?4-WiI7K4Q7A6x*lpHtHUSDOkIu}>9nRGdRqd1PEwec#zLLDO+
zqK=)GonEZNNA`cl5!lm^lNC>7FF;SEFc{tQ%E~=TX|dev+6ScaM5O3(6;i^mzq$}(
z1|>+38PBOrr9k4lsOphpzOPk9u-Oo{KT?dZO*3S@?>a4BrmzXiGQO@VS1MG4QOmj$
z)NG4o4at`ZX4F-C6P6cic>R^(+AA(9sY%sqLom)wNBl+6S}a$nuObTFPD;&F$)k0%
ztDAVD_9esh7kd+hM8G(6d{)SZ9W5kcsnq;3I*L=a*RaaY5@3-41b3F`zLmZqnQv}O
zO7ohgW(>aSfcC{|+jh5*|A)P|42Zg2*GFFw3luCw8UvM<?l4hOg`q>byZc22R8pmD
zM7n!uP+D3Vh7gdBp&RDhqwm^loxS&3vd;PN|L|Xa0-1PzPuzK3*R$3|&TV4Aq2IcO
zpao~87bh05K_XEgRjp1;#$IF8l^k2EDEnN&y=!fRhriN)buO!N$2Qf$X@9-9{usNp
zQ{n(yk}wn`a4ov|{Rkd&bvQFn%&Wx<#X;FIX{idcJKYy^7luj;k!=zh3xPxBx27q*
zoQd5=DF~;8cc$Z@eXj0PPQedN%63%y#fCCW#qM6-F5qMKXP1PM_!Y*WUsih<5IpqD
z`o@liOC9&ko5@Vo(vszBnCzB7Z`d{tT*<tOWEj-#rM8PrVN^RSJ(}Ep@ek+Gu;Xq9
zTAoK;Z?7hz+*UU`<p&JS+iYTM3UV0iH7i{s5!nj<=9kmNlh*4?39QVEQ{M|0g<lO+
zYB@$m@{BMx&7!P?B{0RJ`%VVKz&A7kMJOD#@X|rE6z_?GO`4%S-DzV=lrjJG)C0HI
zQ)iP;qc57s*0!sZBq`Vv&T&PTo0L<Hy^xPnE%;`Dj<a;6AuzU3a5^S+=7Eb|-IE#u
zLV3F{&kDqdGW1F3FNsh(uJM*6t_p{d=x5IHX?inkyb{pcj_kZA{>CG3nr($0i>bu!
zFxZmg72NWsC+@XLO}oCcl1%6JwEG<57+cZ}kz>jvm(n$I;#;6!9I`Y-v*=j%-K&qN
zn*_{bT56P25#j0$)Y*o?5zo6aR(GmaRcpHp&a&}fWX9ME_8QG4(%aA+dx_z_x>OH^
zO4=@nFy%K1$6VMP_F5p&9-g}E$;{5c=(V1jojhA`O~1C%{mh`n!aY^p`lg}fikRFg
zqteE32p+~`6G~Ww0*KYRn+(p%?cNe}MIW(!Uy;U&MfJ5(3UVw`xvsu?c(8fB+p)^l
zAeE_;9v4wROsYJg8M!!$wvIrz21w^WNaGn8ZT(*Uh!(Mb5SCYmsEnqxFL&iHrZvDE
z7Y>RXvQHezAsn=(=Cpb`==^DX)(x@1(Z3ruGLj-Tcy`79Or*KBd=2)}+z`KM(pqCF
z-Jr`IbmD=RZ8^bc%H1)*h*H^a6AY(leR^S8>!UwB2u(86YH#Ar?(O45l$Q$w@Vp6L
z4_VezRq*TB#NBn_8MJu0KGRv>7|ckD4jNkSdK`RU;|d5cBymcuU31t|k~SPFly%~U
zYKp((8J&&kZ`BoBV}vw1a){dLz`28(#|O{W8vu2_#hgl=(yj%SlR@jY+Dw73i%Rle
zmGA8C9cM=zd4>>|;T^^Av{?I=sGt5>KXn&QP=F*hvpMYDf%D}dg-zQp$4F~Z*^D5)
z<K)4WPrT1i=na+HZ-yrSX`O76ip_iBr9ph>*~pju1pRo1SYQnrC{ADl&J-`CMdy}k
zc(UN4YmI#?T&3OG;Ni%tir^12!u{TAaTKycV)+5XC(217l=jBnC}1wdC>@a&GTx^N
zG&qz?4HgX%O-v=AJNWjsy5u%Z^uwuca|zQl)q<}h`dO$qW<~R6Qcb(DFRV-Ck7WXC
zP*-~@s{j(NV$JxbI<I@Jh9fUbu+GEeA{Q+}y(ZFw(=LXg6B}QOls5Vi+?ntCsH$qf
z+0B;7tgc_#qH3zEhWG;hQlZiF24SAzWnHyS|Mezi0fnzYmsrncKszplyu+zRgwZrJ
zji^+=lR&;yYxa-FF!9^rQu|*@C|#5OrUg)6(wJ0Pq94(_dGnxgr6T^yjJrjzTGc*L
zeumnBa#6dDH0HzI8f;`qRZr1uHV{zOx|wY!^^Vq~^XcYHNH?jm7I#)vHGE&hRNu&2
znle>M^DSr{-F^DVE<R6r{F%QRMQ|YlOFL9%tPjTAZiW;sO&nRIzB@4(<sbKa!eBF!
z)487?i|!~ga$5f!wc%sdn>`<=_FCay%$%dKvYgbN5p%Ui^7qmTGnML4X|gx!r&Q#6
zpY_$N6`DmGzBW2zKKSv@QRBg)oGer%a&>xBVYK|sg`3I{FS#yBB9466-@TlQKP$N1
zpSfSf_I?2v>bOYV!iDN);nb6nYz-Tv&RiD{53|Uw7mofkyFGi^hm>`rn{BQ)%RE&p
z^|R?3`3E(h4V5B`SU)O(o=x+v<agaEvh|hM-t2nKby=P-^wgf}x|y`VFFpOi!GFGI
zZeL#aiRXD+V)jRaB9sEGuGOw|0`j~uUgs5V$@caFUV`S5RJX`{oMEc)sPKhd1J_&(
zpPW9zo%}G`1P|!4rH--t5WE||`sA#Kjz@DDC94vkCwI-?xFX66-lh4cF~la>q-wF2
zyba*QKYNSPqwF|4;Z%C$)U7uj%`Mg>Q6z_G?H<8Lk$BuC)*)cYiFi7;f_l;9dNq&&
z*kWlqr;lQvXO-A}rRK8AQ%RRG<@r$#;7lCG;oZ|K94Je|Xr=EA;_}QYRnN{?mjiOZ
zHCRIJAiF}!6gf$PY8M#IJ-dZDbt|wKtj0EBfIQhAX6SLNf=d%~VIM@xdZ~eY&`giA
z|9Ijs^Kp{)$sZn+kb<J{g0IMh^U}0Zp}Y??U2`X<xhK!{^&CUhicbFIHy<b)xt7Wm
z4g-vUYBqSi+7&zPB~ZCH&c|)K%#T%`@6IoCwU*8^-6t76ICo3#2mpQ>zkc~A@X`M^
zg&tv|&~J!sgv7ZXFYJm=_~k0!Oky#DxqQlK85HG)Ca~-E&_=YY>m#8$yIYY8thzuI
z9VC}y2{#qtzWS%=F#buM$rhjC!`K?yKSj-s!OP{}x}CiE?(<3kMMej+`)-_wn}d*m
zdGD+vzbs^!{pq@M3*Wg(7REaxei)9lbZ_^Dr)7+UuFm_sX);~k$?ww*VtLv;i(oJ$
zU6dcn98A+Q5#oU9bihMDqs@by#jaC|M=6v=Z9WO<#vpj#|1cy_;6`3Q_xcz+f{bJD
z6bakCgr;oZYfV+N-5Y7YnGRDiR40gc(gck+#}m<_TGE;t!mNpCyflJhD{{u?_V^4$
z9Fx{4K6&6$r>PV!-ryad6ndbn>@+Q~GeRG^`IcAUP@BRe0}r3Qu;*rz>tTq*|3L8m
zeB(j`gr*9l89`(r)rgz&vEr&k`(gjK>VwKl&```6rMDtJ+=~7er!-p$mex$(P5R#z
z2l+qojiM+I$)V>tTD4m4RaRj}Dh4T&u+9O06L2_8Tl(kRXBV7;;A|k~*5={JwSS+}
zNYy_@CvV)GdiD4JI@C|_jTd*JyxSoTaw^_*tm<V&GcsdK<C=X|LoR)n5|3Ojp^Oe#
zys*Rm;1I>#|JO@UH^6kLbawtwKb-COFH`b7@8oTrZ9UDY_(MIy-*;^`7jF6@Vs31{
z_^*BR_rLzDpCTW?^!?`>|JRNBpIQCS&iVg)I&y1IHpd8|fw6m`H0Fae|JN9Yu{V9}
z;Aa2T-2S(}s)XWv$(*CvN+}tiRXi~{u48<WzYA$K(P+9d*ViGv)h2>fgu=d7Xm_c-
zxiippwVRr0v*}Km%#17pBY!?2R6Q3;G2K9!F@S<23TgJ(OO^0Yt`s*?e0IkZE6mwC
zU(Xvu^vkS*VzTpvCPp7i$@Hhb6%>CS{n7Bk5x3HmtNQs=E=yl}0IoHiYBHq&_zMt)
z2~L22^9mWtTsT@Hm+3$k*6`b>2aOd2*)H2wrIQiHWB&c+&h`S3@#PH#_(jS;2i=|?
z;PLg@tEMZmIZwxWqmnTW-#>fUK~1IZIfFu`iS<-#0pKg^dJZYb0F(N8@)B)eaWV3<
z`_^8ny#318oApC?pr2ye9L8ojhpP3IB58;cbj+nAe7Fc);lxz$V$;>Bw!(n|<0(`r
z#{Tn>6N<okG7VL;dt5S-u9TO4=jCxr^u->8K`3hCBmj3A?HcKmYSf;16H(2>n)s>|
z7GJt}-mE`2VMdKuD)t)?EZc~HJ)Qmb@IEq94Yv#3@v%dMmwC*h3QW=5i^ngvyFf*3
zyvNjsFp?qA5g46)emuirK@Mxv-%vmayEzn6#4ZAf&S}qW9Jqk->8JaO6G`~&<GiRo
z&m8S~<x;zau}qmZxqGk7PXUKm*mWoDMH~PS_zXL)LvvF}@lb`SpU%spg+-LsI#1*U
zcH@}AWz91;(|ZymNNMU!Iul#mcM}OlXL%mbT0>2|C;st;NH*<<9gIB|qeqXQepJG2
zsr$262h}@6Xs)UaYM#=mvoy&eBoLhK_rxfY$dJ?xzONVu^6QW{I|+NHT*`Yj*Y$4t
zmklaRoTOfd^mp0agy11(X)M2ueD6q*Fs*${BA=yR{z;_Y{m1FZtATtjTNXHW`LnkM
zCs)Eb^p!zyN_OKE#rtFIfE`m6*k9{(4TU~K<l^J%k0P*5H4BSopyy=*WA@9q7DyJi
zCDXh|TA}S309)S-UWt_nvwHX64)Q<!6&(U6+;q;-x-jz5b6J2I@y{{gL|o?m<@hZ6
zb9HlcTTWB)cR6j$lNGY`-^~@B1gfsFf~w_%kVOK=ML2rgZhKorrhwFn6#@aI99w*L
z?Td$k1^%)_pSfva1t}aF2FDUfZ_SD(GRQOhNoJa=ni8877u$>@B&&lEfI(sWD&Tcy
z|A0bDo}s~<fh_RnzMl3I)eC(7Z|H}iU*H~hlzwWAy0fEW9(#bn?jgT^xQPy;mrcLx
zNr0**5>SLAgp)mRQwCyl-#2cPzUNsLJE?}`1ArVe1QT@H=W!CjtSfeZ6How^+gGwf
znUu!b;;e0FI_M<YS)BrLTgDBlxqS?0)LaHF>$fMMlv}Iryuh^!wO+|1)ers1x5r`Q
zIl6_7_eq=S0YPH}sKOEcNpAyY(a_OBgFKEY(skpFT}!Xa(-Z6yZa9;nhAwkloexnl
z%efijaMf%d1PhpV2FJMdn0{~trVPz?rD*f(=VxeC4&!1=1rj@2j?zsj3<e5srskFV
zD0dX$C8i~e@l<Pc1~iK-@1=-k@$|dg8Eym6Xx~kw%X#}g?Es-32Kn^qktPuBsFhha
zHGJgY%Gy5^>UGY2E~9WB$LYLR*Mu@fqY^(Z;0TxYF(B>Gk1Lnsnp`~Xmg`b8ZGd7A
zTcK)L+_Svdpr{BSz%$f>eeT{n8DYY%C0qvWpHXNt0j$8cOf>;>4U|d0PAPh@*m?mh
zNj8{>oe{Ef=be^z+gbaEn@J*YW_%WqL-sUtLAT@V#{jgOUx__HW48fVyI*W;vY$A^
zZ;v+RfxOMEDrVWoDaI)?mdkv2aAVlnymNV7Akmo&?AJ_mXATh3bZ|(-0;6t*`S(`J
zPnv>G=p8+zJNi6%&O$ScleAA<1w<z!2(j_Sjn0OEw0Z<!`ULDa-ZeuwgVHK_dVbhE
zyM+PHealfKCuzmoeaqOG{3U&`Lx$f(Sc+DVrsD@{F&oQ8j)rXq>_Q7)FiG*z*iodL
zdXsXcP0J2;zTA@#yHriwsSL%Y$>Gl?SXJv5E=^LA?$Y-~ZBRNS>%D0?3S_#LTqq>B
zieO!^L^l@GaO8P5Gj|2Lj>;t1!G0=82T4-yb?;8+{w$43lU;Rak{m?K*c}XJg8qc^
zAfMCbVl-OKy1VTR8MVC&4^#07Cepm(jS8!`evIRddhL?ux*_|6ffN0UQ&o9N8{aUG
z3|OWkba$cYd69d{F=DHt__KP%Fc0ZRN$W3lOjB<wj)rQu6=R1QXX10;E{2*MydY$G
zwCx7`;v~!6IdZkL?Hc-HIc7zp$KCldKN*I&+Gvcp?V2hB$Y&h&Ai%QgsaWl>EGfUF
z^_?$4u4><TTRbm(7<Nlty=m7|Xbm<mVJ6Z?U2Lpu(Q&#x_DyLL2zuOF061K;od%V}
zuGq-6XrATLEY)JGka01EhU#N!)`Fq_9KguKVh}di+gaA7jaioU?@AXZV0r^oXl&bs
ziYy#>B|{AFFy~PQlKfLk`QQGa^6C!~cD1)Ra$3|;b;CQ>C|3^M*cPRV8<y4~6Y^Y*
z=r0+@=r5*5DhVAk-AD3l2JR{(fBHyBI5|73O4|wjzq505FG?#`G)z1rE$^@kOhs9L
zO4}<Vyd6%c-S3Pk57kx4B}on90qmc(M}AQY&ydZBb<BteO1j#P#-{yF1-q7s?prcM
ztBuE#QtZL5>{^5B!rjP<0iDT+vKA6u&*l`_B;`E4mNAy;iBOFV5)Q;dw%h)WWiaCf
z@ACm@Htj1S@Bm@VW)3z&jKKKM$Y#{JQDM%qrU%L@X+q$4xV7tiEe3)*%Qps^aH0wl
z^2JXP_rXJ?t5zaYv$whxG;|$BY+cF&VrR(Jvb!^j#@=Q#aNBxFVp(odxE+9;)jEl)
zcC>7B6m--Q$CDYfZIX9%hHRNr$HEkuxt8~4lNi#zVfv1pT<DNsEfAx2yxt!>-ec&F
zn6bGs+UJD$65K>AvUgS`)ac>v+~z0oV1^2x-Ovs*;DZ-o)G;ys;psD*cPcM98se~4
zSvKJYan{i3TD0tSZMfp?P#?AUU~}|EiY4Y{X3ED9$70r<!<JJ_lp&QqhtW0W>9f9;
zgpPD?_D^rwHyL`XJD(m+QEZ`?F^I`0b7rVXj4ipK0`havnKMhg638`}^}^Q(cyuwa
z<u|GbS+~aTV`sm`c^mdE!^l`z?k5Wq{3*2b`RKPrVFQ4()|uK65*Q>BB+}mw<E^n9
zJJ3|Bf0~?Y)Saq{h)H}v_KS0OlGW)BLAIxHw{;2B4&oyBm)b!&?TrelT7xmIETAVh
zDNQrAKGLuYq%+Qn>ha2$B@r|TZS-j;UYU=RiWN9UvAW|{BA%*LRSu=tX~*+Zd4xJQ
zHd@U1mdmBr&rBbfmo9Kyci$K%3XK#^^pX+*%KO+x=Zm!Wv)(iE9}$%#<W;IuK-imb
zUaloYgMLPYuDdI?#O;i;FrW>v3r1LIrD(YC+lmM}hg_J@@=R-<8woJzg);H9T}#qR
z4@%9hzm_;MbGw~Di_HJaVOo#42=6%|$@2y)(qhYnNP5B!B8P+e{GphgiqGylWgN32
zY(d3osbRVeL%5WHSO}T<{-BVMG|}*~xdIhy$pEoAMt!bG`#MFgVE^p_me&*B5kx0!
zx`{hg5ub~+XZj#-A%Nzy<@A_^+ZiO)PKkx$0M2nuD8^<b;<$%2c23YvHY9Hy^i0iN
z1IeJN@z&^2&rbj;MSN~%=UfM_Gnu_1uDKK9Y)Nu_eCImL58VbU1zol#u7)np{V^hy
zu6rS3$fPv4aGd&P{EXvlTk_Mm4!Z%vBqk!DZhmDS+yeg`oq$Z6yu9gVRJ2yJ*?H`Q
zHb%8*xdx~)y~$T<)gH)Tsb<298G_sjYpzsR3-cey$_NFcz=yfZ@Z05Xa<17U1Ul>d
zspbMw%)bZ8N`JM|D8bf*IJiag>`)myEY!r-b&HMIYISB$i_y5+3_t*>6`5a2=vc4j
zliBTgTica0Zi?Gs>3cp1E%Gdq8DeWN!u^30PTn83*JisJae0a%%kxF=8%TCt@d(0+
zI<<h)wlbA_D-wfTGlOsLg`6-~Kyb7id*X^MFz(%%B13tm_|H@|<!E2(Vz;B!J8VG;
z_2>vN2Y)ozk58hhMkH;lJ$vPttwjU4drBU9RtXqfp?MsP$5rECkh+Glnd!(58|Sn<
zX}A!`t5ck6Vg}q+TsYddta`ge)uC0P&NssbhnLI=VOFU-BjSo{<--G#&V|71xs$7g
zU!A%jS$)}i@`X%Krdnyys+TFbof_hL+|NJ+bUCk-G!lPEzml`s`8M@#B51`p8Ri@I
zZEO4U-9R<&cQ}Y47*9(*OjQI0&NtZ%W)ZTUlI5f<Iz|xhCD1eq<q)L!WA2*EgBk9#
z<Ux2g50^WmfzND2ClTTst-|3X!ZiqKQ=ImknrN%K(+r(RS*d&pZM13S{)Q#yvCk#u
zJ>k?ra#M&ZP{81=Ek}~SRlWD#I|K%k`o?W*)Z0=Rl!FL@m9yqtAXT0J<ikQRv?tf5
zycyZ2+TO9-oBZ?|>Tz{1h`bIcWSnNSRgGqKGJi9rfSeAT_&R)3ts2}t8Byc{=dw!s
zGJ;u_gx<Q-<{-+8NdZ~mx;yak&dV{Pl#u{H=heR@Wu*qSA15=&s}X}vXN)l~5_4?%
z&Bg*J29mF|azQWM`Pm2rxWj9^=OY%mb}CW=+{QnR=&3VRTZSLn@P^}|U1;-eRfUZ{
zRbW!9q87@pzC_Vj26CNaRrgBFjxCnhW2nuppbc>{CDpd`eQb-o1c_8m)3KIwRaKuo
zjxG!sXPxm$yyB;(`?=35S2Qur&M;Kf>T$YE*texFNK`Zx*JM4Vr<%hrkUr}4(%Bqi
zxO#)Cj(_n_`b+2U8F-SE@Pjj+2Y9`|KpLJc2}8{ZcP`F#fYqPxZA0J{K#t35rl$Dl
zQp0Jq6~{iPVKyUzedkK(VLWAqMRUi`kk>>DFr5ah2T;DUv!|0ZlP#F{AXM%Fm)vJZ
zg#k1P#6%1xNthd)LwSor`8pnwRMwCLB+^>thFpFvN8{<E-xd=+A%yr-F1FWzR=ytM
z-CdlMY_ZzH5yZU7s*kTDc$H&6x1Vpz5(b+N+czSujNFdxm}tQuSeU*NISyzif{jS6
zHI@JPwDPEKW6&EFq{*Etb%XfqX>uv&r>@>pNa%)OKWsi**f(uy0o0kb(6$%?uTUJm
z1t%3mbF5J<xUJ7k^Whf@&*%4KM-KLPcRwcf%s3p&IbE-N*vu<im%yacqgg|rxqwiF
z{KLvuISY@*@(B6D@*x_jIMa<>u8oB*&kes_4kNqS)b|-iLH4oD3+e9#dO~{S5KAz{
ztyW5)<eCYWQ}v@jzD2M9lG;0_nlQyH97+#Fc%m#D1G^w-A|<7@zDKqDS&i2m*8T32
zZ+|LH3z+m}Gab2qj1vf2u@Zy%Qjy%2!RLv2zyGldfYR}uA9k^~KyR{aeQ&URRfz@m
z??L1F%K{+T)_kTqCLv4y;`Knssc8E;&x_TkxF682#($8`#p%XIu{X&DKZ`@0?!FWJ
zL<5q$kxhUH=ECS$P)Ix*NCI6OH&;Qz!H=+nAuw5=N;y|l52%LowWJ!S)p8{-9DO%y
z0dX-Jkm{icS$MAS0EK60gauJjz3JaI%bnJ>=Bk>3PpA!CLlecdV4eaDwe$Qrl~4ya
zDpt0@6xt<@Ho*&MF%ANrw2t&e*3##RnZ=glb(UYm7P7v7s>(3ivXc#CM|2+W9b<=_
z&lvJFKdQT%7ErUf?#ikiJ?Q%)J=KalV#DXSyzOEQbfM!Ix}wwRoJZtN$&FfYQDxDF
zd~N;8e;8FdFz_DCV$UOqbc6-0N`!dW^Z1q5a_0NvBh*TqInos9rwGgl?1Z=WFGdzw
z=&qg3*`}I9pz2i<nwc|F&JV&#IZJxiS6v&5Vy*?^$9lv=S*V77Ono?pf8l8O8<L$|
z%Il<zHqoPdU-800t0NZ*aC&?lFv+GR-Ubo~DOp!eRZGrkRGaW_*xl%D!w2UYTp$Hs
zsJS5HTS|Fs%%6Acb&;*+oobz%+-HO`Y1OovWN2l(xk=2VIEm_6pzu&-or>=SvSwbg
zdf^OzBoTyt(`*v3Uo-(H=Yxq%e{T@-QYY_j@5k8Y>fP|m4P6^h&g^OB9rq0qdwl8j
zd~cS9>TSOH^xdZ?dGN&x)Ti2)eni|r)jY}FF^Ik!9ZM(R4)iiN0(yq*s8pQD7%{dS
zBElOBpW3ruM5aXC{hqoMK2KRP6$OMy5TrFWD3L*Yp9gUv#bBGAZ(=mHh<n{`<ZlJ#
zoV$y0bAospcS0UpvoxcmA5B84$DFLY=F)uakkwriB`B?az-Kq_D@~y4NR*F>>B=pj
zn2%_yOH2>hHpn7E$?i8g@=qpC3z`k`3d|<QNs^Grav@S&pv3EXn||OX4>0m>`+C)X
z+MTjf@1B+mmS%=MX%TzZ>+1kiQ*uvV*sr57uR+}RT}*l&=aoieDnY1Y6gGv^yj4}N
zNMtQvd;g0MFLkLQ$TWXe3&OE<C@UNUcp1z8$)$AiHl+(xq>xUt^mFJ!b6(w$6g;ap
zBy?Po1zu-+Q8gCYAxD2?-`&iLt%U_)0)eSCC_=b5UZW$tpZaMG&TObIjauHKef!5d
zIi{m-T8vjYu8H~QL*0cB^{_V*DVj+1ap@D@mv5sT+9z7WW`@g4%a^JM6GwavI&B%F
zTmcqvUqL?{uoJ<|O`)tb=tNg*0v%z<j4D=i`W|oc8Fk&F;U%7XF9iiE1zAxZ&V|jb
z@qkFYPe%OqTC}p2p}<QaDy@;~b}wB(`Rocwoz^k(exX<w9eC`}M@k%bq!{iyb{StY
z^^EiiLEhHuQ|J`N?8W3iOY~xKU!L~=mZ{QQ_97T3t8?b^ZCZ48u-AnEd2JjU^d2kY
zM?_%a=xZqVED%3!huA*ZpJ<e_Jd>FZC%(*S3=M)ct5q%}gH8lfpd+Syv+m4PRPP0|
zx1x!|8S@OR475q3^EYK;C`<RAj6Olj73b1olJHyzPJ3^10Qw{8`E#&pTAqy-%O#V*
z%S{#crxM_{c@ud_k5=|X48Lva8A{%Exl=rdG}Yo<;(Of2Jxmgzu<u(>a7+ZHF61_`
zR6H|H=1+BQr4QT&gItfe(rt~yNoN4@IYoNB7vwvyvKVCUUlb;;JjZYU6rbI8<%P1I
zv$n}$$S=75Xde?E+J;tkj6j!&il<Gg7p*RprZPuP@?QA0Mxy(3SyI2Zrs(2tqd>Mz
z>RZ9)+26E~4_?Q9ra4P;|Kj~8Pw;ExLN0EqSynR_T1m_$DH#^)hNmzSEJ}nV$YWI*
z8Cy78nC%Cp&M3$Q{qf)!$&m*aFHVSzXiqs|nxi$3FMe(w++20~A~eM}B{&teX|3x}
zzPIGM;&&PIJ>tn^(B{++HP5y@@2udVxb|;V+`=FQVFQ*+zk3tPgovq`Pg+{9Udt<L
zdd@3q<Av)-+sf}O2e_-ULrMF?GpJRH@64j#{3)mIdb>5HM^x{Xt_=T7{7zUz7tLtR
zfM#(Id4q5JG_l*#OQ#X{#ld1j&}w4hb6fi+mZX8*=~WsD*N+KzTls*z=wH9d91^L~
zj?pg`odk{5$WNaPTr)span=5Hwy9i2`H%M!xf9K+2YVbLES2DnSBChJIj>ygjQtuz
z3K-4mC@-=;7zq>A!xt(Xv}&qyH9Emac*4l^e(hkE+j^Ska8V|&C_2icc`uRBI6Pqd
z!yiZR@K2tl75(#{|L}a7P|lUs+D-QCmF88kh3MfJuAJ5sij96oSNlB1XHy9!A(W-M
z^XM7h-MZkl+Ey0hjYlFBsE5%9A$@?omx)(2+k+MqgJT(}=WyY+o0101Vz0Wh=>U{O
z#p_;Ad^<rzso2rm7j1M}=i#k%yWsjIen@{On=XAR9B7I{LLyIhrRH)x*Kzjo;yAoH
zsHRXy>Z-VCK*_PND(B=Ni8pVY)-1$#8dfflClT)Lr-z8@5p8_EiPUMbC#9&%v4|0N
zby9ZQo>-M_a;rmLfp9{doX<+<>$2iQ!GqIpd%{E~!O?$^SGBBt&xUK$9A|W_D;n7y
z-t6!sRaY!xi4nld-F`pgb2Tu0#6^>N)zansznr&UQ_3WK1b8m<NOx;F{`FQ<3f^l8
z6<i2*nc?MO{@7+#tgcNoLpURAsZGhj=XDCoEIKMm0Xq|A=Y;|Z>KQnUta8^)Bx&<D
z-hXB5`*MP&>~qt71#Q|@Af`#HnB+Y8Dp>Qr@!X9l4MrYs$ZDL(dCXKVMKooZXLvN9
zY?lhVeFbi+;BgPG(tkAr_1;oB)dj9rY;Wa3uop2+Of+e1<v^1%j&497@>xAl-qfRc
z@D_tEwOya)w%NvzQS<vz%R9}Ty%ie;>0^4rqRq1S7somL+swbN@ah8vL)yH2U0(RU
zo$0;N0Z5^RGC*<0b5&dW^Pflh-6<UPebK5CAyb>l`^C3I3hHxZ{>3)?+n=%xjt$7s
zu1=%`BnF6ttDXDOZ#^PY>Ar?Gtn-#77;j1IH&W=^b<qwjs0<|<UV70cV1#0EaM0R8
zTYr$)(VD8sI1!Hsol{Jztng3Z&zHI9#G*1X>N#7vHRjXFke2>_1MsKsE!2e#n1)mZ
zrZ<vA_UQ>_YWe)2_w@c7+*n}tHZ`nvfv0j?YNyq{LUyBq#&zxKPBqOzAi^}ge9#d#
zVdd@+WD;weo0V80*9k@q`WqSc0;y;Gsf9{@Y(Z+Fcz(qM7Qi7zky?Nu#||@GzT|&y
z(kG#zjc+RIu7*jCJsZ<Np*eCLCy!_dRaCl>wv$Kd+$jiG_Dy_X<>(%A^<=s4&l#4l
z_b@Iu+mE$*Vs|UCP4;=%%=!Qt<j(qB=na{eC<NX9D6xAO@E;MpH%DGCSMD#ECpEE@
zGGWABch<g!_y_p&3RjBiMcIR(OcL~<>A4A+L*7<GD%YWGoPn73@q-&ybR>d%iRS9q
zXU`F}s3aT>2h$)DD)U>z@aG>MA@uEuc;RCEaT*c)bHTM&UHjcSB~o>UMJ$#1m;G~e
zW9Y6%pIb0dHEvCf$hp3)aj+7aKa&`lc+H>pYMK{W_XS7+KQNP0jwTM=X?*<Q21#lo
z*Ns3jb4Og6naX}Jr<G8wyZ&Uk>nNedqiBBHMh2?7{j2HQkY6TPA!yT>1GnK&#J5HZ
z^yc{J1~;wu^5rC63(*mt4AT}T^4v9d-$mcmFecKelUSSY=Xmg)m7$~pI<+%2*e$UV
zu%84NQi^l=WiTf3klO(ViXB2(VPw0GjGOzuZ+%8DjkMuXO*JU|Z_o7Wt3a)=V;ooo
z&3D7$fGS+Fm<I%M1oSi~NjEG7&1-{iXgG{|avHRMoPUC!j<dk?J8-v4Lh`e1IC5Ok
zj+5cr3H|!70>|4t4E%sdA1HtqSAcDP%jOUKpZUIL63oFkZ3L6~F{21eX_ph9oQzy#
zR(dEsnmu!xkxe&$Z>|3nZMt~2A-%n<CU@ecJh}X3(=`fALYx`3Y@bHEAB5y4^LYzk
z31&d_izRBfPgGAe8<HCx&7!JWzrM2#k~6buS*;A)B-T_QKRVOqeqe2>@Dh!qMaiEk
z*m%t5-o%tA*)ue7G`wIWWAFg_Z%EG*K1b~>)n6@s5;u9p71@!>7TA9oxg>-sTg^?4
zuynJe&CBT(JJzenAgHW;G~CjR=>zo<pe8s>0;QNfBd3m>E|goJHt)y7_4zJT`V{BT
z?|c%@STNrgrOms0;i*92c85S-$CX|oS^YIfu5LDTu-aBxYl@PX1dwDsn<&hRV$Xi}
z@irEx<zV1Hm=+UZNNH3&@Dsr>lM1Gz2yl8a)^AgNY8N0_ZpO>3bzMdK&$>T7m0R?n
z&l*~cZ6(Uuv>a7Nm0Pu}x#D4~gtBmZ$><EOtwJSW$8_VCiI{CYRH|YhkF+J<cJ4+f
zkkq~QL#bcM`=LA6|7N0A%%4(;cOXbquXzSa81JD26k4?|1@`6vcDv2J1F-55F^-9g
z$V$&UKHOuKImu1~&@1{h+{R66Pn(C*jXu$J=WpimUwG>FPx$!kjGR;jN5eB>@9Htl
zx%4RMCqT)wOx;rv#TP<64Czt_R4~-6)QczbK@&2U=`_Mh>zg#wDO`^<SWTW+#1!J>
zrbRLYm-d^{F*}f(Oq7-8OK2yNKvaSPER<9I6y-}~kixZU{m*)GepnS>A|cL#_C!@|
zwA}!`N>x$&w^x3EHsJ!lQ)uy^*yye2%XO3ck1UEOLei``2esd9CgzJAEC<Yde@V<z
z{9{f7>-6@(0K{@6;4HE7QA<SA*mgaobCv3ULl>){Y?$y~0s<$RcxW_M#%JXS6de70
zZrF!btxVw+JroLdOz4-#mV2P?Z37npac@O431eY<H-!kZ7S7wcsoxuEQ@kO>U^&Sg
z!-n_9IHLfrW0}eubjImp>mvE^UMvgOHnk8_3-YRXm9~E7qB<w8YCmL4=so86Hch6^
zqizrjOkEjVyPaIb%|$bPfMS^{;JfkG#X`Vyu)1P*N7@e14C*~)TT#Grh&OkgQ<=%G
zCTa?aW);4KKDR{4rgcA7ph7`5QIdYXcX$iZlRSp#?Uj{+fO<EkIBJRT`puiFjRi}?
zdXc6bM~MZW@a}bIxpD1Ju)5RFlbY9T-}5G7KJ}8?vgX_jbf{UPP`5)o@0k4SpzYUo
z$$tdF2Z5wS5?!c_!n{bFPW<joX^ES|Y^ZolUi8U>X2wp9iZnh(ok@FuzF0YdM}LMt
zeKo9bZ>33JLNyD#d5S$|c-xR<KT62i4t0MCH1#{7d>u5Dq>!af?^e67;+%G$Hm`s}
zZfCpc*okWvq*p$d;ld7F_o{!>9&UY>BFdZ`&tJ#rAH+!QQ$l=#%kXnW7(dOL22cw<
z+vCd_FiJ}RGs(p}2o2~wTDv_y4k*iCjQzTWaScYuKi)S=mF4Er8T{VzmZ;9U4#@#&
zYGa5<fQ1Q@l)AvYn$6d%{i>In9<2OncK0ynM8|`hq`}2;Hg0BIMvsRqwt~=Y{ri!b
zA!3oNipy+`R<>OgxvlhuBeoBNPFoKoTh5?DhgoKPqAwIu2g<8u?&W^9mCl?|Oue_u
z89$XfK{R9h1rIMg7#URu=g(c?+F{~CSiX;zc%}@2{Y469drB9QM1mg<voX1DEtjsV
zb7oI*&jgLe%~I01O=!>T2ME*8Xk6@OkuWpR&pCBcM?OZKHg6^I;q`xE4gUV8k5(|c
z)g0d^lQh&K+~rF>uC}d%x(k?umpo-3rLhUv@E{g!o3ZWACPfD$RjFeo|33df%%7rq
z6H{{k-q#>#077LgjSIzOT^3990`hGuNg8J#-d^3NkLySe(2u8%-c9h^nGfb??Jj67
zW^4V@E2NghuNUPoq0sZ#*bbvQMNVZZ1BQLYnjuihQTC8?`Gn6Sl}IOqQ0C#S)uiek
zMcUDDE{Px-+fM75347sW>-~21ri77s;Ueiue-u4!pwhM@Nke*B%DGdAIYwubqeKxW
z*ymJ~UGCfsKes5j>`&U{#im`tveWTB-wiXtz+?T;=-badK<&}o7)k!_pQls*ut7Z<
zVJ#1)3UVVfrYj_OhV}L-NIsRVClq!bBbK>UD(QH-VkA&~rmtl;xICcs|MR#tob=`S
zf0XExclkb_%rxGRG|uef%lKAqJ)7Hgo<3Dm+R<IQ#C<H^X5^J&zn$yL^qea8nK2<R
zo!)MH{{z%bxD<dUUV^1Keo5=-2_i{gi?Pn54L}yjakT@2-7w+pA0Mh}L4I6Z$a#Zl
z9({<c2si7W$Id51qx9nl`^JJzo$Gi+ZKbu8!|Kjap0jl(m(*S!@)Y5s&}&cDJ(|Pb
zelsr%l`a~u<(!LaW5h7eUwok3Y;C73us)l+Rz)=7bcl%duK??#Cn2ni`3tS>l}-#*
zXr0vV^VlSlP%h_qZ5~V(`{Z2-@_$&z-$Z5kL|}!LS8ZDIK6Jui%NOlt_uf!uaW#G^
zY`8z%)J@*a@|#cihfUfZatxonsd=$EBB2R`yv;l$vK+nknX$7eYS~d?Dk0>N%BIQ{
zQ`uEUVXlAUad#kcnBtf^*9ulKozrnLigSCv-!rdwewdHBRPIFgZNjVEzbO;^eLh6j
z3BW{Q2A!?{jS<|1(?jxt^Yr0o;z>EYrCVTgIO<S`?dJz42ZCAiq&;)*@1y<Qo8_|L
zE$gl2JU9PtQGfSthU;Krt~{##hjshio4Xm|E#+`M`r#}R?u>a5;9SAUj@yTcmVdqG
zKTGqUrTNdP`M>?th?e5m(ZlB@nBD=pJrq}o+JC!HR%>^_xU-_Yt-tIzf%3`v8nAn~
z`0|%E%%=k{hvJMJ_WYei{kv6EWWoz!(qNi56aV=c%7vdnCN;49Ge8JbHhmlp;jl$L
zaXBx(;pLyM=7|(;b917HgMT{)179%f+Cfo&d4iymCv`$B`mX%WOyi%t?jfmx_sg+;
z{0d(ub;J6|Z=F_q9e8c@7QVC4&v&*{!W&y+jU<2TAU|?JAcC6gU!DJHz@M{$$!EFY
zP)PUNfhwoN1Nuah6F>Ylx0&#3Q#6IluV4R_GiRcPm8>0K%>4P49}&0_%+9PX{npKh
za=<KdA5FdT(}#(wke+QYnd6w>|5so3b2E4(Ld3w0Xx{$IOPz06qdP<t83gYNaq7GF
zYc9yI&<6IOyq@&;?e)(-0zn797SXw&`)i!KxGgkpaPjwxu>jA9iY{Ke@oO>O;TD74
zi0A6>7vl}gK4bW;fXBZU<30Q;5pkyN_vvarJ}gGaZNeCjpIbVg9e$PP)}#*o{SLQ-
zm+IZLJNj$OZNO8ahohXX{ljDSHysT9O$*?EU!>=w@HW!cw(ehhfdRI0n$<u#=kIs?
zpYVuBd5O;bT7(H))LJ_I`)!-50Lh=z)Ntg5pCQh%OJ^HYpYxOcJ{d5TgE#s~r}zF^
zjTXrA`lCwfZv1|2;$Wo4QCw}3KiB3`o~R134objK@@3U(EBWB}<)q=TXs?aMzVCcQ
zhZu$g48yb~sqmL6@xc`-N1-3bUutK9+#oMg<=5SfNzo{zBmG)dbn3U$n7xIYe`LA9
zuj!CyZ0|W5UVDLKWwEgHb?Gp}qWBp^Llp1+IOqK4g$_mz;nvJI&nI(KG8Hd0&p&1N
zqWXu`{@+*lqbclSRL1ri_g|a(q})AP>pE{_qA6>5U`&Ld0Edvne&!5uoW2hF40Iw-
zz1D5I*5Ei!$dQ*BTh5>8Tsb6SyU-;pQv3Vzbh{V6vMcQ>fO1Xlb&eu%Bl@U}?+<!8
z^82Z#LV;wOjVHBR!}bl8?I-+aUJNNnSIc9fwCGn1pgl8rLC|O~-KL=+OP_>8duHXN
zu5y)N@A9uB^}j#d&lMf;hXqE5OPK#WZ5fYXMJA->nfNM(v+8v<n}tr;JyuvOh3nEL
zUI0Z(DsDiJN&8?esQ+<7bBMrZjPLJG8k4VR<S8B0#`C5s$xp^OoAPn}<d5KJmEE=s
zl=784hwv5C9o7#Isd_4ZG!=aGXuce8cWd>l_VFNJQ}5q>_*sJ?@D&-(2ZBPl&GPg7
zhX`rb4|CG(&yLzZ8_ASNO!8NXdqT$HKI;iJ<;&+9DV1eiSA)rDl4MbscMs>=IcQ3{
z-Er;anUy9MiGYLMZ)=l5^oF0wjpKb-N{Swo^+MgPb6Z4&)pcbi$#BGVLrO!@y5-Wc
zD)o!sjBg+WH@6Wo=0E)?v+B>eeZqto#tw$&o+#Ty?{{Q(3-B~m`;&tpiSySQllfC3
z${g!+D4p6x>wVka1gI4kv^v1WKvJ%|>k?4wl!DtE(yU!H1%&sOs@EpUH^p&HM$Kfp
z5XGxP8(SAV_iKxnaV3ci)ZkU;S0E%Iv`~UJ^I5eVjQrhblVP+J(TZ6Qa2tbJ7DlVv
zDk0c?rMDvH;I`Al0qf_XHr3dSo^;}fk-6{drHPE2Y6)7K1NO+Q_~r3>9^PS(6I4MJ
zo8{WF(Do-6%%VR56tO6qmTm?8P?P-SI>W7{=nfV0itvinAq=-}n4W+FZC<~@nP0Z$
zpKsC!u*eTCbN_Nk*5Glu3zuF5jF|o)G_0GKkxfXG4{`p4GekY5OO^exGdGFT^EjP~
zjmbMhPq2q78>Qsek!v)tY){AW&46;Z%+p$S^WB9?cmB~=7gmQn4+agl{0)Jf#I>n<
zO>MQ%nAE9EoEW^I;nVTIEc7qe`#&d8ln>m96~oTYv5RtmvEaTif0xL)IxO4}lcp{;
zmpRBLv|fIMkWYD>g=QxWo0yc;EUhq~C(f_)GSjcrKv;jmqgje)h*NDZawH^bA4Kfq
zX<V><upeo3_j!i5+VYK%!gNzi)2+wnvO?9ImacfmYx{2xzaZ)~={=>xO_Aa8b6)=E
z*#7oEA8}{;WHoT_;VBHvV8D}?)U%fZ$_>SLx~nnqf1LyCFUJkX5Z4x+82!q27v#R`
zHc=4h)Qu0htV+!U0l+b44TzsIrHd$)3&@hinbpY_2@11pH@olpT-um|-eFrA<z^wg
za34p!!I-~&^-l})Kh_m-73P-i!UAyf!5Zk|!UkW*<o%1)ZX#EPct&5^U<!8=G}G)e
zU5k`9#Qc!KsB#^xfkZ63VVCAUqgBB6G4>?Mm?%*F>z!Bkrrv3>`SDaNxE#~OS{@YR
zGMlniMc9_K$Y_JR^iMppOKxa>aN9Z(l+Q(kHZbn`y+8va&TA9e800W5n2_(^`1s{z
zXCq@)R1BpMKj?xAW%Lx9qvE&o4Lft6PXp$(!)<o~8T~<|24@K1n!)H8$H^H^&8k;j
z(1_x+`2O)Ci3l1}1*H56AAq@SKme*YN<_F^#9D8sD#AG73)iMP^j4nL`%~pvHyvZY
zDdof^w6b)~5C>WhMkqW6Oy`{exDi~U4)xpGO9V__|3&7hpU&396WW=ok3Q>_l%X3)
zJAC_*iLm)4)dUL66H9}L1T1&zQ?SLXy3ydPRh=x3Y)+Ck_-2pCj__WmC|Bib0$N>s
zr!-Z#8T7UIWwN2Mk))yF@RXcg=aC)Li;$6>9-g_VP<u-ILE=u_*#>k#z}i6kV?!Lz
zS7WOxVg@?52siPa30BreD&~1oC>qUgK)zt`qY<gF5FEM8X<)H4af~#cL_w7e(<qGH
zD6C9CBJDv}^@EJ~j&_p6_S%3)Gj!pY_E(YEbnBL-(dtez{g~i^LJiIl4}Rj0FaPyk
z!dET;tCbcbO#Bl*ks<ZdYAKd}sM8^qPkFARJ(An88LdIP+HkERlG=6c+x&7Sw*E|t
zxm0&!*@I+DWR?qG`Oa*bQZKo2`aACAl*`*ak>-g2b>$JsNF<-2GOVQ*>HxlV$0-qh
zU;@u1c^ZcRRphS0N~sv-JAi`J-=*ca8w`}@aBF}vbOOWe=}8^w%v0I`NniAQt}9nF
zuOdse3S#OqZNjUPc9^0`B+rm)a*!j|bu$6uj_sRQeD%N{_!eE6Hy)9BwARx&rw;=v
z0Vl$t7tF^qqUFQ6TE5u<xIiU`N^#~1^~>$Ye-j(Y`N6DoOWMx4e^VT@neWT#_o;dR
z3Ch$ubM7g6ZZEa+&T#k9G8c3`YjF{)zCe3h1kA$rDdw2*V4{cI8_W!@BUT>GxGRBf
z2yR=IY<=<}&}>#z-V2g_7$i7}%qn5nA0wU8cLhq69RFG*QlZiX1P?oUiTG~|pwOWe
zLDE9&`BepfGZH9`%vnA4D;(0(JsB#{Hxo$;c3u~Ub7-lo^@c9jD5&<%Hwo5KLBJ<F
zc`gH+HEX8Kx~*kHMr6D>y+d#Q{$&nmE#Q?eXcQ*thA1Ukv;fFFdN}QrG7$g@=NK~s
z$*44TIu>Vs0JUV1W*0D=TKv<Wv+DGeff3zV;9kjs-k|u+oSijz3v_aqd|dx}4fbau
zpy3lAb2XXT&34gepazUmptH+`K-%4s^N47>-D2kecZ|;fcuV{o=WE@EI1AuO7y>Mb
zuCyETfhW#IEF8Hs`uXWH1KyQyAl?%K_qV7nmwIb5O_7hjXLVclp&Rwz(|dY{Db=YQ
z?kzK%Yz_~1jiMRxI~jq4W9)XH4-tswwbUZ#n9MWM0eG10ED*F0$XgEhO7!T_C()pv
zAb{f+JkZVC!aTh8WC7eH^D0HVZ4Kef5Faw}uUNtW56dCE$7w6D?wP;WvC!#z?kFSP
zhZF1+<R+N%$|z|->k(?!@Y>_BcdISjEevuGk9{p&tVn9j9nz0-Q!asPmGb7Oo%h~U
zF-M$l*xRQIP24(xSG!O=6(ey1JJOq%31AeqXxCQ#(WWtLJG5;mCt&%(-$%xe94y-R
z$7Z=WVlIkIkze@81Ync4S@&+a?fLfDd&|rON7}aP2?GRoFz>bP{)eOZZ(dha8^Zm$
zr*Hq51atBZq2v2eP0nZ*C@Xe$_?!T6FJSt!P+!V3<)j|V?4_oc!a!o1+20&7U+Mw#
zrt-30rSl6wJSe%0<UplUUj8xrBo_c0n5$@Igx2LWA9s&w*P<y*^PgU7WLi|AMEfuX
zl6iD*VXiCVYb44bV@z3RpBUK5R-QA^#7(rx-GfcuzqzcnfUJxVNMH=A=Hlww#L?>P
zY^I&=;heMC2P7WhV1Dc?cij!+{CG00v$n`6dLR1ChMjO(&og>gd-Grph3+8JkBYG!
zvd11((rxTBG@-QyscOl>k>%}<@7sOu+f5oBxCj)zUrmDzI>xlBy*-t3O-!fhZ5Bu?
z%!H_zH<ic;j*59E)WP+0A8l&hiRroXG-c5rz=TsfwBMO28h2B4;YC+~iO*&Dl(RZr
zNhABF)IX5uHz`mU5)27hEDo~(_DBB<2*mT!5^7&!eMuI2|M@Bo4pZd_934k~xGJ~F
zw@Xm%TwPg~-ka8wr1yQ=zgsmihkBmXQtC*46h?EQ!DNrJ28hV}823CvI8bTLoR$2k
zTEYN?>@S;geR_n0LF8dVYuE>ifZO`{M#MUGn;cbDIq7>iuOPHJ_yHI6UJO<NR{t*l
zo!-H&n;u4Ip^Orq=Q1xP+mS`>cGJ~-brF{usb42{{3{5{m=;<U)syqv8(pqXQo^)}
z6ANyM?o9dd=wU8m8-93EV3m@pHsR^QuYT|A+X$^xkM05Z*Zf-Dadv?1y|nq75ZY5*
zo08-&$un$mFZ#fWDyPO#J$khuqH#haGvz&*NL*ZP&Xza(2^yD2$_4TdCdWi4W!!f1
zBIYVo^|vC;O6dJ~Cw`=3Jx<UtsL++RKH&fDR(}W6e(s@39X4A8g4A52Fp-^a0h7BT
z<1|1dN`F5Iz9Gi*52G`^Or=i~mPN4JGTe6fjHrIS$oINp<D##Q*85R}dYvZgU~0?e
zJ#N}c5PmMX4B%RM&nHsTG9!A_?1$bf_}&JbQ$_gtgFozAxOydx({mnv<;%GsVI!8D
zXFgJ~E<clM{glIw$)6y6d8icpQC{I&(RQdm=6y7hqwzz*bvH>zjvm)RyIp(YhdUG2
zJ*yT!+SRE#Kh!fth{SE|jHk`ik?P6kGw4${4BB)`b=FpHn;zNq7g&6BGuq)U3R`R2
z^H@QB+q){KZ>tH3jRLCp6rJmtg}s^7v<_f*<;jv$Gz>aUslf?}QPS^=^XF%W*s0of
zr^)u>3HEUZIUV7NA0IlWzajU_Z&m8S#gG#9`%B)Q4576@?_?KRP)>ZYWy(b&>b~=V
zM*kkD!@U>&UBpZe4^xo;X?6mpDOfsl8@ZbX$!bR2ggq<hx}-mw1ZKNh(wN*f<E2b{
zAjlc6{P@~Wi-Vlb4iwB)o#_+LG;0-|1XK?4hGbYE!VCaJRD?(TKZXOV-3g#L><L6v
z{PBQyVo!V9Pu_P)jFuzB22lFF98G`}N;!MUe`y6GPXYvo%1fmF^}kA@%HeFK{tj2l
z1*SSVN5za2-G)Nan?J7mvi}w5B}{~xA@zJOE4C>~VKP|*$*z$oe4=!mO_`C<7$~=R
z>1_03t)2$k&pzy4z7vt#<V7l-+5Z~p?Pv@J2N%*MA)oRDk~MwQa38WYOi2hyO_|(&
zB5YEQtleytiMXxlveSt?kb7omjdL8Z!I8R2FrUwUJD+?|;PSB<ckiLGZf3(lI%ksO
z{2BN=mh_k`-HfENHNC0q9>JlqE<AbS;iKCFIPrxMhM0+%DNyrhx*N?VE$8C<L?7ZS
ziIAC0S2d<i>TW)5rNv}?vZkU<9Cq=+*8ygx)pmnQxBX{K7@-tB!*A0n0BFu*cvIV3
z<M7mjJ?3T%a|j;hTb!7(<3w<tZszzPgr3PnJ3T7qy4rOdICTu?kj0@=QsSZH1%Q`o
z^uJG97S0)Tu=LSY)u!JvpfJh4vmseqKUKKjDuB_sQv;4VMd>b=$<^#FK>F!_X$AIK
zXi-}@$4$U|8TT)TMLHmpImx`%3r_Oa4N5|4K`81qgoD{4h$uMpB<=d)yQ9gvc^(ea
zbTf~;@{G8wnq;mV)VVyob(1M>%s|jy&Y(#}Q2P~o9P?{!VSgFC47KOLFc@#^Ady#$
zWkTGmZ&ZIGGlgpmP`zO&GEJbeTA0ICqv9cdlHPPH)yS*pL4`_6;=Iy{tPw7?VhjUG
zslq*v=B;fGmwKuWU?zuo(wJ9{w^p?wlNZZIDt2|+*tCA6&@;I6pqNc)^NRSVD$Odd
z?QW0sIrj>)9;jP<S0KK%C%Ct%9iZ>t_Qrn1sEIkZ6VZ^Kp@;lUw9bGlE??)foA0w3
zcAQFpn~~XZG2a8R$x1%0n%7JpFE>T;*!!H7e03r2K_Gjo4tIjkYBPrtZ|)%1_W91*
z`m40tAOVtak|4ww6yT**ObZaP=e43_DPw$}sH@UkDL2R&oQBnjGOag1C+q^iUc!37
z_;X)<b(y5#6G=cZSjYqbwZDieP?6(?AhuGmv~+mip%MuCv;yj-V+NM5Z@-9tN|l$w
zOx#{qT62D7RHHN_zeC)x`V0?~WBr)*)n>A~b8^gP=U%*-m|LCb@(HNjzxu}xWRN;T
z09&0L?Yf=G+KzBRjx7}R;<$6R-6-EyMRuOabk(H-2TC;lK(46u3HEDILM~fNYo#Om
zEQIo;D%>{dTV-`7g|*<TGAMV_ER}+r-Caxz@_WCt_{AEm@NKV5KLr-%DdU99=vm@H
z9@`}^yl}Rj3;<2KZR8>KsxK*|`_dkSsF=j;kH5lYTtilKrgVtgt5dHl32WM7#*ku!
z6b-&eil0H7N{#(ydS2UCbA^>{@Fv`|Gz5FI3Z(HO2cvm({bED*?i&H;@YyA9EkKt3
zzbEp);<KM+k4s;M;TBLp3Y&=oY}N3o`8YS}<Urlf=xW}l+-~4|5*(>ZmMdPaqu?<j
zTM(qY9QWY4IiMb!UXTD}n8~;BFJE%e?6SvKP}Sr|Ygm1y%lmHlis4#%m^V|L_+-gk
zrb<yFuOL~hAKVh4PXZh&?Y+jM;pb|63E~`mtgn41`x2P!M3$jS%Ml~ASPnNNCh3N%
zai{T<u{ipC*TKI<(Yf-cv0!gz>7ugLW4Y5fserr+hf1q%Q3;k?d9o(d-s8f{Cd+&0
zj<=}D<-_gG-^QY=_^WOfTjJ|*_v?JvTbt*25x;#|^Sqs<+FDDrK;e%;h$zbd>zG&k
z+VRcXoB|bm>o|4;d`WFX2R~6R0#1Ee4!ls1UyuMewb=lO*N8h%@XK3iU9%t1qUBI`
ztx+>icxPW3U1DdVk!RzmTm7Exz?WDgLn+n8B!X?X)24AlsN*%2(?k2(fjzu%%eZ7(
zGVDpZfrL;s^)0bm?nNt&Yk(4En4^JIo4;_9CIv@_M+YFAAV_lF*>;=)h$`7T6xwY!
zUBpcV5Y4{J(HP1Y>a1<DbIc*+*e{m#Bn*Gnx8<KyRJW|1n5o#MX>fa3=eSH=ZN%W|
zzF@4u8bv|EPTc2SIX|TjJnarO`;iMtdLof>4b8Xqe%CN-xdjLQRq5^6M$cl@^f~f!
zvL^T5%>2s|_v@|ZY7uE~PxuB_frwI!?St1GcuwcieJ=&aEdrZ3on3zIfoJN;tp`4V
z&*ie-ifS=ki77m(U$fG4?sB@?dM<Au*;Ku4j-+jVa^U6IFDE_fgyL$;aah-j!B<yt
z<d%4lJHAvETTt)YZtzNMRbF*FPt}1<Bx_>|2h2Lgb2W+_amz<V4(WSVHvgC!bp?E+
z^eFYgH!Z$ZfN^r7TitzT({o&0@^4qb^5r_d*&nh)GYjWlLa@b&8|0r9t;?&|AAT4>
zt)|E=yb~c1s3eFixL3Z-LE>(HEhy3*yD~0(O75ko^)dEqf|agPk60LldWp2TZA|X8
zfaEQQpx41{<;)CyUMIv%#vv>ijU0lIb9I9o?@!I7e9h}DVYHW&amB2<?`3~neX?5u
z2ufU7w=rTqGT)J`=+fCzsMCG>S_8KG=mx9YsQ-l(ciP)PZK%os3phnW3;^$mmqdF;
zs3<45xRY{qBGb1HPLM)e6zzoxOO%d|h^EH2UpW|F0&dV$Xc98o#R|9s<$10o?1W6e
zgEW04!#Q;efU&pQK=c?7ge-vvAG7EeR+?DbQl+A;rMGptBiZG(+x!TEpIT;b<PJSG
zw2Zdxp~q)fUA`(v_QlI!BIE;0=5aC-9_O{`cN)qVeSEytiCmxR7qz2bcT%qmgUXcW
z_nL<kra{cwY8XEwqKg6j2@;`9&lO$V@b76CFC=%7z<tr;s@lqn=MkT;UQ`}@i_F>D
zf7=#5VrNNf4a~|Ekn5!jy{J&kM0(wCHvU}VTX{-?7No#VArOALaD;azLx40Z{6Cz%
zcRber`!-&pj50$)sEoLzY-P{NE@Y3a?49gL$;b$ok(C|F7DbZ1WsAtp&d&awFV*}0
zeD3@EP4D01;Sb7nxn9q4&f_>vy_Xv>BS^BBN3`4ttCPP?V_R5pl{4d=WIrH}ag|&0
z@XLwPi9IK<4Qk?v7LB#Hw?6}5{KonH+f3s4*_L+sC67^>UU_^ltCsdl1tXhN9B5`5
z2h}~!0>@g0jMlxCBc>SPY~?FAKfC&~BD5)`1uWwj8|SyXZ)fsGYpK^O?Z1i~Gwdfa
zE&Y~=*8xSAjPF5*mqbP;n|R7sU)g^+ti!qybxV`ZuBz@<2a*8jJad~b>xon2nq_k{
zS?65pyd@n-x==M_<_>XMveX&(;^M3Q+J*A*_G3g+snlk>71y?7eD77Td8pkgT-NDp
zjmsMKD6ba6;M<JUH_fnFxcM!xe9t_0!>Df;3Ab%gLQ{d!xCxB0_IHZ5K0G8K-CY!S
zA2_g+wVyPGD4=59Ol1{xfh1tHWZQt~dO%uL*sdr=t;{)+*cU)M-pE$2NgVU!hA)yq
zUXT0=;ZXBOKSh!Jd-Qep+tbgiwuuoK5@_i>s^mS@m3EessL@1fwT^#`LRx8(^t69v
zD3Y=mg`Ut{0jk><v~o|tv<6Yja~+m5c7UyZ2|0|z#d<M6MNf_lSMF3qxnC{4P^aA8
z<onkO`iL=UYbj%TjHujg=edLt5Uq+reAw)J;6&(M4{!SxkfEpef>V8Q(Nz#60i&_Z
z^GQs1R5ZB?z`>L*(SKT&PGUALfIz;}sT+Hf?Dpm6Y~RawF7*Eh7+s7RSEmYc3hM4{
zvnsJ!A-da)5e}z|emFgVVvjcA-l_Z-`gmr&=p#{j9MHBa=%LYR7LCev-5}k{ie5WC
zVCdOvd5VL>ZFC{qurW;P)bis!4b~GHWy=^(3)3(91&_~gi45V8FeHzgX2`$3d8?$v
zrCCU&zB0IZgG%wG-Nzq`YT=V{Ttc@JP3@I(UuRbjN!J88y-uCB^*Oo6M6Y91_I`PF
zziax3qL}9dF_2~GT|VM48VJa~w5On}VR>DA)@_t>D4plj?HO*;p{EJ`0D8~=D(=mc
zC}G%uJtcnVl4vN=doy!?VKJ0P+&&GUnz&bSIOjdtdP9UX8@@c55B9QIQid@mT@u2G
z>$Cl~k-I7AUkijF)>|lf^>^c44CiEup>@?IsCiF_;4vES#qQS7-bIv;x@K(NtnjM+
z1Sz}z85qg&P9punAnRvHCnK9R7Wt~Bn<pEir0%jazm@dYHN{kFEW~c-huPhIFQA&K
zVOf$gV7R&_q08l!S*U^Xpd2c{tC+&Z9M;{l<RV#|FE3lo@l?1FM~NK@KaJQ0@oKjg
z7ZUcAd7A_%ub|`eFU2EGSZ>7&%fV(kt!TEO9c;z8Jhvc8p9|+Y`Jm~XZ*8ne(-@{x
zV%6N*V+310YW9DXu>Rlh_`?V(Eb=%_7cLYnN6br_q0W)t{psyHMP+u;7+`(KpOXwo
zclmgBegg!-ZlUt2r2{1?FX;;VB@82!Or)kQDI}|u<o8{t04x%>hH1f%k#u2-u1iUN
z%0RPuFKkpo`xPwREpO^13Byn6iG1ZMRCQTwE9*cqF$%x>oVYH)u%$9{z^)WnfESp9
zB{kX(4MVU|z1|BXbu(sHRz*=o^YCNr{*(Ed!JIS+y;%eNGSQqbziZWJ`vxmxx}N(+
z(IxG#fjaWs$I^dmIpq^&zLM*iI)p2df5~!@w+QiqDHu_U#vRbLxy>EW*Oq&O;<gwq
z$D7kOJsMM9$A;=N3?+3iISBd^%%*!RUY;anTYg}O$vYIgY!c18lVm^cVRX_f(xxR>
zqkCIG&nIpp_@Jy4FreH>^kH-pC`M6d(~A%$S9wFsGly#8Nks|{3_IvMxT;$ec1>S(
z2w9WjYD_;#!HWJ7FkbJ^!YnD#fYfMD2;M?nKV5z{{gh|*T_W3nuLerjn#3Mf>wVnB
zh#LPGT1|SDJXzGJ<nky5`T5`|HZ|?n?PEw$1(CBobp`Ki%~kF~E=cd0!vjxqF}sBQ
z80_MS&+T+VIh{cQ)vF3KZ}=15B3TKN(IFd;uzeN-KTVLUv+fF7<kd5nR7a0naba{Z
zDAYr4FfRbJwWpP81B8v-YMIBiWIdZMJqL`#$%-b*n$p|YMlG%EUXd;*v@dFXPtks9
zmbSKh^^45`Wj^S`g+pJpJNg5dWPSlCv#E{02NE)CrfW$xnMQIm&rm7h8Gq*JMV6Ks
zI7|Mx`V-l9ptqQ+`j$VAjX7PSace2q$lX#bK6h*`^0I#3Etr@RsiNby`mBQnCWovb
z39=hP>%!Vt=1k4F6QiR!m;21K37M-0r!rhc{X+H9bT#X7eUtC1cLdb=9*!(GTJXTi
z&4=EO4oK<O$62?X12)(V4x^?ze6HKH93JJ^Q<9HbAFJD_-WQ2@V0G8E7Q5i6=M60O
zQ7uY!bm<HIaO;dBVWZr>6Z%F*U2O5u+j>P=PD<4Q=-Z7{pEGZ%NZ4gpX!)__%l;|9
z*}t;|HqanR#A&IFBzn&erOy1eagdjbWnI^@S1+OvsZ|x+gwp6Wg#I^I+5A=r=?>-_
zx1JQKv3+&lcSiM&^TQL|b#h1%4X@F^_UgTv?pFijeS8~vor=`#8RCe&>Uph&*CT%I
z@<%@+^?>fqeJRuDck0*gZrmK`lM^UMp4qFgBTb$SC!0*@BXk79&j3d@izVZ64e@Z{
z!<W^QKGI4gPwkS%J*(H|`qQ9KmGYz0{9SRwUHu4D5Z-b_T&~tdb2TdWtc93w*<Ye>
z(s2xO#hp{vXO0b|<hck_Jh-oV0K1g+lp!_L^yo3dj~g6S!(<z69kOfTW1NE+kKXSD
zH4C53;d>c;!6k<@FCGjE%n%l)UG@moyc(d!zn;tK<Xv}`|I~1!>RE&-=g<EnO6V3!
z>WtnyRk<s1^r8`pv6s;FLE|sat*n8>k@Ae+B_paJmD25d-beJKX0Sg=_%9EEn_dC>
z_s{eW`}EG@;AQQCZ^%FAf4zf>q86!y&Za@_$eYxo>`AuzO4dypD4+MBrc5U4O!VRS
zmR{v!!!%A<PW0MS1%m=?na8qoXdmX~-E{WTL!Q_*HI8TBQ!WY;x%*j9BGD(c|MIdK
z3w2$9%XpWx{_bcT*yYwUmnWQ|_V;K(#2$@jVZ_+8`RW3&lMSj%#rvV4wa+CqD`@{x
zddC>keRM04C|%O?#xeHFOUzel<HNyJ--}f+600Sv(V?}|ThWw0_zX(G8H`r5U<&9X
zW)vVWXj$k}Q8NtZwEx!jtOM}_&-~&Qt1o+b#k($DA1+Ogp&;c<lK9GwUTHZJ_lbOR
za!Z=EP>Brl=`JkGXf&iW7x6-B?hT&Rj1-dR*HO9|(5(r)?AmwpZ&}_+iG^PQf!971
zZFDSe{1BN0EytM`aFAwwZf`eCGBQVVJJc^>e{F#t6kcu3Hh1R|b1ad<7t_pFr>}5b
zMf(W2fOMy_MC<~V9BtcCtY}aImLVz)5b|jSuT=o1IIND#K5MLsVHPkGhZ|oW=qQDi
zu|a7ezwpuJQ4NZUXzY*T5>2+O87J33bP{Am5(b7>AoGY&`h*g^@G(;C@$u_KIgJ`h
z8UP4LYlqJL@@v#e4+xcYLIUxTxU-s+SYK^5y@<jBLPv|7=(_=X(DNe`jePXH(>x25
zB27YNx$EDa<}lLsyet}<yX~m2fysU@l0sSd4OnYuHvj1eJtEI){uNbM+X0?9C&+BB
zJ4Ie5sOVmoS=PwghK9oR%aR2nerdThjn%bzOSxIjHvTRW)t~4iG}-aWYI5&qLp!%{
zBxL~RNL50GiG_>TUg_#n1+xNdD>9GT)1_@97#1=KB^Xf^NJ9<E&d_nwU<?E2iA6_N
zr%A}wb3kbZOqYdPLIzM?F9)b?8wM~xL!1kY40G?M)_aFt(rnfD%{4&P2oMWHEzH_A
z4mNI>8x4inG@w!WPOY$-mq+LHyMYqC&+8y~V%$nnQHSj;$y@M#QmxIU)A0)ke6)ka
zQz*5ix#}g+s9R}r&0ZNuS#FU9&89=eI>ESiQT$RK^6$H+K(A1DE%r&<Bs6m-UCL`7
zYfoMcCc!SS^_&1B(>zumntvk-iqLAG&GVaY6rA3#lH9{&r}P~A3-D<MW(Id~-{;Cm
z<yBTKakl4d<z)z(0V?daL|+OW1{pH)q2L(XR|(DKX%mo3Kk>c}U>9-9WKTmAM@*E6
zy0Dcpk*ZuJ7sh9ntQ=9bk;j4IWeIU|o=wiW_6LQ^hcT2{6v91a^qMku-t+tzsg{07
zaGH}zW38+LFXP8oaER?yz9bx;s;A$-xRFXUSc)`L=m(Lsmm87}X7utj=1ujJo=p<N
zsNfQ&urCL}9stQBi=j+jce2J@R;N{BFAEXl-lwQSs**?VLHTZbE77C9+NBn7VV{AF
zcKWz}4Ft%~7l3~I60~<ey&_6i2YZqc>&zy1u<5b!%)m21*!L!dT`JPYsH}x4<JGg@
zBw!%k*z0kweaZK)Ud-<9Uz(ygIuM);D49G*YueVg67-%`NP&Ke@|8vHgCJ<|RLjUy
znJ;rpW9_4ZBoKV{x2Z+z1MR~h&;NqMdZr>cu`f-efAPX@TENttHmc`9KsCb8iJ+y(
zacfHApe7yME_!${da9qDYvE-Cr=6Ys>45GMve^CrgtfD&f5(QTUrH&^>{FI|7jZBg
z7xAU}xD0(P`=7KC`J{Yy!`J`flZGS02g#|q`@j0Z6*}pYN5(GwA^ZFFUkTy31yKOc
zUS01+RuZ-nN#rx#mqDnI&Sls0$g!g7_3sD6-w%1-0Cb$njdtGs4N1U(m6QEo%lsFg
zfE2r66F$MEwI@Gc+KiJP+&7WhiFW`v57rqEfX*es4=(<sr*$Fez|;Ks*aLUS^D!(C
zWxLHUcq<c2@G<trGo1&bX|V~@Md4C0$Jl580!*vGM(bf|9W3rrzy&WX;!Ya;iF!q0
zc=8AHS%3W?Va@aA&jomRPQbpp!pqS@QgOjQf8>Q9$$03`JlX&8PkutR3AW<@!1f9x
z;g#LIW^qvmzVfad{OUv}7x(@q-c5q{v9P~WMt0zy=6rx(#gmy7-A_yY1y_-Y4R&x)
zV*lC@(zg9KjQ$TdT^XS@hj+}U?C<=Cj|ev*CO-4vb5O(xreSTOlXCy8c^V<CjeB=^
z4&D&;D7e%t&o2f2jO*0B;7935tkyraQhsjTd1NO!DWSi=zp=#dqYAs?nS<r1R1J`w
z4EX$X|B?&$Bj(|%-IVNs=E1W8K$t2upO}7Lunai-nWk^cPzP>g8#a76Nm{;Nv?eB~
zWuR7bqz?2afZAB0{<VnFC|F_xcJe=+(VxF+fgq@#%IEa_B(*dnoEEB#nuCd0>iMwx
zW^n?oKRq2;C;+|gcsXhuoE2AtO)u(wxv2YdWyX;o2TB$V{&3cQ{?~^QSba_Y`T1Y$
ztwQ(&|G*Ug_-f9F@T(jNr=R`Yeg|0LBEibRpo6bt2E6cAb<8hY^B-KSKkbL`OL)~w
zpP$?-;RGT$LQjQlaSz;j1!ee6Wv(yU==~3-Bnf-N9w>QmKKS2^157fwC=+Ls?)@kA
z=6^o03E>D-_?hog<j>8ZN4Ocuecw@kTu$Uz2}>g|A)NfL6hChU3km#aNHSq_umSk*
z8^5o<FxUL@FIY`va$xy~w>5v(7BX(a@-U};kv=$*JONM1{a}>v=ME@n!wXCOwGTe3
z&ItX;alVXi|Anf$aBi?t?dT5N$TmrMVgI)(XV(3{(G~;y+WgYY{NTUHh1`Z3wdJP$
z4bZ&|5!b~D9BY?@Us;W8UGarQ;h#G>jzoFed`sR3?&OC=Ffp11gY!QdkDtBa@IH@}
zWII>_NJ#+}(kt@uPX<&Mf<b5Hm=ieo1k@m5ol1k#&(9_-0&gR%cW``88w}65dG?o8
zlLe}lIeQe||9rCl<9>Q_Uj(aG!`M6X)8kAaCl_B?e;@Dt$Gv=|2A_<pHO}~Fu;YIn
z&fn#VcdUPW5%N%Ncd&qWWY<3waKYc@yQDxz+hAkz!Vqun?Bci5^(Pfmy_5{8X+x39
zlQ9l1j&kI)UD<Nwzkq|Z^qw+9zZjqY@f82h-xPi+oQV*}=0n<fHirf;RNj`YJc^1h
z+OgR9U=+i>u-)9A<6oP+Ra1W3IKV<h=i<{Vw$`!k)IS&ffpF@=f#wftm__i5!bWoo
z-fsIx@RH79QuaydG0cMxWCOT77~wk0vfzN6hy-G|1mOyt2jQ$?@zDFP>~CN1dxz}x
zhqKT$(G+j9JP^r`U2yuarwl}CTZTJOiEl?F^SM9YO)3Bx%c9=N6~yJFBf*$yjKjh~
z6d6ox&hu^4N1`gB$2k6(j&fZ_%!Ms9uuShxNu}CQ`nhAqweikwDzSEtU$^sV<=h4t
z8~?YX2!a;`iOroSqKw-SW&<J~TQKN6lj6{$#bZ%C{Mh6vSGQ_sP{Fl%9;?ApPJ_DO
z{lXi-vaV_YUd?~({ZCb)r-((33C%zFd`}bI1wE3YE6O0UYIy}lKy-xP*6#bt66Xv!
zHPEiUL4C#k?)TE}d)6@R^re1nV4r?=$wagXfY@Knk@6#<-{%74*2ihH9UN$&9{fIc
zdD(6a-<3OZ4mYM*cxb%$GScLPQ+HFTx72Fe#i6FxXm$LiQky2#958QWAw9QphJk8%
z{f+<&J3+~f$_&_m|44x$MC?d;96@XMEwUE%o&`}s59u<Ob#1Dke)IKG&;jc}bj<KU
zClyii<L-AmzQ1|0Na*-Bisj%HDq;l-@DU>ldKAo}?^nAu`gj)lhj#D1{py9+&fbW+
zwIqwE9OoyDK-ng4RipczcP&10<2aEphvNw40sI>{S9cxYe6xa}?uajADpK0rI;&;>
zNn#4<M_KFAs|a|al0b+b3dn|id@u*f_%l>Arv-+7-fM*ma4K(HKm8Z{JQnyn5}r+l
zS5j9hW?NJ5*`U;Rp-gAob$Jx$4#g6Jx`KHOuPYYRl^Qe=T%KKG-UQ5WibMn)k$OXx
z704WC-O}Qqv4#^c1!v_t=*r0;aQMMkxA!1BKb2d1Mmk9<NDk^uvY==zhxBhx^IGfH
zJLPf!8e#=R#nPZ0ZY-V2mRm(U1v4?OCrLiNfhdBi>pddPGXq8ZFcmF_t}8uKQc9R^
zP%zBX-{24eSh5Mo4<iVIDLkDYqJ1+X)FY)xkL?vwAB2Km{VW3N=M{<r{j`{o`*UkU
zd%HZ<*`Rfw3X`IW*M?`mjBLW3g4Dup^~@F<#G3u98x1~+q|Vj0p{X;wHtnTd?Y*g2
zj*}@pgC-H&bNQO59mc*so@I8Q1>rL}DQX8LZcEJ5Fo&l@^2;dHGUd`@@2TILN2*+B
zlZyelVz}i2xPW#<uQYE|{Kut_eh7T-Ei574<Tf-|<+f(?<&jg5>$XuN55H><Bm0t}
zzdfck1(>NDSLciMi-ar(ijned@?^Y+VE>RosO-%E^10_j+eU8zaFsvzxqRnGt&kid
z1KdsBSi}YexC>rUp#7|{xw~E-4=pvFFim#jmKgi?>x?Og<|X}3E=ffv;7*DN-w$}~
z?Q{(7uD!_;GB<t02Eg}yF-nB^Kz4}L{f)fP4kw-|7zU1=?MWed5Q^8FYn+3aD&gOd
zuMxefp;Ni;pVwPkljZwcS?Qv;>Prjk-^opNi}hUBLaQf^soKp`K}r1r`a+QISD*v+
zeA6I3cJ`cV30&|rm{Vlv*#NhL{)_X>D~B4t8_`aMjpe(m*;CL3s%t434ZPYecXckz
zqSlTI^kZMb@Et^9w(;Y08(PsQr$d};{tM-RVmBPFg*I_G&*<lLOE~?vjTT5rfz&a5
zGJ^CoQbpUxiq>y~)M}{vR{xMu?KGZ2&CNN0u2`suaLNT-x*J0oF5<ENZiuwzX~uH_
z=ap;7^oz~Sp7OX=DT%f&6^&QcEr3f8_RBPpRBn69{W;xw8~Q48z$I;7s|}zCO>9Wp
zkEJf)7;KXLidKGl-T&F+-q;Tos^&s(41M!(L7e#Js~r2cON(!&srK#<maa^@ETrwV
z+<()OI}#Wkp>@U0tWwaVhs))pBTxStg5*b__N*m{&*R<{R9v-z6W7ubgd3*l%Z?GM
z$j5=mvqLrfRhY$O`BPBWeoDoccm6z|%i65D$r2DvjVmg_Fr-;)c{2ooYQ8-PMjMEU
z)3*Q<#JC^OP2Y+^B^@tZFzMMiG6;y(@JuZX^m<$X4UZb57hhn&iV5J2>(=~_gsft*
zXTx2#huI`XlY0|9<=2OH<{k0$CGOe+fTYh|DL)_s4LZz>*&{^1wE*r-1N^X?yhpN*
z(+Uu~cAw!5m%rG93pEPoSq@D9u<?*)n^wcrtvz{ZsBl{|9=Y`lh#!x(SooO@{>cY$
zN+xt2V_(>^+PLw|?Hwy11E+)I-1Sv_E7b+ArdsWeMsd2W)za^rn49HEzJ2B1viphH
zn<4r{(E%BOMBJsbd5xz9jBLVdRpt0UqKPu704l&OsT32?5bES_SPbI}o-4OCiTT^0
zK0XEZmcc!B)CP4Un*5DPM`{Y7pN+MgzH{93I}(L(X8eNnZCKvxD7BSB@63-N&B}F@
zQVpxwp<9hnLZYEG9M3@VlKmr6m20`)_ffKEJQKjoPDU8S3vJZP=jj^Sq<nJCO2<4+
zDzbbJX2GO^bzE0F#D!MNE_2;NK)RMNM+Oz<1apffBQ_w77w&>YKxOClq5t{l{pYeN
zNF&SCPrZKa)$L95^|0a0)bwX1b5^xsRPm0xMpK3B6Uii2lo2)M8iGwxI&CFJB}@7|
zGx7H{%swgA%|aKI?Adn1?f1`i!7NP%T^?!$ESQnBU9Iol!ro4~eXpL6VUIa{z6%+e
zmbukrFN;SeKz}m02%@9em=VL`WnBZMP-N67LUzux^YZ|gv<mv6Wnu2yqcmw8ExhNh
zDpA#y0_3#=#$qVCUN54athqV)$*3tZ1Pudt%w1rX=w5u;@`E>tyhD5bs)VFOE_6(1
z{nC3~Du`JmafAYHdNt@g<Wf0#HdkB;b@yaWLOPK&DxF9~U(EagDWQH+U-e^AVR3;y
zC&{5^mx=kfd>6~B>jTDu@h*<7^G&l&jz-4DM)7V^D%wtl<yIYmN0<}&A;L2R1pZ(v
z3?o>G5UwS_zP7b8H5%0K0cz{zV*t!w@}V6N-^M0bydWM;h(2qjx=AISQAx0rpmK%F
zP30RdOB^_gpt9rZ*B@YBOHd?9pv_k#7vhk|I4}IyUxZ=_pK#c>=F3yJb4S(lCXcd?
zbzn&+@BMHbXdmBD;jA#JT~)6iTC-wo<TN>(-J-#Shu%K#Q=r9qRIi!(3TV(9ZvR*u
zR6pna%;XDT7Es`vlGZIBJ%nH-4Ir?MH1Ps1Mdonr-D#v<hk#tG>>d5&h)s$O*hs=E
z0%NQwtM?nJI&1s^`ruCTK1ot;R5}jWNQJ#d5DCQc8H6`0YjD^rj>WWJQ7r?u+QT==
zi0$9f4P}&HE7f*glxWojGeU?8$M;XnL2W|lbS>hdR%s+@q6#mn3}ISrx$T}iOiX*2
zm~iN|*OAYvSCH@j%~yydV;#R~ybgN6vf~ccRN01l-o`XbgIT;QV^1ls#^9cFh<TYM
z9z|zKY}UI5+@;Txd*OUTZfqqnb+)q4>lU~zl`|bCvhrJqwa8pxaBw?J=2hy+Pn5)_
z$))0pDHL=9ni=+pRH^D|Y85)Epfju>QW)_1g><UaG2B`Eg+Z<PvUTl+N?dkigqY`}
zX5KdtEi{tI^V1!pwhs=V<Y{qHB$@_X-DCv*o8b}6D41~dTxVoplchiirZ@Bfq^pda
zR8t$U-0Zp^4t+{#_Bl>*c4upSz3~}fL%M7s!l*0k(WZ<gh~Q(h7l=dF%d<xG0U0}`
z^mUH-e{rIOF-&kc)kRV<KD*C_r#RMf88(wfggTaQW*6wV(K}h~t}n%BlhwD!#}F^y
zzD@4cq?jamedxX04ry)`H+uTwgsmJaK+NAYKv#3yb^xdtPdVWca8tW4z4>g)5(T3o
z_<>Ql<gvHzF}MIxAVc$Wo}le{Xmkn2f$PC*zgfp+gBDx8q7u9TBXsJ3P)tPGi7Q1n
z06OMC=3nhucMsV`gn-#JV`!Jb7`~yh{&0AZrb-y5OE%(>?B+DSj)!2}7L1A%S_C4w
zTjkqtFZRE-d1KM9V$>3I0b13urGS)I_RbvU`tcm|+5^nf=MLktQ|iCuX#H1f^$45O
zStRu%9I0sAHp$HTQM-x8k2LP>m7j_(Vn*et<9H53)38*Rxcj0;A+ve79dOm#Uup2f
z%c=J8j|Olga_UP(jMoUFNqm&+km+{*0(6@N^WTz!&_K-<SbjETf)xex!JYxIr(TCx
zIu!!Dbz2}g`}#>(sOQiy*15tz7($PIQ9EQE0_MjR#2)f7yo&I2Y#zJ7swKu&P<Hiw
z$nC~f`rV7%a^yZ;$c2`UkV81Z!uschMU3=O4iizx3jFO?0wJuFM@q+wE<g6W5#384
z-sw~?W#EZ0T-*jB?^`+I+ymf~W+SkyzPv5mquzZ;xC9dRWjgLuA3p*|MH(4#!Ecq5
zfD<wa*T?{R$X?@bhk+S-5g~rX4H2D_th>$_I~Mc>o;9S6qcwEvvd6Bg2}~)r=Y2&>
za#)UkQM?4mv}NIqkMPKGy@P&y0RaIf!7sif2D<?68^mC&$|SUf26g70SGuOXFodl*
zWx~#>@jaW?TP46!IkcJu39JP}93$5P?cNdyxVa*?=N-#K!IO(aDuN<mka?12B6+4*
zY~K=p#Zd^Z_xpRRy#JdUm`rus;Zh~o>~v@Oza=~zgVVcyLBlXyc?{^DYmH7;Kr>u|
zxlvBT^jTsf#aDj7l%t(h<H0pQAYuarN~#t>emsa*Pa1lge}D0g$<X^US5UMV6lKJW
z1`Bf%C6B)jA|>}1M}RI*mviamMSofn>Cj5{6bHcX7iIxBbS-!&h{Rx|sxIW*I3#fE
z?)Z>GcosH8I^4SVSl14cL0e$=xV$i~8w>K-PC^)VgKWDZgnslxU33>w%dh8wkrM{+
zgj*iA()+9Nodpg6OB%E5YS(Rc{hH%@F}2I5TC0mEZO6xo=k2_9sRhM75z<(utMIM$
z3nQe6fBU;H(}%(j$qkGiwU2&s)PEQTPviSA{X67kXk_R>u1VoBx&)->ZwNQI&}VrK
z1nu?vbRV8b)F(W@284}G3&)xu8a4>ja|Fgl-C@j4sp0h)h(V|g8p1Aw#G|}qu!(6=
z5NYZ(yZ~6UE#&`FHhr<@MJ9rTcE7QjBZZp~M^$W#?yM;C%;^f=kZJg3Mr4%mI!5jc
z#Hr_Cuvix@yWND0m7)@XZqzyq!kL!0{P~RT^lg#*_m%j`DUZ!5Ml}FxCp#@qoXFEg
z?&<q%JywZx=YH@WrV&h#e_*@<xy^Y<FQdtcx$6SZB8f17XO=bo+y!v1!GQ0{KYmj=
z>iUD~`>p|)ii^nnC%1xIG$pKQ1)Wm6PO^XH1Mdc4o{ptm&bTcYa$9JxS~P_9`yH>Q
zRTXXRdumpsl*!%edSy0%;~tErM}I5A$B<F=pn}2R%yfts9)nuVDw<6Q0u?Vk0De$=
zDiHS&P<zMZ2>OnH>_RwYc~JQJ5r4h=Vi#Kx<V@inB7ttIpR3wuZ7cyxvC`-_>I|cT
zo#M!!=n@imXVOtVkq77!zb97{Lakz>!i<FR+e@`MGFQ;j1YdyoG>w(?WD=?-$K{uK
zaDu^3Jvi4Ei5W$xI|%8ccES(fttmUre~rSP>G+|0n1)L@xsPywX7~HC`0Puscn0q$
zQ8|r;wC5R0SNNRF342O#`mMtZne+HU7-rTZ>zwLZPWwVJT{szNz<vLyljj>hSpvq=
zY*O^X9az}pYZuFqKl&G6orgRjuE5NH^Ijdb7kOD;P&MbgXyo}i^P*YyybfoU#?#Gc
z|LyKteDN?C4Eap?ww5x&e!7x-6YFpTSogVzUQMX|VR-;bMh;(;2$j1F1QM5FZ1FGz
zk6+N_%$E{wLWg+r8)w^2VMg7r832ob1OQPyR&nHvWXxjN<a7lO+j0lA?h?85=IG@?
zc>)I|CZ_rp!s~GyX}t?1G-hq#k`KI^+Ka=9GoZA?4$he7Bn@!|yQ^D??G0(S%U>P-
z>VhWZ65S2+l3^V)7TRpV;~?Mrk?-x*l-kG{5@^O5A*+s#IHcIo!uo6JfKz^h+~5x1
z0?aHBLGlx3(Iyxs-oV{&j@+Pd$o;m0$UD`S0jJ$Tiy2i%iDvMjykegYeAp@Fj1I0I
z%~96t`t?i0l|C*k{mT4{!ps;a4N^ZUor{ZeU8=A1;?L3t{$sA>2rK<Fc#aEG#;5-3
zLeP57VxBIfB`My0w_;2ov_-kmdfVTi?c%F(&-M4uPH1q3&UI^FxGMYjSA^*)DVp#M
zD@tf*C6o#zE!g3YrgP>V-vEnhh@9~5j3g3E<Ei!(cRsrqAt=3$B|OB>OKY_CSpVV}
z0q~BBv^l8rhTfa|T%AgyB08+Q6Z+a7o(0_!NcUGO54JObj_B@+SJPu9RT-9FD;$RB
zd4tR#4yM)Gev%-UNCyxU9bisl3t(LA6|y%+7Vn4=U9^O}i5+Hf#Xp5IabP#wC~m>g
zAjM#{hnFZw|LTy#MF_hL_P(*$I+F9(`ZC?d2xqQy1+-fVls|~pAdXc8WsYuLZ?xh^
z|5;U$36H%k9h1RQrw~GZEoyjF6`wPe&;H^{A=gg0k`BU>$_p&1VZYo)!(-tTT=qSv
zhc$pg#xP%YUIQ~y`btD!?jQsI519m6jtiiu$DmH}OqRP({K~yqCWs~;%>qixS8)d%
z-x8Eb8bDnJ1?9@Ovq0*@@Q;Bdd5zE-*lk9{D{jsp#0LBM0X1Z1FSCto>=k8N-bauR
zjT%&VVY%-CsU{pu)~5wz5``eYJ3lCrF9CSD9!kmQKw2yuNRr)KzFX_S{i;X&aj!cB
zta%_7&<ODm3I<{Lle+{`aMZBPy@#^Qbuh0>iIMDvexN_nPjeMw;!G5dl>iKds$2rO
z4Qa3$WAO3w)5f5quu5f3nD`mgQ*J;)BuydUTmXErt9g(dNdr}T3G>bA!^NfW6O5h7
z{!u{7uR0IeK>J$<vsHBQ4$N_K?ejW3Qo+6knAA)*A0YX3*W!^`L%5SX0RGL_hCcQQ
zOAr!GRmH)Xjwyxk>b;;velvF-)F`jP5cy|`4Oe%8u3rzC`B)>q1Lg+SJJ<|G!rL*8
zAFsTg_ad0aoo0PqHl2~Vx!L~Cae?3FJFN1ITE)Wl#<C$4c^Ai*pg1}>bj-#C-Y>em
z)*5jTVMvFh<vCLChnuCUGgv1N$U9f}5XUf~Y3Xm)tpcl^x0XQ5uMQA#Slx!h9<a}A
z{a{Kqw<Ic4WbwB9*YrR@Mse#w(Tlfpl>n`t=|7gt_0p}4Q~x<vJU41Ty*@DfNccno
ztPM6>WVUrn*;rFagdgAf9iB;T><Kbf^|3uNHtiTYw)b|@Xw;&|{3APjk9i5xmNMO^
zyD`|bX&!Q@;Czqylrz-7FO@JBk+s)Hs$J%KKF>QX4#$(qAy4X3U5kmlIO%Q42TAZ=
ze$OX;2rR_$ck+0BMyFeGc-?f4@2*DHq?I2#ae8dal>0R@7RArQyW>*tJU~em2{ol!
z=~M8UoY!V4Ht;$;c?IG0ek&y@kzAY!Bw><lisijUP;1HMZZ5VClrM=z#F&;$b)-#N
z3s6o#8=xNVvEbZ;!$+33Rrh)wF}{>u8YW=;+{|~`;tmxPBjXeQmUHDPFob@H-|xt{
z-ZEt>Mfn0GbBPg$gNk#Uv!H_ievd}dAX_Vdt36|pjzG>Js;&{|^iCvZPo)3}I=&_!
zBtOPunAl~|drw!=g_1e!LA$7t8fv#8G^=KBz&-1qLQPh6@@X9HE}y?jXQ*9#$3(HU
zZssVZxxyt`WI9W);N8=~lAUHhdi00a;FM>!3*J?~QJ?mB9Q}7;<OemU3hA4;>}sU{
zM4fqr>Ea?2z>htH6G@9%>BGP^Oxxg<^T{ufP)OWx?bKTAqZ@4Jk7t`nSinS?^|RMb
zJU`h3!?TwXJ!x-Mp0_|oz%d1o#t(14*n$khj!^Tl&7+U(GsjF$Xjx#hgYZpfOn#dh
zy@g7!?=IUCWhzbLhwr^$5Xcz%_wJ!D=u14*qbkZW6Ahlqik?UzYO3J2cpLHqxN;?a
zdzZdES%7kP`ZGtCI#kW)Zmr}FwS|D!l#XQ}lr<L9)mlf;PS|~cO3ZzcNbMW0FYV&t
z=zLXmddq=ZXf38Xd$d^QcZtYLJ1Ou%V4iKMnc1Lu?5Bd^Q{FW%@&iI%pAm2tw@J02
zAvAuualE5)=&usown)f%`XZ&{ofv=CT0DtyloDx|Ve+(}xD4TPm$wV(ZzS^4W!Or4
zOhRZTz_#YiWuwYi4uhYTwr9cPDPOd}y3O3;^}T^Lh`M?l&DL5%@0(OiJLpwy=a8c`
zg*I99P?^O731(N&Oqv#GJ*^A*JfyyXuOD$DUD3g}bW2#$(~zsFl72GL!eI|5LfsAo
zg2g%{P!r&BCYE1P6nqp&Ze+z-U@afzN7eK%KWSy1dnK|%rh@&7mO$o<ZFh*ob=623
zLD&0d&Q;wa@seq#$#M}@#XUAp*r`Uxy6v`9&$wH<<5Ox%)r$`kdNNp;-YI;?dEBig
zl3Ej51*Ywzb5bg0Pvt7tnRgOy?hwZBq|gQ9vpQ=7EsI;teF&{_mu?vpU;<ws2}#qy
z6~GPpVIw5cbobG_?`;5-XQIk7Lp*^ZZ|6fK!^e~T!aniIX7=O_yq4NRf;zSaVtlf@
zP#j<T_E~onO|?EbTh3c^mqr^J8B7-ou0HyFtm?L@poMzz-&F>m#va0odRlh$(%!F)
zR>1JQaneBD-xJ`<te!XA2~`&=*~ghLQ9^Gou}fC9?3PC__$3CmJOyj4%M@8VkMLDk
zEcjKKuePYs>BWSLc;|k6uMmuLIIXM&(AT3EL$_d)mQZ-zDYPUQBG}ransr-<bWY40
zO^_Bza*YGNgOj_igd#-(|A==G_IDW2D8Bo(JQXtvapFtuNkX&?k50*V9K{Rheo^|W
zx<2{7C5RX>;bU)P;bBERQuT2lCu1MYYE{2X+m7#Prb)dA<oweqcq4Ufq{JfXjUgZv
zV0DUfji)Lk{Y}F%ILN1~<c>KC>K|=|w-Q8~F1`NlF5MxhYx1LQ*uB$L*R0=XdW@qK
z-y`&If)HVS2Ba`@(QP93m&LhpUcuL^2^lCy%yNQ)Jz1Q650BflGo48g`|C6Bpwl1y
z-r!&PMk_G;=0*Bk{NA?lpwm|61az<FbJ7xbrg7Qf4EHiw5weom=ES@_oAdUhfhcy=
zSXNt}f?86X*=M>d1ug0nk0k0vTW}A9m7p-D|D;WGM@*JyI?ka;yM|TjwYy$P`@|>Q
zZBY>;x^BHMh=krMv6IFVXRhYnL68J;np{1G#=7l6c*3V;Q0m1a8EjszS%^_96LQPx
z&U9VsW$<+z#UQ`o&w4B@q|itM_4>}77+tQ(%`Jsk*P4`w+JB7YpT0@RC5AF}E}DN?
z_E(L%ix!qfhNb--G>bAtCL<DZ($hs>7pH_*;_1G;vr6OlO;nK*%`Rt4uH$NRl3;CA
z(*Y~$-jqJ-n0B4sOM~XyaIY)a>Oa%Ao4)dR+$hsux((r4uE`$U@ufgEwY;jMnR!+b
zhq7_t!7HdQ;$Kc-uO(|t%gjGpaegLpn*5{CQ)6f^JM%&<x*ARnkFWCGGNSTPD%1nh
z=$sR=%{okV{ObdDNjd5M0E0O3uy*(HsoUAUZwc@+O*CH=^seba<|L7n>A&`()0Iq?
zU*K<&zhL2WXWKB@u0trpjIh;KdXle`RM5oC_YbWVudig57rU)yP8QSuE>z$Bff*Cd
z8}AEkV9xEP?dXRfA}9`B+wvbeEr~BcnJKobLF0GEZNm?V^+?ufvVd0KJp;HI{@W<+
zQdN*!oAB^}s%9Rvkv83o3l$LmU#C-S2kxo<axK*;0l}$D!ok^X7Qe!Nk6yL;u!-j9
zKHACf=p){5c8h1&8la*&ysjnGw@$(JKsN16zJ{@rJcu!>dDQuStztcADc=a(a(Y;@
zAR%tUhLbjlIi<^MK5J4o$ER}UA(%u%c0NF3i>4U|$UuHt(oQhPeKK2c^!{>SwR`eF
zk<6FmMFUV37lPi=7gwt}25eW&A(1wQhqYYr1&||fjCtc#Ywm<}b=sj}<h5%-aaA#^
zz^tcbO9&$2aj2CAeI#orZ{7lJo3rU1)+TC|*{|Nom0qB6|3Qa;+XlkqhgmrvaX;B~
zQU=J6Xufc^uAwllgLr)IA)iPp6(~w7o|GHAAQ!+Q*G5Gx=5`gr^%Nje<&F5UNY>5;
zl2|qX3(}O}I?x5j!9ayU9L#f?XWYqJ2sb5#s^914GR4I6^1n*Z5-uano68Y`%W}VN
z1wAnmZ~$K=8CuqHPx8GOA@ybrX<@5Se`Co?_@F{$yBK;UJGO}*JSc1YzGbDK@M3>s
zZg&S|$!Ev5`OxPxp@C>JqUN$SLr&sjdRAHZ_HC~wh+woKrIRdk9lW<T+c$#po}iZA
zLOL()sj`$MkkC}I?#w=<hK~CPN|!9)PJ8loD6GG`FT_Pxw+%DqkU;#x{bnR`*LL49
zT&Ts>vY=);C1Pz06ukC)V|kBGTz0(N$CCvPJ-CkkU6~O4iYGQGL~2~a^j&#?CH{f=
zTFqtN&SoGiI1`Nn1ZA&LWO+!9BphOu$aCehMOH(D{&9tKIcIQFs?lP6g#;;M9TQP7
z<>A-L{OOyvUL@$~H9NHY+ttw{fm^D^V^!KJrDMY{)Kfb3)rwTCSK(|mLaj)hlh-@Y
zG`vk)=vDd&@^lLkWW4UV=N3g#t<rS<KGAAs8#$4*b|5Q;L8tfZmL6k^k0?J2vAwiJ
zBj_gTCwX2YGfaXEFR<fFVn3pypk8Etp&J(pt#0GU?8;M!{z(`Dq!^T!#b$q1-JXos
z|8@mVXCnX>Cd<?tqb#r6icqB5d`<3_?#PoYHJPylgBFr1;ZKI+?SoA8Bh_R0d`Pvx
zqAP>6bfQFFa6=rX;$DPIUF$ryG6CTP!e?$(H&PcdDk&sTTYh=`{}_!w_qeQCp4rvg
zsvP-U_3+HXWL6CJO?fld{-qkVN2<RDnn-dvO&kNoHlvs$Z$$CW<|1tb7o11_CK49d
zn*Clf&*d};yrkcCUI|n)#){E<|1}#%@nOvPTaVTTk)vKxPv&%PfY9CPSZ3v5lSdv;
zP$u<j-$XB8C7eY_th>k2iM0!&_@V;XJj14<!6vWLYP1~dpV5D^UFWrm*ejAYM9@EZ
zfY7LxQ2eecMs8p_@d3+_=l*xys7rcYXV$vqZD{EE29AKLaJeRoHFff80icaGjGiUO
zVmV)jnp_j%2<DETj@S78l)nw?|FSkxhrF6#V&fGakKOGUmrt=8#nyT)Wsxl<<kq{b
zz9hC#V|QyQ>s^Ip%>~~BW{)=`)qzj(E-#`w%HutD`Hc4l@a+ESFnZ#i{SJx$`1ji;
z^Dv9Eu4G<uWfJXrk<WiJ#!e30nSTiaWLheRG<nQP%0sqe9F1zdO1@hR-G#H|mi0^D
z3-;#Fvw_<QL*$dz)MX5>tztE9Ub(UkiF)rX<uxco4%TIp7^v`B@qK|dpK{BLCqfwa
zJ2r*;MT|h;WUM0@du4}Hxy9gsEeyMF-?o;Pk?IkRdv?lH6Hs)vV?#LXtJbNnWb;YH
z$&Q<;d9RLxz_fq+2uhqRfN?7MY5A#{0tfO@+*elVI*+I#Gl$w}+LI=OTMCetoBu~T
z{u;q*s+w!igH=7*q9)Recaw>=XfQ%!D>wpYJxNtiY;XIwum98C6~=fPg#?}@D^ZTW
z>qH?)-G(m9PMTK=gXK-reM=Arr&oLnW-9SM?RRKl+^e`BQ(axR2dcjDlRR*TJ*P#3
zojx2sCT;?~JTq<eIRe+J4nTg@S;f%Wft&uc0W%!?zB+BSEa{FB@QX!AobN?q?2E=F
zoB<i%tXw0L6NSu?3Qg4|l~SB?Fni)!6}9r$EnyaSU^}_r&cM?2C%&*+sN{#9lpR?_
zWp#9a*(5XgJd+dyt-+{B50?>eB2Vu>7Ht>xYO=MYG2gW>R}kzXc=P9{|L1>8sIa24
zu>Scm3P&k}mV|bIeKh0)?#C<!+32y?Z>O29NcnM2qD*$n_ty7p0gh!qhJ~(tb;%N#
zoAscG#d9V5>UT##<cRlpr{k$KzLI7!6^ndJXz-T4H)+M|(+Qpd-O!nJJ-zRpx8$3b
z$r<bH8;vG6eDhT)v<Z5SYmtR~U76}we$8i4M`$%A5I|C{n3|)COO)z>%p^Z~Y-trr
zD!m=<d!Vhjt{0-clZhk3Fd`a@BN0VNs@~}T9f7Hq+E?JdC#9x=p`ay@pK!MZ?OIDG
zO}=$ph{I#8HqwhNnpYPwU^4Gq`9@Y6o_40gf{y6?{3s;(Vr3H+iYliWM|zeXJJg9h
zJUWgvR`~ZeD~rf;&?Z_h3cTlzeD>Qkr^yJFe{MYgmti^Me??rA-p9Ozc)z?UpR-w*
zy6s`JHGR9)=4XovoK4$z9Dug%Ek*%IL#(n@Mg||OczL}JpfkQ5-xQHM&v11%=b<??
z+L36=k0iGqx<<5?^_Dh`CSr6<a>p-t{HUZ!wC2U%n^rHlO9$7y2pF~8NOV&V)qB=G
zc>8K!Vz>K0Dy<lwb<nzR!NmAYvk@N+FLeZ);yAb~e4lZ1*=OL{_=va5TEP%PtglwH
zT-j=2PUnR6^^1qzksrz6=IHBkCZyya7Y{+m?HJWhG)LkgYkxwLT)#P!y|6qk9zEji
zI#Okkr(1!sK(Hle9!(xZLh5`5XvqG7@5Ym=aa5~)tHvN43x)dTl`Cmizgom<)M&tn
zd25e4oM8i4gf;u{9ig2mdD{+I9*Nr6Z#M(^CQjL?C>jEw!Rtz(nb799q`@GP$Odrg
zG#id+`V^?sD-K#?loAo#KPv>`doHht!O5dnnV!E}cz<<4HJYY~zq34l{sMqQ7pH`^
zY#S>Ze=Lr!7VI1HRaN<~n@nsDatRj@oPvWHKqOYid7PHUp0q+Y@f`4*RTiE-a`^mq
z2GcJO;8vSvU$yNp>c2S;<IkUabxTix7wM00j(8`%moxnV5zD8Z>tUW6+L|$|Dmp6Z
zlZZZ^(oigRSH3u}=CPiKVgq-NfX!f(6J`bpm_$wM3M@r+#MLs!-A`Q4+%24cY*MiS
zO0-%<&?Tu8nkNW*XhGAKn&773!!Eg*CEa*R@7ZU_6FX8L{bjiF4M#Y5112F%PPE1^
zyt>S)S$xT7{ED8yF{lvQ<CERe9mn=ibtd-6IekQ$d-E6z+vYJdfwk=1OzkL-Up6wG
z6C>Q5?p9+1PWuwN|6XiOomU(Qt#e}(6s7cH+3gX!H$K^VXZGW+S7&OwaWE^t?mDWo
zJp8T+8L|zvs=WP38<Wnp@(CP`ZOQj~AqvY+hHP4VvCj!j^9&3^an;HF<NZ8U3vtyI
z54}&9O6A(ERy@Rf?ECYc;>}>X@|g|iGoTDWvW`@u!ws-^n}RNpM%$9{)G9Qi?UatF
zg54-&k2K(~DU#W2<k!Yr<2Ys(HLd%qJ5K(yR7r-i><NuJ(bUbujdvWbW%JpNT|0q(
zBine&bAK&4*e-92{6*vk-XrEv1j=fR^g-Y6g40cG&Z8m>#b3opjSpux<aICyw<E$O
z(RS#`Z7Eh8exxfIlYcFeY4*xku$V3A9|qt}2Z`{f_t=uH67LLG?W_;cY&fV0>hFl!
zr!EeUKIiqBNvF{iYT?UtMxdn^m(q3taS#)Jt-Le;%n)cUj3h4B=AepXBOZHxTL!<s
z>aJ8w#yCrL^`3bczOmt@#Vc!=g0vrPXH?H>WRqLQb~O%w_>K9)@wuzgNx7>>Y!LYf
z?H_y~Gr+V9V3x^8@>`XDI&>fGR4&?C^cOuH>9QY<%ukGD{tTjeDnwnT{Jn`SHLQ!V
z$Rgu~q-#^o;__)|zYq#5t9fXz?g;7BBx}#>-5iP7kL)Wd0lqneYDoLbH}QIBA0Q>F
z{B-bAs#EcLP~CzFar7kx0Yri?-O}X*L))uI|M5Y8`ljs^j&;55`cZV?@9HWorRNQu
zJpSb2E57d6ZBUAV<4<D?#nnI<e20AkL~{al)_T<*9e+5!Q)I(C^K3VUq_zGrr6m)j
z!2!uQ*+eQmZ0(5`FTCb-Cp@;Tw=n@wGO0ngbuE#&oKkLdyySrDrZae<wTQ}_v#RVR
z!CL^bcGXn9LER|!&`ygNwH1)(a7U_q))};2b_yLR=I)qSqsI+5SEjsH9H%?$?U=|I
z8lB!5@U^E)*Fl#(4QYB@YechF<7gYgVDx6<SL=A)s!Og2APqnucuRpPlh3)#(0s3L
z3BHOKk5sk3kNH3}5Zr^ncy-;s_#O7zB9ngkE*#7Ci!g7QhuPVo;)u4IszL%TB9Ca^
z>9g@B?IJ>dTEu^nn>Ga`gHezUoMQM@Hg!JV){7an`s8he&S$lRFldKXOzH#Zh5i2b
zuSet4HtU3+(dG-be>D5s{@5X$D#$iD;_!n0dBsUus8=24<tHVwmVPe{{gYB<5i0ve
z^G3kvQ^ZcnIU}7@V~M|pfhp(!b|s5#sr2Hnb_S;|yaV^wkC~py`o2rhM3P24i^-=%
z3G)EeqsRuL0ZZK+50Hv7KsZ&h8J?kha10Nr715rFJAXjT{yVhy%tM|-?c@=X-zMXP
zKZKMgGD}Ub6ylMgf}w@pCFKG;-YB>=JIbmz(hK13aZtW}24Rd2qH6xF9V%^+2p;T{
z)x5zucsp+GmA?yLVSiUepi#b=(DHjPgpV-7I~-yAV9G$_C1XaBe?64J>GFhaN$C&}
zB+!rpPf(8rnZsf=)%d^vt5N~d%N4{{2v(!%{0G2s_ba@E`ByB}<}n1J)N*A8RRZ`N
ztdXYkJtcO=6qoOKgEkFaJzh{6g4nvDup;?aCKY+2Yw$$Q-mTKVA}nDsdUyvh){<yx
zo-AF_$PIAzjmX>((5Q(*X%;I0bLw2V>qZTw6$)?}86|k!OObKzn<mhov%>7YhCt-&
zA#dof^S$(UP7<z$f;&7Ps+?WV?^kItVHR$Q+L}Za=08XHZ)$FxNF#dY6fc|9ug4D;
zhNrv1Br)On+jbq;=R?+?0r~5poD}50Pd71gx}SL&asTZW?*Eya$Tj3*cK+vhE5O?@
z<NSgG{i%xjpP%w8IlL;5;h*O>Kx)rM2FL#~DSz{g!Z31SzhfA!{a#^i<cv`&Q84~)
zNd8sfTMYT*ViyHce;2-|ec=MGV#Y=MQ^@>Z^6uYvc>k(1X}~j~Ek0e+`(-p0-XkYq
zC{M59Z<l3%iKcyolZXr~K`LblU~UG9{LU+P0catedTB-G*AaN?i6osb!lI=9>k}OC
zDLqk`rytQG;J0?j9#NVGkOqVzTD7-MIsZ1?fS&bgs=3+T^zW8X9pkBJa9@%X0R@j`
z%yAk)O=#9e)fw$>Z{$Hqz*#yP3W4F=7N5^=j^q6L$akBN``?t(TKZRc(C?kBB1*q6
zG65Da1>UkfQNlk_8XXU)Yg<s*uH&1GId|mf@h79zfb#scR)MfoSx5i*@vpuKmQNVL
zih@}C<#7sjaj45MBHBXk^Uc{nba0x9e5LUQjQ}a3aAwkC8}a)degM<o(f(EN-<-Zf
zI8T&HY3*P{z>Px84Z!--0lOdqgyx}2qovC8&&k0h1h;aCD(>uGx|RK3yBmhdtR4)C
z>8ev*nGv%<B3gnb76aLL=<*tXJC@j?msId%gmUM3tJ1~C2yi41lr+O*DnUhC9i|V^
z0;c(OjP*wx`r66|KbLM?0#3*hGePR(-;e#D7yEzvK4BL}sem>gP~z;C1H2T1uEofh
z8uS`$<j&1;D3!gE0q6;IG)QK$-{Zdr!#ilph*px?bl=@D2FWaoWY}(P6rus%bHClT
zB*q+Q6-yATB9&}I@V@jqqaf-Q0aN#`aRaX=>axCM{o*Cs{jCsoB7(&$ZFu++!Ik~>
zSGorVDNCJq8*ySatk4ho#!v;Zbex$eD1rqZhtWax8nHBcAf-D7CFTeKI*^vG0d#w|
z<2~ecWGfNlW6$WNlhyK#1g`;cW*mr1^~C(GR!}IVQ`!N{TM9rVoqDn}Y4FG|h5<FP
z<n_hcnSCr!8B$mu^nZZ!_n#GhlZgZQxTS#WH3a%md$x{H34D+{xiilu{^Pt-%w)eN
zkc;NL4h4;iG;S*)<txAwI}3^F8v3%wkKtoZ5PgrsbA(~xk^NX!eYOJ_jO9kJ9wqgP
zqoQ3<@U8=3kEU&b16^Gybic3~TlO|uJ=UaKBVu}qF_5`AgBahS*+Pd5#=*IK2^-l0
zP8r16G}-EB{3~Z;8YEne%Z?!EttdE5D3&&sC$~}>gnoQIf`EbS!78pX89$+rP7|Ze
zxYG#9jofQs`!b_x5XJ!;+7%kmZnH4-Fcj!2LY3juHD+4a?78M!2m~9@pAHx6_yM|B
zddeOGffuy-mKi6rMZt43Aa*;{OPBqh+xIu$0ANc3m%VF=9wqg$K|kgeUNr9;K<(B#
z)n6?F8O-zQpPQCdn`yvqynZw5dlx$S420YCCGqZ?*LPRagzAC#J5t8~t8z^5lpQg8
z(x4mfp7uT<%oOQw7Y0U>|EnW$R~M7{=KpP%)l#law8XN+0w=+if9g<GB%xFH+Or9$
z$;K5xAA|A8otvnnK_D_D8*Gf`gq1*K_QTEF4S;V+mu{uX5UFB3!n(fw$P!k6sfnZY
zM<qh-)ZT^8J?RD%ZVZ#2awBlG^T($>JOF9zzOjM;;DPdd4#?TTfWlHifNIcpC|$pG
zE!cOwhfywu2{tSrmEXjk2W3)86DeJ-XlfOi+Zq;Jeb92iLd*APSP5((Oo)%(ID+QT
za5n^?otH(ncG<RrMxiM^)TYXYdOQFWho;~#`cZI}e+jT)F4qAw)g@gJ%V(GRH5<AU
z?)7T`jIV=&4VDvvwBK1R-<rQl0SL?wH>Qx@2Qo90AgDC#`6cd#Q;x{CCp<=i3Nc!W
z6aU7n3s)1S^NOVUvC<_!3}$PokZ<Q(6|(*+93|-Xwln+`NzWsRCcrsWGY$h=VM$b2
zR{q5+zca&=0FDWP`bCe+5RBCugGUI3I%2&9xt0<=?hgbWva<*^xo)=M*KxXBE1&}&
z3^0H%{`jlKmJ7wB_*P}NB2;=tdx1)K+w%Q}k;k=;qZMbXf~R%AAQ+Ri#_G|?GJNki
zApC}rU&-)z*F0`}=TZ7v%)D6JCfLud_)rGfB@--vUY<Ku*nBWOXi2Wmes7d!FBnSp
zSJfqVp&t;8q(YF}0+4F$So^j8xHMb_2}&<&O+5WqUg0DLDPvt{O5N7#%<U!OQKV=^
zKG2nNisaF;%M9XCnOS*$A2#o(uS2fYVCAu;u|Q46xZbNzP_Co#vo9zaNHvw63;3&g
zh?QnptwB;!15C0Y-^i15egL0@a%Cf|;>@V9n#jqQ-NMk{mA9fk$*8wVOvXd^!JGbu
zYPxqX5n2fH$LY$-n+#O#7{iQIP@{%9Q|nu|wVhI80N4>{HrWze=AfinS~~og@@xow
zRpMzfPo-d-%%tXMuF(CcARe)%3GN@xGVN*uJBbOu>XjU8(6rTlXq?cFoFWtYhV6f1
z-oN=qDMGj!{6*En)kbI--+;b5`|?Y+%M8SRDLL`?M{shxsXGk5f@=wB=I(EDd1Qz@
zPUZ=bR8kL7LMI@<{}`{@!TKVk`bOOO9x(Aeu049%Ejod?saN+tip2}Mxl%#Fb9Gm*
z%pL-$l`Y`5KhqE7t63PO@s7-)LO4y5wK)&RdySi;=^_0iQ{_JK1z^hO2=RyCn!PSD
zvOnGUPCv?_7^oYK!E|DYcF~qp4}{4Y!;>_FkD^vzOXtM{SzBA?Eg<IWK&688(Ih@{
zk(90=e2OyfD4~Dhk!g``-;I9)8uAtaDBr57-EZ_!^?Uo8Ro_$;?z{zp6Q=^%VD04e
zT7L_22yR$j6+Bx%N=Jw8e4J?_!cg@D`Yg*MwFsV)zD`ddFZh;T5-vN0K$4ykGQ6to
z2+Y*5&oJU?;)nJrQ<Ei-x*$QtYB!OR7@YlL>c$a}3DKF?TMU~iXm%%dAdmd08S1+n
zSBxE*>Iyg!&{A6@?08?~jpt7PDvP)#mXL@Ug-{`EMr%l$9DxS4z0|>~QPi}YhQ1uy
zGU@a>g$DdN8OrwyP^wCRQg=%S(ZUZv35kAxLSH>>svf)n4ct1Uh(7w*dKDpMZavz4
znM35&1hak=!12$QA(OxagG^0sj^^|TM?$#S2pILGH2pW#m{Htq(3&}4d=!1#N4Xge
zfSk6=99Q3OI>~KW9{dLjfKxdWn|~D$R;NMIpZKl}63ok_G?)IX+%}m`;j&i~cy;O4
zI02Gnez#3~WSq=cj9p6z%my3V$iE|_+E<k~xjGDz7`o-0Me3n4&mRM|LhT;VEf=U8
zjr2Fni=)X5<bJWgXn4?D2ry{J{e_20Z~87i@7F_4K+ry4{}vHIeg4LkcWD_qBx)aO
z)jK+Wv;$A+ZIvy;gDF1R*w28&o~y|>E&D8qmc#dW5F{r5|BtC;uo}}Sp&877yq;sf
z3iDvA)N4`Xml@hUy48&9p{O&Sp9dT!@rpZ<JqT+wPleC8g$gXm)AgGjUQJM0l0|wI
zH0uB;X31etZvsPrw9LR+-K|I{?uPkhrPT_nkp`FZgK0?&@h>x?^fEMndQ&RV1m?dH
zibHIK1@J`vzWNvHlrjcjXE?c$Fsz8!*!^FHVSYq+PkJ>02D(#2^Y|-$bm%D(EH2Yd
zrm6ln*=+gHdr=2UPr;q>Nr_YhY7Oe{*L9m0LC8ELRrdL&HFF(8`aAm~?df+YPDem&
zP(|Ym^eco&5FiH*e;$E4KOvP5q!Aj_c<G&%MaE9&jwt$%dmcOUy{GtFqJQaE_P4rC
zEszF}BUl`;JT+-p+QCv!9@tOWQ$f?*+fc^(!BsE^<Io!nhw7MmG^fc(5S_=9crTft
zhkJ-Cr{w~hb1NzF-(}6fgn(r5diUi<*#O_oB4|dL^t_I3dd|~|M*v=d1)1(vk-=-!
zbZV;m)${cuGtq=P88huE{`~N1+RI!VO8~dGYF$u>(a7o5*))awTMGcN-Nu_MbY8&y
z?!u!=sw2MFDawG7MJRj#9rmdM&pzh{T<>v&tH$WvB;<<ZxHyb4UkUIjxn*>tZpPxW
zBhyM@!sBkD&kor~`Q*d+ca+VjNo(=>zYCWK@L@$Ii0u34DX9KL#gV%GtLw>$k3q^-
z7my#Q7I;VImF2ySMd%^Pes=*i^0p4AerUwsbl=+=a-lPZFl)ae2{QC_OLoA^#jf(t
zVMYSBEerehIV#uh6&Q*Pnx}s;&Tffb@-r+)Tnb{D3F22;aoLTVBI#fNUn~Nm#b^w-
zeo@SR;f$sW;J}vCj^R@=f%6G0wR}63x&#*DM$j37F~~y#0`;XNUVc5|pI}NsGWj7B
z@Ls*FeWDC#v2s8W322~3El1ahmTC4q4im!Y$VMhdk!=7m!T@smMH;H!lOs_*rA~Hz
zK=Ym(&g<Ko&2Rnx_&Te&s21<-tB43Fsem91ASp3|faFjr(%msq0+K^00}MzG(nw2*
zbPpX8N()MtLo+neJwv>E&iS4H<$LFaA1+|;wby#q^L!URe30N+`zOy~xFcv(`ueDy
z&zGC_yQiUfX(kO5e*iwX=O%6~)gs~A^p*Rf^qo||)=>gH`a|7j^8ppNAlq1Ax1Vb>
zkP)y)X!@J#y8;~c*Z%nNGNrL)uRWZ?=JDIGYmlaNAY{Iy%;Y{OD}3Lvvr~Hl@d0R2
z@hOUh)lzq}5~?p2YJ0%UesExm9~$sn>4X@*6&AwlheW$2CctXq08+0`S#1SQ@B$^=
z3A(OL=?Rp&n_W*(S_Z{>rRS$_n~%no?~DAT#(h+@@=Uu)&+qTLIl}fk*Sy6Nhz1U4
z$rBlRjOjA)yCk_bWq0)=fs3GF-?>IWSEmYMfOU+)J)^DT3h;ir0z)D0{Yf%ICrSL8
zM3s7+dYI*;50hf+hSwcq#Vu8;5sU7=tv?#P&7#nB-?xQ3ti4&P%3e-+=6a0M4y{G<
z<^I7J|CcoIFmhGnO~RX0fMZP;&iymjE}emWYy-fShSXX8q`F!azb<y(u$<$z-Kl$c
z0{k(S4+n&+#c)Z*oU6R7E4~M*b4!4wEWI6)R#lnomagjO0GKR};wzW>0;aALJ&bW1
z>$wsWu-*n*`u=7>OvpF`8v6vG%&xjR6>jyApF=KBF}kcCdIFE60sPYOGO;?B^ofOt
zIC57lCWUtPqwEFTq+7f$$n%~PU^D!Uzw9j@>FEqSerZ)c4;XQPGk4=cf;45Q0*Kd0
zuHO8lDfvhtDxzP^-*y`aA^dLmxw1yL@p;qp<>idkD|a%9?HB&itIxlRaX#Pk81Ue4
z0@(-%k*w0|K#{N;);o!s(fwkiDYLDY;mUOxRa5v=DPfq8oEf|Mhv;$8zp#Yi+oJwZ
zGQWiF!8%#v9msCaLW5C1|N0+13}q#atM96ToVAyqbUQnC&CqMcV<N#6oBRd)C`KoL
z6a1ppq=9Ahk4*-gqp^JQ*#$IGaRXy{UW_SsDcNfsTtA*B^0-Wa0TdZ5OtC@(Fe}!b
zM6X6%no9;_fRP}q%f(!h?itww!44#MH_S14mhCvJRq1pldEbb5xl{5y`a2+9Eljlm
z9o~^2QA3i#monTn+f9MY5E~spp*a{H9`t)nrkdHDoSIkccVjynK39%%tE`DF0$P&6
zB&ika%{JYAgbwXF{ibkQR(L_=aBUIC%J)fihZ5niGyeBC>RUY|Gu}x6sin-)e;?v?
z3F{`eF7K<54Gq1Xz}nxF;+9f(g(WK1Lm&h@bB;{0Hpg~Fi;Hx%kK=Y<nMRw#E|lz?
z<q{2jlcuUzRMEvF>U_(l&l{@k6bF6_{VKvBxAZ;MgiBCbKY@=Oe?vz&xFVS6y+EEG
zV<;5Jro>PDsbnm70Z|*m$mCw~h(E6fl1Y!lXxkJbd4PoW1Pn_5Vu6B5?iE9Ml?**Q
zXW?E3@Pd=)PqYHUgikUMJ7NoCVEly|Azom6-ac;Lrh)lEvoPq{W=<s_nQx(Sggn3-
zha8A8-Om45u?pO8B%c?2{JG}38sr}o_MqZ!rtEV3WsX0=b6IQ&-cYo`_cK{VZjQ|z
zn0up!k&s)a7}gjaunbF~+QhT05DgpUl$#YMqzU0i6NATbT^z#fJ?=CI*~fRbw(+~8
zdqcoRDUSB#l>LlFNpJ-fgaSndQYZrXc<OEQe?&Cof78Iy@ETBfH&PwYr)n~l=-yB~
zDi#6v{+wTQ-)toRK)zH{TF$d)1S1i~WV5t<DN0F8vf+K_TUFbA=E2ufvV<#;wAcQf
zTh!9U)-SFxdTgQM1?UK?fETD}8tCFu#N8AJV8_(jj~rZ>Hj7(CL^Z5GzxJUhM3hxe
z0X_J@YTh(fNYTv>`Ox)Myu$73qRmg}hK(*`-lizSUEew&n$rN3U7q(qK7p2W9N1w&
zi9IMSw0%xDc>}yKhDOpnjt&}cuiGK!6@q`>-1NE=9zW{t9hdfPUrO6)AVesq=zkAE
z#K@<NRJ&x|Zt|(}jX`?@a~{2z2S(ivTox+Eh}|3H<Dj96Q8m5ccO9XW6*LCZ`<bzX
zig&|L2gNF&FM`0NHI$;jVjc*LAq;wT%(J_~`NaJxfJA51qnoK&fn(~a&m_~Psp=cr
z$s~Ap>bs(a+CST`4Zc1B;@i={-MS)qqdit_;CZ0AWd;}mr-8K6`5rLV88+h_v)otV
z?$RM-jGt+rE$08jxKQF8G`N`pI8c7tV~z*{TzTh!hoZzD1Ah;MBF{diHmXVRqAd4s
z4=5O%kukOe1==10O3g0>z|mQ-yDZbV(YZlbnGVzi21WUTs$7+T5B8s33!N{=8hnR4
zv{Z=&XS5!{2O<Cq8jWfhiJ*Yl4<fhI_Q{T@xIth1Yzv2J#-t##)%@nI$-C;fzKJI3
z3@o1S(-8;V3>zyS^i#bYhcmbQQpz&|A+G(ZINF>5p8#|lcFvOP8Fr!I0($0^QN^w%
zF)Rb1JE}3}=|qdK8YRgEC^bhb@ddh)>(5zIHIe_g_|RISw-hGT{YRbm1f3*>I5LG+
z<tMW&-hSPp)s1QFe5yHhgDz?a)5r+Ofzd_(J}U-W6reW!_fFpoBxt+q@}d?lP>CPu
zEs6^3`?#5eKO6!yyjrEo$^4%RZ2}IE=z8dpKuBrfF$cf&-DQIYDTZN}Vm0ZS(f5?g
zgL&*y&qkgUM}cagV_6fZHoX$&5#XT+wfKdimo*^1&eCEKGI<X={evp^9i*aD<~1Nn
znQL4zFzTwzwpp;5&5p&(H@%|01oSor9umG~qcvvyy+<*hSdt-fvrjZ`_+uMRz?WFe
zVD1iMNmL7vn}k4kQ_M!3fYnKhgS*|?=cvrRf4CJ5l(u&QR3x3Z+-PuXY)QpDLN4Fk
zYFg4RuCb}b7(&+<JvNhMK6_~vs7*L;^j&S_ss-e5C+!a)TuI_M65lGt6ncz9Bwh<w
z#c0dE0R*&zrmUGRq_ti$e&TxR%heO1F?tpi)y~~h;&vFh7|^+)?<hBK<>EMOJ<Z}D
zavJdXmwfJdS6be&DRX6kqdq9$7rLJsQ*L<UNQ&c!1kE({lla)N``%HUkqVV&$jd&Y
z3}RwppG6bS4fMHchd$3+*?%S&XTDrzM*%;z-eSwd(L@`AhahDO7FI_m2t`l6ZT$<Z
zX6uj*Ao&lLlXP5?z`>E;tv@lhlsvG7xh>(Z;>ys++EW9+a}KL6lvuUl-8@==|JJgN
zbp(Hy+8&U4@ovle`T_W;%&3?==iNkIlDlM&$*w(p{?9&01ALP{klAgiCwAy54K=g)
z0}DcdqZ`r-Uyp=cUcFLtPmUX*B-y6BVYl(3Vcae*vT}ycgNjYHA>J`hn~m4bqL2ef
zr1NjM-B4Cszr<fA&Er*!DfI7(Vr1y_0MyP+^Q+i&vq0rU1%nN%{7KS+94|f2kC+$q
zlKvJz>3rJra~_@32M{*y?h)!HBbCk&_|B^3)=K=Ithb{CiJ*O|OM7%{OE(+pRfw+$
z?@w!w&J4_7&Nu8vmzSI0S`wwRLQ>^O1TlSOz~c=ndK1<5B&I)bezy2IGTKcz+Ve_X
zKlxfWD)?;I;eygO6f?7NsI82k)%0UOY~`7lkl?C?UhxDf&Drk*BGA(3|8J0E!@_$#
zH>npd>nPXQ4#`c2^TOV=WLqXw9{~G{KA?Bo;Zo)*#_R4tlH$+Wzk(@VGv)Z#hB)K_
zSnxQq`HJiD<2npF+e@kNkOhw`z*9OPh`?KSsp`((I~dI<ut4r$b@5w>fkj|t@-g)Z
zmCXx7bgd%~FdfzW1<bv=ZQs=LC4pS*B8OQAU+^QqIv9d~c=my|5|7=n0>B(6=J;!j
zhJdfDI0%>}W-dIYX$J)X8^M~7$>*<et=seHSDDoJh<j-e?EwDL3}BHk0DuXP{U&^q
zD`?(!6P8%g$tS=M(0OR<rqe_>DHkCDAI}>hdH8VfV#)jPs`HiTY`>86c7QzDe-PSN
zcS3P4-w0SA7e?01?)Bm|WPAqOePfh+_pA>%=WIiAIY{o_cNJ#*Rt2w-!}P=n;WCo|
z4om|eYb{Ui;xqPO^16-?QJ!f?X+2F_jl&;75tU)t!!dwk$?GJjufbG6G#@Tb(}-%)
zpxG{V9(Z_SjBly}@F$9aI7E2W*KOSXt2zE}e^~*&#wnw<TDmglzOQC0AdN2{P`|%B
zYFZbR<N%xl!?UUuEKxc~H(-GI%J9v}3BfjT{AQxD6F2@Y#}5d&?5;?GbOAYVuiC#{
z0&t7UyQ@#RcaJG79RM!UB;MBZ{YBm#@BW46Fj0*bHI!p^_>95@ao?<=#Nm2}RG>HM
z3DG_hXWDHJi$(1IAZjs_;5ltEl`);DwFg!V$Fdp<<A9!2KR;B#yZqH(=yyL!^J=&^
zp4EEEghy?S87mqu*#n!v7E@Om4n%6`u`MR@Sy>yw2@U$zuEJ-H31G4V`(*~x0y~2P
z1TONJz<jh}jL0fCL2q9g(6v~^fIa4+&c+sSYn~9JVKbzqp+A!o=KM{QqaGPI4af~V
zPP*6T)Gh&4yI|1~SYxzoF9bQx4ZU3V93U2422dNNR5VA#C#0T>4?>P<Ef)b>N_iO6
z``Q3Y4zY2y#5U%oH+lziR<QM8qu2v>qS-TB`_py=#yCBIEveaCZy9e8I#HZVT!hG_
zU><z1nE=+89Iru1&zjBZ$Byp|Oaj)E={j~NZurjK0YnFKb5z$%(;2Yg!~GCTtIt}`
zRFkc)rm*c*M2_$1la}EW`(>Lpv>OjICTvMH`yJ8Mdjr0bbu&s#0Zq1kG6xy#zjwpE
zZ*1Mc-t_GH+W!^g-(*Cqe?>`V9sKU@)}xFO+mRAw<5q`cz>?N2O%U_`kOAiR?c-8`
zRF$s>=wu4eZ#E2BOm7FiBRSav;?nColyz1O=Yak_!Aw|Z?nipUJsjAw0~iICGOgE6
zLbjgMt+xe}W?$aHwt8lKX$f#!YqMun2eK0<2)z4n4oQ0P<<1b(BKZYMo=l9bJUV<6
z^RV~&fcGe4wPJl;X*dtm8=`zAPzpVS?wQC+lMK|0BE3G=QeH3~HZPD5h(9p_$f`v*
zi8uYY9jyun=v03JYY}d>!zI73paAg_496(T=mW{RHpmE&%v=U`dnbt09N0BhK&ZDN
z^dML^ExAk>&L8tx6XA)jK5;flC&lHV$r{L2&d;CqXOl<Zh$2vU)(wZSbNH!%?|0E%
zV5_k^fRZHNR!D3~yc;euP}^rq8pBjql+a4n6*K>Zza*(%LE}nurN<Ij%lkCzUD-Mh
zW-Lfz@25I77CI+wCF@*p%qW-}o8ve=q~7obyN!G0OS&@%D$EVfBG<e*e?x5_zVp3?
zP&+KdtPqX*8PM3y0RestE+JW4##_&UOctY5^;<A{-i(bDJG<tF$&m2^L^UD56u@aa
zC!PAKEah0tO#h-I$DM;w!T5`tT#v-YjSLo;n_Q?oZrQLa0A^i2@FpTwb7I%z75&v4
zM@-R3-K!Crc)^e;49Hb>j?t1Y!uSc3{I`#Ae?Y*mQrbn`4d0~xBV&jo72(Zj?w^lr
zeWtO!MxGtTjG!Yx@^6~xqJ1gL;yRs^%XnJ_qGaY6`-$zXfXMCvZlM*W9w<;6B{jsq
zcorl^Qe7Bqf^Lz`5_REEQ`WvRM*uyU#|;JP{!Y5<WSE=rV62uWS-#_{&-}fs%3l-y
zk2V-LUSC~aApSb7d%!?(r-%s4Pgrr7qO6bIY8nNkuj=Nd{J0(Z9%D4KWEYDIe&t>t
z?Rf!Nxec2Ob_|hza4tVHCIDL5@+hMiaQMYCbwYC+3q%;;SE5my!IsRYvKP;r)~Ybg
z!Hp=ef1}pO!KAQM$lVbWr7NPdf&Db%@(11AhuYeRh5EgqL{P2a)Tq$Kz%CPNV&sC?
z@mgEQ@}u7-;b!Dh7F%gY#<tR`lEOz0J=nix{gWbp^ScCOa39|lH14npZRd#amB`zn
zH6uryMygK~2UM$*oP>$5&ZE3TET=#05j<SsTbzBMS9eiV*y3;9cHzZ5e~V1)+3s(1
zIMu}I@-#sQn0!n8($~;I|A$*y)mCeaM*_zx)8yrVuAp;5``woFap6g^3pWD7R`(hw
z(?^Cj{Zc5`?H56HVTL~w1vc++f&Xo7WNrxDoWAJ@2m~9`IVy+38$gI~v5L5Os;qdW
zR5KfNZ*_M$HC6K1&j}TeYX@CYT)Z@pngH$$P6rT@?tlFdEF!gYQ?>zM>55<-+Z%tP
z(ijYugFB;hzzq(c2X{yrTe#kV>nzHH4*_<E1c@tvq*zHq@r;9`rr3XiJm>vGS%yKE
z4Ya<HS&PK=>AvK&N^;Ei9RLfuy0~xMy5<)5u4TGycl(7V*{a+s;KF{kV8H(ScBb{8
zN<h~ZS`9L-*kdjOU?$?U<LtO2w%$L@D$#A(5vB6*Ab6WIFD&hdXG3dvgX7l4(M(5%
zs@^Pw?vbh=K(;;Kt3JAs;h5efMVX|}=@Z507xW%{Y|&@>pp)+>-FP>iC}2u!nLS8e
zM!0Imzj_v_42}x!dx&Au;rVDz$D2f}-zw1W`V}>~>3_C1l%4Ii{h|j<%)2YC+`vp<
zB010TI@>;IJ!JV&1Vfd0glvsjFl@0d)g}6C$G%SR@Dq!U(4O+`$#=5R=BYY)<LX(6
zrTcohF<n4dY|6VvFL9<Xxnthwc;VAB{Wa@SUhMH!F_P4%r{i>1bzWgXsL3h&71g^Z
zT@$&(7+!*`nc)L9HZyjb6TxSVwbZny2Z>U=sytv->RPoY>2Bb=MIA^2!yW3WL~(Oj
zwN~-k33;ZpN%3PZ7*UN>6>JhwP4426pwFonCCWJl%IPLXJn~c9jg%)e<sKmD`^KMX
z+H-rQV!HdOCX-{zmn#<laCPR!CA~SE_lH=(0@LNO3%pv@{0{2<KpuB;7fn8lvfHFR
zw~QiFra(7sKo%8^7;l}(X?^?Xn?K8`7E}21abwL9qX#E92nhZKXL3e_4>nI9owTm}
zaMJWOhyFAhQJq!TqHN>V-y|9!Wys%#0vUgZ*!By>zwqkpWS$y+UZ^)e@I45JPJt>X
z+94Uzc&%4edVk$4r+b{p_^PTlb_~&F%j7`+#7U_!+WTl@d9_G5ZCqPYVYeyF%@$dm
zh9?P#g5llOJF&Uy#gtadu}7D8H%(0D?%B!Csb~KF{C<W8IP;BpcC>1yXIFb(8{a~6
zV{zt2hBAHm%-6J$>b^DQjvCH2hHU30NLi@kvnL_)lY{It3bmyL<pP%6X;tIjVvv_=
z-k?P|eLs|$EJ6W;b?0(>Sa(3+rD{xr=PjB^$uc-?D%Y1gHg)OR8uv=dc}n3JPRv+n
z^`VZZjoX|wO7@;)hzBQGa;)AGoI$AEC_=|SmL*PSYmjZ&Axu80CbC#<j@8jP#^Vm-
zilUz}|2Q^N@CVJ7#P-DC9}(U{^`IxY$FzrD^C>#r0wJV~=v%42GYXK!m7>bS@XFJ>
zBMC=!)Y#`|p_uZ$KehKxNLLDl2Hx4PJ{97vHN@Q#ahPr?)jn=21s{vfZf3%|9#q)9
z#O|d9C>IfYR&ZQ(m{!CYt^$6c)<d*iSHmmiL@~}&@UmfmOQHu_q?5n9?5xswTHi%+
zIoyp)+2#&QEw4bU4-o2nvHI5}%QS@$F(8U;V96mmni4m@vbW^_BGQEt`5oNFqIdyX
zlHPRdGJE<l?npZhvEU+U-Un7r{hWJcw{zWFYGwd^i`gVOy4sEJc4}>U;G7)4vSh8K
zGF&A7pPE~%(J*%S?e=ooXx^Xd97hFVHHRvo*xC)AJ+=AL{gQDjo4j<Z8pkXoUM4YS
z*ZQ{6`HS6Rt?zA}rBBO8fuHpMw}SQWlK(PHn6hneJeSgC#R7Td@0R%fE7>s+6}2Fp
zBCAfz<=vSxTs*k(NX6;TPo7Zb(yBnECfgu7D(ckaU736+6!JB0r$iEdJ>YJpkPFI=
zB-pec8xgHcL`HE7xFh*JpBBspdq_a!LGfsjZa7$xIJAuU@#t><uz?!q{O&$soKR0|
zM)wkV)Pg$aCx;f6#ws%K@mBbYp!U}cej;W$oIbKSfg&cxP%7D9?f?T(Ax>YEsBGL^
zPO1DO-%WA~G$5r6bjQ7j`S|m}Z;9ck`WSv=^1oCauaJCTgg_*1_-mw~9@58lTJ$}j
zb$ju@&gxDle0F5!ZmeXa{9r!6l=c;B-0pritMlv7%?*L2``vQ+$}EeLy_84yPAJXD
z?9Udb0m}A402*6xz5v~1*r+?Q+~nmDsqsY`^HDp%<_g=t&*TxU%cEIbN1oKv3apzm
zb_jYgnV_uhZ6rE!9yX<0)xah%c$Y0UxypusMRi&gS&G}Z{DE17Ja2lZKTpu3&rYNE
zOVnVq1SG=$I*j~00Ax13ung&lNwnb#8hv*iW}NhI6_tQT{!|gQF=y^2-EjEC!_m_b
zPH1hh$@84cOVXrrdYoXi5QusIn&a$w)|Laa1uxJZ@wg{j4cl9WE6Q!+Q7Hr2ygIzu
ze;4Lze{w-n%|@@QxESg8A}lrwYa0p_>RS(I$0fg%42xDjs;_fotU76QE$C~)-^JB5
z3>uLA9XBq(+nUmqurG;fN^mxn{5GgC;uX37+&B{Q5Pbue_FZh004SV>o5UL&o)SFk
zVy3<KR+(w4`fE8q-^w9%jBn`}7EP~N=CVa&gS~rapS~j95XN%TgKItEwv1>h<M%^O
zU%~z^$D(bCtUb>k8qtI@oQQb-sn@+`Hxk?umdD_WNA+Dvj;!+c`=@(&MQ5oTHTZvY
zt>$|?t|@&x+EbIpHk<`jV^?XxjQW0{a^R2Ra^7?}LqlW|FD+?W>uZmZZI@(drRLUH
zz1?flOVrjMEU~m<GmaMn=$B}${>IZ=XO(t?K3}F|FI}c@X2po(SjDz;iOx-Z_Bu6Z
zS;%--TvSnyU&N#YD{!Bbm%5=_zLIT91+;LZsrc;UIkz3FN$JWLJXvHp&`(Z3;=X?c
z3Ts9%c9CT7ZOR+Rq?+;%5dLlD()>{Blib<-SI@S+aV#Vmzq6DZqaBR1CQ3H{DXyd6
zVuCMBHxLD|paTLf1_|j8zB&Emwsd@?Q)=te?RYL8&d8`$bC%0~%X$4_KvzOFp9j<R
zquUd09(zb{)$+(ocb24Mu?(Hnx5ervT)#z;6@>`?uTuO%oK~B6=&T=*zWtMJ#>`s_
z!+0YS?a@`Wu(5SxW>dSV0A5Sm-^$Z^4U@IhH|FbM;UpL#rc!m=M{(HaW9#5~ak{|3
z@JsWw=<2Kif5DDS56@eL(COCB|JB?YyT=}__hj=RnY%C%QAU8mNJ;MUV{*Jv3wuk%
zXS!v)5VccqL}*t{wmvE-&+s7{F-W#nrMqd0e%If{Sm#`hJSN(sNi7G`g*YGY5}#Nz
zNuKIRvW6~GTEydKbqXff{m*WXj|>CsdF)L%9a96y^<zP}h;F)<2caia|CHk7q>;*w
z=8to)!Xvc@FuqzgtJUAR`_~O<)+_oUwAJNd?t$RpB7Xa+4=y#rAvJdWf@DKY@%w2N
z6Do^V7q-oXA6rn2>ha<sFJ>L39*dBTdNVsXQ>b$TZSWr-s}y_Ua>D|AN$$^UHUNrp
z&6X0*p`gF&o4Dna+_K)t4r{!dR%)Kz&*7-IX@*m{93k7el6$gmJkaInH3lx=lZeFI
z>D$x)uL|E%#j^!Zv9CCD_J;KsOAgjv)5Z0}`pK%F7`XIJcnOen=$y8b$}+lRBspBh
z{>ZZTn}4ECybgTDu$8w~1!Uit4uAiV_Y+X2QEn@z7tinRhl8oNYEV~z%DrTmBa4o`
z^`s3h>Yxxwe_!?VHC4B`N*GJCx$ju?@4EDR-{E(*h5rH!+EUqbnu!|dD`ed9!k4?y
z;llPWT`gR$edKF}l6?UpcO>VnwNB+ENa(5p%TommuZI_pvkYLhC<!Ds9pEfGc$$Gb
z{q%y%6*uh@t)VCV3--E<ycXfEY8WL&dyiYEfXY5x;z1AZWFy+oBcmz)`}}c>myXSu
zOu;^|AKv6{4el{$|GGVeYa3TEp#@hal<(L1wuz^{&w~0H^ce%GO+*H*aku$Uo4A4d
zuxqW}dC8Hi%F=i7G>^w2BdB+u#<1a2U_Ji%k~p*EY2Cf7u3!;0=p_cL=aA$3sWy2U
zpuq+3RELJ(DB~V%Olu99{iP0zn%2_Nl%#lLn7<__%9328;+Qt6|HGE9y!NEP#wfZC
zC4Ls(NFn}YFp2rK<rG!5Wp5ve;Fj{E>fhs8GeKhsLU<TT)MDK<CCyioW|3Ma?v*C4
zBSMJ|gN=BpbBy8J&Pv;SooitS$A3b1bEi4Yjo<FDbPx+Ptt<c<ZClnT8TI1r@XByE
zj}-l;ha*1IZUa)fpPm8-8rCGuEOKGFlH_u;9!Gy00i)g5^Q;-vfaLT<tyG)aM5B;h
zh+j3l9#qoaY=xsdKC_ylj=yUrhw;@VS_n)`xu3FrW^vSa+#sj?{rK!dw0=nyIIx{O
ze0q3s$c@sD=S55*oJ9H-tPlMH!Bib=F!quWtBX~U#o1-*+g<_KqWaJT#Lu@o0v&~p
z6umE|j5dibSd3qedwtEDf&^-Ypp)dz$N%itAg<Y`G#cRhRTE>J{DQKFG3_9KF_+0m
zxXqK{XvweAB#@0ZY-Vj_NukZ1VamMg7WunO<EvczUzQ^T2YnXU-PU5%OZ7crX<Z5E
z{NKIpiH2z0#JHGC=w|9hbAV5KtH&A<asVb3?X9-szdIY8sf9JdL*(vp@-9tzA$@ZY
zd9-hnG`ni&0wH<#*I8yLbd2-muBVZfS^*+NZK=#v$84*I@S9(~V)o5d5p5SGC+3q1
z?NTHa&9%++(m`=Xb!}(Y`AE|grpmV@&`%r*!Xgz9#TAW>2P*p?F{@qdvN|$YjA;H9
zV;XNjZ&OcI2jk`eQmFSfV6wc^yaWUTD1H;`zUM8Nkoyx@Q6m?*Dzp(e&S0EhSq&2&
zs_Pl1xn|(8S-c$ZPQal`^HwkWL%&IEkl?6I?iTeQ8};$a8yVEtUoX&Ywf9d-5x$cR
zbkoS%hnijJ)=D>BL+lH~bG^b}><>{}eCR$l+S=S?Xib0Z#|4uzzRYR_0mJ+M$|`$W
z-S=s-4Z5K3S@I0lxE)bwNjfP8)#}LjQyhx)EV*w8{P0uKEt_<=qW-GqhJp6uB7`U9
zvj;F5>$u*DsHXy)mZf(esU1EOGIQ9PECyIzp>-UqH{ROcVVJGz>|&|C(%x|6XnOOI
zb2Fa<*Y-|QbAxWY7HL~oB7XsF?~j;nPo-{DUl#!t*c+}GRo1$R_`Q?HcdoIsTA6nZ
zGiP$69AgJ^T&vtvg)jJ73spy|KbVfc6SDWtjK8&27th*LqK4CDKoA&5H$YDS4_%4(
zN)zk<jK)HqH|Qi6%BdJRvWAAbGx=+Z&UE@xL~S_v51SZmJDaVL(xFJ9OUq~}y}%X3
zGEz1qJuOPIfsv8<d$fm_WSUErU1i(T+s}j;^?q4m?wlMEDtbNy{}$$#$hzj&$&tVH
z8m&h1`T=j`Q@g>y)2(46y?7fUN0_qqRMOt~22+XGnuqQOK%J}(y!NWx5>vaJpo3%{
zA43_Gf!&XlO>tTRhe^lpwTz0Neh2G;V?;_vdWvgCi`Hx7_KtIdm#M>!gm|CV_YSIs
zPGLiTg3rm)fnL&Kjl6Y_>fy=bvS4CT6|KT556N}w%ofjDnn|6s4~N0j82V>rxo6?_
z#iP)AK0SWaV8PzkvM#ZvClg5`3#8eiSE6q?kDsikcNr#T`8m?c*{h@ZgQx=xdxe^4
zN;tUU2C=E>qhy4p^wA`Onr{pq6Sr~QUPS#80)q3?#{}1dRH>}cwC~;x8<Z!#Bh4x|
zV^}2Fbibhm{VaDopKL2HqzbNgEJ}N#^<(^c6G}^e17R_xW#CNAcxne>zV&-CtocLH
zX46}-`CR3-UGv+?n2eH-Hb%n--}lRkZD_Gf=oUE#n$=w@rHgx1mu$HYU>r5V$6^+p
z>$Ot;r=aya>0x4;MDqFtzAXHX(Adm+-v_)u?NaQgkCz|b)Pj-02fgcbWZz8Q+VF6=
zkeSNshiEU}Y#$#+)o?lOROHwjN!!xO+XNeD-B&q%F=qfb5Xk3)P7(DC`~6y^wHvyO
z*}_aUemGD(8l9~=PI=wOrp#cdJwUhAm&dZs)G_&@??+VXsJMd3)EnsNlsEN+ifit%
zUDYniI&t~3#)Isvb7$~}7NuzJ)_XfogZ}5Dx5Y5%xE!zGT^NFINpos?(Cd>K^#$pX
zc7bWsH}H_(AeMqwx=YII5(wQ6DPtX{5kb`dj?8-fh8w0#LCK)8269SMEwm<WHSfPw
zhkVso=woLW+XmRl9v7AS>k)H*BbC+oi%ij|Sf(mBxvYA*i^)=iQ}%X8gPf(T@$u>F
zNAAag&m}GghP(a<C8F^KhM9b<u>7`j1KSL>p1~6UOn&pAzt$XvV8#9Y;qhtvPtIjP
zO)Zif6fPz~8~3j4v2rU{_?(5Es@rUoX55D4Vud3&c0a5Ash%{=4^f$PzD!;O!QIU2
zF>z~L)Nb)nXFqas?^`;9au`E5X{0_$aJ!hXLS_F1OVifs!mRS9gJE8ZThTU9Q!s`}
zHL5=lMFWHNtIxI0icX0xUP$;>L>yuaJDgWZwx)GWpwzInQ|`Zkf3TUO`E|<~wT=b9
z1spyLaYo83A^LL~^6(?ExkLt+$DP!gtHP5Hj?Nm<4yHZmTa)<yi#s=6-bg-4n8`RJ
z7s8+ff0ra)`@%P_w^U^A1zU~X=fsjN+wo(jGc_go!hl~J)zF%;XEKoWjc9z^)t#aL
zU$*a-GQRB+7xVv#a;Y3v>zVHx9{l5<$j?rN{o!0Q8Pwk*E>X}i{6x_SzaH&~NM}=|
z7o8LWkdSIQueAn^0PV%e^I@O{Z~l!vP|Kp8zfAJ6McjzU+&isn;J+R>9^0`J+f|-b
zQFpu>q%pcP++_QCD<>N<gjBo{TKcxv{Ofh<zo_9X0>h;tBhl)!3JZ?ZTZoSzMZbg3
zae#%1_1(CUe`NNg@8@bgn-9<uGiHQQew-Qq)Q?irO06?yL~t5^Boe2YUK(w{|Fqvw
zy0$;WcgT0G?`_UH;D7#gU{T8U#gVv=vh@fO{6yRI^ZB3pEw<vW*lM7R04HPmE#$t&
zjL^QU?;aNQp6hH*<Dnr!KN<BNC0H`$RN;Nrk@ZhQRI7p+Hs?DEq3*Nwu1^0*-NypC
zZ}rxjwyv`|s(iOp87Lou&mkjWnhw*A<wp}F#z!sfRq}+&i3h+kBKx?TKdba_th7D%
zi}K*o%E|x%<D{x-&RRZQWr1U($%&8iIU*c~<*niWlo7eLFGpRF)uCJK;jI>1Su1=_
zsVnf;@QJZ1QgF8LT-I*aihO5uaFDd3UG3g$(187@eDy_bnq%fbEoYL6t0G<SRitlR
z9%EeT`28a2=_x>wj;de1g{9k2*pcON;Tp{!UR5pxLfpZfE5tZ2KVZjnHpI=xU_xt-
z*$;G;_hlB+wfTb_7#Ed>$vw3<6|O!G5*>8nQt+NlEZ-uSTs5e`Pm!;}kCA_YHs?xy
z)9rRPnTO1Qzd(?<_rM#wNA~*<EJt4Nu&8D`VY*cHWFD?SJ0EpoAJa?M{!>`Ej)1bl
zU+7$P@giP0BkTB)aH{$@XK57~XkN1N$V4TmDR|ieGvVE;@$Dg}Qe~o{3ptW(t8n~e
z*9RyiyR}l>NC8WFd@1SSIyX(nJ&EAiI{%PJ2uLMjsR}$C>if>o`tO;p!^RSrtN5`U
ziK>A7rhpd9+K3{o`TOHp|BuIIv+cFh!s&KsQAa4S6T#OG5WaSloBT~C=`O7*mU&G`
z=244ZhUnI{ez|z^ZQtKa!l@YXllOnkNLMa+Q-Ehf#ye%n!8mNsC2d4ZhUX1WjWY#p
zt5lvx?=d6HY*Sej^mRGHTSZ^JaxWMc+{KeMw_7(JYk?W5KNIiJEn*%SPZx4i8$%>=
z*+2P>&WnHCqf?8@OIrGS9+u8i!Y%t|xZY?aF&AGON}6q|qVTn0(w+lW>HD@4?9fe}
z8)d###sAwRdzQf5JKG~GUgZ1AqfHa#@pt^|Oubamd;`1#Asdiy%8XO217qBEImhfD
zbD6-$zk1P8Zya}GqjH4SaKSmzO@9&QbE>-e7e%El{`)I{N(LlTq^IG!{{?dgZ{oRU
z5<|e19t|>Tss+%k>!<D4c-`N93GR3MH1Z?zJ`XUG-Fl+fZ`N)ktwJwqaHUs}rFW}j
zxjDxkjiDRGFTVjYWL%T<a=<ccNtMc0P9wJBtTyfjK)}dYjqvwkA?hRca>OmFKfo-@
zeHxLiX4F}Dk)d{O*JMyjM6;;`LwOQy+CP3iD7rOHLgxTCy#B$A!Pjxp0=J;$ORqjH
zV*g*)0Vy4U^=U3jmZ-nI{Bf6zM(i-TrfpgM)|LB5D_q;`c=zs$vRie&4(VeDjQ}9a
zKD!!^ne-AxFPaTi(@ecJHZM2j^1~bJ@71MSMe=8$v`b75XHj}Zi(doA41a5Xy06Ya
zws`$?!UydZe2l+4)WqI=^ttga^sU`D3bortWx>5dDx@5}HH@;x_aWe2;}jOvd4@(d
z04>$-#%1^C1pluIZ*8%8`sCfa!BBIfwmDmAAu@z{L~fePokee+%W>Kdv?eb8(jcRk
z8ppwCt9a7IT1Qvz6XJdIsbSIW-E5k1jhBWd6|@>2>H78!KS;^|qSn2H%q?)vPy6vz
z|7BDC0sg7}`x|aQ0(drbC!Ki`-z?u05Q0o=gco_KPnMeAn6Bkqd)nE6znS@%;k2$y
z<D$*uuSfV+v9Nb2^Fp0LCQ0JUg>qnQuc$vtal)nBW`{4!4opRJ9y0M9{?d>(Z{V>v
z_&r=d^!|4GeTaeiH$Et?>EE_vUF+R(ZevYI6s<^b+PEohxNrQb#L-Gs%F=<JWTxFH
z(Hy?nM``?w`FW6Zd}&RQQ7C!8T?UC1`61j{njU3d17VkPQ*QQiOjq7Wl{5Hq_EH>0
zPWd!rM6o}wJBm{N$`ETrLClSmI}%j=_D~<Z=P-O42NBmMTSFStz6UKdjhD+^Q1f|D
zN&oZ$O;vYn*(^lt8rdW$Xf=m_OO(=^!BM~#42fX5dF<062Lwhm6xM8F@vU9d&yX?q
z$hwOqqCbcN1UAEh{xPdex-&&r!_^>n6YUKHjXowsx+oG>oG7u8*U0N=;(?<H?qx6I
zlc6uxhEkd}bnwwe9=IGEzRq+;hh%Mqy8(icf%5C)&#;Lf6<VuBmDTx%=N!3D`}VYM
zrWow8_M3N-jyg|Gpav{Taly6dy6EsZrV)J0AzFUKo<@E)(Rz7*#=9P}Ar85$1VvAs
z0=-8`t4nL+fk$XL&=-!2<!?Zg<2|??mAC^`A`EM`?|J3F?jC$sM&YJU4|$mRR;);L
zHY^O*f6V^Y70}<i0sY;un<W=w^H&%n8q8}Cl#)yqpp?Y6@Ls4l6FGQm&-`B<Av=q7
zGhD2&&RG7Vk#6&BxMbNX^O?C>wK{c_Bc}JaYkA~*%FYZ!!>OT?EvZSiT-nu!e?<o?
zs}V9h|I9JQ2!d3n?FlJ7up&dO{MG*w_;)k#L_Ci_BI!Z5Um#CQS5XMSR<z$cOjb?O
zJQ<ccSrNz}A=>}#1J0bt8l_RlZ#N$k&(S2Rz|=;|Mh~qIK6M2AohPg+)*obrORmW#
zXM<bYPXB&q+qPEHY7ux4xfv8t^u!c(n6qA?9Nm4FxgCXF<a(&HU|q(4RtU2s<$)>o
z*#*Hc&ssvX`EN%fns_%S%Ar;%ce~?mro3hnSGo5`=>AkU+go~lrT^;6N{)ExS%q@S
z*Nk>U2;FxYS3J*)ck5F{Eu>9QCauc%)3&aC19u6OK7V}A!aDQ-8_>A|UVkC9Sa;H#
zZZ&4l=@_1%jDFXywgO}lCDvVsU>9volNV*zpU6hC>+wnC++~$%avvlfe$tZjjzu+P
zqh^a{;96>k1r9jtcY;6bcXfs2V0^Agd7qN>m@4~ab{Cbffn_AeJIk+gpkumhKb{}6
zFDyHmEF<p<S1{Au>ntcR(D*FG&D#7*?CR_e#5=R<{hNX93~#54Uz;8~wS_y}65nuQ
z1M^JO@9C&1$dnTUr7t^*OsC5sYE)KjAhWjc+Y0-^0>-4_?mjIDzWRHlZ`<^?{X(ht
z`UFi}rCNT$Lz@9#F~{mUXQ=jx|KP<bkkf*})x8u84>)nT5Sg)ehOyuZ=KQ4XL~;&n
zT0Dzg>Z<P-_{4ZKsiO({omOTn_B*M~meTSA-wIwavr8rM$*;{{Onaqnt{z@+{Pz3`
zU2JcCr?{n@WVp&*O|Go%G90~V`BjY;=Q{WMQO_vIXmM|mZaPN2`T3V=ZMn0FRe`yC
zoF1R!-*8JC-Qx*x`v@}rRl$ysa^e_sPCNrT7cDS0yU~f%i>a`W8MjY)UHUm?{*+&a
zKqbevfZhIwb8JSci&;56bHH`JYQ9cFSSXK;TDa)&?w|*UBaa==g??Sb;PgHCcLhjA
zOD^UGbl33BCta2&L<bF$ZhWR)uHDwqZ=)7`bJ6J<WDoQ!Nd)7%sOQda+F7r6@9wz4
zMU^G((CMdl9sAai^>g7an&^k3iC)somh>HpEczQMZ1>1kM`jP?b|@*3@uY5rCH(7<
zsCuQD%=zw#l^l~caXX%Ys8F7tihdtk+lhk}H>D4Gxjf2uY{dEI4w_BWCAt)u;!b;N
zO58}H&CGtw)%ro;PD0=6&=+7Zv`A_l)-Z|?fItU#m<~;7&-TQ&pmdy$N8gHgF?KYq
zEk19=k`!XrzxlDK&Q;}?WwPnHs;=D1?WK6Dt++)frvOh(I((9N`dmG?t3l(^oq>BS
zZ^=-(wOqalPMBgiC-yVhc;k%Q9js`<=ObsS#3Y;dCUw;`i>VGXkpBq^Z;fH=Df#*S
zy4|J>+B?x^(se}|zVlRE6~yT>?(1WzINN~o%?NGn?ibI?OZUTKKRD&XyFTQ&zLHS&
zn)qa$7I*41RlOHqq~2k=F&lF<8!6fc2l{Adco*#w_fJJo)BrgG{;?awpimWc68bcr
zD1{-oWou3B3yoFcQ(xV;P82rX7&M;zv$g-`?f<wRgIu?TUdnQqd9Food#+Ps<C3%~
z#_jS!)pD&qfqp&_FCQAQWq}?8QC>|($DtNp%J5w;;;F&F!2USj<Rl^z$HD@xtjQm$
z&t~o+l0yn^gE@YvT<-1>!oymBO^|aK0`Aa3S)W`8#}~df;5?HIFaM5wYEU-~cpP=F
zghtr^sc!<bccGngKgvfo=!4fF=zLFBcfS-=CV#}fzD~P`()!TEc9G?))X)S^Ao7ts
z4@qk(2)kOW)cGdklO@7ucLtfXg`l<4f`*JKpWtz{Lv}Od7;s^SHn;TYHNIA%7c)3W
zz$1RXC$Ea+8$zC-<hZt8lE%PPzu^N2`}%PKDwLzP_B!IGe<l*|$6jfvp|uJx`S-qu
z#khPArwO%oH>TaB-b-4|f@SHXD>d%%ZD0QsJ$NA(4XW>6^I?ThTD^_cl4P8Nam#YF
zec6&tV?_|d2{Ac1ZArcc{qOs^hsGWLhYQb}$Y>hX7n!n5Lz|B=-m!`KnaurKmfYv3
zW<HBP-1-{?I*v*A&w|-??ZQ#4L1+Hcfv6x4qofmGjj%eVRQrwD+@0*b<Gj9bcA6g?
zfX8-KL7X>ec-Z;7rtx{F!aegcX^xx+>YpG~Y&GDE?1u&}@i=)~9_t^1-90>A*=(E`
z-Nb0a;n}zn8fMiL^6!Efq7C`4&q)(x`}>juQJ>y?`cM>~sdQT~*Tiro+U~rUu1s2E
z4T7wVS+e5&5Nrt(_bIqYqJPxa+`T5rHk0Htpvu(^a3j7#xG-s<cQ6CCTHAwqD=hGp
zYAPFUCOFRdv%rh}4}6JtyAP5h)F&6a-O!OW(uuK~`vjy2MjU*_2n8VTEba%!^hxlq
zUfhoKImJ@;C(-lFcR!Q<0f*UPD^4Sw4_wA!@o(Rw%bi=(d<*8t@hPw1Qz}%}2|-rl
z;8~m)CpvD2G2obC4tyeYW3f0o;8&B|q9_Q#dvIR86SUNleqxBync1`<u2#+D5eDi5
zk3ik+NJ5}A#B0_E>D}@N8GK9H(<L2Njx=wKwn+!C;T-5mQ-pyVwt^XN_DDnECb@(u
z@KvA=usSLYFjD5}c>9Bz^gEN8x9(1ze(F~o;0b-S<j(N(poMIY)$h}@!{%zW6|ZF4
zeAx1=@-T`llH1dU&H9ko0${;sssiNlh1ZnwJ0yFOJa)YsoO`dHzm8|?Ih4|0^BUOa
z|MF=7<>l}T`|#5VBzxo#c4J4&cfUV)L{i=Af%eERX#_&1E?Cl1=CdnXvwf^c`kOTB
zR>di;f6Bs^_saM}<?J`g{D}AP3`fL~-nuhoi@@FG-DSennuEw}t;=eR)FSD!>`E_P
zw2xYNL=AIQ+Fr4i8v*nZUUrP1d%R0hsQ!~%>2E}8#t?5p_xBe7dvkP9h$ki0Rp5P*
zy>O%=4C~Kb{fqZGd|%VZxM+wxfubd78qmDfhok&-$fZQrB-e?2&uZuve+0U7bM_gq
zrq{Q3yDr4C_4oj;aExqtqS^2b(I%NsqI)jXuIS8Kvy_vp-$`T}DrS-_>W^MV?814(
zkx5IR{Gi4$)_x0|_$z>~aEg_Wwc=B#h~NkKKv#oc2$RbZ={cKhUb!iAA5acDi4iDD
zS>g@eCFZ{r*K2(hOL19F(c&3ezE<4sE{a&XQolVqtVgw){xKyO9ob)J61N4!pc!gf
zn*vmz&1nEsk$+YT6LP9d)%VJ*BKQSl9jtg^+Sa3$bUT|+%axJU*rYgzS-bUBhv(;|
zoN{LMz3ASAdsZ8gGrqVjN(^Am)`cofC*_)b*Yc(K63lPQ$wk|h3($kmTR1c9GGpAq
zaok|DI_>z$qBfL#D+zl|cgp$&B#F<M=E8Fxh^R+z+`tg>GUa%{cZlpfCk~r80o;2O
zTF9&snbsup`*F`GV)_|)1Vmu398(BA<}mCHuc`;Gt+48OmE~Nld%tCp<><OT4MN~W
zD@`o6`=(%>l6QGb{m5a3mhWTko_L=(DbgHgN57HPGS@IxJ$8O{*`2xTRfb)_fdsmA
zqB)ZX@Vipa6veFigKes~wey~D;UlQj;KEwh%>JkON9^;M*t)C4&+oCr-D1D4o>L%Q
z*FizAu6Ae2*;{}%K=P3}?{}yzQ{?GER3BVg?vW}~x(#j~D@1k%Ib?B|W<SEzL&f^r
z4cofvTHeu~P)qaYgH{mI6h)-z&-h#pq~dH__YfDp%<BzuxbQiKO(1-}lP21)0J1@F
zvJH5`GYOT)nlr+`IC3-$(&_(fcwx)SmEZg|qK$AWrhS7zuw~=@o!qV`Qsg~Pp)qIP
zg{!7N>rTNZrn-rHLgCP#Ht5ooq*0C|gQB@_8}2>_MNMu5jOETyw9a|DX5sNy484eh
z!RQM9L?)t8V*_5_<M#JU+KES~l60UorPUk6YR(QNe4E|Q0NE8U8K8oS6}aKZx74xE
zb-wXFI9WpZG=^O-rPcbr6)PCt6`}-b-+-hZiLvb<Ugkfb=TtiTDM8!6FB$8ha`(5i
zJmO250JEwX5WLUzV~ccK<oqpiPrVTPe7eOuu;pZ_;eFD914B`rl5aTIYR2+E-}VBe
z2GbG)s<w#iYOy-mlvJ?qLF;4TXEBm)#?SC86NYV-g#S@T=!N{dxO(Ery*#fkP@k@m
zv=5i;f0gqy7$-LZ(o#dRUlA9qjC#*I){#n01>eEc7`3a%kjuW3e?Rc^-GT~QAwr7}
z_rjBQVVtatryofLkNR%Rm4iGQj*t=tkQgC=PEHXJ#@<%l#*_YjPCm7z?Br;;<22WZ
zn@Bcd$q&HOyqIN)q7-00x4Lf?fb57w9>xSR3r6;(>Yr;F@B1fxg%K%pyGrr*@Q(3Q
z=ohFei)WFG>}TD!lSg6PP&sVyk=A4K8U;p$Pawu}1N&j~qn1nC$mKeDezR!SdHKsD
zQXS%Q>D$5Qp>wCTI?ZcI!=4TEZs-lIY1X&_>HhT!zRSuv+Lvabr@U%!7u3-(APk6D
z$2{!vwUei_iAyV^=Ic<PD;!WV=oy6%x4{i+R5q)ZIo9Khd~V6M0zClyFRsHrE6Gb7
z)FL3}EKNLvbN6bY&BS`yf-HpNpYpp<Ue%cDDdJh~?q@f;1IZziTivT9i_fZmdrQA+
z|CYC7ih9ZGNRBWKkIeDGTKnk9awPI3oeCUxrW<Spf@U~}BRIvOyXB@@xVCOeIAxUA
z%huxtAo_gYP!maE(tE@HI)wA$`sF@}AZ+eL?94W}{s^gk@rmATGbVhX@1Ga@t$fVK
zeXA7dkn`TjV(FqyP~v<8%WPCoZtYUZ>K!|5Nj0&7Klk$fw52;!CFGf+@1X*`f(h9Y
zJC*>v(z(m{S32*3wh#P!1D+kdfvYT$=puTcuzQEr75G#e^_YEx84hUg5!}d(BfqSv
zuxbEbXh<KQbv8(*$-~ajrak3p;CxUof_)QreJ+{fEVi`Feoo@%-s)5$4v-@gAN8m-
zMnBrtI^jGm{3#}|NZL@c6V!{K;nh9KTE%HxA}me11g_-&V*#+Q(zJNV&i2}s-v*lu
z=06GPVC-^)`vpnPBMlanYVuuINxfRab-9%qKBw*2JW#JX<<q?d{Dv)_n1!S<DIa<3
zZ_Pa`@0EBqxQ9K?Rb6j*be`}QyjL$L?an9M--#LOUT!Lvm-O1s&*X8ZZ@DPhN$YJ+
z$}wl8*9Lyg%ZNK&R8l*%OxR|f>FAcc(hX&UneP4Df(H?I6MRC(5F(pyuV!%(YEOmK
z;`g(6o*AyR8D?_2Ba*PUs6P9JU}ePq`$Qj?)MdfcaEets;rTiUR<pV0tZDD}Vgt2V
zUUBay_A2Bj*96#>6wbTqmZz(HFt+1+OlQQ)__MUzaQcCPeaX^;=skkv&dmS1_%8>)
zFVJ`*>DE)5u>ZRFc>rZ0%W)GX2!{ZmAEohVGZG!JL>Z`>0^}>q3wpKpgz&mLa7)m{
zXfIj^n??0cE~t*T-s;Wi?n1EexWS`d&XVu8v|cWQ@L}?E&)132I#zWG*Vk=eGIDS$
zZf1vs>Lrs)%(KvY&rd&)uK}>Eu>JeAR*TjZs7@kIRLBQ~oB55?Mlm0KWPY)m@39)R
z&C@d-E}7H%epmQ5NRV^<$hu8SXpz5RiOL4<0-WM-ExI;@q@nKMvwhAq7G+jR4r+g)
zaxJ6sW>Gv}G4lb?$cNX<ybgd`gb_H8lAFck-Zx$T&6AiLC-`9*PXPJDWoyoQ-a(j>
zizZ|xsj*XJJN$9WgA??*B3R=knrC=SPJA>Nn4LAxgU=(Fq{J8fYom@gaPpq8N(XVe
ztmaL7TUyq)FBtA2lbk+(yR3nrLk#4pq+4h!sPuh|i_Bb16IW%=dopWL;kBHg@Lk#I
zlS<Z%yoY_ROrf+UR=`rtB`EZj+0D1D6x2PFgnJpG)s*V&gem)#432j&c0kWlzzS^~
z=u<BJOl2kaI-<Io?!nnet5I}xjUrqjJ-q%pyc;^b$hw{Cde=D9y0Xbqa37cng0>Nj
zCI40zD3-l9%zfTnx_GNn2~shdSVr_04?1=g8xz^NV7|Nax#fM948@gFin**w*TaZ2
z6f^h9jnkh%i_j-%&KnDodHri-opt*&K;e7~#RtK3-W+=TLUx$*1`SeRP!UP4s=O&I
ztrI40szOfYK5KvmbdR%a75Hxb1wiYRGj0OVF68U9Zm7wfu!`rrR$t0o{1S1(`;qWl
zD;hA_*PkJJz3Qr@f>pmjRi}i=L7&^0W>jaI8QA7lE&2voBF#9zYUWX7tS~%!2reUr
z(kcEGxYVH7OY7(Ksq#zn8V+)f@l6_AP9J%*9Gia?vXb5yaY`Zd`um4aP}xEYn?v=H
z!iB%u0NBH4azJ8Ym<A-kzbQt(0$Ps1_Z8WaS-v`NOJpXMAWv5o(rRY1?y%^qN#EmN
zd%t%=(3pYQA(HdRIxyHsd5$~UN;+V=zL)T*ht~r%Ftrj>F6m|wL@IWncKZlOqXfZQ
zB$E<wyaq+v@&hM^UG+-+d^x{2PZVAoJ9*#dFCdV7Z&!@++~FKZuP<9o1156s$2Kh=
zK(voc&$FQNYhPF2(#cmJ{gOPm;63=t>-&R9di?uC*8aN_!}Us}g0V<Rw?Hj;l1ReK
zn2+xhY^MN5g3t8>u;}O>5y*#P3?Z4Jg)z~(?1cj+jRO)vO1(Ki|8)zvas|2!>>FE^
z>wfF+lj}N73w+JjHQQL6F3KqMz}9A5zK0TbA}n1Q5vI}d6qbEY8QNATtyUf|XlyG<
zwI@Ek`stlHWY>!jHml1$UrHxMW^h(U6dJB(W<fOi=_no}SJtS3|Gw&;R+%ZBp>_1p
z6EQF?3hi%}*s0<h29js&tuKPQsx{1F)L~gLp-oRvZ=mnHE^qHcKhY-I_}n3Dm9YSo
zQ*N8{qK@fn@UO)Z08VF|(L3)yF6-Sy8B1!bkP<x(U5do{SmF~PA)2Ot@g=u2%Gj|c
zftoLjjv8!e?x7-ap}`&S_;hFHTOGB9l0nW#_Aw0q;ry3_dw%oC*9t)*p&-8=o}kQ6
z8Ng#|!DJE$+Cw5iA2~075T4yrHf<v{uK1GI$4E>3qc_agQ&zNznd(PU2QtYYmUNP(
z3O<SuR5X2MbZTuvPox>@Yt9Z&@;n5u9U^;ku*2(Joy<MO)nbZ|N|~QJo5g|*i(U=i
z1ly5%?(u;zivcP@s&D@vWp4ph<<>Ur8X%>FNJxVqC=JpjB_JiB)S|nQ?u8)T(v7rq
zcS(1rq%69->&&(HcAxkEzxNwwoT0<9bjVr{ljoW9p7*@(>%yxhF&V9Xgm<a+)%4Qi
zxsxzI%r#7@K4XX>hc7@Ng_PING&OC1-(2nt23lVs1xaL@2bI`&T2LTr7hA#@d7Cn%
zZOb#ks6sWDVV>jM9QZK_ccc@a%r01Wy9w}ZB)UJ=`9LuZ{j9qswcBVJ(@*5v!;^#1
z#39q@)8Fk=t(ujxxz$`X8A&~3c#VnLw7Y0;wSwQNfv4|)Ty*51!iA}MD!#p&(G#m^
zPYlhO3qRu(skJQu`RTOmx~OV0G~9shNyGV=)8Wq2S1+axT>TDQ7;E)3L*76-?sYn;
z-rw7e7mRF9dqS@G9LM+`&Oh;A+j*9}?~ptnWspu@($P(d##Px0tv3cKJ+TMfkepM*
z1Fs;$5p?F;)LH8wbG0ykr|i#I?jviTgIusXkhZ~0($jE%W4#)Sy2D|%Y6*RtQlPZ`
zMs<yCN4ao`VI0F$H7sYZE^{?h<vLBuS~k%AaVOhN>iuh1<JQCS+XIA_Oyj#okel3N
z=EkUP(9)a~=!w*eLeo(&=9$_g{hXR_te(teu1Ml^2~Rd0wQ^F~P%Kg$Q5R!s%jT@;
z9Su~B1oi4z(Qj2Jp1pX}L%b=L*@5bX)2QkdRYCfKB&D~N%e3w&lXlHkU~KTc@ntGh
zfNUw07m1>NyK@1<Yg6cuaz=iT5;j;xzXp;Ev|?c@oBYXD{p6ZXt8K_J%llv1b7-Hl
z+TJWC)?*9tuJEEo=UxpRH5>~rXO7|f@+z8GkY5bx-XHl&o85ql$7i1|b6k(D-x>N5
z#vtt?6kC6U=rtZKml?cXLvUE2K5+s4Ylm{v7vf}1qD1J~2cI_dzp>+_@LW!#txC%m
zO{FDmIpLq4ghIpYbF2zK-X1oB^y3OLOIf{*km|~;q-#D_wtXryRS_AsRWFg`=Cd1x
z<l)cg=0b(-3pgEHh}!yULOfw-c1}RH4Vfspul@SuF=XHx>7vI5OcfnXgJd$*e`Oqm
z2eDN;#`2E_Gx#wrO^r02Ndnjdtat`_To&r0d6#Ab2wvU(J!wpVNh92Z>ui^Iuu_~O
zXMTAuK8XC_K(s3R{G3An(7bH647Ml?k8JoOk!I7Ej+iB|iH=>GtN%(qJhl1C$wM;9
z0M1BEV>lGxI0x|C<DKC563~0<%|mie^n+Y(+HsLLW7D<un!12dv#Qp$DDunA^WRTs
z6|J&KLjW<<*suZl;+rp#*#Xlfz#z4Kt<}Y1fGvvEHGf4CvpVPh(DERXF-07s$rf)B
zT?6@KZ$ThH@(|Jfe7w=Mt&?$R37wI731gxZ0o74b&9OR^2ie7<deJ8h&l5&!+(O_x
z=x>M1OX;1sjKb*Mw%DxB{}JTsVcwk4*6l?;quj3fVR(v9@n9Y&G&hoB^p&)qG`V*G
zs1m0^IpR&RH$JO{=qKOcy|r#y*v~_i15E@9w{n|udMBd>;Gu&_aGUDNBZWH{<Lwif
zj6VGa#q!kj>?HOYu^L7l5o~H<oO5$)_~;@+z%Ss~70nVk-Qt{Of9}0w)k(beBoyz#
z55r@DozM9NPsQVZ`{R8*XRAw;)E)lRnKY)^P8uzDH=1($ER)<=8*S0Il8IJ(#O$Eu
zzBv{DDY?d2<}KzuN$5eSFaC=IPYt@~-|vj^2=H9(a$DQa^o@;{Y2Q3*ZzX&33a^Jk
zhVI6sm%^IfIIu*ndPxis_7gdcS3>ey3+-Ff9zU73FoaK|85BG%z9`68f>b`e72dW}
zV<A~*Rw*>xp*HT2e_l5<Sjs&clhIe&?ue{3qd)F6Nl^wCzz>@58&cMwVLnxQ-(T*j
zgUa|1$D}z(zjUB1ppU%8I6G;za4|VeJ)Sqc>3mhZcsYAdQ1v?2fcO5xZt7KctC+FI
z-*`8qy|$N^T>RDA$>dG5lU7TuwyqkUoIf!x!dwilmkL5&G!|)2Eq#^Xg+^kxFm8|@
z>~s2jvUj@Apr#iXbBh^h6q6Mib@;WWG6M^bmV&-PDpf|{V-v`Qs$5erX08ewxw9;U
zvuFoa-pfnpkIA~Z>gbBE2f5JSzr-QX2x~3=9PhV{rGVPZmfH(l=)-GN<KR$anwPiq
zbm2q7sCP@f$Zl#2I)s;YV=eF73$b_kOcOEiy_FyKQmLgyAoC;Km6bRahOlAt77oqk
zM8%$LdX5e2u35NxY&`qx&5to<4{@)8<P^P~PSH4jV!f5b?78;vAoP<fH073~xg(()
z%)u9q7!-CCkXiQwEcRpQ_p#WQags+;6i~OBdT^+M*AsN8cj4hVAUxv6Ync#nUN+!Q
zr8a^qB(6F4)dNaRX|?><j?CF2Gi7fy#423C45Ul<gAv0GxOP6RzKwNX6bq*K63*{!
zwF5e%zhwke8c#<c!1FA{)rR8yRGL#dB>tEFb#x#Qf}g2WyZ7)lQyT=Y{c^~s_u6EC
zeg@gRMZ9ZtifW6nvmjd(n)#r4RDsv$J~X(rgMNaRYGu^!ongfg$>_#Ec*X5CDf!9}
z>sowTWuA*%YTm^^v|?GXGL;$eOliZ=u`#p`oZ6GNz~(BvV(90Cmm1I&Yr<{TUs(AX
z`ku4CY|;7jdKMcC_snT$q}=@=Mc*upDaz4@-thLtMUQieL~BlDO1;hE(2+<qGuzg6
z*+<eY)<<4F<aV9~d+L(&Rx+J|H~D{MR^x0ff1cF;J;O2P%)dUNr+AY^wSws6jTW3<
z9j#xFv2y?5_f<SEVb{68)l=OxDCsSb6Slg1qXn_iMvb6chvSDWgm^*!g)~vL(R!z&
z^+8oWmh-O>Zf^O5JhB28M>~O<H68T-q+Y|`wo+@6wy2S_|I&-_(Zq*5;CUF>LvEA2
zF47X>6~T16l2gL?QVp4>lO?aPHn*f#jNpoVvfO06XDU=C%Wi98m{(HFTp%$4fDh{w
zCgd|pJPCB$-8=Yy6JE8<m;uZ~md)D0d@(YmQ*+}o($!~cdMLDg9A|Qeav_MAXJQI3
zq@%I?4IFk}f`K;<D<z!@a*Jg;ZEb*~$JLUtiZVPn-8O*jDs_G;X4?Q@)mYW*?4y<y
zEO(HUVmj@2rsIH|Y^dCPhTU!|pJYckp@cCh7$+mXVnVeSNG4m$0n@?sO$UEIch)Il
zL!co*=yef^<=oQ>u=l*U=HANJ&0iT&9i*Ku!eQjpfHN-yi8HN?mb4UP>S&@ua8&WH
z(mIuUEwcbrE(-`fGd;(;?T)dozD-a0I*kGlsIK?3EPzP&cM`l3!oRZqITe#(0BBw^
z$0?^e)6RmI>ywIKHl~TsS2w5|T|FLl5CjRYyTj3iY?ePDK@f3LUCIuIS{wwXm+9tO
zQerMGvB{O16NWxcmlByhy6#ry`M(GA%SYaKsFoF$R5D)lD=5;AvD?S#Oj<HAbkz&N
zr0UGY&lp}|uR>0dgdd$*n(oZ>SA8}I7!J16r3fy-*$%pirJrXtXU-OO7gE>FFUYY1
z|J`^R@3ID`wC0Mj!+n;6sp+u4)mGJS2DNOKPZw|>?2nM#_<9@FSNo=@2Iq+ItXj0^
zO=8+@&LCG-9Cp{Sl3M&PY#95R052kfipOr3qxYIQaN!MND=*R!aXDHaN1g3P_)BF5
zfvDQf@1&4GkHVsE8-<+50HD~n4HTFI2{&>+zrd9H9#Nt`*-$3IS8V<^A=2rX_?WML
zt&>&Ib-=VBKNc|ghNnnVp4V-w$$uQKuwGS7wc-k>$J!qIC@|2<C0iHxBDAULCtusy
zEd_}TY5H9I0>=8*%67Kf%U4nF%p1kR>N9FUu?O!A?@^ol2ARwPPwI#2_xxy=BXn#X
z7cFC}vlNytb3lmuWLHx$%s9WRALrp<i(`}LnZ`lMtkMA8T2CCKGILNu9y$6l+F)!f
zsjphJ!zY!F(Q>HVoufu;ou~ZK(ue0JN3K+>k5mprOP&rY!12j0ND3wlD%eYE>WxK`
zM*|W^d4VqeG6KEOb@fF6nl{WQM>?DJa}edHK6|kLODB+iw(3brll6f9b3)3bcvqhS
z|BKM&JoY`-a06+}(U2VRs+X%N+;<gxkMxMwY&A}x((UO>QqzMjdjm&i36U6TXu*t`
zE#oUE`AZFqMW<qNt02E-z3>942W`&!c8=C~lm^Z}O@bpBCr1Vz5CxU7>LUNCJUc`n
zNFXcAdOddbHig}Sm(2gO5JH@B>&RdHMmR6|?dZ!d7}V#@4-uRvUS|L{BqW|46XIOY
z)b6Wu9owe5$87&=?B!ra*8OvYIJTrmOD{Yq9{@{be#wMuP{q?t5sD{*pTB)fey`pd
zx-kI~0URXL`Vaa+M~g;I2EOG(iVp)<fsZ~)8AKs$vfWQ1E7LHHjRP^7Q89u&@b|I;
zv7n(83@Gm`idSejmJ;tGCBqi~W~r6}K?5rq{pG*3-_Ia7eazuyO|t%~>zH*#<qzlB
zV+3KFWxRtSbBDL3hb-To-5x2G3flJoZJ6Hy*nCA=J}L))^~R`;haX+{AL^O?Le|20
zplsk<2cSm%0RI_A@A-21YFLbv4UX|H`_8M|5hN05AdM^;!Dzy@#~9Dc`+&@YfC7B^
z6A!&NltXPOKYPe;g=o{KRtEb4$9I)xajrS#?t1N|WYAH{OUMZwCww9vLxC6WAn;)S
z>6Z18{^BX+eiL={R#q@8<<;Q7@X&J<tzSuio?M%0xU$p(9L%~TuKR-SU*6fD0)CT&
zJ|8Htdy?-46c3|X{D^`kfb=jYzd~aT472?JZAPH7u_a~&GWVn>Ly^`8fEiMkd05PQ
z1*pZ_(G&0^&wkK_|B6M*2w7Pb-TgD5A4~0bOG^8{g@1QXsiUJ1UQ57v;{Z)XIb@4m
z4*)F&paGoqTn+|0RLmwo<J4&GCt7gwwoq-j3f!vm%~Jph`~*5S7P<B{@$O9$v^gC9
z-Mn>!%a`1KApR@UA;1TNaD$^b@Q@EN4w}XLuUhdpbum~U2wWYpCi9dSSzXURm-W2P
z>&ki8;7xV}__b1WOMpD71&EfnFIy?G-XSu`hpF8E5ybNCZ4>n7@pO_sz*{!{0$BIs
zS8(-X1{wTbdp10Z1}*~?BoeZ|h%kcuCKbx>hI{iElr_N9)dkl97yyj7)ZxT>k=5<!
zdR{Cd+`QxA47YGNe<JRC{O9!YF?fs1t&L!gd8WFZ%7i*jP!m6zDT&u4HuwwV*12ev
zs^1t5k)7o!hI0I;MMUhLBDwG5=djaIP8hNcm~!I*v4P_`cd;J_;ME@i8V+!2bcn3@
zRPfTtLPsR1<G>Nf8}7lRc<OtS8F=cp->_Q+pNWY*h<Zt8j=u5M%L#xX;sIT$aip6C
z`V=TgdYs&cX*`NQP<}u{I0gK5Rv^N)0oZ{!_*#x`{gV<rKm-pxew7&}0AIo&?_t-A
zU9ouiEZ~WZ2O!_+Z7`$*&IUk?wjv)fXMH=WmzRtP_vLwTlY^gLl9plGpS*A}z}!AB
zY!XWS&A@ItLAU+tb7o?(2aQwwA1eL#Z%>s=_58uN<g+ndkp~IM|Ax!@sU(^nVz93p
z3&Mv4u$E_{3d@3bd=h#uIVMXsW%rW%l85+DsPean<}I@az*If&ODMw+qzUm5`{x4Q
zK462}wBo;aasH!>`0fvPkNAJ$4E%E^u}S@o+mP(n*Tqc;U84`xVc7n~JUz+NuaS_4
zk?wY>>EY?B_*u(E%f;^zQeErmPw?wIO5_5GbEUC?#q5vZiyagCJh493e?Rj7dLatt
z9lDn0|JRWG2K<ARus`%)iG>it1R?ie5Tv{%xBNWyiwPnMDxK0_9~oA1A5w_~|0Vt1
zV!CyLI6fiN{=5FjCR_9W@_8TN;C~$w-haI`;_v}@7PjvFXUNIK--`H>fBVEl#`rJt
zevJG6e3dCN7xupzssHp^82toSZ1yv%Gyfko&|7u*AQpD9s{dIjh!AMDjfhUV<o|xl
zH%}haTXF<D8@&3jU~3Z}&<erU`mN-j3wRp=pBy7{EpVg%xk{77pB8tJ-!P(5^E!gi
z1gw9jx-mNVl}1zR{<Bm6d%ynYPor7*mCl~@j=&jx@Cii}UR3~yj(=G@{vGlEj~CzX
z!;LTZl}O6|sMPJ?&vz}wpzVMCe*U+&+oXlh;HLddn*ZDrA41{QuTWZFmH&GA|2gRY
z`T7SoJh6#l|MLBx63zrLfKTdfV_p8NVt+>9Kfmn%e(eztKey>;)erjTa)#F7m-DIp
zArkr<xbx>1*wXh~0-W!9%kSo|{UFNHuC?1Tkl{NSTX(JD0qYtw2JikCW58<S+N(d3
z0+{LE;P6FOOyx$`8YfT`+W#`aOo!WHH<4TqS_G#@$Fb-Kz+?79v5|Yi4C=LG$9oG4
zUoJo?7Sd>)!`>s{3Fu|%$U0c+Oh~ey&M`6*3gHK?n9)LYo>73psqNJg>XEMKrzXpZ
zl02JpNO{g<pI?`9vN4*iIHE^E`Qg<A$!MHDxloxmy=aI>lj=&WP3z4U@|nt$`t`lh
zgskhmH3pp|JAIqPs$=gJ=Six5+M0~cn*Az}F36aS#IE_>q|hHTikINVzHM|{FC3E<
z<f;FU`tyH`D6qGHn@bC)WBZ@G@$c2@6a6;u6Bq!p-fDi?01L<LXJOmLa7hN{o68ec
zIF9N$m$ja4<7^T@9*=JW`2|Bfxcr1d^}1+6s#Zg?&w!GZ01s$wx2J}s64?98jTL@{
z9sq<aJD|r$_b!4JS_-Vxtjm?!F6zZv9zYD=K-&iN2D<3n>)(CUzpD<o8JRukg`fPc
zthQnZ<U0s0WX-Oc*7$#vv;bYvY?cit(OkfN+z%FDwH;^a6r<B=HN2J4xuA=)u3rW#
z?DT!~NQEk+-As)y-)jxPR<e#VHLFJ!%H26^IvADA(<liXO3ny42kI~TT}SKVn9CUF
z+H93`oJ7%FM`soi$~4XgG7lE8C)r#qr&7~4*iO18*Y7gp*xloPH7L2To-Zd$6N@Fq
zXztE<^YKhLX~h1I!TtMQ{jmpzIDe0=?fTF2%LkVYe#-O`kzGM$S?f<Q1a6qyZ!w;I
zuTSkts(@`F0Z+rRnTpSNgmM&+qXP^cPH;L*X(Pov0wNuKcJ`{zi$d_&W3*JiH!V#r
zOvUTPk)V-TEx-r%Yu+B>;Vpn<i8eX_>-AYpihTLdz~RlViGBSVOALsi+y&e!o%Gtw
zMn^V(M5{HbPz7{wCXjjfFmxrFB4(Pava=SbDrb_bhy8S(3}RV=D#HpxxebNOv?rrH
zp{B4F(v*0!N6`JRft&ICrm;2-D;Vh}o~AVDs4T*ICVSU?h`oKUcNCRVGRewLt68c3
z+q3N9BMW98A5CAn`~R$XV6H}G$qVxpkp*R+AorMqE!hC%qXxiupCuXyTfqawP#sM?
z7r0EZ20(k0#Nm>$LPuOw`<ze88tvgLfI6K8H>uJl8<<luIqa&z3Gr|sa+}JEu;xgJ
zr<C-IE2xoKJka#i?AC4pcQhP$ZVYgqr(M0sa=G(_HVKRmAq5EF!WEfVzo}9TeL##`
zfE<kOIs~(&$f%o<+}&`m?$dLRKP~Zz>m$^~iw)FFHaVU8{<TJLaQwA~pM*_xyh2K{
z*)&8l@gWAJx7<{;*^DYxAxuT0w%bbcZ1wTzUd2Y1?$)Zo2x3E$At>dIJ9zznF8Y5@
z@%K=S!0c%9m-piDyGR^9S-+MdA6C#1d`UM!4AkKa9+{FcAOQ4^cL@&qq7hHfO9?)z
z42Osy!Gt|(yCf?2Y@3-yL>j)XWr?#SU%vgGipnC^e?ENNcx&n#28^6T;jzB8@Vjwt
zc;RHAWVOHwP3kO!9*lOKiB`}5wdnu-*C(;?X}bC_*6yDl?GIXTsfyn){FA|LuG7Z%
zbRUa`sxRGJinQW*O-NVa694s5*~bQ@m!CS~;cKKZ&9JO6Jg5@Rd9@mW&;p*0$7MOk
zI6&1R9eeQ4YW!yy{#knM!AG#45*S?kvnqXmfIv`2b_5`YZ-jjwGi$ovRKx*3K4iiH
zn4wre84feRd=|cArF8Cj-E|E_B7H!|)DNHk0l#f$#Oa_N?*&>MpsptYG-IGYqe_Sk
zK&#tI^1o>6+A4yc(3XK`NvSuF-{Y7cn83bLRV%66eJX?R1;GOrljU}GIt}S|YxAHA
zgIlA@07rnpZyh+XcMr>4FRaVP6(Mn8?(fd8R6S$~4=1JjH4j*xTF~Oe1He8rz&sm-
zp0ci;0euBC5L6_p7-vTH<zy#s#<m|JvIEXkC0tE<(as3f2JJ*eX{AuGPOQSiZUFQ3
zSF!15n+spoB5_C;3uQmw8q0|Yq=veUWJs(6Txt<qk64FLs5Jxxj6WEtqzIZC58pdB
zh^C0}oCEz*Kde2lKP$n)1g@})sXV2=I<N+Q(xD0@<y;Zcw^Iw(s~lOvzUWUgjOsu_
zNeSZzBl7kK{z&XaI7*bF>EJ7TrVr)6?1InhL^gfQyDZb!AfLK($}y$&5HCeG%%9(r
zH!a!ucwPI07@Y3O>z}4OwgVW7mcS${3{rJAF`aPj__)ot&PXI9OSl#+ZwXX!Hm{rj
zZ%WNCQ1_SD{$*<&L)-!QBU!=T><xUK23N(V<qHk4zUuj%cLf|=f8i$UK|o))^MdYD
z2`t@tnZyJMu1*0+@22qyhm!YwUDJbR%*uj+HUsj_fzJTEb5)_{MMq!x$u6yfoTmWs
zn0><8%KbH%?voDTF|6Amybogdmho(8jHW!mB>y8gEresnjJ4AxLYf_gYHMK4cm|*J
z_N?hH4)|QADzt;-@Ue&Y-lMP#TgowvvF`HG5Vkn%&GRv*qy`E@l~)<&ZWdmxe#0u0
z?p^Jmt8pz0bJ)AkUSN2`=*~A-&!O$HVNl?>GnSsjWeXPEl}h%~FD|=*HLG(6Xnjho
zxCxo;XbBFc<}u#8W|bTBS)i|pnx2JJTEnQe($W}xx;$N_I74gK*)r=nzg6l*D?4q1
zn~MXJm4FQ%BL^dtZIbuwLaoeErFpwp24XWZSQq<gy5a|}`-neYQ@mkTpNdZ9`b3AB
z<r2PeOfl4XndoS@3awAW-f4BIYDfO#!0^JI5y_ox$a90DqS2bD4c(*4g%09~aHi2U
zMw@FNS!JWf*v6^j?U5d{CVNO((UYpImFEujMobv4oV|1q4JH@!spezlny8DPrPW6_
zq*7bB{e99%`5T*ZE&b)amQ7kJkDs$HxN<n;TwJJ{_s<jBF*T`GB{_DNC+RGmuZflQ
z#f-YYSs1t+&et6kOQg1JdM{V&H%8rcZ9nn!sBg`tk5+S#!_?Nu*j}Y5iA%3c#zJB~
zBj|C(&I<9BZz+SSD$~sL8;4T;^OHxnT%$*o!O{s;W0g6TtA?hZES3Bou6&tsj|gF4
zTr!{6s4#bG*```$sgq)wwGx2*+8(h%%uD(8#?5@p>3Soj2znUJWxjBj`P>q_()d|L
zLIrn4Y4q7@g5kRXwk7EK@JZ&v^zAq*iM#dQFZPQm>au?PnL-Zr^a?KPya5Br89W%n
z{2gqvseI?s<F4QOhIrDxT(_-g!qjpr)4YN`qJwezccA6~TmMch^q4&<@Q}{<&gkmK
zU98_`sZA^bujbSnTH$NX*vLYrR^Oy+d~9guF2;+`GlVWvz9hb`$YQ!^ZBs{_z<*=$
zEw18o9PL73rCWNEeQ|G|q18&zH>VDPpuD@1r8Yv{H9}>-_Sl*x;;&GPxG35#5x0iR
z;0CcNm-fj@`c#aa5~xdWS%dMGiUr9=lfjKUlW}UC*_IaT%&EO{Ht1P*>mBW!dANIG
zIc@!Y_uZg~vw6Q<<qk!1SSz1d7%^*O$;H+*iQU}%b*_?2ncQSlz2L~HG{V4W;Sgh!
zX7N~v@aVQ<`B+6t!l@?n*_E@C%@HAw&)x*p%uOEz^M4Urd%TkYi{LwrW;&987R`^I
zZ*_6>=H2gZR)M-L0Xx8h&`XdaO$BsN_5+@)in+>4*!n9_`xL}Fzyz$VpN-!qNlbJ4
zVA_Q8ozgtj1Ka<JL`Rsv%v)3e?j{WW^Y2_hsAE;zB^YGWjEMJFPBv*$n=H*4XdaV(
zX3>0TX$AyjSergP-he}ZiAdXW)H_3n`@z&}c?6UlswwtYU4wwVL%Jg7@)la`#e*OK
zgHbfV>y>$dxzhUATji-NX~Gx`zj?Tjn%a45rpj_z%${t>3%SDm?shdTkRg0@_!I=-
ztngLGHYn*sgAkcBfUU(7T2!ZYH4(jii!_X_hTC*-2sgVt&72Whesmhjdni8a#Kn2N
z-`X#5dw@YbA7L}KY5m=Ttj+VSJkP%GPz9KnF3YhM(hAAxf_RW)$SGy4#rJ?p<cV_)
zP<pE0!t{MHx8qF<b8vS74Vx7J2P3fgIvCSrQ-GfJVDyo>H4wT!avkCJTaW?Fup^+c
zasEmKP-d%u?`{thJ@}3|hFO?aIMfN-1yf`LJX8xrC_Xq8MsNUCR-IpKZ|`SWVc8p*
zjW`KidE8UwSw50=zl?BN^u{~hFd|)&0gkRY=JT|awi$E=oj%vioa{7aR?CJ-U-msz
z!t-n{U0&YhFyY(_-rrvy_JM7|w%6=IAm&+`fOH}!GqhU`hz$xE-(nIvI8C!}q8ke)
z5;;`OS_cwZk~_ZRsRNdl7mSz(Bz9wRGG-)6A9)U#HPzo&T=|Mo8{p~*{j?eSx>PV^
z0IhgK7VmUhZI`tEPSbS)l`_=DH7(8@F#;q{W%5)7wM%}V5BXBZx<j;|AV@3oJKrI7
z5ax;6?iTm+#8KZChYUkCZggeKj)-;pMwFj+jhecv4PK{-*&UQKGICZq-!Ud>Jxyzp
zRx~w#RL@fuucR_^`NLiMO{nUD>Z~BsWy`@<hiu&v;ll0w^-1Pl?g|cG0z`dwyh)|?
zT7MFDK+a(8#fk07YGuPXL;2KQaLn#pfEwR#6t+u7E95#`3XwqBhe2VTF7vDdk4e-U
z8W$};(JH&FjcJHJ$a2(ZDy5J?o`4nFY^|=I2o$X0@CZ>l{k&P~&sKcAWkXn08Gf<n
z&zHpXNmKJ;gi(!$$B~uij;q$Uarv~VGOZ{Wsv3Q*DOR}C=EG5c(!jOWzL$Fug*`IA
zJXIwPSq-V=!zj@|^%pHWEpUu)WcT17{l(%@S2;+q3Z)Gr;wp%JHQlmq!(nY#)BQw~
zusD>*E4WHx?r!L|jlRsSc+hRBk2ab40W_H_%NJWkS0GSx`NoTynmqQo`~17{O%n6t
zFyF=}A*^C%!`-}}+orRmC1<)LM{nE~=85}%F@Cf}Yfv=S_qkcPG+?8h9xY74*%#ua
z){SVizpkWBxI%|Wrl9V|@Vr}ne#c+A)M?=md~(Qb=liKoA*G*vH2<@!1MLSQSL;Eo
zc{e-;C;j-1yGvU}JY>CvEBA&pEli0Ny)7I8^nI@5IKz+~xt+$enO3pv0?X4Hhs55Z
zkcUef(pN>sGBd_FZqsl3YFf?Hlh#YtTV#>EX#?HAhgDco#Pjat-n6IGk&>Ptdf7OG
zj@(73|F%nlZzpwWy7XxOO?h-leJ?>}0imGg5iniEfo=B;${3l**Dr`Ic-3|jDxE<D
zY&|HqvnW@xfmY@CvS{;KHN}x2Q#+IR8#|2_t5$G!G_5@#w9t=mVxv43RdEcH13|L-
z6r4501N8P76(Tb=0{^u2^LzrKG4QNdatjnsKN6(yGH?KB{bz9P0TsRKd#8-+VnviK
zW6V_|@b3dUFX^`Y&mUiSe3udNM-IK-2K4g*7<tGy(l!qLo=6%2PK=Tm<*6}>iWecA
zE$tXqa~*`1+jLkRh;h~IV56oagDlj1n(9j;R9=`&9(DypW3W^500>B-f;JKtHT-jr
zijT@fIC!~}(3?xH#b?(ZaD=$A)(LtGwQ}E>XCEEZ&MC!d^|{hyINlhcNCXWj5gijq
zf>&CQ+CA<K`fN0~UN$|Q8ToLMJn`XDgba80g(%_ISR8co57THN!|YlpIL4kkq(Dfe
z#9>s0IZJ*c?<s|>P5vcGz#SSXrhF{I|9c2ZW-+EO#x;DVg=GV_q0FH2mjy^?^NvE@
z0hA9(drdz^-ACP!`S|BU4BL|{kkb~0ag6oPyX@^;M_wW=CYEa!ze{=e@R)1)3A#BF
zQTxVifc<^6YMO_q!xN955Ipmq1A+f+iP!jw7~fkO-`eXPOZTmO>@;&25z!&w!c7H4
zG@{6rk|fwBg919`cCU76V}&kikQfnpj8@v}^Tfst8P{qNru*`e{4zEuu8T4Mi7;hS
z_WaU`DxSH9qfceabN%+%Kzgsn;wd!2nxHj`Hxmc-*N44@d`m=|=sP6Q)K;Y7w`g*!
z3wO5;#B@qCKKe>Qqw-al{xE#EOK_NDXiI|9ju@xIg*~Y?j(bMpC4AS+sX5~*<wrbO
z3+oj>E>+Bq9)Q6_OjY)YO%bJMIccL+CsjW@a~M&G=xZSDv(^z-_MFuTW*_jR%8&35
z+b9qyGPJ+#rXX+epF;EO!9C??KkHn1^q}!VGCE<wLY1z|%U$_G<d*Ez<K&(4`>#0f
ztH%rcOg6m<>u%oMiHJXB#yCX6nkbwoC8g7b^6GmdKc%SD&CeY0Aie(G7VM(hYblv;
z=+}}Vb$2~Cy?O@0gPh;ay}(XnlU{y!&}u@IuO5<A)8?u}zb!E}TJUAv!1P2u5qH77
z*4gx^24|eyb&b8hA7er&1=;Qq`d#z&!9s*OlbTqglJQJSJ-<QnkuMsizR>T;2{s=0
zb~V%%8f7+7=mN;e{R}6Y1@3V_R(8L%Q71$fzuKQ$coUcNxu=dlo&?%_?pk^S;lQ*H
zcxdSN(p!|nRL-WCZKk@nm72k?$AdFlZK$s60cbp0#h$3$*cg;9F}HSl#^Lo-XKp`Z
zr#AN1rKno=J;~CHb#G#}<;ELf^9PSb!%!wTeKfC|57+f*rM}L59*>ejnrR|C+|enR
z-7SG4844b`Psq~~wa8TFYtMa5JeK=B;wd%PQ3o+Cs#6gp&F26kn2P<=SkM5sN%adJ
zp5CTum!_rZVsRCYg1aSsdrNMiUj+H`4Q%^KCb9+X4e<`jZLznvq}gx^IlfmQnhj}b
zv|^~6Yj~ZHRc<Jb%{196+6)Id<p4z&ones3qtX!f;*8o>fesP3$DRtxkzV@0wI_sf
zkNMh?K80PN5i;iIw~%W>el^xD<`xv-^t7)E&opYOC?UjQE}vF!=KUb{Tsob2{j#z+
zp1UI?5T?Pct!_vzA7Yo(Dj*VJ)QPVkP<GAyE+D}XYWejlinHX_f2qLyR*TQ>Pz_@5
zLYiQ>$EF$<mu*Qg&%3j^Ru#e?k+0upd=&G}?#qGftg?$`Fj~M0LDk=xj{o^*z?U0j
zrQ+UPoNclGmP9Ta)YDe0W+)N;6vmg`LFgC*ooe|HtpdCnfjUa{`|hU?b+kcxVL0XH
zyGEG6RdeC@yKN+bzqDKMDc$3p$WK%z)N@m_0n}?$AeAjhxYA;H=(__t!vc%G?+&8=
z2naAo4BoBB;loL4I)??$InlnM<xa8vQl76&_a5ztK2AZR8t8+mYD0Kc&};`V3OkRS
zfv!Z7scL+s_`y)xXZwp~nt7W6u522$5syexr;@Z9Pn;|qr>e9P8V%ar*R@$kx&@rL
z>SZm(G>HQkt2y#`Q>s{*3F#C}tNAe7#{5sh9EMS*ij=C)d@Fvc6nl!)s1-lRUFV+m
zvQKrcprFI+2tcWDsIn9-Lp0T9;7(~TVkpAN7PZpqL`_d~y#?{`>sp^mEm6l|JK9II
zwG1owglWC#l$kAUiEUhI9|yKfuQaBcPV{KnYWR8}@p4RMhP`OYw9o&-6wr%`mgh97
zFUDVhIFja!pk$18Q0aXjQRso4tlzfys}ps2*3RtUaYToThgvi03pD$hV~V{l>S_KF
zVb|&QtGtS8)ku<-v|tGhHebh!g04ZnqK)$+pz@+It8bDd^$V5emUYB^hJ^mKBj6$0
z#AUu(K;`<NqsBAe`WG1SjD-N+=_c0*(=~{8F2XR^=pmR!WgSb!iK<&OIS8!uarrV<
zwCZ&`0uE{&o<Q@bK6=&|?tnc97b=ng?67hNknvdp1_QFFxT`9JMjmtsc4y=0y_@U|
zCd5nXj4dGUcuqS%k!`(mcdLnwx@wt%qpGp5lDoflx5l$Zsy*On@m?;Lqhrd&i!ZdP
z0V#yG_B7jF_VxC8=rCfPi1qMA>QZjYaZMFxP=zgC`{ecYAZn;P%Zzu0C?nmuRXeZX
zmEiMj>vg$n$?g5poiCPYoR8d?scRKY3@e)4vAk!xR|&2B>rA?i*9m&24`73VJtxB%
z-oq!-mglOTH9Ir8^@>xf_&jB?NG%lnZGkMIO7#YerSD5p&UNbAgEhs7R`1$$3)Qn5
z`n~O4D<^rT9Jj+q<t_yn)HRB67t=W3Nf!|$ypZ)EZgV;sdM>IYhY`QG%q5w&bx?2N
zdh??t=t44mYpMkIAg!M0X5A|d;Ih>|S>7Ni^<(`;*+{<r_-U$@<hGK=Y)w*epXWUF
zKy+>8-U@EW-KAr6qWw(K7@M)BD9Kaw(&*=IvUR*}w8>dT(rq_thdpC7D#f!W=sbJ!
zJ0=N`##eNe=AwxfdxlS5?;efZ4Na6oHtrz9kFb<x8`$iji*+@h%&7twuK3T%d-8S(
zZOj(J>_g9Qc}y(iN(JbYS1$u2kD4*^R=xLsT=874jDi1-vqP{FQOt5mmUv8^VIK3k
zGp8%n5+mgU8;L011D=(TZz`Ql{o7NN`n9@KeQ9cL%;s`$(3=NA9+|#2+4l3^elGX)
z{<It-9|IXtNXl)#3EjlbEypQI@lft`g|NCdod~~T)e_5eKIa_C=bPx%g<h&EzP-%c
zt8vnuSn}P7SAl7zFWh!8?-WuBt0%jhk~-<m8tQjYH+Bydnzo@%<E);`zL5VVrUa!S
zk3okI`7qL-#4|W&?s(nx7^RFX=viujx?(-DkDnDRjT);Sv}RK1(BpbBG3=JdZr<JQ
z-N9m#rX)r9F~|LdpL5%7F8AC&h%L&ue`Vu9tdn0Z(}Tf3;hfA7Tj7I$KnQ$kM_;eW
zh`oBlN$KT<9f__Im(ieP0VC)X6j(##Zhn0*nYIwjSH^33O2~qlZf&Ag+;pd9=ict>
z8uT)R%sL{GFVB4vD{ApCS}_XSB)G!%;5t|tF^H)&BdQ^Nz`L~qyTSE(+@J4AShn@B
zR#Qn+``eQICdgioqr*gVB2cgc5UKYK>90g5ms;eBWv6dInFfD=tncs*j@_b-BS}Pk
zGT8io!&5(_S=j#7PP*2fUVg&)kc*TQ1X<<4!*&^Th=n&Vp?W}n89qoA9H+9`z+dj9
zd2!6O7{pB^&{%uE3G~5!)k53!=xL5Q4yF<cGGa4u$7rnuebKwMqjGcl>Z%F$^y=e~
zidDkQY{WR#k41>B+-5abfa8E^?9Y@nC;9?SGVnx<ffk9MX&y!Ww`|>88#@hWjhiU6
zhX*0{6sMj;k6?T$qtHUP^!Lkj&^wNj_e43~M%H}gIOI=yu<)Lx($NSUdN;X4KhkXq
zCsNRORm<}rV^gWACBD8TBf=3-EzkD0>rzs?=d+(Jz`=#;671_+p+}(ZtNf|}Z9HWl
z54U-vUWkU>T;qfbX9RaZ74v$U<0y^SM<fcFcIQz(Sr@hvDMFk|Z(^0D@jxnj>W%G|
zruu9qVs7IpIx|bp!vV}bW9l1OG!}C7(+W*u8SqmS#i#!{3Zjc$a^zz!KNdOuWqJnd
z2zx)%6gQ=lhcEos(qgjT>3bTf5;<PNBDPd2Q~7;3GYY7Kzo~RIk-z74Uw$#ZW-N|<
zqq4~i)R+30+H{qee$-rkZJ9D3kjNilD!kVy|DalhRCnxLkuhX1x?guwke<GUU*>io
zN-`!h-{?<sSV`-ZNrwGw{l6b(lL>%Rr=v1m@qZo_qf!KdJTe6(nl^*tQ{+Y5e2xIe
zeULJroTmu1wi=E=o(H|&<&qM3E28Lauw->b6&alE(&ledk5)XUXm62d11T^|d#B%N
zN7#!5>BVTHJD2t9iycg_geNuCUkp=JfDSyK*sNt*N>A)}Ka^7HK&84`^3tU6NiJft
z{l;$B<qyVP_-3Ypa|hHI1;utCW^+r^HwyFlMOc4t)V`Tt%jh@#mV^6P7~dc!<_uBV
zjv<h#2;_|BIpJ~&zpo5PZT>Wbn_Tk)R%S8Ep)IMQYgWa%CNa#6-xtJPgyNO$-X^YE
z#-v7%j#m~R2NWAs!EEO`JBbgz?ttZvI0{j_P2%sBQ8nyWm8B*g2ErUab9EcxbQUpd
z*_ex)(NXGQkJIAgtyq4fz}z2@Yh%H5<y4%Kf}*4z<@+V|)x74AK%s~ZG=B&hi=Epd
z^wFY$bj_q81O0DCfE$>Y7ioJytBvX0e#cNX@wk2Pj5*LR+`&(e%-Pef1ufr>1#8Hz
zCSSRpMu)MDLtD{KjuSQtg+-53@?l*YS*5F?nTv`)B##_yKBPMIu69GmC3Tw=ovPe(
zYj3G^B+5H2JF_4Zpd$$wZK-Y8eNLMlSgBJYkKl1|*<9i$L7v>dq_y!htvg{pS+4D_
z@GKYlCH2Vp=gp$+fLlqAXOiD*MnzavHNN7S5(M@&^OMy`vXG7p{oDLV@4j;VN7U8z
zZjv_W6(~E@lxETVPpj5nOKGz`-C>5RUxHpzilB04ubRbz=Ypx~iXeUl54*r!_fv*V
z{_a%i^UKU*hse=24N`TgrxTuU&DEc^yfbcX<Sb3>WqoJx{I2}xo1D;Y$0)_HoU4fi
zP1;JcE!sQZp7?!%dHPC=oSP*LPv=(Bj>lHDeCy8Nwx$A*H3C0ZP^p!x)4!b5E=j4f
zq%fPe_b%oa%$lvTN(%W?8Us{$|M{CN4jjRCyE^{qW*7e{{GAy*x12L3c?GEb@oco0
z*n<5Fx2IJU6cio)fypBKiV~o?I_{(foX(H>yF(8GHAP}dL<%CwHQ3$gpdUJo6C)R@
zK2~{6wy=~OXC1vTerZl603;c^)xzOFDx+Kl^;T^t_(y}v1?a6u*Mv_l0ghYLRSq3F
zhs<>x#_LZVs0p9&>-JmF)SWRuP;oU}*J^O9f~7^h%O76~^4n`gm}%6`ySCGMUL^_F
z**G=6Exi|gE0`bYAa5D*c2P@0ejxMLJSa77{L!!mgm!A2pcI(GqmmJ7-Yp+UN-l)X
zm4iWlZ(^nM>2LDv(V+?cOpLb9mphu^8~^>zDTM!W{e%4c5kBjQ^`zCy17=pqzcP;W
z<=n3l-EadJpGbZ~!!E`{!m3MTtnk*tW3ZfQTn?91Q_buMRJZ@tegP)B3>Q#thO=S^
zPb~8SPpd{=#eT{}oKgYKyQ>({FsE#sS$~?B{kXk0re`BcHfURFH9}J>Xrxc|d_+S1
zAPCyU9k|vM=x8X%u8Uw_+Z;9MkBQbIkuoYIT!W70CU4<~9zm2}(_DlbYpkvAx?$vx
z_LwSI9zuT_xt~f;H<w!ASHYz@YeWjO)gZ5Z!bSfhd}S5mvb*PXo0fzO<CCIxwG+Xx
zxQafftLRlC6YS~1ap7FZH$>fy7g~EZMzlYUo;*-ATk@2mBQBUhhWYyOG@9{^^uUy=
z@aVgq-DmZRlR#IrrqXo&WxKJ5*?ch@yXPL%VvLrE866mlbD%>iWS9~qtyzCy<J8%e
zzqF8wF+<uhbsfE_t4u+3I|8i3pK%*UQkL|`I?w7g?PNVTS-ZQZ(%ZLd`QGYn*mUt6
zJ|oS;3SGv5AhTPNaHrqPOPXHUN$`7NStq2NLZ+}gQ!VqCX8wO}%P7O(1!8*q^?yo<
zD1Va=;UmU@T6KCjXG6y86%60+l{O;g#73K{mYN!+PGa@C1cD-<jF>P-6=s1QQm4OR
z`4pxn!z-nD`uy5VtJK4-;-giSJbnQczlhARqgAoMF|rP{8u<&)-^fm$_qx}@WV_26
zlRp-LQ%U+ZQAHyT%=~tB)u!5d)x<|wl!q~TanC@TQ*xv*BVY1I^zJ;r?Q&pnE<UcI
zvt+c=bphT&JS{esf?nFb(F0SfJY<%NlTS%aL;PN4#zgs#dpN&T7h`BozsgR8b)fhQ
zP<A~&QOelCo&xyIWTl2{?)=LDv=fgoGKKsX9i5#1jE(KFD0yM>7G|SCaZXze3^T6v
z+n1beD%b0oofTvXj;7Gc4@wGuSOBSRv%bH<E~R`sgU(9u<w!>?99*fCw`Waf5K#OA
zOw|;u^jfbfF!HQFEBoN~cAMN`K4`vNE-J_r!@}}Gh_fn*2|Uhrr|6P8{Hovj%^o09
z4%cib4n4HG*9MgGmuoA_v)Ti#)h(~4GE=`9`h~R_YZK?AUnVM-kLC+s6%)mDXscMO
z_$b3XtBv7dx;Vd;MvTN7PV^gL8MM;*D|?S40LRg+=WAQ~qA$=rm|3JacenYKjMX&m
z=#;*nYwTrt%7;dgFsC+wreIzBPRK%inhdzju-0>A4aM9bn<$>`dAw;u<<N?IATY_C
z+e^_3#&PoetaQkt^FHd{2QQn{TYfA1PZ03%wq3NBiw;=-XrqM$Nt5SAA!n;ob&4;X
z$5e)*#FTsX-R(7f@|-k2ir%DfKC`Q1T+zI&&~WA*BeB(S!BAt42D!}ruh#)X3Y+v6
z%nECA*OcZfjlSpJn#uN}f-jN(RPOzsRSjWpp`ff`)vz<{pIdrJ4+Vh3R^i|;6zRg6
z)%X@54Vo<-?cKq9e=TT)P$H$4Px&DFlA&uXjed+Y+Ck=0a;7@-Iy>3fgb6wS)PHCl
znEV`WZK1`H>~xGTZzPtDMNPts92>-WqcHW}&tgJadcH?KpBb_q&%E~OLHkAt^QK|y
zPA#M&6_-@w@|5y_s55x~;iG5%<v)o}VmnrFRyV5MJf-OG`G`(r*n69<FJuy32KX_P
z+xiq+9Kc>niciZMiibTfH3}>b<yys8l2s+k-{RLJf2NIuPJ};x(Bl0G7V?1<8Ppw}
zmZj7<j;MBx>8^szH3VOvaVl5EsIL#Qcaqxw)nV3~Gq4HV&UF20yOI@hDnk60Ge8|)
zramY1A#PdZ^9Hsa1<_?QsBDr8W9h|@9IK2N=>@<(7#AH@!<6b%$;*gi?GtGPI%Rpn
z-qy{+rp`Iqws@=i8U!W!1Oohm;mZKON0reHz66)$q_nP)*H2VP`58{kJ7wzV2jt%+
za|zX2OS_DTL>zwz_-$OyP;FG`H<z&H(IJ7`U8#Pzs>iSV?o>Xi3r~@AQK<KQUEn4u
zUGe)m&+oE{$W=m;j;7jXnbCBEs;l*Gw9*OUOW997rE)^4&F9RVMp4lc<Tah0Tn>EA
zUp0~6PcFZbSJWJI(tbZ?Foe_=wYet&27k#N8xNNZIf_Lmq1?8?tF<y*H^cH;c;W4B
z`ESUY*r{lKtYVl`XYuR67-Kp;q1o5<pJgSib^MQ~I&&3ikSmagWy8s^Z^_~tR)aUb
zIX=A*RK=Wb0h1^)M5Zo{3>#tN{|E*C4GaET9Gp(35N+Z;M7c{AjU@*$M`ihDG3(v-
zaXMvCD629*T2Dp3Gr~aAi;Lgl=`H9E4La9GF|URPxoqal@+08|%Xth4apAt&tv;eF
z{KrGWE9DM^hlH>9z?mIU`;%z$>>J~)C^qu0$T#Ftyt~waN$b>rP!%TW525dK0Y&wB
z7f+(pU5-&$tkm-{lATuLrd@X3kp1-^JML6W=C<36e^L^i6b67PP7wrXxF(%1gG|gF
zI2DNkku9kD%8=w?s08!l5WY1yxfMHj>!{STLd<$JQD@O>H@C``fN6Mu{Z#LLO1BA6
z0Kbo}bOXgeqB{zq55vXG?D)YO@7#fIvrrhk?*Aln><TpZs&?U)cC7W@%ir~1e;0Vs
zRz#;eKZO`aQ-qwTmCCS87WphNa=KKNKs!mfQL+@D;Qge7MxZ!GSuYW2JPnhtA{WeJ
zOl&Lr^@P^TSry+tuEPG6Ra(Dy;wi_jZ>|+~v=SD--u;h(9pMOZp&_w2@26cfCS@mB
z)^;G={b47)Z{Vb<XUc<6e(K!G`N`n$(RuSOOYtvN;EYLq)<{f3@m0HKy?f+~#6Y}z
zy$LU%<$}mp<>$P+N+Gmd?=BJI;9I|3v^fV#fhiL#6IH>NA~_=t+HR$hS9(2ZT>^A+
zK8dFe>80pICK!P31xDbkZ!Hg@E}M_%mwL|(2Uc|=n9Q;YpTj!~{wZ?)&lhjuMOp@i
z9hiS+vt{^fmgQF<!+)`Ca*{_s^hq`BVoX6+lmbsVB&aSd_Wjin3Jdw=Q#5zwfNAPe
z5u!j``qxIZF5DUmjeg&L?!omrtB40Do8!GvC>snAgHI$AEB&FkIpYq3FMDbR`LC)=
zV^mdnmpMMpTQ-(RI;gImN2~;4`P%<jf_F9~K&8Qb`*Ks`@Znar@vOswN}irT)FL>m
zF2tq$Xurcu*@b}ZPdH&AY%!5<s}u8AcEA#jR~ptvaWGyIXQk}g9?h1O<K+4&KNLP`
znBt}=gJ*j|-ttv+q<VD1P#aN>XCuK%&f4g44QQN6cg?_>l1MHKfiJ*~6;9g3FuKW#
zA*}6o<8RAwy=-=#x%>H|Z<>wM^eO1S!x`TJ-B?P`Qi!_T9-hR%3(Il;@fnmIh`))e
z1os;nRBadG9p>!Y<#hVKjkYz2yUq^gnkX64H*K}V<B6%)w7$}UVXr)ym|R!3a3pI@
z?WdY%Ra2kIMO0G8zEjTjR-9DLvm{@`?zp_xsj==xLkP2?mQ-n#6%X@Y$tbCJoPAOz
z87VnC9iNG7=PeQ?pt|KlK@n7ypuUH{1oOtX=(yhOeOcr(j@tZkBm{)YSrNQZr8)$R
zp@k{=`U5jnw(%$GVJI5p2X=}2@H;WPy=MI(zb{o!ro~b;Z7<fq#R&KAfxnz;BRf8Z
zLO1gWb(iaP#B1`C#<PnxV+uWlvT{$UV@VZ$5(si_L?UiV>s`J#^p597*ZViFlOQP$
zo(YCEG31r6Ww-SX##ME;1R>YH2TpY7(W!Ksl1$xG+CJ4W+B5Su>HnXBAtqYD&vnoe
z6dKL!^8wz{I9vgcA{Ci!aMc?MH8}zHH$8Ew%sdG%Hsz;EJmxuv;82h5r+gA8G9~#V
zb@!VSG-E_NWLh1{Vu)@q8|w7PV&p3YRB+-5Y1;+P^T_4d)55ylfI{NWKkv_9zg^Ed
zN*6Ub0S7eA&!z{D1_d<3GQCS4pTbEcQL-XdD%TI><(&Y*<eCOb=aP@;@&khPHO&Il
z6Kb^a7m*!-%IjC(=_06={GY52Bti7ZS@k@Mz`@}?nA(O7sAx;UW@%wbk9?7{{ZvUj
z?BbVUil~)vWB`;3eIqS2-8>5?T#)9K6W>at0xCs#0>7K{;`guU0fo)*JHZr054m{?
z%ZTPH;0!jPMW{S4Ms{*VOj$W&3?@I8qb%8GhfG`%(fG<-w$Qr+6M0+jmvx&1==;Q_
z??pdY1GaU!w{eT%9a32CFOtt=Rb(0_MHBEWQqBF!&N0CAy&Of=(u`&<I4KbQMGO)c
zy5uxdsr*JXNez@Sexo5hnJ?08`auk<#no#BMJR|tgQV`)CC|FO$H6kK><TJFaEGFo
zmfW6Al^tEVOMiaw%#WX}5$&d5rCf+6J?47Hu3yQ!D2p*f$NTfjC5IvBR*3TIr$o9?
zv{ba{A3g%rlZ|nB{+pla8S*8|h@Ac-6u>I!+jK9wU3${y)L3!)vV|n6W0DnDEKQNg
zx8faE4nu_><EIJol8@E)#%&His7qS>&#_Y4LaX_&EadLPvfjWb&r_IsRbN%vy*PO&
zY4^EU2$?p_`pHZf2=jkRv`}25X$}N?L8=Qy6|2#k6Wg8)XXDz2l$y(Ux$S?gE{7-I
z(~3vzL2x`ssR7@4jd`f~id#(AXBOsjyCp@>Po8|`ERE)pT^KQ*z!QAg*0^p{)p+D~
z-;;;4ycy4&4+T<k9pBCfLqXa9U|DL$HNtt&?JpY5!d&P-u7Z3Aqv)2uQHKP!vCP28
zc5mDVr5L`Gw58GqDsx)+D_pl#MG?IaULu{&9_u`im7;qqg@Pmp+ar0kJ7bI(hwKj0
z_Hy+}j2HDxdQ#)^%j;i_*2HCrMApJF&L<^f()Uhls&WT!FBU!x${>@PU_9lh<Odsx
zwj0Snn4E<<xx!gCuN$`Unz<5kAUmB}Mt^&!#CiJv)*`ZxZRCStLa$oR)Sti+dK=GX
zYOs$)eRZjv;*bnIT${mbvJU<?qYdiEf2vy8dQa&^NE1M{p|6`kHK}&Kau2cgyso#5
z#X>-DA1=g9JAbNMYat*o2<Nrv3fP<{^$(>A2jlR?fhsC;ZcA^|jsUeF^^l1mA}$tg
zO_R<5+dk*5g0+$G3%r(k0FW^NTlvp3U|-ZLs=H>DWja|no^}nY6Lj)L1$4c6J5(8h
z3L*DnODOo@-DVEx2ax7;<I$|(5(<dJfXwq?oVW2{^T~r6Q~qK_jMtvan!^F1E=oz`
z7rab^jGvR1jz#gO!n04j0@e6~7y}#EUu3UNcdVwBvBFApIIBqSs4oI01J8Muf>`_L
zt7dib#k-ZUauP!-CrnbgK-1n_N#uQ`M&}9`FT6`oM7!WaKfKXgIW>*PuwAhO^<F<H
zv@k0@7yX@asM?%dqKFq<0maKSZ})wqCWi+rY&cc@%AT53M0Cl0S~YD#djxtTV*?p#
zyDIb(ufWNj2_`Ag=JOrdY4m}UoteqU_)Pcea%RbWiFA^omm3sK_D&X^Twu!i82~m`
zcy+@2Mw5j}YAlLFW|%RY%af?T`+P~EG}%Eodhx)W!pn`m^POQhhFT^O-|4<-xfSQw
zSDeBcH`=Z@ifucm!<Ly%swKLS_VvMJmUkC}?tSbtW=k!LDGUN2AuT=`P(FuGo(vSw
z_ieUII(t%Qd@jEXD7ZcrbbHZ+ztu)w#B#fsh;s#REF|PJ0JhP4zQx>9u6<r9^(Pv5
z<|G%=*5m_EJ5YoAfgx@ay#RmW`f{=<TC%Wz8)y-SneB&Uw!^oF&$ZiwEv|=>56jKV
zU1)_uV4|)+sK>a7ruT!Mvj*W@5`fDEZN_Ch0-(=P7ctI)RQHz;p#^@0ZlcJohWm{j
z2LpsQYnOY#u;%P$ao8VT`HMw2{DiyE_m|~T$f{W0ipJiioWbF2=C?a``h>XX{)9Lu
z0fx|lIU8{Yn-P2U*@L`=J`R^BM0o0D8vXC-<Ksjn(H>ppRhnvN4Qd+HmYZ7`XsEGO
zaUCzBtS-D*i$$kp<FH}O<0ci=a~L__u<gb(DD0nUPOy6eP9c2JNoF-0?qV2Zo94ea
zIIUzPk6-UtopByr#$FhloYMD=p>Y)2-+121uqmO(Ee_xn&gQRQvRU>qt=$-!*#1A1
zy#-j5Th~6WfGFaCihzKWg-S|Fqaa-pLzi@S$A~B(NEm=4B~rpLbPXwjfYJ>^N#`*1
z(ERtP=l$OIe7@iR{H}9dUciB8_OtieYp=cTd)<rdoDiD3-BAB4xjDl&th&|0wm9;j
ztzbadsNyl1SI^OCD^0C_SLro!am>ip5&3L~iVBC&D5}KVibi|ivHhzKwRa@FoyU~G
z?1puCY7s`4kB2lznId=K4zl$fTw&xW@wBG^3?1+=5%jw{9+aWe)z#E+?P5T{1ALK}
z>-D9!$8(;yC}Edm;MS!Ep_1Cuj2P*W7ve@k=S1At1>N*m33yqJwjaKgNgy(M%cwlJ
z3y5j<kt5kf!kowa6)UzITR3rGEDWXIEE^4s{kMgv#XHTV59MI8db1+_3Yj!E6xIjD
zwL7j&OQGyS@TLGDSUWtzjrJ2Ue>G&>7t=Zb8{)cCk$0?AU@D1YtqD7La(Hk<)1Dl2
z_>;P#TbB53lKR5fF;F!DEHzYlQ*zm>g#s7Etwez)4yUPe_rf;P{jnyt@Tq{(LNDiG
zwL|~zgmeoGtJd2E!{IUId<>a#Bh~UgdhRE^Z%eB$nevBGrF`V8*G)S+xa3D0tpT{G
zs79h`8QdFp_F=*BI5?x7(a7%-B%ziU`?VFWIo_@#Pn%T$#k{!WIE{RzyC~7Sr}U&V
zl-Js@07v4yI^KBnM(o)}b!D!Zn3yS{?->7wWPLT?^Wys>!ednjTOyvxaObYDg1u5t
z%l9=MO3sFUQ=E-WcjvbGS%=y6lWJZ#c@I;5x!TcOd2gCxigD%nWuyOssyrc*KmUY@
z0%~RKZQY(A_}qJARuI9yO=x@)mf!d+{iX>Y2`pbXNL;)7i6-@KP&&nKkU9C`+`!Xy
zw!f|w5|TGMFSDCHUg@rd!Tj#C?-fm^5wMAVnWWCG+l%vf?7j?A$bFfl`3@w<&{Z`z
zv9>@;MM|9-NfCVQ1gXu}w~vk*UK@)jv&n^X<&RK#zN<HI@6+sBpIK#r<@XaKEZ-4k
zxTA%xuwm;yrZ<EjDXl31y*A0%?VW-l;11UvXm@En3g8lm*)e&=J^f(o>X8ZG`8DlV
zh=e<6-9Wv!ku^UMTCFjl1YpO;T;>48aZVFGD&i3zn<uFQ<zuK1a?TI7klRzmGWoY_
zMV5;f#9BR!=(?eu_RL%^i*V>;QbCSD(&@r`+J0}{u5%Qtl&hJCFtSpGuM>p7b`Dv3
z{9JW1jy=cpqhqFfzTz3%=NB3D-qP7$f)dS$umy+p^xrDz6=Z{li4Q%#?P`yNe)%Xe
zd7A1B@_ebTs9smR9*5zVdHYY~Z)qisySn03rcYt6bc8!y=0U#W`<^;YX?ioqJ-AWv
z8GGiKZDrfFS~-peoiD}-RQ!3>+wZ~ok}q;+>eJ2}3@HCMxC~&}X)Wxu^)Pf^2MMVc
zVp*ibK&F_x`=Oc`a;^kQ?VUG%->71FxBSoeQ~47Nn2houg|`dtu<AdKXeskwKxEgP
zLU?Mwrlz_)6=0IMmUCbI?Bf{K^^*we!neq0fm`L7Vu|!Rk}vh_MJAJ3bBgP}=ryOW
z5h845DX8dsgbEmNbhe3YbH)?o&K|V~3ga_h9&)Ng4DN_jS;j3%Ynw3ZaXojJt)8xY
z)+D%gdMQY51=LPlU9!6<U8*;>SyH6@{*s|l5cmyVRKrHgaMQh(7?&L6$HonxR#S@X
z66)S#o@;aSX<^%4?aBc*Y9&sx<oy~ZTU^sM1+lVQ-P30X0aSLHH2$?E+vpX~{OQ~F
z(g!KYZ(W>iWAdG-vDd7>C!{-m72IEc*GRtpypX}1eRgl8l(5Emz}HC2uB30^cvg?J
ze3g^x_H*V^I$cB_`tf6`+U5aC#`dtqcFPjC#gX*q^nL67LiW@2R5t#(8Za5%ivvN7
zP@QI}%E&Ux9m##RKAEZAPra9K?`}lE>RH%s6|#j@rM7)M>P#|!c`-a=O@xI$RiuXh
z#8QeF|7G!p!cPEAz+KYb+d`>fPMS2_;mFYp3!+rkW{SkAq=nr5GEllcf&=jAH<m{6
zHiG?m9=AWF)g|zix#=XG4>AsQrT%rrijI&lEsnlTWK2Td|IPRXq<_&k;zI0oOtE~G
zRBVIuRX0PUo>-1lS@~sclkmWjyR090K@nqQ&V!5>0=HFO=TNE(+QMWB``Jtc&-as=
z@QH?p>xD?7^FOe}b{oraD(zk%>pwlUD@Vbv5WtG@1f<jU*UW4d+d$#QZK3dsS{&yn
zTY&$>)ZBSSHrFrm*K-C-fF#aJdShf42U4O-+c`-G)R^k)=#|>RSp!%nd7&RHbMjks
zLbi1L+b9dpJ}XDAwv}M<eA%3WM%tSy0bPzc`Q0<rGh@a<5RE&1p8ox}Fi|5fDTm-t
zq^=<AQ>31jPIAv(D^mDl2-QOBmHcQFsQ-nxCx#=l7glFh^d?emRc_^h-v<!Xz~={#
zM^YdSO|9jO<IYOGzV@ZwMl?3-R~G5qS^dvqNc+PTP$KqpP<;~=jj1>rE`tVlS2~J8
z6kT%cFj|4y{=nWXFZPH`d;Z~mPQ)5rnT59Ufz|reBA*bd44e&8DXJZ5hkl(piFtsq
zrZqt>`<o)kSM1o+wwBe*M{@@)djtvI;8-|#$2*K{__3h4#|-(oFD<^>3gwL(KGi=t
z%}wWNThwL4I#Zg<9{`GIy3!tIM3iWt=Jqg3thO_};d&MjjjNpMbL@PTn|4^VB6`&n
zN!hMaqh}_htB^d59PPL7dG`ENBd*54N@&ojQim0mUlrF__cW8zLYFjBp_QuCu=qx!
zs#o%j?^WjQ=&}di*-IOr%2KAN-#O6h3EAe^qV1c_*XY6|+k^HqORGP3FZg&Q4B52t
z!-o+KF&4tEb=;PBsr?_D3X{!Zn%w!MmE+4=tN0vhbW$Z1icF(CG9G>pcpVJc`#>2g
zoL4SmSK+htLzE!NnBBXap2B&2e@NF}NiAOPO~7l$&7xx^U8|Y|hv63`+u=21-y$jH
za!dDbF3wKfCQba>N$*>Xv=UanBarvIKKI{~THtF5$!qvxMa13NxZhCf;>o~9w&tAE
zUUV8%lTTZTW4tY5iS8(VW&tH}X)4ihezwD3kKz?25W8>DlluAMpHpVPK1pH}UzxwM
z^hEGC(>st@2H;u5TIQ53T&Liak}aWhCjnD|?*5I!GnCizhmWD!Y;-_GAS}HuRPMuV
ze0}HbKK>SYf)bS{I1Jjd{n8&R`f2fkfOHO{cjtcZbyZ7zWirp^7KaHa={JbslH3Xf
z=<wDj?sqXhG9QL)T@8}X`g-JedYcBzeqg=`K8LxVc0-W>5^@4N49U!Wr~W6BQD6nW
zB!6_^r0Y)y0zM292_6f{{eCAFd=P7J>;(Y=d_m_^d9w?5q@R3=3`;R@P<jh~N2z#H
z$L`{%8$fAc;G)${$=}id|KXcJdll8_p<CInp8qvnzZ<aRc4Xlj4_K`JsGI$(c*ei|
z&W1EWiSm!XG)ojbXItSJ3UM4+8~IjUS9?nB_2yumAMWF|T@>hJ8RR}NpPv_WOQNa$
zr24imx<v6p;3e<U)0?$V&+O*>=<FS?uVRdgkBsv(Y0dL(s0<T!So9-0yHC0wUVO@K
zh@r3~1S!NTz=-WMyf!WNS3L7Ki+X}@R?cus<l$eh_Zz=dTChn`y^#T=2z1o%2!Zv)
zzqcxJpk)RpUtFY)oph@n!`BCOgJ&;YI)nUy7wtF?A@c~q1cLwWQ+zty&Uc8nn9Ybl
zzZ(aHXdh{>;Qz$_|CR9nfM4c^_q_gEpX<@T3v<c;%ZUH>0>AB69j|bqo^21ba()2|
zHu&fA5xwsELwfj+kNEjRUeFXnI@%lLvEqR~iwq?YNl<Z}ekCK_Bqy9#dsN{K>O-$`
z+7FlVStdA3yS38)Wpsg$ffZ40{J8M{GU^i~ytMacX>D^%GL+(>8mT;%?YssRZupzQ
ztxIPufH)0*s&qschdWR%Xod5z2+flH^>~T9U;~AFuZI4YY5mvy{^u98B_JB+Q4ySZ
z+n|fDKWzgQWNOnPPg}2E5&6r6ZSXrW_!-Ne0h<4O-oJk5{k=eG_T~|n7WTH#3)e0p
zc0kbqA35l;@QM+P(`oguKg-5@2-=HDzd!81=oI|z|5{BF;Ro)%5BikEgA$T<y*7{v
z7XV6IJ|(uG;9K$w#b0hj3V5skd6$3oc&3v*w@$(HU+#jWL-`^o;McAgnRBRExar!j
zV~J8YZ%@W3Hi8KOS#WBOpEcf7jS)O}J&%pyN>9h4sYqd3yD2izt4=v_QP~mbisA+H
zT${9S(pv+qzP1++VY@9xjX}~)JsC=%fNU#P!Ev(T1zw_$11X9d>2brL`PQk&;e58S
zyPz>FK2>1_a;vtb;{m=!J<7tU)m!!JGc5+uMu&@9c=^Az9~MUkyBr6g=G+c+Mx5>*
z0YYZ_B7GtoL_h6A;tl?oc!O}EdiVcg9v_GTrEfRmQ6?pzhmrcR1J2VVVU|Tt^y0i+
zBn?kvV$E73-8JV7m1yrF^EfzOXX*u=yGSAEvN{*fnp^&WY}5mYln8KEtv(&b4&)`{
zMG)Fvuq0_upFVv)g6uNaXS^<8#Wn!m-tn~GOGUdZPM-9>a?k05AgC0a(I|fYWFx<x
zjOV<oO$Zmb(3FGnZWT9Byxo<dm1hVNBOr4|zfn1U*e-E`)>9S>z&`wbd0{kp_t$$<
z;JpAvwjI@9Uf^H$`G0-EM2UazXYPt;F3LpE&M=MmVykDLQ7GRcSO*<j;zhRy>l1?{
z)&Ok6A9BSdRCt?&TiAW^(j`;*1{IODX9`-8z&Jn3T!4LdulAo$326nF75c<IAPt7s
zYq>}t;$e(*1^sLyIBG$Kiv_6Ic@e3A0owMr>Osc()#Y>jQXvpJi}wPKN%K+Ezs^fq
zPW%DsI9h1-9|z9AyySoRV)qQM{QX$~4p|VBGuSDEHlH%52)^LPVYQ*1k7Vf089<{i
z&lR|3lCy$W+(k17yi_FM>;VOt(z}@9GJ(9By=*~%bYGibiDhVVnVtkZkvU^#3Me~X
z(2mD#zVqtDwOE~|i*u8J?f~G-cwnDxc2#SQ7HgAViM{)v{G6Z%fGcQtSYe#M_o51*
zCHF{L;?G+h?My`xLnU6-c<4q8;<dVf{EV!ZPwU;LcR+ezNT*&ZfLZ_R`ka&VT2|zn
z{a<e#kqn%8L~W$bgTMUjKiScNc0{yDrXsyE2YjOR0wk24+2<Lk%*VEZdeVh$pcCU>
z#*6!KKj<R+&pf~K;N`NjBz2QuS{5e5^!i_ta@QX1*%s9i)7`7x!NUvhNjb`ygbXX(
zvaGv4J{L|B^(_UeGii7s#g9vc8^hyA{dk_$%K3gaM&ISTWygT28Ba(qqFUws@D0%8
zv+LrX2Y_Q)?O~ffxYKipd?!%Gpi9ChgLW=`RK6D~a=ejzEHzO6E6C_9#zz&!i}C6I
z64(2iL;T~nx0F6~o#i%ZyV&w}98@7k5=gzddb0{pY1)jA_q05ZCc`=T;|x6D-k|)I
z;uQR;%TS@Y#lg;+#qwZ*1IaqGWH4T%M2aK+6e-m^yxN^9d$S0>f){isV%V*3$GfG{
zQIFyIk?C)5uBBMHb+3RTljigr)>lQ@Xvi{=E?;ylfcD$SE*|idV56Xp4gky|Vk*h6
z*7s+@UR`GMoYV!Lg`RpX1jCwF^*9og345OH7h_R;_kq(j`KPb?K!QIZNHqDw|HYvC
zH(Ngz_w^)jRPQ@>K41ysz8-e-LF0Pn+ncXZmuSM|vobXriRCk{e}CJo5&Ti=QA*t<
z?##g1Oc9!kDGx4meVD9;DcI^+j=QdidWzu^I`(Q^wyOpLu>Ku_9mfG!N9HFd2+lD5
z?Vs~868fjP$9=J)6xtdjdTV!q5`%^I3J3vcnCN5`Z%1cIx-WJ9s1G4mq1yf&NEo0g
zClI~6T2J0$8YN0qhy@yJZCtY+6X1kTb6e>4=zk^#G&(1>>NmCSQ8+NEhg?n;a?jTB
z1v*0Co{>-_utzB_=1&6!yREq4rGZn=&r+_3T*nE>T096*6<;ZzdOh@1^XDMf?np54
z7-HE5p8sLge|rh=tu<xnlEmypeMq{?%=bbMjP6uw%nc9-T(a)`5D51S8CB+p-UY&t
z?^8Z|u8h!3=4jq3QJa2!L*ZcN6#-lqRj86IcH|+H(!^?5RbJZ)F;jleD~B$%U&<?@
z=*!lmphq8sbJlQ$k4R+bO{gKvZJzKBUOmNKGJfjpr85pm%T)|ZX>XL}J?NlU@q=r~
zJQ3KsQ<bMr`M;<9e-HjlngLTTA^iJ#D^G_kIA&j}g19J6yWlam_qrKR9&@Wj+xy)f
zJY>_OtK<qy%tH4VwU7~Swzs)pQ3I~B-9R!nOFc8vszeD{tn*Qd1UCHgjM-xTJgr-A
zb^;n*=IHnZE>z{6tB+DNDpo;{NX!Ct7WR#~4uKZ;<O0*C_trQ@Namu`O6kMw=%H#~
z&n%<bno+i81nqQtqVTd1)vvcI!@pHctv>xfdn-ex6+*c0_VTN%55um%>N3s<z72pL
z?II4f=Zf^P!bUZIM@OKEIZ7i-?Q618m6x-u)7@(XaG<6V3nqIoL9#wY{BTpfx$}qa
zZlO_afJHT3a}~B`->mo3BMWaJ4rT^4g<i9$Fx2J=-3>VKqF5~^9hI=)rR2v1RQ(+B
z^-?h6hMHr2(SJ1J>y)AU5*dc;iJoJ(DOi-xp?v7Y^g}L`v8yqu13ZfrS{(l^&M06(
z>s@b3z5C9Fc}wi>63^A>1v0JNx-O(%*<N5Pz*HZ(eR9(i?SYsr@-3F2`RxX|@alw#
zF#vFj=gJz@(kc&ZWf1jgj%JoTz>M0Kkdo62nPodII$`VbGe?89h|Wu#2;8A&il#Zn
zy<?R+aT5Q7|NEc7UXtrlOdBBdc&osHx-Mk_f;bl-4YuC`tn_$iid+z!P=}aeA&a^8
z#B`^LFWfHEvN|O;F}2Dp+*hMfKuRaept2M;0ygq@p!3BBREcB8s(o9)@*e`N>kV+o
z#;K*tKhLQJQBqq$spB{YzRz7y!uAQU%~_po%#{T4cY(qI+$NE>M!z<oS`p6uux4kH
zlqancicS0JeXeKVm!k@+&-ag(LyAf^6f8#o*nmpWs+lDfQ^St6$TtDumzsMaLT>X+
z;3YT8+*xS(Y|QRRqs?h9H20cxBQy~=!NFJ(0`cxU;?&On%;ri6ulQUY8J&2P2-Iof
z&(RC@8qE-MyH6Bb_oRV<^Jq_&0^orZ1n^gG+L8F}TZ=dJ+9rMGe>BcCWhMs#_zn5D
z(ZFxQ5d%!7>GClTuHRGyT^7+LJS|}R-T-S)u5%2;dtN|4_Ga9dgj_+F!j1#He*~VE
ziZY3J04L;ujN3ab2psD<VnO)bmiK8WM~BB7Ftpk#08>yl&#?Lc<Mx16Ey?Bk?V~~<
z)guc;yV|Ott5qOIH=Fq$bL2x`;|FfoE<o2)4lsOL*NvIfscQgVrW?p$3;|K)S}ceH
zZjV-a#_eq_g$yna6*Xz>ZwhSQJlY>W{tj3`?2LY^ft7=bwyGMe&&B{q`&!s@<@%D&
zPp1`qnSh9!VoJ<4=6{_de{gC{=c^?~h`3X0r;8nT0TZJo7(zE)J{3tpU!fne*52x|
zvuZ-YeF(T;Gn+jsaX?`$W6@3gU^R%wLO;Y}Kq8|Q<vJ%1mblH0%gcsJ=y?A8ypZB9
zfF0Al)+Sxh)|qgwPemkeevX9%e_Y&m6p4%YN5{p5Q)kSi(_VB?(l++0W|RWZR3Dn7
zeIc3pyXH?rHOmGDpg1%0;~%|fG$DB0?C1Dc{kRY^`a5&Uu$o?kmI^qDW*qmxEv6Yz
zDVc$g)mEG+kkRWdFqMHNk^I`zA1T2uM_wBK<Kg`GNtO6`=6v(ZB4GmrlwAkqk`9<K
z(l))HOoD~RE8G!T&rl#cdu-$0yag^7_j*DMa4OA2cmtNuCjozl82<M4@5le&KjG)(
zNf3jNX+6=PE%Xdxc5@)prZ4*&_^4^nA6m|Vr~lVb&p&!1VIf5e{bx^ndKN!$x>_Ko
z2M6&0n|8j0$I8fpkwL-ZuW8`<-G$}~C}73c!Qp%)bn}<HlSP6>=nX6QXTH0k68!eP
zntBi$mMxD}>z%!Hi-{${>A@AF+i}78_loWV)?1{Tu<_64I)@Ytc}rO8_}5@U@1G=q
z-}O?Tzxa<_f*Asg#%^YA`j-JsD}uik+^FfY{r`96z|l90fM17Ow!FIV)9;7s1$vz`
z1BR~^%N8I5CXRW(%9<98<2;t&xw6QkFiKVq_oco#it3*~{o|tkwJp+Az`E@n4AT8P
zPXeD^3N4e!2)@fAF8=5Ug!Rv=lJ$8B&Rj2*7_0K0DIFfZ_+4?i=?OyS|2%)1Pk`~#
zJZWbBy>PsNUZiF<Vz$9{Bl-8`-`=_%k!!7Z>vk7|RW5ZP5oIUW-T}(hY^ficW`}a=
zuKKz)#Bsl5(ysQD+s}_-syp@RL*fte6LC?04g25BEZPBl*uu@}6ThbRdXhxdDQ=mF
z%MRJ5W1}_KOj;X!6Ht$dF6v4UMpHD3UZbtCnyWr-VVSDy?6K(T@M{4cfKQ-bth@5Z
z#q7dcD>MxA`_%nR4d!UJlR2oh#C>V3r&bzopMg>rLSt|e*_15bDVp4Wg-3-FY|zd~
zbI!e=_V)K>kWd9PulmgUw*|=JH&B?A9sbv*F9&Lqn5iM}HHmP$UBa&nQ~RmMSx-F@
z)Lp&*<bs@U0e45{cqi`J&k2&S0LI#CXA+5@FSA6693pPhbVePP4)|~5H8?32XNnu^
z<oSd71rAaHA2f^$8T-An-++B$x?b9O8$S*uf`W_Xp)mnzB(D;GKa2-FY-%~!Met7}
z)42&o*78a4!mpWKy9T}uSh=C~6pXAv{>N1)AeIOI9P|l-t9~3Cm;P;K|7XUc`N0}n
zyP9(T8t+A2FjvdtM{T}hJc(@X-QES`IzFK%2!`&QXAKP3UXUprJEx34xPh;Gd1e)L
z<(j}#hd(`d`W|?$;7V+l$*%_&8i5CIj|aW=>2x%qFOnM%R!~R3-2%?y$M5&PzBBcC
z=GxDZ858a3&))xIB*tV9=B#J7(eSrT7K7bCSbKO#)z6=}JnRJbo?*mK=4-Gr9FNl(
zUnTquGr(xClB}W<WIf|;AO2y3HOmHGVQfACsRf?yAk$x~6Mch#THon@YywM>@&hKG
zA~T+qaw2Y?_Se^#fj9WIRt@`yvwOc6OZrL2jMdvg;-B07Z~p|Qfl<GCpHKAj=YfhK
z;)E|WWC`6DIV!xHL;wdhl=p#vw)x6J$pC-M_ZU_ge;8~ZBS6FFl6FPN4={F78=`8T
zR8v0TEbCuh=sb@DDqm?J+5s_n(n~?Bvob>{*UWiF#|1%BDz<lD`d?HFLB|MzX}&n*
zbpo@DpVliEez?L}PX29ZzeZF{GQA^Vf#!&>{`EEzOriuD&5BWm{mb$6fr^k3CEs21
zV}h1gR@MkQfwj3Fp+{xP_CuAPdEgEcmDHWBiTFgm1uppC`LqPq%V1M&0_jpOULT22
zz&Te7af;`BT|Nmu0>PTuqJm8Ft5%`?;H{+@z~$l!=|~hVV>2k#U!Utp*2!#HYl?{Z
z{4i(pTGO~H$FHRdJa_(wt03Wd!JlXBZ<GFOOGrEbK18v3xc%WT+ldy#JFShDu<D{~
z(Sk11XS|))&5qZ3&)`<FarmfcBQD+isf2}Y?_<kkVTa==Kah0{2#L+pz71}et8+Z2
zlPFO2RbZODMt(S*KcSYXOb<(Xp$hzleuKRD1NV2~4+B98Ul+{2b%h5$00f~(QBM5O
zqcwpRj!24h`5!$hVz0Ce;T&}QcIT1J1}P6t(cE>>$d0UQJkwBkBDtl&&vTyc4-Qd+
z4Sy8QR7#Hjwy8(pUGDmrCODY8Gi|I+)T`w=(AU0B$9$h6B$iK=mSNRE&t!Suh=$W5
z2ZuetLDD@pF_vK(*Y}AT=xBc11iZl-gZBcqcR(U33NH%B?K$R$zo76ORtatq{dPEW
zVh-qHxthI2*4;hW@f-K0npnJWrAW}%Fv>SY?RRbfozK|pxkQ$xE3S$@%5PTpYjzvy
z0FOm{>Vx<&?NLWqEIlQxXtLs-%;Krwb2MyuK%KKWa_{slENs=Jxo|m2r*fMW&SM#A
zH&mrlbA05xF_y|a3)tg292N7AQ5nvr-{J-G#+43(f)Dp`@w@Nij5vT?a7wLmREbmF
z1DIHM!;pE4{F|FHtZ6Fm?>z#!kU2*~aQjBB>@6McPTz#)YBS?0wzYCKe!FS@A!HT-
zV<V`-F+^x0y1zg@)9tuG)usckUKSP7F_U1UQv2(;|4$F&g1^Eh_#e;z4ugiS0*|UU
zsP5jKLuQt%QzVTps}z=FL_m>u-Xy`8zpeMOfo%+Ceq=k-pmKWPuvUJd+q^I*sP_1%
z(r+JgGw-p^!!8?Sar19)Ar%`|Wq}>5UVle@UcbW4dOG6Bz_o?lK22dD_qGGIE!_b~
z6RYJL*S(vEdYs}eN}Y66e9~mi(!Hn1sZ*t0;qJ>N^-$b$vlbj-HaqJzzSs+p7c2uA
zO0b9D<2bR7E(<rPTR<nXwgda)-6)WK_CKlsneT6%EJ>?#*OU&7V(zSeA(dgxsB9|U
zXEQ96I!i6~tv%Quf@>19sq$%)vDmL%sZs}}4OZGb%lE&qy__8}@le2hEEaQI5OWqH
zi+&>>*W*029QL<8`0G5V0I_*Sd^F*&;~?4#f4ChdSpv&VaTqmQoAf-_x{#Udkj<r&
zeu|VDF0bezR+2}=t<KuGeFj|Ypaj$f-BG;@FMx8Z>YiA46ZzfrV%So@Kno#xa4<>@
z%~IJ919voT_wV6_;1;cJ4n?#zK4{66u<+10h&YAyT9lL)>A{VA=H=+4y7R3xTS+LA
zC?U*8Ac1b!obOcXdI%hR_g)6w8x3~yfr90;W*&<pIxFR=_T?PAEkJS6e_<pmRXmSE
zkUct!x%EYdD2qZIdyKtanNMCzx@yV;=7CEsJc3)Ug0V^qf84*1K|HVca=%scXPCki
zodV{7=Pi#qS!_&TE4XSZ*%&=)IY*A9=J8m*hw30@9XzX$DCAx1<`{p#IeNUe#JRiN
zqcQ_>GT?$+CYK%-Q<cKY`C2VqL4h|=5vhy=$Wk+PGK^!Nd^yghk0W}q577dWwCn@=
zqs;;Ve|cR$c?w<gHE_v{L5}-d?xhdMiB{%l;P#*(E%nxeTqmzKv`o^L>b9;%`$jN3
zG_|8ztQI$RN6_iV6AiJlLVdTjuP#8QFnD>XeV%K?C($TiD;)%wkJ|4|oy*cL__(0%
zr0oD9$kC}rF9*ET(v%NTfWDzLEMM&D5Q_m48kZ4H{=?P2WjTh2DSiiCGHUBNMQQhg
zf|(Dy_iNC?r3~VpNh2=pf^)KmdywlYNg@uON++1TMw#inc<^%Aev=Tn3in|s#a_3K
z!JZMyWo8DzfRG{m{p^W+`>|5k!EWY|bQw}L<*89M=ZJgAmFaPs(UsaUp0c(0h;^ja
z!{r7F()f)e*A<jnwnmmy<z->MUMS`%sp1YkU$b6!8ru@QMVAILCm$t?GPifn_!hG1
zUj7y0*bLTdp6*W`w`hy^6_1N)?U(~9_aFg<oyP2Lw08I^pEaui5(?Zto3|uC4#dm{
zDn4(H46DuZzB$D29r)5KW6Sq>Fhj}0-29vRU=~<6o8fTYc<OpA&cBHt67I1YyxSkv
z1<s7unBmfI;NUb{pQbij4_EKjXD)Iam%-eAV5qWj#3fT3G(?sAAcG8^3(J3_ztme0
zgd5ts-+U9F?ByP?bsiSM`u7K5yYlTilB!4gEcO;{bLG|zZhVubDgFUKwb*#Q@oB~g
zi42vxKOLMW2%Oo0gUfZ~qz?JDfoJiz(JKRQBP+Z+EY~Mxx*)EV-nh(Jr}VId<ZhF;
zJw47V9O=qJoZ0q4bk#?DY~BY2O|6e1M7e&RF(T-)Jb*0^v#~;R-nGJf?>h;=jzFqE
z8aQkCkEGhw@fW8Vyi|e8olfm{bsU3ex+Vh39B*y4TH_l<EP;_fOg}V@66dJ)*)9&h
z&KKCqEJ@tbO2c#TAqy4_V*#KRGdXU7LjQ{M5m4Q1PJ2Po<^#cq-gWz=RkwIkyxhjK
zHvqSE{EpYgjaSxYz#bfY#oSuu%(5y%3)g8xXRWg|vR;ploSVs#^g(X}Awap7*n#~y
zyTSaFbF?B-PyH)_Fdq;f-^Vx{A?R%c_51FO%1XZM5EFP5cIoycmO^CPmd9dmiC2Fp
z%QZ6}XDHAe9Ug2@e7NwOlW{#bwC{;sxyR_%fC9)KwcVlr(p&97Kc-<YnnAe@Ahc<{
z@+G%DAnaJpY|Z$ZLirxES>LI?$RkD2vf+%keWUGq615!(KmBXnYL^G$F-&G407Cm_
z1lmI^teHmmtLJcDSeZKGLW8`CQT!1pQEEWdl1FpFu;t}aOYT`X+?o9fkL@Y$Nw|Ys
zUreFvoN~|Fex=(hetU;Dbhzw<ox|~_tB$xQC}@3m-FJbpp6GbK4x(~Xzzh{kpGu!J
zDw;9;!m|4NtG&~_6Yq(W^QsC>UTZoq@qCkatQ#!oXm;%ovxP3;K6+Adl9cJhvR{ja
zoA)N1`C~Bo?jpG6sFww`|2_$Lh|ZW<boh5m%ue&kNxDq<qz>DJ^P73=ZC!ZeNGFm^
z7LIZl6)Gw>Z-I8#lS&X1I;$J`2wuNs6_pYgY@w9LXChq5h8h4VHdfJKQZi{FX&VAK
zwPr2X<I6n^$FF4e<a;dImhB4j9Jsomg}oA5Y5Xp|R#`el8MV4W`Zh>PZu=hNr^0zH
zB~KHP`7~AJx;GS9AE2o?qOAuW`ha?deZ?m{UWS$aT%Q&V%ZMM@GvQPJ-DzulHxn#y
zkeUh*0BbL9mA6$N^%8M2u8b-GQn>fLxx1h3c0x2)CS5a|>IaF!!{ocJ8E-iZ8Zj=4
z%1!d;xuJU(FiK~kDL@nIO|d&cXBUGE?53yp#5H@%ICfS`Z%S*vPh!5?dTJje?&J0Q
zuj3)1YG|2Wkwr;XB%<#b--ym)j@m~}1J3GAwW5gqsNf{~=jb<8A2xv&uVeO_jd=&T
z_<_Xwbi3&`5~S^Axom-EVg~o>m*=ErT_3M$E^m65QLX{Z-||jf#hko@?*4}ur&`>D
z8S%s77T+i#rSCDEbEk5b!iX!cmH>$#!{W1JT1El4ecDN@vwcA}_|3yHt~FqAJe3Rk
z3zdkm4e|-YBBXQzB_(WhUwd}BNJ+v#d`fIJ*q}eGVXui~F3~e!aDUoU?D-48BbMyX
zJ^VhR&d08iAFXjz`&|vSe!Pp_UtunOpSNurgxf7}o+1{!IdE64R9{E^LV<it_DaT4
z@lxD-%SQ1h0x3<hS+5H!tD&Jsy@=O`Gq7XZB!A45;9LSLwU=gS5Igcv0n6hLvYW0-
zAyplLudK38oDj##N!{1@A;Yk6ZF{3~B1TJ|Fi)tsRNgRs9ze|OX)U^Pt{5$um7#5H
znZgSm1z8>JTvfK#jml42?81XzG`+~QhJ?zKg|Pw33yhv3V#XgTg@&vJMBp^w0Did(
z7}0RC>skiA5a^<10aEro4al5nFqC<1C;3$aZhk91XROwRkjTc`?xFGm)sTBN-Ypj1
zKCPE4<3-SUwbREqa#4=zWo~uK5hI!)3PFskATi0ppORe?_+*}9CtZj6@2d?1{%X^u
zfUOBh6_TiZE|YzB+rFGP8}rcRA<AIhf;P5GHPK#Z(;Q@|9|n;My+j2+FSfRNR3BbP
zb*_=ms#C(DW|xX*vzSa+unUni%`Xt0Rd*dpU=AzD8!o{GPv_{BC1v^CGx_4hQ&n6E
zvmu0k4X2Jf&9Hn^vx><SP({p#3e&mGR*h?~j)5$EC^Ye92C7b~vbw@5RFhSsTFf?9
zF<GoF_abg^(R&JltdeMxE;0-fO|ANDA?WzY0g_p4>siJKRjsd+OyU|o1<(T3dKICB
z!m;=w`J@}3WA0kA&lN|d3CaDd_T9(4HI<y456Yb@?xk6ulB?Dd_v-j8N$yUX#k&Aa
zbITisnAtF?VQcOA{jvrs%r`8&$LQ{$yu+z7UVj*yVx?msshZyglKjw>ihT!HcG_al
zCnK2JshJZAcmh{Ayha^h#qVcCac-rVe9X7~bHDqXyaTBN4%tcEIET*qgr?-}Qq+BF
zgN(ZOhSiL*9}NfXLAyj|-0J(ri0aP4SBnK6$J&0sZ>#Tp(@ru#?1w!n1f;NZW4?h$
z%W0*fF0Qr($q0dQm+*rPoH%nwSJkd#cn$T!`G#xKA~UteL>;LoOS?>^6(+v0>>@^z
z#gT7uvg0z<iv{*?h)`RH7GIuOwt2hF0ir<jms6w%Q$#FkXCDq>YB!(0^{-w<TVO4P
z^o2p)lzH#`-C5Ub<pJxYoL*ShYeC^{9d-yhhv>VhGV$(p5*fa2dr5CJ@w?Uw(7|4a
zQ2?M>p&JHCS@3mByOS;FvEvyCy}2@qux!}ROMd9XXum%h-jQw@#c*U9WZ+;_@_s#<
zCHOmyWr7JcTx)=nujA!P!h89~?KIkR0iO}K><A-0P&GDByg<++#Y&Hk?LSJ#!TXQ;
za-889=|L_3{v%M;X_2V=axH)X0DI~A!;2lAhXxhjl?>CD^-+-lr%3|>9%kFoZ+|%E
zaAP%Fv^=uSYdho3|9V)Uh!DOfYCkeq5I`NvZe&uku}fM-au}eMxlMWGDSMdo7-5*P
zIR;!wYF0EH{e23pa%lR&aIE8Txg~VKHhl+Jv2WibW7klq{obZlE3Q10uHkc7!Y1kp
zp}yN66Cx);y6WHJCMj0qpld6g&0Q;W;lp32IO+D;bL>Cu^Xpp}@+>hz8bpo{uDg0c
z`q^}RHvNRAaR@+4=(lE)fZfLss}`eQk>PCPp>W!JPO7q8_k+&W2a8$@To8yBbX?J2
z=$SKtB|_<Ky3<~Ot4Ct>ME*DoYc*30j+&A?`qe&Lug`5{-G6GCoM_zsMvdz;<|W<L
zt{K{@MfBE5PYUNYx38>uH5LRg(rOzgQC~M)8H8+urg+C`i`JC>oX5QXJHaJ)ic9O{
zvr0t!{kuuN)7!(?Re`P(slse!WOuXu^X+4)Z_=;sbp4nZL2XR;!Vu3;O&)}B6$m2-
zC?mcb(ix^hO2v@%#WHH4hB!plsLD)EcD{8Kni({JA?6<a5Ejfg>*e3~-M7@bGdD&c
zrxFr<3R^(e+-qsLk0IOjkwnA>IF&wles+DmcwxKq?mjImHV|C(tQ>mrWQLiof!%nr
z%lA}sD;DSX;k8%8NCcWQ13e&jE82*;fsQ<jEi}(V>jvC|aHyjDaJR=&M=x!$6rjVX
zmzM><+r1fEeJ>b_>j>vmj(v4adT=N|Z_jmS`{{G$Wb*nXKQ+SuLBD8rujpw4c%6OF
z294&LR@Bm1)7$Jh5A2vEuLiAsk2u#E>X)84PeM2#6Di+4m$ARdlXCwtBnp_Zr8G`O
z>4xd((bj<Fx2Y)l!{tu%x{SUHmL2dV7*%EoY{5T6ouXO9YxM)KV?XcX%l*~Thf~CQ
z-q5(y;<Z;bOFg14B=lpI9L{TCH>z=?ETHj}Y4e<>lXzmsvc&A$EcJBPOyz)l?b_1|
zIOZ~>e!&CK3sI~{R$Ru>#=q!T<h1yk(L*;O5D^z^Fbv4&dX|dr9m;lO`MZp3k(gzl
zh5RuFYXGTc_#iI%H=Y2p%OGvq5SuP+{t$#wH2ny@rsH%UF5^!fFNihl=!7=qvX)L=
zvDX9CB#|8nEn!xN&<>7s&=i2^g05rHaL|}UiLbM0KJhEFiL$|kgRkBo26JF64ZtM|
zEKgIZqt*_|$H++@E~uhB&bU;nlxqn{eO#)?-~b+}P*1#dIEsYR_4eBO_aQuH_~|E$
zA8w>dW_I`-LU@*)xdty-%gz{&Z|+$7QeLz7or)NkDL6XB<h-O4Fw8b`dnL|zZa@q-
zA|*IZ2i1=EwF6tHg|6NA^OL4SQ>)8Bof}Io+)xJ1uPBu>h3O#)@U13M^B=?CjJS^8
z@*3rj&Z<A`FJGR|Z>N3Q#if`JAl+8PVE<R69Fx2Bks9%I&FAJ8h&_Us&5xhl<-fps
zzZs;udCOQXKTQ&JjeUE^K*($W<owVYq+~if*q6aCBY`js&m8gYa;YwjYLNCG1OFFN
zUYkAzh*`i2WPkK4DVM=4L?xg?YiJdux$Xwa&^My_A%uym*y!?=j%0&8aZ4ZpAy6OU
zi9L!wX2@Nl_UhRCHdd5dZvw-OQaJ_$vaQ{zw(f~GNtTJ!@N0>~dg0?)oum<Q{%CJ}
z&d7PHQ4NjI&eHT}@x8Bv+_4_cpHPtlD0o{AG~3><t<NJS>)CK-$F&T#HJrE~w%YL=
zS5rP+8bI{(H7v9a`f7-<soM&y(~DgFj9$rf4y#=0=PRoD{rfuK5m(#yEOp%p;<M@H
zl^lZYEwFI=^xlGVZ{1MGsENz)dN~k2uBaxKKp3dD(d8ZqU|l!(K>Nznn8dAW{qY`q
zg(aRhXwdR_bSImYZtt)P=!&&=qW5SrnGg0?s+){5DN9Q}7MB)pb5?g0L+$lv{T&6}
zcA}}tmY1|-de6K0W5w-t)BB;){@+L$&=~{$+wH<_bIr&7M;(6KLuV%|B7!fu8`;-&
za2inM7M5^C^%e_d2C(GU`we3@?}0gp(?b`NkVp(~?a|sZsh7F47A{uVt3-JVnI-zR
zW^q=t(UxBkKa!oXhm5o*3XHGV7!Hs6$N6n`$yn?aG%>`%M11w^)sig_6{C7TLd-Hs
z*2~GX#68=uxcVHvg!S*&q>jhAodKqOtbbF<PdQke?*Tq1*#^5gZok_uQdC;I$2P|q
zJ>I(5;lw-6h^ZM`d;dl(uBbl5^;c%-e*l=DU!9i&=*V@N*k5tp6A390=v}aWZ1E6E
z#Jv?av!~!X%**yD#qX3bYe@Am-Co11lp=Q%uFbWl0@t_ZyJWHpP7(4Q-LE2{&qk9e
ztN^cUG&qoJAQS9ONgbp_$Ou_vgal^X1X-;nmZZy9X{+ROQ4^WdrLL0Kg{F57%Ie8a
z=hQO|GeyvI=ppV}bFrfNyXo5X>(%OvLy+Y(B9X&oPPnW0T5-bRanH^%Bl<q`I++af
z7*ckDR8>Q31^&DM#Rl;t5LC*g(fc9I_Twq3R?T1S>Ct6zeF$+kYWS0PWJUq?5dy&)
zsB?y8Aat`rMyS7NLEf5U@B%}<dCM#=Vk_8gU^NqjrPhQ+9>V_ai08pYZe<ZM3%_#j
zA5oljXWh1GiuN-!lvH3xTmBMyT+NyF2A;n2%)YmdHDP234WvzyFDyl14Nl!{=iBtk
z<h47BILYpmEpAR_0EJBvV$2Z}b~qr)GOVu1<!<v&CZkR$9De9yQ09=hJ0!A{Q}lp;
z7bH&<@1bi3P@3MqZhPXioo9~{vXNlJ`^v1&v3a$v6qHcFAAzHUt|}_8?cMFYB+Ga`
zO6|B)pxL#-YRQ(8K$wtC4;LC?I5Ta$qg8M2F}M_P$N(X!B;HSH>gp)f%3wr}3AfP+
z0Y=bz#T~gHchQzNci7T3z71kB4dciR?1LK6<T$}wb6ZLwp8Zr+wO!jC%gcvv#w>NC
zrl7k0Pc}f4R||5-n!I@&)$kX8agtz*QII6)$diphV%DxzFLs0+nFK=kD~7G--FMVg
zyqV{+S03|Vf>|8*J77|^A%pz>d&SXMcMtE?KK~@QL|;XJST{}#7o~Eu_TIx{q5M*M
zVUOm%h+OU-9}FwBh80wzdIX>5?$PxgK|b}5pynRvbazn-+7&3P`8IC0P&fl1DrT5i
zKZ{HEoJ)>gxA-sY?>D6M8_a0{*#WpVE*|j<h+~q(X9v!hW-wf5C4h@oeYX+H@w7ot
z-cYEPcYNN)p-cY=aowipjsk53$pD~O#q-uk;~|711(1kW?7USD(<Ow{8kaZGt>^~@
zJM`Gd0?s2PeePgsF%dT(TYAbfr#6V$*m!z)v9&9re1O&=`A1=35b-ylS`c$RnkFmH
z;qzCB5_;-)hJUy{7;+JH|Em=N+=mM}maeIW@eP9!I6hz{irmh&vmTU>haS+*Yc|I7
zSeC*)kGpJKr>dFYklUvS+4*<UVvazXzH^-KwG5ZBkX5I#wbx9Hg*Z;gezi~hgTMqC
z<&|?`sNt{OZolx!u90}-@|8n!F<#B(<r-_SEl$W03h%DZ6os7K&lVR31%I(^;|{T4
z=AnkZ7)_XP89Hsh2$@nwE~bysnk^PC?<m%Lp*mnG<<*vC3BZMnJUxEj!|kIUr#Sy8
z_wo8sTqU3beg9A=xy*c^Rd&{Jb*{DAVw9Qn&e5VbAX(PHL<O8*b8PEz-9u=e<ePr4
z-;?c2ZREzwG~7;_0h)JLPJ6ss(&ZJXsd#j~)+k{2t44Y0X`f;vm^Fx4;qHfO8?9-j
zubq1`2KHi<`JNm{YklppZ;54pb25sNq!NX@hdeB5Y7ey(LP^X5SpwT^U-ZUv#1V3d
z*f+Undk#wYdM|_w{WRHV;?CW8Na}%1Z6;*>PS{e1QU2D(9U}n;zv-G`cLy(SBuK+_
z*o5};<KFRetq`Z?Rb;<9cllnYotRCpEd1aLsYL}ogOqC75#6Ebe{+jRRLymqPJiIX
zwlz{DcU-6VOQrpu3^Ta>2~J08EDQPHh+eSa`Xh}=ViKRoPw;Jv`JKo&A>bD=XLT|k
z3@loZ5WG!viT#nqX>L9{w};4<L;1+AZ3Mt@K1vSQ_|C#J%_m(u;MVkKJ$J)mEQEHV
z=v3WUO{~);g%uqWh1{pVnaHu45yLJp*gsb++sh!n#7E@1J5$oSnqSu`m!@j8Dl~Fl
z4iL^}wge){25igvvR}mw<d|4iXD7=9uetB1O45(VJYdQU6X-1<mI<mOqf^{eS;amZ
zF3UM*h7Pb&1*G|mJ;`gsGeQaFWUMRvkO}2Pp@)Xad@baz3qEB&Mrlj^cU*Pt+e@8d
zrrZ+AvT{tAhevFT9K1lXnDYC(frL%NoVp)1$7JJ3E#NN^_k|!URx=OmbuV-Tcr5y*
zorMb(ul01i>{EKpOV927J)G00ULgwNy&Xh{#z72Lj_j6HzZcD2NA4i7Go|QhaA_By
zw8Y%yxmuNRvZQGbx4}w3Y+9Me@0H#%f;&j6_W8CoQ06AU*Q0x1o%NQDYrT&U*3i`{
zF}LGoSgnt~K=jaL#ZsClHpIPPe6w1iKBKfPVXGqRjNM#)warc~{tAJ}s9n!~%c|9$
zOfE372ZAfT+{&Xpr+B$TA9r)mg2^Hg>eVYBh1Rd_730auGF#s6Nx1hMW;ZV=df20G
z*1(gf&*a+O@S;(*BWA>tPM|7pIH24of<{_oXP45?vCCe4xcDNb%6r3XIyCdZ*CFbH
zU&hF)nF}yVY4rIl(O7?W?fef$1)6cFrsBX>d|pn-W8T=K%hdXLFZi?f*w{UK_2E`{
zQ7fZvIh2O7S<!aJ*`IMBdCRzRv#=%2v?=nabHl@b)%O-9H}YKGUjX-iU~LV5BL>5-
z8cW^)7}IkBNwW7tfvp1LUiEYt1<B)D$R8SMRu^DniI+uf-WtKbA)nEl;~g@ps@x}r
zy~5wyCKUNLKlBM~On;kNVYpb;N!bN1oEN9e;|wPmo9N}$sR6!3Pu%;{jjDb)sR1EH
zwb8HW#&xXT36142xS94k)^>h{&Ozw%a%i7K2Bs3qiy15kveT{|W0U7-{V2&mP9vgi
z2=k8}H5hv@Dg(fym!bE2jb~b9`(~fk7usmnnMR5BCxl33bR<qt2;PoHjrmGDR;&?^
ze~6-Px9iVAi8Chb0Pt?6R4?jTm%Bk4;7`r*N>SU1W6(G3v35&Zmx`CRM5V?lmOEZ@
zL|tlT)69Nrb%twj#Mn^!G<T&N$_UD4#NZ<Df83L-j$F59HA73x1`?i5>!0B}1bpB%
zY99((j-`#&3z^3A-H>H-^Uos?vtT-pfH+Tb_fPJ_9|6#MLkzNw&Zrjv^n~&Do8EoK
zNMbv1Wz^^t*FH0V$JX)vlXYf-#|`k7)dl4y8=G@FB;_cQ{E(Rm^J#4*GqcfDIb<84
zy4{(*1R%KEc!*N@y#;INY4Nhu!$^~;HzNq*ugO=0dh=Sdh7F;q!7mv^8^_x~exACy
z*QSQ{bwmc<s1zXxflo#q<e@e@6;@qu4(CScGsJknHSETiRc;-WVZa{bTum3Ye-Ivd
z>UkdPIc|Ju!_kunEUo{*X%oP6se1lwQ+WXQ-l;Crr};%mfa8fpJytx+pW*b)Zb2+U
zFLAHaTdr>VPd8s!pPc@7<fDhN1}K_~BqBAY!!2~6V5)JyP5?>ey$^Gs7;Ojf+wQso
z=eK+l6||<yoPj5vAaUr8bQvt1*$Vg}qa{VrJd$q`G~y-6dVG&x<O3;h>j(e-2@iW9
zsx%QS>t-ZyB6S0>VR`3D>cbYfMrhGOv+qpJCZ3+^E}H9_&}a0@k1uveEPl|Fne2D<
zYZ$eF35%!&xI`*|Df(osoi6*TlL?z9XXsvVSLO?I>BWA)mQh?ysp28ZHZ;mti>cQ7
zW>7XJzOT5jX0#q0=@|k&Tnk~W3iBIyf$Y>oxtMpU=Gqf+Bc&Q^XMxcXKjlR2TxGmJ
zewvz1f4Ua7%X*X;3a(*ATDxVo1E-%>hCFNLed3izz0+lq<SuJy?+~LP&@f+vP2<<k
zY*JG3V!tfajhmN_$lXRfsE|BHOJqP#A_FE)`PlSa)%0@Pr|bx9{ozV+<t$nVmFF<?
zO*Wab!oQ6+ZWrsSORtVFvjJ)D)TYpk*9F5Whax$eOJ_&<9s~Au?7Xjs&;A?;Xw7Fr
zS;&g6qJU=}DJ82!vZFdDU()1xOTJ*F$rujkUl9A|AF#0Z(rRVScvU!oE~&K@@V!Hz
zasxIC=;A%k3wedOeQdSm?C3-<55RW%zfWbjj*08KyMa0-Zp=*FLzwa?zt!q_>%mpo
z9ibgDS*D(t$FzS;J?!9_wzareR>@x+!ybHqM{6HUe~*U{F76dr(m0@x!If;a;gNlj
z`Hs^pyj5NX;i)lGx}#1(ZrFh9`twH*^l?4%j-U}tI?XH&DKM_c-GHQPJ^&1(G-V9y
z1A@3d&WdKz4UM>D&to<oLtpl9(Tl)=ZI$zJRQA@MgGiS;_!nIgDu}N7af+RHexbCO
zn0xE8u6d~kMySwp+>nQ;403X@;-sPKR5pTkA#Kg7s|s$^rWmJ*@Cf8x4VcIa%t0E)
z@F3GNB+JRYCrLn^Mxet*_xyTDxtZoeR9z6Uw`POI`w2G?hAu)h->cNDeJP`05t|!V
zhb)MJkjf~gxSvwXD<x6aW&K-bGZZUUwf^1hIKb+|LslJ|CwwT0aOlOVt}MGx%J@b(
z3GUF_Lj|rORcm`oN4xF@t8nJ%tUK@?7f=xaNHq-C@g;Rp&cEm)seR`TDaWL^w5hWm
zSO5#9dphs~6-;N}v${9KXFE8gh=|U@^1TYawXL$EXqB%^*pJ?{^y}W>d}qC{f{)b1
zYe7zAX(TLhkLS2o{n|3e5n_MnLPwzDp<?HcG<$pW$Q_*L!eh(&n#J>TLcOTcV}#n*
z{Sl$P(-%BK9BX!^b-iKv#>4M2lV2%tims#P0vOV6G}uOE<$crS_Q1lxq)3U6r&=#y
zlIfZiF+BGBar#Uf)tZRuBwwLnr5SImuVl;}%|mbDl;QbO^hn3(v{>zO&FyNNbT#@T
zVKvwK&bm%3C^0u|*F35hp(h|GP@<v>>4#>tzm&)bIPHxoxrQCj$`VORD;gs>9DnHP
zP5Bbzc@HU%=(8>XzyhGby?vu1_%)}6<aoLmkbaEi8UIB3xhM&4-j7Etb1(iP!kq)g
z3r|UayX3c?Gpk^x!yFVZ<jLl{n5=#r`SCp1a+4ZEo6w^gO16)P3I4(dq0cp{Rd%}!
zwFjvD+^A9al3%`cA3MYYO?7TyXr@j}Am_Y(re;DvQg4n^S%FEto*2FCRDD!;l-L<P
z3-|$YfRb^bNm~l;s`M9d1$20S1Cbo8sm!Cz_j8z(qA=4bWpjJy<tZ$Tfj(8Z-N_9q
zM!juzUgbX<6(6xJH~B<j7X0S>J99zyos<a-g3f@F+YTB0<urtLSu0nA2BO#w7u5r#
ztYyh`{^*6^G$HpDHUNtBi^tNjbw8)kVcz&k&C=3*L5A>^hqn3g^fyJf#lidd4$(!=
zAzH(2LE=3QOho`t4u}yM4fs;j@$D4#736!A+1lfUe#|`M$p%*@^}KO<UH!Ra8eu3$
z&CbQd&0)|OnG;}vNuR!kW+uJ9t!}tEAi6GVWR1>&i|3hCS7IxA@)k3bWx~gF*Z}R0
zYdDQ>^&LnV9qx(JuJ78hUfHMLx>@`<8_Jxcl~)7m1X&EgEkdb-$3E(nK9f2^e@S&@
z+czTk5J;UoI!n!A=Sf{{lqgJ(oFC0K@I_S`2p5T^cW@pveN&v@{~Ba?19NkXk!}!6
z=iz!t1{+4&9~>FDb$vB-Uw8H>DaZ1`4Vcwcvg=EiRxu8hfK>JnF@>HD7;r_rKyR%8
z{Pq_BPIZI2TnR*N)t-2E8Y5N7T+I^5Ofd${R|Not6~s}NeKk&oX-{;Z6c2FqMPU4L
zYG;A<Y2(she>!_#;7PmAD|}kN7*!I%pnRZ}>${?G=d5V*d($|fg@beAA#_rmi?4(f
z9py2*b1dK9b)_D*HL7^^A3V^bp6|@Sd7ZrCdD-dkc_sA0mHAWgysO2Q9SlW|*fDa2
z@TJ_1s8ou*mNkY^#&yZ~3dNusWyRLlKu?4?M6L+8T^a|>cKZtKo?~KEFYgI7?v;!g
zfcTDXqBDKA7QgwAsn!kLqkJ%Ku$4qow?ilW&PkF(7oreSyzFx9Kf8zFpv^!n<yJnF
zJU@X3$uKr@+zLBF3-->eB$y-DaYzkc*LO->nR^LeU4|;c&>xlBitP;&nH-)vRxUqD
zOkblH^3`3B_v8hEPxpRjWdx<tOgrL*wHj3}W3>S9ATx#Ez5nb-baA$MvdmudP0r7@
zk{llUprY`7$|9XljHZ3~Y{k|)a`BO2#+s28L>?$zd2*6a=_}L|rCd3%0F5acUU1)9
z*vN-Nh`%oL7i`o1=J~9saA}+4`k11L3p_9*w?XifYOq|J0X(B-Fvd6SD5q@m&RI~c
zB1csvYBc7LGdM06di5%>6(ktoI4xfS<U8$5WrIA<@jc2P%N0MCRP%JPn+rV$Un6Mw
zUboovzRjze@E@J22n1NjsyChEyhoXJdCjvq)EH^KZSn}!fgowkKn=fXMkOle7rk)U
zs1#4byJZIp6qq<ls65#`9f^V7tzK)4PaBpbM}@pKsPuU5$AG{6i2M0A2M5BP7y#RI
z;&~sUc|tP8yf52RsoZ5d0p$XUa}~-ztlo&zzdDy})Rq%3>>0VdnWQkxfEh4)&ujhI
zvPb0lP9ZF41B9%AQj^>|SGk{*+ZTo~a7sZj?gfYgW<rMAcHs<bnsMFJjHne+S%p&_
zn<70_-wqk3$#4z>OB=|JTKm11{El5;h)TAKEGND^_lVJ2+ckp=JJvAXi<sT$9~b=c
z%s*huH(ZP*y&8K3Uo!%jWL+BF9-d1>h&X+izXI$L2yH>qP&lf0b1wIj01*n@@aukH
zK>N<?x@-ORJQnS5yVF~C!nv<SdjqgvPGQFRkTBJ#3Y(_eR=zxB9<c-pff&}4`m^5r
zf0TW7TvYAat|CZDC}n_vN|$uENVmjLBhoQ+BOo9kg3?2SfOJYX(nCu(2uPQ-^m#^o
z_wVez{m$q4<MsDC&YHE>6Zdn+bzL_}+);gy87LYhXD?Z?JngybE^Ivu8-E~Jn^TmT
z<P@h%6j8{#W6w)Xxk~sa0B#f5fO3`Ey=cEH?w-hsJ9l@7<QM3Rnx6dm6=pnznp3o+
ze#aA8kR`lGCZu;r&8`IXxgic5LD;^3?MP9YzY1Hb*%g%l&tZLb&W|Px4(W?yR&QF!
zKw|}M2HGgT^}MWrPeac^a<hK6ei~KaZL(VqrlaX_f5OPVR;kJw?)F8ZN?uF?Pzd+@
zPCZq&61sy_iQs;H7Puso9NwEE>?k$eGqdBlyLDieWPr)?HFm;;MMv0vp!ip!RK<PU
zL2AMZPYC~3fx_19lb2?py5jK@QxwpTlwBsSSJSUvyN~BS_F|^*UA@NmbM2?s*+3g*
znAq#XvGQwfICl-@3Rc}Sag)gkRxeIUESht`;Z`xKRN^21unZ)VPEyKU@C<Vr9~Ej9
zdHO#ZwFLj#uLR9}Po|oeHC1U#usYh{h0vew%Natw52IlJ_T2kUMfj(JIMxNuI~+F8
zpXYuoxpN002dud}9Jn_PNaYF%5UN=@W1i-C38W6w_3<u)r2(Gn-1ljW>73saci|}-
z!~A<mas^_>2nBuPrS3$U%=3F(4k34L7_Jp)a9KY0so*2q3K0XVBzsu~tdWZOn)?sO
z_Rn1=_E#^++g47VM`_oDT<iqtSu<87oK%r^W$gc{ct*jBIuD4N8(zYlyO*1YaDFF=
z^m&z<fozB!vjUP`0oVk2NaD&czj(t7$Y-1?z%td`V)u}}@f##QU^mLCDPT76BzD~o
zgOh`_Ac{#_-Kui#X;o(~p=%Q+&5!t%?~PD5wTETXZtJjAqN66xiitekLj5GrQv0cu
z>F_||qch-_J;^0Bw?7KpuUBo*)AgEtUM3*uk9%_l!0tnBlCO6F(0X=m1PmzuL<#9p
zO#mS1^sIt!mf{UEdiFXjH*0qyp|Y~-x$CPlbpZ|U6ikg4KlKSLpvybP`X{=%MumGF
zFOs;HZa=I>JbU7FI<IG6X`{j6&8@Ak6hbcF3Z3q)3z_pN)4HkRYf@f!yriw4`+ee|
zQN!cuzR+v;dh?MyGkO_hSUkHK4Lw9Gga}f*;rYmuk*}U+>A0<?H>#O=8mnk`j3sG`
z+fLV+r)mL&O=)t))WB1#+Er>{+U=Ry4VR3v5F~mPkHC5J<W)BO_C`&w1!u45HS{;Q
z1|WC!h}+zuOkk+4rt(OxA~2(=#68bu(0qR+-rE0}m}5mQz<^E-oh*fRW;xZ}O9BMV
z@_}r7lNuR4k42(8Y=%X`$x|%=bs-C6C3>hiEp(O|&}#)?)hox-hfRBZT`T=*-Ko!8
z)pdESX9V_yQU~e$8fk*bSr*#K@AwGD(Qjqv3kYp=&=_5uxn8(u97@O6Wu9E<ev}G(
zh<$mk(Y&gKIdlEXX6JJ%r5XXap8f8!9V71m$sZHn1c)8)?!NL3_?~-T#{mD)>Z>-;
z{U_xTZ-jC43eE3mDITDxjrVZA?(?bu&-8sQ472}t`D4I+5YU$&0pqquUuXsQ@xzLh
zDY$#1^9@!xXiR}m*6G@Clp}r<y;)}!oL=W;;d$!C!}=An?#=LZn~i=hRlkwkm0bOg
zfW#Kp8PmU&3)i}N1W1$La|kb?#o~`7-MbU&rvXiTbvo$X?w+D>d`=Tzq`O_8x4Okt
zJuKex(z7O8NGGFvJe&nuFJ~krOJ#twX*E^U_!?HGRqTIkNi^QQV(FH&I&>)MWmV>L
z1hDAoA2s~OuM?@dCk$CN02;2UynBeoDi`=q`&xmU70$CkF*Frz*RzUQ&j?37M?()Q
z$FUti%@yBW>bd8pWTN1OTLGI~n+{=Gx^Ei8Bd9i-C~mT5So@OMg#H%#AIWkQ!6NVR
z49y+8`K}QIWzCU}<Mab6s`KOE7?)$;ZNn}_^fPg$&FN73*!t@PKfSU*B+2XMHs5H1
z9@5?u8D4hZdh?5gQj);S{Oh3Ll?DW#1c!<hhCdw~jF>ID6nne7G+k57(I#0toQnC8
zQR`m2A<`6snNmkB#)T@KAEhH6X%y(p;5$x>`)>`ty@td(KP%MJeSeU{`{ieq<b@=d
z^o=QOw{Uw9H7_N&N0|!#Mi}*P36BQ-vOYY37uK9zbmNcVcO=?8b0{SJiT<6J=a=a(
z7qiDw+k-DVNwmFoju71<OTa_v301l1sKvx#K#Crxir>|Jxzoz~Li1t8WrsYAcDWqT
zCp6&dr`*{1qRW?{3eaRmpr$%d>uL|Ah1Bf=^na=nh!7*Ga4&2WNJvl!sDq<-7TRJh
zkRV$*kJZJ>N@nH<%h<noXkmNXv>LxEo+2k`KXeotC?)@$dhx45BqirviEU`y3IoXr
zV*q?H1WE9lEDL}Q8)iGhvJ3Q<4RT*S70{<Hd_#x;6iQ(#AZ)O-vDg(I4Y=h-c8WX#
zKaI0F7`lw7K`;>S0m|L)i7ekHuKT^kEC9W%_pV9rFI)a^`Be&hFBD#((5kh`<i#11
zQNz{5JB}8P*~-<X83}{e*@B1|jC1tYqyblp3hHqXg(PfT@FGQCvVk2EPFAG>6{-U_
zAjkF)s4_)OTGhxiSA7dla0}c=(m>zHg5_oFs$E5kiZAsKqv+N?>(}C6p(zGnXz{-G
zz4Hg_aTPU{7->E@(J#Ud<1d3xeAr(!+otcz9Gq3L&nrp4*S{7E;Avqb(3kztOAvl_
z0nLMtNGXSLAPw~p$Xx7>E)N9)5Df1@+zK}sr%((42_cwcwtolypY|UTUZ=-0->-*}
zQUL4yn}g;raQMHE(kl@|@Frof2L&DPMKYY0kkq74FC-v9j3E2=F;Lf%+%Qmph*Gd;
zPSKqNf@@!c^YX^Qb6hY8h>qX)`u5FTdiK}75VT-Lv&)1p{E15VC=TQ&Ii_|1U&CC(
zVmOD2L8BnD+Ht*ezBTB4#zIqd8EF=gU{xfeh|6k<7O9Pe?BhO=B97jXcq*mV=ZlW_
z_BtiE<roDrTl=jq844IPEJ!~cFvk0ZGZKHSq=gtBZB45HUJji`K|-u2P-uH{$)HnN
zl;Aw$I`BdCT1ON^^fXmRZjxlk9%x6<vC~d&jgn5H>kx+Y-jREz{1SYI<jh~xH||Xk
z&A!}wx8enqSJ>M7*HWtUt5?d@3UnX<=R{AZ^x+lwt#v?JqD+3d8~75q>wuR}oUM}n
zmRB7J>MVjx7aZ7PNH1^~D{m7Eb+ncs(`o-V0oeOCV8;IB%00CLavZ<1ZQ5Xi^{RXR
zCTafrw1xVj*?CgfH{e1pB;hkYVEITNpg{NytMoqjKL9cY<^^RYeMxLKUqvpfk@Q1?
zydgB}+8zJei<5PvLW)<NKk?pT7Y$OF%VB#)7s)IKvMorO7+`nFfT(iw!CuZDNdAN~
z>sBKc0gVf2sbD|~+2!Ln!hmi{T<FId72i~3SDXUfn(CmQQhyP0*Kaqg7UA06FCT}l
zCOQB3K6h~eDEv_u=cio&>iZDcl%8_<>%qz=&R{J-rSlTzPZ1pkQKte@^P&dfMaFI%
z3{q<h)Kf@Ry-q~f!*fTuUyMg0B%c^@vw87rvR7x_k#iU*#E{h~WdM8Q%|kK<{3yBG
zN5RMUXA8tLE$g&=$j3YTI{s=ef)pp`a6b;<7-kbuZ`bZAKuS%+2pKh%K&FQ#Gtnt-
zmJU>{a?}`H4~8{*ocLO*)KfrN2uRIoE%ha{m?XJoV6v^9$j5WVe#p2l7j3a9hhsfq
z>>E~XHCYZbj)ya8$92Xd#f!(G6&?VXBGDXf1<I$tBw50?yg<vKxV1#!`f;X6I!_J(
zkqszLnECAzAdHa#1rPKdGh~eqC!|30lNil;hShMcMl{sxe3-FjDbC_s6E;gEvbHbF
zQumEzGzyi?gX<^N`Vq<wG2*4i$c^z8kBcZ;h{|2vX&%egl}8wi$mL~M`O2Slxi9{q
zcHL#Z@<{IMStO&}O#)T8I4U{fSIC6_;PbK_20Htn(j6F2nDEiPyBp52Vu^Oi9<oFW
ziZcJOYZzM{x#txD#S4_<KXr+%TV|n);g8;*zQ`<Pa7xforVUv+8KEJkA=+IE$F9wZ
zR=oI%vs|}r9jkkR8e4v9?RuQ)yA(s<bRSYsEQu29n)+0s#~%~`BdBEIF(2lLG;}DD
zVdotc?SRn{^|YrrAg(g$#-H4>ofgSpww|so1Mtl~YL4SfjU5Ig1b+`SQxJ8?`tH6}
z)t*<<{-rY(cqcWniGaXps?^T~qIp-cI34jAC(}Ja_rsXCaX<uxGk(3w;f(_fc`Doy
z(#eeHg3+sH$gxr?CypKh)eTvo1{2cla+$#ynw=u6jkyQ*Hfy6=-F+Ak;o-U}$G&i$
zHd?5!25VfO0umE<)~58Zz2%x)gptvPCX(fEPP^*2OcO^RtIrbShy0Wjn{@fy+V65|
zX5{jHvTn3Y+5ATMa_z5ye~s0mg0}f3iS^Isdjq>gl45T%O&s2rZQ~=bhQ@3`(#^!}
zD%z#5_gQ5U?KtEnj+zjJEtvyy6psm6>ZGze%9vg3XWw(9?Dnd~&#d@tQQ~#1O&uwu
zC&c$XWZbLVxqHF_4^enY%C+7eHA30N4q!YAgiFc5QpbIsLpFdb9s&3UG<h8EB%3Bo
z%E^^rT*@R_7J)AuKU_iogSd1+S;fVasrK$hDy~Quy2VWDz1)$g0z!@55Aw?)z%sML
znnNbY^S?tXZS<YF*{A=JZE?^-0SLwJ$IT%%=of(7^U-p=*f`8zWHWT-ZmGc0lzq>x
z=lMzO+yFpQo}`5c?OsbjW%K3hMlM-Nw0S`H)5vIW&?$Ba+t|;c-kz-3UTI}R>S48H
zi=>G8ebn5USE<nRwZt=^XB~dKurIn${L^KzixkOI`_ilI;z0Z-U+k(Pg#t=!!zp*k
zZ0zy3Q{RA(JJRi)rOB7OJ~352e5wZnxuI2O2`IatoxKp#dVbvp4VMqsFL=J8vF*8f
z%NFJ=?Np_&XSa9I=;803HsH#xr?z*xu(XV~@Q+N#d+znI_F`KYJ5iJX2$9`-ens4s
zMW9_F|G^eGAfDtvjEV&ml@FGIQWHQ}8I2X`UsOvGX!WT0h9mO{rf)t0?IB~t7C@JG
z0>!cOX%NWg8Zhfret}xiAa!a^i1>lOYDRCoRy{w%;_S#{E4cNw(RXu+ve3$?7vO8~
z?hCA-OHW^0XNh*y-2JVc(@l?Kl9OGIJiGvN>P3d{<(MY{;zs9Vq-Fvs(VKRWrT$z4
zEaZSu@S|p_Cy=cr5d0iI@9!v|R7Ck-ZfpLTVY-0@oa~Zv?i*Ft8IRnD8SfSHQ*_l{
z$-q@D@RrTD$@Z4VF{|J3<K(Q&ZtOmv30>j>pY?dmIBnLSPv5Z6>zP#dP2_W^f<bN~
zEJ0Tj(?#hDvo}f%%0PQ*lu-{@@S#HJtXz$EH$YcP*MOv;u6Twc0vzgII^eJg3SD%{
zkPNxc2Kr?1TcE&^=Nzak#_6}66J087e5VggbX&_d?mg_-4ABeFQ>-j^SXJrINuE#v
z3?bEwV9aoT{sLV6de3t=K+6r;-=3YdOf3Xw9cOc+Me@Tktuph#>#~@JPj9{81r8d8
z7)3<puS1<3IZStQNPiF03fhZ&AE$jm6WKp{iZ8?|woqa_Pj)VeA~E?dIEI-55*=$3
zJaw3>%$mcnqVJ9k8OhfcWnAarEaKe=5I+B$ex0j}+$(rokHNsaQnh0Edj@Qr2r;y`
z4P=W7H^$OsN$v=}tXzfPdzAphMLDczrkqB-hRvh+URL;1!}ymI?7JV&@U<Mpuo}pz
zbx3*39ldn&@)*WS0;y8YAWI5+P%c&}(BUnyYy?HzB7JdovNKQ~n7Nr>o6S__Ew_0J
z#1x4HKE@VmmE~Y2022W8r*umnAVIQ5;6MGNLBH|`wBFrsp5!49A`HXb8-H>Y|M1yW
z?*yRiaKK`A+2j4$$Y^V$vSd&8z^C1~QyP$GX=LGytVC44L~NUwp!b?3Qo4x)ByNBp
z6I00;jv-R1bfDBswWjKl59oMRU0$5_oPm}*Nb;gev7xlrIZ$V20QNr$$iSI%_5lxc
zoK!miYm~yYk_$G$VFpeYNYpr}OGm!H%_`O_uqQWO?PyWC6=U>U#Y&lyJr$n;X-(+=
z{-s2{e_$9|{or)bjpY+A&}p>9HU#)|sNIxpd+fSB1J6?eM5(y#XqK`#NLx?irvXN~
z_ItrYDFg>leRH!Rn_n4)dPPY^aXQ8a+;@}WAkAR{91BIj3Uk<+8czW4qwD#6i1Eh}
zc?C-L`npv!P^tlA>n)e`M>F@|tB`^=bnja1DXz@v!Ku$^RQBFNCrS94-}~1O*iW9&
zsUe0aD}n24Yp<36VH_xCv6IPDume+LJXy0<Eeqtl@COd0BdDc;E7VgQjAb}s(eHb`
z8D6~s0-I=Lc7R46+sYsS7w<YBkP~A71hwcPTnOO)|I}9F)c}sX5s=K5RM<E>1xmP`
zMf%O%w@_knZy+_SL`1%NU7jXGRDiSn`L6LVckh??{ByVc@el77!Z#rzOQQ{jtJC*1
zKG|fTv)$t`rMPze#^ccgU>^{`VS92d1~}1dU4YX|jkFEGD#soJ93faMQ7rX8nk*aK
z4$P}SOK1u4I3Up+3D)@Zvy!1GfCbV4!u~_qs_hAdGEwwP0)TDIx%bnRVABndsz6ST
z+x>gHLuUEi+4_A`RrW#Z_sKX+Lrup9xlm%&eUL(S6xkq5`bf<v`p4)0k9qTMAx0c~
zch`BzoECca4%F~$O{J=wx75bkDOBVbek6!wf$A;w#M1x;*zyKxj$Z~5z&Or4K=#Nu
z1Bge_-HjO%`KVy>j6xN!fJgwTS)5z~_|$gazlx5R!{Q;p5v~A|?mCJ;kUf~_WBDSh
zVQ!mTS#CfF^)0SR!Q@Rusn}2PKxvTjqUO}c{JF;dw?BYj63Fg&)?I#>I_toLxRF3}
zoZ_A_hVqKTp`ag1F{o8M8cmz)07|POpv>_A1aFz7?i-&dCrycv3ZyfP@j!Kz!)l7h
zu&$R>=;hcm?~UmiX9Qn<8?R9(q5TG@#RvkZ`!NCm#h3>9e62F1;9Kfk2ThVo6F3(S
zH^v`Iyd`8U2_j*E1K(ysZ7G2dwQ_5nEB|}8cp(X`lF0s#362|XophN$;wAVBfns44
zBd63cplqH_))1Jdr*wkK2FJ&>bSt1{FpGdyOdHb&Pk3MvGtvUbCz92m4FMW^(X5Xa
zMgym%<6(%v3+_20<OF`cNfEmG{4p}1{)46a&(B<tnT%{_+tq?=#a5Te5Ib=OLIi`O
zLPs*ya%Wz|#%u!=C?-;X++irlr9grH%Go-v!%8To*aeUsrIrFt)?9aWZB|H)^R`}p
z%3v7_&}ED?c+dM3D5j8ul57aCzyC995W8iCwEH7B)&peq<YP@w*&jjf|ABdbCBlJX
zdlM17BsPBC+Y}Yl*(f!1Z2iU^KqPMmbfG0m?oA@!5|aib=jN<<NrM0Cwds(^&8u&Q
zcc?z7u>x7;mLie^U^QexaN47^jEuVg%TYmrXYO^;WHCM%RVfFM$_TtbwK@OK0sP|_
z;}e3=k5FHz01X@;CIy9nBBheA#o7OL5x4^106jDc(A-5v3Zd2`4WQu~&|B-OEdM%>
zj5zm^j}~(O^zTMT09j&auj%BJAp9b-1j?Nc3Py<p-S$HPfK3LV2EwP`Bh>*#9)L8Q
z+_##(vft!^|Mw_~Aa$AMo@o+Spdd{YFtQy9y!M75I=OI!gG~?Qbp=+3bEBW-YYjtt
ze~H?;ATQDVvrqP4cMD`dmbAA$nxMxZ-lPI+2c9YsB$FiIdTZv|6{MZw1bHXbwAS*!
z8t(r)ONCrOhDE^2-MGGJ^LJM-0MoMcLmPqiYc4|%z`aXm64?K43M`RwJe#ND+drLs
z{5R5IAXr_sSN>Ew{I7w)FiZoFYT2?p^y^W-Jp)(s9`yEG|MzkE2a}Cp1YeJ(>azWH
zKD{vjf3<ySU&ZlPS4%}8b7r4D5&W_gfk>r?Pus#8f0B9o&wY6X<v$GaM+$H?8io4b
zEwDeAP`_dP)r8?g!2~U=d)jgS`nq8tcn?PXrAL2tb*L{gY5pNzLgV+K5rIMbWJj}t
z{#ORG<t@0GW);EywV$V@H|Znr-ssbe)qjje{%gV^NWCE07~bFK*bWu=YyB3DhVOrU
z^G`3ciqr)26o3C~Hbnko6#sjU{_QtJu#kJ|%8P&0ULPS*Ohd1!{_RWu(_@5=fr|-F
zFYJHogndMkk>bY2F#p46`14=qHNm$@XLXo=l~TRCk@OBoF)7KPzy50{{ma|3L&|?9
zxGn$8NQ0LgM^<9)?ePBdB7Zc&{~C;zkDo8EUAc03ncBC@bLEQ26(se4BN2T}M`GNc
z21krG<>*!%zFCU%Rprm*goIZ`bFc<-KTu$#I4ijoUdQKn5{DtRQs<{fU{3McK?+6s
zFxjMubS81z^8BRYNN04*Om&;L#-z8KecRy_)ElsY^|b-MLZ1*&L$*Ibw0gK(_Mt1z
zo^(xycrI|3<G;FsN^#{XhJz;xfCjkHKDoR&=l9a5z54T0kt-<weBpooU(>57)A)wv
zS0qw@{}#vXtEjO!>T`r7e{uECYrNm0;v1?zd5w<o`!*^l7;LH!NX7r={>WeWvI2g9
z>x4|?m=e4U_z_2Zkx&RahtL1~*uNk4pD%n#$D}}P3=GT8A%_EenlFAu)Og*7O8uW_
z`u+L;JRp25;Jp(owh+9(2Jgc(1_i>Bd;igmpFj9NU-++I7D1<aMN#6beq-F{_p}&-
zf#A2>4CVgor<m});?sTjK_Twf{k#<vz<baXiWKAh^-}~9hyeD2R3QGZ`TKH!9GVkH
zIn3XK`@g?Q);sVJ6E1W2{#gNvS462R{y!EKEj1X37<9>hZuLwQyaiF{ca*<=3GtiY
zC6tEc^?yG!6LLPgY#tH+^+;BO(od{zCNmx8@A>RO&L{iOBh<fs2pUT88WGP3$6x=R
z&qv7lRDp$({Pk1tp?Le>GOYix6K!=CxoS1_&CIGLCfn-si;@67O<4c<^i;{g3dVux
z{oku7(FY8@g0j5ft$)V;f4h}8*P}0sXtCn6v0n?^ogxRFTE?=e`mHK<Ypn*2mhIg0
z>L}*B!y_wy?F;-EX)u@0D1UDtXsN##p~V*ayN-q4v|6blcq^+jmo+O;QcX~<(}c}V
zlJzyB>-S=9L#}_@^`!8>-ua=5A7ruE`n+5W@eP(ps;Wz_5pOQspYk%wGg1%0hW`BB
zFVB(ILDNrF=YJcDe@!g?tra_;Zb56eb{6Fe*H#~m1^ulV!CG2-D(>f>#&dVxlmGfD
zk!E0M#viN6i~jxI2p0kEN0Mx|1FXJ!3DZONhiiws<fAvW4G&ag<MCV_Eju3HGOD*}
zF)x^{ErIVhqy4^B8gfOOaw@p~{jHvSki}%<u3J$%`r=Ly7wH;OMr=c4S@lF(d9ku%
zaQYa}YhL)_^bfkh_}3=KyW62UAROHS9oe1lSr&Oun&;-%*L;ya5&}p_Zjef<0KtJX
z;#PMIYco=-x&U-fDX^ZcCu0jS#6rP0l>=-0Udap{=U*?4bW8_2QDbw;lEMlr*UjFp
zs!jEz3XZGx5>4ImES{}(`yCof8{O05TzV~u4Z01~%i5=}QC)%PRRO3~#A!Q?8%^W#
zZ+w}MhQISld&gymjDPtzikijhJKeUvk_aDvBd8dA5#*<%XVZwb1)9fi*zgL0wjR?U
zSY2L9uvg$VAEF%v{yuKBBpcY(9MoXPzk_T?-u>&nGk{thNuk;*uzz@S>rkVO2T~TP
z)_paoCke1BP4FDILp<pCXFT%vbQ)Z*8@5k`(c0JK&LYZ6dC&SRB1?-Qgwojek(%=`
z(2fQY96>E_SJHQ(8(WOcRQd4c3Q*S8Nfz>mYnix%78^mM=ma1JcA$X6NFTze2wK}$
z&n2|P+%hT;U}$#-eQa!<ryVsABOtf4K@70MhlmGeV&Dih6$7S^;8DVV9C^R@^B+F_
z(1_{4D{5SIa<;o}yVY{a)$=6Q!>woYqPW$!Dz*FSa_zTsd8W4tvdLZZ#@f}$Mozlm
z){t-@6yZAwx-XV2z-R7&-bOVb13e8|RnG(Qff(w3XKK-<mOz5(`qQoT>o|A6-3N8l
z%vx;?T0);FMJ9+RXdqPGN&=nIvx+#EsfD^O5;=pY8g0(hV#Gb35dMVXiZ`<ac$erL
z1*~iT+N=LMK7ZNRe@^s&UQYxY-;`D~!$pmuGcu|t8M<eDbH3{Q){225By&Z_;yw^;
z=<Q+e6OfQb_VU>ReL$G`M#Isyh|lYeX6!Q)>|`=Y3@4~M_E2M)I`U^K>30ga^_oPH
z;|c>SUOWEr&R<)rFXI>-2^6YC&+=(i)!CpY-*Qv=Jm$Wu1;IsGs>hnpk>rs{(1J-k
z&m_?i&cBOz*nFXFUAG7aBvxVtn6X0?s!w8v7`0EgdX>Z*La<6jC|*%S+`Ec`UxX@j
zy1{+~>UK4ta5dBe>d=QOxtm^~mb=x6PVNBGel|f&<(j$a;w}H2sv;C2pFu<IDNtUz
zJ0S!Ly>3a->VlHmS!z4C{&8ZAQIK!})yp?iEMCX56>B-UBczgoS4|0q#NR#EefJq$
zwT3hh6&=*^m7px+R5q`C{~tTcN9pZPXqc1qsPk+=_uAA7%Pih7yyE3C=8@;h^^2pl
zRC7Vkpw?+jZDwVMf-+ptbByc=^f{>njpSJwwaN00?gL1~Rtte*xBMZ<y<-wHgA}}8
z#fX;0;)&~S2hB8S8{?COY`NqF8jRVC2jDucNzH)t)Kr#oS`!y@7;HfXE!Lnd*cPbX
zyZq?p9M!RkQd76pwyH83Z`%UsrlwctAd|EWI)84eYni2oj)EFKcgHp;Td(gcPk{ne
zQoMj`u{-FN(R}M0$PScgyDmmet82p+0l(`#;|757Zt1zq`Q?#T+qB&=dEMx?$x<<8
zXBBG%x78{>^G3gqv8ZS8j&lk)<Aq)FQ=mujSAa)dDt-Cm$Ie3HSx%bn{4nU!LUil}
z<SP^Io&%r(h7MJN+5&V{LIZod^o$j^Mosr^dW-UIVftvp<@t6^*{EJkpr4vw7emEv
zt|)3$3Bb%)oga+i8I`UUA>F*sw?snC%!;6IU-319{_+zWyKfl^R>}dkXM@LDvTu@q
zySAhwU9Zlq3Sh0-1Tyy%;yn(><9~!X?tt<-2Y&<T7*!)dqRYWwV6qG@vp0u!oS!WV
zJ2T`JiH)0r9?kcU24q<{chbr`Rb-ingv?Jtqq4NX<X*RVkRNo&(dG?gm3&Vct1Zj~
zsR!H}>e51?6H{Yt-A$x*sGy3VU`8$xGWcfz`Dr?Z=HEefTbgDp=~l6Ld?rp2{TV#i
ztrMvYiG#4Lp0vYP6a2aP<yzwxl=sTnw=TDw8|*c79n}yg0MxSio@f3I7sGW}3YWON
z*slX04RdG^s)lp@;7-Sfw^N|$<cjC{I#h!o58}xu6EAY?0$!o%M@(Dnem^g3zh+e1
z@DNu5Xhj>ZriY?I{lQkQY<MqWVs$O~nQ&5@OwC)>%RNA4Cwf}~8pJIhGC4;Tk7(nb
zZ%@D6>q%kJ2lx*KF{^h$ER|n<<|?Y1ars}LyDiX={&NoUqSm_Pf0b}V6Mm)py{W*5
zq>HE?bVKv;!Vd@``An1{7poG(=V<=J<))4(`D`e&i$3HqR>;GR(zCXx@VT(wm64pS
zVMTJr8)w@YoL;zR8VyYf+?5+8qdoQ{{vocEUF*KqAuN^6<SZwom&tg=>-kj+P<5>O
z>ZaxQ{972(o5fwsb7S1^Q7&uuFMqTPUl-P^jdA8pIGs7FCpk-S7?1}4+SFt#$1)8N
zzy1)NiO~b_5_vYDOX9Ns9y|=Ix^OpvoRP()@wru{L5N_vbk)UfbOUOGo{KV4n+uEH
zJx(}Eay0dHS@?3iB?QMF0ESTutNRvQqo^EDaGoUfCr{7VG~+-*K}tIHE0nh6N1pH|
z6kzybXSG}=cTH}_kVSEZ1P<&!81W$qyFJV9d~k2nQCR8L+84ar-<J68%x_(#K^l4&
z6aX;M`f=qN$|A-O%$pK@w`W&LCL$J_bie^5p+8`f^PZ^Bk3>&XiGP@Hc2$>9y>EGm
zrz`|^qIagjiae@HXoGRckA@3&QU~AKIuhgM1Zi@?kQ-jTubQNeIDM6dvCJ**5%T!>
zkcR&~f-C6a+NPIHmB+#PSBftxs4@o<W9~{YF5x1LA4d(B(<&WKSuW4&HD~P3ZF+i2
zPb^d=wP~rESbxp_2RD?1eGN4NcT#uN)6dv!xtIf%!elA(Uvc~iYdOE<=@L##u5wwE
z7K~r1c0qOB{467JNYKSF;<whOD8O=8JD<>6vc4WPLLrHA1)USgcxzyB+^hVDKq>cu
z(5kg+J4irFbi5q4Cx-_!R(*-HrIEJ9_;oaz+M^UOV6Z7xI!DMoGed(PY>+!HziRrJ
zZ6GdD`#p@LfXb&ER_InIPrsU#_8#lqLk6Ai#L>mq2f=SA#)r^SFpl0Ng<_>q*n=)<
zXo0i`f$ttW=C#`++pNRY2@TzXLK+KOqHdYcPrE4CuIQ|7fdiA#Giv>VFD|{5&5B98
z(K1zMDKpkBB9o1c%S~%9Z62WGjm^qZT@GrLCXL|u4-0j^SNIz5lfbBsz5I7=h0tt^
zLo}7SR?!C%bsuTv84&xjodNdrql#W9gFc;e(J^>FH;;$gwR>-@jx_PZp{tn+u7S1;
zx|kx5o_<$XC~=^w-tRIbM0@8W=l9N$TD@}*Sm2n}?4lVTQ)NwD<O+HM4(*4S<>?rv
zb_$mEEz42mQP;oa-ZX6c!2xNlh7%jQS;UXqE5GnD*WvW(j=Ah&uE~p|<*!W!{P@Qf
z?peK@+3978)IQ_oN!KZCkoM-T9|*agX0N{2?H!XOnB<Hq2S>PbN-j=tn-EXb`C4wF
zRX>(H*i6`K_nuA4z><dgiDd$9ey0Vp-iy?os|~kUoi<L$gpMb{Q0{C4-|6{?vwF7R
z8;X*+nk@Wannb4wv+>(m6)q6n&(<Dl42WkQ+47g5Of^L4CAq($5r)_jKj@h^z7=ZA
zbYP}&0$X#VM?@+W^B(C}@tO8icBOZ5{*EKG307{&!jlCZ_>VRu#b3Io9B-j_ZOk3c
zex1PY4<h$kRTp;FRQ@<wz!6e&&dnZe$XNZw2i>#$t@d+ow1n*}Cs2RQ0!PT6*oM}c
z+ox7yY+2jWaUlg+(~K=JPpX<p+FkDMxk{^xHl)$=-+knkC0rytOK%*3QCU_1ZP%PZ
z=R-o>K~bGzom1hnIXv<E^D1j>zL&n_XB3PQAJ*BNg(fXa%tl=qa`mg|TQ^(%wvg3N
zZPOILCeA1e&}Y-R{u9Z2Kz>@VbX8`l?S`8iv0O)bZoP1<1C}_2F7eiMrDOmUF4`A;
z)8cg;{pPc5yWYn;yY~yta?e^970!b`Ogc@%O1ktgR$C-{8<egS1FyQfz`{&{iSw@f
z2>^l|H+G+b;U!&TcH4*Z>*~CncK#Sp9XMK=-vZWMcPXKpgB}Kv%bE*ts%-Q~wG3tS
z63X&&;C^51wzWD1m^-#wGbChd$pH{9CC_$s2#CLpyRw=~nIrx588HhvI1{iC-oaO7
z;U=_WbfO}%QXm6&B3}SEZ+;R2YTb2{z|uCQB-?x~Wz4mvs6m!v>wrJK<%7+P0eiGQ
ztN0Wn!1L?GaqqSZU8&y?bxu27Pn3q<_-ZV}G7a79a>ew@QUL|a_^kYo<?snctv2n=
zWEZBkv~sa@qc3T*??JayndX5l^O6=W35(@XywukxI|OpbcteYycRm1_R@28=nH~+A
z3)<Z)^g8dtxywPDFj!LpO;1^=#@+9=n6-#^`HG5aPVqq~Q913YAO6hz+tdCK&u{yd
zhs3So@t?J2?9B1BGVA?8QFa7?BD#{chE9QpV*^^zJ7Kfb+62KDfLekx(yb9s&<kDN
zuTdm}r9@)1|8h~iJ5kp*3v)<Iu+RBnb%s^D!+J23cPVC!J$%+hEih2W(<ik7XF2XR
z)7??k$)^jNPNcp52ABLOPG^cHoQFBK_2!9f*A~Xon@nTPnN+tVY<lnY+9D4@v3S9@
zOwX~>1~$EQIc@7#^pVO71(mU=wJ9`5UYAE+cW@6TlK?ix$`^+VWBc)4Ne!=4WS30P
zlB(hH(tSbhBcb4(Z!m54t=fGa^xqbj8%4KKY$;2+8C$EocBD@tWK-D?qS`)EHX6PN
z@VvdoxdI16s$8=APPGk?CPyZZ#A+V?24d`3uJ@*_{n%`qtCq7`>HDb-8!xB&^BQ7=
zdzL~J)bB1FgCKx2skdCuFif`r;6_XK`o%srEipB~Oxz$rQExwE^Ox`#ak4w6Ga8=s
z?lUIj$*V7%VOvXEg9{zsD8e~aH3FR(8>}Chh(@U=^gm*NdtP}|W9;m({U-iw?4*>K
zO+y=2M%~rIaA7)a5l96uQvR7Rq<Huh8V4yBNNZHMe^q$=fqPPp?ybqI6FKLQP6&2v
zTzVp38H=S({X_1(fpB8BVW&5%h$hi06A$>+27=@ita$E+lg@6&JDnlPL;AiYzjKgT
zL9db#v4YTzQv=<wn;0l+_)7dt<x%r8kIagIVPV&feRxs_KnJSUq|5lBR0jygJ~3kj
zd<A6Cg$!4f(7fGFb93HQo2JK<7l%UR>$RHuKv&K1GPNP&etIic0~b~pL}uH3WWZot
z%Pn{K@CCop<dPPm)S#?0m-~Zisn`c~u@*;p6kE<-7hyBBc7aS!Ye;QbLDf;pJBDfN
zp31>e9{*qQWGRg|vp(e@_ak#B@!7f&-IEqQ2#>`b_9TJJxv;Gw%7^p%WA__c=eJ%n
zMbq+)4xkI4j`#Vfi9uY#haa(Ib%lqvinF9*w-+bSVaJV>Mfu4=UWTV<4IM{6uIQxC
zeLaW=T16MdWc!*j$-wyx>*)LF+rg2s#o?|5=QT=EW!8E#RBwG_NlW=l_hSfwe7@U=
z1?3?2(?lqWf^;=#y*JAQ@cQ}<6D*KMl?kAciZ}Aqs6!S`xyyL>nFXbNdX&1|3x?&(
z$3BZ_kW?iP_lTV;NQ7{Y-9T_3=#Dzt>wE>(t6wZ*i-9%5uY0H?uJbB7DgKtAZC`F7
z#|^L%MGS6!7Be;&cFs?aA~J_y4(ve`)N44e327-0*gq|?+Dj-4&30-=Zt<4*JTx=o
zx`cx?uBWmP#83&l*4@1(@9#R6;b92`pL)_{!5*&_NeN^To}-Kp)awlCOg;34zU9{}
zS3i{*5i*hxbS$o=3tF%PVCjN&z#GEIgnR)V*lHuxRE8x=lbEsLpk;1VgqkcQJDkc^
zaNX#RHhX%SYC;^9An4Hh9HL`sv`C>P8FH~Z|9*5{9X<t=DKEa1hcE5}P%W$GO%1o=
z*XD`yKuzp|AkX66eL+4=!f0U#SqSmSqHy69*Zs|QHbixmkohGo%wy=V+y2G<ZT=l?
zKn-i&0b%l55<ueGSm)|4)6g%X;VqlfS?fK5n*s2SxJUN8?2}L<Oxu3Jodxnso)Vv=
zwgrAwaek%63jpY0W4P)Tjp(X5TbUMDfDeyq8sKmnci%n&{T%|_CE-$>xt?JX#2w)S
z)`EJY9#mZ>U_Yvjm#2-b)w|F6ktC>JSK@chFB_pRo(ZM;j0-ja=hgfPn=$<Ww9Ave
zQU=BrDIio|_1spgy;!{jK=4~+CA8NS;cEM*6_@Ya?(eUUvYZvJc&J{66hF(m#5r$h
ziK2b`;QUbJ(&*%zLFim~H8$(=DrERQgXK5B1)cVX&zTH!>e9I6lS(|;s|%LvPqYRO
zUl$DT1uMCCC`#ejt_eMJrxaS>W3<g7ON|oU7fK76kOyf73=i1Oo#-RE{Rr(ub&as$
zJzb}9sysyaQH>Jsx7`W47dxOcg5UColei&b<x_>ela>7%eDZwtRIaQ9Pv2-AJL$2}
zZ9@=N;GVjgy~gf{o{uEDE4bYL?jFfR*NajB2EX3L6L|E+>J7~2cqyLchbmO%tZqHF
z@bGogv1{<)kAHTq10hP!YT;X>@3L3;%c6&`_p@tnFWn93-{UJ#plP@pqCBhOuxjrP
za#I*Er-P0xoR3johM0>CSZ64tS0ef~Bj#rv2Ia-crGwe61}lf_!z=>p{bKy5a|$Ik
zZ<gVts(ML~)&wu-Oy_tIO`4botm=w04y!9`KXPPJE-*h$dNEN}+ddR83~?E%30MDI
za-MMsg6I;p?UuR$cU5yrRgd727a5%nfJi~|4u`(4nnpE~>%)o7vj(kcrGr%W`k@-b
z8-+*8Q4$MrZp(vp`CJuSX6IJl9E1uUXDz54eJbe4W|3>)=Pf%eOEqwC-8^z(D(oq6
zs#1?tiUlAd6K<dl_;g#>{NBNJ`e)gmKBb=zrUKlYzg(uCh!0;j0JTy7YPE(%5O#-C
zDa%gvRFS{%>Df$vw^QWz%k~Y)ix9s(6VYyTMiA9j?fT>`ci4UKV#OpER=Q{0^`o)a
zM<|XmCB$o$_QzA_!<~2iVrQn*e&?l`^BgRj=(ANBc}Cs0jmt`)j6b8(+VA}zU8>Z|
zM{*VvJ$EB~@-RP=L&x=<BFRzB!UKRMUxi+e`<PE~(aIWM<p^jmMxGq;!b>#+BhHp4
zbE$q(m&LJ(vd%4{w#dAYL^NZU7C7&Wh{ayU^=ky}z3cHIp^IcRNs_o0CF@#2%m|D7
zbmsYro_`Y>EOr}Gzn>bl@v=H?_N%qm>EzeZhDzh;G(S1N=%@mL%-G=0=(Cl}E69_a
zg6frDH}FB=ugXxeAtP?oWFSzP8&6#hBC*ummN<=KH0-p0DMZigLD--J%-lX%BSep=
zVWM-GkL4+%$y~S(60~5x4ar<aX5JE7Z+2znPf+V&Jg*DzSYHMoF`9?89Hv5-ifMa6
zS7MT9++2BwQRHPitrX>|dE|aOiA55wQVZ%oRyfu#xEqe;BOG2Nn4QWKi>vhl32={P
zSTL96W?5}{()LHDNDJT2w^iFQ3~yD@`>U(wg@Lp-Hh`u&T6v!B=E*a@8`YYj4)k(=
zV3c$6{Y5+Vai}Ak@Rfl_cgq%E+#9!hd+Le#iTdaOqzfZjw`rh6XWw!+c>D)PSYU($
z1orMiTc=l3ee!0Pc_B?97X$g4>tqCAjD{pX+{KPPnJsP*JUIQRa4vM{^&=zR3QKRp
zD{Tf^r<q4vaJ%rry%xdrj*E0%SmTnVzi|4bF~uiu<0~KDRYBhuWNxCy<H3_^s)S3R
zJ-O9<!-&aiatEd{F12pisR^O%m>3egXb+*2#<{PY9@Ho4WF^J)7pCWQ=ejKprSFcv
zsQ1YUr<AYg)G}LauSL8oc*g(uq{2gOM@Q~q+sz6sh@^+*Nb>aP_ORku;7mzAQ$y0a
zx$5|(-|c`Ox$k^@f30r^Vx)yoxx=~iEayDsFw_H2k;$-aIkVh6bER%7X|R4m!_9Mj
zT9ct5ebjM-29LWDc0PU)wsgqEA-yt5p!Y!|k{dFY+n$ZL_$@+_`E3_mViV8y-MJ_0
zyCrxoyq+c<vhFTdcf8ls70&p8gym(>Z5gZ0P9Lmgv{?DG9AV}*x?Va1wC@CgcBi;R
z3b{WP529sML+hQ}9EKEgJ}tV`g8r-|iwsGl>YIl{*@_$|{no8~lb*x;nT}@hy61|l
z_hB`5?p)^AU$`FVsdfz8k-L4e5Z%URy>Q6Ad~zIE0I!7Ul+EBV4GZ7f>mmN_KCxUK
zHTCJ9Gti^maNL`UrC`_15b){NE~wpRZS4w>Y+$Mq-0NnS<<hZSc(|2Gmifsx3RiPd
zpe<Sq6Hk={eMS}&b)hSxqBiV0PP@~p?c_0xf6ZV<7B(Cj!i>et!K2#Q+PLZ<(x4}5
zOsMh=lXh?S14)!GE?-vG%riaC-BvoRtGn~LAdZ^FVoMu)@}i?wG&n|bks&Vah`nci
zm7<#1-LH?p5wQTWgJQ1uhQ?!K-d9jTzX3J^3R2>mp;;_K%Lj}RviuKa1DSJf8crx!
zFl+_)A!3{+6zDq*W3LIz3UoE_-L$a%M3y4(4U=t{(h$9L*eOV1^jT8OrHZ!v$fw>D
zS^kaTtq9rU<v>;gft(V%W2s3Fvnln^)%^F|bRodEZgA~VG&;}NoQ#3OHedO6YRjW1
zH_@?xkS@%}u-9p*tvpV?Yikyn*W%e6QkhA8)gju+QSJ<zu!XwH`2{bwkg!gH{DWp>
z&Svd<PZ?O9-$d#u&%rWN5lL(Qwe;u{*^tfc6lqjsWv261)>ClnGvaexsvNn*8P)}B
z)yptjpQLl^;O)wOXti3UgN;I;>FH(R<JC{SuCi2SaGtFXsFuQtRH7Lb#u3vRIm-^?
zyIRRNwaPyYuumLHW2Qhs5(RJ7BX>bSG-K<iboyB?1^Z$8VtTgy-Im~jbkx`xHkB=F
zMixA?$$@greg2-){5BVko40?*Gb@a!af48*l#j5>78Ct!7_ug0k~=Ydx>2Gy?i5rZ
zqValasqrv`qry6c_NM)Zdi;3fZ0T5PsR&(p)ZBf&n}brPSaGTaTBk{Ct|8gnUc>uF
zWv?kzBfKq7)sJ-6@?3aF#H-cLJCsx%?nW@u^vX6@1b}}|8F=YnB$@#=%9M5;Hi@n;
zZ08#)ho622S!~l=UY!~Xr=Mnv!O9jW!(!9U@fxwyC;z>&@sP!Gb%r)Vgur@?`werx
zpsf2V=}lRm%=sgSDVPreal)QG!bgj}TgtRJFKeKU#m4!nKwul>xKrlR+cdI6$XY^t
zTFMCxpZdGe6|{A*8Ry|)vKaD;INnKwstf6ic1f?j@QA+kxouZlGz0j(ZB}%d0xgX$
z4Z+WrdbAKvLSyyy(NXZT!az#st~Y0>bKvB>z49avHWzFeA)}O(`v?KzZtbA?iijs#
zVxifGft!&-_I1P>Aoa!de%Io7%;XazUYmt^fayqa<?1+DzTSHEghY8AVe?r205UHW
z6IF1Qnb^3?FqaLzPAB&raqmXxqIHAeGkw68k!OtSxGUyhHpOZk_rqw<0n{zfgHEwB
zd))$A^IkQ-#q~PKg&HOL-ntg3I&sx{q5K-|EswEXQz-F_A*INXK|;~3X6^Nj&UhlS
zj*u<%VL$5Ak7NVoJ-QaIQR;NjY-&QdpbPW!VUfh`?C*!Omlw{;&*&p2&hB0bM`Lvi
z?F!EzVrS^3Eme8WQ2&L~cCU+@=xOk6WtEmxzW(iAmWM-z&*^8--)bME@hnI-vEtMt
zLRu1cYRfxWaKWG@ig5bKwVI<Hxe}mn*vmB)tqfc~J=ZI&Ud!=$0(Db2f02I9lnj_y
ztfnsT<Mhtr^-gh8smLq6xGfnkb{KCt@sWCuReW@-=-X4dQ`TpE5b;E#k6o-!(7i!o
zCw)S`n#L$r*MqY^9rk2V!gt3lQ(0T8&sqLOAiQMIBz0iGBd0vV^WojG$dZPjQfT{<
z;_2EYAWOJ6*((tD3@4R%8pdiV5F0P{Y2m%qcl2EOlG2!5Z|O2gd<*?FK0>&Ros&|A
zIDEjQaDs1f0u`(9f@Y`xbtX?ge@60KvEm!WziXB&BB*hb(5S=Ztmz!0CqsukfbA8O
z)aCXRPGGoJeImF&rJ+4h9<Z>d*0&6DZM3!axxy6S2!MI5Z*Wdhn_A8K$Tx3kcg>m;
zj4TW}6(5g`rR?SkVaO8)8kqEloMfh2C{&rRy30&H8?Hw>p!p(MhclqCs?+k+BZaR}
zafTi}Om->*#Ou9;8g;&AFO(;6%QlT$Q-t^@oiwJOTupv$dl<J%JPnvrLAy-08F`jK
z$aQt%2z}VX9fNJ*{NvFmpfo((FKjJtwR0$goy-#5$x>t~+$ft0PzC^QoN4Hq#;Df|
zQj-v~X~1N>YQbdNUNkZC0Abm2F<#)rqV%goXzGrls}Smn_&Vq3Nh7E+wzbBMwYobG
z@Gd8-zT+kXL!YWzsA}b+=|^|Ivt)cbvCfV#S8BQL--5B2u(>}>;o)$1MV-_ff0?)E
z<y*5z0z>oIR{|s^2f0_Hmt`P`DUd-Et6qE^<+>vw`l8Ba2dz^}Q$=S)%y@&b!Yr$V
zx47s91_Npb`=a&2m--f5)}&7c@iVHnclH4IL#5W>IG;k5#ao#+ock5=UZ%hGOS55Y
zcZZ+pV-ObGBjG@}bp>RHc_qD_NkRR528^Ft?(D>7EAR;Bs+c4<oA;T%(s{wxYB4GN
zR&q3r>S1dHZuzJIrD|e5Ye=?48%LpQyE-D(DPotU>#DhPD_79FOCZsM+iyz259V9!
z%KDJLQDLq)JD<DW>D_ONx)XQuVw*-FTW`e=4ES9+uUHQ%SEb4>ycZLgELR(=Rj9um
zu!VNdi~e!&#m2}<#Wh^BOsJlFZ}}`?h^`)YUEjcWb)MX!gUC_%Lu+B9I42bgpZA+r
zqN6<4hYq8XhsFb+bk>wTi+`)gT(>`v`t@)|eQf`JH3+hT)|6m7D|uJsUaFd)Uwh=#
z2vRX+1X=2#W`3F{<YA6WEBg(Fv(9H@(wM7WY3H+QE_In!pqviT<bQ0DZ$)o)-VVt;
z+KI_1cip_Uo_zjZ^fPXj`a?u%ABsHVo8F|t!#n!Ptxk4Ng4w6FEHtaPIi+IwrknfI
z`=0n!G(@fRT`+fIvPBu2^U_;?;BU*_G>X=RpEK{CM0{(%u-dR5C^uQ8u{Kkc&nTMP
zd_7xwmi^%oY+-nCN&Uk1cPg>`(U*h^dWdaBpFF=U9b9yia-GJ*bHc*>-WXTm3E76@
zruNm;2|C+6$<YC6Ij%ey0XWtu;Y`yLT%m0Z=8oCVWr#&pqZP`_BFxsAH1a(Z50IOy
z0r7QM1IkoQZb(*79F4`cc^<Zv2_J}hzo{`;XHK)VQcd(@9C)Vu<_i`N3LL95VJBwL
z=sNYFD~e`ghZa>-T~YpUM(anJmw17SOtY1RCu&}LNx4fxL$~{ZMnOEPhF8V>`_+#g
z!NV<N&F0!&=b`nvk?SE=;kF9Dp$=LxNJP<nQ2KlOI@11>stvv2Okx<(=E<2~v@C!8
zLJm_<dlJ$m>DnX|UvEs%+V)15UfFkHr<N=$M1ND(B#DB(*RFzvn>DZe0E>;KdL@++
zYHLPw&w5I+iwrIB0E4aU^%FyVez<`aa2euS37TO*Ilte%1NQQG2>a9KXN@b9S>5X*
zg}|c|CNf-;kZ>IepO5p4T^^dde{Q;@^Iu!$o_b&756eMzTCy1U4+bHFvZ&$4q4Xw^
zb>Zm>0(wG4Sq!$#R~|E89ph&Ad5H4UUEjCgV%21QWt`h?F_FWrckSTN04=fn+@#se
z-#JN^-&b|+bs{45$B=R~pLRv@1-|ZGXF}SH2MT2mhlS)PWm)g@S5gR>k1hq0r+R5y
z@qc|DEy=g?!8i3NHGd+3tCmspDGBI<l+?~n#M!p!Xu)JH$6_7N_6}~G53T7|;k#{c
zPUkgW;7(o6WH7#P!|}KxakM%KOL^1XzaVoy$l;ZY?8B~cu8JnQ`|eN+=mFtg%RuJU
zdr<tWSdlUxIeux?27Vm2rzU=3cSTBiFSsW}xz|k)p_Jp+5Zm^SG$%3tna#n=D>z?U
zF0a7$t~*%rZ8+aR0p3miB~Ml9jLB>2^)dISeYiLR%T*3vb!DS9>{i)Xw|Vn;HntzY
zjwa5c;w+!%>!uTU$2~+0QP|5t8+dCXKQg&*EJQ#p%7)<3YuT=I24@pmT~b`0hra=2
zWPT#{r@4mjCINB;wMFykfuE-EB5Ew#^Kib&<?zv&5qGa(Xf9Nfq|d_QR8p(hx-o;M
zQCp6kr~%@YerUAA??1{FlG!vNbc6rtSc2W~z|pg9cRBmrOuI>2i5)W>(Ts^t>3Ip0
zT&Y_%`{z9hh^U?0Ri(Ox>DhY;Fkz&pxBUo!ntHpmqJ=YeNGG>pUcRmjkYP9SoI+8L
z3^(pCry(Af{GiMe^h2GXq6f<4(+%H9X6ocX|GlUAFaUsTiJIg@)YH0y?Oe(b(owz0
zsThI<=Nv5J8`)jFWl^4?>dVK)tYX3Lx|-8?+awx+CE-wfi)f+$L!Is}%Vtq8fni%)
z%v~9*ToN_Rduc&9J6cSJodZux*Roz(h>YR3G0bXt3U0o7&!Tf^#IQtVmBvE}96#Iz
zgxI^6tRr~|Jonn_DL(q(PSP>k<`{2CWPXpMB$jwIQV6#UDybjRw}z$y?9if1kRoFP
zks&>~o9Md(VNmb%6D>ukF4hB~ijrdMifJd-b^RcU5)5?kaw3TUu{eTR5QIJ$j@TK`
z&F8b<?+zh9eK~MYi%Btz!8W{;z`Zh~16)w456hN<WDel7vS8zhSaX^}P5<=6O-rlw
zWspVgt?L@-ea@t2s7tR78cFkSEEZWaCI2iY9&l{YA|e9-aI0)3Nl9<`m<bz3Hw&`p
z#evXa-wBsu{5U@3R>7Z?sxCORrpr7u3U0=tvRwWS+Ko&;a;ff)h4Z~DfbX_FcAbng
zBjkiMIMEG0YsotNaC@@1PgA|-oop?=9z*>bvNbM2$aJZ`K|J4y^1U&=kcj3X>hfiV
zO<AQN5Qv-8D1md9wF^c5jA`N$k176kUnVglGLaAfKo|k6wdH(p*=Y6(&)vh#@NU;t
zn*sy;qP`f1RLMATL3T^s^*dA=+w5ZJyiSh=+wx7`5Zz(GnXHcxmT$`cw!yBv$hf$%
zoti+w-lH1KQl@#Y&tj5PG~>J{yD&d80)xG{qzO;^qBNPg&FDBcKjfdpfFVlHW?^yP
zV(rnQ<{^)I`mzNGe%$2e@)64CPqRx1m_5%H$VqhH_u0c>ms0kp#BXo0q8H=e9ehSE
zm*30Wk<TSTm)TLmN(M_)>tBjQ<^m=&ijQf_$Y%}WB7{F>J<U^p8{3;n%yy8JY19ro
z)it6WHZeXOmWdip((qD>GpR`p>&YckgyD&1@NiTQo@duPY6naxUPce_$)6TKl$<^~
zY+!k((SCQmydVx43t_NDDaao5O$hv}%o2b+7l50mYP)!aB~M^(1`m7GZD;X|b6bE%
zAZJ;N>l*j{qXTs=hCtr+tI7VKy6zxyo^bX$CCI$Op9YdR(4o+Q=k}JSvV^zq4Z8Yt
zgNj`dZQhy8>pQx2pun!!bDGOam3xm>m`_0>NI6t9ghJKK{0`%!>0rHaSw|FsVUB*b
zg2_E~7Jv2Ubn8NP#Y$%9*#e&o_;v>mN-eRp-#hb)W;D&%buq~gl*xL~$z$>kl8~du
zrUrm%h?50KKYL84p6^cO^&VXCNyU7FOrLJrr6GHb5=+j>@<@vU3RRSWm{Gv*%Xr3S
z)CVH6q;u9wEg$WM_-C(gKa2oAqi)Y305`l94QhgT>n=5Je@tvt=eTn|?f^sgti4YY
zj(`ID45=Iv@p;F;m0QxQg{j78PB2-nzn^Pw%O=;YSepUsE`+a^FU#&Ik*Ys8Z<SEj
z(f2E4opv~OVL;@S)w1?F#E)p`Ow62=Y@?_vQDLKh>al{Devx{C?cTflX+B5*o22-S
zS+ja|Kq`gmfpN3igkt{gI2&@7BB_;vDE6{5lR7=4PrQb&Xq{ZfzAf1FS^&7F#P~2!
z1r`j_XgHvKDLb3baE|wlDLy)$f@U&GWWz+oW9?YCw?piG{*ivOKiYPW>r(_<NgWI9
z?5@CQ%X41A^^LMxY23!N<Kn&+6`v=r6|2!8yx@*rE{&7zj`s{2fy_zjd4->~6-~62
zhxT@P)xs6@Mh;f4<C4Z4m-IokFH{JqHd=^LW5Z~*e?kXVvXF6$(W&Kz3q(tgK}M!k
zerG&EsKS7>ypIZ|f#?JE(OAKXbt1!&feQS+sERt!MX9(pOQ1}vQX^UWn{q+^0jPu+
zUwjijq~yx%d$O2azMVaD6tlEcc=wZ*UR{fQHt6pADwVbW*_-Hc)rBAWdCBJGZq9O(
z2cMYk?-5pPG9eg8x!${4M&|2MiXS8>JOPeUa4zq}>62~FHT$ydAQ%(k|1fqIP*HB{
z!#@U!qJX49ihz>R-3ZdsJxF&qLkJ3ppdvAVv`Uxcz>v}n(%l_HGc?~G58iw3UElqm
zvlh#x<IM2B`+fGapZq;m8E3;1WyFtZe^uZVk@+%FHxr}^T$^X+A;W+bTTwT9PJflk
zk({j0CVtGJ(f8sB#|ztvz;Tek;)LGIXEw7iGkY=2`Kl<781eI~r0JJhWd#9__pA(9
zF`Xp&g>$nt&J(u;o|)v3nJstpnG4g{zS1~UMl7?w$amCWE=bWKpp-~X*`r-m*z%aW
z!$=Y2$RA~jAzip$|J)hxv?1qO2FDOVym(QG{S%*+xB+26${{DMU98l|%x&HJAoDQ0
zWW<6c<I6fobZN3XvMwmNt0CM`VURa-3T^R=k=i$wJa@lFv7^h&d?P@Z0Ys`js^$dP
zW(za=)CN*=3jNxPsG32CkL?Gb^r{Jm=TlTy;s}iz=ecDLix=0E%3B$?gv%7xWK~IE
zIiw-*Ef7wKtaozX8v5aDff2)kQ$UyDqB{a<#lM@rqfYd-hcgbzTppsD;V^pqJx=(M
zmaRHJp18Pa10k?b3`vS3xB~J=i>fT{vFD@0TGK@+=(FG92dW@TaE($)OSKT`W0mpP
z*EE>cK%H#LjlPG?Dhw`Qc$}1+=iBovcbUf{z{yWs<Y~a4?dHU;)ohFPfJGeRbaU)!
zPw@&~I+kTdRm4Bl7yY@T*R?!^Z5{;7p*4-HpIc-h;fzZ3af*+1K71#9v>>PSR)2k?
zcE4@eqdl<X9Kb*fLcdtYy<rf_D6JFh+8L2CzhAOWL%+*%>aeb8$vCK$3!j$^)l@Mi
z`DI88(>@B_N7b7erR1#V@dBT`(A1JA_(O@%7kVsK<zz5~&{nTEUO(qe)ao&4q<_(<
zYxUJqK2a*<>*uO851`g#tBc<2w6f|m$RHT0n<Iqe>I+Zx5sAGl!cg)oIo;(`IqPH4
z%}bL-e_B#x<&;pk-seCBoSGH(8;{RydXF1R^m_N9Wt`B@5?@KPe7IQq2lmU=5IDW7
zE8*WymkavHXKivR3I~oU2MisLO%3_2E)2OnJkYHm>&v~7tRSsbk*yXwOw<-JsBPXK
zpiHGj+J%RadV59MzPaZW<i17xu-cOeH{C<Uv_ml*0fP3$#T(bZPA=H&u_h7YMm8}C
zKx8T`ik7LBA8KflwmKHjefi+!T(roT6+=vuV98{gataDI0ud#*7w!uEQVWc7Ku^oy
zub*s584>bn7WLze;knLvWj8E4ZI)F6+>x?EVZ*93@GScCjSl;JhArxbf4FG}6tQvN
zq|8o~-eQ*wz1REc`%`(fpykMwZ>rHw?sVmGO1JWI7~#B-Sq@E^F308V6wZqE^c;2Y
zR<zF5(b5Cwo%NaV`*GglA5;&ltpiQUIxQO%^ZeV{J3#aFq)Ct$DB$zQ?4xV$3!B?I
z7rsL6;(VhrEv@qmzT_UdnEkjDJ2VnMe!iiutWzZEzDO#~)iq!u4OgZ@<p)^5TDF+h
z12UbW(GA{r)Q@W4q7Wr6N>c5Th@4&7kh68PMX>|?{&yk;>i|z!c%!#foi45jgblJ9
zha84W+ClA5T%_jSqs|QF(OUVQ?}unviwT>(`zun(`@k2rly{%s&2HbSe}_wVT})QV
zUP+zEs5Lq$eu|o=SfkzhU^+0^O%QON%HWafhJ_Ey7j|Rjs8upAR3>v}l=OS4g~(@%
zz%zChC^m`7#WQ-pLgI6>byMl5`C5O8ob|cxEru%`YPUWEzx3E222+Sv!+K{vgpxZf
zTvvzYEoqf;mgl+}(=N=%tvq4vS3}7=MIyy=;_lQf1Qo1%sYr#!xPIhX^nPpncGLq%
zoZCgips&XbCn=HCmu4|ra!j5nCi<z_2GZR@7siut5<BRlNEv2dAsj8E{$b4H3M!+G
zNI6$ZKN+_zjmU(WM^Pd`iLs%J#l%SGjMK|X9iwH|AuT^%1@;W7hbu$HOfKH$me*%<
z5`mB~Bc->%LnPsGF#7atD>_jfvSsa*IC$_ge><EOAd6$xUxmMVjJONY)<!zHz_00L
zE1S-NfNpF`-hnYC1uv9&@L_XyN(D=f5?V>!G17u)Nwo9wMN`;VQ#Pv{4UA-nQ@i^a
zYNmB3{eg}`eiY8}lVwDio=eVFUDd*SmjWENR$D}NsqQu1K^)Lu!f^BO{gx$EE@(c-
zST!Z?xlnLuJhn)UpsiKB#VZItxl^aspyD`~O?@V}4FU1T@Q>6rvhlity;_RzvMTG3
zU*Jb6qX4|mL`}Et_R@&mzN<dQ`)&N*9yND&P~2wSU5i1i^I}d?6lZnKVc{JW(@*o$
zA$BY6=ktYw*aExVH0!NJ0=YMue-3X`HHWASp?f@D37b;COdQ<XS5KiY04*@s7=Vo3
zf@4ouac~RS>L)vnWqzzTuO_6Cph%FznPxm|Slv}>Kl^SZ2+t<PnzXp%p^WwUKD^o(
z{<6}Grg&eV|CmhK_RQc?LmRAez`Ir2Pd0_>QoLMUE+jg)Cf&QdZ#iDkvv2=nXBGKU
zC2J*dk6?yMsQKvHN?Ngf+xC}^yq<#25<OrGtazzhyQbok5pJe2xIIC|F8`$jDjD}G
z`%IxSZLX4U+4Zr^$)~L7&S(}YdXJQ2JKzbm)vgHrMD%S6(=}%kz-Ka1-exUln%XqK
z9oIeFr2@Zp%-J9CCSvS+{1xB(q`D#rO>Ln4t0HfC_Or}cE-V(1SCK|{f?k$=od9!Q
z7;^ublf50`XihtFgElVI-4@u^y!{4e9LjtO+0n+|YvqAi`z(w4rJ-PvYFae!E+{Qa
zps;ugYckUB;eF7E-KZ^OZfXa)N8g|fGAS-q8Lw4gO60o(jntjr*}hS~ctLAZ6q<7B
z)}i~9@AaGDPPCWW;fMD*tu)japc61{*kBH!+MzOSa`v-U(MUq?rOynM8m8ARfm9AC
zL1G~j-dcJtNwh~%r4Ly{Uvcr?pq+7dPR*Qk2C)MF$&&@H;X}8|oU1Vf6y&{qYKJ|t
z9?lc16EB*wk^V|D1&syyAa5^?pRO935xqO9?-M&B1oC)}`1$AWSwgO<QollXl*HD5
zRi*gSoAiNHR?$sUu8*Sl8ZoFXobk(6Uad%QFYOc&KA+!$bo-PhR1VA-R1m>4clc%A
z@9|U3IEq;}^C3&AWS@3BPAs%w-^@J4-MIs|D0~uf4K*u%Th8+nJy(*YWz(P0y41TF
zy2<S8O79V=B|)SoD)*19>nkj>7RyIi3d|nFSK5q<A`%2qdk^}~-?UmX&d^~OKglix
zYSO&rR~y40m*d|H%j~NU&u8tOs7waHSO*>1iit8-b#+5Cpd#Vlt)P#PS#s%ukM_2P
z_NUk3lL_OZz-IPR)Yxmv5K`PAzE0}&;wQ&e@l1usv8=^9G!rF|I&t!h`*Zz$O^Ym-
zl9A6IK3OLI6&6=xKvm*nX|Yq5{Ja;U(#5*gWJd8yFl2xAH%{}4MOuLODI`65YJImq
zgXU7ksrhKfPX)SWl~F-RuUf5ial8VU!A*0hSUw4ovpL`fjsqe~)PjPT;x%k&@qIRb
zTz}?X1;VI?-?8(Hy~>URq^$tor76H$sZHw`olR3rpdSzPfalvUoeQHRJs{pnA|@%N
zk)J#^0?`qV%e5E1vq{*Obs?eVG3ZJPzpI~L>zzG(%Uqm?^H5d>ect_21jZmwO3!BT
zh}<Oz&$+-1W=U=O%zY&(c%XDdEHuM+eaQD)0ecgNWatwtUl$XHc4fr6m0vsi`M$=C
zOxe&Ao4k}`JR*&JzsiJnxP6D#&+ZN6jYqwG>|7FFN+y!}UTFN|yj-vB$Jk!?L?$ky
z9f}`;>ngVNBB`yk)36Si2|>U1UHPfIm;3S4B||erQg`7R7O%R13hlAJ-$}N3Iw*y!
z-f_<A*S@k^QR$_ooQPm{sy0)S;89;?6TRZGpCE(U%a)0%irD1Ziz0)=DA=$y(w3Js
zND@JL6OEfuL!)4!p+<Z#Q$jDNH5RDgLS(w6Tr*K_>vs`;AY$_EBFoK7<qKQO3&Yr~
zFm?1Kv)m3MB<J*_Q1)WaP~B*zvbDsBxk)bqNf3g{%dXGqj0f)R$Mp50RJzdV`oijb
zCsA#q?ZyYT8n$J}AhtsILbT~_UJ0I%1eaNN(iclmS^)Qxm7^)4$JO*1iTd6re+x7k
zSyZR$ujLaGXWq7sx2_%lp*X&5xweAm$HQyl*-nS9H^}(H3frv?d%RfMV)@mPf_**)
z_Z9dD8kq@Bf3pC5Qr2hXF=7l<m~3?OP~LAr33^n8H6+o$r~ab+QR}m?*bP?g`(#@e
zFWiqr*PrJco;YX+zrJsm+i1RQK1#U_DiQ)-f{r{f7l>$wmd?m@`g}ND8DRAoEk6-j
zcHoVyO&iQ9X0a@Ox~IOP!FHy=yZkLI{zPkqZQZk&WCzx%sHGLqa}<18BNhiLz)VKp
zm`~Iv-H_vH1L|(ej1|*jv#BJ~94t3Qoo#lKy_~BoIlbaC$m=wG+z(a9weoZJ@}O#M
zdh=yw)G}w*w3fSB(E3KgD2g0#7UwFBMr0IUy;Da5%p6U@9?dniXu_RL#0%3@LZucw
zb0^M_lT;?s7tdG4&J49iv@9>PFlkbCWEmb3yT&Ho4FI*%FGw$)Dl`JXe3wCk730lS
zSB=(T(^qE?j1OzEx#_J_Vo^RMvwc3@piT1gJllf0_U-hRhab+$?c-kyXPi5ZU-w9D
z`_cjil4==sr0cX;xJ#Hlos>rc7baU_fiWw+sF=Vo!|wAzatn(?WJ1u7@bd!e007Go
zNWj*PO$#LV=GG8Zct&!h8;K`Ek9T`BwO0KU`K8c&?sUJ;`-Nr?H-Y?~Yrm>Gp`1(5
z*2s3+m64wxtrg5_$bKi+-(J-!sFt4Zox5F5=bw<_QI)l!50JdiHb(L6HPx5PtVc)D
zRMy+~_j9IXAJVT%H;j)}VZ=(5or0pFKo{>LZ`_@f9WBBIa8cHH@3Z|zUBm85=x_va
zmULOwc(kc1OosR5?4dQ@Fst;M35NBj;3GkLo_@*Qyc{*UR!1#;njE%cK^hi|C%!4(
z+UTO8@G8U;<<vR(=Ke<%n)5~YfNhw%o$gXGL2Gr^4^tH?V3=*%v1rpW9nCXOR0FO`
zh?o~NKPNZmKr*eL+zL9vw7~?~uS{3bGYrWBbjQud`=7KCgqA@HJN416mMO<CW+b(}
z8}d+B_b5jqy>@M)5z_W;J_0B)nf<O*_k};LV~Q8_zBcz?to{5NxH?e@-CrKaiS3nS
zLXH|j1>KGY^d`J_ALOCWx?ioINjvzPM7Uy<N2ra-LoBfy_dnNw-nBVT)0Z!&a<qAc
z#7gQmH?Qn=x)vdZO=3G33z{F=fQm|VFYU_H!z^kla_<BE$8BSdUF$^JRxFErtTNY7
z@iCpjRk~mZ<7>Uc!E))!&T0xCA+wo?z_NwUZH%D9FBgoT*ppCKE!Aq(R(<2_wjH10
zdx&msMc3|{08Bcsfq6UyfLS_&{<qYfFP(OJ=*&v4LZV<!_}zS9vr*sh1kIV#T<PaG
zc!X-^K?88C&N;8opsuUGB`A|cx6FRuxSkd#Xo0VGEcA7<iu}>7^ELqB(rd1}jK$EM
zeSS11>sX+Smp*?l8QOv~SN4fY65&sz)r>9(?!-w_V}KLOmcl1I+75s0;o4-Rz%q}{
za_%0&$qa-tu`Bna;XfrF@DxkU?ASICs^7AXm)>%p7JfVndMC#~%h)PR!yrgn#32tF
z9NUT07-$LEojTfIk6ry3{%8385~d2xRL*5yW&($m*>1K<9xtLu<y9TQidQ}EA`!}o
zZ$=I*zIK3u?%`<1jGpG|5mSq_Jy3>PK^3t*inqAB47FHA-7O|P4I7#sm-6yk=~B|u
z)aGLzyX8z}lBuw#*a_NljSHu9j028^H{w>pKZ6#%*FM!Gl{=SfzHeZ}Ab~5|^<Huv
zTD;S*_ss$BzoRxAPy9aMnAw_swaObc?pk*&q2&^(cnY5Z<&;#s{ecrd_T-a~HBJi<
zX}f}u7F7h!Uey=Wt^OEdL)iL`TyG|U>#p9$Y4@EYQ^R`~mbD>hryP#nlh3$tw>usJ
zN`dA9=9ma(daoqu;>u>^jvDVcVl{VE#6gntmrw$Lh>UPJZiQ-1=-X>Xk08v{C(P8%
zR^udid{=pyefdR978!5zpqniI)u+63LxsNC%3Her_bY!~9Z3Y5eLwGt!^KNWP9QJf
zf}o?S<GK2%M#txLua2;~?*lj(7act9K@&c@I=*`kvspS(?{e3()oAY^uEi(<dd(MC
zW2k@HUAkNbKEGfv{pc^h_6nNzQ4^`~^WyGqKL`H&6*b;x7xnM#QQ#UD@E&<eQcz&U
z^rk7`X#Pxc{|G9lMN68mTx>yA%nASpKmz~S5kPJ2!~$-$^k|sG7>`-zRl*plqI93~
zVY1%7<wE%a1Gt8&!nIg`xq|;jb=(HD5R<ye%YUHn2Hbfc8ey{Dj(O?NE(`GLNO%ok
z%*}Xjz9uIy*6-w5bn4>Y3DMT~Cw$kLcKuIwOcFo%P4kC#gnzCIdIgiV&?);0-n5Gj
zXkQ65X5^D)V!=fR_sS#iZ+W|`za7~>F0YGEfpmxC1M4D1*pW^7`hvXRp%EO!HBA<!
z*H31MtL;Ev2X<5!?<xZ-Q0OE%LcJ4wS3-@BW5+y=eB50PfOEsQsoWcQ{g*oiEn}Z+
z?nshMcY=PznkfJ#a3a>R6A{}<+Wft<oY1}H<u0d6ycbqo78*1`rxAp1`u=lSis*c|
zW}C`^zAnWe(x`C;lay6^A3FT`{=W#;U;Zjgg%;(v#qu$~MHzj=F@M~^{@2p}OCJC7
zvA_IPIEo5<qD}P)#s#9LNDwS@PFFO+-+b`j-?5~F7UJBahwwk|#1|V4cL_|t#`^CE
z{5M}Fd>y?7uc%(r1a*Pv_ku!B09KKa`=s!H-TuF?0WCxCfLxb6l;gd)3MO%I6~vjc
z@BTSsCK&xp9^MVQda>~|z>RULc`0lC<BOmJn@=<5j^OY6eGUXv_Lbd52j|6uzDV=`
ze$QWD6|O_?-c9%)e_Z@;G5QPn*hK%2&-}+KP;?ig={_TSGRqg=kb|a0WWA(T`o}lH
z%K}6ozI3~p_d**~qPH3I_BX75ELD<d@XObMTZg~FM=#OO({4WWqG|CzulYh7{&gY1
z^F()Hy8Mv;a`8Mn(Q(PeTp@>l4nAr_FXpyv(4C9tIgehNZB^Mz7rW*6&imhsdr|i{
zP5OJ6F5((F5dZJ@|K}}$fW85^?_hVk--sb$LLgFVmu@is{ja|GDs}?!Fm9`k6I>Mg
zcC&(SD7htRaIsVV{#ue&(PHhq5*Bvx-jNWnvj1wX|Nk!jf61m3x>lD@>e(l`KZQtG
z@?m%X)fhvGk1NmJTK+>5{?{k}dU;8@nC*P$e(Pa2>QV$ECh8edtrr@?ObmSgC@!be
z?~bs)yQq=3=tIm`B6OJF`_1oz?U8RTO|w<A^tbMRyt+kzj26TAF1-2Tvfrasmth}U
z$_3!*ua|$(toC1*1{%UKS+h+2|D~v^far&71A@nY%fkQKJOt=1-u{~E_x{WT2#~^?
z&)xp{15QTo&-9hl?|=SIUl<xwWz3EDPan)5mvsZddgdxeMf_HMCTJ<UXMuOIfB(Tc
zgrlWQite4&ukhs`S9!rW(-_hW&gOr96{NnxbvIbCs5b0v4kFoxyGq_T(&IRdd+e=a
zI{zDp6#y<(URl-X-zVqaT%9lH!|oS;?X_)z+^8)^wx2{N5{YDxkg^FOU3e8e{EkD|
z?^DMcE#^L?09W@nU-_?RsRa|R!(_$E^I%zMjy3IxHKbl#*u31XIH9$`g%9{rHj4vW
zU)sxXjZ4<npIQBSKHaKlHI&IAQ}%!CmH!mB^eACNOjbRip|Y-uyM?h$?2`&7tn-5%
za~xZQiwS4R^aLmV$O)wdt#i=`&5d|*?qAn$_88pGgG|H|hJPDpf1`L+ahHz#+PNz4
z?(D>xd<ms+oF9!}EuVHZgNzN7*(-2!jpx0b7}svq!B<>xwHvyytLA_N$8`A@{$r76
zXY$QuZ1!vmW|73%9$@yukO_GLKTzysTo7_l76cu@9C5MJ%$=J}z2zMQ#<{+a**2%K
z{@hV7&^$D}m)y7i^$7lE6@}~YmJojJa2y9DmhHVlXtG9VMrMMo>7t2dPniO<GcxuD
zTLXYDdC<p*L@a-g(ClJ1XbicB1oJ3e0M*;o>-dOz%5e-mr-Z3|jTH>=c{*4Lb>#vh
zYT&@dD+9>#zV{?NJvmiJD?G{E7{9KI6b;P#phh(ZYRCVX9`N0#>E^(QNpwq|4{YKc
zq<Y74%Bj`dH$d)<I_%_4t&bLo;OWqAT`PRIS~78EU028kj5$Ptx&r6CitTsd(OZCu
zV&~Y&lctTP(`Z@d%ntwr1AMnf1`ZXB^aVKSF+kjLr}P1Hm>fX6HdE^$aC>LGLH#&k
zd^y0Ej1Oqrq8;XZyED*{ZU+#;FF%oEzq{cHxIFS>k1Plm!GxSn>w*><8xRP0L{qEw
z+wTC$@>N3{Z;>^4=mz+I_Eh3w!h-}xg5}wHq4txSO}AuVGXBfDpD23Cmx}T~+!K!h
z{&MP}Ok2VlVsBJ3d8FZVC-K|~x?UU=%WZGavP<0=_w<MMp_LeydCw!RCK5+>Df{2N
zEN=7!q+hg~9X5|$Gk7~|+nWLg5D*us$f&@%`?RK|U;(&x4^E^*o+z3?x#taABc7n$
z`1Mbos^$~+O{7Rup<~V5$$mBM4uPYkuVv2R4_<{oyGo;wum(a5{^`YUZ(hfJj5bHi
zId%TImS(x(q$slB3GTNqY~HXEvHkkVq-M*BTI{_{exxhvVS7piZeAe#>0QvqA-xbL
ziLhxS8(wg29LhI*9oa1M`kJvhV5N-wxW540<PDHWbVPwUBM30z?z&}!HAqkk?*g)t
z6Tlx;L#KRG2gHmUl-oYZ=%B~rnz#>kg2%t?ebk#6;D~n{&4n4>6HT5%do16L4wD1P
zRvrymS*E4*g4}_DYcpkFDY^_NCp?c%fN}M#a>I-HtroQnK#6#bgD@(|$_!}wylvks
zy$m|dlvO?5K1&H#CjzcX*Es00M6(-QfRA;@42TCEIGwUD<3awZZ~(m5WnJaa!=9ch
zye1!0%EG60Wi4mnyzybq?SAL7sAI1xe8X1JRP7_9Mc9eg{mlN4@KGB+E~Dnq&<}5-
z0a{`*{!Mho@k}uD7+~LR0MbU<u2L2Wxn0dAk)ne-^0TMvp_)vJjK)m)Nn-$c|BF-9
z360hJMWDN&T0~&eH%I(|BCbC0Uj^YR=u8kTYt|RMA~FDgK!&h&+M(G=8Us}wmt1D9
z8h5BZd};qIbU27UEE~=P4nFG-aaaGbmAN!^6_HBe*hk&zwUR@!zqxBn>Db5B>9y<Z
zttyTcGvaOQvN3r*%)gyXh8KSHx^r(OmOMAIv-RdYV0g9RmS^vu?&bO1ZhH(@a^QFd
z%HbA(@*)#|U9kChHG#Cl`I<=T)hIw*NgTtIVVDMkwO>DcqqT4fYIj^5J2;{q2u%ck
zs&+0o%9x)4d_61>VOnkIwE{HVm}}R{anpT)F1!D7`Y(?6f1XbNt>AnEDA1}b6M=(r
zwfUmAT@EGO<382KiqWSJj)A-xp43i{GmNCW438sbRIQqMM~?uo35;MbJf{8S*(k-l
zIxwoM1x+MG9xf*0_*F!zX|;e(X)QFMP|iRZfsPG;IAZxIkThKoxbVYhOco2gb{@=7
z@V2+0Q%mh+0=nT0npsfs43O3*?O>OXWn%$IUAa7Y(B-cO8!1r`2lU{>a)7NFzs)r^
zMWkc*<GZRxq+FX=TkThva3YIg09udMhAklyc!O{Q(S$E{gm~a~IS7mJ1wAny??$90
zc(hi6f7;Z)y<;;{Wd5Uei6+)+rl`-=i8qgxZhYKjl+kXGlL;;e*ecgdepZ*<q)J84
zEkmPY#zB$XqMD{LA^gX+2kb3kw@_eISpfCuBtRL~C^~;1vB<(G0c!fg1f5NTEr@*K
zET?xK?Z-bMA`<G)+1>+el^T#b7NcZ}KTn36WU`(CS+LiFfzBh#D$BA(D?xyvnsG|3
z*dMX{fk;DgMM{PMLSpAsagV?eP^M!N%S9E?igV|WxnOV^nl|S8jt>C_X!G}dMRql-
z)=q;_I#-!9wV~C0tyHOXM3;5ZS&3Y&!ibB5`0rJ{FXD!qqLMz~OZtOhHiQ*Rxl_+n
zF_`)3e#J@I+_&fah-C>+SbL{;z~m6(U64?-y$Okfd8H~OLf(=y+tCkwBn~M4c<fd!
zI=xpFDU{c#`}o#QBJsjjqPKtTH~sanNuU;6<V_F8ypPwN7r}&tM1}+E=)zKixDhgt
zkxNEe&4IPkTNn(!h6S;UA+-g155u;fm9NCU!E2n#0kTVc^2F0g=yX{@CSY%-eM%0c
z9YUWsh9E{WMNGWEOqTA6Hbm?EV4m0A6zvG}u54&-&m&%s+)XQ0by=;TZtx@KUI;iG
z?($aawteE<8cR&bd1Dsin?DG3vh6|khp?^}x>dY-+V|BPKEZ0joyQFZs394!Pp_eO
znO%qWKzpZpp|WLFLnRE#v>-AqJ+3!_XSS<$u;Fta8~GDUKNzXVywY)E{;T|#y8$Y$
z%}l@qidD~>PbL8KrtHih8eg89az~r~BLf8=?o#d5inoX)98mf2-}~}^p3N_5d~*SV
zA}iDH!7`)q2NaC8t?b^}muy2`TYI}<zKZ3>lH!nig)U&WOBon1!$aa>Z~0yDUY=_C
z9+(;o%z|qh1x%%&u?hib3QgmVT>?LDrZTxHrt&R+3om#KDkr>AXoLdE1_&s21`qfd
z3v1e{3;~H3)cEWPf}LX^(EeITvnNE}d>>F{NI}gDni6=6h}}3|2?^K^h0v3&rq_F7
znr9Kg`otP9eM4cyI*4IYR9gcS^xoQxTElN2AN6o(az+@-@@Oueps6)Rl}c)a*Kx>5
z7;Gf6VCXp_=zRHW<7X*U^uZ9>HFQ%9!$xcD%$9)!F(ZBJyKiv}ZY!V1GP82;!$Jnn
zXcIm0vZETeK^GjuWAyMPN}TPlo`U;BhA}C!nx`s|`688LFs*=OMFpl{i&&;fqi&8I
z)EWb1ifPcOmxwEFUj=#t_4U-GR3%dG#GeNR@?(<=@@sIRckXOT!Kl^_V^#(l4Dq(G
zPaqAdjS6sv%-v;BZgd1?DPrG^GN=bs^9nrfN133$On+ZPoTQ@Ck^Yio?vFIIA_=?A
zZm8@n`4@BsH;tohIYD5o;4b={?Ihwx)iyh%Gw8L7X2;bok%j(34{fBWkx@R?!!`Tk
zvPQGjE9um?|5!r$B$8ybn?njl73eftJ^QtPdK$NgPG{}s1F2Z{fBVBAk%50;)+nQg
zIiF-^v$nvGL0Ez|I2Db}GP(0&fb44_5$ox=GT`Z9&7`~}<se%F#Wa)^+2RXj{8%wR
zC(YC1iE3N#8?3Z~?t9THhAxQNU_D~-fo+9iXhZ$diP8!Nvj&6PmMK4B34}YM!Ld(K
zk`NH5=3Kyt6ZW!He8{U9e;=^s!6!PvN}T@8pn@JAhCOH$&$_)YlX*R>kTWz}cf@nl
za(@4mbxe-IhEA9Hsx_Xhnzd>o!iG_dbIVM=@3XBY^ZPY4H}VTq9_B=KW&X#6BbDTb
z_SXE`o506n-K8P+f9XGnB~a-2Q`Ce(VM1WVzeJO?#V@^;d>mAlebSWI1t;ojj!Cx;
zEDkn#z^GCPw9eswci9o3PUZi=iqWm`dqQ^A0rM95p4{{TEe*jnA-??0`G|Wwg7<g&
z=JHGl8htn_H}{Gf8H7?U0vrFQFIq)4bszMdZo}}6s|L;tWQ|#v4l4lTZ0Wm+>(6Jz
z#(qTr8B{Fg7S!{|taq`MKCe9&)K$YundV2dLU|18-!fF=iL1>%N}`{i*&d&uGr?z8
zREef--i2`&dXl(J`O4MObpS#o-$Bq}ACGM^Tiht1B*wnU*n2b6i#L*gRx}1B*p&D*
z1FD|2zR#lu*k1btQ8pCZ2j>tt>}na_S3o<p%iD9Cpz`KxV2a_edyp|b4}J5PNv!o}
zH}$xQS`(s0kbWJi{|FC>(Txh_LP&$YknE;t8f{D`4B*0+i!!=YvU+lQYfXP;nIsUr
zrya{G@5k%kOG|hk`(%*V{~3-a+;0B$Y&qF?I+;iL)7P#DJ$4%1%URp`NK31B55Z}>
z;d$gdeI!XkaCVfK@9!fhkiR*$`J~EAS)0Uq{rFh&J*JLJwUbdWZO*YGDrF@pBKD{w
zq&D%K1+m!<RsQUjv54w^g!j8a>;JT5Rq@S0KSF2)l2Jc3aqy(fr6lB@rOZRVpjEW5
z)u7B_eY!nISut}@$lLRK>*Lk%eJZR-=~+M@ZJ8<YYo`<oFk0-5F9D^4nT7-uRbbqg
zxeFbcLM&&_R8$2MKhPZhmbqm#g`tnPj8;IYAR*_1*o<tO@-cu7(>+grA_O2I@^7^+
z|8SG{dtNQ>DKhYA)mbgX9gt;=iMY`Ag`b{{VA~|X_=4HSb<LNJi*sR~ZMGGQL|SIa
zV^Ddk8G*&9Je=VdrEW+7MD$YC4EB@FZ!ec5G(9<8E9#Y(TY0|s4f@>q8+Z0z$DhwC
z^JXwD=I<zBu^49{4mo5`{FPQgS_{Uz^0?KiQCGho*C9D)W#zLNiAJJzUb#ovkAo7*
zyFwg)oK7<GPCmbW?m8fOFR=<*tsHGT>3Y+(`oK7t(rvyj10(3Z^{M98A_KHSb!ewx
zgP|I(QOii6NMM9?k!riiTD^rZ2=Z;1xyxMI?kJ{rp837To9#4?cP{uLvz}bM;!@?{
zDCG$U4o7ZMDJF2;{`OonGrl}-L|F*t?B#;-gu_i(usA^n`$@9VogcmMv+ez_lWsY>
zaNG9vF(>naiq+}1wDEi1<;~AJJIZCa#}o8`6Yak<^BfJ=<z+s};-QD!T0(<{GHc!G
z<B;HBhi*baVIUv#3f8grve{x(Lg)M0S68s@fC|aqk%5&1=Q}AV5j`p@-fbqRlQ{}`
zvi<YfAP6-$xq|X?KIVEykcBq+$-%7RRM;g5<#q)oC7<mf%Nm&E+tSIbiTp*w)~|i@
z<>@?jg3p=zB1T$gFw&vYT_kl!#)nvUr|n%iU{Q3rW5rNrSEhT?pZAxdQ{nC`R+}pr
zuYOT=@oD96HPJPRTqm6ad`dldJ)VpTzV7C118pakMBN$i@sJ=@7x(2m#BJq-b*+<m
zkjy*Jo5wcoNY^4GC5~7e0gRyD(`g)^$2XOcNh6-e=QMC6VpYwn>-1=_+J$Sv?Q1Nn
z@jKwT4~s(bN@s4OMkmiobX;mVPMLO(yU)?2sIfUR!kx0k{pt<6xS7(mg0?t4d4Yp{
znG8PLc+UD$Fea+}J?BXJW0-|I0mjT9mv0N#Xv1%(fYDMuS0Z2!2SjVMiCm60Ji)S!
z8w4||$#jQ#@9E{7n+l8uV3TU~=zScYbUE817~^f*cTq@qap=yczkQ3VYh$vbcD+(l
z&vn?AsJ#b>UDp_+f}E4j(Q*ayAh9bp-Zmos$s~bJ;$#K>yYh_%uki+`casF|`PqTE
z>rb!Qu??T0!S(zt9S(g(T~g>MF>;r$(ddNm$BE-U=2pn510q(?&?LeUwTx`kDOqcO
zjlEylLq6%6=d)cr>RiV&zIV(tW>B^>^U`&``-V-%Aryh?)E$AVRs|nTbJ3Jj+1_8T
zP;FnEd&1Yg_~A@*OTeQEOAle)by~l-gdE%4fw=^Cjk4`@0kqWLn(E!#SMSS&9wLaX
z-k*4+-gWfVthn2I<u<tx;;=F>ZnaRl4L_Gs!uGH`9)J`n>$xU9XFc|_t!w(UpE!Yd
zQYPKA>Wac0qQ|fG=$lX03cKRq?9mS-wXs-HBbLmrU`{ZC|B^A}8a3`N(Zl$wK|eDX
zZZcD*zoEp-UT6TMgykGz5RoZolF)PkbzIv^Im`&E58Mw8Nw1uvy_zO6X!a_Y9?Y-m
zup0Hnbwb(@_ZFCRHL$ln3J;nDb1ch2SYjMaGt>!B@7E5yrGKKdX9G5zIbP~mki|CR
z1ZZ@!>qm_NdhQY^b|ON7(*MAt(5Ks=mdHWqutlNOm|6$4S)iv6wg}vx&A$5ymE_dW
z#~e#mp^j(Ns?5PJYUC-B<cp58C$;A0r{fu-BPhwFJ0J?ep&gNNZr+e~1M{82mv*Jj
zo2>JT<BrE=Da4P@vjtj%M>?yZRz${h&FxI=OP$Ia^7gBVoBEGWgVPx1)pUE{$?s#K
ziLUYDIkZrgDVCtS-EM8;rwxZx<Lg~=HwPb;Rvgwm8^fudY}$*<Xu7pHdA9q2d4yy=
zft;nk(#xfK%x&b@$P$xva(f=K)qE$}%=XZM8Q$%R+6ticUP^E~=A$%W@JXOh9`s(o
zh;jAMUpQ(*xqLiLDR|D)*mRLq`ri@)@*AjA6a+O1J)bp-wrL<dE}ukJeq05G11*?y
zw#`#MWq_H@bf5{`<?#}s^Jl|Pze@TbZMLr+Ot{VNP1y!B!X1Pr4BEoX?UKDP*<lnr
zgv`>%eORpXMBA@hFqrEjC>#eO<F(JQ7d<!$5g66hyVO};1qqL7Wg--xs#$NZ=2cfg
z(Qt5dx;_^~SqpwVk`6ak0XD=gk@7eIaVI_~$-#*E72vpM8mCwckbI3GVb38pLH&gv
zL_5Y`UAp4;hXU=_sbV#e)NH3#t+e`hJbx7jchM0L&>GYQ4De?#P7p66;%VavBBNf4
z*pms8IK`W%t~@p_d+n^Mc@&{c+GddPCUFnpaHuxHIrQ?iU6<4?4^R*mDMvGbo-T@Y
zS&<YC1Nbt#OBPA}LX+aXJrdL!81H<6>UqxttW9Hc>(*QEA<-m7v>Ziz&drNsq;AcA
z7LpN{>en7W5ZgQMBy1k+-<!(EwK%a+nlW+H2;FKO6f=5WbrLzc(jK#(c#n%g&+{jF
zKYer2)|uP9piT31Fk+(8L@+k?QO^&Bq5ulEcaIwuCWMHzKkJ_1P>q!*dd<T29(Guw
zG>5Fc_M1cqw53B2&z8(>mg@qpzso2seEpRg`ZtGSk}_^6?oO(R4|D5km<-eMwFDI{
zVy7Q^U0wCjEJ@-q*GV1B_^k>A&Ps*KaRd*NmQFg$Pe!DogI2kJX_hd(+Kob6j2JBG
z&}Dj285px;rQ?p(II@@(F!KiU^s2wt7uOr(`7nO3xvaWKujSCL&03-Jh*UMy9fT&z
zA7_VS)B`^=SBJ&#;6+<%TT7S`;>{kwwiCiwm}#3MHn)M3=%~nB(DTGH9&dAA)0AOb
zXIgj~XevjbgYtMZdn346ZeH2(lip2djR%Nq)kAa{Z(Z2-I~gKn>bEhV6lv#6?y?S~
ziqN;T*&`iRHt2xr=eE>To~929Bupy~jiGHWvX^#47w4#jM@}`}WF_}lqJ)DOlKQRK
zrms2zY9Y8dxJz$9=FFv5+H#hGOFcp}>#lM`uwVNnnT{2Rr%$F&BQMw4_WT$qdGhzx
zvN%p!6~bxbVdhj&K>Z-@)uC(l-0f&Vdii+QgcTwpiI_{UGuW%QzI0yKJ8l&?>?A;~
zG%1h23vQqBE>$9j|JW`pgG_39$j-i)$n`e!TZIcNxE?6H%hA9&p0Y$W$LbxXq?<12
z$>g0kH^EP8D<gDr!%Md&qN<(nCUT~FCyg40MUUL)&)nA7UC-(D%1i?loD&tI7Y3FF
zN39PkhfmU67018}$TNB$Z>hEF2|gyBa{cO<nF0TWm1!F2oh$~!Gh}O*Uy^fdzo{!;
zO{?`3BMYohHq*G9c<fx4%Ut?L2Zy#R>X5q4BwO^Vs%MMCLa(50aQk?#c7I&QdlIg3
z-R+vv@AZfIqn)cJvBoCxJ{-kUHXa5B=@0rh!gltYVu8&hw09^sUY!s_&|2J|Sy+C!
zu!K}0eqD*tHRx5DTP$k}?|3x~mW8wOx{}C37P%KGgAewxU8c72mge|}gf>)bpWf$>
z_Ie$5JL|_b8jYv(y)X-h$??sldOMr<-fW|8is(&|alpm5M}_KM4IkgP?3%U_aQnnA
z_2F-$xSvI)nyIiI!RT-sygKr8rx5LYpL3c;W73^hr{0ru74kYxEyiVPtdnl1&aREi
zX`DBxzM7cEJ3_*D;>?6Dzo%~Y^cGx{kc*dsUJ`nB?`q81_gKBwiu3i(j(q9k{(ATm
z$*n}}L2X+BR{&AG*7i1qmD7FOhzl^4{o4vMpU}e`Ktd*V6okO)ypO2wB!L;3^v!(^
zQ-F#$=|^1)ii)`I;7M~o4i0hm>juT8<D?*lt)H<1Hb>!OnWOL+5DI-ggB~#7>oDrD
z4F?g~0I$er#&nD58piKe_gUK*@EN4EeB-W$;@xhYzrm`mp^t$A`Jys_f^0Y)kKHe}
z0k9&Q;(j%(G$Us;TsW&TZar9P!eJ&R(AL#xPkBHnQpo?)K}p>4VD%Z{iqaW~%fxL-
z)jdxy-Ra~j2fSdP>97-_&6+DVg&mwSl>^RkQMToAN9cOqegWF8Z*NM_rOz)nL0M-R
z0CZGZB>;_z1m1|e`-?KPyWt=;T9oi8R|j+ziI$=b$5Sv?fIc?Ljpd_cMI+JW_rf4y
zL)GW7)25O4xR8t`)!_j~%-~vK=y3;OB8JGQ{b<MPHJgpmS3EY!S0;A8)Gyn>-!C}f
zRPYXa%{06NovehT!)A|aPpS(AUGTb7I&V%|k&wTSSqSjZj~iPnbaBMbi{qIVw_n?Y
ze-b3uOHuTn_2OJzWg0X5@nyb3=z-99j{Dek%1QI2_`$^9Q?K)l?AJ$4dB?LI4Q+*^
z07d>|I$n}tg=o`2rc65_Zpo!;NqLoeG%C?vPaemhZ|&RglO~-B8!wBn(dF7tly4Xe
z7lNqdoXW}r#}C|b-!ZND7agCc=ke_iFthqlb?WhAGAmShg*@Os2&U+1XYwwm`ibnl
z62&lcZzEA8VKm0|{p~Lk>|<Ni(OsnHjzTSM+}hR3X@sJO?Z%UhcF3MeqFX4KfS$#9
zW-|WRgu2&4L#n`76ETBwtF}uO=&yqX4B~C!Ez6gFIeC=EVBqq%W@hHY@8?y=+~%c9
zuH8QZ5gb*z>w}Qqo>@sU`%;0(^+e~+GVl4JbJGomsrmFyK~GFy%pW(HZcGqae^UBZ
z^!y1yrYGZsfv>1G!}IPLEk6!!0{9CO>HMkBFB@iV)W3gI+U}a*xYH@X#|L%YsD#!<
zo*y5tcdn86EUY2hdCuJx@~>2%LG&Cu`YU_gN?zNnB@RxSkr!KEyE+1_5^JG*Li))R
zj?XqQnnC$f1+JqqbMpx-iXlyiLF0SPdc{sB65zO{%CEPn&K7U*L0HD~4J89Nv9~A^
zFaVs~oXcfx2ses(Kj4AQ5_%p4#kN?Id(EZmSCjAEvD1WtU`!dB?pp~C4D+){0A{H^
zaTqK#?Fz;A9Rr5w{nkc&Dm7~n8utPnxI3RXL(ttGSXLtz&6m=|v)wcs5XWYI+qON7
z_6@ZiTBu3=TESp#uBTL8{2~hg6?;#kfZ-55=LF<^J8EJ|C@CK0fwL-bPDG=Xbt<0E
z6+00<Az8!bEJ9h{e$92chx*$vDCZ<OB=cBGHrJ{55jxxYD5gudM;GLmP#Wi2AHcBF
zQLtNdd-h}!FrW0zx6OM~{SAxiW>D*+gX>^8fJl&n2cI6L!NU8JfwYOY=64Ev7B>%q
zgxQdenD)4{-r#^mg2=vt%mW^WZ*?4O61;DkFfB63B@*Aj-MbiQn;+dK<K-GJl2DP0
z-yADjFB!!ns8Wwp@B9f2baGe{&ZRT!vy;P4SWFr=ro&;O!9AxpZF|%D?iTcyt$kmC
zEZa1LdfNLvLSs&q5GiZ97pUf~ta3g`{K}@=+dpnI$6%cs^hgLCo;kr$gkNhH@2ESw
z3h|p7fi6~s!`*6)=!6Q?P<G*{L;MGurGql$v}^T^34#v%<Qw~HS|0XX`XiojokbU$
z4#JUg^FpH1WOWyu+D6rirsw!BXGzfO@bRPg3V0(1GU!q-X|2qfy3o=LnPBcf`LqY^
zEv$LQiO#Ys-bEp+Roi&Tou7_lUm>27V;Z3?1p^8`FR1p#>q{3G;&lV5N6H4PqGN92
zWK0gN4&2V(OmbhVZp8ROXI;BF5aiVa4T{_C@Z=f@)|}je(A|NCx#;Q%x~xpJ1#Z^`
z#=*mpF;iz-yK_@9PRMG`<{-th&>O5<Z-SaS_7i@%4lYeybGJRv)0q%>d#~E3@ohI}
zg@MhY0E}t<`0@m68Z<9PLyg<wG?3r4Q)-N6f@;Mk*2M)sjnNLLN`R4sYFsWbX9j!J
z{hrI~;lmX28iTL>u+4|POcRAGV=8eiJfEHFJgTt0(?U*HS{0G`XT9UTqs;3_?o2fm
zZ8}YAKiQE&KnfQnqS0WCO#Bf13iIvX{q%jT>95QK1CDl?pTF6k8{1)SCRE4U`iB3(
z5ubK|mvnjvJ^hC1Trz(t?5TL1X}rD1r%lH;#_EkTkFhQBPaOD{t${OpB;6^e^SD`u
z63@tHp&`1>dQw(C2uly-z<8Q;0sq-}^^NN@@mD68>~}6T?t}AZGJg&pv{&F)4?2I)
z)0O6oC5GpMa0!yllrdS&N4vcD+0Y4ht$b{pXv`(t6ayUoO<`P}hex9zuF&Jw_mO%s
z@YX%NtC=945d)&ogAN!m3(G(8!eIw_RYw-wZ<-nasO1SJ4kLDga0a=7_$?NFhURZf
zZ$((%6znW?U^!2-+22uoNRU$x0oV6XA?mHf*1p+dq$ik<ltW=79$MDHIZE(G(F7p<
zbv}|EGJTZ#NKsg|=M5$e`I&v%H5nF^)CE~3Ml5V?@n}pL!{A<Ue0u!oeKH-1$r^-0
zPdC{bXL)@k?g*84+G{A~0ZZlj+Tr%H;n>V-&Jj#&>W`I-3*3K}#DO15QOJ=vz5>rt
zQZzBFkM0|}>Ws;H=eA9sqlVcn8Ef**uPJp^mDVmJcBp(kEsv)6yk*{|*~<ebtKIJ~
zVi=Ss_LhF=x7gH2+9sBlX!}HtP&X{PF$Xbxv~H69E;(Fo-7_rUxP2evvLZe)UP8{Q
z=Z2?aqEFwuCzE`(*6<X)OphKetTE{->>=GMuVcw|s@t_)s<50bm&00Gw((rzex1Cj
z+q?Tz>Wq&kVK%gRJ1E_sdn2Y8F0b=Rj>w|C3HOP|G#L`uSzdCE*Upta&=!1<{Ai{o
zo02S!uUdlrUSNJjnP&T~kMW6+o(>RMz4tMvDQC9!@Y#@Az)QTY^i56ElzkCgOZ@?#
zgE-x@2MU?HwBm(vJ3(M1I%`PRMzRp3aop3bqfUCx5w+SoCgRojeKq%ZwiUUg3%h;n
zT$$st7D`e3tUEZZ-@#;&LVM8)VbgT`_9-j<<BrB&(>u7A{_e;3=uS=Ya04-9O5y{_
z9lVE)W9P4~fB|_(71pnJxOvK#{8U~_eO6ZB8_%ii<fZPdIBIP}CX{bTgO2)v5o8}E
zE$zdMG>uBl7wV_pCkIA7-=u={8hN)23hJT$G9bsAaPR>S0<nr}|I9%j115dBb;PjI
zPII^-$Lg`#d!kURQA2G|ciEXJVtx*sRk%_Ze}Plj$!IlX<?|!vqrn~Ba17fscFm`z
z(mUyfD#2h<JT)XF+RdJVt>;-@B4A^;fCGv+C4Kl5goN-mFup$)bazwu7(~oO^leK<
zC(V8t%Q*(67SmYF`%~yCa{!h;q*)`vpExSuDYGoY&95IdA?Pt*iril7wOGvU^HY_E
zG!TM_RCf@|!)LCQ*`d;7j+3pxW!sWT4V?9Ua=>1--hFLILtv;@kaOrDr37n6!_y57
zP)?rIzQ6IFed}`FmjeiH>|AkgPvnRLq%x}e%Srkb9sPFHU^|wX*l5lNNNCIfbs1yn
zTnXjg0!d$5m*zC!!z$YF9`Wxz-I2))bm<Ln@FFOIyoqVcP|t(3fH_%=qfV<BaE!%w
z4i%<dxD&W!=8YqFeAQ&9K(18EtwlUZ>2h7bZJ7ZL!}mt<&I3{>b+?|ia7)~^e>;k6
z>Do=)VsPF2lN-(_%0o3%Y@EbFA$v0s7xG()q#y869U^REL-&2|;e8-=ZyWL}ofL4_
z;P!rzICB1RqDxl3xBAFk?#NF(1_yS1@7Sa9MAj^f!Tq^hC8{Dj8tYS9hfZjbP$^C4
z*<gR4;lZ0SbJE=Hy^OXJ9!v4J<tLwBhq*U21b$O%>i<Zp6WZ@17?%K3#{IroS0H)o
z<}@)sFAFm_Dms5+tKw7Hbf2$dxYr)JmScz1msuo9RDcjq(*6-GS6%y$Q+}~+<UyJ*
z2IYVcCz7XVs?@7=wK&5(CefQ?6q~j&w@v>_c-c-*-Lm|m*!2J>pB?AidWN$mD$BNX
z`uO<QSZ#4v+<K9P$MWg)eEvaycS3+8ggvw-%^Ul)(sfd<@nfD91oJ(axm&(o&?heA
zP>BKl8%2ybF<p6UV}pfu3QJ)r#2(G!CH<YuJf$7g;|6V3GeYbNh8dRpq6M-XkaIO%
z=l+5flfFSnJuwWjKXa`KO9A$tqk?tDISlcgy@(MtHsnb!^>LA*!fWP77<Jy(s~8UE
zyDn};Bpenh8Y>SVk)MfIF+N7kjpk^>$Bf(%B>ZmQzcR&L=YLwT=JLdF*^=Lw31pCe
zyq*W`WDq)wXHAvD{q!r60UovbXs>CnSw>cOnG0e^I(C0H179H~QbTNIyjw6ZO7)12
zOk#Q#gJ(HxEwYb;`2(>{0RL#QC2?t?3RKrCGNrBZkLFM4JjH}@5i0$GrkI;}OELZB
zoDZ+~jY<&8i0AiJT9r)<1q`+3JL)LOSW$;(N=*B=4i|VVQ)Fz;*TV9~e1sCF5w5zm
zx6dTup%sE;tmk&?W~dtNNdk9`A`c_@f{6W2F<<E=;%r@95-7qmdGNE%;)W9)CLBjd
z@LUGfy2v(;s&s94t&EbjilMqzW@}>4vO4BH%D7(1n>&Yawk8*BvZdcm*Tg=}6VmS7
z6a0QK5>y%`z%v~0F!|<-aeZv9SgJd%ZWol0)Xg1UnyEjD#W}w8grlvf$+swW-*AC4
zJf&t;YoEk6nPK|us74dnt5`T*!{S)Sx<RrSW_Cte3=zsXkK4*394o8VWnto7D`fXr
z6tje#eyCI*Ipna-8h-O2j=lXh8Q<V(BedMJ8CuC;s)hsOZhBzKlhr4-P^JFS#cT4g
zk#sBEc>H#tnzxruuBZP$F<5{&_TiZ+`?b#%vc)~{4oA^q{vmXw&BdPi+vvVNe5jy9
zJwy|VD5AamkOKYF@fw(}9kcvJ^;$;HVv2r1HC_0{rv$XFD|(BK8jEt`8-;zm!RWI+
zE{{Cy9k?Ybbk#?rg1@w(?OngDRa3#BD@n1%b9hTe-8ijYhrQ5fb|Dn8cz;?$*A{mD
zq2dbBs3YVqqMZ1x!R&GNqFOscxwSn`xp{W^`h12>N(!;->{*!&cSy4xJh<A4VavK?
z4?+5R$R^m?;!QA#t!sA;u4g6jH0g4KoBO`T`7%;n{liTWWgDHY;q56o%I2~2M8h#J
zTUp0=m`=M~wejhf6$+Tn_wQ0vH0{oq_w)HhXxbtaHpjL@5F6)RKlR;F6`M+a?WKA~
zy_)3ZPSufPQcxyxzx5Ncsi^m~)&nKHj&D|ltV)je)O2+wt0Td1&O=cKtrkai;3MHw
zyJwddPpZH-N_59gn_zj8C8S3T7wh=vYW~kZUnB^};u-l-xu4s1dbw9m?)b^pM+>dc
zvzQ!uf4O_{u@}O^e(je@j$SBSc6%i8W;j{wy_wzq+OSB-Fxbi-3o3WV>mBkbc2bF}
zT?A}Mi64Hba?y2d6vH25WR`Q*<z-q(olv2_mi>{Um!E6^;B10<a~AT6yFRJAx>_>m
ztxboO(irGK8}@B9HjprWx8{n?{2=6K)3nm%LQDS`6j@>B@hMIe_Et!n>UC#lpJA^u
zcIyhq^Vr@o@4@#s0vE=rd@ZZp<j^)KvyVjq-{HiK<X0$WjV9}o{V;pgoBNWoaf=92
zE_RYOe4|{XyVr7=@p_7aDIyVaV9Xt|xkIeYH1B<Q%4E}9%v*{I=yVA5@U?s*LSyhu
zJXkZ9joF^`TxFJ$?Sr9Td&Q0n*&ZQS|NGE!MD8jpmV$T*>(51C4_7Y>j0ntB`jZv6
z6(AFRA_ChnlU<$(Ulsq`pCpT`BXJb?4pJa=OtMG5=;GGQSQ5u?sFuU^gzA?G<jW}r
zo&l$0W^8uy!jtgJ_gC-r(wU2vXoLpApTYJUgXip_42wtn=f$z>Q3-;JT=a-S?@B*v
zIRSIE8A`_udWkaH$wXwqOf!37yS%Pn<r6j{ZWuumnV<~^DvO)|>(UK2#Yvl3Czo>`
z>PdQ9GWL%Z#@Syx@=-03AIL~5#K|h^Sdsf=S)sb0;<u*6U8fDh-@VBMqE0dwwJ~9r
zJlOVLO}p01!yNwQXvjAJNaZGkdt(p6&Bu@*eY~)+SEsZFTRi+I>tMPUub~v`epW?~
zfE@Sj-<AoKT+vsu{>=jDA?+l+C+O|a!fP|zZ~5k%bG+We(K591=?TQSIWuy$n73}A
zkf!!=tpvm|_p6Y$2b@O7-kd^SM1N~7{(6HMw=d_DW-D%{6oTI$cm;IL%JqJVS81}@
z`3WpyG-r$op;8)o*J(<F$rG)9`f+cpJ{WY3=X3kGjFkg)KeL-t7~f8E5am1@ZQiuY
zWKp4UcsV2OkoL;=`#+WfvY4hp-L|$O+3U(zKVj>F8?N+-ULQ>cq9SqiQ`2{RXSrL`
zRAj<iSC3|Qs-5yY1=)&X=PRSu$2z|RTF;PLGHpCdRyJj_8@2BKS?MyMW$u>ZCkqob
zmD-hFf4ot=E3r{YV7P1x`=hH6thD;s4lddakD`4!zE(7ioMm2&ATWaA1)bGH$JQ1F
zY?-Fx)jCU^U#rY%B2U2nE8Cw8KrqvGIKoNG-tiepZv3ncQKf6vnUAKlIq5q@>ItYh
zUtfPQD^M&uaPuFoYC7$u8?380WPkok;2$-skeel3mA=86)}b|pn?uQ8kNcHUIyeWw
zGBhXZOw>1=!$9Cw{BQ}xBXlblr3<SzJZDp7^`@{#%Oqsg<-ZRe$2>v4DYq1ls2)cI
zmmha!A*e?O-#!cckocg2^+N*dBx7$z{DTdQNX*OEKg6ucSD1QgczARWT14?oo`N&m
zk-Q7j-sCu?DgWGkYdRJ3=4}qV6%W|}vE-F`z1Xb>;i3CRdEzs%GwVv^;XUWbBeDR3
z5{`ZO&_U|4BzgqKC#vPvdu=|mWjnE&9JIz>dU>NCbo#9eAx$q_SN3LT*~YHedd(u;
zoGqGj1!Z8fzW54pZp}s+NApDQUTD(AQ}^a8$-wYkN`+jxND$H^WIGhnL*^6E1&oQ{
zRL!y-Z9NehnWn-w{1ZxBpS3#aK>jO1gI@P$rB2yR;@{Hwe|tfXX(&WYSnx^j{C@jm
zF<~;+wm+0M;i5?q6ydGW&F@b^P)7kH$g^>Us`=5`*9|$>>M{!zx^3}I_|f+I_}d`I
z*Ufg->oDwE=@}UQ+8xujUdd7%iFOk%H;DKYcU>@^q+9~=2TC%}?Qa}oWU>92LX-FT
z+pJyXJGO`E87oV*^JPG7`IruutM^-EflQvM|69ug#6vZbg@y<Q`wzzc0VMRa&HQVr
z`5#hxShg)U;%)cGEdBlFr^H@%K7df5N_Xi|E$WUpMgJdVUmX|K*0ybcfQXdRQW7dL
zgpvb@phyXV(hSld4FWTyG&q!WBPycOT|-LO(B0kL`K>v}bDr;ezxREg^Zes)WcJ>(
z*IM_w*In0jM{g&|5|<mTdEpP(#Am(EmlJ?J-nw>u2a>&>6tt`d`G!?%cUpj$8dW<7
zyv)cGzClpyBC8;hDVokvTte++c<_o#c6_eG$`w1-pL;2L_lGoph7_^A259^_awaI$
zo1A{zMXW~lr`$i#%Rq5|GR1u!I`mL0GW~Z@rr_-r5`&`Uo)JB2W6!om1+B5Q!g?j_
zH3~krB+Ucw6wBXkzB*9@jwZ|Tci`#5SUGB0(ryxZ)_6IpHH?kx-xj7Rf+wBU-_|Le
zB7G|vPUb(*wsKJ*Q^x*I8=*#3WPFgg$mwFP^dPi=3#uY&)4eSI%A`@P#W@;Td4o}I
z=Tw?voHu05RnW2iT$|%<nQO+yJIBpE{o3x?CGje+&5cTZ)mCk%J67@Vu{yF*^%)yp
z7qvs*g?bJJI#~7O=ZWmu7f1EmHU&Zl5LZ3hO^s%f8TBtBRbxh`j{Vsx*3?o-!do|;
z=6aMpbI3d_lDhiKVewJd7^)2rM_xrb4R;2O<%lXf&QvYpGcHDLdVl_LSUdW*$@Jt&
zBrl&7_g$}xp@BHM6^l3<G~sWg5uO*K8f8&loOX4eIth~m5kaFnPfCqgnoxswVx?FI
z8wt=hS5YU+kBS4^ohtuuWrVPpnlf%m%`yHqbu2z$qMgg{(sK=Q+cw8(CibVnF*jdM
zprYRG>KMe_lbY4a)K2is{HUvGC@cNIrPQ!Eju~Zl_t?vydxDy8Bq)Y!AhRlGbstuz
z7R~V4WniFKyS#q1f5pLC)^V4Uf!Z`VIF7U~Mbmy`QANE-4qGO|M^$FH-F9^)qgND{
zOZ{5~H{Vh`cGg9Xx~0d$Zuo}7P0v21qgZ;<E~aVejum8b$L5;pMv+#U1d(-=jON;m
z)HqN7*lBm~B=Ifur=Z;83jRJiC##>hN{xqeBjubuIXgWuLiaNNeLxV{*9EsRk{QXH
z>G0uC=kW1uyyv0nPh(nSfE=q6HGwLycA21Lp@~c<5O*obtdlj;wtqyJRCO`cy*>`C
z4Yr@P|K3>n!<wOz2Ik1KE3a&S2WU)?U@^>*#@ZHS9{uv41o3zn#ukpU$GD3_{;+|A
zN-f8(A$Te_bEVe<aaer~m#WH)#zIwBM3HY3|Iz4N%E2$3Ivl0H`|Bq^Vt(>tntUWU
zqP}}Qwj(uA>YIQ)8Wy>zqRd)=wU+m|mp-{u2)P*t47jlnx@Du2HE>)n6)lga2!sXy
z+ZgMg7rcrDQuVt2N89h2`D8%^;(ith#)V2)!z3Q__nORQPy1B<U7+eu(}Mu>$^^zQ
zEq?2CkEe2A9-rROst5l3LqU(bmXs^s&@V>St2AmXP{(2Nu%zq%yZZn8TN78zvt1Wn
zagh9Z5_qt%f|DWquFB>A(fa?x)A}#pas-0$a;$p)DEs|ICk;je(sXz(|96-Fm%IP<
z-_8WgZ3!K|%YW@p4sXnpXC;5c{p+fK@JJ-)g^)K2um3f!evB#HZ^zk3@{cC{uc=<f
zteX%`B=Rpsejl@4e)MEE{N67AAff_9;uXdjx=w%p!(USSm;qQm_=v^uzy9#gp7T8P
zhv?s<SF{4}(oY>r@(+db&&vvIF(cR}&6xik4SEbJQ0VjTe}ACxAI(e@MhK%^_Fp;v
zzU?pytlbfZhidMBv{LO+V5Qpkd%x@bzOB;*D4-!1bkJLtf98(<IU$>CU>G|iQ&~#C
zjmb|>F|qci$)c}e|Lkn|)8qPthY>+6#mLmZmfQg|Vf(xp`~M_-_V-%!MuTzfF@HP!
zdp2Hp%GqD}Pv-bC@jWK68yN^)e@ih?Ss1V5_G6`6|H*Sa_@08b;<GR7Q~Q0}_nScc
z(to`y{rh$Q$%g`3%uFQN{fPQ~bv5JN&S9+B4Un;91eD|d@EE{c_NkQQu!hjBQ!Bln
zahX}%2q_@{^Xu;ke+U6T!<W62GW<_o>i0E|A7PeF-~+fbI9cg;aOrV86XyLawwZo*
z{k;tT<il%bFz>Hz9`OF2FB58vo}^w-&-~l{`&)<pFCV@qfYpl3SCac{wLE;lb6%<b
zFSq<RUwJ$M^Fg-V$@=$Gu7k0vUuJsxxB33x-1V1b|MyoW%9t@Ir)dV={;li(t8)8C
z)BSjb0nE*cVD#I7-|NNB1Ky95r}x40|7f52VAPIJ!oAnZzi*2p1wt9$Go+~f9|#iY
z5Ovi9^v6lSlsj|lKO^qJfT``*M+HSh-}ZigCpNC`y4TkeGArSxewS`L{4b@ai8<#q
zH!i=e`cE|Q<EY2!py!gXQJk~s>S{sINoG&8y$<4tQGDL(u2Jb$KDjqM-BDxo>}~r^
zPPQf*0f#(i>$<jw+1jdWlSOKVrg%KcjKhB}n@KBXJz9-*EdHU>_UB4A-R=B|6^jlz
z9NxR5&ejB75>6azNY7GaYFa%z0$|5LDsiKOR5Hg#^T8iLA8&n^4u%`KtEG93n6?`-
zH$9{u{`2H2FvV=<rJn4De;A4VQ#xkBs)2xPf@O-t?~SC$k8$GXzbO7Cp8ucZ{Vjt3
z`ruI{_1IGmk7opyt&03pVN=NiCH3s?t84#cgZ_O@Cgz|A1Igpeod5F;*{@^7@p{Vx
ziT_9(nTdfo2I2F7O!Ks5)tLjp>mo}5pM9S_pc-V}n;=sk5VV^w5p_K-0r|L6z${n}
zlE!TSi)vwsVKo4NXh#enNK-F>S;JuDr}~nD=usUI#36eCbB-H&ko}BEk<J1Or4sYX
zvrPrA)W`H6P1rNc`^Dn&0C=tXK$ZK2Q(~Lg=@elQSvmlk+hLdk@aKZ*#KtoVx@Go$
zdNB@!T=Fcs<2af-sRhYz<FVYHZMN)@=ePGKa^H!cC;_?Oe#ndp831#gJ5Ih=JOn!2
zPSdi~5NSFEzy+k<g%hC6YYa5J>Cs!(&iaf`#%>bjx(f=utuZ_YfU7S51mF+UvM8@-
zGhz-CTxIqD=zJ`|EE6B8_&gx>U(2dGKX$VJiRt=_DaXlHjWajE<H?td+uy;wpCdp+
zct6<(#WM7R)VxN4E1=uJa^kx$L3|jrv3ifn*Vx(fcK(SHPVKT=eHawKBVbXuk)%ln
zpS*lfK5>?H?}Z)o{bK?KmM7h+Fho73EmM1L9Kp|?4E6jtLpm^c=Q|V3-tAX$ZoUJZ
zU2MIE(<JvWD&j2mzR!Q8AyzP<6<%V4JnubF5vbicat+`lp)9tW3t|_gW)qdJ;)eh!
zw7@svvg4`0cLpv79Y&yTVN8}tjv{Le!y-{P<M*Jo0M;aHAVFV+XG0}4D$=Szf4inG
z_i~4|<wY-bK-TcN98?q5hRxyf3cp(n4eDMM1ssecXNyu|*T)t9z_XkmE%28M@fAI3
z&kfnGcoK>LeS)z)b^sq7307{9MS6EMW`Kxi9~l0<oyGC78ij2)YD{`kO4uN>=IeGA
z91q=L<G1f9>5MQG%9xJYC@Ir)EVUS&XS*1+D5!mr<yy|HsmJ^JuY|k_$(77!p@O!v
z&j&8jrPnK@ca#*JGb+E1Shx3GkD4+v9T`tXTkCYF5l!2pi49)FaMid9=@p!8#0Z+g
zMluG+Eh>+%TLQGYOvt0X4uDHoy9wQ_R%`>D@?HX&!-g`U>K30<cO(S*v$V_U$;tuq
zoF`6Gcdn)tE={n=zS;q(WA0f4Y>lPBY#lrXTea_w!=UaI{}qKG4spq062XPO*a`Ex
z3OI`^z&nm%*igyk8-HTV+y_@*JN&J2{>KlUH*irR$Ks9)jqY|jXj<);7Ex<Cal-I$
zv(f(av!c(3ADDhmbY|k?bYg@3jR`T;90B)pmjet7gh&XeCAk2lB&DDMAyi&p7{d<;
zr2k+|Kimp1BHGp=3*KYnlX<)On5=@HGmZduzrn~+ReGzR3On|+Bj=UilQvLx)_-<{
zcDLj#8IcrOR8C8<{ZJ0DJ+>9-B0SuQCwG~fPRTx{KmYft$As|;snJcxVmJ8L6ZmO9
z!2{j!tnzXR{_?KOUem;Dsj7^>pJBp*r4dBG1KPJ*)46PlcOixVOnD5{nI+R^ONJhS
z8u3y9=zjnP#7=nbesSQwpW9qa09H6r=n;EtprS7`8uWN-r@uAgw30an_O8yW1zTDk
z9rrW)1F)yP-yslzl)McUfC3{$4kc!Z;Ylf9E3!+^EYf(X-s?AjDWZ*<O%k;G<_vVl
z7}&nk^KG%D-588OmTWZVQ&Tn(E`Z0(VLEK2b6>^uk)r>Ep$QlRKNwve$elnm=>}jB
z!OUsIeO<mvvNil)2{yg%e&!zbW1u}*QgEl*=Lh5))%aup31~Z3?&wHuo+FNnoOpf#
zlozJ<P^=dL>JRW}eyo5_bYq{yy_AZgf>Wy|08V!@Hhfz^O8o?&DI|^o;lhu{)(IAD
zE=g|3OVw||`#NG!%5i<O&EaDJOf%^V2oVm0ZO*H95;wf}8>Z($Epbnm)WueayFiq=
z6nneqv$4&XfH#q+<3NpAn=d3fIsmkeLTg?kVrSmR?Et`|1v~DZ`JSqgRcaPnl4ZV$
zH@sohL68mXBF?X47Jwk(L`M8sEa53^6`)T&#MX2GrmUL+VL{1b;6LN&yCXgEwPVDx
z+#-%;yg7Xb@Y~Q(Oo{WKXHkY@m<wzck5{rc7IoNDZ>rwVJxb56q}pHFIDIxd1X%K)
z=-f5;yW@cCd0?)+-QAV!FEz5L463%&4+(-}J5_aaz^)YPu<8$_Y}|5)T`L}{l!jJb
zO>i7;cJ#J2l$Qm2?b}@X=-=sp|IrY9^OE?m3CU$eVV$EB<zoKjgO*YAYpoED4eNL(
z(1r7e_)S*KQ7;g&zH-||+RoRXcHVIEDYz?b$VL9)=4r5DC?Q#45fO5+Jj`29e$-v~
zv$!Ev>n@1=qA$4RjoRZP;oK^4#FSR8+4^W{0QtpN$OZ#vZu9|GOdSNmWM;c_C1Lg$
zhgSZ4=-|h$z3PNiI3RfW{Am@Gq&-+Vs;xGtVihIKhCy!12#`^muEW1`WyjOHJWL6E
zYU(&<uR49A4YzsG5=(B%j5%=P8oKi^#dG06&wsy%1lzvK)aCezIfkX3YW`_vbAf5k
z^dzQTgY2(-LxhL9xRz)FfL1V6l6x@2B%?J40Nn<c_ibiQyGx?5*%(backz#-Kt!+w
z1Mdj)4S_mSyO|y`2ueN=y4cfy4RR`rqPSm7fZ^*Dr$)UgG!X112%aU-ZxNmHCcVDg
zf&<|su>T-9BDy9p6Uh5Sqa}C^(EkuN-e=7we3_*q3atb1F1Ik2_M$%IT?x889yCBK
z5=Fxs?>K5bx6<9}N80slklP4W*}zc>caAD*PV;(9EAkgStSgb@niiI@*&U$kL{482
z4+L%pZGmSe@2-vT^Pd5egA}e=W~;e<)~a((vMmI__sGwU7E{H(mA8vW_6Y?h-+$gv
zE9$_Mt;a<<U>bjzB6Qr245yzKo0iPAM)6Tfxvg-l0tBN%Por>zGoY#Qfk#MOAXmZ$
zqy!zU3sEy1XWjVoJ&dQed#2;C>NwisL?FmQ1nBd1B|`l}q|Rw=nD;S)+v15U1W*L;
zmN>)(zpt8-0X0W|MhX7ce>FHg&h=?!Z@QthZ98YO9zeE_C%nnY?i0=PR@i;QYL~2X
zJ0sbMxWA}LX389g&~1A?LX+hfs+>Ix1Cn8?v5kTAFGp71XZ)hD&8EgOZu3fDW1Lcb
z8vsMEjVWo-?zE17eBJr9zHvxOLR?KdTR@(MuKks3Tg&5c!-mm{JCNe11I(nCiA@B7
zYW9;ubyw{4G4WTqN?n}j=(Cloua}!;QlSclxTp8dU3^b$8$7MQpC}>A_4!t3RRFm)
za+*ahW>S<&v_aldHD1*Zkv|$`mZ3-lk?)ig-rEXA0HjVCfX52=)*&HdR_-U7#h{WB
zJH#ghy6wNC*FrRZaSuOAnRAYz2g%>VT&VtS48O_~N8Icu`K%zs37>8&Zvk7U<6_D?
zwWNZJou=_BW74hm?{s^0DC^!Sj}6e31E2QzI}YvDTwuX=Re+jr-KsGDi!^fRrDL%H
zqQv9L*H%8aRd8X-rWfFfsZADtz;8c{@K9^PB6Jl4p@k<DbJMZJUUUlZn8p_ug$@Pf
zVSE^fb%)NPj|-}LU~jSOS8m3m@yEIL1KI<bfc{CB&MH>yWC;DFTz9hGavhYy;_9NN
zV#DknYjZ&(owf`%OO~Gc)bzZ;-Lxve5BX@M0NwH)0UG|7GAA^*yVTAY|GMVzE<j;C
zV$YXPf|u4!7da89t^k&)O{k2BKoxs)`w>$T0y29)hVFdRZ_1_n1!SK9apzs9xQCbx
zA)v14WZfDzb?t^SIWcH&#+3qCuy?`ko!~Bo%>t8Wl{QtMvwJL251cN){Z41IWz^ce
zX%wL_;mHkSFvZb~3T{-M@gfwB$(x0a95i=F4~K1F_@tmpfU~FK54^c}Z%HNmz7O|8
zsB0x}!rf!sd2HVlf+%q<<Bq#)za~!s?nJPXe|83v<Rzt~f87qH@5KG(1nkl~-IJyL
zmHG*OBUV)+@ZGvri+#L%%h=R|&L4m5Txqe+3eqVGnT`#2QoCqqy$5@Al!efByq9dZ
z<kOjDHjrfr`ae$zS97~90IQ&i$d7+m4hE^%RT8*})^S4|zEHzjE&|5vHFU+S>+DA<
zjnHyH36e-2b`6~Yw~KtlaT(EMu2I>d{qOy`xVTHL5y@Rv`270g5kJX%(%SMJU3%=-
zdNY3>HN;M>eJnkJC-L9pAH%Zya7XB!zt`}rs9j5u6C<0n%JLMj0g`X*3_iXqlCE;T
z9bI)}r)lEab4boRz+#Tn2b5t$GftnLQiA?EotLa>60z+Y)Y`+{bQ_?1pd8bf&aQaz
zI;Iqnh^!I)*2<O?0&N=Qce)XXxBxg?_SNjXmIt~oL|wj560G44UyH@{e~eH6exRU#
zl7STaLe}dUE1DoVp%U!6pG|D^KQDj{^s<nULg+!eA5`ZKROrWs@)ej`?>$h}z(U*N
zqKXfJ)=iyp^Hn{xp02lLpizjOzaJuipyff>R&W1`PbL4}FoYdqLbmRsgRKzN8Qo^b
zpqV7Y#k&#qwLY8`#?!u8blfO*&doud9TrKUz?%SY^bCpQj@W2_SkCLv2wOPMmAj($
z-)`0&Tq*M`@pk4m&>)1g$^ODaj!a(A;1548?Z39&QFNJ1#j@Y)9wPprA>*J1_{U$D
zHcu&d=avEndsvfj_0xU*<d#>XV*#<^0E5}`heoYH*Q!~EZP3@p7rp=Njy~B|57pN#
z&yG%(D#=pj`-2TI=9%*r#~!4*ga#x=9<bHxgx-W?HF(((Ifn*P_OL*fZzOqeTul;4
zsTvW?<I{lu;F#c-{k0+6pTR-ah`fgENI|%K?SS>h7=6s-O;XRi0lobzR=_5Czttyg
zX=tmqwZQGXmeaceh}jZ1M2*uQjdP;ye`2E*ZBDmGjxu!vUFzE*+O)MM7t*YWw>+C#
z-NF}Hb8RXE%pe`g=JPgDWk-fBGoR`pBFX)CPlOeTUef)1^8SJr#)C16O|r1Qp*2EX
zMD*QwviEHZN>yI(VIsI5WKwT7Cu^o)3C;#8Y9ISTsykC8l-))bikN>%;H_EVHI!}<
z@{wg$cabc^GKE0Fd1gws=w7dKUrV0){4W8#8RP)W*&;t9`N8YBOEb0^+qE$z?w5oB
zy@1)1S)~b`hU<a@LtE+H%=aY!wO2IwJrMZwOvaU`UO(aWZ97?r{#H%ah^|`=XL0S+
zBPhn5knt_q>8D;xT6cBfX!GEP(_H|^iG>>rA-_7o)M9J{7B*UMckJ=eRDAi86J}X@
zD1V1Gdotj>Uike3p^YLQR(oCc+GE`GYmNJW*_(kNUtq`rHLXvReD2qgO0vV)RzS1g
zp64o{>9EgB<?*fP=@=xwOr%8ztCHi&3(vM`=2praQ)y4R^TSoYLFa<jHCYxtM%b$8
zu(v8r8YJgo;avT8_qa3crJD`nyxH@!^#&zx`&}~a2E7K<Tn`QbRm8VePHxz%rrN7F
zrZrswOm<SKt9yps-F)kZLJ|Yn2=I!YKqYnfO6zRQt~Txrzuyc$#X}dRFo54ww4ij_
zu;<M#1KDz$xF?~~nx{R?rG|DyoQQc5fp6@91AdG8L6gCo(Zg=Xof|J%$YFIz?Bocu
z&#J=_w|73Ovcn{sv;x$V8PQNAcI+0(h>ccdaX+MDVDRBRP2(7&_7+wV*)-!IC`Bj>
z%@j+6Ps*4-JR}KQ+TTiV7&tgk0^|w_KF`vZhWK-Gd|zp~GFXL^&o=RX9D~ER7c|Ho
zcu4FNoIN;btmv)@v$ht0YfoK50#d2UhfH;(0h8m{x)CX{!Z_)^9tP@j2(oQC;)U$o
z{QcB&1T{xl%&0ZJgE?x1&Q0Is4SMJ>UAS1v$bQdSzK8Ke_gJd0`jTtEds%~AnF9?Z
zSjUy!YU!Po)g9PVezcfo9t}&_j*iR*l^1+<2%+F+OqsBuTT*?E8%`fcjp35Qn~})v
zf|&AV!xQL(d$jgTqYF>EbuNwv+EX=<DB1+&j%Xci!;jGw_wZ*gn+!Lreb1O9dZSg_
z@O8D=2d8l5_<VSfbHWPf!oTxhkHb(~eHE{X^~d+NY?_zOikjMyJU=aRX+03O3AgI6
zKwI?Pw!Xz%UVot%BW4*quc~z8fYE=O%;yp4s-@wbajyHaS5Wg>Yxv0C1qQP|`-!09
z83>Kwdw&7`HKH?}1gui8SEXu4iDRx%eh_x-PyxHHrOnw}pP|X8+lZG3txvn}-DbQp
zaRr36bj*)D<xZ~d%IXXZ`JD1JPBq4R+|P%TV5435{Ogn5el%0F5oWvjtL8(l&8#Uf
z(z+C1hSbX3Kgc{)d-&GAedL(=hlF}6mc!6PFe_EvhxQ_Sx{N~Gg<?Y2b}|TP&}LU{
zOs-B1@ja9bHD!Fg&9-O!B9`To*#mK-e%ZHC>8|quVL+bgYgY8yS|D^5FKa)UNMOYl
zgr|8ein#?GJ*-;2xz%R&mi^Lf2?&_M$T<j?Uz~3Si@er=kN2~5Z{CVCw$b?@SZDJi
z9<jeG>zXERlemNBFIlJQ(-(VeTop2EP6PPd7&`by%){qhfm4~fRFcCx<6E~~KIKcj
zYAs;Z03kDQ;@>oNLE#&;F6@ACV|YU@brQ6Ob8XHM`}`{~%w13JFeIc6f7e;9=zkEP
zDwpoeey!NrA|2z<EpNZF<Vdc5ubc0ANO*a&)5d4KEI)H(3H6a--C-fH>Dr@obhZoM
zT?^8+4?426+fVbpST(Zh^ugOLRc`C3QIZ+}j)dWh(s?z7K52|vqmrr43M#$Exi=jb
z=U4eGgm$b`&$g#t9}h~=7Z&8lMPBIVS{^csDtsl*(iSYV{5{MSeQYqw4<GCaKAD@H
z{$x}vX4aokkY%C%l~vp*e<kjxqGa_kt9~xvC9|cFoxXfrR$0XdyDx5prBwcRxW^)@
z+S5SXwi};%_QSm$ly;QRep~3c$JDN1csMoAY3{wMB#8N<?9XwD^ERpY8Onxdz>u%|
zOjd~z%!BQrNUEwJ2pYKOch(11?BpjRJmpY!QTeNf0igSW|9vei4IChFnkDq4xshj=
zF?6Z+`!X!L{;f*WMq5lD=6-p%gX4ljriRRMoGd$R4balYd@H`3U6!=@CN$oKxc9Xl
zAd0i}r^DZnNtI};S0<T7+s@ciwq_F(a#N5$p;*c!NUd|M%jF~DFY?9ZQGeFBtlOH^
zh#0O!P@7*DHxev@TD${6!!+{BUVgV4F4*w(X9Twm;=T*)Gn(F*=9s{q0r2QqBFR#g
zd(in9{prOe(eQ|<;EiX@4UZwFz%?x&UCgD=?-dL@QE3y-vg;3L_94b#sK_>h0i)au
zYU|Qli=bqq5B1@>io98}>`fR7TsF?+%J=?+zhu+!INPtXk*27yYNd?S-}hRk;8!C{
zTHuHfilaXUqs2Ad?SF^KnFtlNlp2zln0dCTB^-5xs<&@{l@1+ZS3o{szQU;Z^a@MU
zY+0O#7K|oeI^fXl{mLu`+4(lLQ6G=Pe%k8<-<d0`8)y3`c1|ij59P!g>}xCfyEUW=
zP;R)fp`JI_G0jx2O|oAj9xah1SKnw5j(#b`qV*t}1s?9#Hb1U80y~3uj=Onr0unC9
zOQ}FqiZqj(M?SaN|6g9A2A+pU`1m~%g(wmrDQ<JZRS!OKyEWvDLj7DtKGDPUMXlZS
z20Rhzh^SU-W1i9I1JLh9G7*4<tOI+~6q09wKPnS$H}Rn-2GDefPQjur#!s2>h)zGU
z2B&isWte;NyA^?^IRuSsLFhVu9HCLwo!9};3D>l%n`39JcMgzANCViZJ5yk5XRuO(
zt1z4LD9BadIeoxbqrEAWo^li~S!aUmXhrQ35JQ6{3+}+HBT+$pm1{^bhY18Xx}`4A
z#|NYRXl$Q<C)9rvsR1gbXKaX73fK*y{${6b%_@M4baw)nBplX_x)j0r%T9;Ul>wx@
z$1DpUxVd|jdy93V-sWSViM@a1`tW%y0?gg&^t&`+I8wcmP!{91Y3W-hcOUPnEE7UG
z(bEHka|%NlVVAQ(W`(^smqeV!eS1Icw)1)ZcAn<+2;IBVLoKdOPAmf!mAe&%Q_d47
zFus$`Sb=`ux41m|8-DZZT$<Ke+24o^qTaIYO@1czuo%Tz6tgZmSCJQIA^#Hby2DVw
zE6d^Bm-80+uV$>++)rHd0j!F$sz2z%kyPCg+ryOjJhJkyl!~Fb)>_6<&aG5a{b@fW
zN>$mLnASkpk*s?abUI`(3qAv>3c|)<=ysFm^mJL>X+}sCTfFsgE#O;=i8Az*-BCMk
z<3)St9RMC1qQ<EFd^d}!f~(@j{olXf@yL!58TKsN{lXMFSUboJ3E>quh|hbQ?)(af
z=XMsiT}W3B7vVhP*^3zhXg?s{GXJl58(b1Fg9;n~hQzM}2M!e-SJnD*;Or^At}h<7
zn6^M;47fQ#Wk|@w1N(-XFU`iUGeSGfX72B`YUjrPonzIza@shwq39~v!&k&6ZX~CC
z@-Iyn`FH|-cGW(l{92XTXPWGoT<y){j?yC$zRk}98eRvb7X>Si?GBYD+Aze34+&LT
z3UIDBM<aCFRJQZ;raA2LhY&I<mzX+0cd1)-@is2|_h$gJfPDJfo3?pdhixu!b6oBj
zAq}bo$y_JBemESjCb=G2Y*T8V$s&_f#G{)aI$n&!5u0pidMLm?-q=N=kCpq{_U82A
z);XYn{1~+dqQs5j%m?uxsWD_2ojPNgv8~=hBw9OzA(&pITUC_}4RF9QHs`k5UxElk
zehAvB`&BSh;=*TRHY%34m3PL|p?Ttim2`&YZI))Gi9S90em6YbSw~&T+3-iF(U{#p
zA_KwFAS87l@8L{i2tGpjn&~~|{!`onL2(wZM+cRMMz$;NW-vgR99;iwftKsttL@Rv
z=B1UsnlH+RaGK)#2OEHRX%{EAmz;Ayw3$v@+bD_dFqa?6`chB9**`C)x>-YO99Vxe
z=l(~$;3)GO19A@`<y8TuW~{^c4ZW1u$mlVpXjE!O{??(ndkbz8{PQIs^(hh0KmIB3
zC;MyE!%`w3VobLD(e;a5ot-t;R9rpxhR;{Drb9vj%i;-$(CIZluw22g8ApgI91Ql5
z8W<=zD>|@~eQRrQYJyI_zuH|kzn0U>2fY_x8Sv5)?D5!=FBwWORef<5g*$VU_W5Zh
z7^3HgGNnSKwD^Luu7oo)rt@x%oIfY)NFn>LZYAd{=tTZR1~5tgl9$y|8F$liV^63T
zCXh`J58;S>;hwi6;BvV6YBv5hQX{E|={6!_``KHYLJKH3?x@j<f(4vcES`o^CKukd
zqz(VTlO~r<Y~C<6v0sT5JF!oxcm(89Uj7rOxRF+owxgXz`{ezDy`VxkySQiDaZg}{
zZ0}s*r*lC_+%3=$OuIz&i^8Ki>gLZsQe}Qz1HX_i{u1#J`*MTX5yA9rXYL28Q9)}U
zR}>sk`*)Oi_=*Q|V(^hFR6XE%eq&E7vwC*4qpOQn^C>67?%*fAp=C?fRp4gyeuC<A
z(;q<n2RdJJg#;cF=O5WUB!%bJu`v&XsyH~zDUlk)S#J}%A4(A2AAS)1^;a{oT^dEO
zVX(loKfQN8^r#L0%xmaNh-h3?vj7nc`U5E_*Al!l$<d{<!=!@>7zas-8tTt|?Jc12
zxvrJPF0Z$_o1STww=t9B+W`H|j`!c`lE{M?8g*N>^3|Cas;7;LwJsVhN&y+Yojr$*
zP>-7;`TSS?87&)Bg2X*p{VigHY2t_ilv)6<nTbnA)-DI?gtVB-Qx2-FF}{oA{S$6e
zxb>tZAUdXMyM?W%jIm7;Sy%c**ub+*=ESfl@mNcCQVb1EJl&eSiVrhR>`Lc*(n0&V
z-JB}8&u}(YUScS3{^=X;YaM`J&t?E5-gf8e*@MZAPPP^f;r<0&u<^?J!kllz$Eo&X
zIHbm<2-$aXNVWR*cPm*187rfuc1~^O&t4qN+__+lb=z&7FM~9=uCWxYM9{7XSVf(T
zU%!LN(?rvnEhhp3hLJmfH8X|cLSMTxxMUUZR<|M;B6r;1u7j{rh*!7kh2PR?a`sN^
zE#VDQ^by?v2tzU@T<G68se}kzNUWaHi65@kJFM5>(7lso&y|cL6o$d)8-l18Kvuhi
zsER%(m=MEdyR-fyu}aP6TmiyA4`Au*s5I;apKu0C%dd-{9Me`&(QTayRfp5~#UPO+
zl~P}R9#W5((i}RpfkIx{X_q?~CUPu5;+|BX=zClNx$aYJB4d!+#kJVH>e3;$722>x
zP8qyGHIa&GzP$#9WlFJhik-aU70}^K_wJmK*Bf!rZwXrG-7r1Hj^1(aFr^w{SObhq
zbEpv;K*_rf0<Zb>3l|R)57a2TPgo5`fj1QAn@gIu=P7pp@VwsE!O>>v$#r(;3Ziwa
zoD2MX!+F1M3VY{OaP=PH_dm3PpzOw-e~uVNYty)LnYr1b5!nF@9Ih6rkt)~i*FZ19
zomzdV<b&20@;&+Olyx$Qr~(aIpC)=u<cn{ffE4WclEaw&fPjEwawV#nCEmMiTO@x%
z21!%wQ*?|^g)dWlK0Szus7^WCgVx-Bd?aepi52OHh2%24x#Ixn0tD6L(z>=;-kmBN
z9onx`Eexr>Sw-kVxa6D*^a#1A?*!TK8g|_}2&LL5WOSUBxNJO_IAZ+@e_nlr|9nB@
z$amlF=BYvIm&9|=VMJHjjzU@~$l0dd+W>UurH}g6?iTpjm4cu#d3~41GV!F=n~9?i
z$Dh$ZY)L%G<R;Ii^2ZL)6vP@_vvgzH#aU~zMe~gd?n|&Emv1Li$9Kk7jI&=8S&h3a
zth-qJ+-ZGZ9x&17h^gOp7%mAv5ibtTI-ACR`O7a_G;s-bXyAL|vP)CE6nAGdEB@Wh
zBO`s$(++;i`O&(y+#w~)dd{^`{j;=k43f$%cTUOD>Y^oI)%A|!wtaoWfjZ<Xa;9Rl
zS+02H>7yw~QsuXk+-&3i1~-uj5$-omCL3Y2%^`e?vu+iy$&1Yw9EQG6?UYLxmm7=4
zt&37WYP=v6C>|QVGYY67W>hpe)3)&KD7XORZ=;cS)cKcD=|)yp4F+nEq=_@I)G2OR
zWVKW1m$7<|TFEP&Tl$3Yy9*4ij4Id=Hi~2=<9^S-KdPUMp&|@Uer|nUllA#<yj-Fr
zn}+Mn`x&9+6SH*&_uVgax5pL?8c9lwTQyv_kv+$LxuYP&OujBnfu2h0&$gXHk>B`(
z2{1Puv_=>zwA#2(W4wC`$l<TsFC^)K_KMdJ9*iP6%gxs=E*;Pmd~}u{)OBmlwuYcZ
z*Y>Xtt$u4bgBaRPtkF5V8#S|~gRN`CI33n(bVh-MUaG|w;Wgp)8t(NO3S(301~|?c
z?##Fu$Oe4>ete!HEHy&u)h6s`FwN?Hg|~xvRPbQ;^6?<(-LOHSshi+!L&e*G13&V!
zm(W_bm|Ca%bmPp|*`bO=qU56RVWfGp*YUfJ@iB{>nro(E-yWc^zhU>wy>{^?YsOh}
z2t(t7JZ9cXe@WiJv??qWdoDgx{c*$7-Q=P5Za91$&|Bv{=r3(gGH$3v;r!Y>n-vbf
z!#^qfW&(12ZNcoXq;<3H@~?Xx-rQ0R!jt74LMtU8C)>|`tyb;cj7DIh8}Ptv!op5=
zT}xgXH#iL%1)&b*zg#$FGY`F4U?oXRj=*1tdpxL2=jJsTRd}4!vafTz4U)900%C#u
z1NG6i`L4*yMOOJ=gUmCXr()F*EB2yF*J=fS-wD+Q%6rk=3=JU|hV;+5cidDdPYe=z
zvO7qL5LT!qIE5?5qnP5S-#F21K78jYV2u7K`mgG+$Fhvp+eqqi?jFEH6*4&OP`vd)
z%)xknq`N(aKlQu1_eRM)!_pQ=ec4w`oV`94EYDw7qArznR}%J1B*@<7wfk6gGPd#L
z9R!!1ih8mva?2ybezB9GqQNM50%Yu0=0zg~_XnL0*6(DsuZ<_>z_Z?gz8tn7&mtK&
z3(^o3ymwlF9l3^y&41P1qPV`(uyx97w^(&p52+QoG*FwHqMicNa>pdg-?{bGzH_-|
z5!mj<^G$c4q3yt_@i_zadVEP5pFVBmiD`obS5`C!AyWCR+0Ml1)%pXzQGFXiFKw5t
z`V?BSXnigoS1-r)Syar&U*g6u*J-@{na4XBxW;ExDG0b@=nlrE$G}0N)ywKX>4VZ`
z_j6qrlbfkt_@hw=pgx=u^>z-;K-B1U(hk}nK?}|feCl5!>_=blbx}-w?+9Qhs`W>u
z6H{7y%YAHIx|UEhiofesxMUn~bOj)B`J#=k>@%+ey>u6EFX{(=eCfEMb)QD6_%i>l
zP#|f;Gadg%hvnsH8=*CF(nZAdmhLJSwQb9fiqQr^yJZ)2h+vr%pVOg>b~3f?BfaFV
zXwIyzclCIb&LyiK*k&Y#FN#2?q+Okyx(gGWM*>MCif>Oy>0of_x)qAIPOuV>d7tUA
zi<DHzt?m6MW3*ML$;#pJbc@n3s)s^*CIODEA-*9GZ0A0-oSe2gvyyAs^wp|vd^!zg
zdw!z%0Yv-nh(%7~+@ARcDn}r@t{kW&w=xyV#J#sQh<rou0CW${{yQ(jc^_|6nA@lR
zo8%Tt%DJz%vGNenb>W80^B3OTWrxV@Jn79iV;U39q^_#9=8tewyFoQ-vPeI<q|TgU
zCGzFa!o%j648OL)nUpHr78ZFJ=<x|+Y)(zP<TebMRo|~GDAvU)E9@LThxbdcD9m(n
zLgVKP@9#fowu+!^P5c-P-D>)1411SQ)U4C__2s>^`%r^vy|LvwWp(xZBH*%JLpS6a
zR+*A7^kjqy?If~V!K^t9hc@nRHC=$z#Z6PhF}7&0M_PKG%1_QyvB4hxbI<a{gW7Ed
zSpNzqA};#%P8qTL!gDjrg);-~mLVN2%_3~gV@evCy>!o}<4%(+y9X%IiN(N358ML9
zD}9@xN2eD?O!Iv<fK2Oog+ks%b-YiND?3Bw)9fj18}@c9rw|z<GzZGa#8FY+t$6Q5
zNd3G?+*Anion87g5^eN#%e;A8V7ndSmgpN22Zh|ce&VfJs={BCNO&ivvw!e;)%uo1
z&*}8x8X>2pnCZeHqp2Cqz`pY+51%1o%pE^ldd9X8f{6-q#J(5V>Zni^)K9pYji&{%
zTT6U|!dG*1aM#sL8V=cLeI9>D*2LWHtFc@&p`4$P#!yi`z7OJXA%?v5)~zMFNtqF2
zQ*+t!8RljS=Ii)q%d@L~*ob_m_vAQp{m9$+dHO6&^Dw`yH1ly6BNPLSn0X}1vo?MS
zN31!bh+}{BWmehTvHTCi!O3~LUfI@Jng%2NN4unu-j+3dYt{@=BYoWSnt4wH`Pa0q
zoC_R}jLw?G1~n83MIRP%2Bt(j=uu$woxpF&HbXIJ{y2or<ofRDS-dwjcX8xkALr?K
zEY_+aLGcl1W{mH}?dV^kGhRi<xMyFLc1V$?V@E;lyed~xZZtg9n>pwZ3r+ln?!Rw^
zw|<=W;ba5sO*O?Ra{k7?=CP0yvLu*!#zRe2RPAOwxu)y!d-8yJH{<($ZlT&n*}Ycj
zeXS~T0V8w+9G0psqx&nZL*1rq|EjbD6?GpKAn_|*+jAd_)7oqBS;o2avt!}4ffk1Y
z8|3u?Gx-YYeOx<S{!-P@9l|eUS|`KydaGSL`yEYthOTYf=qR)+wxP|%uRXW^Ri|MU
zyaMa;?524s0sErk5&NuEeX}I0*qKN9TS%pG+L;yYhfgBo`hMZ_;D_bV2m(Twm=Q}x
zYU+l>HY&TD?1T_5d6eQKLrIazRl39cdrSRd5z!57Ab~#|Gxj+#puNNn;yr|zKF1D<
zq||uO!FDv2dMp2YM2#>OhKet06z0lj?8yY~`w*X{;lcbUGAh69*s!#~LgaLjR_Yca
zt1f)bd80BOX@t^og03uei;_ke&l=iHa~QV9k$dnJ8wg%~F(7s(W80da?K2>cM#UN6
zq-ey^hl^2@O6ER|Fu1CFIu-99M5k4!kXwJ%fUl-D#Fo8mH;LbCv%mW&?O8V+{JeKM
zHRyhbnBX-keQp}lRsuM28VGX@Qxd+(izqDgIz8=KuE{JeC1({Sr{9-aP7cHM1bZHr
zqSS<eMppxsAYz(HfRqW9PK>#ccYMsssl-3r>nDvXd{EbXo#*IFF+NoCEg+ZUQNK3h
z+05DU9D~G7$b|VX$|WE_J<8&x0Y0<Oj8H;>cNb1BoTNoE(7SOVd>@XcFxB9EcMpBz
z<9F@B9B;UbI5vbjki$NuCU1SnNqs!EXjV4yJDX*7zL5pD3j2WN)xCm7&Td@v2TQge
zyf)Tftd4rBINX;#-`pDSg(x&pAZ;_(5ag5geaw~Lcaqrfqdq)oLQfuH>e<SULMUx6
zzqL;bR-ejo&wD_?n&d9S{vv5zS<EhABN<mF#4K$IgOzw^9%<Lg)Tt&uZ%_sJxyYkM
z^b~Dt$7aHM*6ET@PrD(%wg6E8(MJIm(bK)iFHc4-I;cL<3U}j^=;x!#X+;F;#7_s;
zN*J0iw0R!{tK{fJ(}xRXoG!$nh~P$RKaE+^?A6Z(Ynp8wgJspGN3qiU*-i6f4{)ib
z?Of7!p7|cyI6vptcbJmgC^8->a-2z$2(LQgxp`ptPSE^~245gk)58`_t$G396_!sK
zlA+Qg7S%D%O@n!|A|I38e~N9vR=dq?))6K1e63iGj}U)x0Z_~4<oM1?X*jC|uDGqg
zK57#w5kVOq5SY)LNOk9V$E41jH-Vxzu6qh@`|l~H<r>&y*mIzi5%Uz;BdEu1fw@@7
ztNa^NjJ@|?AVb;A_K80C1)NmNjD)qP3%bpxEW)84HeU|MD_$k8Ec0)9)#dEdo<0#P
z2%r`wG?&HW!Q-9c4u3LE3KP2dSS^X7^p&=tr9Liz9rtmDaNpeidM4M=S?sjGs?N3k
zi%H3x??qo|8CQyw`q#Oqv0VCj_eEc*NnnEr5Jmcw^EGAOmb^SXVUPkQjgm*6L<KFV
z$N6&Ujou?m+&(iry;Q{KYq0m`My66e-h=Lj87`Y+B~Ljw{Y*KxRtP8};)0p#hpCGj
zNvNq`%%L>Y`MyQn!4Fw6Kj|-C#OJe-f(0JsLUl)_I00dzELqW(V?~xIksZAli!$PQ
z@<ock#bJthRh;r+W|2@AU&oI#-yJ${^%GfFcj@FpU+a$f6!hOQL&nZ9+z1i_H=(Ii
zPouieZ9OLzFNyeE*CV|3)h`?E+ZBS|Ycp@0T&Y8p)ly4}idH7z)X084?oT=%Jz-=P
zT_W%hPdq{a8^RiafH6DU3aWVR10KszV+ZXdSKQupwi5nks)OeR9z3Rw`-U@oqY}Dp
zS2g2fb=rC7_t{^JyI8}hg4N?P=zAKZwrS}LP$j;_4uiQeXpj1AGvp5AjM?5UEd)R8
z6=Rd6)J%m6Sp~}R+!JN)(vB4y$gf`I-x$$^JnmFoP0H2ql(SQkJZC3NUZY-o7wDr?
z$k3a7Vj<iRBkkbAU}>Oz#uJ=&rgueE`zVAlm+48f(zJ}Nz}8{a?bIo?`**XUQ>=gL
zG}a~q#rYpKq)G~L=$o->^t98vn_h!qPy?lfL1B-xoJOx88vRerZr0LXK%s3-3cAzq
zl}cz_)1OHb)T_BOb=qvus(B0OulEaL)QVp@Q6(na42+D~hd-P+pXHGX)dk_`O6$9S
zj_|N~Y3%h8sT3-GlEKk0+L1~iXZx{U5?fbYoMmsn^-G$2Rzt(E3~fUe(1!5A`qVzQ
ztTgSzY96+xS-tk|oK)Jnd^{dfZd>;C=mJ0d0=RY3E-oSnCz&|e>0m=rA?SGcjd>w<
z><u#Ibt|`>_yXuiZV?f!yHuY2v&YM00h)O^nO{33>%KgV!gFO3z19ktY9>|=QAf-@
z_{(qTmVe@hQ*UixTcn1(#Mwu@baP<zLA4{(>%}+kQ19g<)wY{RD@c-$YYMUiY$}JX
z{;#-T&~1b9bKA_~<_!Lp`>+xLSCvfM`NQ&tRL@`h*E-lQ1yqv|GhS&Epd&RP=^sHd
zv*iMnMZa4`C$Er1u_<pmUd2j=`-E=gLSEcK2OX0P7`%d{I_MI(M=zcYTnmZifn=UA
z3=BB&pXlu-(2L$V*+UICxoxOyboF?rMOgUy$qNS)@fMl#k~6KGT0Ex$K}b0%OrSh7
z;Jvn&>Vu|09|*L>@R?J&<$>(z@KlarZEY>Zb3V35QIFvg+en=0(&)gI#=>(<K}EmU
zu>p4MXgnkCv`5Y$1#a;%Zww9fj072(b7z6TX!39c?*X4pEVPL#TSe~*eRl(4E>8@d
z*uCchSLakLVVeFuBsXf*T<BhCF6txFdDWa{_Tu5&SLW3fq7ss0)CI+j5|VHj^g}42
zl3G88D4yIGC%2z=E7X|lLKBxA&COi@Ns)bXCOU-;H{a%`Z*M)zM_|VlPr=4$<5*BB
zo^stV!0c|Cs4j99$$I&y-M^|_?)vZ{-Uu9;#}GK}_Z$sCA6#y4Zr3_XpT^f8K2J3w
zeO1uKGLUBq)Sd<E8n<14%q@vs^L|B@e)k`ARl57a^%O7KdRv+;XDXl44sqXUh_QeM
zOn8=b08JAnngbGs%=(RFqKXY_(R<?C=wLz~?ib^z3=13Tj5Cl|;|j=3NdRn4e;B2I
zY8sB9$7piCmfK3x#H88LxeP5(K)KYsD_A)2(_81LBinWd0M_rPQ~B;Nl;5l~ecewX
zF_|<5<5N|a2@T*sgX(wm&v#~`;H{6|n)4Y4PjaGHD<f7`2UjaSou@K}9(dW5rtV8q
zhh#>S@rNuJrZY4Z92;!hpDCIgZJi#fP}UkyTA=Uv66U(DZvG;6d)j$V1}iod^}(pM
z$azUkb~;*?(Bf-V7Y=vN7cLb&6%KJ0HVuj%TTQ#i4Tlj+{Okk=dbtvibYtza?rD>F
zh4-Rv^Gg*<9?Z4Ps<8EFI>c1hl-uiRwKvV8jmtdSfjx@fT&tF4(sG_+GU-O_O@S3x
z>(+y0?TM2nbMPonhz(n@FT2yTI3RnfHf!;hLhSbyqVb5RFEP_4kpu_P=}|upY}KdZ
zW@#O&GYS{G@hy^v4RZ4C`Hw?~1muGxcuM9_89)bc;&~0^a?_)gnh;xCN@{Q4k9&V-
zZ%;5jt%-Vj)hn@=phnGM`~AE9w1hiaX*B2bYfm^VCjk0@whj)p__c*0-^|vi!PhU!
zEbtI}vok6V%Z)T+v)Ot~MX04Yws|fdQ^+rDBCDbKVYs`x{@Of3X`<WcgxQpG)-bHL
zyFoK53u1p6My|gdw4xPIe5v~l3s)+EdKXYic+}i_lAMqz9yB$Sa{%&ICL7^Ldi97K
zf5ez5ZX;d$Qp3_9KOt!^_li%=bW}S2#C?>e(Fvvfq~jF^!|@G@qv0N9cvl<M6rYFq
zSsSSt-#Eyt#_h*KqlONTN8uO<Qc{Yoi8dA$TazS{>6KsN`t!YbIFPWqr>ilAYLY_-
zYr}>e@}U97Z897kt;=LqTcJnEgve-P=t>Hnsph6jY~e;C54(5v-T=eUr_X4A;mkH9
zUAFd<dX(`zVu6Wtr$kx<j|Z8v3@Th6voX9mxEKw8tp_47W=>Ua4w|5IRtE%HjtjBc
z**o-~)Y*#yp7Id1qp#(cCO4Jid>w^%3Xn;Ws4T<$a<7=_uwTDRa6mv71+oKo<9%k@
z8O$6mo+p5;uOLB@G{rCpendB}8*9?5<|5|cfl-jCGu#{($W0w{J>G4;?Gm}npZjJV
zpi9~;98hvL4sy(7!G_WNEWA<eMM8NW<Wf~$bUsb$W6ypi_N@}|tg4z^rB&23GZ~p_
zhDd%uG+=$TG5by*?zEte;z2ikyo>zI6>MPG7;ds>SZDQKzG+IF8%<%CFMxa!+B_It
z7?j&)`-d*LkGyTTY-Tgj;#6ILn%;Pa!ZL6{g^7mVX3#tjL`Uhpwg4uIpr&@=Z(u5>
zR4(fIr00Mm=lySOq=rT#hoI7exyKkgHX5ZaK$zH`-i=-)T%{uBcq#}oC2i%6{;C@@
zw3mZ^fo8(D=I^a(L_1FmnzLWhg(VF^-CeO_9fDd)ZXDF5!k~u%+#6Qrd4zr%i6vEe
z0;vr;?3Sp)hw6l}*7WRd{`@Z*-Pk`Hic%ssq<1>R{d?c@t9a&=H9TqhMrOdnXEgVj
z+keAQuU!rpG<-(b7fNTf!HtAfHE|~vnu#^bftGjq@Obp82u3b?oxd2GZf%Xn8#4RG
zggrz(xUCZQn?n&;-+|b%1ZzCd*B!|eSCx@ZV(OT%3>jvpe_X#NTqXbI=8egjp)bAf
zVOnA=V&8>Hr4XLE0_(*U=uaG1r*C|XgMSozp_!B!;V7}(ju0=vr;eJ>`c^~ftL5Fd
zaJuvE=30%{bJuS5G2+tgI;b9$Glwe7Z>}$fW1*T;>xIzLSI-PR@o)04Y}W<+3dTD0
z#XmoDd4CzSNm#Y9p>&Qil`Oi=>VsXYTsK}2QdyJx?cp|m@u>*t`P=e2!ch`vB3xgG
zr`4n;8T6!tA6cMv<+Fl>3Uc2%5_Iaw2*b#%q^b%W(asIz73?$$QGl?;fO1!cgUrA|
z^xd1X(ULixmY#VC=f#6w;wcl@8J~cS32s`VI<=^-Wv%T3j*gg+_&d|q&&u=n5BmCD
z>%Y8>GDkZ#2JYnZ$%axYcU6LYWX7lnT(8e;)Fy?_wIhs#VWXtHlhLk2SC!;0#SCF#
z9SynO)CJq9PLZ8Kt7RIsLc(nuQeOeN+QuGh7=Be<0cQ>@pZb%rlI#}SseFVVQWZD1
zC?`SvetH2%YBzuJOb(xdLw_StrxB|oIA$dXMIP?9m(flJvA$j=F_=Dspfl)RF}}~=
zWier!(+w$7$%nE<bA-Pd)x^|sq*M+5s@ggTh3A@NiP{HLOc<d_kK)wbEx*(60K`yX
z#`U5oNO%-tf@9dyHQ+qbIFjo_eTm$?NFI=?x-QOQpEGfD_z>V11_Uj;F{kOuF)VVr
zW~;=i?@^J#L}vaMoTHfyr&3YH0W0P`u53w=N)n?}PA{U*Pf6&xZYl);_Cq9(v1)!j
zLS&br5RXQ#{m{c4prAO$RZOh>g*fwPxhN(yZ`3372hNq_)4^(&6g}AZT=38t@qqQH
zLa!kJXbtBrz%$#NqN_kzQEkQbftuV$KJ-0N><cL!GB>6Y$E3I$!i_OVL#nha=Nfa3
zR({YrWo1v6vy>^G>C9Z8eyc)S8IR|FFRf<~or(EdahAE^L&^ird9@FHul3TS=)=t@
zgjt6~siIW}L<!AyCO^-S3Zug4^Eqv=lX|pZiX*OL$3`Z*)teJw5!Kmt`5ja%DU22P
zI`AFv(Z8GXtcU7qxb9%Zl6|wV#~oCDmJ=dk{EF3aP6@;5liIWh*JR$@Y8v{XxLuJ_
z4`a~hoFB6pKvo74;xK#;z$K>7LzB#sruALt-Fj~7*<?F%*D_0+WOTdYsD7CFE&g@%
z5fP|ZIokP1y1+txkU{)P={&rPXF96>7#}-&Zds~?^2oBw44!BK3JUv^R+7<lL`)OG
z?o<@p;q*QC%s{NCa~QW*HMIFX*8w{`hd;l@mD(lKj9P)OPA^_9bSU&xt^HSvVQ6JU
zJ)6rc9uEMkdN98H1OO~$^(rqyO_RiDpfYRmiv9ugNK$7cvemFkOEYgvv(}j9k^m0N
zThFV6Aq}KgQ;&l(jXdsUMKBaRDgu5cLKda&#`0cxr;T?_aVQgS7?7!@Yt!D=vu&k4
zEZA=t0i2P?{n%SHN4AyAJi`2-#B2MKWk1nDy~TrKchCrf%-|*6GqlKomPY?%jTioQ
zfY{(qQ4kghIEX13i$K1IuGD|y&d9jn;T|R86*nps)tigh{+uv?qZZaVtb>tA(bb$^
zPqbLZ^wYo5=W{2_2$|{tiA0caiF=%_*Nxa#*|g_B{TYeLKD`R5u9minxcxe5+zQF~
zl7&&eF3uj0D_@r#0ps{}Km07ot|F#b=6hrxk@z?5nIzD)ElR$uFgFq&=v@tX?DTaL
z5g`S&(>O~qne-+$7P1v@>_9iwp%l+d!4ifSkFa7{p3I6pQlLR9-y!X!weNjts!esb
ziG3loP4e^BFCB1JQ99EVo(B~74gO?q3ZxTl)9hpB%+GSA9V{y2Q883ettt?}#33SB
zF~EDP8<dIAM{t+pWAnPj&vb5XpOPsB_=0vOYGyv5o^Km(ZEe<~#wmr$W|frZxY>Mh
zA0}M#%H6_xmOx6*T{J78SFoDwM5B5lFZ<rk2GA}0A)`R64`z7&CrLnl5GCw&D5uqV
zq0XaSv<QMUrHg9mU!%m|%qL*~h}j$;Nb6T$0*t~m)3mN5gP-9NjqL=Ca+*;zU5vF)
zg7wiCR?jp#HnON9>C4#noQ?sA*-O6qP_ZBo@p3BmD#BClbEitw^)yTEo76FFG1`lG
zLs;>3_h0h|)173;rBa>hnB;X#_<mhGUT^*thEJPFG5kSFaVN~wQ*JtbaHoM>2A?M=
z1uHg|G(8041NlA%Co8;LDyN>Ft<@|3j%^deQgu2(b<}V}I6<nnJwY>M-$kv3ly)zu
z6`XhQ_f4Gf?cVsZ&QrI0Sne*fH5u@v+(NF}wA50KM1@M@yX(g~#G^cw*^>g%y6m%$
z`g7B|*nQPXs28N6q`@}hvayKG3?NZ)bKKuHqpMC+KcQ=U=8}lL;~tkp0KRtn+>N(<
zRqSHI(LkmfWWT77Zyhk5Xt$gMDiWLF-rcEtQrYuOKL5cji%dd}2jVQZA1j(H^bNOf
z+^#js_swIhNGw+(%~g5!Ba{0_y4A=2|HIf<$3@+B`zk633aAJONU3xwDGeeb-5@P3
z-CZIAN{;l<A}|gq9YczAGc*iC!_Ymz0CRsl`kZs`dEfh-_n-O95B8qlj<wfb>${3k
zm{@2vlQ;huW>`cVx3A;@cq@i(OP@WxdP7qkH1VL%>RZKQ;FR0q(?!izJ=xZz?Vsqa
z49rWqBy8Rfm+qoN`@w|W1Z-tl3SyQw65ag7P{D-0vcaYuk>A~4TkkLE%e(Y;m5wvs
zT$~9+2GCrTJiGcU(qie?dq!QehrwR2%TnxXS?Vpr+h5;w_)f<|mN@^Ok$=(@-K~!#
z1`6I15wWQ__jjy)wK)1gp+C=n7^IwS9oiBd*OCHJ6x+YIl+*hXeEK7A9iJ%`lyDh*
zop13ifgSR&t+JZwlXm~2e(NUS#@!Cz1F{G@Z%1-I-X=|yn%KDv86G;bYp-*;*VmGu
zbIGfH?PPsUJAhC{HI@6OoW3&iyCm1!dN$kI!f;2K<}Wn08zbO0m&e>5rx4&3<J_21
zal;l6VO2j_UjnbY$PD*)c9KA8#aSQ_miPk?Zl)7;@006>&vbI95?EKFV*-69s^sa&
z@C*UL^D8$Xmm>t{Lc+pLPqBcakskIorRe3-L%`deC-<x0-S6~G_oi>&AdVJMx0s-_
z;QdM`?~=&<GO8UR$Vp0bvG^gmIm~G=W~pShR71?YF8PDPUPNm$-XVou>&HS4ohV3;
z+(w}!58S=2yFgEO!TN(j)Z^>Hheq4qfuw)>Q*EgL_{jPPd^`jqwYLz$)NlEmNJRR8
zU`WT*W<A`*?)nI0Kw1yJq;f;Gbs${4^if!4CHsRhYzZBYJyp=$?iFtE(`Qo2rvR7w
zqAJL_-1_K<-4O`bC97yAin9(6t~%i8)^AQFkL9uen0VT^4K>4rD2|npy$GiJH}hXU
zADspcjbHiE97}ls_TonOo5y*NMc6WJ-%Z)6v9mb`S=xS7w+Fz&-R+>I?(xqRhk&;V
zCkED1FFtzb)$ZaDh+e9IKw3{vsR+oPId1w|1ognu{-<_AAe*_uqj`g&q#x!Kk_BH2
zUIU)A1)<tMS)Z-zxp^5e(5BE?%)<+YJrF+^+@C=W62W*`8)g=Ox2Kce8k}i8uj>EG
z_?DS-$8#ayhwYwrGV^}h)qnzKfA)dw2x}@ds^@F_*x-iCx%H!-=j>!m2>?hVpmbRr
z6T;>^er^Lu&?3*t#u7CNm|G$+K=OuZJ-Ul>?>l73^~<2#f(R3<YVudrmc*#!PtiMo
zhbPoh>w8y)@Xwbp?aYFWFy^JczzT5(s&JZ4D&o{<#8GpCeD0o_pXp*<a|{y=y{&ZP
zYp;XPPY>nyJA78F0V1Gb562KK+!*HY-{GQ3Dc!%ybqb1%9k4j{v|Tzi2e>l8)pGF5
zfeb1rM%I_tb@>B<5=va>3!H9ufAouCu79!UwzpdUE=pco9a$Cr24L7nb=+RJwrdj}
zzni2iM@$1@`mhy4Ac1j{h}5I%RPK6r@b2?gC^}NPH8jJQPnf6+VX5QtG1T)jFOTGk
z(#nXKs<m-W<p`OXT3>qN$Z+IoYj=6Z$-u|*NZKf7<f{Z#CSt>HjQwoye&%P4h4Gn6
z=9U<q?gVz$JskE#mWwcSuuJ3-U-IHl5;?#g?~?}=c``o@uWw)SdRFE+VaHOUD79ba
zgQ#0-DzM#;c?A?nv65$fEY?Ly!kge>062nKne~3u*nRn$UunjY>UOdG^%0<QPPw6z
z-rk-KwB0rnncxDU2FTNk)|fjpuC+U|@|C2;M(gA4Ku5i{I^7RF0O@mX1}(HLiO>FQ
zX*xQG=F-Kw*q(nAo1vomxe7!izMk6YcpM$KW{A4y4IHM+%H38oIa&oJIVXTDt(!9g
zls)EcL|z<KxmQaTyw(Rm6F<83ohDXtW$QK)znq5kgs8&LekX+-=ARID^UpCUx_~$D
zl0dd{LSEJXRro|g{;}hXjqs?R8O1Hm^-1yV3hLzh?SN=Zt3~$1#|ai{-2E(Jcsa0Y
ze183n&lPqeOKes+r(AJA2iMk;5fFRrn7ZCRu8<u{-X$VM_gZWv)kR75DRE5eVZYe@
z)_NH&$Jd7X>PW{H!p>Ad7lOUTz><P@Ury5j*P~_@3M;Q?5Cf=AGP}Hd|9J!g`$oTV
zx@9>By7=(T%mfG8y=3(%C$Z9HICtQR!qCD&*Zi)8mhI7<q~H}hQ->rnED&(|sZ16<
z*HmxLezQVC%jZczpE65}6lCP8a<Ll)@vld@<;Rsd;=2Q`XP_s2^&1zgQ8JC`K+Yr8
zX8`r8;!p#jXUva)lpc5QQQrv!{PG4eC5^!q8?;Zzbv!$KSHFfPYX@tl;NSpp>L%4U
zO=RsztjJyt;N5-q_0p^UE0fZQy&BH0^E~@lWYU0b)EGsZNe_av$l%q-=b!E=SNrHU
z?;&pzCW>ZRSnX`~Q5fqm1cZxNrhB42w?$b92~g2Bezv9kq(&n&2R?v)<(Yg|XoTa}
z6Q?U_wsFJdXSvD9V?$=ehqa?dHljp+Ky;jU-TGiqY_!ZMLBMy7MrF$<h$yNU-&z&W
zX$CO_GA}!6dUUcXh#Fe`#AYhFoK~!)2yb#en%2Gfqx>iaNT>EV4@hz;Ve?o;3H15F
z-9b%}@BQyRY)jrii!{kggAQ_j@e}qEm&6d_uHfI-ssHtJqRnZ;Gu@+A&%TC1F_F|P
zCN!sae}L@P=vwV|U)ah<o!Pq8^tyF;tJT&NxuNIRw-lweex`SK0H>2Q+{873%lHa!
z&b<V#S8=4u8|ANngzP<omJcwUN;lg`G)L~4m8OCZvFb{K45Bi-L^xLA>HxB_5g#1N
zF0XSo1;6vEWJPM+d_rx@G+H#FvJBwL$FQDk-BF;PXCyBYKoYb2NoM#zl6nE+1%<L$
zOcfY^48^qbl<m-<%CYjyLJw<lPqg2p|K&2@@VurTXhNk=i`MSH{8(RRGLSqFFnu?)
zfLhAq>=IcP&wsLD8P_mV%+Is6U!(L3V{&9zPj5cQ0J71%9vo4^o3nf8zA5X?9b3{U
zTd!$adf#lZo11%E4)eUz#3i?d(5vBH%p?}&49bhzz20>C*$?Z~N|z)ToE7qP{9U?k
zwM##p6^mooSYIplRetk1zCmm2q2>@*3JKnb^z~#a!2333ibB=zWhN1h{`<L_%;8v+
z+Y?RDUvmH788UV624)!PuJhe{M)y-f&u~hFe}2U2_~Xy34@qq91*A0+%8rWqzYF}n
zgWOh<XDQhb{Gi-jypVy*=oz68m=~>*?fUXa9b*QrhY{Bsq(qw^zri{T)y*%BcH?u)
z1~h*oftPQj80-#bA3Q(QKTK-w^iZbJYBFj1p+hg!UFIQHZh`MS|MONequa81R{tB2
z>`%h8nANuT=Do&m^>>)9?GotVePNZCJT~$@J{Aa}sCwGeM<@I!2?%w4;(0H;o{6q2
zB5@^5XFT@&rm2$fX88w9Z*k*=kmM(+2PAhb+&<e;#vlO)v<w25otOv8WV2pGU*hmR
z#@jyhcz$MhFg`2%sOwEcGO5`-v}y0<s<hrNt1<D=GiE!Q=?=VYhXjF#Z(d-&e~XfP
zGbzIF!yH{#W_NPD5PhppzLLX9tk;W{`0-OgK--J;nDJsdY-@gVBb|L=zxCsL9jJd0
znn+mNcEP;<CJ%A4dxP#bK!LvliM;u_H<shfBpo1GXQdt(yLstZvf}uUNa@m#+IpZ)
zkLEt6O;feOh;2rs`OAoU@59m-St*LvbiQ5P77xVje%4X+cVai_@OMZW)!rx3O>Rl+
zM%qQHTioCW%T;qgE(c{M-4i=6Aiaq?V~IdV$d4?-k^5#txOF|_4s@}8!-IXsTElv4
zFq*Q~*zgj|@CQ?Sp+F{^gn)E(lJzZasxCqM*rWf4u00(N9(OiJSLG)&$JU8~fl_|2
zvTFZM^Y`u2p3Uql_jmmQyI24Ku-mW8ABn#!apl3S+lsuOBzCYx6q>U);La}{KffEC
zpLB2ihRfj5$Ul;mGj(a;(b<LMOk|DiTz_V6%cv9)oJJ<**ppg5ZIh8^8yY*-@ZEsZ
z*ZDKU_->!oVQvJf%vx0Q(Lqm`D)jNZY+c|Zc0M1|*&YoAt4+Gi@Qj|DFVv&b+ye^H
z3PW?GB+8j&$jY1IyQ@|!v!^R;M&7M!-~P(aTYepgR^n}zgL2@=e&our1tR5d{G{KL
z?4bz%{9Fr4S4MxLS`|bj#7v4*p-IPC5IPh0L0_en9yxS6yL0cwDri9O9l;|6&YK@5
z<gl#0Paob&N^X4kaC1C|xtH^%iBxk`7(v$ktCChj!t`+xFX-;f)~s-rfe{<I*E*Ly
z#JMI|Jhpm#E%{IDE(FJ@FP!kW`QEQJc%+4NgT1w+l>15p=+ygBv<GmfX?UoWM2Bc4
zr%lc)rkC047gq(TFP%Kmf_+#+g44Jq%8mmM{PHa$FWzsUgd?};ul>FFFqAu?uOLS1
z83;=HG8F??_G?cCtGQ0#kDW9+^o#6Ah$=OfH7Aqkj$SE*^`;2)uNaK(3;DU}Seg&+
zqnr)#xDSO6V7aEk0S90h+t)RB4>}&mE6OI<MtPwkZ$YH#x#+^#MW+&-`t}@96KL14
zF)F{m=X{#?N8uDAP=U~Ioqr`dS$HgK%2fvfcd6RYMV0gkFA#auw)fahcvT%Fry^Uu
z?Y2B#qEVu22S-~8gB}P(KT^3J9e{VBV|8VwamkHNy}kc)8P=^N>I%+Hy7$1xeX~I6
zDgWnLnjAdIA4J$NuD7YfL;m`wgfST%NGB;n4E?*Y1ksI~X3KY?S_tCbhdgkjbRlH4
zpGN83<$3Ti<h~ohwgcG{>cLDii_J{1vG3N}xr`V%-qUO*`CNwgJ2*CXtZH%f{=A@|
z*f-Ppp5f)#6^04SP**19{Ow^^n36-0rpTCWcXDFXw`PSjTm!_kdLo_>-qan5D}gHa
z9CIt(UWoQVLUddyb<$pFL+HBX;9+*&5j-InbtzHZ!vUy%?gA=qM2QxXm5mXZpjM6^
z*){Sz)ZDJ_JEpuCgj!e3=aebtmkBCHQ}Mn7d1Sz4*g~xx;rMYtf$%ZGUl^!5112=!
z3_>%?lA8K9mZx$b+AQyJ<F)16dPYd;ceu9rp+4o_u$*_Fd)kd}nS6y7s|vK6)1jDs
zz*Tk+>WrE;ve=FcsZPBDgz4ipmwPWHaOl-p=mrlXQVBkt7G1aLb8*MB4?1+K6efMb
zC$VndzUCXtq^#tDrF;dS1#1;+l3>FMYU;@fU#)+{rFJ1~y-c{L)$R5HIe~v@ew2zx
zIEA(1V+2<`#P}kh{Ro7!Np`zUrpUnd^ZG{3d@X8<=Z=|&z0Bil4MgZtEoTj$mD)pf
zq;w%ozND7H7*a-QsxhGP(CtIY)&lR7A~+ka^+W~1(FHE0@Blv(2zC9@Ig+G)3y9dJ
z9>nZAOnBh|nYkJt_xUVWs;K*IBO136D^AMz+e9c~zYmB23nX|$NO)y|<mz=`lYoz#
zq=6sL^`h&zF?$a~xs6g>4)0P2{Y^^b%=c(%1G3)@X5AwrTRvCMetmaPd@|J>UF!qe
zbS*c^G=~(IMJxaLDduCGT$9lH&#xjWNzYQ|h<?A|@+}1t*4BARjxn~A<+6Di&_|5S
z4CY;Noh3?2Z9K-Wd<YpoF)$84S?Y=}TM1Z-*Zy^VVS~?Z{0BXPkAZ>VGk)S{Fu$H|
z`8#?B`2>YArU6_YzM`bJxk+!K!%%e@6B830Hxi!Unk2{ERj)klVted;E<=&GMwX_4
z(0xRHpv=<>1G4PBQh3lc6V|{plBY>RlHD~@2o5Vc(izRy?iX{Qwgn2qnBW+@>x)|2
z+7=iPRnSI3DS7Ru-zZ2NR!?U^AF+g!b5$a%fLNzVEbXq7;O=1TDq6YG=oFh#q*Iow
zQKYZ)v!&&l;S2kS9*rH73+Jy%RuefoWfu1+C@6LwP9VNFt{>D7BhwU<dB3c#uCf!}
zB`3EmhP((SP|MfiU@>a&&22YtXN5O&uMQL&i9b^x3&%H`^pJuvK6%oSB^|zjp1v-(
ze;_)zV*L|bYS~YNIUhwbFqKkst&n&{r&9gBp&hT^ZYA`aZ!{8jY{hX<xb1JTQR!$3
z2~e;U=IJjW+HiiekYJtn5*Eh(r_;i}p9SyJfxuGFiKH%x;xEeR_|kN;lEDQeM$Au=
zbKwTEP(F-omb{_er1A7V&r)UmRYLfUTkE9L!i!yZJB)Awalj|*1T~a@dIKE5lmp~_
z{GJ^tXh3F<QPN`S`C@<(=uVG&?lZ~V$|`&EeN7Frff_0pG9P+coAxo3RCqM;*YO_)
z_uwiH_{OrT)7Rh6i?qP=$%>96!|!Lh_Y#ui1Mkx=SX8rKHtC%Jn9dSVo%II>h{oms
z5~LB2M@Qb!mSE!r&NKfk;kzZt!Zyez5T_CY)SY|&R-FIQdx;tRI~_g3@~>X}*OdR7
zH!$*_OcHcuJEAUI5B^$=K>b@lOFsH*fAQYGJ|2=LJu?l_cWNaaDzj9sIhwSQhU7(k
z`UHw+)9wNi?koWkdxfam+H~+Oay9B_zh)k$ZRup7fmA{CK)u!k;D}5>Q-JE|T;k^k
zu_8y~rZGuL@3w{FAZ)}X?OmJq9WSSUcGdah@9F-{`RN>A01Q1{#b4<Ue{TjhPUmR`
zm3HLcO%`RY5}E;JV{0f3CxPrCPk;)xP+q%9-WLB2c2687I-YNATn4q}K-F7eX8>)t
z7>@M2Ne7a_xz4?RGsgJ8Pwk&?nJNT#I@sf)(^6jjwNP{(KuedE_QC%iniY<a!66WV
z!9>ES0IG3W@%DIkvlz$*=L{U?$u;noFJET-*gr-!eR(WnHvj80xBr<ZSj?}siZXY`
zxI2L($8M@}?*OhWpCcFlVkNhR<oaGsQ&ZrzP4pJ<*F+%e>EeF=(%!#}>`LGng9IH<
zfGBYh?(dDlp$9fjLWGg?-rrQr48p<3$Iqg#-&^V??^s{Sa$y3crn1Y*%Bq!^NVBMA
zzuv-Kc=umK`**kBlrZ}o*m#k?*;Jz6Kd*9!4n#qq{Ke-Fq5QwC|Ama|F3(hAazya&
zo0<MDuv4#Tc&k4Dy;J{9Pygnd4sel!%~^#WU0(Qf@83U`po4#z{V&G-&qLU`d8cDh
z@o##zy`*1$3cP>wmjB+wzrRU*0$ShR#p~Im|Le_;?ALFa(cIE(d-*>n`0u74_<>zz
zv2jU0`aa>U*r#I|kEFvsT?{5vZWQ>~3)uNg)>?MDL;wk7`rd5Wu|NJjHHl`@PvJ;o
zt_C1_>IRyz+WG&p9slF~bi|jU4LzgO?{TWU0mcb<CiMFKS+Rd!WeF{yw}oby|DSo!
zlG1@tId8B2yGi})-+lmR!0YZGilmzYp2`&4uKvA*|M=!R^FV8<v#TyXznee21)TNv
z7xB*kP2pc(^gsWWNeAo>dxvtgjm%%IXRiZXOhj@gmF$1-3v}2kyb{>si+NZ5^!FO?
z6$8&_7~5*@|7gvhKLf_D93gBe{nyJgB`yau5FH)<docgY_ybMpB<S`ZWO6_Gedm1T
zyki~MbD1^r^zp*QzaH;@ol%EICLl9`kG@J>GRS7T@t{9TEeY&BZlE#G?;rl>eYo)k
zxcateXaaktPn>vv_Xt*_8^!?#@6kKM|GD#@|AHXELhQ%IHvb+q^F!eAR=dkG=YO<`
zbn8I#GJEO2C8y`C5_GZJ{~_t^ToUSfGv%MDnn?n)Ap@;`_(!7qebBDp1j_-fzj{wk
zv;Xey1#lG}hldn5{&lVYC*=W~`$7ijy(%KVb^WjAfeVblepaixJo=A_hnenjkvf9r
zxqmNGhw|kb!r`;J|H;-%(1`;)t%q1S(B}8ZGT#G~&;FJ;qWd>7{;$Nx2@E!g#0BT~
zU|%R-&P7yx>*jwnb!R{%;PLQ(`1_WX_<DKkGSdnR{MW7fkGz%Qa_Cn=4gOHiol6RQ
zOJ4b(F{(LW!*x6}L_Pl8_)(W^FDdHUe@1FAfz~0bK}(gt7x{Stu;|e_oTh(x?>|$G
zgyel@-oT#fdOY*dgnDipm(pJhkgl1a&}{pO*HFEpBz=|q@?kb|ojVz{W4<4*CvX{Y
zs;a625^dpv^9?7bsVDY&sl0YWi`A*ov6m|ZzLdEXKArzZhfHPs`U^1-*mdWJZ@DW(
z!LUZS#d7KiqugmZ^ij^EpWGWBbsjWgzHeSdQF1_`P&FogEg{!xp%(e)&WoSwF4}Gm
zE=+T<=2Z_D=*U~AT$y8m@Wuf5QMJd^QsYH3Q)7QB3m|dC6d7#ERb>#;1Qs`*Xl<?f
zLikdT_M_WHp451ClUWUw*N7r-1>wm8(dC}^fpItClhc8`e$rkg|NBt=^JGpG=(4YY
zDcgLlPZ@RUF%k*m^2tw^XI=7^@~y#?pbf`fx0!XLM)!(1cAX*ER-+>jkqFhuNyb`a
z9Kw}s82Uvq1*uMLD6y%~+tjSr@I<*t+1ffv8N&UJN@5sy+CHfc6$b=Rfqc=MRf|9k
zTDd8&+X>6PDNLJO_0v(lRrsb2J7=?|j$|R17kKF<9s3v_{FdeZw=*+9eiJ3J+$3I=
zWYra0uUz6ba?ja#lY1!JB(Csd4YPm7S-F^MZlV0a5me*Rix8tXkC7T(b=W{W^Z8%V
z^<x6oi#KafZB%vZ7q_+~EY7_Tv;EJ#b9I;RPLzAavK!X@f?%S>eVI7)Di7=*1J`ed
zqcO0|SzmkZF=S=8pQB~X7E98$4D-{i<A<xOpVvTq1fW_R3r%(*<o!y(Ii`yS`2O<U
zCoTVY`u^S@iH@81lO-&Q6XF-M#)q!bPUn5R@8#TPA<Iw7S7D$6D?hN;WO<8RsBuDX
zA=IiaWW^x1@Y)LB^AWQQyDd@=I+x=g^v+X-Ro)&<OibN)rtPvwNJhz&iK$KZhBy|q
zv*QR;qJzt~{-t9{Fajry=c<XoA4dJpL%c5(2qH3T+Z27r_Ll$i=a}4F*4#>J%xHI(
z9WrHSiN?y{obhv1o_Uo`MGr)Q8E&<$uO`o$7~!a;+_6$kEFNb_ENa_-Zj1G|NZzpA
z+)JGZkgKnCyJo2VDo|nNy(OLqQ;ShROHtpcOD^wsBP1tDhwI1VzeKtY1%Mk_yx929
z?(m<CcZLELu%Rc&J}|e%MOrDBTa|}4L_JhCg|ce=kSW(8A)soztlL8%@(a;nw>Kv3
zQ*ijC5i5|tA7mrs3K}!?o6zIf{}Src9jh!tvlCN#uOpSmvPj>(HU8+hgtm@LTi+jS
z&}T*G(wkgS>b|MV0w^n~?z(KUii+_J@`+uk6E0@^2^>S;RUccK=e{b|t5RyRap!Mq
zwTnGj_9y4iePV2EJoMdIN^tW4o-Mc3r9{5H@}Uu%@X-KYE#IAkN@>LESL4MpmF(+r
z4uNDA#Nh+1SPH*gj82*56m&|j!kS^FLRecafgMGy-j5B1KFCvtt?zQ^Rm3H5=z5}s
zZvh&`a?P1t@oqucq&HiH5C)(ZHuZor)nSHb&s3GH2P7ynCdd8BxD2OJ7UE??+7R{(
zF~1P7_r(uD5qp{S?VDelqgJIYf)z*|9DRmH5==Ds!FG$-m@-^rcpYZgXUo?v(5e93
zqEl&Gb0%n$U^`Pcf$IkNL_LHW*4MfaWGMTM9n>D^IPk3iNiQl>C#y@mW(ad^CrB`e
z-5M3GI})==z?~z)Sa3V+pIQ8$|K50$*@VZ9ojEG>ZFGK@K+~N2E5~_t=c=IE%U@?1
zcB*scOEvB;IWJ%8oLJdq-A-%lwJ+A^)|Zp{NWHm)adP=aFqCVp3+nf9m?_}UDb?t+
z@<^w){dw%<EQ>iBI#2gmD(h#GZ4G<2x1AM?`tW{IkS(w$0BgX$+1J<<C3?vyI<G&d
zSmFhp{0!&n>@Kcj1(KnaDx7Ypqa1rHN}Weog>(0%>M<#-89<?n;&(g!jfzP-UqlAV
z60sIkdk^^+`A`FM*4tu)%!W=QBivKh#kT7qFy5zu?K8yUCg}C?STU?dpCHCILyVHl
zcfJ!+XS({~=zKY!#kq|F(rqIZ(lxtcv@=o6CQ9ook?vJn+<ye*fLAPP+-3AR+sg^}
z!->i8Jq3%LjxWT-#Vxu-6di1%BSZ!k{I`z^jz$J73dd`Yd?_>Q&r0R%O;>+5U&C9B
z{PNg*Hgm<VQkV^r{B*TLU<T9{sqDl*p^WxB<FiaS@XUk|n$`+ib+{jVzw3-*NURp<
zenFC4pD(XX^2=bQ%s`v7Vf7LCc<|VDY67@$zFum)<>^cwe@ni9Gq-=g%QfW8JApk&
z0bgbkGN0VTKGycT@Ih+)4Y#%@g3zBj^XZj!o}Nh?%AyY)J7_pqyK>yRu1_awQ>9t8
z%Ez-ZuqANCo3w^?_KPdWrr4w2DevyekSqd5YXy(mg6rJkr|+^3Jbyq$-A{`fJ%hY!
z2+h_itod4(x)W2b82MO@7Jv&=k596>Y$a4(lKPLf9i+g0!8X-<If+Ik0j?<_LR_$e
zdxD-jnZCPAW_nQ7px6w55!F6%tcXvNFbKMGauEu3hiR>(3OM-JO5_?Q;ywXD``cC?
zTQ#Nj2%(eXSmn)U0H7DUg{TFiW-;NMNXK)xqv-{)hXDu4;T?-yOr1J*Q<E2`E!1YN
zc-#RgVg^O9i&s;{{`KC@Kn{^f)?_yAqH;-H0M{4x;~_9x+iz(8C<W<1M)=GCCNm?s
zxKE}1%_XWW83D<xy~+F)=LexKw6z6e`Sg=)Mb-Mrsor^oaVJZQoweP#l84mnMh$fa
zV{%!R<@Tn2!<BF##k@+M7TpMIPHzey6UZv(I8fr<rGmY=(vA47xc)C<gv1db!BLhm
zO<l0_b*HY8bg*0DfPIuz=y(_yq?N2a!wBmT@cNY7l*g%lr9z~~P{kBk-!u1`wLG?^
za}T5}`WMeFv$pp3sjd{EkPwts@tJZM8HaUyryZR--Y&87S|uSBf6~BgFaHjNl$@M1
zX(eq)w<X1{UrZa;$svGzB4y|^5~A#80HJTZ2uZQ!Yg=ZVK3N#vwrd)s?iltb>>Xat
z@H;KhC{$|=VL9|a5K3iDo?I#FOIr#i$MxAhlqWgbaP|;Dn5Src0U}_PpD;4E6|LXj
zC{z-Ma~k>d^6eeznTk;NDl>I_Uvb0%dn@YZxNKAt=P0GU8O*f#e2<~7{kxBeNlaR$
zsIZ^g`v@HHLc1~u&qvg(|J#TFM&vO2<;$0z{rS!PScDVAFLAQc>ajXwfU#Y9(B)R4
z_vWgJeOZm8FgsGH!+{oe<a<j@w;y`un}IZ&&x{Z9+#Qn<aAptTuM+NwKF6TD_plfH
z`2Io|;C>7oxCdZ9y8W>*eD=2&yPUViARY6Hc-j6-HwDWKoid_?V~M(ZNHI^Gkj8@8
zxO-|9sVhjRuTaT<ppU7%yH4Os$Ag+xny7IwO`sW%AT%{!ZgVnWGg~8uQ^q;45vQF5
z8~D4-xr0lss|*^l40UR%-Dg>oNaa7uPnZNkc&hML_SyxI{+2IX(>9sKFLu((Z6}6=
zv(yFE1=tPFiZ${y24TwN(}6wy{URJd5s7bUL*Dz#9Ng&Q#*N|mKG#W8WI(^xOIO?u
zJ36@8>5yiVYn%Je0Ln9}-L`e-vKmf8Mt9VtBBL_cq{T1%BHbZhL#TaqrQE8qBT@i4
zPjcac$L&@JMFy;!X1CX1-rYRdJ_(Smab9vwv<oGsP2jiducTL{ZfPXQr3na##<OKm
zB(%9W>gHWhaR8}C1HFrDj=WF&mKD^4_aCa~?DIGTU~f<h=ldOwzYSC<e58xb4&k?*
zs67Pl9maKzc4B=Wzlw^nJUy(!lt&+pEQ^pBG{9`Mz2;6NYgg?kuh<W+x$5PV0|&2r
zfWBCFOxuX+QGer37PSLB#0>!BQKBI?uHRu6xzt7b%Q#m(Y8mE0XI3v__3o)H^_;2>
z)oEpaw4@g}=?}T)Ja~(W!M~rLt2q!&<r%#x$Z2SpkvxkSD^axa+D&*+v)HPrmgkvt
zHVFxNN$N6YhISX-x`iR8`68Hq)E!oc$G~v-iI)c#G8P$UGN%J;@WYGhP!5kZU+B|t
z(cgU^GHJOo!^?(EVW*&AT#_@}L}nmN<0DzEMataMyp{Y6@rbCu?EHA7R%1&>Q;rQT
zrP;&5>$R!1Q_idJ?=t^ck3>lb6n)+3UG@lt1%t7KDy?;T%a7kprTM;zQ6rLfM<O$?
z;ZA&c+gCQ03Nb-ti6K``Y}Cyrmai>~5qGkTgm+RfDr{lTh2Q#<|6-zv`TprCRE5<B
z*-Mw$Z1K-ZeWFAlv03dF!>q~lOpscQnQm*7l?^gZCxuCFuUQm8^>du1&t)zJ23aA`
zH?_WvN=M1cb}gLW=?}Zok}@aksys^Jj_bTbWf!R^l2W}o&(EnoGbcxs70$U@1Fixd
zbntpafKE#?vDiS1rOVbeu(Vlk9%<Iq*VtV8U*olhcAh&WGPGaXX?=!6FqC{^BU)#}
ztZ^-&guCJj?pxC=y}IS4xP9eITR(CF-V9MRAy#6JHq8Nvq>mE=#lU6|2ClmH^)nUu
z+NYc36hgL1w;%F8NBA>!tkQP)&O^oaj;7M{a+F0+J{B@lkdiL(6cw%3luc@5@NSs_
zCLb*&;ROYoZ|Jd$`S1##+T3_S)AiA^^N_luFtEv)`&7FhEz*~-RSC5v_NEw)-%~4<
zyS0`z=DJE3ghv?H70*^fY)*0YIzb=+z`fW3xp;=_n(JaIbbta&52NlJ{{V`1O$3Cr
zwYA}H%}yp)V}DGaosykQe7wo$yM$cRhyZbUYsThQgq>`cu6rviVYEJnq?K#3(Q^76
zQO6jVuF0#$>QNr<+t*;v?c9w%cAjZ+QgM!@8Ft~O<NB7s?P)z6NNWo1P6L=qg`*du
z@!H!`))hfg>3X~Ag4|i3Zr9gmxi)4Nc%)!Igs2t!+r<`4ZBf03`==NdudClZ$SL;d
zB%yUc)Bc1R_G>&a*p(~r5d9V$%Ji!nv@K#h7MuU7V<@rIU4ME@O0A;ZdV3(Woo|P;
z48XAmR^ZfoXZQQj2RTvC_Bxi9(hN{y0Y(kVebf(*xv*9$$E6kw=4LBh_cqDji5z}*
zEB&Q0T3;$H3m$^$);jH*v?P1(CzjC|+W2#Y^?26irn;#)QJ{UYrm>Q#Pd3F*tB9l1
zU$=bos9<~SFrztf=6__HYWHH&?$qJOdbd$jh35PH`Pv89{t5SC-oT-!?r>!_9Ockc
zz|GJzkOQyLHcyhk1-cuj&=UwZ1?(7C0Y$<3Gem>=x|U#tERRoAIA@(ot!qt^@VBYI
za{=%mPK0LG@Q1D5x*QdV`yN@|?-;%))UAk<q46JAO51eF)VaKe^WCgR`XqX(LBnfF
zk7erUeU3K12pyIl(RT5T?@s0ycVLAO_AL+kTo*6kpM_W4Gq$&i3=|IAn*mxz5lI8J
ze604)tB}VVWAP;mZJko}v?X6-Hm54R(XgNhrC<dFRJ|<2Z_A6{HE&&rp)MWM*XQvX
zNc`g#TV)P$_#u%C^IkP_v5>d5ot+Jzv4Jmh*yVJm6N}OHiy+1fLos3(ItNv0dkCLE
z3(07oynguJvYx}|sn={ShF)%XC+o#tGh0B7f-=`l=fv`NGt;n0fXCjn12EdJ=e{m3
z9)Qnr`a91(piq%Ay1y|s3T6do6vS+l*>&s#4vD>vNf{T42{xhj{F)0xII;|n!;|RD
z?~>#x$TL_oTQwaH4nd@XT^Ia>gk|mhO~Vlv=cXe$ezEt&{H#T)U-56tkrLkG^cK_N
zjf2|lwq0}XbD?_K5=Hswp!oF)%FQ>RZ5k%$YVB4?rc<T%@vMx#m8l@7d6=kBE*JJ4
znXnlfo{n54bRPYF$Nq(-v|<N)YlyzU?c&EHiYg;kTX%9uj-8KC5Ur(D@gE63>I3HJ
zH<Pl_Hip9cjm#sPY0tedW1=%o_-5WL1ZN*Yvhh;xEXf3He1R$tgLDV2whi4KiiZ61
z&0)~nP{no~;c}$`dTs(UAv~+sm~F|59H&T=K1RV&z*)rD`hmI>*dtx<)l3bnR20o8
z#orxw;$x>d@oMCedF+X3PGf%R=%ENn*Ty_5f2y_-rZ{tIUgh@YP?wtOxyR|=KO2@n
zJeLqdtyDt1+{+Gx;<p?{J|uRw4nT40>fgZ%X8fAio*zF{e+D%<?FyM8YImGF6nOO-
zYl&xea$DRNU3jU3I|O*psRwxonb%aV5|C!UDJjRkUKMSs08L3)w1g0vFGnEtALnvd
zS8oq>7yqDd(6evoRMKm(9<dhu=9W^fM8R%Fx1U391cGgCY>;%+jcMGZe#aVoDj=Fc
zGFi7hv$Z#U#Yo*_{D)l%|K3O(*Lf&tcY&!RsGg?F84y>;>%7WD&J_amyx^j<-=am>
ziP8SAA3Yk%tFWj5$awi9K5geUQJ;zRTUua^V#)2ppW&0;Kc&NM-4xQi^;3jFD58YP
zwB=Bmv0`jlmU=qu8n{+mP*BH^ihKB@XQ&`za|H;Lr!Q_ei~05I*Ric7fQ$bDis5y&
zj|olFfr>}>XlOWjEc<%gnAKa7gbV@K25PQvT`9VQB@^oFbya(_3`^Nqx51gWW_g`&
z{lo-RF9f{vtDKjUV62^p6@XFu4rzG%4r=%gXPSqBbEg}nr%Qg~l48Im7=skC0TdGZ
zvdDvmgbATQ+EYmw=EJqH?Zz@xy6p`!L~0bB^%pzmX#Faf@`*h0xT@?naD(xVPD#(;
zFjP<u^1@yvCrR0JJ?fdBom+!^N&?7%_V7HMd4|N&saYK4^_gNHrqDKQH6ia|fFcB~
zK>-uk-MTBTF52P-XC`)58XOB)1Cosdi;F5`NG<|{^_me-K+UWG$W(NmC7bb<u;a^w
z<n5+#qwV{I4mSC^Mc)f4*B|;6Tm$P$YBe%Zp3d->rh81fo!66^et;V&><n31kJa@H
z4Js4L(>`s4^S;be3}Dhi&EeY-*FDosuN4ZwitX$3iU0q>?2Zf^aiw#~+>4$1-eF$b
z@z=G}2t~QL9geg42It-xg$t9Io{VjlPot&gY$(S~Hwv0EKc6~ZUjI6Fy~^Pun}E(7
zXD5vObW3R}@%0x%pp%v5dTz5BejZUTUA`xT7FwKh(C_yWQ(32Ch)+dAU@2{{Lr)v9
zsxy$5XZnLzQk5j@-3ysss}$<)pf-7XAd2~14JJ5_N|%B!!OoO@{m4W-%F_NC*lq1s
zn3nbJ;e(k}RA+|g*|Wj-CTeOi!$k{VIX$TlRnxvMnNsyrm&#X5sF2nxV|h`!GO=1D
z^dcz{!01fegm#I0xthMVgb1f(Yxk$`xgsHT>wPaQ{DN+9BLcg`E&4#Ql-a})tAYoH
zX{dR=?0ik`ikj$tdpbDLTmL73pNM6KKVypmXxxiQuSyJlaZM`dIWNG74K5im#&&<c
zZ;v$&oc1)=&|{%}Y$7u*B#O6b#b{!vriueU)Yefwf6<Dso0{>R=1+}5*GWGMp}j#1
zUFWn(-w~UVK8tP3HxN?ylN6b}6qfKHY&7%s)f30Lf~!=E{iGPXr|YwL4Ok+l^^QXB
z-Ts%KSqwC^Qu4fn_*^VD!?gK3J#NJ=9hJ#-kNf1Ajf%FMUj!;_J`~6*Qf3|wcrO|2
z(FM=g+?i0IgNJ^TC|=a0+g}^w?;g8#G`W2=ihyR#bxlnsBsigQ{VlHn%K<_s5yUzq
z6U0s?)IVfn(%d~;$~UF%C>ZdIfAWMj!8nbz>)K{_4HwI7DF(AU=2DSuZmZim@eJ<X
zUB7KthTKOuj8=W^eINAW?mx%@9|+#v+5d*W;CD2ZrzxNAXAkP<M|Z8agm||k^|=$8
zTRT<0Ekwfo%+9@)=SU&S?RpL*gcd`4(GsumxZ}MvUxbMWnwBXu^E?RngE}|6)9!Bq
z0S;dPgsUsv@)uQc%KLdm$$lt2LHT@F1{QEWIigmY4cS}SB{H)f-)>DbOh`2H8VO-I
z)WykxC35I7TBgDKjs{U(4z;_uRQFw9Bsa4f;No<!+d|vTMrF{n-4eMj2*CETIJxcs
z0-zXq)KHEzn~rrwzXZn{B%oBC-<Zl8LAi^ZGayP9I08c|8b77^)7D|r^_@=4D~$}V
zbElEyW@o?NmZ6FNOd?)6wm-!M&vsf+Peu3wels@#e~{bFp~>x4aZ@T5?k!2Q{c>?p
zk1Ho(t4>aW6c>$Q6f=X`jBz8)AIr+!cu2WrQslrwOUKA{b+bifeEx#(BP)iD-(oi5
z<rdi!8IM90Mmm(fiL49~q(a6xIHh~VCmrk!bnl^Q$*8r*9IQx=kt}YfJ4OkNQ@a8i
zBFu&B(w)+f1P~)1T>A{ZelnL)&+Rkf57nW6(I+S<S7fg<bXGQMs8-}JvVTHEalE9&
zLPE-j?=ZR_m4j9(nquAGR(lkf7wRp1%2B@6D7l=pzTsvi=(SlHv3X9UShaSYJ0Hw4
zxS;TE3v>e0M5kDudgJzM6zf2;$1*3*Dp=fmBm#R5h1JZ5rk_wvE4~(cLYPk$Yoi+<
zLss-Y*+p{FAp=_HWd)C^yf?Rv-HheJ%EeI2hA#GaxAtlbn)`jI>vK9i8B4wowoXse
zBGK&5wdgvU>Sr}&W2wc|BpxPN0V?9m<oQswceegSR(5@c!^MnEiwAkC+N0TBO08kg
zT*MM4JLv@T)Q;+9X9XlargZt-t%_8SxGQx8)B9k~xf$?_T955HXXo8MQ?yKoVM|He
z)6yNzoUgit?ppMcU7iW=3XYV&o;o>0VT1{=JjK?!W*iE(9IwLizFK&|Ef+7Mo<Nco
z$Ts7Pdw8cP!^9d@@oNV4!{M&_^=;IQB8c@CPuNKfRTjh1YV}yM<qDCyaQlr@S8Y|l
zx#b5sbu6t~ZX<Hlo!hyZk*>5UI&?0Y(~?#@9lAapFpJ5ZK8sUFJBl0J6|76uU>~z0
zFS1k4G%ZMV>eN#?-BvR6>6GM$v*YQyL;)h?Bh}Whj`XTEpL_#cl)b>Z$9y?N6x$D0
zEFL@biax+-7EQ@b*rd1OA@W~C%C2Fzy59L7{r{mgmGK)ie#i6x;_f39(w^ZdN6Bv;
zXAjeAuS516Q+<zoz{lu#WQ|hu+6`_-5e@3t8u`1uuHCeK?u0{6+o3V}M4jGcuj~4W
zmw{SsSQ5jdpV<}QwzJBRr5tBjB=)Um9j$!7VZEKEwCMI)JXUt1w3*G#|8Qh%=%k4A
z=$=gEL*r{vwazcDftSw!tSOcTjkGN8KKVM=PD6Zj5OR1aY5xVKF~VFo8Dk*|CG-t9
z_Lt>)lljtGe8tck6OYZiJTI<US^)RQQy@(z8wfhaeRe3YIB~Uq!biW%J134a{)iUr
z)(E??M#T<-s#m2?<Q5iw*M+J{g9SX4YK=O)Gor<gs_W1fct>aQ7w0nN#g%op&DK0!
zRxZpTIb%&I2(5A)0DmeAzyTxM9}{x#!c><PGY`yIp?*W&aQcb(MT#w(;TEO3a#%`N
zBDli4eyl6`IA}&LNy)rJqTL|i70Zcll%@B)1SWQ-h|6VcBXJ+kt{g@jX$Rtb4vjz9
z5*QKSyRw9wmSjdC&k@hP&{d)ri0pJge@=v0zm6oR$$#l*(MZUD$GsBYOKDrL#fQd{
z)vWMg9(qy1Ze#O~+1wKnIX$bNR{bfNQw!P&#6xU0DQOZGg{zKK*L@vMX@vcJhlB|?
zAXw%F?CWxR9m2e*hO(HFDGS&!9ygbdSM1pj<_WALtY~iXYZV4pHvGaNm{8q%K<Qcm
zl}GOB!+hgW!E4rD`H$9=3LCsDp<;R4@d4`H_-M^T{D;;V*Pt?sr^b3OgAy+kgT6ap
zYxUF=o*odA5H)N+LSp@P`igzBQ@pf!4^Z}$qnNe1HGWT&Z9vC$%FuHV9i?l1z5xYQ
zhZ~?<(3Ba!G0=gXXQoa#_|>8{t~EE-%#g0UA&fCRID19)$*mFv5sM~w`20nNQ`v{s
zU$3$sLk+fM<*VFkG$cxXp9SM9re-NS9pjxFdc^+(vDoRhg%Il&dX@RKP#N-#?XkZC
z2(QiiMH=OcnYTY{`o?wX)!EEXt9o$2!U|2b^Y!@~##>ih013LB0rN7yb8Y{?ffoH5
zYk!O$JhTb1O<-YcnjHMt(2gXpE`?y7&Y3nrSB*Bx8)?z?ddPq(S3q1f4M097PjNgZ
zj@DKN%<2DNmjIPC`Jr87{V+#4>jzCi_1Wh6TByqP;e}|iX<>vrVrMVESXLooJD_T4
zbAP2bb}W>5L^^|vl$7DIOe3l+GM<D@g&7BIZ&H|4GsYL}1rJl*LNM71K6^H(#8yb|
zs2EDL*EdBGpb8W?=3)}CwuPMA|FPrxY%+0!pyZjxB55zqqp)tJ-KX6a1G6jU!>iAZ
zPF-tl)A*;X<Q2U!8!r82`Gjj@iFX}tCu+$A+@%H_4K56;Re)$aLBVstu;@VB?}`Km
zbGZHJIbFQ;(TC+M*g5Y?lXn$XxgX#@u2@?dp)UFopRXnRM>E=}Fs~?{kq6Z6Eer~h
zv9ugjwU))}FscB!gU+SZ>cbCoYc!<NPxWyLAJQRUZe@OlGD-j*p21ar7Pg9+{MLT1
zmg8(LYzScCBD=%tGXtBY4A|s==f6DrFKx~r(*Z1Lz$dqTEvl5Nt4H>MdU1W9l#LnU
zNJCGWTjd@5z&YZ?BGvb)X|zB#Z<m64(Yo%43fqa*`=WTLA*Apd^!>^1#!Eq4XANC^
zwG=IE{+rzIAHlN#P1<zPvJL&TxCrb?UzlGygyJ7PPs2IuBFov>y`{kSi}pe`0S(L1
z%ys#hGpWPoXgK~{F2O;N*(gaaaPos<j=hJ)p47FVda-H7j6Nl9tp8h9!DNZA!UM}m
zsk+~i6xK9*wQilae(Z4H6gA89d^Jh%ek>#Xf-6yDvt&}Ej90xmMGj;~d0&83v}Lmt
zSB$SZDQ%g^>|&xZK_lR8g{bc*e1#+4W?AgA2qs@aTDI_o*FKe=Ejd=g;ukfWZHG#+
zD%<n6ZNVq8D@<N35tKN?n@TP?;I-_)cKPH4(DL%Qkpk)K73z1IOlr%NQV^@>yAhV7
zQywyGn%1p-;yuGVx`e7JxCS0kMV2kmeb01j2B2$DbweW)R%b@q=eCf@vAkfVePS~r
zfjK#dwb_WXv|@bsP;S?pvAW;0LEMXj^GI6Fel7Iyvs8&(o^-JVw&cX}5s?7?c)<$P
z$rv~@3m3OSEeAJ%DXA%6OwVrHEuY;Zb>T!_t+q&0KSivf?{u{u6?d2u9{O3UV8lal
zN+4Pzu{$~bNB5RQu2$~wHk@M_rU|uG^=a&Trfj4xnO-k88RfJ&&}(76+p-6M+3pbl
zCYQ99vHTV;=JUfkp`}yl-J6UOF&n#6dz9c|+MB1$n}UFHEMoykh<;y@6n5c81ssui
zUaSaQz%F)wVG!+^*T3eG)$L{eWay(3)-cf|01qgLZ4=n@faJ=E94sT*hxovtoZRIg
zRO<%y9)c6Kk0OFe=l585j5S&{sRyN>!esO9hyKCci_Qn9C6wsPja$o@huM;ySFhpS
zxUFs7F5``kp%xawiu<lKt**ZFTB<nsDvv0p@3TBTk|jU09n8uR8DFQjyeYOHDDm}{
z+48mh_lY}$G9-4SvWSzp>JsOPoW$!JD>LJeZ8*1g1XH!3<xz%Ou|0wW;Dp5hAZK0b
zRdy2Xl}li@Iay)0JI^p9KdQ1MvmhR~w*=2yeAlEb6(qD-183EW_+qV@-wA*Usfv3l
z#px$vpoy)sTXkr?Mnh3q(KzdT?KQ=BbbD!4GjT-JMU{a)fNj_muq@^wdCpI}J5;|_
z<lC)je|=G&#)z13KOE8SO!+1w`|_nO>3AwGcg5t&x<kZGZ=lq<`xo+bWur$EHDqFU
zCFpnoPnVE37ZF2`FC!`zN-as=v|rM+$K`y``fs#exgRO;q)(jJpY?Kj`DR(Jy+=5V
zlu2@nE{mzRI+x>HTJv?07XQknVl03Yz&593@>5U+qLMs_S)!C0z&UA0WXVZ6zH#(0
zyjxj$cn55u(_%kok-opGX6)Xzatqfd&sNOK?FNObX*v3gHaQc4edUuYpD~=Dmu5W$
z;|U55HySsC<jmORuDa*lwFbG?K?%OYb6|R~K&s8*F-mqlyF3xxyhVt*YQTvKAKF;0
zHs7+#G$YbNS}IT(j9CpZC?|Y>x=mcZMPyb)tt)eI%J=m9*rj^dPrucaiaUS7_q85S
zUEKVjrqVppuGt>93C*<{kR->$@2B+)L;@yW3O^52Ft}Kov*xe+-aT2Kl|up=8Tck9
zY$rtM*$-$#emsXR3@-IbaMlcinZ4`iX;Z7#mxY|r!chD!LJ!66B6z!iw{4p3%o4N*
z1?XOH->~tl?GFz?LSFDa&r?J)5q4N(kQ3%T6`ot2fZ-FZg*1X#Exj(JL-C^dtZyh2
zUS-@AH|al2gvz1H+m`DMt!Eqxi=gVpiNZpPwMyLvWe}$9{I7k7Eo<Xa)5yDoj+{O$
zTGs6!r~JIRDxzrAn?3CXij-WCvBJlz8~qz_(Td~i>Y96G>IP~l>Vj&C=a9WoyDfD0
zd8%8+j7N9F`liP(@s0<~0IKD18eK8<k?(QO_WPb(qcN6gd3PNsq>9w`+TpfkUQJYb
z<&;Qq3uDI`{z2a16%t3kgRpWewFREwsZ>x3!`5EJdVt-Q|KAST|IU{{;_X$A<fEUn
zlBLEi-cyn-NmVoMuvEXknn2>GdSk_UmV10bbywv@fpS)u*M*Z6K{WfA2o!g-S#hd$
zDxb|L_l@CG&s*&`L_yT;n(rl+otB9FOV=IhI<?q`=@tO@iX6|~@->m>sG+ql<c7mD
zTU%2rvLw12OC%k>rpHfF<GTrOLm^XQw#Vz-vo(QPfeq&JWRNM^cR{!~d<xL7a)nm}
zoqmQ6Rp@zK;?ZJ=ZPZM!R$D}b0)}{Yi%47{jWt^2w3^VRwragJ<k|Mtq$aEO(MPs}
zRBZ#l$V(p^k+*rgM}S8MmY)A0NtKp*0cCkQ(UrE@Co03}ccD}JOf31h<iK-Qk}7w)
zp_jyeKnZTy1F|WGHQO7VAh}tzi&9qu)*kZPRx5z_;*~)fn5uV!FKGO-tMrFv_6thk
z+R<Z1S$x*5llzfa#{!Rs2*8XA_y5Aw%k`%47a$^n{3f#(F132J1?=If*mT<Ps$lH!
z7&^;soo6YfICmU@^uq>4@RKSBWC+3$hz0>-v7Ps;Wkk33Ki=~d`T>}n=`Y<wvT0VF
zYQQ}&z%}@$)^7`r)6$;~-m>W0XfJ(kUa9rj^`}q1VR%J66Y1mPYha~J6)Dx-$LkZU
zuFV6=0wbg=VAgP5(Sd+4d%_y&85H;x3_g(~4H4{@bIH@L#aKHQ$zYuK3XD{Sp!}$V
zddyjAB>^(wqlVXMS-BNV2B|4q3-(ijvqV=2nX;%;tG1Y9?L_J1`Mp>vtusP7*_euF
zlKri3tazd!0d#Pv5Y+EX>W5thg04(!3$69sRa_lQ0N!$`PE2F{d;zZ#4(!>dl<wr^
zQLKYm?d&bej7=&EEx~9~RN+_5YwXhllwFk9XKJyydUom=?S0RzuD-NnFZ>1dE5BrH
zwLV+jY3?wklr19g+AF3zt3*<@*T8x+-`V07HRT{yt<r=B*89b$(5cie=$6XHhYFUV
zE)DeX=$J<Na8m|MuwS(*r*0c;KSSN&yEOU$<p*|<*!g4p62Q)|Wqq}PEb)UT06PHB
zA%+H1FXvwsNJy|gzQxjht^ONuIpbQ$r*tKx^b8+{3*?M%LtXqD51{m$l)3fSqOkF~
z*6VRI={u!L<i-6GDY*4~J86jJ>+*-_pk!QYY8l%KQaJ>s9IMG8-wE^3Cekh8@460z
z$chHM<ruVDu=*z{+b_`EBKIw!<tVrG29BcemU!0D$lF|gLX!mMIX#8e#>OI>oSwt=
z(WwSPDn5eYU^^zjEqNK=|H_T?0|1;$i_x3fLcq*-V;C&t)>-dS=?QmVtp~~rb%v3$
z*<sg4^1&b@X?$X|MlTDqmaMFg`R5vRR_+sxinWm(>-bsY&l?B5UFYi>^ORk~D{56r
z)Kp}>T~2~1mz`NjomyLP;jB(Y7?`v4)gcbLz}Xr35O8Ut0g%c%e8Ian$+~(JAHZvf
zm_#7-l7zP`as=nNHrI>ZfyV+BnC^IK!?^d{$I1yJ0*gvspf$79scha9#e)5(8Y7Qc
znzicTaw!1^`KU(W+0$1fba2ojqq>z-Fuq*WvyuG^K6OPK;r8qJ2=zLfcPcGGlVV$Q
z!oj7uF96sly$UdcCk;uPPj%E*8vUSUTOjJvxyC;ZZLa7~rgy6wxf4YFZ7Pk<2+%PH
z3BZ$-qLrgcQ$>=`2qUaqep=OTD1@i!0MWpk`8Rybmjf`i!BW&x20e{JV3vvS&Y#T{
zZqKJuJ=T6(J{y`PH)l2EM&1_Snj!4!!ABT*p4KxF9)|PMUOe;7qaZ^(!rL~EZ&G;9
z53Vsj6fRJoZOU_@-jZ0>EVfU$1cicvi4Br3CL2-{pR8>YZ3zbU#C(x{vI`{8>aOVS
z^EzWITk8X`)k%q>kT7)py5Lc-k$bo3wtZRq8t=HOMFxxm>D;8dUKx;H%n{jp9|d^n
zW~$6zLbU*7J7Mg)W?Lu%<q!x|@T<&GxS?H0=Cx^+v$&tGxtY{QY}w_R_DW=~*SpUG
zutJ)hZalBe8bkY6u{tAAIlk_A1c0%r?o>a0?T#G|lyTAOMUReM-{G<L9XHzIxyfo#
z=#ihEY2LIyx3Fr1QJgK(slGk3W!>8V(XLtBzmITlkl*tArz;7#rpycg-__B=RSF5Z
zH*`D_+WddvJ|97VB6P<)sr^LjObYCMTGl5ducoeUo(pZz7Y@32Mq!Xg;(b8;z{0hM
z+O)E(8cAZ;`rP9V+a)_3*mUEeuD~7p@P8Ql3ZOW*Y~5hNJ%l6#*WgZY2oT(YI|P@;
zU4uI`K|5F=L4&)y1rP4-4K%@>_cQ05d2`>pb7rcj>iU7|?!ETjOTYCkF3cFq<)SJ+
z0!r~8o?BIdH{A*zu47nUm(yl^hXbj}RRcg_)y-7mf>-~>Hd%nZonz>x9ea!(v*D&L
z`GF&miio6`>MEvS*loLh7byPUH@v0;UtKLw)jM21pLe+$C?ESO6I5(l2q)(@+4G2X
z$u3k0iG85__29g820T9)7CMOl;mZd2XNlEh`>-TTwzKqAl5U+)_iobRI8dHm!gQM%
zdw7!PnANBlC^<DJQs}oV0#(RSq6KRed)J|EdIXdl-aopDZ$>2-wWJ#i!0LCZH&M5i
zwWpVcsdWgD;fpT8_hqKr#6UFzp;`FQD*rlt;z?G`0wO!@$UMU|)}l@CFK8^Y=@_`=
zxm`yjpI$>vW=0V?VcKW)-7!>=y%rVuubhRNDe3A>4rd?7vRxgnmU&HWcGNB!b-n_D
zE@_DxJAgg2|6XEEJxVl8NBxaY<2k05*;MY}GQ%{+EMt31W_wI#i%n*lu=_VbyXlku
zzEr(2<j!>1eVx~jJ`l(Up{Kpa^v^ccf1~e2JORD2D?jrY6L_6%%Vq#D*EsJ0h>zHg
zQN|}708~+oY4rZRXKuH=v~;=A;LOa-YXf<}IW_G$_Tgr&adH;KPdiqf8n9^77Mu=y
zy7Of+A^|B-K#j1v6`ynbO>lKYrk@i%<+Wnw0ahw60nZ}&0FXQJB%%H47J=$r4N_Wo
zm{>aN;iAadrf%;{Uy6Cj_*S&li<yyulHaQ^!b)O5SYy9d#U84<a4*krpm$%97qFT;
z4V9U6Y+2=gxNp#}h|J^5(uaZP5j6arNeSt|1vlw?S<|UjL9Y%O?Fz#SOVyJmfO1Cw
z61$7cS$Qk0+^6b#XQ)^<bwv+Vhd?E-Z)zR*o3Kw=VS3FX$^P{!Y2SqPFQruV-ifJv
zZMOP@qOq|C-vrDPE)U1_V(lG7_C;8a4h`9KH{vEd*R}v)s#Mri^Z2Gk49cFr#HG1j
zvK+7?8~5Y$6y#PStK6=0_wca_z$9>Gn>66CQq&`6Dktdlp*P`M#=UR=2$XiT%RlJo
zBeAEu&G}>)4iKhmzsnWUUu>Kw21pInMuK=bu;usK+u<P%b|CLUfqRE0Id*bm%u}oJ
zuRCLe#>H{wvMZT>J8t9Nl7aFLq?dFf>b>MMFs?jp=tZnr^0_>FCKmNKr*iDSsn_7p
z4L;(!PR2(9y=cJ@<S-0>KuJ6k0Zs+dQPyUqtSi0gp6O;Td#;ntH{T_ui&hv!i1*uW
zX8Jwp;0&c(%S&^O&@bSXz!H07{ip0_hzj5%EERcJv+XX!IPdhvVQPB8^kT2MdHwO-
z50J>H9vjT>TWx<R2Y#UXiW4#kg4$aQXJ1;Sw>v!+zjn(wtbygS_*Kf1WY#Szj2EwC
z+&boAR#1N_DDI5idbc>etr{|M!aI#)QFu`^Vhh${xY*_c^O{fkS}ytpHaEjfOUf==
zd&4FRM0OF`tH0r^PhKc4i#<GV-3ISCjR6@DK9wY7^y#bEZ%_|FA1G>NOuCUPS<Lzr
z1CJBCja(M_2WTot+?wuc2zgE#u-etJMY~-2L|;aD$nf3Xvpq$h3cV0WA!KgY`Wf|j
zh74(d>oqhlgco|Qzs^C>?B(}<fTy**`)O>T+O!M&96IuJ&2n&5&qva~ZE6ttvpX*y
z2@t%NNH+T8bqsjCjz?L*bsUp{%sHyO9LKUh4dvJ@Q9uyLapNLtbA-7i5!wkD1~@@Y
z?fP+1IenY}{*Cm0X9;-+!QzU%$%6o{VyyhEst?_feXirRn(kYPLV?kVzs}_wKjdr$
zTH6p_sIGB5%(H9@Y@-qkdzB<rg`KIgx%4;&d}7Oq?5~M)NgomwZUv0xH0I*R3+wKo
zN=1cKEWR00V4wI7+;>YDn#X0KzwbqRMEvF4=tlJ9Rbmwv?BKmFiYkn^YTj+}w;skd
zF8>blzWWi{pttBh7(Y0%4)_Rj+s)Q;K1AG;P{%n0<8{-n*o?Lee(=@cHopy-+Knlf
zNHXBKxVay9>wMh!#n8{6Onl0b=RXLdNzvZ4V4ZAb2aU!<i2ur~>P=x3P*xjvAh@~-
zXD0LY^id{z9d2qqWlu-1zYLZ?K3Ov<0CIC((S4WvIm`ZQZY5Qrd$7<VIj55JYCQ95
zWC6JS$9j}>b0J?|Z6*K-OLANkXrBadVbZf0zLHn3`_TS=2l;@V+m)ID69c{EE!-yg
z7{2#Nma`Q(x0ju6v%G07|4_t8s(|%{^RXxQo%Ji0j^oJCf;A7^Fw--{>S>8uNqD`}
zbZEr>Ip2Et9J6xQ`PZE9fr{8LXom=I5Gt|-k6&iv;{3|2SRqgCD9uoFk33FP#kF6J
zNk&E%-#4wsBvTj2eS3jGg9)3<LLU}sU*{x>7_cQ$Xf!{!zA-r!gQ?_^PPgS4f4xfv
z36T*(aAwT#`=eMBsd-vg`3anCSVpSmU!7lDi-2I9{f7}@EDNuVZ3MHb{kUI)w_5?m
z_$BRM=4dBxPA>YRJ9*~IzA50hIJhr5`*(^=lLB=UpLFwY1FxE*Nq324(4PUf3$tW=
ze1uqOKz%}P&QF|~b4vTAvJO!AS9y?5k~KJ%+g`e<I6m$#W^-M5s3A$1x|@=HS7GjJ
z<wkaLx9hc0QY%2Nkj{KVbkcMNvG9T>FFKBR%{Rdc0i-)zg9Sd-<k$2NV?Q>S>iVm0
z0pu^4<H-l{{5>{_Fp^?s0A;;9cgzPaFy>Rqvz~G9@KM|B;TX?VoGzH>PqnTaYntE7
zV#@QEyWp58SagZFDB{dRvneYCAF`#rX*_GJaJ3+AWMBb8q8YskUWunmIF!oW0;1MF
zzSpnMJf0RV?X?J**IUI-X15M3h*~Y?sp;Dh)laIgx;!Y%gO(ao^_M9g3qGNvZu=Ex
zEh?X_)pUzvQsWCo)1hmB-;~}4^q9u;{MFrB!30F8^CqwD(-1kIxdHjf>~T2$A=Elz
z&Q-}gOR~L6<R3ZcG`qgEr-U|qJ7o$C`>gkg*X(GiXV<LyA*AVFG_gwn*hvC2361p{
z_FUUqui#jR&4B?>k0QoYwA^9krg_&Pw*tCzRWxYMOt>JLvF_Umy-738?)dI`Wj|Yg
z0mgLV?e+Qf<BPL}+L%^#rYGquw8^rRj8?N?d!iRk@WE#cl6`)qU7oQH$hcguHGka#
zmFZXP<GIF+?BisO2!Tt12#hAcfzXhdz=4{mpiVBr14g-3B}X-xOCTRkuzK2S!cBBJ
zdEqI$3kK#HFHHYu9|bpKLAyA}s7G`JK-28G=E>wTLo17Q-gF32o~e%j<zX8-z@?jL
zDfOw9C4rRb5rW1?t%E;HnBK(z<H3H|K7!9UOAiVhJptYQDnMvFNIv~j<<sk`y`m7G
z^ovc1HG|XxH2Z+d?3B2C+PY&vn_69`BlS#tStpNI)JSjo#KL9VV`MTZw|XofU%}wc
zS&>}$(M(w$0@mESNl*XUGx^|n<Rs&Q3pgf<Uw#{KuJbP!WN!s)TDOeHq^lQC>?J~~
zb>w#(*D}MocM20frJqB`d>q>i6;pJUE$>>aC5ABhRhqZ!fSdsPR*B3o`O*k96copD
zFH^C7QJS%P(Df(#$iH*rl7J+qS$Md@pMPHgC=hn140&5oEpW=#!<e$+sA*qs>wXK_
zsParxKSAeaD&>%`@;e%R*@<f6`=IG!xlC0&md4-YVqt?o)Z`cgz>d(D&ZgAuG>2#N
zRtF1WZ`9xJ=c#;9T-wF_!0W^H_2O2ZEn5wq!}?XizDeOycj|7&-TWgi8bGPc6sFzZ
zINt%_tL*mCgYcH#rOA@0sFuo#V%FW)c?9h9LQn|&((IOZ4PZM-mvp*AI@3T9AEEPK
zt{$87dNmRG3LFQ^%zhs6-mP?6&s#NhUJ)1H@0>z7d8BP$96~7Wj_RsL3t#QrG3sWn
zIajyKVWKfFIk!DssPfzj5Un0Nf3OQa!+xF+x!=?gVkx|%FTt0tH%F4EhIV$H#+q$A
z;db~V^hfGmu#Smr2f4>u;W7J+08qTJP+)jrC86v#?v;A)EMMTfOz%Z}I9f6e17gxm
z^^+2qyfiu)R0z}c+`>TN>Ea8@Zb~`42~OG_?M_6SX>3{8E0<{*X<qj(^~_Vh)*iWe
zri(9D>90=bZxnp^Gfu?vbX&V-tlB0QIo<QKW>+76Y!r`vnROFiZcOqK^dEdoJ!hGk
z%T-TC<Q~GR@Y9^H>xB8E=jb16u&J(JEbF+sAj;$BDvNT^;^H4yzRi|}_V-5ggBgN`
zfs09rY&Mc7-*)4n8_Uti8+%FAn**T&SwC5}skOw4ZFg<8!(H9;WE`z^M))_D2rXt&
ztF6j3OQi!B=Qt64AO)j^+h=y3F+77#bvg3aPE@IGc{a6)+>EdDJ#!y4i~hdt*@O{L
zPR69?e>P?VjppzWIHj2c79`HJ0=3(!bbX#NB7MF%!XK+`T0hQHM|E+D=$vy|u$|>!
zxsJaX;i~d*oc#EqJW6`bw9-<^x*XNg(&cA-p?FF}K->~o-%RX4j*qdGQJ#CX55>}m
zp2-S@QFGj>h=br^;x=I~ZcC9ZbH%J|J!bpdWnKkDr}E=%hI+3GFMH`oDFJqJ3V6GM
z3HiI4jRPzJ21%C;guLQguzMG`4I#5GKccAlkgK3v%%t>W@}){9Kp?d$o1U%v<BJv9
zu{(D<yl)KTUhtQ|15gE$YVPlD8ZX_Rbjgnk;pRG;s}W5|p!ZF)W5>1?&n#7Vlj*q=
zmS)m2{_1wv_Q$kWF=pGfhR&qJ#MUzAo7`)&!eaF~c5e1gR;y)2x4xA({GjFN&T(Xy
zN-xmq-*%CrH3ETo$Nf|Lhd*xkh6vz5V2!?g<P+%2ZTrOHD)S)Czpsou$a%IpJF;$e
z5(Nxvh1Uk1G-T=6thk&Iol(uHwhc;;x4E1lYs~lO;~)OOD+@4F=-GVncl`=qSs$4y
z1{E{C{`h`mp@28)gwksSe2-7EB0pZ<TjqAR6ltMOtB+)>zZd+r?8%>4r9PN;t{Uy^
zGo$2=RN`(L?_J9}t9sAGT$x!6p$w}Wbl$(d*PE#ey1f)Xdn8BtH)`$Abb1T$kv@W&
ze=;ojGd^+xz~kuw)i8fKM6=Wa==|w28G&4ICl-+GE8wCq9l7sh_u3S?@>Q-7)XpO@
z;Hiq4U>ygK<Jcpf6ThX9&(x;<ZPsuNBmKc#3?+1PHQiOot7|>Yk^fLGr>w<V=IWnz
zFDT0+L;H7<`5TTKe|)Agi#s^WC3C&efqcN|0(DyX;iBZ`GQCl_*~iH0Z+n`10q<~&
zZPV2LkB@(+0_?Sgkj5bz9AZrCC-t}9H`9w1_C66d3lMr!*&yloFL7h^HFXR2@81BK
zH2}Bxzc5hz%kSu3JcfEbPHXgk(n)9l&nJ`XD<A*mpZ@(@kdZ#h9~s+U_D?#Aua9&R
z7K%~O|B_Au@MBIi(K&?vkODa!pg9mp>1%`jlUV*Cw0fYc48kCU^+y~2SNlhbrL>Xs
z#{aG@e+5`+;CvbKpOJ6?uo4XT&i~M`^QS!NsvgC5@NK*2PqEblS2Ath;ZIJMzu!`n
zpxj4@fp^IQ!5_>1fA;u4NS^K!yu{l2dh9bMZPkvBjwZi|XKyI3B~vT+_1)}h(__xj
ztM*S_&VT=fV@EPD1h9+eG_Sa<RFCXJ`2YQG{tqI9<43JRLdK5x$9D{t2Of>Q))rX)
z!-4%{?Ir-J2?q!H`CsHje?~(8p-c16T@Tg;K8xHBuFmHVaXV4~Z$@kNnA-jil6|~N
zS&!x?A(Q#y4+6e6HsF+aL>a#P@3?)?ih#X=zuBq#^TH{l0nhm6BanZOt^OB*lKBB=
za4>Tu_{Sf7Xk-R}#vGiE4UPQ2lyLv@@Bc&Kz_$D2KXUsZesz-hW8r8Gz=sFiBi8%=
zr+fU5H|?_qEUgDqzxy9jdIs;Wgl;mN%2SFXz-9Y)2;IL<oPQJ&P{dDkKt4Bnyoq8Y
zu7BBZGT@#4RcHPX>ECaINc$t_R^zth|D<{W$gs__yu%j$<O=!^8@W*ctXyEz<WGhr
zv{2x&<9AxU?0+YSN4XX0{Q4`TiUD?IL+x(_|F79FZ=h57+OzDhrD_3mWe_B)hQHO)
zf2~F&3pi|A`6N6%k^c~q$kL;JB$9kD`u}eAzkcFB#XpJ*w8`>~eCGe--&g7$X{l@{
z(*8Sk9keiD)$qq(>*W3r(s4ZSe0$1S_x!&T8up{=?^IcN^~d+2Gknx>GYIRB|JBi7
zNdb<!z*bk<A1n1A#Rt~nIg-Ht|1kspuS;J*ebz6s^@X^gLU6aNh$}NsH5!c99U+yz
zbF?7s_!q&H)T3hXoLQj%ZxjKFiS*Y|ME3X(SOc|@7Xv&Ghw&Q-l4Gl?j07|qX|GHl
zzR&-B`lo1)0Lkxmw*P%T=bz`EESLgZ?|CEYv6Z?A7npJn6R`=-KECWW&2fZe-#2Rh
z>Av}Y10?7{@YnYKZ|nY--x>IWu}!RARKlhkP3=AvrnEe>v`&<(9weVmPW}*QWJ#p;
zmm~qYF*z0_^uG?>Kfl)hs$D-30PHil3Mxycw=rLh9xGcL>--G;I(}3?Hza-vm5Rq(
z;U3>kZu->xv)lTQ`r&{1_N9*~{oWz@&!~O}XZ6O#o>$qZ+9m9X94__p=~A<)j^Zts
zv|7wU^>t0W9MboimCGb2r_`o7pv5(zUQ#H4ji>FOtG4D4kOweBImW#)FVBt4+woJl
ztdnl9p{3^?u)1}u0zfT=@T?xfoEblS4}0VZ-J2?Ah$iAm0)R~B$rmTU9J}M=0hWQ)
z&d^QZH91#4)$^kKQ6MG&PQpw*XD9UU#q{T2gC)qQ5FiZe*!`J6i|<%RGu#j37^tc;
zeKNCEX1Ri;e!W~>0;76Y$;AV6J5iqvKGB;IeP8b%Ci?EH!R(;9Dvae;r(s^nT*b@`
zBU0DrjBuFJHP+J#W`il@uL@rS{JR2I8}Tofg3fp6Ywbpb_!J)Q?{eH=OCJhV-`KTI
zOsIy3g_Ui4+#J+y0>em-4~-vFK7ECc`b_56-)8Oqsou~cMWm1b7LpVS7WsK5hwxB#
zZ(n2En7BgI2${@MH|hE?gbH#tIT9NU{V!@PG_}$5G&&dGi62hxUTVA<JQC-f0rKPw
zYK2th86IYBxL>%eX&&cDwfWdEroc0(7lGpy_<nl*=CYaq1O2tqnwlv<e`^OYWGY87
zQ^@s1O+(LA7#|<s6riH5a9DreSduk}Ma<XtT{_<8i3$%1pR*J|@_KL&@SKN=<R-2l
z1AC+a?2&8tPVC?9(K8JHiB4pb*_dUM)f$-T&|&@OGQ0SF-m)QmZ%AMNhZ1+L0-Zw)
zOZD9ky!9RRcqHmYh6^t={&0iZ9B@z|B3o{<pEq+d-OQ!byMtIWIS5#w8d2a80D*vf
ze)!qRDzZ46*V9P)r6UMQT87u=qFI>sXAIZoVgH8)_ai0U5Zb|Z1zPZIfeP(Qepef;
z_bcE4x<{Vbm#l`LMsgm2gXg&9v3+IZR0_bTFk!Zf4U^5X&lxqzE*6|(2h;hdZAp1-
z(-wSh4qPE3x!42@0A;8cU|D&C*8eng|GTarBSjyaJudLRv}2K$n*CUEEJdTCE#5Do
zo~V$Al|24KKU3Pk^$%A|=`G?r3NWwFq|oloP>EcoCIWufYiCoWf{(cj52r9H-Z~!9
zVJ`ncKogpDEmND!xcsV^Mr2>+G8$AQbO#dnJF_m41DHdyG6S#TAQ_ak!~i#xdf5tb
zsY;keslHwfXr2aOe+6LgOJ1(Ll}aW2;FpAi$%j4FGG+j}{=gN}*osbt$X{-t4I4PP
zIl#fyg?D`WclsI}i&z8Gp@lK;F+cPua%m)L;fz0YMD`UB%n#_v_e#knpc;+-X_LC(
zk%YkY<_|{otIfrqP2MFQs?)O%syC*2DyqHY_KEebG%1DT3h37CODAI67MtWTwmzI3
ze2~MEakNt2_0y`dFg&@wShFF$&>TLNr%9Oop~q`}mf~$j3$FLMafJx`wKT^7NMesp
zw?lNDDvP+{49y}<pb_x*qlN*%{Er$Y$8;bG4<DbBZ<y5Ymb}tz=rf>&ESH+<t3dPW
z+1c3(VmUfXK$B&0SAJI7<)wRpL2FBzWB(h+Im<k06O*H(JwQEegp&G}sW?Kv0$j$p
z=^@R)Vfj#H@ymJp*IumC)?oSe*qb^<!829M@!V+D;xCoE8!j@i*-G;PKv`0glZ)<6
z6d0FYMR5#Exg7#{l3DtAK9@_6T<x3;zu#-!?8ZG9{7jcWX)_tG2h&!J8{jI+Rsl}y
z<N@Z!!SmbgOuvnIfN5Ppy47i0;gL7FO_?3tWKZ;9zBU<H)Gr~zW?K*<I}?I1(7KQe
zm@y~RzSY082qHqbm%Tx(y^M98a<Yf~9LBCJrE=x;W6j;jV_iWUmRE{oyu7n!B<uqL
zhz-Zzzf);dn1t`o*D8MD2EF3!#o5uUc|;uq%Re$G34h6?6Z1PsFT71k%E_^Yj?rj(
zNGY(B4~VOreMlY<e;zk4yg*~%3^3Tq8>-Cv{YD0nZnq1cPhwqxHigW&7Pp6nWTjyz
z4<k#EHXW{NKkpprzzFfr8m7-#-f+ZC%WZkk$3fT=aHQY$^r@Ea*k$1Lr($4!SNbmg
zdCQ|Eu}3HU;kp<)d%=5i=(FVntG~F<5UTYVUb4O|@i{L$w-Z)87l-^rVJ8n;a9j2P
z&b{>@FcI=VJOBqH!iZmh<>TUJvcaJM)f%EsrI~!P2{6OOY&eZKS1c6kkiYB8XHwcx
ze+1+&g6A`05hqDkS62YwFM}1>#<Qub6N&}C{?Vtn7Td$=L*t6V2kMmAa(h8^r(u*a
z_Rx)1IE1Gut_O4Vr42C$HS@zw$Ndaj9q23x-yM>1T$g|uBwLR=JGRF@UjwqfK7*Rm
zs}*hlP@^BEY5BMefMK!)Km90|vLT@ZjO>vgZ*Z}$6`Flu2Byi-b|97l=J-`u8ktS-
zBRRaT+oFrV1Pw)>0IcZ*qo>}eGsNt0p}yob8asl6BQ+{m<TD~&pB&zc`1mKN;J^P7
z!NN-^b1&N!Jk*8aJITJ+)@WDdbR)G)e>w?Dj624AV*<3&AM)~Z;sNB$y{h(fNWE%R
z@bHERi%)WU1+o6(0>FsL+MAHpy*OTrWcdP2fXVqvcJt7QEo^hxe4!8XlJ@>|Z_*R>
zQUMuGQn%V_k{uZ25pOwHRp8&r#J0n?5{BOJtd)at$DG?{hD;hEnSZ}5uvR}$(nnio
zjT-Ih$rkHdo*&BJLT;L@Ch51827JO#43uuxO;*kD$o%oBl=hGy2g^DieKTs=&{l=`
z)!6I|>MO4-58sd5?OTmE84)-wDpzB6rTX+1aVw@be_O0+-v^Box0-V?^e>n^eW)3(
zvejM`xV)0#aQT^=e|&2o)a*)FX?^hSSB9S#-*P;zNp^;YfzPBaFvYt>#$9~^zWYZ>
zLw`7{!<fIDxUTaGB02H}FnDGvibQZOoO^_K`?cHgOJ2wCv~Rmm5sga8-#+V<#?&VS
zXk!i$!vQ+!THehB6*)k*i}N^v$k?vZ4(u<4eVa}?-guCD?vRfc>+oEh1>q~OUg`h<
zkCS86SP0;RMdO*c!j=|SuxX`Go{jK984=iafH&Ko3+7wV!#j}fS|LzD%sg_PEz;tc
zt_AME^ew=1UV;)P5KOBs0`?e_rmY7Zh48xUsX86jZ}Y`wxZfZQ8d;zVMDN9y&*N+h
zyFc%~Yy$|kd7YrewGAUjQ@pkdZ+l^RnZAzD+lOv^lXvd306ASR+D&j(Vt|~mv@b0j
zo>cG?BuIghF$o?S+<*A#BZfy&S#nY3AX0NSeNTj>2w99Fw%${-PWa{MVl*mry7Q~k
z`=}jRAtkSNmBSeeP>C%byE(}p-(Q|?GyGV_{i%x1ez(?D=IeJpYd*|N;7rtq-M&6+
zo_UaF6ukL!%hN*r`T}N`;koxlaXSkdcn=@*Q#=Y?4>`N6gY479^*>at2n*i8$|YLN
zs3G4SU_I<?8+LOwwVFYrt0JTbf!|mhDAZeheJV|U;<4y8VdKQgw65iBx&mkIGxg(H
zLl)$vjabQQ1X<g@EljdBN}g`zUtaK&>$+{A`lv3xmr{w9ZzKe{t@ZdQo-u&H0{LbK
zvLLzi4%Q)6Q;K3KPMu=K282D!ifi(2#~mONf2s}_8;ALd(|+E*LX_lno5OKn8O~u2
zc~#H~-Z`MccyY;vtVL;B#PX4GvxRn7x+Vc<$A(+b>paS{a<zI||3pBY0&~ebU$?$O
zHu8aNBFGR|pI@iOW_J#$oC3qBnf%BGFj%6znz8ZR7__2kT^mdo2h@14?{AhLJZYad
zH9v`?>Zs<iTUrR_n6`Uc2aj+cC~_LZf5`fljY6*BMGBcW|BO)q5?C7?e)^Ve4e<@A
zH@pStaw?&-7rXj7gU-^l(kvao^MMNEW`L!2U$3prI(K=VZZC|sFX2Ecl1F`o_}P2W
z+|ITKsZWSwR3f5gU!FkH5v9IP;LTJ_rc_TM_~n4;Q}%#Yt(r+_?Hp8}-=Q9~I^Shl
z-?~o(=(OLsZOxoCJ+T7EQcimXdGFPtuHc$ZXZu<VQzAolh|md{omo7#KHkjaZlD?}
zfV#qP4})hPr*~h$%e<AO@#BCnGR$kr+|*e<5+XWchqYd95pj5(+wj<h*Q>ljO+fV5
z6~;Oe(8cpYf>QnC9McUT)`%a=U;L7UX#MCh&q<B8CN(2@YgSdDnWdx%E{MSK!N)4Z
z+5CVpGO_v{ZR9RX7AFt|dpO^5XoU?oPLftJW1o{~*4CgfK<;hdHQ<P**K8EmE;;Ix
zOCWqc;6_fwmVXahYEGX*<Ri3r|CR99dQ92gylrFgK#a9+n3U1c_rhwn$7y@IqPbHJ
zJEwqC;^3lQr1>k67%Kdh6o1=nG}ZfhH;<W@Vya`nJUiq@vUo(A(|~<9!mCv-7bGVO
zpA#-pKxo44<L&wk=7d#b*^pM&j4tha(^kJV+{ut4tq!jDwgx$wMrxZ~R=I3ViOPOE
zrn<=yEsoe4AVSmSrA_70_rx{nk=eeW;su!Y5#VTx0FP7QSy=oq5Idy3Bc+vKW9sWl
zg?syEvP4gZ+iSo$hPTHX7*Ax&?g{ujws!zwYr2<R+IJiZ;`kuZcTy<$um&h|GV*G(
z@>EYWQ8Rvq!N#syp^&cgFNs6>=S3Z2uflk%+rQ-sR9&sd3S%^B(0s)C^i=OPS=4p9
z+tO|XP8?l}g(yvvMn_~0_dzgT1{b-le2@KFFH+k}^E9InjF)Ss!L>u4XM6Rqy01@E
zTEkcH2r-Tp!d+PmS{4Ssa18|O_omWoBFDX9mRh}j1su#ws#d^Qet-8VU{E!mP0@q$
z=prOctJ*hmwugSswE+JiL_ozmL_ybl?!v%EK{&r**KKI{4FSJhx0#bn=~Zqn!CG`v
zX;y(cHGfCvS?YeIigj(5jdAk<{TKSg3KhS>2r=&SR~2ImCrj)qKjye;N|#B<3((Zp
z7r!BSq(*+9ZSm|*BXqj2r(52iw@k9W>DW$9Nw+3k7Sct0p#d0iD)A>QHfu}IFAh@%
zCviFP=)b<e|C!c#P`i9M$Efx=XLJjgdf;U6yMl^BXXEqksD29RXjX$`L3;PE=kBp>
zw}HzzyolITtSpK7d6<4LyYKWU8VqeQPZ)B3vR|eCG|}pAFXN0&-3km1axWlZ$rwnZ
z+PY?akfHQnqX9#E;W9!ay<+L^&d#9IBf-WJ6K}&6o=-6dm=gg*Ugo2q7P^Y#z}1%e
zDu8q8+upd<oyj8K_#=<=&?1+S)N-rnK1WK6hxj;#H@lr$Vk)l^a1>hXwc&Kd#7;h$
zpVDTyXXi<Z%!W-|4fDg^n#+$0P5?G6oxbw3hJYeBV1r~dza;kCWEG&X0}-nEcK7dS
zo+VZdT?dJpFUd;v?pYrM<N^0<(s_5RyLpBI@^B4h+1^LjMnk2|2qQZIESke`|M%C;
z6W4f5ed4de7y+(Dx%8$!^Mfc1qG~dgLj-F4u1@yM09RNetfk^7lZ#F^x5<&L11$Na
z4PPXMe;UQ3<~MKUTb9%NLW<<ln*Jk26hxFF+IkNPxi!Pq<SI--Rw%I+s#zwz@{~}W
zQ*FI<aQmiO*)vERAgBBGwcCP&zoo<RjMIqVw;Iu~@OaF9V4RIxNj;kfGMC^IJnnda
zT$-wqI(Ri(LO^)!Bhu0vrKE+R9=`J1yNl%|9i$^0kAv#z270nDK~J91qAtu($a&77
ziYe^jm_2RA#adl$y+32oVD5s1hcHe1NYoucILsS-0jtu7zFWK;F&ZG}P8^IgX-7fQ
z9sU3<Z9TWcy2FZ14<+%;pN~O)Noe5hpgM=nT-WB%@wP+0x~ZK!TpSz@^Nn#_>(LQ8
z0@JUDR6R2ZfR9F$BGZF^W|Aulz8XOA7i$=1YaLwLY2Z5xe{WWL4e>*N8@9f>xb?+>
zgS$@t$9<!u%n~N)twp_ug;G0E=H!{;NhSq2iPbDi8&3{$wjfzZOVCa<sE3iB(})&-
z5QzEwEY`Q7W8tFxI0zB)Ew6-!iImwJUx%lrVv>iX#hh!rc2U8s^{LuvZrbH-Z-Bhn
zLnFGrZ|ZWMba_OC6Z{h*QTQD2lcw&UL7ZP=`v}}G(;}bK^i8n1Q!KnVjFjyl0|(T?
zLF$sZZ-G&7TfiuIHv{sX{qek58+td{L4#FtDMqoGI^Y~MqV#Hd$b8hX#5p%AVcJ<W
z0?bHw0>M;F1*dKIqU7vD8%`GN$PkO<3BT*UCZ492IWH}^&*AG^oZkYvuM-9&iQS(9
z15je?hkLwYf|3J{(ojZ>SCp9uoAVQ6m5o`XKOsiMi*$+0ZR6g2>9&55`!P3=DrBr+
zxzJuTG{Rx`;2L`6y7VdkcyD^9_Y`0sRV{m9H%fth8mA13>k&Z7sEqvf?d$RHg@p%3
zK{`F@qQE1}k3vl|`GP)XKbU~K5=?rE=?+&(b<mDX$_dPl;Q@lp))Pj0&^YKg)+0M$
zko6#nd7h<D;Qn%beK?lv^Baoq5tgF4Me)>#5Wd191Mr*Oih9PwJN8r`qgg7Y&xkV3
zWR>G9Ic8u?v66#5G3(SD1;*=9*Z$A)xh@Y^e3mkq)^npltqZ^Ca+-d#hm+wOHLPav
zDG!W{@Gxmt+3T}WV~fYGX}z1W6r~A@0j8rQ$}7t<i9f?ma39}DP*HH$wHN(_9>^Mh
zw2|VTOr&3@Cj^jb={-+-vFh>lF;HVdTiA#Y#VKfZeVQ&Fr!F4qKA_z7?Zf*SJfm(B
z_Z2wWmagtEDG9-_In(;BPw3B330SVm#7S3Pt^<)8>yiGK{MBf=AjQz;hx;34J6l6y
z0ki(_D<D?k1bj^)b+23`$db$r93y#Gmr&5rxo<KsT+d4TRt}yDOb>^~u0q}Gy&2rr
z(Zpmnt%Kevr@L5@w7V?CWtZq{b~Tl?L8<=iayVsjD-wXUweG1$$Q;k{{1}o)NJ{y3
zJ~!p<qiChS=$Bgi^Yy%ONr85K0OZ)6QYFvRsBf>fr-+Tk8)9A}oK<7#WaDY1kB4g_
z<S`qw6*FEFyJsxz`!j(|<zlrr^xjmPlljQ3WIB1n9F1M}vk;WVe*$IY{{G<}_Rus~
zzf#?19R(9hA;Tw+%kVyyRw>rz8n1UUXBi7*@tSJ+nDHcj!>;wNCK4^c)v9v=u8ST=
z)`+={bVw|Z37TnokH+#WQpyGB?0$NIiuWArgm<yQ#mTRJPz=$beuw;#*33oO0_PQ$
zlixk71>|<9i=IKBU*@AXhoCL>WG^sLuWx8O!+A{l>Bp=xkI~PDgM0&|{+hl1YhT+>
z>>ZSt4P4sZAeX2a+SkD45sBs+H2C*=xI5&<0imjh2iehdKWs>BnHZw3fnDGivpe$<
ztkF|(Ryjy)z;oU*5K6*Co3dyPu+ffduWja-XZlPf;y$zF&|e*uU73lM`U)_vbE3du
z5+fd(;;L((J_&omXEi~$y@Go31h8FhaROLCcuAoqa)gX5YyUZ@9zINBH4%Tf(7qIP
zH9svL{L(TGd7I|#d`AtCOdCmz<i)KYNs2f=KGse3yV@kY*nen4z~+=Bc2ULk@&7LQ
z>@io~AY8S%5{T_;y4C{p5C)h(tvkn8jQTv%D&D1<0Fd}H)b4f@8gK&n<4j{@#fR&A
zq)qu0)^-t{fDs%#68knd=H}J~@!qyf>}At?hL`4Avp6R2BK_-mUi2VcxQd2YRL!^<
zTHJhsL&z2|xjvy{=<B*i&tjaRWa;W3EpCI;1{?Xcq1S|YeyFw8o3@R@7ytV6Fj;id
zi5M09iNerMisJm!i*n@OVFVo#`#Np7P+Yc;*a3$lEzvK^@e6UiIvo7Yk%`+g1vMpY
zUNFK&BAO_U&9VD&@62h7D$R_|iX-=zoIEF%{S}9zbZ@r;`YcNaoz7ez9JMxfw#^%1
z_f-Ynt?T36TF_WQhncnznvd8k($hxG+6_&8c8YVh0=L12Hs!>A+=$_Rl^2T&Pds<`
zg9CKzkkXd;yjU;Bp8Av-Rp@CG_3&F&Hs^<FmV)(p&#8#Z?OwevBKsw4E+*zapHp0(
zblwHqj6Q1@N^x|N)>5x~0S6<ptt0;^rsVFj*D{N0XD8^(AZjL--pG00^}LGLp123@
zOjf6@{egDAOyHnuJR-qZthMo$u2-L|L6~T7;pTwg=g|n-t!>W!{oPF{^}6R{{2C_R
zw$vnkBuNQ}he9*Ddyo@{rg6J_2l6`O^oqe!NZp^4@JMZT^vi5zo87m}D_y*2(eN8l
zOv=-nBDQ04Fa`N78dxT)=^_byyooMH3Uxm}AcZ!SYuA`X%C^|9PxTRf(~wl~@y@6%
zUWy)HCs5m;&ztd)Jzqs);34$7D*^)+mKPo%Z$3Rd+3+1vh@#byV#}?;?$Yx*=scvT
z{wP%NeXu2L*WnhJ5h<3c{27D+Qf0FnJ<;&Q!pS^9AmU-6zFFI!t&FU9`Ke|uXkF(}
zi~aNSfF?!(n*q&hwoH5z$O36+zsz@HQP99vgIuhR^qF$c1u$E5goZgu9v&4Rg&&Jb
zSL79{2Z;g#No5FL83iFsH)2~*)QmW;j?=v)#GHroQB-s+h))#`p4U5;O;UfqbX(33
zq_pNK4(ph7lKatiER=q3q1vF@Dw0PrJ*p`1TU@4lCb_(6`}jQPT^=cT`!qYVjK%7G
z(bpl_P(JEtf=S-!sFH>E6VCIbKBvFJ&Q^AE5(P%ZL}<xFj!jcfC0oAfgGNDQtv1Oy
z(F(81vt`pKd_vB9(PSgPOA1XeoRRA>29ikaeHJ(-mbC~otn;l>R%x!{!xWmgD8wyp
z70D3qd9oWY*g^+AgFC?vp8=HM)}}v=%sh3n?plr3$egFkj=6N~9ri1%vT}urcjE)i
z3?)2eeq_yO;Fn)W8kkn2?>Le~HH-z5o*Tv9b@Sau^hY=}08_dnzIVTvO}5pWGdUl~
z@3^9lXd~<tigj){Iqw_d(I@pNx!`apWpTK>I#0E$6X**a`CTHN%&fQ8|DL!nkk7JS
z^6P|GUllT?Q#<rz=)wuDgMF>BCYN7>%SmH1b&{xNZ_?7o_aWlxR{s0RF?veIO7|C1
zQ(`m|he{=pgzyR2ut=U|Zzol?IWaS(6dUPVAg}m}A=lXemjZFMqPkYfT_9|eWR_$@
z&z;k~Hz-*SbZ%}4B;?kcgj=q*Qf=b}M^hi}V18Q@DvDg^D{H|<@A^)-L32C%5<-+g
zFOGZJn-2U(4~|;GdEk$p3of}Ae8?da_}*N1+!P)_J%>H+(=(sIciT8&uBbaK_MV-D
zy`AK+$jE(NVvgLj9}k49m~jplLYPZD-z`RSygn2m9!<iIPu=ZIB?4cLvLf)LGu0kA
zPyX46u64c*KXqy+)7(W|P9`^8nA^Q-_dhZVG@1SCk}lC|vWlGDOoE4{ww}#3&vfcd
z*V{H|HT(YXm<hpa<rz|1TO-FOd8=`{NGXj+9WS7U4UsjN>zpXo+Od3A+*<PR5$M61
zETIINJgpfNzf+Glc4+UCSAvm*<3udU3=Kw4DI_(OV^5gFT|4nR^}P-fo%B#nz*=LN
zdS!<Gvo6zmdK^V$<ClUaNzONp1^4bJ8Yow9lyz9QDR5OB3$VwM<h-;K968Ew0c#ND
zQ??yZ5im$W!p@;ANnyGn!|$x~Xd{0~4#ssbU=O0bi}o?nb&JcC{<?s>;!(GN=~3?N
zes#RL<djav0y(;MS#apBuc5+^F4lZCBJ&ttkqsbv`uKgm0?lf?nf%cFf!Jw8xwCkB
zz)b(X)~4>*h$HiN3ltl9f`8Uo$U8+pam-vG^<BQz48ZokDe!?tXLRFdJf?tL$5+Bn
z=AuF1o=SJ|xyRaPI<1&Ed3gZ8(?*=+7XXv=0=m=ZQ7tYc&KH~^whshruG6PsCgJ8c
z>Q&oKAJ?v*lGhj=WuU_1M!DO>Xtx}35}hxPR&5)_5f_a@iL)ud89=?2*^y4*oxXiL
z($l$UVB~lEU<zBOhp6~V3sQ_FJX~ofpjdKv1FBuzY7r9)2qT^1O(hI|rq5{X(N_g8
zL@0rH!8B^q)`q%7k~JhkG)l-|!U;@EcHHbZ5k4gu6>78oChpjNi#A-Jy(?vcp&JbM
z;Qz*%ekJNyiH9Qo-3Xr9>=D=!2{LTF2c+?L3MIa){|<U{@QE84I;t)%ehJXj3^rdZ
zrQ%{kj+{|_a86mmY`n(hdFt<;T-40uwV5r{Ip~L7Ej4?2>9-YkvTbt_kg%;1KiB^9
zIDmTf?!$F2Fc@C_h2@gRO>sWv!}WBl+y#l?x2atgpNs>L@BI~RbN_2cDJLiE&=_Ut
zX|gRqhqXekIiHiPXR9EzsoEToDVrh!!7<q?UjC?X3)AKBo7^f|Z#r6@hingHxx!Mz
z``6_yLMP#VQ;8?MozeHb+RT-VC1Ea5>rNHCSQsAweATyCl+LPPQAU(sWV-6>hFF~v
zQs3T3FPKA_#`VJLSXv&O`Q+NxDaiZmkMCDQNf#tAYAC6A-Z^!yyn9Ler0%uf7GwpT
zCz-YV;eE{O-TJYRKD@N*Rq@3fS;E@Fw}_BBuvp!jqhNjui1#F@!(2B?bO*JPgl!RZ
z&ZqoA8T^K-4#<_!p#t$>5+Xn#s*MtLZQN`*>6Br82vcYEa4fwtTZ$Ok8l{>4LfQa(
zUQ4uYZp--?)2*A?l)<+|YzfQ%NL9bl;7DXpXC;k(m}fMo>~{8cDqzU#MRJk<=9##-
z?UXvrIr&4Kb^Q5eDk*45Z%>t-cE;O}X_!Y?ZrPB2*1VaJv|P{dt}+?K{p~^5u5gBr
z>{alJ<55s`k1tp9Yb`MHa{2w7#`DzZD_keD%2)axD6v9DQ|~L6N`x;B)a1uQkXV{8
z84!rdX3Uf6nZ@0Jgk9K&(3x{@YhJYi6C3w)tF49ST*hdxBo(ymLLOR%<@D-)zMd&7
z#2+9jH@~F9yymkR<Kx(ib=iVp;yR7_PYywlr&(Ei6U`5A4C@QjKt%D=EHz=z)@P1a
z1ANG(z`VB?XIov8=ryr*rCGeT%h@bG<leVs2Gb2}3!u>ctr?#}NF`Q*5v}U2GkS~h
z!&OIa=+`lQ+f={#-*sy{+OB^2FH(#mee4dP%cCP_X4h--TRY7^AX7tDUofw9hVI=)
zTs^ifEb+bwmnoGz?vX1zN^-EYI!f*J`2kcupK_l-TvpVq*{VUHj#Lnc{}!qEXijiH
zpyRKn7=Xd*_qTPKz2ZzX+n^wf3-J7V8+#T5--o*k<_+9q3h(FdKvzt1;Fl9Le)<#9
z=SJ+r)8A267qTVLc~B2CFM9$}29XVI5uJ!8e`vU6bsUN00NEM+U+!@D*oLgw<k+gL
zil2nqSWDqaMDNbglu1XKp+4=^xS%#!xfCjFbOV5G`?7N&D+QsglR%*E6Wz1;H58s;
z<X2qQxep&ht<1DZ*M|%&l`%U;jVpxvj=(5B-6<5R&q-d3GLmD*2OJwRqk6MFAjVPj
zAiqP4Qf5r$wET=t8RCN+zls7E$_A*7t=<o)S}{J)vH4hQDX|S$mtL^=xjQV@xZkkV
zef6Uwx}m^eVV8w)Uq{`fBj1_fcoKmCyh|Z1>o1o9^IP@bD`v@ht`69gf&CHFSo^6j
z&|i>*`CEgHgg$h1tzASQM}=z_t|#rxbV0wBC7sh~mwd<8UL&W|R}a-<d1D(+IQRP#
zK}cxl3qsH?i3X0X12CQZurA0$I!X+@TP|ZR7Y}0D62T3@#V+{0&GQ-^R~<XViKJsU
zeDy^@=uZG+<H|z5aw19UW5TNbm<Gd5`pjYhv1z>Pg=wb!ZtR8OuVQSz4Kfyr5xZ;_
zQzF}j^P9&L%#>~+qnX+6i6Mp#`@L;lHL4fDN%j`)g|q48#oO+84_PnseI94g=yW9z
zCA9K7!+Lww-MIbW7ovDqZ1vk(nHe?jWax+e*0)a)c}LpLdPamF_I=Th2j$;&U;9bY
z;Xm!A6br#{Xa%L&Irw~9=1(d|q(rK}5`HX0KEw7Orab40oO+IOam!UBe92X*xVS!u
z@C}O%m?VD1Lu4adW29quHxent*4&G14G+%ujrJK_FTOt-%eyvOY4cY|2)nI&A4H}^
z6f^tQ?*{Wi(os04`xB1Rn)ZZes<YNc9oFwxhl&ovV3!mG|4;ZQH0EgzA^gL#f)ssS
zZb2%cB1*@i_@AupUkF8h!k!MT8{t10<XF68EJ5xD6Haf{(e!%12kNuwWU8D<b+++0
z^a~sS-Tthp4^V+hW5qVG9|^TKw+uadf4F7OdI1+n3#1aOaB0rg`0!6eSQ8>|xFFE7
zB~m?pDyHK#-7wapG9X#mi>mgUH;zrDfwl8)6EHf5;q0qzXcy-idM;{lKJcbg6n#Oq
zlyt8Jdkz6))x{SIzE>#hY}5YM5(##KMtq{B$)moXz-NG$>2!iwH{7OaDg#FS#nQ20
z%#83(5yH`7_hkAy1-tWZ3rJubexaHcu%O*SH*IZuYh=)thQYYxyNma`RSAAdC#U^&
z!SdmuW9jU)KJqnYs}po{taZ-EZ#AdImU+DOH}<}4tl*l#!IpWZJG~D`EiRy*!Ug`^
ztX4IYu@)K8yi(mJ;`PN?QC|%9J*2vIs&pv2NSE+6iPT)&;g~|xYEhDEpCf<!#xYqY
z0a1g}$@$i=;z~j!W#-D&x#zn_p-1TFE85?Go)2NL3<2YUS3$MNu&@MljaegGM_hQ_
zJxu`Fku1C)7!)W%=fp<*Zb89nV2?t!&PJiD3Tox`3oo&oWTVM9Yf&A%3z9@Z-$e(a
zy(AmpGnKa!!|h-G#vrd8ed>jaLlC0>F3I?HJX_Sa({S>Ec=FyVz|s8jskz>;&k-{y
zQ(6QUtTfTM$lY1&bGaUXGmY}lWTJLiP4zC02gWy#j?c83T`n#K{po}*CItl@Uu{E>
z$lvj`DC0c!2C_bTes}Ye`Vf>XVv{^!WgH=$4*S@&4==2AD0<Z`RbB+>?Imm?kTOT^
zJC8eSjOe=!V-!+U{B&&|Q$sQ(Q{`n$1aFo`X%ftC^=E?$mTa}V(9k0%qLo&Wmx%_?
znwHQhh)yCydL$l{GfowgG~EsuA{RW3)V{x~rl2#apL;E8@ZH8w^JqwiBF_3=M=AMx
z+-647?}g2)hJ2J`o_e2Ljg0Tzcnix9zVZMWcX(o6@7E4spmq%fk^>TuVF|}8i(g(6
zTmqnBdOFOF`|Pz?7m??15{5VSt=6;#i<tx?68oJ9F#f}rrl~%=93PiAV(Af1;3|k$
zn;t8}u*P9)+D*!H|97hT-l*tWCG*dmv162S&qXB+^(;mPAso#O`;p(XR=ZjAvcx{m
zBl9Vn?g@R>y?OV8VS3rFw8BqlCiE5V5gxbZUIk7EW4^%@Lg;{THwbs|=U1N(Asdo(
z>^1`gkvx8;66j05;Yy>vVip{OyjM5jFe9VsA}}5OGr}1Z(haZQ-Gq0ObujhY=jGU@
z@X!w5<!WmU4TTEw0U)q*EtQ)no&PA9FJ9LAREy%K{Osdef0EE%g>o{1cw=^;F9%9!
z2<K%b1@tS8cu_4Y3+7m70HDib6ov057?7hn2R&ndkCA`ZrbrsDqvqiLeN9*NYs;iR
zdQy_%>xDaFG+T_pN66cfnb2Hia;(i18kZgFEeX>HX;V2BP-)OCdMZOV?EM^o$D>=^
z2=gi1sWI{{a^q(q9)tdl?BBTgY}I)7oBz2vLr;W9Mz;gXLHF+wyPs(zRHbGC=Exli
zq_Q|YA4UQx?M5A*Ko7($N-^FrScG3$m7C0^L${6WJ9#ORhdVnU16?R9yeR|=bxvpH
zy(Cc6cPN^?Sd`-C;MGgYX~ECxNhmz8oI&Q4ogQb>+FIIn=c1GLKvw7pY66NsG-L`3
zgXMl`VY=yjQ1{Gf<2uVFd#sta{#z|EDUi$W&Ycyaj~2$@+v^X~`jyV_DprYOf-QV&
zzv6;^DBXp_tP?XZibG{gN9u8Rw(d&`Exs7e-@f`#BLJ&q`PENfTNTjVc3g%FN^*U=
zC@H;TW5Lw*l~yF9>}Y<fJz2vHtRUY1n<a->{gSZyCm*KMrs%fOH|O`Dc$SW*+bZSG
zJtF;WymM%3&G&t0RRl9Kcy<t}KF8f}ey9hL+^aF*O;#w<L^a&>tI_l@OHi~0yUBw*
zk4gPhD#i;|k;2oYnUU|L>?~nE_|U5R-hq`H9P8Fo>P-z&f1*-5QcJH%0*QOyii=Ir
znu!n+Y?)Y>ndc^S40PCgxtq`7nr1a=5Fr6)!E6i^$O3|bAM)lWqVBQ;5_DeE@VKg1
zleGV&*vH17W)<L!Ba*)9DV-L->8W%BS7!}0p8;iZ1ZKok?V~VMQMuazxVaW(*k(8K
zO;SiLCcdfqPZ+2dwWnq1092d7)C@Xjibf&nT3N+W5MsS~E{%w<_JNRQsOwbv1-|k*
zCf4kR!q&>iWvTEP9+alDav|^IpS1ddZ!NP0S@$2N0`qDyLBH^oQ-VI9BQ0uvi!woi
zoP*>_<xV*=1OYNneb1Zo+~l+XIcy~1$6bE{B(Y_m@cm#UK%BCj*$YQ%^s8E^_Sl?b
z%8)wDxCk&f`lO_SP7>>Fudp#(oAkZ}*7|mAC23ayjH<i<ly$`KeMT5dn|%0(oS|j<
zh@QTpW-ZO9pDS4QD!-ygG9~OE+lt-<AVSOqxt1rXKT3s(E3@1`jW)m+^^-t+LA643
zB%gJOv!<d6M8@XA2D_7R%sbXz4B&<HJ^0^LL7^*5AuXbB-yHB=K#*{w+KsRWe^1Sp
zt$to$YJIS7uEpF;f7lN|se8<y*OF}JF!YJfi+45Lx%f#`!x<>}7Ku<rHjL_55y5}h
zMej<UE0R<L<YQ|&kH+1QX;@{uuFirkWc|zXM~0K0aCvOs3t2tU^<9E4Y`{QJE3|ov
z+FwMa5S3-r>w2B0Jvm$tlv{>r+l7{3$bDUJA&IX%E_-s(g(GS;?u721A1!SscfIU5
zz=RuSS*CE9Q(Rk$5=1xm5tW@f^MT~`#R#2jjqyDq_KQ({sL^2Y^cn{gX}nmhkxVIg
zM^149Rx@vl3k@IRLSK`EQga5}%U-4A_we0{s=|-oh2W?WZ7Dk6fU!@IF2^^s^;_Er
z0!RupwoHzcIz2(BT|Z`Gc++&*AgvW75(ue5XJfQX2@)R%(X&`8h@A{^!gdM0%N0e*
zaxk&^!N@m!B>Ez4698<)P9MYL2rQ9$7PTgx_91zHy^ofKc%TM2HJ?X3<-;{&32jNm
z3`~4*QpGQf2RDsK$3R^$nR96reWPnP#@3et`SILA;X*bR0xZ#IgM`}Z6bB;9IYJLD
z2WT}9Kkwm%!ZjP#X%3`KZ18r!Rq;X`sTD_$0YA~%xF9z1h4o8=*PTXy+B9tKNn@O|
z6`ZXjJT*pTSGFrO{-WUZi@S;~iA?441_|P*(Cz@&3->+#<Q+x8pz|Elqhsq}8?vH5
z7rTx#yckXr`k6P==+>|Uaa)8}()f^gTh2%KHw<00_gO+{P5*sCa>q*_1O$|V?$4HP
zmb}>OJhBYUh~grFcaxq`jw5*+Gl5Vc58E6sl&nwzKQSSoQB2+gKt*}BTHazE70F`s
z5??j1yZJ+TH{u9$JBEioXUhH~<*5K~6fpQ^;Qf0pu}F3pkxSX4y8D7oY9?X5ooZ#u
zN4YQ#4(h%t66EIfBB6Vkz|E`r*O8{EztU2s$XDhB2FX~fmRJ{Mg}KMfHXcj%)8lmb
z+sGgazN!qiGb<QJiCWx<-yMPMWe8s!GRu7S^1U!G>FO8kkQ=sL7X2kmc7geLP9SU0
z?=3ll{@EfBGwa|?Y%XEvh17K!^*J1LXmJQvs@49^nzH@9skAuQ0{}`%etq-%K|bv*
zTOngB8G!S9K{>&4BH8ze@I^V+4cb<`Aq3CFY6$Dl^6us-CufJ);g!UAz}d9E7bxxu
zf4a@@KC;?i&-qq2p{;U6Ku??zHOnNW4v%`l!z+}+ql|eFC|e)lyNo+Via_v9(3T9I
z7sW<>Y2iK)PEbjs!B24fgrT$c-5)>7CG>!}kIm!zP{<RvdHb=rTAI^N1m$*PexN4k
zFS>{EVf>r7KuR2EU!-@6YKOU2Yy+DIeF#2Z4LRmLD{dGv!DnPz3Z_GGAziSPhg7KN
z2FUVfay}V8wx2y)_JCMs&T9x+$GHs}yMqeLLECqGil@Jdt8^5%29T%)O=#Z5SpqpU
zc6k8gA%}13VH(`VA%>0=$X!)8&4k-C*_@SsgcUCCjZD6fCrl{R^%;JJSOw$bd))pz
zp;r55n+tUIauN#u4SzaCL0Wq)ePT7bgdiSiO)%LwsO%xUt$dpnDL_Rl(>xeVvC(*O
zXIe3*6LFzfhJ!CkBOY{c%|w4p3$Og$pxXBTu=W;ERd(yzut6*Y>6BU^-6h?fQYsD7
zBAqTkK)Op>8UcgumTr)g?oMft{^#=bJ!hZq#NK<1e~dLy7K?}HnRDKK-PavT%Os^$
zOa4JFIRRCueE!DFyGrHQW2by$+s)92TcJ@EL$XlT;OK)zbR#~V{(w>PDffqbC=MAz
z<CU|uNta*a<9%Uz64eB+KA9{1jm*)3!|)-0GGz)syi3Q$+%AjAfl#JXSHmC6p|v1K
zy)5_SvnTP`?2%c>F0RRgCoFQ%GsuFelB?`YiE(D&gZgWhnC5B`3=ZbnCZSIcnODgq
zjSKI3VLtD=k7zYcMtw4Kuacq%@n;S-YdmFItIIAssx?+-kS9CNwsW$iZoml)a?jR)
z4)xl<idBz5IFgW^QXb+{`SIaPzg;$_3Lc0eTd3i5z3Wl^<(}=g^Nu`;;SEn9;rmp9
zr;8Y5@hWLonb-Udfwy-7IcyZca=<xOcWB9|xLSS22UHqR)JVIR^;q!P5EJy~Aeqb;
zo=H5xvlukLRzbo*EnjRmfV6{gv^xi4WY?l7l(g1Uj0pNs?V1psFxn~BWuzfV4kT5a
z)BE%ouBzY2Sg+qPPF@qPPVF1(Uly}&)T$Uv*dqDRAEP>YiP1EQ^)ZI{$Ke%`?&~t3
zU1Kz;oWlLtT^MFUP>z62cZ5>CuzYe1v&JDJvnuT=ieX^MX=Kq2bB?2Kvpr6y-52$?
zOR?RS+Gm|ysiz@y45VVYJ4d|nAB#3<2|LT2rV1kG4O0v}&rNMp?5{enio>3Kub><j
zzx0ie=uR6LG&m3cs0hhiOcCAk3)FRGdAIB473543b>)T<P1MtrKCh!zx+`5%10(Bz
zZ7#bNrUWkUj?d`F-pMNHcIGTJwnI<2CTIzTj*O$&v1BRL8)l+GSlXtlZ1;NF`R<QD
znzDQNcwp<;&65V;+q~aX4qE&Y_7<0i)%lGpSYw*b-8}!;HJ_Z7swu?zbEb*oii|^5
zg9hzv%i*en)2VUs!@Wm{=P}!9Y+|{dnUV?q2@9C#ceL*f;m9^<E~R8CttmsRQ8{YT
znod4eYPRq|5OSVc1nT#2GZ|iZ@-y{({x&y!mRGAJmY&0M`y@Rd!<~rGwD}-DJI3*&
zjpYO(Ld9b%(vI1HwbQkhCOLN=WyvU_wdbP-pA4dccPY!;ZUQQsRuBb+kf}C@Pojcl
zpR_#N!#UKdGz9Zq*!re}*$B6z@zeGXk`HzAuZPp)=RcynByYU^<}Tz-?H4oei9@<d
z!7oF_(fd95l{dApu^y8|5<kXP?7T+)+nE>j2tE1GG8nsAAvel=0mgf=bo+a*V7OQP
zeP$Y$E2N6L75@dy0P@UyVy;&z2)4`JN}uyPgN;B=`(~+r&q2HuA$ld6x-GyiotgGg
zw;wXJdaz09b9Nl{+#JMR;Xc_DsV2HjQxtZyLI3#CO@pPj!ucsFKG@*FumY=8`5ERl
zw}_ycyoVtHHLUs_SK>y9IV@DVN1+3;R+ujYIkJ<?y)P~<0;=AagH^OU^Yk7(parno
z4@e?0q7-*gh#od)RPr=3;trj+1`KGHcH?NizMJ*ENW}8MFv~~Lk2A0s-Ag+*&>?x2
zXSzV7);&{&15b>m$0tE*^zL5V6ciSFQ4yqqkW|{===bg!n&FVCK)u*S!R9PtngsPT
z!AgmZV8NS%CT`NFZx<pFTRKq69`KzIrv;iwDf;DfKj6sObwj~OYNe49$q@5r{>e&+
z1LO9mRkA)mt%Dd8x$#~2Go?Nimgr(|7Ur(DYk5|mTUnW=?7Jh(_%-e=t_c#>5<hm=
z!+X_53GRL5p1&x*sxI;2OcO9O;N~e%GS?1fF-=BL3*yS3gNC#t?#&v+nV0~j<4|au
z*F3{E4xWkl3iWOjo3g&KxUgTa9rSff>BaFTP8_j*lu0svhCJo0EpwM&6+$-w4UIU_
zp&Ik>7TXK$K^!VgiHSG#w*XBRwHCXfhLH3sLGf3w+Ehp&(L%w)`SuvPwK$&+IYGW(
z<aUOI-6Hc;rl>l7?7^8V2fPowjiMI45l)rM`D7t@u`*+b6{OS9F)XB|ZtQLK$w;i9
zdOZ&gXL7tcwcEn3B@YdS6_e-E%imGuGp&S=qq}wy9jl-i*_I<N(_?u#xnHGovcpvj
zrHAB)XFVrp%3hr}Ov?xzQyi|k(JF4WSFrRL(h;ZWWO}jOh*I35$cZ!?cnld-HkaO7
z&$vYLXqy+eaz4{)((7uSlW)MNE+T?jaUn?T@b%tsNyPp48u9zjLY9SlhN4SN+!=P)
zTs1fBlbG)vDk5GM2om_37iDatdc1u{@C%Al^pf8#wI0{olKK%mR$SrtPBV_cz*9#G
z=GZ0GdX^xZJ|w`^Xb?5IeHrudF!urx{p$)pl6EkRX1oG;M;VTHoKPK7eJ>>;ThbE=
zqUPG(qX1yGxOFyP6avLL6A_CC|FAY@74goCYG9tyj{9KFp%8mzV_V>G(Y&Woyo6eu
zs2%<SZlLgwvv_`TVN0xnneo?RW`l&kdS#CV1k>bo4i2L<D-n~b$rIcbnRNzGUwwKF
z+?b`+7o*5GhL`^Nov0K>)zX1>&n@2<7d<ZEe!%f0d_}}KJ<W)8=bFniB~^!cg*=Z6
z5)+N=6&w<)%Dp9;rg#%!R1q`%{xLu(JJieTy}sIC!3f82gT2F<2c@&eA7vs>=i-&J
zKhhE4Nb_bcG-J#ahM!0zxGZG*;$Y3lboTnXK<7(Mdv!0NxTykf3f=RlU+5X`${3hW
zg;MKsE&Ap6MxCA?1r#JWmFgu>Py58b7k;HP!QZ`HBrz7aimH?T`djf~bs9iYUSVZG
z%dW!t+)2`#aJLK85Uh%{iejdqSvYrRHkJEEk|}NJOL7g~62$GNvwneaL|5GOkLX=4
zgsUr}Qs15_WU{e67o%zOZ@Ht7-(LHW3G=LZJDVF|&R+&aZQL|kTJt)TaHgm1^#pX4
zj!Y|rUhO)Ydz&lR1vIN?mm@BA_#Sq-!1DbXII@~_=%$QW#qK}MT#07Y5~FGHRe0t6
zrK;*-Gnom*FoKJ)EW<_Nv%O#C+4PR-IhLPGpeD|oEHx8<Pu*pD)baitgY`R}?@(f)
z3N|MJ#3V7l>Ieh}-*@%(fyf9qmr~c5e6n<zQUus!JfAg|Y7`p%KCj~&xnd4xwnfP(
z`cVcy;5fh}!Rd!}tJCb|<V(h5dK;p@oG3QL@*8@OjC51^i2<QG^b5y9glh!bNS|{o
zCiBM7khBxuuvuf3YHBX8h^1KWu^ubC*YZ5=kTB^}Vq@>?mfKGTqGPQ6TQ`OxiJaz7
z5qvU$zuWI`Bz+B2q0aRWoFe`Ta0Y^e3NNDQ&r8}`S+3Tgqd%6vc<FrE={)d@a!Vif
zQ6&9Zs8eNA`vnVS^1)p~1U(}|Q$zQ9mxa3-VU0G(r*~cX1iEy-jus>&kyS}{&_oMw
zaW6S$tzH~$?kzl?xdM(TnFd?YhkR;*+|5cJ9G^bPk60G?o0U4ZbH2QwadVc~n3oJv
zCK)LaoHno`h`N_3h7|3+<9>nYr`dT|5B-9{=M7}3wJqU2?U2inAX8g)AO2mEy44Tz
zp7#wrPM*JXuKpIq#oKvVq_MB}efQ!*VvNEzl1wN|zXc^fh!Fq~Wit>^&{C$Db2G5B
z6#b|$IQ*V8I@tLqo>$NvjaW2`w`Y_t7sOb~=teHUNP5+<OypyGGWZ~{!cKOwbsTE|
zRFdy<fb}T0LF-4>3o`_#<er1P$r4%~K#7a}sBw09`eS^165Aw8{DA4J!9-sr6z8Pp
z$(^+!%-Q?KV64v+2X)sdMenj+==Q}b=TE7F6b*eUZ#s1W@sCh-S$nyAn?MXWg*<au
zcv$3DB=Z~iVrwIcn}PX*N9^*zm&a}&=y8k{o&FXo7)|WwR5!=}cuN_<4)d~LTJ!TM
zj_Q)jxO6C9Yi-h3=uvZIeBG(oAYIGA&)fW?P*in1ldOL1kjswo2lH3Hor=e|W4Aik
zKbSWK5P}Y@2D}gwTG+?1O)czS<(E&4-H<PS@^e2s8nkwA3wSM)rfEUdaN0s|IJC|(
zaMqIbF$Ii^wO{eY<kELH6%Z^9$(-@sW8TlFpT1VWGTAyf3FJ*UEN@EmQOs<iMp?nX
z%d9Q>3{5fq;&$amMD|s#6hVnNZODYAh}EDYYN93vr(PgB9<_M1Bw`YWSbhVB|Bo-@
z5(`d)V#xk(c5ST>tv`Ih|1A4x)>i1#FvxuJj4z!bFr1s9u$pktXhZ434vJ~}*aEtU
zd+(cT&ROLXh|$EunhD78seB+)HK5Hvs+>)EDuevd%NCIxW!}Ya62$fPDQ;U|qz>iW
zn1kLmiH}L(;+bJP@NB%njz`|cYDU1=8q}D@_=2NATFD%D&6|d)cH41PPi?|LIS|DA
z0+q^ng6o*}h1S88cWur*rcvnTpwk5*blNvQiLlC~6KOYSTqavCM|TCaOcNY^QjOyh
zfqYW2?cZjN5#vW|g#E=YG>S@YzE2Aju+n&&y47E#9a=I5A<l*2Z%E`%-_j_;dv!#q
z_EVS}wXROvjYyHH9-dAgeHR#5?Q~Ukzl!E6RjizKOK~N`579OI&;+{fHg|7J>NP_k
z(w>YZ@fU>ex}1NpY#tEJH6Bo+05J1A1c&gZay;YZ2Ml|}Kk|d<a4406o>VMw%&lwX
z(U|04PT{P87MtzDk=6&wQc?8dYH$R4w9#tLbB`UFtY?Tx7i5#S_ZaHkdd{i3wq2t;
zCh;85w<b!A2iG8yA!=qo94N)xoDHLR@y8<^3cOk$^1!U+Wuk&DJ2Yu1Rj<`v+Cw-h
z&QuL|BC+AN-7}h<Zdjg4*e&_nUTZ_BX8yI>u$|mJD$I1??;Q}ueZe)v!035KJ4y7r
z*~&W~2MEY^kd_$z<2zWX^Ou<hXrCHeeKRLct_cM0>H`zWIF9coB?)mRY;pgnx8L$v
z3H5Z4$C|Qw$HG5YZ0!un=W3I=KIqE$pn;9TmcysdLjVuf<OjpK*Hhf6bA#pKc|Faq
zJOOJiLlqzSn39QuI+xvHz8^%5DW&O}E%!Vs*t2N9{KpS(hlMB4P@PKj#NR(gbJr9p
z(HFEb3Uk?0VT-48y!~EANl4E2Zb7Zy1lWE`mF(7Zh?Htk<=$;ppklvox*U`M1&%|W
z19fP(3aFxRF9KUUyy<OAnlcO31cIGM#b0$NGIkgV_8B)OkQi76_L4}4t9$bF1C4$f
zL13pR*`qHGFp(C&fj&4gm0!II&mqIPO2p&B%t*&oDDwx!5>p=~B11Eft<gAP??va>
zO4KyJSrrh7t%1>~o6o(GnbSQ^lg4ErE>|>Z?0ypUIfC_~lU1`WI-`k3jql94cVu2h
zmL3ys)V2s(XL+=U5Q))bweNtuyXtPU1o;jsu=uBhuf)tsFWIN?m8l4~-=JmY@5ixy
z=SA<T1$g|d2Lnd%=#oy7OmVBY@6hgP(GdgMdDPG991iYR^7X>G+BUL0v#)o?ImkX6
z=-88JIC+Sr#}EOpj}gP-w|J1ybfLL#kc{$ZCBVf4%jN3n8?UD)Z}DBy;yhac-;n#S
z-OzS^blDG}aj3f&mEAKc2jtnlgTB}@p@<FR!qh<DYDYaIgm@;crQOzj2Yj<qgKk^u
zv0>JpBp%x|+P<N4yFSQK0NEINA!zP{dRt+OLJps{o<%U`ABS=r2&LUow{5iirC&)i
zPv!W5wDmfZ#2B<xZM7JMLNUiDF*}=yYiDk0aY}V1Ltz$bf#_qZqF0?aKv0%DBhN0p
z-O;T#B4=dC9Q)X@f^I4(?rkNRrx7)~%Am2%p%9P`lj`FxwyRYdCZUMYOi`KsMiOm(
zDK}m22*(Q2Hm&pIqaYQd*{V4nR(L$`ai;fd6ge!ee#4KyBJe^IAt_Pk9nWrt2&vxE
zdj%GI54WXYFq&jet==)q(+}}XCl?`!PD6aERXzW9ib%W{a3Dw`p_6PpSp>um4*Kj3
zc&Dwj>2H_9Bj*~8b`$tTL_l9q8x3#=t%OZ&EVD3_dUQJ{DgKhYFl-=sA9=MjiJ<#8
zXO@EA#Pv_nf0;dBNDm^aFmL_VdQ@MJxz%3wOvofl*RMJNviJF?BjwcnC2Yp2k$4cy
zRbgZa`+b*A?f)5?#wP9o_K4bqPtcUcXd@;FUCNG#b$;YlXY)`Lv&L1yZflIYoWDm2
zD313PXMKzY+Jw)O{FnkYd9W_Uf@!I*YQG1v{d`ph;V@_EKAR9NCo;Jn^_0W-%iWTX
zzeC0%OZZapu;sq~M7rWzOJ#&t4fuK+-R@ok&}s=HZIzsL{5i0kUif?Nfc~N(SPvGD
zgNhTf!EJb`sp!Wa?AEn2TUVvQ>X)}qb=T~WmW%_KZohYsuqzCc?Ca9DC*@(tWF$fD
zILA=ELKHDj0~jXXRecS*tV^euD`W`-q4Gf|v`LFZ>Jt>@tlyTs--prrX-*UZ1=@VC
zJ|-Z^4_iSxiXKCYZ4J|LK`g#p$~|qwr_bcfxSS_VmTiZ}xBgWm39aPSThN=z|8)QB
zc9o`SyCrhZ1*n@hu($Y<T&=Axnlm+rHj-{e=r9=ja<^?8e_g$}{M2Y1X3}_y$`QI;
zoi&Yp%$LNjRMl{JS-l(~;PV07`;D9-9!*#5wP5kPsJP8afw_arkCDQMQ>49lsuT8f
zKaR8}TwkzdGj#dMlCgTcWP%D~ls%hH{R-G#mxDalrd)Z$gvL8*qY@I<uUW1;^;2~k
zV-c{V>qSyEgj?O?zOl5}BC{e7{RZ$QK*CaQUBs8<u}n{s?VQCoE1)>eCR29glOJU;
z_7YiGbC=p{0I^DqC4P-f^MOVv&T{bG=of`TsvTP9sjE`+QRfJ^*IodjR4+((rt~=v
z&>mnx6x)Tb_FF$!mV*Xq2T&KS;~Ez6Xbe3fSqmKWw2~RcELYN}!^I-6G#8Hwb~yz-
zT$Ya~9)CrYjKO^HpcAw<Kd)VhKj?rml<bAhBxid4vIN8lof3)ghG(1aqNSkQ9M?>(
zP~XT#jwv4MxY8A^pU!@}SfvPD^QE%6Hvm)5M*FN?jdvr#o8o7?+kT5M6_)AX-dKT-
z%#$Z`o<wnp2H^3<QB<OcLUOHa1~HVJU<IX<I;SCU3oHxO0WIr&_*(Hg+9)KaqTYk-
zX$cAkWGMDCqyEXdZz_=Gykz&FWcx5eg;#WjRahLew&XXOP!j)z{VA_{G4YhmDj@nL
zZ9X9L07><*Pe+X2+Rd#w{U%V^#Q3R@kw|Rqnw;h6LdfE~w4UOIxt}?5UcAs+K<*H6
zxrR~@=QR@RM>VrrAH`UY3!I~R;cG5OUk$yZLd2_L5$nE4)?p9RHijaSMwr9#sJL<h
zWtXJXlK+vPjL+nbsee&v`g!m1qn_V2BxzCiZ^VFkgcbouEK$G3H$(BA<p8?&Tf`xy
zsODsEm~oRyWn!AnexOi1mu3&u6EdV%zl99+!yv#m?)S*G<zcpcl#O(|3JBb6c^nTt
z0!^$3=FW>%R7Gj(u1Ebm4IIY)**`WHQstP^GLSbNlpxp&QNh=WWOo+t_I-Vxmz}4Y
z#Q=%JezLntxsiz_sQl8Z9O}5#7CcwIad0?JFJ25B%8m3LWU)(;w#rgHRF0V0$f2jq
z*rQ~8*%*e6M3Xo0o~6o#H(~Pyg83**Sb6!dT~QCruAXX<lTmf7Ap7RK&V@PzSNDR-
z)mcY~s-Atd8bbP;3!oF}q;t!de|78Ixkx9r$=0$|Wd!5R>90mwP7vd0e18rTB{AVQ
z(WgO7`b*Rj3_K4akkdUcEL6s4YKxauzOI)QALVmFL4GQN0uy=RP59{+0duylR_>Gy
zbJvQi<|~IJi+jNSR|M+7Jd`^3O9Sxt7k()Nygt-hmvV5q&KL(<OaDo=xcFu{VOi&!
zPLql}92!NtXq**&nV;<|`Uv`$2jc16%->N3XhQ9t_DGzk@;irw5wf?`bq<^MTp`!1
zAQ7#BZoEMus-FW+mj_0v+>(M(M?vMt3Nu~}SBJe)YjSMqlvz@8k?t*kB!tiQLn-=t
zo21g=)z#5}w-#o&SfK?qb9}YT*^$iM;4rb5QZCf6OkKUmw@9=wr?UZ4r6i7ag~&?*
zYiuIX9*Fj9+r;-|XANRV=!phR*Rk^}WTeYDX8VKm*6%)zYX)qa2hmeEFqMcbu3`&S
z1rTtp<|w72Up^^3xyH9`JpQ!)20VHekRhg?Y{jBx$zYO~foMc(xtBfP;cYc{P)s6$
z^EheT`(A<k?rt!aVYV@mpEad}<#ZL>?$8Td`fYOJddjbmAPg)T9kip<_xM@zjqTVb
zltq3o2*l<viN8(RmLMeU{|vq;L30m)wkTWBN+yX}0A_?jZ4J7B{5Q+T5WoB>X(cTJ
zi&6W4qbvGtf%=j*V?_3RoBJ((^MWt!SD3aB)RO(q0`?Dk4Nz$*F{gA|az7e)imh1}
zu?DBuN_=dU_?&p^LxlT?<T3&xh$XDAh$=ym*k2~DVhx~_>%V$y4P(ZnPt?aGjv42;
zhs>C}>bpWrP2W2Ga)lvTA32C^xJ*73%f(!MkKhpaPH|=V#&fkN>z>1`+OCpVBT-Si
zhS=PpN`NQk!y;!RP@|W-hI*6Ggqz+p?;S8H(q&C&(}pj~iS@YMoUi8)Wh%%`gC2KE
zi}LZOjZk%WZb>?h#!XL4G2(i1xl}_V%Aid)ibyAIt|0y;6t}2cE)<R-eXQlo#wklu
z$!~`lC>{^6i70Oa9ujA@34;dh*88{jIj^BIWj`qS^Uu~LgfL~hC#V^^BnkPt@3SY&
zx8*Sn|K&UONWs{@pkhQ_;h!c)J3&xr&rL;IZO3ly9&8%J-AA=_!Sc2V`9zW1J%ix@
zX1D})B3TFj=yd9NxJ^4|oF02{;BLVfu`Hio*<C5w$u)Z_4|69W-@h|#%d3o%2ekHx
zb=6hj{sK?ef|m4DYLC6_A&t8*s=$Ceu{xFsoUcURAopo1gA^i*x;4*0t2b{AM=Jt0
zp2-#g0`w(FNVGHYD_RZOv*f@1%Sl{<7Msk5b)86TQ!!VLw)AEU@L){yl{(G#<-fT*
z{^OTUwVfdXYjI0nRfG}d=$&qya;33F*u!R81pn$laWYMnxeRBur<!C9q-SEVB;+#>
zv9oSE@*@#U;VdCoH>d1Attq8Yp_JFJ#XyK4{nqK`z<c32j%YzO+QdxOM2Y5FHihgy
zP1l1%+AVJlc_w>iqDVOv_iWOV_*&BUPm4y<M`j~Rm*N(SFj&QWniJWLDIM3phff($
z7sLk7qll*%8-(&mADk-CCxard_e+3hMslPdv0QzrlPl2uw+zJr8PaO+ZBZcdcAsZG
zp80io^(y+MiUu4KLF?zsrndGN3d2!;kJ-F<bdzc>B}p;?kQ1s>yK{yCw7I?u=vm)_
z%TTu>sJkR7w5<r%hB)J)WqOU`C1e*WpxTG!XE7e&xp|{YfbAv#LW>@+EicA;Pha)x
z<WB-mU-<?h)AlhOa|L7WYexm0ia$e1qm=c3qi&skb5*5*-_u42RjkeKG|wORQB0Ky
zHCYB_b=J11VHf5w!Oar!y`;~?_cTYD7duOEeXE}xAz=imM`L(VUW|gyVC}e46_HcK
zVyxyu{B*S_`s^Ai?-}Sj6mu+o=*~025kp_+347*m;;uZiPBCZFSD>f=F{Z72(BsA+
zNmQI@0*VSJx-t9Z4k`cK7L%e%w#*=#7<`i@LqC|dXfhdS=7IQm7-4!*&b(j2I-s0F
zqQF}ddx`mp@@@S75h@3}J?k{|4uYki6ISz=pH=uKSyq1OvGo8U8JB=Oy-;$8qRvEM
zDw`RYJBu7;Nbd(!{9cLNa%I%d9g*a$d5-}R#fc{LnD|$ap)N(31n(2lIn*rSMP${2
zFp)NF&_5bkrG(0%N>d*x`%QthfvZP{wnJqP16U9+bbc)^_`+nq^IO)oM1yuz(vD}?
zX)8`hIk~>LDv}@hQW6W?@icNHQNcg0f`&eSQSTz_dbHMmG{v|pO;>B8<fv#iqee<x
z&iaCUgr4WcyuB6nQ%^CPL(|J@>^$pIX5ednYM7FskH}nlj@QUYlIM>TpM-0Ik8FN>
z!z9iWCL)N~$&cP$LVo>p?ROMsuk<473u3Rb@OidC=i<!9ZH%$wS9rEwI;htQTlQI0
zFn16#(-o3^SZhTFVIj^UGwL)HhSlm?1rmm;78ID#1dc5TGk?Ps=<kUzli=38-sdL5
zG0n=KPk6}s<!7<}?+6CK!tLSE{a={HcmK+$QK?)&RHC#lI>MO0lil@03e4zd{eYHt
z@I%#qF-Jswj(!pG0KnFzV3fnY8R%&w72&Cs!t(C|%a_>IBqOGlv%U+ohe+pGWk2L#
zrn-`8U80tlunD@(Mq|3x7m6k%6Q%CY&pFrkyv_tEXT1-#JXbjyomXfFAMszxlVTEN
ziC`MO)+zI}Tq*Aib&&ezyO&BTW^j#!5qHB6h513t6HZ=+)N4oaSr5?^6%BZ)ZhZM!
zCxY7Q@2eB#&FYs!hhyB}B4Kz*UTip3^7MjE0S1vubg-VFE&qjUF%*c^Smby~^KJe}
zKl9V`mDD=H`C!2uT_%b-zfa1r@z@hg+hKS<C{Q$UyhoFHXQJdIt(mtuLL$C_Mai-l
zGU-Yi1!adHkB}FPo>?)rSW6bekVO2Mg1%sew5)TZKZ=wSD2UU$9^{Hl`EaNT-weLc
zONU%yrajoCVjh;|50cC#0r(5&U=5M(P&a6<_a?j!4#Q-n(57aEiE4g!g(pA?nXV1A
z@Jw2KKZHqugC@jEj)@nNp|0tTBfi)(Vbp+cVsw?ml<oaaZldL5+KxInY;D+-@1kl|
zFb+SGfV53yJUlnzf+?|m`ZC`%#krada2|X!IW^Ai6sEn*D{ejn?f)HXpXW<%d6uy!
zZp#NBTBivMT}YA35p16k0Q-Uz&(B5HL5-(i4vuy*%tNtaM)Nw7wyW>dp8Cb~G2Eo2
zo-S1{+!ibmk{{RgltVdFU1%Myo|<@lTMA*EVQ=>$kw1A$(<!-|sTpYjQc8d$O(t0S
zq@?Rs>%0AzN@8o^#zo?anEQ%?AHtamED`zEje{)>bVW9tc_V@>#5g=hZb0mK?`?N4
z;IsnBH7;*C1>wl1JkzMEUX!s*v{)&)!w2{I4i!Nf_)zd-M*#jo@XD42Z{Rkw6QfXx
zLg!!4dw!^)I0O+oCFnW{YPvLxvhJIIbiP=0g5{SNuu)w7a84BKr*7cJn6>C<Ysdxq
z4u?X~_X+bL1d;Pi+wt4U-a{eVkA`^f7-2q)zi3*}R?)BQl}y&&zZCmYXgL>hB}+-B
z=A0%eBC#LrA|V*Uwr+@IPwQ6$Axf7`&LIhsVvk>t05{v^agR3D>Am|MG^`J>?$Ghq
zFxuF_4nX7M)LrrGfnm5*EX`)IUm!V5<|rAThLY<E0wH#Q_TjSO6LD(9BnW|k^A>J}
zD`>RR7iee9d3uM{S!`D_6*SR@Lu0YgC_e%6x(P;wDFm1OF_a;)G3VW>=LCDg%guF=
zXVmk6o@%YqyDFbp5M~!$kBKV;TzM%?D8`oL=VGYux<q#K{VTQ@?qFUnCO!KC5x`HS
zo7^lE?_I*?o2ZGF-}Iw#9?C3<j(HRmDA;`;D?bP)M{&m-B1fBc9>Kc=k^2d{BMX(1
zx%CC8SS2$d8cdfDdgMo;W)G$au!c2IQ_DX;>v`%V5`PS@OGJBq94Ll05@p|&Sq!sB
zErXf1zYb(kcOQ1YJ{dpB%@+Q|Z?hSulrNmCZll==LgX1ArsU4Jj0>MJYR=p*l>{d&
zn#E12Z&r9hs844>F1tT9)TCkOc6hAVF~myQB<Xb>4xi^o&z%8YeR*<|;3I6wVMt(@
z^Hj`}!yGr^&`yMPO$%R0y{f^WeFh-<)YtCDsq{Nj)cm?Dt)CVs<_)@Fe+l&nlep~s
zIC(5+HRz1c^X`{xR}_U!dV=8o3d^{)8b*9IJ{lN1_Ez^jymP$}Q?tg<aHX64sj^n=
z`EjJVlnT=C^fJ&WJp$ejVD7a>?IC8#)|Cf0JIUclUTo+2joT+ILn50#!V21x9luXG
z{QQb;(z2QM;Eo4hpH3GYzX=cmhrEl|+uv0u?1W^i$KyKSVlCujRWFQ`3A74>t25pe
zh+cKpTYFuP$1W@@+->YH)A2w|7hQnI1TeB%T76bEmJm(uiDM*Ye9HMe@5RYlpwrNc
z1=H7~pBG<fMW>X^jf6eqd~LO1XWW2JwCz1OTBs+$#>ye5v#&MfJHR%%W?)cU@v`pW
z7n}T-t#HarP4BcxkF(iuyj@)SUN=TCK}L!5h3IQQxwkeI=8%IPOY{t*r^@hiI9`4t
z;P^=fTs(3o`g0j?-$Pbe_3I}pO29j2MGdDMpgSHlUtzs@z1ShA-*7r7Wl3A!-Kc_S
zdMT$Yi_}=EvE#vGB@ms3;TeAbO#?&ysz@h@mvkL-52|K70}ha5U?(pH4yOou!|?Qp
zwq03Y-^O2c?@N(gx#TDIJo}>7t|?aV1^oNWy`@KD4qzJXij7`&LaeLicpK))E2)QF
z<b00}t>v@xHFrfl6CcjM=6~~Z$1~=|9nv3TKDfcRkuIM&Y`PM*CfeXpZNQ0k2hCVD
zly%tjq8fXQ=Jw)Q2Upywyhy>XZcU83pVh8ScaaGN>+Ynpy(lF+U$#F!>%SF>b5XcH
z*pjX-zCJ%5QRV?W7Ei`?9m8D#_t#ZF2Y~)$E78&A>%H%26nfQ=&p6CB|G-PDyHY2l
zxBaNNJiPZ%;m#%X_w%vGb#T_oI<pe8Dhcli0{=ch!8F5e1v1o}fanFH)cX)_#iQI2
zD9vVCyw^^;tCF4*6VQy-Pd$IbZjJG_nXAYvLdhV5Q;zO2&R>CHlqeB3$ZismYPy8}
zPQ|=KD3t@+(`wih5Pn>sl)r_g5eYdrz<b!rO83Z4DPC^w;kf@UznO-=Gl)XL(#^uB
z>Qdxl9RXL2)w_q8$5lyb7Gzb>DRMO9I1o4cJw7JQUa?GM5Hn+`{az43fw|B~jzYqY
zM$aR7?&q%;;4(kg;rSq<@z$7z<$R{E>vAZ6rno78u6klM|G6n`nMZ}5((+W`2VWQd
zA3N%2yy~vWUr}OvsQ&g_gyDXRa7R+ZU*ug-@4vINgeb8n_sFmItIj=|X^vKlEc+8J
zh;`F1s^%wkXE|n!C6hLI1;pUx#GF{*;O96kOju!e8Qx=Uyecg*oYq5KWG9#tw8%-m
z)5&#x;5&$|pM#aj)Wz?#u@IcFsI&*@AkgGHod4VhSQr%_ga?$)xE<ScujCg6e)*@%
z7f0uR`17C+A>eQDJt46|`(vwO(cvCgguM}?Tm~;nx#w%|^PPkW{W$B00#p4u8}mH@
zIBpxfK*8_<hohz7#3O9F0tC$33Xml<13YJNo=GReoTB<e`6G}CO&DW|yL53><g7zI
z-kBV!Kj<JvYUzDZpq&I5REc080$veK-<&nx);zGSS;Zguq@3RO;yc{!`R^}zKX9+q
zKB;kV1@~Jq!4u(|WFnPm2&G~R6}B&kuXZ)dvT81>wR4@z9!-7@F#YSJCPCmgiSBh9
z$!4VB@cyh`?yH*j+@_PH#2U$#!#M)9ULR_mx8of-a;h##M*1R1B@+P8<`X;y+!GT2
zd9-{$VY~*4Zp(W#WgA+*At-;X!GC;>C4}SH(S#V`P&T*^FsuL$?Jyt!=KHg*;G^%F
zKC6E01GENvFY`4^TC5tcPeK0u)_S72*|kk#ib5hFk@Gw6<7g{I39xHOC{4@rfKXO%
zfTebW@(2iOvfi873bfPmE2m)N50fQn!XCAo^No$JdktrOVMLtuEyUbb8!a(amgC=3
zyl&3DeUw<)|7_NO+~{BbiDiIq^4CQpV|d9Oyr4YbxF!)VH@*1JPm1y*v~g-gjTgdJ
zb7Oe)C*deB6*q|0RCza(PG#Q?NLS}NtoGo>#ieDUTGMxO;VShIucXwN_Tu{{K!Gwh
z{Hjs(vqxc-B*j4@G5UYlP}vMkxRfv@YN7mn`k3K2R&Zcq``@?!|9EGZ794~NG_8Ao
zUq%3anK}ydz(3FTKOLw4e!V43P(VS4+Wgr>5RSkL`dNzA0sqs@|8LjKcnd0^Wp5)z
z+?C-{3|{nb%mB4jpX8tK|5G-9|M-9YRwV#rr?mo*6ZHP}E3M#{(J|3t`OhQupS$&!
zNc{J&q84y{YC+0Znf&J=<fGtX1WAAX&-qyY;c_cfaB+9goS^#?s&!d|HC{XYRs0XC
z=Kpw{zkk%O43>1s{QILnJCiXAU#(FL3W2{r@joxe|MSx*L-5zl2<bxqUK}ur1UTJn
zJv)#8t<~XxbJGUkkNi<7cTjl2bsc2jGW@T<ykCJ|l0I7C`TLi=5#Zu<hl+;cU%v=A
zZ5r^5sYYx6_rDdK8T>Lt5lsI7*7@53$GB`KjM`oN&v|Q?25Vy^(I4{PkNp4fjywun
zr*(^#B>mZuC<TO`56~mPzS=`wZ-x4AtTSlt0x6mV*#^@bwFex%J+h_bf3B$#27hMh
ziTu9`FaMiN{nz(Hg24&i^v;C?ar%`0Jml(oQ7s&k_+BxSPyd$CbHHUhY{|s%?>qW`
zE%(2+g|aE&o`TDa<p1Lgc!AC9*7N>%w(cE57Q7_Y?>qk=`+^Mx;(ISD(eK~6PKGWV
ztf%{sM?m4v>LgKs%b4+&;{JVm|H@N&mr8)ODdmjc`CC8Z5`!}l`tS)O<-hX#e}9IK
z8otTY_uI|>KG-a9RhA&_YyEEtNEhNgQ}HOimosXd?yDW5Y1Z1KoS+Ms>!Vpd`b<RJ
z!SK#EkLM$&gKnAUHGi*r5B!dMr-RBG|0TWhx0*SC#G;6;9k5>EGgOn<8>@3VTriAW
zhq`7mE#>eP$}w{uuI2v!@mEx$EKpRVh-`Tl0io~j^$LPJHCz~;e-zu_YxvL9(F2ZM
zVNo#}FUa4*N&=ocX1RUz-+F9QIH<=ZjJ}KMQh?uG_V?k5(t@kncv^*j>yGHI!Jd~J
z%K`^&K6>*0?}zhVg4?2lLo@4t>!xae$xsxK2G-^#q6h!4BlHj6=RaGSe>m~p?`c&4
z{)tp1&D1lgkvqz4&+$<bXb<AN@2QJjP0F~O!v`CG#G>@-uGS2j>!HaJ$V`2Zi=jyZ
zq-q}ubgDjp@dZh6Mma#j-?CG)o~D(bD)q;Vin4(P_pPyG{x|eul;}A%{Dw^Je*ur!
zl;36N6%raDW|=#N&~X&Fyt`tKe4J74vh<&4=z<$zPPrJ<Kf%&J*ysPl6NvpSHm+Bw
zjY+DUFOVZ->g`s#Mt4^NSZvQ&*AV0Fbz`*6Rsbttm8tRS*}Ru6OZ~n$r>(x2JLm`$
za0Fzo0t1NvQo{j?mTblyVeFP;`Sw5HoLFms3zP@W=_&1~N%QBqap9T<i%R!*2=jmM
zv#C$hT0wFjd9O@Tu!1lTr$#uZ>-Ku`kK_kg@5jE@mVGI+zCV)v-Eb`<_34w#ox$N}
zQ@Qd<8$5r7N8s8?Ksn~-(E0R5dlhh#Mozb<I5we2?B?SU_jhgP^>;S1@Q_zc^WfAk
z$KM@DgcF@>m1Zv(<$?@-E=aTFf~a5Bm4H<r__P+rpfa{LmhS$uW(}Y%LgZUn|J-~O
z+$S{)W$LB=r?Tk%{_*~D3r1gZjKGKba8&EZl=hF*nn%CXhSnUuTkp%POChIa=K1@;
zoWt*))ErC*Xb}X*Ztio@fWfP;&*$1N^>xW>oi>fY?X7-w2i3p+ex7*}?UQ(BoxYQC
z16x2TzBl~#d^KUM4M!PGY2bI54K!C2J^W5XsCxgoRt1t!Y;|pQw3WTxzmj7x(b0xu
zbTO^dOro-9GV&9QD~R~va%Q^%>bSoj`nPLR-uh5%&G*xe8Mm#T@fwrYJd-|W%Ps;j
zH#3LQRt0C>ctgIXO9+@n!MB(A8O^W@#5X$Xnd1J5&aLWZ*B2*xk6>e0Al6dU*H0q?
zGfs5gjH=2cfh3J|99FPoA0TqHuC$qbtzG`g&}AaC>G5YO?HY%igj+cAd>q4b4iFr^
z@q+X9%aGXnX*GH_5CM*QOJh&ZZ*cN{K9E2R9i=ukItNEM89tu^Ui&r!{8eUvC+5w`
z9tipPlP;O8CqU9mxB4^$kMTo^ap#BV$1;zy17%c7&X3jwlrziB2VC;d1@}cA0kAcR
zM(G3L%Ev!7>olMnlgxXt|G9gSK?S*bEtTj&TV7(=O#qOY1q>(sC;c}AB(K_&%4Z%I
z+syKR68i#VemLBBZW-M08|`SX+sk<~z{#jwi)IF2b?-yK|Ewr5JdiTm<z!V83i1Vy
z&3**TH<TDOc!pfg>=-D2NUgM7Ef^RJgm<CMfX?4SSP%xqTg5gw_2>vd@Fd_awc#<o
zAPmAbB!9c_U9;eWI%9rr+v10k3#vvxEz^ZPLSTzv#70pK2+U_s9};sXf>98O07Fp2
z56vP0Y|4BfT&^$P!i0(QJ`mdgU^FAp!Abt5N9P7m)xv{)E>IP4+@`|#<^&jzGcYhc
zLp)A?XsoTopt1}@p9z6_*K9ZGGzAB#kXt!UES$ka5Hy0b5cl{62RVa=B@|94qI2@!
z+C#Jj7!5^2Je>b<$NyKgCi?xqj*6Jl{5>k-JZG}e=JW~v@B*OvAr`FDE`I6#MW?E8
z(!P_lAMizNmZQJVt!Hh{1!F4E?{iT*gFz95-GKdh!$K=+6Hrod1DZ|Smh-Y`O!O`=
zkjZfEd+K&dd~?mjQ-R%;l;Gxr1VSe&I|veKuz}<QZw4;*5=8;tkxkX~vFbL4`_oM%
zFDhO?SN|w2c031Cn?#ZwN^L$<>9WGPKql#kfP8BI<lGZz<H|4V4oiLx6?c-rntc7j
zHgQYX#^4&$QFHm$%)`&7;pBxc+v>D+RcbS$L>AJ)k{oU7%6l&Ww^;*Vm?w3+mB~0F
z`e5<~(me%hUcNc6+iRO2f7r&ec#`1&WHg|bbsf5?*8oYm{WP@e?M7zc4Co-6n{47-
z2l>9`rxTxV0jsd%w05PH1xUu=J)eU&#nhWGNd|tau$~@E-3UM@-Ev*>qf?j6>B_$Z
zgy;lG;H=KO*3Y<1TkGjVIEKi|QIV9>{u&F>#Ah|Zwyw&ls+z~>cl(#nP{C^<eyZ#g
z|J*8q2-A;#kN<0uR+X!%^fdB+9mas!DQ0|!_BrO-`NJtcFePEW9sn+%BCOBr&wXpH
zNx(O`Xb(0N1nj(=@M$IY8;}nlyD^Zw4vr}*emkj+L16|!g#GHuLZ&xBD^UIrjpZ}{
zPNE!!T9k%NV)sq~`7YHdY6*PsP5tH1y2B@SD9!5tg1J?>c|3SJ<20h=?Rv$Cg@W&f
zPpH{4M1(eEmjD2(!nB9!yw4P<m`A`ljb#GHnfbO$UFJjFwkNk26T^Oa5XEGvbE;Nd
z2^7I4$NKe$+Z_UCj=qlK=Eo}lXSCT8Ct;WP8RV0H?0}tMIcF@YU-Eko0NtOCNP=Vf
zv!p@=i=t)y?B-%<lnz5=e%V7v4Iv`vk%`4XnN91uZRY$e1LbMOAeMF<8r(}Tn1|;+
z5}KU_R{YhV1cr0Ey?9giLyCb#J)F#8iVZ*Ox%x@h^{YKE)V9LvJFf;ayr%(Yo8|#X
zi@MtCTFq1sRcJ_l0t3p}K`Q*i_D5KEn;af(yUE;^9o~`1UoM;<JS4@Wp#cE^oi9SA
z)ss_U!@Mu$N{H$Wul+eDT3c8O^c#QZ8xxn!R{GoG5ZEYPkC<Jy?A0piD6NLzDONC;
zCL3<WCdMH2aNkw@U~F{N^*GXr)oyEU$@3d9c)6+{rQMvrzwIFDZShA{0)vwra+R!P
z-4OOwOh9(=duRu+g(>=meW_gDi>-lmuF`^jha!EwC(B~PsisJgcgRxUGq!BdYd~&l
z?qcZ*b6YpI-{mEl`&hmfOX-Nkr_{CQ{((J-8uNgbMG>^`HJs#}+)pEFVn?_@?8Mk0
zVD`AjYra?=Y|bQTo-+_b{g(>TRFb5ccOv(QO{#eP_Jti+p+}<YLgG-ak$<1T5ry^|
zm}s`@1Q~|;4F#Ah1|3s5&{m51A=?JjnC&P20(sEn?igC)4Z%|DFAq4RI(>pZ+cuoU
zA3dN~RVbTX%Q%D&up6m+V@r$aUyVIvxQL}5SvS_SFo#X4Mo97zpz)5`4glbZsTLg3
z>MMQ^a3FM3fo6A_HoAT@re&Vg?2BASg=yjm<}ds_B6HutqN71)v;>6^n&~r@_6CE1
zlelfUjB*@0(AA^(uw{Zs114oXSK1*=#RMtR(<S4u$9Z_-Ugxr#k~MFsn1Yemgq_d<
zC_sKK`2Nhj61hE(>^+~hZRBI8`Ub{_PYaE{`;1MS`NVRpy1YQU!oi~P_Qw586u}^#
zMQ@8mb6*RU!?z_v!VV>2zL;kY)(SYm?kZFl#s}Yp)wIcJPam%KHt<U-hU{ub5v{bV
zOD4%q1Ivs3CNSJ(5FYzx2*M*+!Eo-&4-DRoJd%B1PjvdY@fZ^Iw%Qsglq<-*zGdQ!
zC!JmsB#&TxwYkt!-=_={QL5iNdSS)=>G*@~Yi)|TuFFSeN?cW*>TUU&!~!HTf6YH|
zkSQOx?2>mJaPL(tcs-q1@9EwqX<<Ofje5vUAXnyb62iy2cIBx0ZL(^FY5dfGfQMaR
zoMk33A%D*3uxjEveV$HP)?}rF(Xvygj)KzOz>#7rDMJ$90QZZWeUN<uc~dA12KHgL
zH!`vBWZvtOx=Zd69AC~d-0|0hgjM*21eVvx-)=!#mygzMG_&D2^yBc&VR>8Y14zhK
z0GmDx>K#ZC>^8NZpgJ>8eXn=Ueb0J-*pV`Tz$YEHghI<Tym@d3;^>4)M(WT-fzm+7
z#B?Bj1fc6*LQ${6Y6Kt-<%?p3Yk19M7)h9EMdgWod`nU`eTE^c7YCwK-KK{K`<HzC
zP4^#?g#fcyV+IJ#x(VKUlNhdNq2ZF2K_n9|0G)3?;KMXa^ElOFWhP+~1oUJ-7umAZ
zgYP4<iqT)bLvDw(Ls|(RGr(o$OG?>rQN?jQeAXSoBiwZ}$<Lvt;QSp$$W%vkoN)av
zKK9)A-Xo~D)W51}5>w~D7Rs@g;WRy$<upHGl?tiZjC#|D^^k?WR5%rnU!2wnV~{8X
zwiK*7t`d|V{3>JLDCku>IB|-fdh%EB24Vp1Tm*K!Sq_KJD}X;9DtSdJTRBBoq+72-
zpGJe_U!jn|^0QsP`wTdiM7#*@fJ?OAZYdbTu~)NB_DLYx;aDwH8Pswuprv7NSR>89
zR<GlMsR#DFG}BPB_;cKH9g?zcmsxzRgiTX0cp=F~r1!D6E(JVZyWhe5q)fvG&15Q9
zN{G|4U7GWC$5zv>W-wQ{%jef-%<ipBx<Y+9(}|6vRx|Z|9>V3S24xcA_&*)FZ*d|c
z?UJv7r$M9p19WC80uoVOH$PgLL<gb8p-;->19dC#nKg6Voy6<FtXJVEgRO6v>qcCX
zPN|L%zIgSq!Kr73jsZn|cDVo>B3L1M2<UZP(m3rY{D`OI;~4NZ3F_q+tPy9?L5p#n
zSv~s#4{SqHIK_$W3t&NAmvp^%@*AKDcQO0mc^F3~EwxE%JK1r*wS-B;@z3h%uS`zA
zrk_{6^W7kwvo0j!G4`D<-)eNvUYXqoEo;evNCkGL_4dXdj_0cW6oNimiq5mCwyaME
z(E3A@8rJ=t`-RMRF*%j&ZQdS_;H`bbh^M9MA^}x9i*vhX1^pZD7nK(st!MdW7nRf9
zJL4Hm5)C3sa-O%w%`|1Vvt@cXaHdFVhC<j6uFF&Vp|MP5f$>6<N8@=`wdHfoDP~g5
zVlJ1-3jJlRhl;+tj7hEoAcfKvv@Hw8yNCG-%vm^GzR}g6Q_QKiT0_BUhK`Pc%E{_i
zbT=ZdWb0wmWyBXS;{5@`CdWyz4L{${0mm8Xh<WwLJ~kVfPaB6{cpdNoLhZuhK2cTX
zP}+E}S4j%0EqM0=(sV0$ITj`6$^$nZRzsAgx<o|AVEB_Ie$mt#hSuGV9C72)oAS{B
zj2!R0@8#axdRA=wGWVj;pj=rRlKSN$C#Bdi+G=2oLoq5iuo||HG7_C#`Xj<BAunCo
z1VBL7AJy2s?LD=neif$1XO0-Bu0JNGc>u>h|3oL|?rW;kNEG7|d^HHA4GEB`&^^w=
zA9MK&@%RiyQnAg6tfWY*zVcPqx=Bxc{U+yHYzJxI)Ro}TsqLFY+x3S*J^GCu!nqoG
z^tnFQ2`H^^k@Y1d2rc@27pQrL<PqX9nsw}hCVaLcs?f*1s?pneo$cPmSt~q`qQ3&r
zwmto(J{JMwxX8=dpR;uW-j4-C<)@v<ZWC!4y4tQ?1OapoOnv-See`&6P4v@a;98VE
zjRy^xxSE2YC#W3MdfW-X5Sf*+G9@F(zlT%JlHIo0X8QDE@o+zR{HcgzwlT;PlYvsP
z$<}@2>C>p-0ZdaC9f7g@Nw)rH1<%HJbZ!fcu#B^Qf`NClXr%n3se;GEixc?0prmgO
zhx{iXP&BXJ?SqfiYl*PLi20P}_O&^jcB{L$*O8)ovDO`+&RH52C4~URFp}+RNcYOC
z{Ls5tvT*kq3FkgrIqI%2Vk%mR{<B-arkUhuAMOnH1m{b2R0lVEwLN_F!>mSZI7&Te
z)8XAqnd&dkUVr~PFAH@9flD8WLi{ss6sEpuBbNr}fbp6<oiUE<=}&6~!;CBG82>Pj
z0n8k9ZJJh%^?+?qK^x?drJhNOirz&;$nkymIp~4+AR^T}Cxp!g->A2uY)~JyYyx%)
ztj&hNC~0w7Un<c@cTbbeS@!1m+}|kIt;f$?reE2drp$gB=!@q(nm==nOerqaao#*v
z$T}uJjJ~`M$C)*=WZt=PT<W3j{Ca(OF`+!WW*%XW>KYnot6yBJlVx7kyVWRkP*Qg>
zuRhzX!}`<BdXArm^#_E5^`f8S=LTtfe&v=mS&^zwUv<_%O3ByhSK&0<><2dySGtj)
zCN+QZLa*x~uL)w+Plg;Hbrg=W>|;HIM-neVLzJ`E^|rxCAHVMppK^{Q4DPe2il|@(
zs<p>%#~Z3In&P_)4GpwL4c}kI>)6=C={iR_(fbUb*sa!lM;P^*(|Y$Q#dUKJ?-d3=
zGw=Vf`YZLN&0=Dnp>S~HcaklvDrgs1Gs}@`UoaM7E4=26DXEjZ_-+ET$_BLMr0qVf
z>Tm${(L(JgSHM#ic+9kfNm!?OH+YiM+yw+f_}@GI{Zbc1k{$aVa0pzu4WbN|yW=tF
z-6z(f$nO#a_OZErB{$h-sw+S5d)|irGiM}cX(nuwZx>s6=$4*+pB#k}rzLbC99S-t
zr=1V!w~<Nlcs0=ZR-*Rn-&Kt49Et0U<)yj5&;c`s*24*S)1E`L9#h%RE+^O&^A2!+
z^??MvgE%4I+f#JyNj+#B69N>v{<FI2;Xmc=mD2cnNUzi5Szo5tw1?VMw2vt-SFA~Z
zkX=n-dGFh$O@CwmfpAX+IR>&|^1+NxyOO7}A=T@4JPouT%TifzhY;j80$ktWz0jn9
z9kS_3&mbXq!Nl8JI2;j!q)K{%?dd%^v*wH4u{VPh9-*0J7A#Bvdyijg^0dv<T!(0b
z|ML;Rr{e0Pw=G?Pq{#~-qT!{|_Rt3x7&o7Lflo_*n8Iluq2s!m`{cf-V-j@-uk}?@
z4b~xtZ5~Xf{V~E0_x#(V_w&gsXMnQ1wrb9e@rqkoHi#CoWG+$R5v9}#W&-=rPbIz<
z2P^1mX8to=v~lHnZk=#!k4OMv%X2xLr&js_2T>!$)G#s;N3WkI*$TV<m7h50Ejt;k
z8NY}YHl8tej6*r7-Dyf=>4A3_s|$NyL>Al2Uhzsw@O<NAB=)U~;Zi>j?F}X2&6SR4
zaJq`p)kE5=a~%G~0fYRQ0pUxg>m!`#;Op~H2khH(lx^;ZI{GKtOA(%wXSRdI7Tp#Y
z4bw}6mjXKb_hfha{6wlXi0i-Xa-}xf<#sP!AFs#Ks}I9g_E>K=&p>D_5_Xqy9<-&t
z{bdKH!Ua@&I+UAuUA3bMNRZqPM*Td+z_1{Se={^z=Pf&OeK~*obVPL^Yk^$tJz)Ic
z4d14%!MR;CTAKYxKt1G%g?SeX(;EqMUqm1K23JxP;Shzyy*Jw=ZN4G(hPi&8?e=X7
zdDU3M@+Z&uwaX6oGE1eotzV(!zn;?F?$n9Aa@Lo*wKnRq?Dn0raMs_AYv%hld(2G2
z;D7t=$>ZI;ZgMZOtbxR9DTk3|a_VUVHg2KHoy=B7(;q)O=Z}qhJNB#T)8k@A_U4p~
z>*kxjY~BpTtW#msa|!Vs6=J+EB4J}v61Ww%rJX$Xuz9`phE@CN$hI#eNOT+0)_Atd
zQ<Y9=tCwq?IK>(iIDg<-QYS^<N9+7-Kb~^<9Fet{E?-(^tfW|N_iYpFTZ9*$ce6~;
zF}XdPX@b{%r6b8^zgOfH@Y-rUE^lXj|2#E{PZhWTjW-wgXo<jA#HL-bI7lozoHN#r
z#VWJ1XEP5xQ^Yy+vlqPWS%(j4G)e1YMPFSRtZ|7;b{wr419hR@C&j82TN^jbZ&+VH
zBR)D@yy<gpu4A&bul|@+{#k|5r8v!GT!b~-O6qC996T2nC|G0TV)AOwk=n*m=q#Vt
z<IPo{TU@x*Sn6R5NPiG4+1Z+UJQD*PZV0ug-U0z>@jD(xd6#=D&D*piBG<(T<CDr(
zamn*St>2l0HTDRc7+mxk_ghf6dpa5+G5eQcBDZRWgZL9?a0N-Be4AyqH0$)~fNo?7
zrm8pC)#iV@rP27H6O7fKY16S&T-JVcjJolNDXNjQ>~!KyPq;5n<#RQe&~*be#rg$~
zh)2R7uMb*=xx7LL;vEVEm*P-2yqOAeO7^UVFtK0(CoC-^)%GO9<Y2r@Fu{X(+~-Q<
zu~b3dei4|CaI@X2D2ZMgS&QP}1sVYA_{GGke9}FZE2{${FEE})LUy|D&0fo|)2ogn
zq-9?>n3$R2+clj0!mt4cZ@z$sJTt|J?j6ZzT{`b$JrDIQwA*qbuR^mZY?zlzsT@7%
zDfagzFlai-9G^K%WFpgQ=(<?6uPda9*w&oqMg=&%Ej(7_w-|1V;xUa{iw-1b_~QG`
z3H@H704j%he^P9{;M&UZ-jB1V%EFg#rR4?`lWx=wkAv<HH)?dGs5#U}8zeSWgywmn
z7JbdHv2*ixmt8LqkDs{`0ii3G$gPVgCjEO69u!m>Gs${aV37QO-4s9sQfzvaBDAvw
z#d3dyqqyN5;ak^y(FsCK3LA2`izL_t8-HryUSkhq%vgQDnF!a?L86Qh*{I0}F!?EF
z2$W5-ud?5@Kda75@WftXiUo{$VH-=8vqVg?Z${SV5yoSAnmR`{5f=GoWnCM*sV8!B
zp@cK-K=$@_^v!Z>FhUYF@39oZBk^~^w#mxXATK*SFo!K6acJvALrU%QWi%oJSM%9d
z9diMFImr!X&fMie{BnLB;(Xys-r+}LxvO#iA64H0)KuGTtq2N6sTxp_Dop}N2Wiqo
z0kNPE2u-RGT8NZTrGud<y#-Mal^S{pz1Prt4Nba)-v7h<e&4<Soyj<v2$^tl_Oth1
zd+oI**`F3jiFLo)q!eT1{M9I&#0oaEh}fEhRX!aR(HR=`+v44)b+xot()nfNQhC*R
zpz3EbYhhL>=NOxU#rTc|a7&l`YMY2!1%zb!kJ*<z#a%lrml5_E;_lFCmB*yYU)AX(
zH``JdKXGT#STUc>(6;@w5{&*^epvkd`nL4>FI#oO&~ZR9Z_@c+Lz0#Dt3qEFX8Fyy
z-a~NQc>iNkf~sPkVU;2ismqk2lP`JXG$hup_TyzvbB@+|1{78$qRx{H@grkvNW`yK
zgjNoKgxh?sF~^@V-=~~Dlm>|B{Wu`WZLofwldQQ{70~{YesfTC9_>o!2M4=eRr+aV
zPNeMtEHLO-6efFKj$qY%HA1oX06B^@&Dg7KY))o1R??c1v;Lyfwk4xn1Dox9c^Y@V
z48d+u)j!X&6!SDj6vDhp87#*dWT2d;mbRR&JKEz~7>36kSCyT#b(&*cLYN5>ijm7X
z4Oi0yJnm3U&1pDxi4CWlUKgKow9w1ASl!6s3naMuL?Oan4j8)rcGmxqu%ZMa2^QL)
zTyo*`&cryrM!Rl>cL-Lc-<Mmaaf}6dKRQeYTk*iskTicv1UeArXMTfn&Vpf5Q%2tt
z8(zywIKuOKxYrI&&<Pt`@7&9DQ=dQO*wJ?oD?QY6`7zCScv*-3B0~LmjlJJdTKLB4
zS^p|fnQ?m`A-hM8a7c36=~azuZ1LE+;8)|m$;Xd2+Z50nJvyhRCLBJ~cWLL%B;9U}
zPv4^_L|#KRrL}s#WV(iIE;IjR5NqmuC(cT@R0&am!(%%fC)8#F(_jD1jNO)?u(Y$A
zA;g@=d|590Hx}-Z&KKY)->dc6lHc%x{}^9c!=_c)C)Xs7@15*Vj8MrV8S~2X-H&$K
zbDyU&N{!3PefZ(-+z2V%`L<o2n%&=TySvV8=X1D-aFN>&Ii8ur8>A+22b|zfn)>W^
z&FRTgU8Wsg4I|S~6Zu=n2@$z<ow)dE+x7k`k$2(lZU+#Fn*B%BOI${6>p{Iy^2mr9
z*?#^%9R~|kU?-NYllsYH!iS}r3M2cm=)lc2`I!m|phRw5$JMc0d6lVpBL-|F`ZtZH
zD}NbUF1)56)aJ1<#_s9R-w>$iGM55K&}+wHXl;b_yRoGWIiu8bH%*XR#ClTBV8eQK
z?>D=x)?zpDsFtbZ<*U^~4L3c{wMsYILFK7lnVIABt02qo8Pis)4SAgoe$$DwatSeI
zwnOX7&W7GJ`*Et76;bDhKCtW-oSk(I(dh?EsbrQFM5AI6UM-(wP@~mTD`8QQiW&dl
z(bL9P$zL<d!9OiGBX>5dlNltZZ~lvHViCUYAb&i?K6Nj&iDy#Si+O7cA+^C0G3nyz
zeX<dRKHPd}WYs8G<9QZ<JV&KCcYkQ$_E_;c2xGR3y9stGT=bZ&_B{DRy;{XL40$F$
zE!Utp<>@ZCL^)x-HQ_N@o?$QTseCZ}iZ9S@yS&vL<-F!4vkF?uv8%Xdh}nq!Bb9pm
zId9yqI+ecF{<<z-@Z(a>kCoXM)@O%gmxfF2rw10^oE*!5T3~}WtQ<sk=UC1q%Z!+X
zOq3md?T*3oq~sHlDvH{FEbL3zrJaDjY`9M!8y<9R&{s~<y^xs&%#wf25XoJjW%&9*
zZSh;>AzfKo;{4`X@-^gi6Q+2;TFCBunD}+OhEB5Rj4eU`Kq(q~A=a`#E5KHV!|g@-
zHxmT3gi%erOKmY-ZbIktHNbV6W$cAv=U^>I-lVoRZb5hS#a_^(*ViVHvuD3rJqQ2J
zHr(@`@>Ou)TcD@)t>m5fdPEjJV`mLa<6O`J74P*mg1mC)E!+VQ7Q2iX?dwjBH>*<D
z@Hv}3X-Z14Wi5U4!#Gbr^<EXQ?tKY4>4amSyi(jUE~C9i9<U!b|MR_G`Ro!>yNt$k
zExTgncbx&FCxKqs7v?n4`YP30ajjsY#&{hk7FuuCnBi5H#W6#qEOiAxz!tfdWK@?y
z_O)@ot0Lnp_7~b8OGeJQZgK+lHp7mZE#||I&d`fYS>?<x1q7}y!<r*YKhWlqG1}xS
zINWZPtKk9bA0?ox%5wJ-b^y5xDuFTL1eG3cEmpMb=KRqtePunW8#k|0b2KRWV2Nax
z)nR?^Q8Yb+d+2fiy<wS|2lcREexReF>nz!lQ7zSJyOSV(*GP6a$~w<S+rH-KpA+<H
zx8O(V#X^KiYq_%LPj9iyac*9hM{=;uckObDht#45w9Z8lJ82VTU-QUS_Suha#YL7S
z%?mP?3Cs~9YF+D!jl>TE9G3Wp0^yXWpVXgCTy>P^b=1Y!RxTvS(*Kkne!M|bHn;=Y
z2wx@76+)9Nl^N{_lwW<#aujyd8|O^*p#A&%n!$+ekJ!4A`}Sp!q8>%IJGsqOtW_#t
z{f0Zk=^2!N#rKnjUfd^)`ffAo^m(yKCtt}nrFIQZJ4JZx4I{nT49c+$PT0gHG9s2b
zwI;nKz^wNWZZ$F{i>@}bEgsZ!!WVeVA?Y#6g$v!2ZmV_+PCs(W-7+<=T%**O%q33d
zlF6(hs9+9tvD<gHpbO<+kW%*9Us40~P_Rd~|D;k`3MPp^Np>eYC)1Cw<xWrMRPDrW
z4Ae~{MdXskzUeVddn|bNp9+T7j2rAt*e&m`1>FYgjvM3;!bT^>yqC%e^fd=6Pg{_q
zC)>wuvpf!6i!QF>fA#B6F8eGYbLU7!@5r2QX{h8|egftLkQ2ED7yorrN`Ff!uW`U<
zPIERv@;>o=9blAnyZ^mm1W?HxT^ear)0Yoyo9#tOQoWD*Qv>lb-(`V@*A8flDQhfI
z%mt4V%61oZ8R`20G%Rnflp8NcimB63tv_i3hN<*>?h2S~?WP7xOq#1<@sT^5X?(-G
z4ZqrLSI)SFfzQSZL?*lpwT}nNVix5)lOrGK2G#E)R$i9)>ks|@`Z<fgGTHg;if79`
zmm4*zKd;q99OmGFcC3hj&a6)668;@2#_x{{$bG#yu5xz>=Et{>oA%q81e`-{dQ+PA
z!NLvt*S2NnH;s}JX8{eO%q%CMfo`-;gZ?f2ot;5oTslA<xA4c)!A!0n_FpXkBwqh&
zjjT;~FtQe8+TamS532zDW_bqMFsPs0+X3PNf4G}Tki!0IbHd7f-T|a%t{+nWR?0HY
z9?)qzPVeBSM{7|VIr<hZL7O^8{Sq#ev;56{sHLK(em_>~(Mew1#gaeo-BY@>>i2WH
z@_PsIPHOmb48z$t*qct?&QX1L%-!-nRn=bAml`(v&5b+-Tl$kGOr_pIL&g2}y>B0H
zKhqlc?j}*#gYY=drzY0BWi(~f@E?#RIWXzmSbRbOPaJ*OHNJuZ3+Dm&Ly@d*VJqU!
zSsL3}VvqP-Ekh1xygNm<_k)XC^&@%F&CBO=iUJ+uS92WKNk}_y?>_K;@7UroRFkN$
zZ_4XH5Ve1l&uV<=*r4?!6HM1-APUphs}cV(8t}oRQ?BM=L7U3cp`)3P=U&l^A)s|!
z{#?NGSedSy`=<8dm1BF&txC{*okEZ^Uw=vFl$@0A#(sm66#Slua9%KJR!CVM*Uce1
z3JVo1IBsG1W@2o7hYeq<Eq<zjRuE$IN<6oISe`d^6)(sb*NN%x6BAhHu95WSoBJr3
zqjxt8O!h>Ys2{5uL^oz)ZZ_%Wy?E1N<J`LoEXvP3p6A|dD)+ub-~}e#X#3}9D=&mc
z*^=&i{<y2dbFr!=cFpq6y3C~=axebQO%j-$=Sas5-m{4?SMJvwJWCu}sdH{>2;%18
zjxCYxg0d)oO``o9HNCvK1YqnEFKY{~)ciWku?K?+Tn{GKxs4i9>2Gj)ZLywe>Phd7
zPoIfz`6hjt_wtdF4c~3x%PnI+WzO7<B8C{f<ayQ+$DU<|NFgqg<onLhKXB~$R?VRr
zuF<hFUE`hRE(CenDA0z;uwE}NCqM26qrv_*mHqYACo}Y7w60B7rp(aJRyaLUAbksc
zr443Z6$7(}=sRQ=l4f)Fh|7GN2YTjbEg449)-(Z9kn`7w_6Li~u<eQ53ow&2x2(W3
zAR`jMoTzJfqF~^;shXcmD`Q}=aE{y->XTEU<QtPaEel9aP(tIyrj$|=5jW!?!&qQi
zIfP6+(Gxja?#K@4R2#lh^Zs)@Cs=xkfbcJ-f{tUqZC}e0G;9SE4pq7#iS?WMrjX4t
zef@?e(<zX5pX-8t>v2F0H5Et}@fZEm>Xb)N03?AMg?s#)BnDO&lk5c$aSX%PIz$Jr
z)-W)PxdWu1nESsn&k$D!LqTYx4}!vR-haD56X@(sY<AquvxPwL@B=iy{H+<Ah@E?~
zrH4SIglQvD<Seuj7*ug<#(M36y3IGY^slr<!0mG`qaR17<WNoPntt^<5o#{D9B%kD
zAqh;Mv~~KW;&bML<$8&uDf;Q|gwan}?+8{{%G)Z)6F)w-?OPnP9k=RWs9$D@H|j&+
z2~&x2flI+|8@lry<?vOdQ9urT(rrakDn%@x%VK?rspw<IgE=2`H?9_1>|Wed%s-Sv
zz*;ZE7i^b{0O*O@XOGLF#}B=vSHvXz!&@)r^VD^&p@*hf2@*9!+_K$4z5RwnL@XqP
zu4PHYT#P+FK%s~RHJe@7t(Gddrt4#C(<@xk9UM@rM{<Z{X^pi93m+OZ*oWFYycg&l
zQZgTjdf2t7dVj@cpGjZK@`|>kRJeG(udMs6^6Bc?K*l~9)2`qQ!7)8q+~2(W?SPv%
z3sEWV^ROK|BjZLUSg-$D?6v*(UJbgFe=ISKRkcIk(qZRc)bB<t%}Fw-c5qk9&POT{
z{?r}uA{=xz|2DTNPRYRkYFO2QI2t6`1Tc;i;$AQ~TYpVwOvzF+qkR#3KmT0k*gJf(
z#cWJ@yc&?=v!hEYS>$(SuE3zVjf92m&&7T5z4tfWWZ<v*tC0}F$hfAE(&(I?a`F%G
zxCIe8&%6KzI-kXUj=dMnUal@7)cyVmw*0^>p@iak`BTT)=1@@yPJ!4mHp||RZ4WAg
z3&gfZM`r`v3nUFal(+;WNRHX8w}}2J8srEWX{oz$aonx*KTIXOxGdw#zJ`HM7|Yty
zf|wHzN?UAoMudCKcH52>&>y1$?tzouU-9t}s<c@ypmSsUaz+PydzWe6lV7F~X7qiP
z@Iis3-_rB*r&i6HZNHv+-l^Ng6z!Tg{&N*N|3vHzqF=ryiD|p^SzF!k3vv=s(u81w
zm%~_Po68HPn8p1rQ`JDvH3=U>i1l|8<jMCh3#VCpEyZ7%L7Xqjihp^bd^=MOP7HZE
zNSy~l91km3%OmK<;Om{&4|sN(*}4cyjhX%cWDqAW%E^D_9kXrI`hNYfSO_-_bNx7p
zt&*hG?$~J`g2MA7$adT%(vm4Cb1ET$nWIKlfF-Whd|RX?{rK6qo&uMX2n`&=>NMUu
zDZ867MgBBrDp+uChW~e<=>Q63q%+dE?%x|a+J&F>2v^C3rO0v>MG2XB+L)Uk_lN7y
zn!T1k3i0?E6|lz8wZZLu#!%{hbi}lI*kY@D6zKv9DPd<N!F(+BrS`hEJ<dG*#{U|N
z$HP<GwH$tb&(U+j^dvd^0e=_iqg-r!a&Z&M9*1w}6$1b9de=AcsHu}Zc|aeEjugTr
z&PIv6JleLwPNSipxu$<<n|<DVLHIMC<jU?sfc7588|+7z(B3OS(%<BTgb+7UDA$ZJ
zrU^!IbG`H=;oO+T`}BC9YP5O1yJEIk?5)0h-z>=|`7*ug=%m|aW62-{HM+q3RRfGt
zqbX~x<9cy+&ONNyJH^keBH*Y-MctKl8A@9rt};=j#(MUkbyE$tzvwIIdrX$ug|0q4
z3&7m%`BL%I26lBOoOv{BXn}`qXjC|v;5fd7pDbaZZE?E5u8|KLI^M7ZpbrOQ`V)fQ
zhaEP=iOsE%+@)l@#shq}RBR>lOQS`yob#t>KDp-4A+Hkr%+_?1Mes5rrR%`F<Jp`m
zA7445K$<sb>&aAf*u!Y#WErw^(R%J|rXrdiml0h=iDeCz$!2PfC@qL`s0z;GO}>Ws
zx#aeGU5wf%WiV(v0DcRy#`#g^m5zSt0kYTgE9MARJs1ugu5Yf{Z*lLaN-6vZ%gSbr
z3LqXB))rsa)Sv#NG^gs;Y{QhjzR*nuj(^r68C1n@R~UiQl@7jwCksB!sSdq|VbpWK
znSLWw5bFM(arm@M(>b)D&{qSDH`R<C>Ne`jH#A-)pQtI%8*_@DbB?g+D8{_pJk1!x
zYOR+m8knRR6)y>{=WnSpGCJWuHDR4Mi283nYz%3+j7^OCQM@-^t!fY0GRH}6GRTkC
zLc?0_ncj8=>Sw8e<_Ey3n!>O3FAgP3af?EDI{5_pOw8ofVw>OaeoNvKLnb~UF<Hjd
zufU`em=RPp)$NRORiEhvtnbqfA0JTlCI>)o1jl~kVSTtW^w4h=fjO*d+Wbr4J9P98
z_LGg<>cr5y3f#YkS4Z%0dwkdE`&+=j-hDQD8a&NLx_CFc3wJA?9y(qq8Afe3W*_y9
z{{F89fCYmux~H9KeOybRx4m;^$`=*Sk?*|4^ogcO@(oAp1OP|T={H)Q7YK$Xe(Wbr
z=;ZHJjh;U5IOJ$w4B*`p(srG?FRB*Vrk`58|2r$!T1XssyL(5{jftd2m%r=sHKrbu
zv-`?N#2Uvr;qXj6KgE1Giz<)q{oMOOrs0nY0&2f_s`%iDfEvj^hbR&-y9wy5Q*vp)
zZOYzm16SZ`@C%{k@>uhQ+I3L<SxX`xWqZQZF$eVAUCaWyku&eu1aCbjZ$fO7CNKen
zo#TFD`DJ2DQnN<INaGEORmte251h<Y<V9^nQ(E!v2u8-JgzG?@0}orJ$G)8<v%mG1
zyh!5YMj#A3xlR376XLU<KD8i7E5F~z{e70$EoXeMpTy(|U3=A*;kK7FhTB=mO!clZ
z$}9Za{fUQVx;!Cb&lEAN{j>?STWgi-^v6Hk*wQI>HIG`%&=|X}BW?%;u!*O6x9K$p
zJ4tvPeb8^=fw`{U#%HJ6nLb=R$A3KkGl~00Hik)DWD<YPR52xIa!qyqdX~yQODs;L
z+6u5i_8%F0pW~|md2@C=xZLJBMdTRb4&wk$HIE*~F0fi5#NG`zO5jz5g6wO~tqK~*
zOzE;;H?wURwU;=g)7y+mw#RNxR%8xog!BVAD}}C(q)pjvgI+~0bH`k>4%y8qs{Tjr
z!&_EfN30~136})ljIkq9<+{KRT+{lw{Puw}LtlAo)6UDtefae|w!}7@v-}=2&~+wN
ze`B8zvm{Gn^dC4tH)l)9kl12s(WMSi`b^H1s|9H_qalS`&#Sm^0(Hli0v;rwHj&n?
zP3e?L`H&z9R0lVGDJ(!t+qp*l&TM@qsTrJx6B~dH2Pm|eR3RqAT>TVV@vfy1^iX`M
z9&r?Qctib#QL|#7r6WWZ$~cBh;$}CKL#xEZllhL?1Rr0*KWL7(#ql(lC@|sN#~Le-
z)VMU_BZ+L!abNv=cqp-N$v1OFcLJ~(@}{#q+m?e@l^KUpEtbE%)}wo1xl~Jp#&&do
z8Se0*>cX{Z9ML9-F;|<Y+#%$njcvCUZz&o*581C%TR7e&I`$u~ObE&ZvO9E^OS;Ky
zc~_`p9`10S+N1JocpB%zwoHc^`q%?S5LC!i3${S4<y=#xl>KKhU)gY^rwIB1WCgX~
z^-kV~x@v4Bqe|PpkBy<=<>szGj?dsqjt0~*;-R69Rh&?1Mf5m$^4dy{y!oK8KrnFf
ztv0xkCQNz08yoHnfu&-1bGhh}<TIyNXw1HZlM&)QA!@C9t|t5+MNbg94(kPvdV{!H
z=Un-RA2)LgGC&_~GUL)UgOhUfOLP@1Ji2QAbS9V~Cs4h@BP*x94T%P!+@unGUti|#
zlu>)wJz`V6olLdVQg-;(HVuN}uTZc2lD)?i(x?;}B171gsJ3Kdj~H(*PMdO%jZsZ0
zn`-fKx1K0*TV-Av)s>&)?7<}6QIhG<m3K5;2#A+zeoQbP%5QCGe$WD+y|<K!zlg#f
z8q)B4WzM;gwD34+Rp^y(o!^-afbzfJ;zcr3&Cci~a=TTpH9h-@|3Sb5oTu59{TG<H
z^$2&N;T3iTF1#}8avl|q)kKf9(sCr$U5&}+jI_?cFn@YiX0tgh`R`4iuQ8Up!KKcj
z{A_2kU7mu1jrbGb^wYcd$?)nAO6XLH>mG!5xcDa(amA=8!fQXbyubXRWRoH7ZyGbO
z?(MGFgxhA06aKNG67GS8QXgF@TM5NOid?b#VOBC+YlZhrJGRArP||c)3scLc?zz`X
z#oSzIHW$yWj-xdWJzt)WdhNqm-*!%EwXDmgDP}$2O6$XEHKHRBX?Y<dCtcH?(U0BZ
z?BOI$5DY)Pe@E0tZ(}<8P6p_U&=h;z!j<W<A4+5i+NxXv@uEd6AzJ}aA#78helDgH
z7T;NI>wlel(gH}3u?hYiVnM`<KDaKfdwco~M1U?$yv^Kv6x?x1u<Fgx%OGhMY0Un^
zS~G4c0ded*#3)hxX)laLo8=!M=P{|CDsT`EZE3CKs@Lj2;a~`D=sJgkd(9^UBjOLN
z9tfk!f&tZNBt$M-J2FHXNjKf}O@=r*GtcERB`;H@%cC2?8imU*cq#=|3BBU0$|nz|
zNo4I0H!mfB%0C013^%<g%s3?F^+wVzmmn416D2x&HUnMLJPEf<^bZpZw_bc>cG~No
zQG8uEXJZQtN}#HFUBUWfQv66uE7h2dRy`3>OZY`$v|qk=dhl|?(mz|9%l8S$Ld=QY
z{!mmfc}=A_R)8<Gh=^urI(!!s?NROc7-_T^68OyYI3#t+3nNJ`EyWz6vj@PsE}Ra-
z1}+&jDS#N_GVKiusi^5TEOjk=6QL!=d92Mj&IbGPeNCzR{zeM3sX+Z6$92BMKc%RT
z*$$n1ma?!$r%z;1sCYi{_wAYl>IXSHaV*q|P(vL<lzH2%8VR~=63a>lr--%u{4vOP
z#%4?7L(>`bqyIv%P3?MR2Hz4<GAWn8CMh`5ZPdTUHYc}JwN9GSLn7;aus89j4I*Vm
zUj`k>4+xWdA;$<?^oP8R)n#h()iX3!@ZEZr0;k~^<Y*OrrCMUp{AF&ClurK(6(}+k
zwpd5)XWSL*^;NdBU&vegd2ow!&eDhP&GH}}1WyHX=v}b~vMj&ffh!rhKUoo+3%|a7
z{y5v(RK^|?qw-kV4)hT#T@KGJ|B=qneYr6E4my&C4<?5NeNdM{5$AU#r(z&Qi*B!%
z@3x|pQy2<!ZmR72xUCwkmVG@_amtt4__m7b<SmK3Blv)$z6->lo$r;S8kt~;2wD9c
z#+J<o3(oU_TwNmDnBLXDVw%Psdv&`Wpfh1g#K30F!#5!CC9=Yz=wcowkZ|GhN>$B(
zh%-SblDjn&KaD$nM6hMN=6v?rdlmi79Sm;a*W};N*1PCoG3)5=lT#qCsE>|UFwXIB
z9)6p`>VY=9JJp<k-scZ9X}1@lCBURz=GBjL6>XBmG@7{EKk(Ou@!r<sUy63UW>q*V
zBhF4Yz4PLqb1GO&$$p&H*{l5IE--e@kmTMn+3N@y;!_^^<H~N*1l(F8J#fg5*;8%2
z#kp$jSRxt8H$$HfX@v}iO!I)bU--S-DuAg+iQTf;?>|`Zw;6*fcNFrmc{z8l`q?lK
zdPP*Ve6z>)4Ebs-=7-V@6`&G^szogLfx^iOZ}V61E`3QVy#wU$any7+w#Bgd5n_&2
z!9wHv9zJwgqUu`QQmXrqySLS%kpQ=UTl#FC-e+Ny)>W&!DCU@~%<#b{U)9Nl;c!Rf
z8oR>ccYB*&UebgvvFG)$p7=(u_2S{z^k!RIj;T_IYk53|8FT4bw=xsw^kw2t%)SLm
z2<m=hH8A|iB~Ngmn`;h~vgQ)`MC{;GItEApz+;62_#~ba(ZAtzuKlnq(aSJzdnaMa
z;6ECdO6LMh=akx}*|8Sd9y+vJ9fG^$!q2P~#j_E5!2w^Wa08GV**cLSWjzeW=Dqb+
zE}|jF`H${gqcdaw+ra6zw|QwZe4@UazKWjs#0<5@AEkGa<D?N~t}aQJf6L0LPR-Qt
zu5@^lTD_BBVs^mmRA1GB88yrY;G95E+2s!AOmyHtd$^AvB%#L=wJWYOS5|@#ykK;c
zIjd%eh`mOlHNDEtxQwd?S3Zh$<NhA>SPZY{(3p80mvN=79dV1Hqo2E$_t9{ueJVNK
zLA)ASUD;QfEVM!s;5FnQE_`{VL8PP8^;_)1v1Em8VCh)`jwgN>;?D;*q0y28kzfY}
z`k*|tbr;7%0=am6>tcpR60Q{Ydz4+x^ffbmGW13fnV-!h9|eTq+~V7L`O4LFx^-O_
zEaH@~*JLPba+y|JhUhye1-BIyv~yn*p-JO^Xjb|{W=k0@^sFi#R8Y1<rcvk(`K_Cr
z?d}3+oVz5%Wb*Uu^f*(S!gMtX8!1*2XpI^f0ykUJl)kJU#Oi&{rw}a=lxFO(ZVVV0
zB~6I7XNQjKrSSOe=`a$oDYAkD8DjVHldyAZK<OU6K>q6iS+}>ecLDf~Db~fKi#IMa
zBn|4&6>d;1B9OyUwg}Dl3eU@6Leq2W-Y+tq`$D9qT#9Lm&wwa*g7uKHzdqb7f(x0O
zR0)D(VTXfu=#4A8Lp4JP1zGgU%RE+*l2{!(#CY>dSznDClJjJ+?1-iUEcF3E|Lsx-
z?~OvU7Vf^cGJboDu<8kEolmq~BF8^KnT|K>c|6Zdb_A$-IK2(Q-Ov=ZrB7SG7EWwC
z++(-07bkKuH&jf&ifpJRo9vS^21NiAV!OAi_p*xrcJo7}{~1r*qnHrdDJt+)Q%)$m
zj|Y{BO&?F8+J8i-B<$blpntHqU|^Lho3};6jHg{t1U}wzSB%6pAJt16Y!fdCJz!rA
zq;7adr!`5vbY;y}atwX^IaYE3qg!aj4~Perw{a!;pLENgpV)lashrfBo300j?ddNI
zA$M!?M}a7BFSY~>IR0*27J*o{qyZem5p&cOIv0_EN=;BQOBr6|jn@k1?^cUUP<?)^
z{MDI+){OGpmZ-eA`FU7k{ey4kSfw`azX7QHb^U^*;cOGLJ)v$qT|KAunNjf(sp(cK
z#SHavSN!CO;-?T=Q;_ch&j4TR$#x2h{}G$B$n4Ux(MHE7(CTfo*Y?OJ&-dqx66g8x
z&yFJwRvW+k&>g2?)xK_Y{@THcsl&F74;&PW?!aEDx#g9}`mlo|cU)@ft+Z8p6ZQam
zTN8<vTlACq1^YlOmv`jQeB}Q%W(D4YZMF9CpphNJ;&Ld2=gzt+Buh_Bd=PK|J9791
zS_&eYOTPVf%u6|4#Ya4n1+a0T`LjW4B6Mj=EFRKzHtLVUw6cS*v77K*=L!#@XN3OE
z$0a}ouOseQ@P?PEu*XY!LBb0t2-z9g-yCh_+0nqrB=2QWGvNu7$qy7b@1Ka$(v;%-
z``GoB0H7?)z5oURrom`gl{$YN74Z0{zT!bIx;U%~tA7CCWi?(_8)G{Wq#fbfTdVAk
zf^`H<-$NL0Spox5!L@!U&abwfs1X0=Rwtjv6zX;K4`!fKdJK&Z@xx}TMp~_#s-GnT
z7$6_*Uh_h8>KxW!Rci9*mQfBX9oyGp2|J~7ytp`ElKHB%TqJLA%=e+N1xCVo)Dm&D
zyBenr%2O`!1|+?g&y*;o?yqHT5^A9(2QlsM>hOy2T<(}$A97<`CN1vlNetjUtKe_F
zpi{|TK{Wt7cWYL8b<f79=8qdA@)N%q##t|F^-yh}1Ze;Ts;+`<5|of3l)9AK{p$ml
z)V!s;@7GLLN40ZpX_Uqp!pRc2AT!Vm>^*t+NP8&-i>m!Nw`NV5t3(VvVSAY2mhJjQ
zL=FAv{oap^bF010=7Nctc3ZLYlq<CntoZZogH1F0qRr_XR&T(&M4tH~ykdWC{!_P4
zkp_Amn5if%wE0QAXKPnZ4}pq+^|g;=tjEwd;f6L8#E(}fpIUS$>&CkP(d9lA!aoAL
zyw_*#vAzVY^6fmh!*!OUh}i<k58^_f++Arp{RL=idf3uX^NyWn(fDf6u@P@1bBC)O
zSmK9I_OLy76)bv1unV^Aue`45y{7`)0z3y8EUPNS)gtfIbVgZzo*Xl<>cE8!#!ORz
z+r!k+-*W(dlQ|Gr7LD=2A}nsU92CNQ5%-!dD2PCP&`f&2b*(ui@5d7DW97JFuXyg@
zLQm+!B8R`bbiTFOIb;c1KO|r(jRB7??@tX-@P#6R$=r+hDY?pI0Q>UodLeH(ZD)e<
zR<Tf5tWt}YWaj;6{Jx#`%;RR4>9)8?+P~E_)ZFqU5XW542}DG|R@+itT+&qfqKH*H
zg))Ng1ryxpnV+x`ku*U$;c%Hg?FLaHp8@ni%1)pT(O@{BxtA31{OEl#N7B(38LZl~
z^V&;w8M<wv3S8_j30szmuiC>Jv^I;T6c=kSaDmLt+Qri4=dQZ<TRS%*R(C6FS`{ri
zl~OAud_V$atSO@AM9~)m#!<g*Qi1!6)>wtm^5yB7I%ebn*uJU0(MB)3LHAz%ORGAt
z#BV3v?nb#oGqUJdBWLv6V1PX<{t!#l^{?|~7&^D{VNWvR^ig?L>At&idxai-xzLFq
zjlQRyI<i|v5n13{BuNE%7FqI?^;U~*1Rlk%2-e#GV40$@3!n-1rU_!o5Tpi!;aKfS
zRYQ^L4P~`&rRG{m?;}_m&2Q_DrTaG50665ukZE-ipk2@kpdjk(X4Ub<;N~sB@TGxe
zBkNtGk!;#~8_Vr>>CAEK6MBR1oo=v+;ZZk>n(gDk=9{@!DYg#nj_ZAd&zrypkQzr=
z_Kt2XJhG_@U@A7)K{Up8d8&c2My`A8kBL}#5*Z_YSO0|x7m8h^ok7F`0FG>&2sq_X
zD4M$LkK9Z9)73llK%q-E_ifd-lNW5J?JfW<2P&Oy|BW4x$>k#suvy81SWmO1O-hVg
z<K=h$VV|LqR>^D7a{eV%rgq?L+>7n#4<9|vz+mYjd~nF71E}soiSt?WuKkWIC~!hh
zgNJrF2q_@vvii$?LKWGt1ZXq-Fs0+OR7n#vE!LY-F$W5givcM8W&KDN>A#G(17dVv
zaZU44Je-^JW-5yn{8c^uKn1cEaBBm;nq8=wFJtff*o&Smydkkh)}F(z=;gB;@4u-S
zCWabZYhk`pfai5i%^5V8!T`d_p-HQfJ<OF7=YLe?)u>NfF5`boZ{m<;_;Ig^ESMKo
z-6fmHq^U0)YwOP%^+*>3Eb7AQ?X^I_ZkuMRRtR0qjn}`ZAQ3qJg*8A=jAF`ssng2P
z{%hWvIY&D>r%{Ka)y(cPd<^A{kg7S`%~MKRcQMdcE$n`FSVo2qd_p1IHk>_g$}4`X
z(Y_hT5g{WSlG<>7&?0{|D;|-u0np`&&Iwy@?ev?McXa^<pNtQnP=B&hXw}yG?26ji
zlY`9$E`8X6#E~DYgKqHEKMZ3aysut__tlhat|8?amKUDM*C+BHq2?m3%DuTPLiril
z--sZX6sy$I3_%I=Xf(WiY;DISYJ`NKEI5W%0#X>_lzMmeQIfEPWci2sV4^jRSz?DH
z#9W*1eH22h&OGBooXkVcbOq|e(WOJI%U14STdA0@hGTeBqPx+y*Rywv1x#2wvDxLP
zGFBVIb05kOncZBiOi~EV_N%=XhJWb8I@};;nyI@g)Jb=<Ty22i1iPKU^;JyIJjrR0
z*Nux-m8+IO0=go;Tt#f><5uwobC)Pzs)VjJenY&fwPryX_jV{krs@~$U)9DG#<0M$
z9}1}z1LtPT8+g-3L5F~Phf3KeP71m#tQhD{81VjMX(^**36MDGt>${405`IyvDF+U
z3(Edjm0y(`6<O(S*soN~!H?Tdbxk0qV^Bqz1{ZL2wh{KMZVQ@DF9<PCDdLIe!<O7K
zD=;?O#aD#$wFu_{f0fz0+*fI0OCMli=LdIhqkB5X%rmz6JDPK)o%wO|U(^*-9r$yG
znqZLMW<n(sBMS_3B9s<4`}KDxy^hz@D2tlF5&YG<PP2FQe<iyj^2LUu)YwI`7}ph(
z@20MXZaNZV)Zwtzh&9izQ%A!h0-sil_mcrRi?QFZg0O&cENj$(!;F`{fJ3q?FlYlB
zLTM$b=(pY9Uds+Yc7J9J2qg&GSmPvF1W8*2-QL_CXNpkzpH!HE<dpN4lJ7W8;LI+;
zSvK9k{)m=!LFqOr$~u)6Av>H`27WD<`-ts+qmCGK^nBk!B>rlY77W`9xggKF)439>
zV83Z~5_t-z(Z_FZ%Y)5cKly$IPhqi~xOC6`*)H7ZSTBFxZd$6@2%?#N|LXnR435;)
z(>2Rq`!|zbw4MQO<B@G>hIw<_5fe1OZ|#8VsQp#x>OpN7ComVb3|5*PVL6{#kh8=m
zF}1+So%}%4&l^=Mo{$Uw;>KKVjgZg&GdJivT}w`8dk#>Rjh|m1SMz*HE4AIE98nZh
z1HANbq0Xg!UP|mNMJJ3k>O-uhbH~J&0HCr4>`o!JBKXYFo~H_2f^sdUO8|G@i~4tg
z808k)yOS-S#W0j@n@6eAWz;<G%Wv(wah#ubRe%7Dd<@8kgJ1XllSVI+sZRkAYY?>R
zwMsUh&D62`AF|CB`m$BoUo#$g^%Gv(C<w3iNmFrxsh;7DFg^KC*Pa-b%J<)AQgLvt
zjT>U6v9wSU^X+srsS7(Bn1AGs=W8Jw?i<)0;!etTY&IWcZ$0T>kLq`>A#SWmCe`E1
zEHl^myP32YxaFu}gUZPXH=%cmWng@*_c!keG9{HPAAT<EBZ$jngs{w6?IrgGoQS^O
znXORh@AD`iw6z3@!zzF*`mF2v($La;p>7Ar$Tr!0yQnBwe7hd~-GVb~->PIp>Y(d&
zuVpVo@o97t_pLCMM(*?PhqkM@NAFWFI>WNyl4t9T_Bf&283~g7Qzi;Mgyz_LCfI)O
zv+Y!UGpNWz_zmnIcCh_B&orKq`%c=)ukZVYtlk3Uce>p^G;6wpGEb6*wzpjccZC6y
zti?z+rGjUE#_fI0u?nU-jSCa?&0G21W@(0(zhrC%+e*=}&2@r5LO<4Z6$U_C{h>d{
zsA1);FwuG<sV5ysm_}}KSEodS&ZszsRm8Bf1IefpZeEh>VGmcZ0FWS=Tt=xgbnZ3m
zc(vn#`RKcQL0h%Hw@DDNr%g__{B^k@C{JBp7XJ}(F06$qC`9)a`{B+}AJI-qJr1={
zyy!-Y?j+{=j1tR+aln9uSAC=)FY)CEmY=0(yP@cBk48NEA@mmGbd{TEvIM~B#%Zi(
zOH5Al9N;yjBgXV14*~z(4D(4OUKSyyCO3?{Srp*mpP=FyuENf^i3NH@(h!wZJ;nbo
zC^InIrTm+^sL+-O7C^mbNNXQ=BE4M=w5&OIvPSplx4N7AUH+-!ct|YI?6-d_#~x2e
zzj(W4BD9!re*7v)d==Phyn&(9h_}GA?5#zp+Zz5sD?z&X++u}hlNVIafV<zu*U59w
z+$gf}kShD-BH7}br*Zr4=)-`rGn^<m2-vfGP-PGE93fU71G6Sup%?WYpH7GJ4+i!{
z?FTXRj<ziOjn;k{sM!E|$EcZ@CJZ0H0L<&V<zbY9m}ev`a+*Sr7}kNspLkU)Cc^a|
zUiixNA8bu9n8!1^b#T}-!WxPW0C5V0-R;@h6GaGlaWKGAGyHk&RO?oLkCjtxAH2L4
z$!ns9wud#-3C1-d;ebYra$Cn_V=*GdQz25AFRa6Hw@(NNKrW!lwZ8u^NecLPKm)*Y
z6F>7R&~s74Od7*Jlz+_cQnowZvkgZV%a40cRk6gH`5aJ7jDn$aMP<Pc3hR_@QFf`%
z;JJg(-?*f@7^U1?AWeYor+bvBtmbf?6uIrK$wDOTfCAS_B(W*7gZYt+LhIdY%HF}3
zXx4Qli9bSk`5N;Po(MXxkubV1sVH<D;^F=jx#0P!brc^md~R%f;zxgOHtROk6)rA!
z*Wo`<@?vUOT_^Hp_lS@W_r@H5WBp6gLai!lQA%&r2kRO8V`eXNw`bC}^52XKOP-~e
zDlF#VphHL8&hioFJ%+>L<#wfWD!!ed&GUy2vyx8L2R>AEg=W@P5f$aS4raR#?tU*x
zEed``<E&TvoBOm|2;yZiiG#`5s(h`a&JXe6dXcGN#mgEY)i`vEATei(?FY6kskxuY
zw}5(~b_LWR;e-J^U8|6l4PBispDECemT7LK3&q}o<YnbnwEuopR$O+C+0_^=i5=_)
z#?VcU>ge4{o8a+#fQP-8+43h+8FGb$NNz*O-Ski(*Nz?)FYT+bD?&`~MnP=?TZh4k
z)Wlj&!Olc6zTm~Rc#3pre7it=6G%#Ed?b<WxNy0Z@$;9#!d_pEZjiozg86kKUf|?q
zkQ%_X2`T}b4Y_HS4ju?rFgFgz%I=MDJki=i$}mHNi@cU_d7SaoVLJ=il#Bd!!dJU0
zgof_tP(p*+0-+NvPB<R3&C5CEm^T$y!Gmnho~?v;Vrl<d<{I~6s%Q0LhM6}KhFkzJ
zTf(P=B@2zJ(?`?g0X-447<(joboc!*8?gphWzZA7ofQF{!V*mtEFdywugZAlQ<N4H
zqpRBt`&a*gav!Ad?Ir`~!SCMFw~dmU{~$MqE<>k-*M(ss+S_B87HL7uzv)z!I$qLL
z+3~NR`T(RPG$0O@O6Bf)Xx10{*>>ta26QlI&Sq%r2?#pZ%LJ_BvmTe5f>SLONK?tL
zqokrm{c%O8V@T>Z(Jcgq%r))mtnt*Q8F6WpWtL-imh7ucUFyO!56p!L(lV*~CjfxM
zgKPRq5=FJSI^TnkJZpT{2j_JK_yxURQ)=^$5<|5^o*8;(GcS}NWFdw)!Ly06x%s!e
z5jH3hi%#+z7+{Cr3=sO^oEs$QVUoE|oZn@?UHPsy*GC-ECRJul{YaW{s9&UWfuLSI
zzTN<MI32aUX?ChJ_w9e-8!hdXO={Vxr)9Bi3&QnJlOi7X1itSj&Tf}RFvi47IslBm
zIJ45R&s{^;XeQWJ+)*E*sC$7Z_0<p#X>wKp%XUx*yYIuntG$62gW{PVvXn)9c6bG{
z+)_9&4V3qlH*ItdXb8NfIZ(IP!Y(&q*5a$Yg8oU1;d<IsVa2q8nvD__B&Jh2MA>Z}
zcAh~a?_`Fk6vP0CA)29Yg&D+ADwQ|t#%0d&F~bHa-#tV^XpEPTq0amgE>Gv#3=E@l
z^bDi%(2rph&Zb*dpIQ4?Qc6{15-b<KJfaVKHEy5X7KiON!sXffm}}0Z<y>S<4aub1
z%cWW|B(XCZm*^|+MKo#72MzLanNX1PQrjm+Lilb32ZW?IWoSb*+yF%;b$u<NQO2Nu
zcr?(+HWPncy|0>pf}EZ2-+B_0>l6ICcaa%tlNi)u!iUS3UeRq7h8k%{wl!7(d{uHd
z*g(VKZmBd-l2J`~>Wz8sjdDM45Q2bb3Od5IG9?H29)H??zlk3VCO7Tv1CmpmHr9T+
znir&BQ`bUr`pMy%i#66=5J`4JNx69FJeYIH(0yH0zS){7U(RG=AIJ%`@RXf*GR!Nt
z&4k1MXr1Mg2gQUcQOOqFw^w$BP%n^~mUoGdryoMSO2Tp?<EbCOKXVFhTJJZRG8z_R
z`fY_SQgRV5GgZy$x_v(~)igP8=b4Px$cu+*DPbYjxoOXVHKYiGRiV9nZBrjOxo03_
z9sB-dSw$gn)KRt*1o@eeq1((mYzFRu%upsGN|t{ljpgRscI~G3i8%lqWQ|-Lv3<u-
z!3W}&ID!MiF~HnrXaE3bU%k1e&j4dV$Yu(XPf#(yoI`CPt@p!q-!C$F+M<_j@RD<(
zUy6WYI$drQ{*^-GjyjY#cmHm1#tZin)(C(U6-iK>8Nma!&X*G4PGC=X%O;7)9ofFt
zQnqj66MQVo?kkx;eSi#OeR!3B03f5=W?=nl#jAh3d89+wrq@I*ZL$S1eVJjFp~Q;4
z&$g+nR~%A&#lH{PXc@!+%;<Y**XF$UCtU=8NtlMgZ{sb3ISIAuH2M<xQv;Z^3mVv`
zmIwP4IBa`-Xp1#JZoF{vf%-+5J)m(tJFWcUxsg)(?wbbD&6HTH*0l2PdJnLZtP7+`
z=h57^4gU?w{{>c6FU@k)W3%5E{N$9lVdpI9>1~!m%NHy!TdM1C$u8ml9_kp{5Y=E2
zOa3<)4(511&j8a8?QgbA4N0OmVS87!!T60(BJHgDd{j3JqufaHv-sUWy2q+c%aky0
z;|05n`1^Au)s`uwwn&(ozK>Zs9&zBhNZ&?DUo@{)vHRj~O3#qZ<EQcbSL!%?d$y~{
zwECKTJKxR8KOc7+<mifBIoo$GtaK<_AUj}(aK1QlJIY=>N?n;OYEe{%^O>klM7Q_|
z(V$<1s54%z65<GbUY+U+E6jM?7k+50NsZF0wxO{%S*BY}EMeKQU?Q%NdMke~d)MN~
z6)TQb>}3#B;944x#~hU@KU6cI4r|s{M-zv=X#T8_e#+L4g-hf*J+H0xl>$Z}O(rb>
z4l775su3FUhi}yo0Fbbenp2Ic$^K|-^$sun-<JQ7KcYhT`1wu5S4_-bU3CiU5P8S4
z@hiKkkt4iGiP{)ImlC1_B3U)n-H^QCQfa<cGd4LeA(E1r9CT=dV()1S93qb_Kot+W
z(9vvE?N0@$0P+N)wi2;@Chxvvl%DzbKU&SEgWk!5o+zF(Dur`g5-tfgu+cClO9<B0
zfLNHnqFipfR>x>N1LY@xl{>UqI^s^&1myy2xxfx)KIXbm=FyxCI8YwT0)1=fx#RGa
zMp5#FP?2l~s$`^xh5WY)n;AU|tC7U7e2jU0`_TC(D19S_xgpDWgZr(a2Bfr9Ix8x(
z03r3oDjcO19%j^M+2R4u<6g-1(U;F*Mh%w&ju|;WdHMIor5Is7oUh?4z`&H}_m$z_
zYfgU0H*JGZYqSsfT9rNQ6je;ktq#LqqUAVJ_o&UZkvC5!H@)arv^vBht5=5ejM@&&
z^v9f%_nH*fvssaVVAQXf__BPq^#@tmU&4ie!(F0XIl0?Q-E@gWFqQgG<(gP=-)X>y
zh34>>xT+tGO8`v`SOW<)7#~MqN^Lyy1>Mgqj?t3(QT)%V_OlOEZXb<8cJ-<XY_l>q
zu+T$5v*5A<c`}_gr66-7Tkde>W^6Ujofi1ck{;;=FbBDlHN?#oUs}>+DrTo6hGU$R
zTj0LnQ{}MzZEp;s&DLAgt;{xOK}E*>BLx5yq#rCVB5!F*XZ&I`bCC`;fft4-G~1NF
zUME4~_SS)(&6jn3l&0{yfe0S6twP+97NMJX%kju&^P||yiIf(Bin&KK){Hch72Khp
zTqM>+*y}1&&+iv`@61d6D(?M8GIRZfzt`WKz&nRiTb(Tw8wGp;SeEW*zp;^eys5Z3
za=Bj;gjW;E^kj`G<VeIFqvt97ERElGI6WQ-H~MO1U0XjKMy5vFmNpG)1G~?c!G*df
z=7=d$@|ZDZ!9b2h_C^zKaNYB03s8p*O*kuadmuDE7;dc`$OX>dAt!f;iKf>ma|Miw
zW0{yG9gHj9+iUaAkw<aA=+5Cb-vE@*eo4R27D{m%(zP<w<{o*M)8F_I1x|pvO8ETF
z0PwbLMX?#%<9z@4o8$`l;qm4QciS7^LJc3Hp^zDRvMepg9?z$7=HrXos+MG9fh08S
zj)@5<-xtozr%V}a-Sr?PLxB`-qSq0H2vmPWcV?Co_8E+J0F-#tR^M6Ctk2kuH(y7+
zWi0U3=!n{TSdEo*2UHbEhaF;wqOq~6y+cGFMuc(i&z>=4qMNAOiB1KxaZco_?i9l}
zdqhnvy~g_%$?q(yH}$U+_%f|ZH^u{A!F-)}LAb_@jfKVvv&YgJlJ5`4!E6RYMC*S8
z0m@wh|2*i!KP&;69HjlUaV00mn}6=xPs$>{vpHsl(x@{<<vVEW@-wq5f^v<%?})59
zlbIS1<8OZl7gzO_KR$#yq%$?Ei96g(Un}GHSj0$r9Q-9Mo%IM(&6x#A(AEfpMcmAz
z08Udrkz?8`3l6FHO7W;bXNT}6?RPnL6PEl&<K2maC(=JK#~{?Ouyb&P`QNoeV?2n7
z+qkZB;t(CPWb=3=t|b7W<UNSQKXBPtl*JEdx#V6RVksIYS;xBXOD!dvRyGVlq8tr=
zOpoz7XhIDNO=fYAW|+nEUbOn1RRKk?TC=q*Zo7R@?mr!=mPJ*n{?1Og6IxghwP;C!
z;`vW!_Sl8{Ar<%<us$Fs0es^>ywAdvTUhGkTBhet+4|zPh;lG}=^wz@;-77o;M$27
zwSw0Jo_MUnrW21Dzk`9-MU!ifwd7r<+TXRh)UxrFO`rbdyD6x2$61y{byB9y;Oy_4
zQo@(*N~}(H@9y27;E>0D<Od<yqTESY&s?Gpjh7)^0Ccv3W8g^ti&U~(&WLk1l$pgz
z*7E1ql60f{Clo>a(cM%{y6$PoFtg7p^#Xzg4j1U)_J(wd(MOl5mB?-FTwobd5R(+E
ztW7Tm^E}YVHyu5Fu9_6?P7|~JjZMO$lVOSeaMC&}XAw7&p<-xAI&+~zi<@b)&9A$f
z);$k5kF+$Dn%@inccWD%?!vQYV-1{j`Q)A_#dWiPKKG}fQ@rQCx3)Z_2j?IDt{O2>
zKoIp1XdhnD|1d$c%F7wd)K8Jp=EcyDOA6XK8Zs=$LQN=^0%YtG%ws8#(J0$@p?&*?
zklW37PN|~Q795g`&YFamR9L!U*?f1VW2?c{v0QnWwJh;GwL|C`!Yh_*%5rOEv}7+i
zyd&K%?C$wsQIzD=BRk3Aa>|R{#@Xa9QzdB~=sU8O;yRFDGCi^RZQh}XIWlEttYxC2
zbYlrutRZoJvK_bX4W}nt929}k5VTy{fi0F76KZ@px6Z)8y5Yo5toN&_m~fqntFMCq
z#!wUX$Kxa&eMHlQo7p&xcj=>iLD&oF*h%|kzI)uvhzDVyj-UgSIbs5YO)lMI%$=P+
z>~>L13V~Z~_vs!^jip@}IW-ioCrzJNFmNEoaE@pq|JVy=Qt9p`+#>|;&)q);z0#YG
z6YIeIWusy>mjj(hf<iuD^jgh%6}Vb9Shr$6U3dqXytNn*m{ubxUry!P5m&yRzas;8
z<x8@wBcuN?r3ZJl!<v@l?4Fq{|J0Ikc5Mz$y#ir|VLS-{qsIu9_UEJv4L>Fxb%YOA
zc1gSNExc8q<kn1PIPyP6F`a<;83HMWmt5sj%QO3zWZa$iUW#g?R}82&zu}6EE>gi*
z>SF@N^PEy*rdYnrs&G2*_dyf=(eH7W$*jphzO}_UiDix7YCoS|3>`1{f+`fiEL=re
zyNmW;{L!c6KEO|b^}U^9f4EOKLdeE$Y^8}zn#e9XX&rfW3I6ChwS5g5!vOu5Egs4l
z{8)pPuN6W|(`dCOg5K5z#EScYe$9A;qsO4z%06RocVkle1GO)ozyEdio)ijJNfn3S
zr=zf4<kb2Hm*%t*^uMwBk=%^D^U$Qk{kVZ`V<Cj9oJK1Zp=A+<Wa+|CoA8&+ING%_
z^OcK%r$=&1C-&^tGfF>zIxAmtUAs_p`3E)KPzO+&jq!c!^8W<<z;ob*ieBEdi%Rv}
z<A`p*x$MPcjZw-5hC!UKX#40&oXfE-78++;cy|a2BvA3#Oh-B&H2{6hR({%|^7WYd
z52ddLsU>u?sbB-3SgZrW+dZC-p#1A4qzwDG$3A4kfK2vh)ryNPFQ)pHW#Fbrq6hc~
z|0ZQX^F!8$>&3mUvqy;^MQi+~PkxPmr@i!_iORtj;1b^b4|N*&D#Yj_Sqm-9)L2Oj
zFtq~o5y<@-QCVBdye@j=DV3hwX)YD}%MjpKV#tC0deK<mS=hp_31wqDuAaAK2^Sie
zKyq}x&_BMAv^s8)KclIj7@jVZ(x&#w)tp%?#5-R&VJf+n188{pppMZbq8dr*um%V!
zkdsr&pE$SxNPx2wlXdEU&&&UQGr%!f#0a$8<2Q@1|MxD*z2JK1_QzR=kc)nLe9p!q
zbr!4pL9TQ<7F}*24o!ch%a>}WIFqJhQFb}Pd%n7g;JXn$8N0%jqb;KHb?$<IfmnN6
zK>k6T#Nch@;e~oxPU+O68O<+%scUdIbt*3~uwni9hZwD;iP-M!@3W3cp{ragK(7LB
zHZVZcwDJmV@vDDopZ{L$f3Nyj0B~j2eRTu=n<IwVf%|!Q<wfz6|NivXV;Tk-*ZkwH
z2ydplXMnt01!tUofi*caWwrOaYOpt;|4|N*7k{l3ec}Nk<dFQsAkyu^N3Dau^hRwQ
z%udP$P`M>@SxCvd_J)JzJtIj&5S0s{AXo*A^2R5EX*l{6wGB}VGZ-8oAZ`b!F0|gZ
z`SE%89~qecxi|jv<g3L+<rb<z@jw4@zjc7&;)eduZC#%FQMaYNF!}8-r<`XnUi*9W
zz!s7>iNS9269>)lSUqdrknS;W=&wf2$F<$-c=_`QgdC)xl|9!Ik4dxGoj8|Phyti0
z|ND;red|9v7bCqLgY@g4{{5yOFI`a6mR9KopZ@n!{oiZ*KOgb`Jo##RafJLo&fYt$
zsV{2-wO~a=K|wmGfIuJ$(wm5gbm=`v?@elefPjF~kuFt`&}$%}1R}i`=^X(np+gA0
z+>@D~_xZj%GvCbIe|#Pfu+Ki{?6ub3YrX4zOHb6R|5`X*vB1E|95o8D6o2mZk9Ysa
zD;AQ#n?N$@nR5QkGXZuG3w%ob3iBbZe=_@j{QJMI_<8`-(FO}<{k>u9j;|ddduum&
zX!U1)f31xFvAqAul^0yVigzlt$o^vuF9d<<#bst1|K&OV?mz$Czf)1bGfb6^44M7)
z3>M75xVksqw*R$r|4-g9;7DkJzpBxT&y)D$xA%Z|Y~$I&{!bUxzZ&%224D<}lS2l1
ze>O$VH-V>e4YqsB{J*~GzZ&4rb)mb!e1w(FbJ+iy&r{T$NJb|+EZdOkf3<dM37!D*
zT|NA-*X+zhn9sK!HP!!WKGZLPZyfkejpfhl`P;a)N4kZ7MTh@vA?6U4N=N8D$v@A)
zNN{tv?)-@{|Jf+Zgm1I9C;8&SU(fJ2INETJ{2u_?pSSpbKVmf>;hVdj=ehiOC>Ek>
zKwAf3s<0<l>`?nN$NyloMV3o6c9pY}YEz1un!tzCkI#AeXV61}^&TF-;l1~tJsrW!
ze02ym#!=dT0GPy1AO9cw^ku*9%qwAbUqR#EpG*JQpic;~yUgAB?VpEYi~#Hgs#dP_
z=fZ#Rl&{i-2{BZ7ziyoCFBjrM23$~dkY)Mn|9?I7|6#Qkp{x3TxBv+IBU8fbF|E-c
z`QuKI1SdIBs^0VO$NC?)abg8N=2DNhYT=&~yCh-YZwKmsvT6Us2mPamdcjKAow2Un
zQ<wSc#Rv%#EYXuR*ZaSk&pKgmw8v7k^Jj??1NMs`cFy?vKPLU}N9=ohX-YQoaPp(l
zq|>~(W2X35x--VZ!Yt3qAxhm*+tM8)fRm8I>WQA|pD*zL+o?MfOR!w(vNoVk3w|2%
z&bIs{W8)WI!yyFp)L!}CIuI29?*F#{+Z%lPFQdbsU;AIb;Hz>;9}+3(z9zi^A7QPg
zN`uYDVV_|p48xeGUUPs};?_%FF#2jaZ6#QSyYpZ|ow{CgwCk8*1%Ccn`A?XD&vN57
z?Cw7u|6g7l$pZ3goJuE~%YEHRp7FnfJXYh0^x`AF@(FuEoIVFk?Z@dhDWu^7gmLZ9
zHl`xXugxx2B^7hYCHhAG)sTG0H;xbq+FyD8-`?c^^V4d6UoHUl)A-}A-A-5U<X%2_
zc2C<}kl$+s<ko0SKG_CtP8i0|XuUT?&A7#pYCKbVz%BHN+xTL3Ghu)KcWX>1>_@3@
z{QG6{KiAY-+4N2Ta4s>uzp!0DzHnc+7z;^#K9zFb<(XC3>m_VEpgyTGU3eIESvv4h
zynXHKm2nYrb%Q@<qf0PxT{jFh_&+vj;O>!<gqwoB?UFsGYgoibYuIM`YdFN`#2-yw
zLx^=s^r5YXib217CX9I9!YJRLjSvg%pY4^|1@Xq&g!cuAhdp@KaEdSXaRKP9BM8J}
z`VsV^)ehFWBjo@WeH8#8zor3H2$EL;dZATr8`Bk_9^OR|z2QVnzTYTmylri2H^iLw
z%s9{!ND)i|t?_FVTJL;U$kaa#Q9w1Gs07srUJR=mCb<A?4qBCR|GUiry)PF4RPH{t
z51Ky0*kU$b!=87hoDPoWd2IS|YP!vf9}ep8oCxd}W_eVKL-P~YsR-f`LBGH>gzX~=
zD5qBg$d*3NDieSc6u^GxOaM%tFG~Ub`1hS4ggo-*(HZkaqDWoa3iSg%?-O^_$xf%+
zlO#ZhvJu!PTW-+I90bw`Ia?%+Fw2mkfTM9WfzEv$fSPTD3vXDsB-%!q=W}G;Qn>^u
zyf~@C<sAvh+=+MoB($e4K)t^jTzBv=tnpe?dwwDEtFCbvZ^HwLUsKwbUCuY$FcW=_
zliCyG8u%}ah{85@ga0P7_*TWfh^I7}E*s#V^qEdsEb?)AsSa}<Ju+~S;}XFLujW3Z
z1Mo2IO5Sr<Z_{cai_BA8G)jyF3Au+b%}$9M-1*r<Q^4^GP<$Z<qa7{`Ke=m>iF;+k
z59k}+E`^LonQDp$=SL902sMO?nASTOkVTjR5E|<Qoe2~`+85Vt60N}JNU84}HDQD3
z?r2%f@ed_M5TW<Rt!n_n)BMal?vXeSiAB8$m%RTj8qnNbrT~yfE%HvMkX(QaIRt0w
z3F@2mlb=*N|8-6L`c$~X_1VtR(ryj0^OGg<Yx$qTs42-zG?dC}h`E_u0MgrPpytka
z9nUxAJg_nw`*|!!L`nSA*$v>Zs|28f{V70M)>PK!<XbqXX1mbQ4oH@7tQwqqw0%9B
z2Eb;G=0u5$dGyL$ey=~~0IE-p1a@7WSm;v92!V2BgMfglF6Mz*3?{6~+gkNj10gT9
zTs`j3p86jH+@CAu48FZ}2ZOcv`gi*~O+k}wmc5m^JgrrhX^IZG10Mrz3qkweR?MhH
zGMXBE+(dn0?I4BS8MKqe$rAH5|M6dIWZC_azD6WfCJfh@xY5Ph+EjB>Jgsgl&#s43
zCWx4uAmhUS?#G8O9%6t=6Ao$)<gALfj-?~$*ERHAhQ0{ky`vZr9`AwFKxu=mOQyaG
zichKk5hJbO`|pik)&K?}HCQW>+e|ucsv~cSC0i6o55FgzvO6IW@{uy<27vmC9UyTe
zhf4rVe-)6>5nfC%Zm27Uty|Y0nLOe=f(P*alC*BsyPWrQ#Ej`bUIX{Y+!s%Ms*?;>
z=ixo{nh&xMe~8#^2WU7Pdo9VLwl()HrVEw+^2>c;Hwdxw)N?mI%I+jo(6q*5L5k9u
z(x$4~bKXBOMI};Z;T-U7Ra0&=qUHX*Kz7o4j8EP3tzVawj3BFo8NOg#*i1V3p>Ww6
z@>l3DPe8ecG-Dzj;?WM<ubEK@X}<|n&Vl~E`OBbi@iTWfz@h_pukV*+<n~n%w)YiB
zs)heHFfLCMvGmfe+qo|=?vH<$Ub(cLVv2I9#Z2^a4j5Nd_j5%3IU(G?H1#_2@aP)P
z<d_m~%}LMd4>6je<rXiI35A`8ZYE>#_cJ<qLB|8|{NGZx2$=X`yVB$jUx07qJK|Dn
z7|oJ~j%C&sJ|l!nwy<x^ae{1<0BtJjVO98gui&cp@x+WPjcs|9uEn<ikWO_WaI1FK
zv`X_-XbS=Eyx~tO<`6f7s>2sPPg@HDR#2}fKvQwsk<xI=WyFQRC#~z$%{%3V>y8hD
z9Kbqa*nB$yN#DuiP0XeSknxnRs(jnC=>K31z;7!#d^@S#g!OVFy12ugwH^>Ok^YwE
zbwJeCU!}Ph*Xrvw0~-OzU7a?74nKkiDwzPBiQno1fk_Xb9n)Z1KiHn10>n%V_|n$u
z0ol#*+Owlo-y02lAR)V|g*aasKD!e-&A#jN)9&+O@2Kv_@0ExwB|G^Yd+14%0yRK|
zOFS#V6Uz($LU;p^%pqN;;x>8n4hf(>gT%^-1{Z+Sh8t~~pp)61zIwOqW=hl(ECm;X
z_rW)Uo1WCME{xq^5c8^>w=Zp`AV#+ZRh|PKfK$nWPLqU+;*kxIDNz_04ayK%7nnc%
z%$j=Lt~4Hy9O`p@<p*TVGBP)=n>r?i@k$r8Z6JEZHc*&T+c$NCDslm(z411J<?}tl
zo6f4)iX_{ZqamP8ujeRu`?C0Wbu)!-%&t18X*Sg{>8G&=*LIhHXQyt#xz*uP`icZn
zVLfFjqMk_4t@>+{Vu0IK7#EvE?V;ys8>*K9_q60XY8dn@b$X>fj&Htf5@cd_C9&yn
z=KO5QdpDCIKwxVMfa#CwllyecdPvS-fVVNL=lc_giWED{;-L5M?Z_)x3IR00tka%&
z3(*p(%h@cc&oY4O8q44sdwv8Vq(>JHmvjETqwC@%g5V!^)qywW#dhr4b;&7o9iVPo
zS1(UiLy~iW<WmW<!^0BTZCDl2dfXjG{=874*!#8i@0Gw87cYW`<<N|5+eY7i19b@5
z6RGEkVla<6a1%gXEg!9oFk^<Cke{I)p3L@!<dcEpWX{oAY^CDhVA(lw@CNqYY^=;c
zwDHw2`Mqj;i}o1?2AV`PzCQFfzMV&QFKxT2W*xFgNX%{P$GR(P+l@hz?}d{u0joti
zL}0gj%sefng^Awh3{HK9{s7*-)JTCPbbw}CJ|G|48dOzc&MzpF{i>9_ly<h8{gi(0
zdFYkRvdYKa$%}wdg=WT|dI3yNS%-b$0Gzl$9(_>oSag15e6{csi_ghC!@#EFIHApf
z8M{Voy#Gaxt6gEf@Prv4cXaCLAm--OZsxR|c4#D#+X-96#bbb<koL%cxj-`J>k|L~
zC7RI8G}ubaE!RJgO|c1p>E&{2V5s$8?>&S=Q8*P3{JYP3r5k@rBp(gBkL$P8Ow%kd
zXOiREEp8}a$z)&+h0b!M3Te2hq;jfW8lZGoLvi?48q7yB<{o9&?$}Yb^GSM|=x8`(
z`{g9?`h~DSb@^+!JEV<fPJJaGXaQzvn#WjmB8kXZ<llJXl4iayn5`b=8=SJYr}_^H
zo2>>QKU3Dip~(P<ipjI6y}a`X+(V-=l<F4K>i#ed1K5%V-nkP$a{%!<#beJ7{3(^;
zj_3)TLypebD|$dWyaE5zE(B&aN&RR;A9)V62z|<r^oCCY9GTCW{2R+H2XsOMo|lQK
zDf~G9C3~Ryzm7fs;#dMO#G#*_rJAI9E-CEQjjZ0I-jaqCE76Y@z0f+B9QZ}j{Mi2*
zsUq4iIo;lJMAmtyp-;V}s6(ije?v{xmOwk_ydJ-6p&}%dE<?p<qcum88sNSEx{b{K
zH~VtjTy?3&8cFySeKmAiuZ5g|#s*lCyw$uL9rw;O{k-Id4r;x)T#El2uxWp~e`lGG
zg8Ni~iR2Ny`@OwV;=*E5YgIA$XJcWhdvtS~49`+!y|I|=Jm-YdMbtt^NY>26yd=P1
zrge&&gTIXhsO_)DH)w!;9yw}tG&ZnY4EYSOl!5BE;SB%=f@beH$)@C15dIDE0?0&c
zr|nUF-ZzHf4Gx3D;0eI*Hcs5uT57!Xs6GVX@Gwuc9IGNIuWQ+w1W~F7i2FF*9Ns8N
zzy=uB`x$*r@4B`k_luLbK+TBhUWhxy;lZBqT}Ob*c$VjUTch=12#BoCQ^K%hv=Wfe
zyGEfUfnLeW@2}MA|L*O$JdhnxGZ)O^H(^?^4&Bx)DH8-_x87l+j(+&P4GEA3eFdbN
zN`09qI7;n4$2M9Q*ABw~X`oq!dth%+sm^D0nF6R$)t48-IbaxpDzWnJqt_o#PvR>g
zsrK14L~8H!ou2Ju+~h!|A8StcCZ+&|Cc6H9O#)A7$#5mW+Zg2WQ+${FqIEhSyy5ma
zLmX-8hvh4Y08yf?+p^QnBdtUrcKMX(yn(%u{L%5<=g#f4bxejxDShye;w4zv{a51+
zl}#@hKqXg?aB1fvyCDlTfXrYPh)NicFM|ry9WEvXd8`2q6olRr;^POJT8-bsx4QT4
zW3l;luw&$MzEvmuOv~+bkspIaAEXr5zt5$_1`55C8tlnd*VO0T4bmnvMMEz-3KTD!
zgOEngVx2~bDJ3zfz}cf}iO!zg(DV!L3UOw6h00Sobf^n>SfOx7r`if+LWp^U{TK24
zxL)c&xYdF2Y_vC@;;!%#_n~`~OIx(-sCz~-p^K)Tn`6mjFN~|_QIBbX3H|#vrXFG|
zxfVal(rQ5XZ}e-nZ7h)q6GHZF@SjA+|8eR~iMe3cp+tqQOWGbA3>>~AmzZsP7Nd)7
zT_Ne_@42Oaf%=MlTgSJQcbxshJ7Z<TM<E6$4+}^Zp?AY@E4S0M{dw*E-J=SI8x{cV
z)J-kjATV}2xN5birkVhUlPvj0y7k(>;cFeG337SgG+rO*4+jJE;NQG0Ot%`|oND{L
z#u?SqsJx$kq1;~C9-ir5D-s^DL3Ap`d(l2^G2nh2u%S?T6A1U?U9-CU^@_D-h2=dU
z(U$Ii-I<j*@vLDC>rd$)z)x%hSQ0C~2<bm0FD~D(4ajoVN$CQ4#6X8o0muO*D3Ppv
zCbA)oGKu+Yk!;RgLT}VO@t$^D(@S;@vi1Su?|!^5I!UdQ39w!rGn?H0nNN*pkXnzd
z1uY>E*YHkDfSY~lJ8XZys`<3*RzqL;+JWtbY1yZWHc9{|_q+Omew@Zfx*0%??Uux-
z3cv6o!$TE0kGMSoOLqi$F+gkq>_IKx0~(ynT5rlvMvV-6Iz#{^O4*h9D<81Wz|ObU
zk>%yljz*TH77v0dm9TE0OdTEY1qE~^&v!g&rlFiREo%v3`!;|^XmFQu%TxipnT2AI
zJBjY~8agcYpPFEMT|B)_LnLt=2&jkVtR)@QjN|Ep%aDYm#rkJ^&mb1$_6sGwX9fBi
zZXFF@SmPdiZiK$}c&Ti#%@SJy7Q2?uIdK$nWC-nFF~inAd1_m%U0d#9%rwx^A_S*&
z2;3b^td5q>>=B-(%>)%BE?znMGGG3v_a)2Hl~X0!mEZ+MYiZ`Q@<)pwdEf47dw_T4
zJNF*qN_+s?A8Z|ffe~H{IiDXl$5%K?r)p3Z1hWq+ez2zW`CC!3PyI&M$!>_rcxZ35
zQj(pqIzMhcQ2|?rhN-6%<x3@tW`Dk{`?tDK8(AfAW+y}29#D!Rg8Z(80DcoWI-~9S
zi}~Uv^G*Gr3mCS;?sZC)YQ@Zs^6!Xn!$oR9>9X9xwhdRH0+(6$xW37*hY1#$iplQ+
zXp$v$T4<(osqZJyG;rLEQy+gw;Jm8$Bz5`>xE>g>y_Bu;;$#A=Q^ncBth1uGou$9e
zMWOAGw))09)>pMCRsP=~wJb&?c04!mTS=17=97AtNaxq=+hYRXLXp=+JWIK{sMAlO
zkA&+lrxhlSdl#6ywtSF!HJk+;MW(ohjP)lInvQ~H13WX|F-;LD*A%zWt0XpAabiCu
z+>Nz3kLXfD0^GwGit8N@fWuD;_cOk+LVmLtme2D%XEt;qVQ;tUL!J)2Kd@mE4n&xm
zV={kQuJ%pOmlaNAo=Bx<Uau^A(uQ8>mbtOfg7C3dvaDM+^K}Bzq;38lO06eK93!?q
zp&O|gBNmR1V?n+$F}Vb{nW|mD?7oahC-j-|X#Sw(85oF3TY3oF`Q2{m4a&LW;AoGx
z{g`V--X74Ed45MjTX5Ux4baB_jbjsT((r=5W$r_b#m-05pOV*KDsZ4EBv@c7gW&6u
z?E|_w^7)c!b2~|=BCmd5p{G|k&`^w|3ONQb*x%=|m4=+jd+Q1-9GF=uv;jXj1fZq^
z8QBwnh$L(Gz@*khJzC^6=^>L?1I8V#^L34)4(KA;tc;aRon|-VlRbb8YOc)ye7=$?
zXsMnr<*^-R?+4tu9n&c1PIA)}dJr>2iEB$DJy+@3+tcO?MK`rRJ}h<@X<2CY>jI7x
z;<HTmwn3N1fYZy<PfrWEJ_&R7h0C58D}M4r_=?EO+cdZo1?@Fj0U{P4nU`L|GqvjD
zyIOjbH@H<nK<5V|f<-TQvirK%BL1{DJRx>+_dvRxnN(iJj+UE~YPTiy<7o=#nnV4l
zNq6RJmfncuAv<+k{G!QPkkc1ORdx=#yZmHs9lLu$`|I<snQ<o@>n3T|GsT~~(VjpY
zoC2_Iyjh(gB15R8y;h(3Y>maZcumjEiIc8pzK!9O;kKI@>Z#YAbuXQ`E<#TL70m9_
z)9J(?qnmzf_Oh?U_iEVAQf9PQdO~tE#37?=J-+d`sI14tA$um_xfY69Jlw`TAHBPK
z@||0%kx0c9=&e>96rC`o?cd$IHRn<I&El+L*sE;2Dvq0>$;%AAoDinjyDxq+ONw>r
zE%NaYL@>)NCc1AYdAIdYAw#F2dy^ikh1i!!ygkPIR7mNHI{96oq?jt_uCY!3lYQ~G
zXmD09Z-Ma>LOJ1u8`IWrPapeF4{(bkM~_)aA>#bt4h!e4RQiD>wc!r!&K@!1d5WX+
zv(0m|-AfNRRzmANoo@9S7uchub2K9@JwC1-d3z2D>Rtuk8AIgn&wWiewoh%pF*)!I
z(&B*(up&ydaJU|)<Z2CV_LE<U8dBCmyLZ|@$>*5>@b9hjJm7I{y-)*}SMT&xg7&E6
z>3+VBWxKR4kuC?&#&~+zl#Re7bx-K_mbXk=k^$tv+PoHoddI5wtxRP5L=V)LzhJ$g
z>q^;^trEj+_Y0+OpEFs!WU(vzbe=%lefG>yA(b`7`HLwfOX*na<9mLf8pEu+D<?l_
zh_yUSjD}fWu(2ZZ?kfFC1tjgNn71iv96#B&>^;4!E8b<+hw(XoZVU9^2rv+t5QLKE
zrmR_iFX<}<iQN6F{i!)*;b`#aNsYsueaqCXr^u@-Q*hl<?C>i$hYotMj!4MyW2NhI
zi!8J~!B=rRp$s<@2Mfv>TLtogY*PrX|MimBla>5UKp}>?lp}Us-zrFKG5HDV>4JV~
z_VyZ62s(@td-tXJWydwW$G3?S*Ya6Mjbhw3Q<6mJX<}ke5l#%HX0$mGc&EEQ!kD&b
zCsEJZ*>6Wc8ksnBPHb!Ax{6(?)b*OhC<bx|ia8*uW~pX1AseYp18&}+C%U6Y5Acr4
z06fZmcSxQYobVF_czDc4+-&WL{lM;b;X|96ntYhqF$&XW=-GZDm1R}5xZR-*ed{S+
zeKV-?)9VT01V*P#>lJd7>FEm+i$bmZpI;WH&8_zbp`-O2W`a^wmgNjiw|3nmXPA!E
z0e5Y|aLNBFuXZ?UrkamwN-S$cBlwi7?I!np{2Lr(C%-V}$QbutPek*b;P%A$!D8(T
zv+e3eWdF(i<Q^bPpckGJ7IAvD2QU((2VaKR-;Knnh7n;=%AcAaV(`h{c4j<eI@zuC
zTITQ~4cPhpl$jmzCKnW^Qpjm-C)3+W8aib2iR4}v=LlI#diTIi1`dF9kP#8P=PLu~
zmzNhdE%(*}9kTU)2wZd&1PkTguXv9i0Xn@d-pvX6z|S0W;`mFa>S2e7b-dIuJ+-6u
z6YryJ)i2)QjfsaC<7?iH@q?96$K6Y2IRP{9FfU|Lkg;`tIckd&;t57UQf#BAlnA2m
zYu{YY!_BV%NMpJ871y~rc%N{zb@6z`cKh?X8MkTpb%B^*l)gnW>AE+#@9II0COtVl
zzQCYH@_Q~ZjL|{Yx@>Td?mDLHr$Z~-JaazHT#`uE<{G^$3lai-z4KhoImSLC|A6PX
zzz%cRZQpO?NMmz6Hh1*kuE{WwGvNp_Z6<+6b+G4u6w*3$JR=1J%D+mA_$HYTMSpUe
zbd=T+PkI$HK=R-zV>kGiDK)eJ0NwyX$Ja*0TKbX0aX^o~U7Vmskx~f7?K!dTq|oNP
zZ?U@1sSKmvkMX|=q3D%=uC-x%gPg>y@YUkNXN%kX8yZUPr@vXnWi|lT_(>_cIZckX
zCTgpy7Y0D~#1&iFyQdDi`Z(>qsZ%Jwv&A(HrOqqlnyRTc9A)fn94|ud&Edj#lif!2
zoD>w6=u8vwmsgT0jU?dsFk7qvNONaTnJ*HBccS+RZ;du-5vi#tGopC(I`q2NXHOvA
zo-Jiu5pb{;5%AR!fRM{O4(&<+O?nP&@A;WZ@PY~e^rYL6*%9d2VdbC~6VV2U$e)sj
zM5Hh?GU~4;M73+)eh?>eBHJm|jLch_<Z5fuS&$e}dc$`#u&npWj0pksX0h}%k(rv`
z0`Lee5apC=Az#AY6_etAb>o%>ad5)KrXN7982?7=@vi`mCeC%b1jIYL%id53^#Pr)
z#cqOexJ*kZHhE-b&&bSA9%5t4<SVY1FqRyBYIh7AlqMnSc{Rxy(Aa98wWb@wxCh}&
z3yT^Oi-7toeZi)K_wNArA})Jxey{@XF$BmA5=FUZ79VTHmO26KMmb+STq*?gdMg)A
z4Y*ORMpQuo!w>y$QWPU>a*Od`i2c1+=^SJU0**#PJ<v1I&23`hPto@YWjml-@4?<|
zG-p$^R7PjUX}nmC?u{ZDp4SVDf&kM9^R^DIdH5MLE_Vqfh!J(qz27MF5vXZh;|MCq
zZLwbIk}C-epMCi1gAFc}G3uJ1_)Zfexi6=6%*nKguwlc;l9{u4;qC5Uw|W!3mNs*<
zQ_C!{u0Rg-8`p!zSxB=z@qobhs0>o{n~&cf-I`5yY@sr=P2sk_Z_@BdXw2!62WcH5
zZ6@CFo#Hjv<<tjk<SDPCTu!Zy8GB~LCQdYeZgPcC+E2WUZ1<>itiNoc{6fiSyQ@#*
z5g^HA;4I~^gu02z?zGf;kc75r9eqrKGYAF0ESxXP=^h8Fg?+EmCjh(CzD*^}xqe=6
z48I@zOjsq-vdFzK<NEFOmnloHM+-XcX7^8cnuR$6ZSJVGMumx;2v(wQqwjPasM7_o
zPvT<hHLeqF3D!%PhfyXnb70J`xJe>cjXgkh?u$caSbzu6LYZ+xj|di*CR%Wdh7UBQ
z`S|U3o$cS2RY}^D^z?7S1?E0I_vr}av@bziFikd+Fq_PlvL99ryn!#XH)zF&9uKbE
zpE-d#bPx}p1I%2VwNZZB?&Agk5ea$g6p-xVq;S~*nKg{H$W8x#(rP<f4A8tl6%^fH
zWEJ1p8hcP$_b?2v4v?FA3Ut9cHT;6qJF>iz-egY?_m<Z@xf5|iEkAPsaWEIcI;0cN
zM0)h0{L>?x-wp2Ec_1xH>7BfFIe>xX`w|#jf}!;Zr(rcVu%jX7mN_0sJ9|DzgW4h5
zTL<Eh;f%yJIyIH7N-n5z(c`kZ-vG{nhcd*~)%a2+E5Gk#Q9L?cK4}|zgG4XEev|V`
zPinMJ80hn4Gp1|ZuL~n0#Jh`cI40>_&qdxb*?8}WlQS(2OQZvp8ZiyDOomB*^_lst
zk$2fuHgfD@pSlT(<wuj{-WZ|EwplK}<|d&LIrj7ZqFb0_7rBY6^Qn;PAxm3VkAbrE
z=$O|f5$T8?pU>YA<=MgjG=dn1_IN68zGU#z3j(R$n>NSsK%EQ-sWnNOV2Z08-9r^_
zy6my751C*Mlff^^7HMar_?HCucMO?kdITvP@4rgVCwoWN&>}Q4i~eAEb#Cj#XjKZj
z{dZ_eHTB<A-8fP~WCmvY^BE`S6T+kd!g*!q42-+e*2}eT7@ySUp>sZ6**?Vu`@MOR
zaS!T$$AIYmOY%=DL_})$Ufqr4y7_pQ@lNoE7jKwiA}@S{2Th)z^c=~jdb%zG8meym
zx^=xv2w^94#nV)t^)CC=N5u)#J?`!i4bSbVU~tmmt!guia$L1of=$z|M0D1-v76lz
zQOGew8<6qT#p_wmRt(n2cb6<Hgj<wv0_WM#IRysDYDc3FQReQz(>>jhNA~@k2i!UW
zmY1JTytCTzvfSUH7>*O0L5i4+AHNGp;#!x~sdXCaD!_Ulb1KN@8RTY@^m~liL)TH|
zo0xMzW!`Cw%C8GZx$^sv!j``U#Vy(!->#l{d;WGTiMcJNuDM*i<&_+s683aiVf{O4
zC`>>XWv(?NZj;72;Ef$HtNr>z-=_w#gAo@1q*5M{7N5Kyy<$6UuyTeQ7e5heQ5Gpg
zxhNeC>qZ-ocSt&(d5_HG5!V;nNu(>?<R-1cWp#YdMa-oQccP75StZ~eA^Wu1*iW^G
z7e$j6M>qFZUF+i_JGxr;=R`j<xO^G9P{UQdmz_j+I%dx~Ktn30+tB5ITPSDc_eS;u
zl!H_!7>1R5mfBHJEG?f>OdLpgk54i(7wfv_XY{f%gZq$Jxz<k}s#{);U-0*qJ1}SY
zmIer&!1rCBZ2Fk8d`q0$GXeUb<^)J?$#z+TH`L5;kl>jk68iye3T>8#=zNzMjU$gY
zwprzPH=w_z<utdXOk;Z7oSwV(Q(wn=ysPAs(#&wW#JPzNKAaNptjw+I-18Rxx~LH;
z?2zZA<vZ<LXp4#dVU^aJJ&taUVs!szURBY1?c@8~BWDb!%hJzmp=1iZJW?1~psP)u
z-Wdn@R1w2soevVz9}c;}*ali`7_O6hcW!{b+w3R@%hvin;?`bXBnWVp%6A|~V-_Hh
zmWHet@$CLhUCwFEq4Vk_rnWUZ&X-UR;fvy1g%=Gy;cPp4Gjv*`P8R{lbsu$D?6){Z
zRW_^1j-zk2eO93Co(NO0biZS4Pj4cv$VH;W)Yto3@gur)tvhv}@nRD2+FOg0(wiIW
zL?@mMQ~q!kQUllC_lFDd*)@kG7q7oa*CZEMjq1G@%&IzT`g8NqhF;MZkJ^()L~AVE
zZLh61sX=8EzJ@*p>R$XYaLUUo#v0f=&vgTf$QR3HGUOIABcgvdt1uvzGeMogDYgL1
zHoUQ~e3&{vD&8d|({0qFl|4GUTf+aU`r4R|;jXTacbsZ5<y$T2wwiWK+}xYT`#+@_
z7HD_H^!MH3veBPc^ovqG3vH0a!1tJrkPAxZ)~3C21Ft(#$mNaH6qU^J+Cf{~y02-2
zw;L`<<tr({sxS;3RVM=nk65J0(ZsP^EOW}wAvohmC?`H4VB{bvZQB_T8ZOLO6&&fv
ztK)TE?rSTf0#;RZdHE2-W3^aH&6(_zdpJrx2Z`x$GBc|dnTptt8NrY8Q3lAoCp7Ob
zkr~tP6#D0#d7t=5?wm?-U@Cu|<ZT6mnanwb7o;V1nw6)u_8*pfXmTUwEPt!zP=5u7
zkw=s5vLam0C+s79&&Z1`rW(fUinLO3qpP#I?W)#h74`2!0tB5nW@AashHvq|i)C*7
zoTi5`OEBB$f*ao+iy37ie-XI$5)!)$R2E+HU2$w9vS6yI43yud=XTV*6%D1i4rD3q
z^m;`&0_ArpM+SVv^!Nnm>rNKHt&C&M4^1fBDpT>FOZsIwnq9J@t3bEMNM5&bsad{v
zIq#{4wJH8G1QOVxj(amc=aIQP)-AnUZw+&^;(`s!l41#JsTu)32eUzvuG`@g+!AJO
zcAw^|1vsmIe{mG0*(FWPL9nNKo2Zt31k&7KJ54bl<^4*JvbT%Iv<-4IVC~X9RMt6n
zZ!%NOkCyI4Mjn%f(&umTXA*Tc&?jTv3R>QW3;7KIPF{?u=6aBPBo%jYy5kJM!B38y
z_E@ciXppYc0-b1Wul$*6s%`?16{B0lKBl%-7rE<ow18UdT<>gSP!PZ!(CE4#H^iAV
z{K$l!TXK<?d!`N$T>2;v8V!yff8$a(WT3`6#7X`jaBUF`&pnHp+G=^u^9|Bw_h1Jd
ztWlQK9SNoTw3NLT$W_FV+&>0{{KiVh`IoLvwA_vc>bo90%87$B&ONHS1Z)wMI=I*y
zj_e>xELEE5LGJX}S<N{XIwRsUN|Px@z%YS|pFp~lb~TIpvn@;8EkHb}AVQ_Oh}-mK
zQ^|m$aPw1x<MEM~i)@JJ==Dk<N&k|sS!EO`e$1B|P1q)WE^cff2GdgMJ2u~EI$mjY
z9nu?aG*|*>u__AHITz)RtR;V|TzNFs?Y5S=;*^+wkY}>OCZ|s1UH&lg^Z7gy=+`b7
z661T34kjDjJ7@Wr4N0WZFtGc!bri6QqN)GnqeQwdCeDc#aMT#JDwJw8N9sLXE15Ma
z?62A`jcC}Fr^NKK#@*uJs(4pvIymTXtg6}wNdl)%O(2O-Fw5Um+Gv`xgR)-JZOyj1
zY;2Yz-0M02t@Hizt+r*V*&#MW<82xceJ4`=T&h2Pwra#IpyrI1S47C{^)jZR!Ei)@
zg7nz7#>7>z`1aASkby?KYzzf|9X_ALNHkBf>)7R2vwfg=*vZoZ)J}t8*Wqf<#O&~j
zY4(!=GmQoYhQp^K`$t_*XHx_X*Y6((i1Hge^m0s!^OTOa8J!C%{^)~w#z9+->z`eD
zq)9wK^Oc;QT2yp$@Ase<Jb>cXEK0h3QjW8B)UUKC7}JM(Z9cMbr%2okzqQ~i7jVts
zEB)Egf%NP;src=QLX4Jx$%tt~nVd<~Y6+*32eZieQ9+5lMxCyA$?N<FNw?`4ARbPx
zqc&ku4Nm6816Jp|YyR89X{ppr%PA3Jx6{Vom1-$&gSek5r@gJ6N!oK9b;e5>(IK_n
zerEh~Oqx4cPt28AuWnEwZmv7Ta>iZvOx?C}7g*&#_A>hH(E6*$GnJk5i7;bd=Z)pV
z-=(ee#AC!C(vP8@i(Mj@nwLIhte7*1v<Og>_T%0GiK&-+&)#`)bzW_0yh>wp2WXqQ
zgPid`*7)fn4g=DBA8nqBni$NrKKr<4>elDv!KZG0QdsFhq3yNZtlJFsgoD^sskNc2
ziBCLlke{n<09_Sa0CI}&kf*4*U2Nqha0vV~&pP(Pg_ffafk<5~BRv5nh-utb0%-QU
z&W7AWK}lCZ!v?D!JzZB(^9XGn`*kIS{SInLWhz8G(>4_pXyoWh+aA~gAWJun1`=NF
z8QOTowO{R)T(soQxgDJEc$wyr%zSUeOhrqvS}Fi$dsI+m)_Ew7(;+LXKWi|uqLp+}
zPaDuu<I8_dyISg)lJSPxfNW-azV(`DnqB$N*M>m1eT1#ry=kN+=w)wUa1D^>XsRn*
zYF-O?LyM4URR=)|P4^x?3BQ{I;*K@2%)?lqd3i;btR|)B1%&nnk<=Wzz?p9#y;SMI
z`&(TM%!2AT_NXSSc)q=*qW@Ksrm=4bCsK<b#l5o8C<JMeYt>n7e@wsBp}KTM)X7to
zCPz#t@VQ3ryeR;w3vTtH9&VKz32DKpxzb%@?*zye=vupjdt}54_nso%*RiTn#s<`$
z?U0q`(pO<rmU<x1vHQ`Q!mI9gL!1i~m#py8L&{ye8~Jshp7qjQS|i5+r@W4Lho-8+
zfeQRn&*KVx&d(^Axp);5YW2d5*@Yso$%!y|`h9HW@MsJ_-KLdK%JK8?9AlMR&UO&z
zpTql6mQ{oCF6(`VI>xug*4{FaMAzO5UkdKJthjbejZmRCTL~Jwwk2`QOaC}d$o|Nw
zHlV^(biK$~olAey8TR(HyepZs$piq@1ZXLp_EpIne+CNn5R-R@2d2{6Llc2wz0RVz
zjC;=)bDp(zu}RQ+4yeGLKKHOq529Q`^I=0HKrdur8)Sae6*JpNIrYfI=yPPZ79gl+
z66F9u5*C)g3`(oj6ei%Z`O5iJ&yB>59-r0ZbYuN_Wc9V3;prVS#Qo;FOk-ZpyL7$X
zVxol;Rca$_Q~L>7r{y_d-BD!RI;WebpgDcPj#EWXVKoGsD!F7sCp?#Kof)1oZE<!Q
zI*mCzGu_XscFj-APlFG)RVW${5sI>J&oz%%PT-zIoG$t;j2A8vwBK28&pby9x=h!Y
z8o(tkd(-ggJMKGlz$QLgI!)th=BoELtB30k_mu6YX#+*i7Eau%%f`PXeRSIMVw#%V
znBkvvknB5FOx)1sW%;GBWFsn_4L?@#4D5FbPt`U_Oy>*_`#$o+uraV1hs2mIA6aiA
z5ZX`Yq0>8un?Q0nQjj88d|-d&Opwv(%l$H{bC6CY5Mt+#we*9Wix;}BCBKignZ<Oa
zwE|6YwI>kydCGop+ZtW<unT5&Gu9cLw<I(*&=LHc*ipJ(+!Hwf^T#ms!xD?^%ettv
zKtTaReEP&Z+ut-K7ri)4j9MxoN;FL$n9skf_BjPR({a}-^@s`FoH-gs>ELgyk2r;i
zwk}r}xbh1FQiP2JdEZSZmxv@C7Oh(ZMyI;5203s>>21*w4w&Vw?><{`pWjQeK*EG>
zPnqWw2Hv6~OI$vyY}>tMcSO|u(@8f<8?fZSjS*W~sb0kuV~=p<vGY9?rg_=5H}m*m
z7^R1*K_4PayU^RxP>X`R4Xxhdx$3-0szgo3$LXG3G=H+3xrhfdY|a_zYY0r^{Eqsy
zC1HJ)MN6?xz1CDA78TJXxF7%zG<H#=U2$BQgzE}yFa2#hwb+@A0+(B(%D`%`=aWt@
zi=P}BaVl*SX@l!$;2Hs!+!Xw>HE%6sc;{2%hN_OfC0wibs_RWetfp^4c9Zy~%uCxy
z{hWDM*o|*|pfY)r*w)^woI8xB^xVMKWKP6uWmq60xzNO)^voPveQ%E)vrnW=p*0Yz
ztDn`Uq!4Q3!y{tC4x2A_7G>z1P%_Y<XlXdgg0pD4S44%A*pI!ifROe|wPp+{O$@lp
zHY(Mo>f6A|)K&9W1(X!<h+Ty5u(R7qVcqwqDbGx+M8v-4+8uGfhTexNmOCH^p=}*p
z5y57%(zNAD(@d(?91QCyWXDyE?z3LI+c+--&1l~5i4I+^#=@>6*}OJ2Fb77-z!KFe
z30Kl}1VDA02`Ht3Aej*a4dMZ0TI9YsFKqjJwF&>A0zNX=t1RAFkQG*;ZdPrU1uq*H
zR9vFQv&AYKgk-@>*0D~OUf!DQV~tWL{#S??`(FMk;h65qj;Py+B3)_u@_Cp2av=Ik
zYXw_Q#mPzuzm9^V-GJfwV%<JRCxe)M$I6uVo>giKX;GqH0!E>tu-pJzvmmD@w+TK!
zDN#@E+<<}ie=K)q;qw_1G+PA|2R1iPJRqmAQ4*yGnoxX792(?r25qwe*Q8DDDq6yj
zhd()D$A%DHYJB33UM5G~1{Gdoc?WfN-ukKR-J!YT7AeN9$Y4a%w@ePD&?LipYc6YO
zo7$_@%g4zBM~Mrir9AANx4(`^7ogc^s!&RnvBmu*Pq90rGnD(exQzsr2j&Cy^XzFy
z+aD`8ovxT##|qLgUhutrx9uth=efK#-<S|5BD|cc-|M_s%Gli$aoNOw=RR)nT`wn6
zO=s+ao4RwD;HY<)>T=>w?_<-wGK|Xa(uR%Z)5<{ZEmL-n@FAWmQN*E_4Ga*rg$g1f
zYGt!2$te}`ZR2YD*g%-9Bp4&5KOB!dKz2c_UKLYQfc5DC{rK1nk1-sCg)0vYpe6$r
zh7lQiE|iGv=(6qnHPaV8Y6$)B@Y2^6J{@l`>LVGJBi!{Gvub*AEkNG>iy66(wO4Zl
zleRnO(5CHc;sxDe%Uf#mlwzEiqB1yK4BI$bEuwSp+0N-p2xk{AU=FJEsKN~T)BQ_B
z=W0knp;*E8yUnSl4vWs`V7lmGN>C{0!ggj3CR=aKO$WIaV8m3s=0BUKZ4Ro7TQ{A2
zleV*N1f9?d9}?C7ilXodA2?(uZ=@W4wqSD@!x_@?y+lmByDrl^GEU)Cc0Odf|LGa(
zC^fOA)F$peL(8xW$rGVCSe0{FUsdni@)0A>@HxF^lNL;VUO2I`{L5z|+;b3TSR=cg
z)w-pdxVIJdC@WSI8lyi^UQAUmJ`mV}=xXX7sV`nVT3!bl13+jNw(ujxpT~Z?T6;?z
z&4~H>CF9kdNs|S(nnmo1^?J$;a*&lCpUSlS<H)7lGRj1BQ=XoXS?!^>&Tu^JpbY=I
zV~W0qI(~TD!sb+EI)82Qtu+W)uqJ9+GwnO>GFbGPy+%ZxinO~<%_K~3byuu&2eE6*
z28KK!0v683%U@f<@tnIB(DQsucgPcP!cHKz)}(_Rj?$d=$y0woNFC)<nbBW$Db_Rr
zK$jlgb||OfxarKS{hlYJzU$BA#Jgu&)ST_}k7Ebdy!nnlA+6%4LcU|!B0Fqc`tTyW
zxWOE^3^Ug>wZ-+H;yl<RtzvD#=fpYu-N+o6#~vsT)j&-nD*V;uI|+y+%oOY0*8$HG
zkTd@Bb;Q`juPbk=<!AQ%2!3NMDIh*bKCvRY=+pzwhdZK6a_m1U-e~WX-~7ROE+47=
z07SmIXvn=}RoIY|rcKSqWznmTw|HiS@6<>v{TBQ~S^AdMLX`?VIIXS4C3vmSW@URY
z6Mi~e_fS=bq6HkwKU{l#x1Ft1^`~j!%#=c8?nZR(DULkns!8{Ay3!Oap5o8<ef$)!
zsV#gNO=1w)^3Mu3r?mTwc+R+dMQ3azCUz}<I2g{yA1wgTX=G$jN>ul?-IF%0*vSIx
zgNh7}avwY2?M0I`O;P{o@4O=?*J*Zxn_0fxnfJ}Cz1{N<+1LzQOq^7Pg26T2egEC+
zU$T>+fpn9-W`$Jv3bvc{rKy3gS{eA^&J@rN%~!g!e6>+mJ4xq(czTWpr8eS9;>tC?
zgUos(9$S=zoDX?AP*>v)dnihrpLDg>M7fq3Nq&td%eXZNj*iQ>vqiYFceb{okldx;
zfJ}p*E203c>S!zqU0oa*=Qw`J8a&HsuTX2}XS$FAMV0E8-sY<;64NrNw&W7phzVc7
zj!|S8POQCFT6jWTxgjqB7Z~p}j@9itd6yG@kwhog1}kS6D~@Z69?{&sU$pF-p<&Qh
zCC8sNHX;%Dn2YxSe#Y#ZfAzQ)dr{st8p?=I^27`IbwQ@kYDE_>ffbU~pE0F2*#znB
znJqM83#Hb@u-ap`Unsj^3x53UtmoK5y*9Y>ZOr>G5nq-{ca)7YMr}{$Th)g}?Q9lS
zDeIJ}4tzKpderNL;q2k3PaV^U(#<p$)gqx?L(xv(ruu`zifG-pn>r%JG5S%JijHWY
z{)t$;arn4FmF_VMuX0+)av_l6d_5}ToXaiq`0$+Ts}@zvXA9nDbS$pb2RcECh-JjZ
zDKn@e#a&*ShHX}qXo{Q;&n)$(uzq?DN1oWUEPY>{&RcWW33;Ks{aCA@wV*o~4#KdL
zd+CfZr{ee4@_BG|Wuqu*&BqVK&Pb#4JG@&}hrl$pM^1QByf9um-+u?XyMPr7=}@vu
zW_=s`bhoclcjv87`FqRHjEI{w;*5Q4MDpd|eGNRlx92aPLB}Y6i1U0+m+k#dW{e%H
z7e9YPgzXNwu*O{1a{IAXAFSMVK(wkO_O|N;&OnIoSLg3mmKfC4)zc8$SnXb7_TrYu
zG4W08W_va{@3B;ma2MY4zAav7xfvy(`jB|Y0K2TzOEeA_uPuo@^f)$GULP1#tMdxZ
zW=r2)8c?spB0@zs*$g~ykI02}ksF*96u=-a(nXfCwbR(hO*}6Cu9SCQR4|sRi?ER8
z3G*4f<~n?ptkPqk^Y%Kqc`Z6J^8MDYdi6>Cm*%9FNbXHKXpIhorbz8p8M<7)RozPn
zTg^~>m-uu4Aj5i<*nN{cPEIhsFj`TFZI1+hZGubr6aOkDdwf_{4%f<~adXF^kr4TL
zzc|;$&yTO>4h2>8?kJ1Is?O1d)tk~28|y%x<d~bxEDbHr85za~hAW8rj2PG1xSlC{
z=B6mzGR4b8h-b}QpMQN6QxS5IfMre(hxRu1FzDnlbesq(ZmXx+n5DIKLsqouno$rA
zcGa(G&(x1|Qr5C^7UH3;od{KNjVjx;6;pgWdb-KMW6WylVu0!qS?5Y}^3AjUcx0-7
ztYm9uLc))qL8Uk&K3zp-9E++8tiNhXE6;AF*p)U<kKK(BKEj-Ir^13dj3>|^3fIPm
zK^p6pjpaROs0Vo`Ekgp9Nn*55aZ7^ui+Csfd6$CYI<BDG(<h}i>-k%*oaNTV5yq?4
zkO$@pBswOEl!GE&Kr=(aHOq4JUYYh`-kOxz663R-#pB!|-t|r~ub&>73q|pWkA-!$
z&Pv(1tfDIKnw8CCCuMEVBR=xJoT9|m9CuimCsB&@ntoid`J<8Qt|X6XX_v`h)c9Bn
z`mTvbLxJRlOSq&LiHx`z`-mL&uau@|%XJskkKsMu#TmA_7kEymKoW5HMbvRXhIv>S
zX&~C78=%0~Cdpr!_gNO>!Zm4C0nKLfu%ZqAb$ZzmWqVg}y64<Ogr~{zuYrcq+BZ>*
zs=Z-(`8#U01LB^0{fKY!#w0DT88#^rr`NR;GWN5j9Lu}szVGk30)kb(-{)4Qa)%@_
zrg)@;-17K2{`Sm)jv!A&ym}NMN3=2~&yb(xgOxVhTLVhAQ!_f4lI=&PcHtEO07?v@
z?I$0G*Vf1TDva|x_u3z4Ek#*+bs#Of*yzMR`<~&7H88ugTJ{R*7DtXZm^+(dWoJLm
zN7yo#3?jKzb)*`U7Q$S>m#%Z$dzQlayEmS+4Tkxqfbc&o@?2dw$)m@-Q%>+t*_6N7
zcEX8!uU#q>KC1WM%?c9#rb|ucC40*PyJBPw4?zVCsQ6cj6>tdw;<4Moajv)w=a_gB
z5iAN*azrWb{WQbkgT~?LmABZ@D}6h?@Z?-}jNON_T+f|qt3Jr~uK7#x5MAUh<ouqJ
z$Zua|7cx?s5*%%8T$6cSPjLR;^VI74vUu8?ONAOq?0QOfOpaX1SZNraosmg(3<RJE
zATE1`09AC?6}MX|av#ktO;kY@!Np?lEVXsB{N$U9V^MpnuSYS?DqpSm<qR-GtZP>l
z9ZlF#Bt`KzxOp9l4)(I=6<ts>D?E65w+<z+f*QqCQ`T^zpZr2re9oRxdq=VNCW;U+
z<eP^Yqr}Ys9@(e1cBZB<iHY@D3FxRo9$BB}d-e#Vx!or2d9Ax%tBb)iqC{9$R<60{
z^%LmtAoWXpHzpr9MZ1@@J&xp=9e<RW-)u*wWtB$cxI<*Qc;$WLna29J6H-!GWHzfr
zDvEz5DSGpGz7bb<p<)*etkvS)u148c0xqxda?V+%rqpLA<st<{Nz>lvztB4X08OOV
z3KGe-J^h+Bl;boy;VrF-viYO6$J}a(Xw&S|;Lp116!y76@)PE%uho$cdEo4*VpM}p
zjnxdzW}Ne__#7b4vz)eK;4R`eo-y~SQ6F)Tx#^58gyE)gaYwytpw6LiySp)a;_&La
zv3v9Pp+mcTho{if*BOe4{cKpWCr#`Jr}3^8vANaHi~~8PA73opiHw)1+3bZ!ck}!d
zts%K;eJj1~geP;uiMj0OX?bF5>?u#x{u69k&3(;F;cCu_3aTmM5z7Ie_&tmAG$V80
zYts(x!;|cG+M8W!wf1|1*lRl8JyZ`#uXpt9>AQg7uXRSj>gp(3Muh3?OU#{``L~mr
z2b=;$l`MRYF14iYmn*F=*80iN{t^{CLHro-Ul@p$BR9&OHZv-WXHN}i(#|y<C|F1y
zi03<c(l`DBOpM0P&)MV^%d!vdHb~xxsf8BbA=}U4?ApCs2DTO|GMWvJ+w)@Ywa>+7
z1*XZgV764e>y)f+b+-tW@3y9IQm*W?h^WxT1b(z=$+Pg1y>w??QxDg#oKGreVTzRz
zm}{j`m&VJT&z6}li35=H+O_iX=SbCv!!ov_mKn4_3+9FDId1sL-+g)un@aS%x28&+
z=Cl2{BJ>;-x0Jn$#s=4N`267lXv|tQHI>E5O#n#!qP7VvK`1S{@C~T&=uK$cSMl&6
z4Hlsa2eQXwco}2Evr)OutnKGK`XeS{q5a$77?&bcDb1?6hs;Jdk@I+(x6S068V*|;
z42LyMjbhda(yYwNp2mX(Tit?e%3hvaieSV0+XUnCmZ@uaE~3U;F-mVDOh5Onq0QHI
zW3_e~#d7X!KBReW@fKpYs!7LITx&x?99!E~AU;H9!tSkXz$M#@booAsf4{f?9t(>|
zrdrm6m#r3~h`AR&{^*etQd))dtat<EbX|lRCr#C`HiJ5Y;&DtkvkzxsM<~Oc4;P3Q
zFZ<T-+o?SH9wRLet=(l&Ufgyo)=d=3_mDsGYpv5uc+K9X2I+o!?ieWY7!E(aEZRAm
zroReQBD`tqv$M1r*5;LJAO~4RY}0FBIqLPJ#++(5rfSD(-~6nNAo3II)mfDt2%!xz
zqgHz$c)iT|D^pu}Ia)*V(49u`y-8}eJ`GH}bNolPa&NWR`|{GKv7Hfx2TSeFCmlp_
zM{Q;Fh^;eN-IQ)VW=u5C^3txC?J!8fY)qbanBLn`F<s5RxLEnY)aq)2Y@r55zHz7K
z>xZKQHgW1N#31HmuU}`!d6$_nkapSusBhMAMPVG90)sSkd|RD^{<u2s0zeqU(pC<3
zcTp}f<xBaZ7(-ovgJT108QT>rsX==NWyb=9=234ZQ1yY8!^G8Ckf^Tgk7dlQz8}FI
z_Wo)VigK{rZ^SmW@Unv-h@2cmu=YZ?=iNTd>l8h3YdIVu<WoZyD~tZ)bva8pX*rV6
zRkMbf<t*^Uey<aI(ZS=S3t71#WpxEVuRt&^#_?ZYnN$DTH~m?CmE?E$c-@+s&h)sI
zYV1@$sJf4xlf$0913`10q|yTc_TXjIG%>OUQ=bq&u|+*U?Ib6W#hMLVl`TN)SbfOJ
zDb71pRVK71lZU9rDd}jCv}jFnD&1g$>8@AKhg+5}>t})Ni3{RyQ2*x2i++`A3La^a
zGmWC`dZ=2P<TA+ytBH!frg?tp)$#6~%(6EL38_Bin68zD;sdLR4DVtu7q0$i1-rpr
z;Rdl_ysXh|XGg~RqT!o4+4D;sXnS`3+BMz*Vjh~0VsoD!**Fy&tQ-t7T)lW*jr_ss
zV!@<p){Vu-!8PmcE2P)&b&8O6AWW?w<?jATijz&=xxmJm*X7{hHPokFw7cT*<2W^_
z8imhMIl*P~m?PcMF~3SU!D$mI{c|oVhwui~&*z|1dwn70=1+^OW})LcZ~$GMvXI8L
zaH@KkeMyd-cRXf+q8I{fK%$h^7Ycl|^qI|UJLMxS9Zytjn7!nyB0AubD2MFF5b@YF
zcsc6Sax!BlLAp<0AExLu{j3$kTcci{h*(;L-IXxo5V862LiNU*1dCn}K|f7>+|?le
zRLY1G>?$MrPUj_=mex@ay+@91c<)c7ey^f8Uy#UKq|yBKoAces?2P*cEZ~hu^UIw|
z4RIa?YtZ^s^O#gh#V6gbuOw2Fm+oYx?!mNAomW{R2fWEu*}^ig2D~JBSq6MX^Ehm<
zOPGvSVn-bH>JyLD@+HGCedxuE*a;EA@8HUgakcHx!j_b-!Qnldv|tNRDCCV+!b9aR
z0XVrZPwkY>kJ@5rqD~626kCbe6X)EsfT&GMGRo}5>?g-V#op=_x_S!FR{{#DFC)s_
zl}pXCO4q4_tUJBZz+|gzbvG8DE2;oq)iShGJVMutyz2W>%xfwXN-39im<ubAyjLL|
znOl;ZJ7ptMQCMoofGUtbOV;_FE8UunCx^a~DU^@QMV8KME#bJssn5&27o;}o^h`$>
z7+%lK51s)%>r0lDbTdM6piO75$^vvp=CYm<RCgkVZeQweUh_Li;hL13r=_0r2Ch|Y
z>;TpBG_2HoF2WQa?Yvf-1M;2#m<=MclY(nu<J2|JSKmObYgtQnSMQp{;Z5Z-EykkW
zd;UM&eR(|8>)&^$bh0ExQYmE3mYuRwQr2YOM)o}+%V3BsA)$;lOJwZ3K^Th4WXZmV
zkbNJ<GPdXXmd<(I=e~dU@p}Gyp7Ym<@tx~?U7yeA`mFEwIrG<;<@aQNc<JuUD_{&G
zvOMOFG0&B|(skmqr>onh(JE8S6KbqqH+FP`ju0{M){?wlS*A-jX=GHh&>OA|yR3Cl
zirOqm!f8p+<7TapSU_S^XZV#+$}U7z9q@TV^Zy{6$Ku*BFZ0tpcrvG0t5myPJ|>Xx
zV{X#a8f|PSsBbI|&%@q=Hr@@=O05~D)?z8o@TG#etm!t~+Qt{TrG9RMN<li{P*f$M
z=ud5J!t{+ziC_`BU4Ke?d-mW*pCY?Q_BXdvqrynI#2B$_<CcW$EhC&ct?@#N5$rtp
z?2OGAJlWu)R6eC`m`p6|7oBwa>F(JWEt+UF$&Q$3P=3~@5so-l@vyvY&rj_}nAUp=
z`tYl#dL%%%2=IiPEnKNEr`rRx*>=_q?%5(`PSjp2t(<8i`y=?hO&pAH=loTQ$jj_c
z|MX_gy+3>rYcm<}E_df55mKZBjF%NOmiX3*#MjpR*%S66b~DsS_ri`V`R1JMC5&0l
zl&uMUc}78K`NNct%0~-5uE`QO6c9cj*GR5e%Ve+VFf1zBRUlL`ZuD75;{i?9g@(k3
zw_T{%R*dr!tYYjla%bIp`O*@!hqz)e)Ap{DgbpeEVv0C3QH*?Zmxc=F<eXw4LkSOB
z*u~!eN%aMVTUK=<+(E-TDoI_;Q}BDT<sW)$x@TL*_U2LW6{YW))*nKZ)EzmKP!~2V
zU}u_8(i?tCWZQ{Gt*g(bJ8^UI*?L>-Dr%RRk92#(2LxCBl)4vU+%WnC%hWqOSi7i1
zT#S|G(O#;2IH!uhwWZgri)Zy6qTSN`noArK$6ht{<{A2U?r(3E6;o50W!srpFBAwe
zM+vH?OV*%x%EfCos=nk6m`hC=3gF*zw8r2{J-QrNHP^A?7LB2(iLKyQQ;5i|^i_TF
z$LHWvrNwqG9h*9*h~jShvk-{}Jwf#6(-6%#XZr+mIXuYfS0o~@u?blPEU?rpf_$9<
zapVI%7Yo<bgSVzC7~4ZS*3EH%-bi-(cmVmZzV58<>;=8njf;<?<!^f$M?_=PWF`Sh
zVB%_~(E8}ylqD}OA2RlwL{R1nEejrxtc=A(Y7{rPaT^@>CY}w*?lSInDhkaR$q6uJ
zs?46i&8PFxBCcA|`^?HA<7kR!&1K{ILyH*I?(1F(K=U^?8GGz(xwCF|kyV!F6Y@NC
z^!A>bj_`ye-9!eVpGrxhhiaEQN=oB!CDqjoouPv}N@qY~Ipke>nzOPRX1)S%{}MIs
zvt2whKF;`RxeJGHP)K`@pu?}R2b8<cWHOY@k6U?0>NE4NP2hp!hMT&yS~xpyJp{v@
zBMAaN3hbo8TwlkE?LzvTZyb+yoVF-E>+W~y8Fz<DFjSVslE@>ZVhX2OD1U-4tEv-W
z#M-gu+#YC~)h*3s!Iqk4W1EUpo2qZmz&<q7H^sN)U{JPYhO0Y4+X@XnDWgkNqW58*
z{keOoAU&Jd+A-d-(OFz$5S3&<cjw*Q==_qZAWGLl>qQL%wv^97Ov(xl>cupv)@yo}
zyK>e|Vr~KryJTdIw~3{X9KFo&s6I5K=d6Z8R2KV}P^HfJjMOH*TG0Aup~g>cUos_S
zSl^gG68(tDPf5aUPCS3Rc8#eHOo<9FcJ79VRE0aB7&=j0F{`N_N(0BLKF{39!wT-1
z8ry^!y>;YP;lP$|e*ir%Vqq`$%WSjVrn^9xYi^Syw|gQXksGT~<4Td@Y1*=Q#e$I8
zre6ZQyTHNHaKesFo~=QnB(s_>ra`w#{u(7|ufi+D=_k@cpxX<h6QMiQwc`hjWt-&D
z$(6_7-}?q6u@A&teB((A{XS1FOV#pBg~{gjyYH%uHxlA^@-0!5sW+%vk=!TVWu+=#
z%6J?)KchXVEVB1Kl$-wRrhS&kO~qC+e)~Z=pMoTBR?xu?OI;Lomr18FJ4Zr_kYwe>
zuh5!jxO39=Gcs_S<av0`WiqI%_tC_WNc+4}mKctX1OJRlFx&};`zewrsK1IW&h(ZW
ze7GMzr3Eh)pMH6c&q3|FJy2=W)h%Zu#gbN^rJYwK#Qe?|bEQ+9iQQLHP#awjtO=IK
zCgo%Wco;K<TvAC8J57J`9Bq5=5w|72_6Dizc|1;7+MpmqqDh`nVAaBbYv(?XNHrWa
zoRAQ(f?qcgPWW_-=c!Gc<WBKUx0c1{iXQ25k|Vb8@1<*%Cf2gj+(HTd{{EDUI=eqy
zT0_mjZJF*HkcU>n;N~V&XTN*^J&aN$Ty{oz6w~wl<<r-ToH7&<6;{@^SrwGAs3hSv
zwKo*KJ(bC>{e%Fi^$sU6NaTa<+@OC;2mcZ2=*iK=HCIphJkt)1!@&nbKa|aOCJ7??
znJYQ?gN?XV17ckKi^j?`RN1T1it@+f;yDVj0Kun1ry*7MaY&u5zHZ#k4V|fS##cua
zl|pfxRA#g8<*u17cI;BC?`HxKH3l<}$Fy$KqcZ0`bipvHtVL)+I-#V_T{Wbv7PFA=
z9!AWc@Fn}%(?-o4a&&DoP{ertjy{Dp?WP~Pn#L?4ysHgP+<dtKJbDB8TfLh5R|1tS
z7ne?m>OtD%(FbSYeuXh8V8L?DHCgMeSAhgoP>JElK&4bsTn@pHL49Y!Wq{xwd46ah
zv)wjP(ynkd9M@i1?K5}m<jJEzI^CFfJsO$pLpXdMk37*zRSFhl>B(hzue4#^xM~px
z+A7}}Y%rlO-4S90ib*Cl_yjp5si&Nrc#+zSU}@$vlD6}syK|O(=`}vq@adX?ni(a#
zUVO`GvjN2Yxa(T<Jn>JoTC*%J1MgypMt^{n65q;Tcm=yQEFT6)T|I2089IHQcmRN)
zZLR@yez;U#uG4dKtsEo0^U+{&gG8szfT5|1Ieql#>FHNQYxsN^tWgo=HaE;>d~Zez
z{JKoG?oZ+<N_V^YYWBB6pGxPGrce{9?+SLu!a{DvnESX%O0+5l1+!qD@VE4#V#}%p
z4J(LTa5}Mi@kungWh__?y>mu&ABu6d+l93)RBo;s5&gts$`lV}Z^GlxCfM?;Mzku$
z>PGV3-;U?Ta)Dk2QvOed_NMq7^>A2sjcNYFxR(a_tZvo;k%vxAkH=3K5iF9DsuSt9
zx4$40k~cH?U2(Zs1vp#=1^2<rs!c4|zmJHXnO}*R$tpbMJ4tyRV2|Kr)M>?mOiP^e
zC{m1k^i@HhS$K`{2#-?f^|CeDv+zv8k{DXNif+CyqMMugo}S0deb^PHJ7!92l(&<<
z|Df)K-FrJ@eQ%_$Ts{I006rSrVJBmw@7Cgr>pM2o!()Q8ye_hGEj;vVe(Yf@WwnG+
z(=luo2z0cvwdUbjqm=K&6P9Ob;u*De@64lH%Y9pOnmbXA<~xH-SPgL!HEtu$7(%rF
zdy8SF%z!L(RAy&$qbBoC2`{Y884S97Zt;jNm%R1?RbFh`TkY@REeWf9h^Wyrv`cQh
zAC5$}G~i`*0%C+3D<UP+cWls#pq+_FY-u*VppTk_8R-*=L}n$edgblRi)Y8=g6wQ}
zj}q%Tu3I&Du}M?-X#|D(M}?Al9eP@Ts=@=SdDwdjI2NTtNGm4bhZS>-r8srl++5%(
z;g>;4p&qLgnByK~xkfDafP08iO~mA)v%+AnQ5qt_t+cuYpflnpiV1F|-|&y}H@-dG
zFh|HmWcByu`h029jdS^-$JUM^apvOTcBxsXOKQSdh(RU5d`8}K{&N1!;jqE8TBuZ|
zU6td2&vkzZLu-D++-O6jeLn4Mq7lBCnPP4Id5WiG@c5czummmIveAi(dv;H?)xg60
zT*TUqhOgTT_=uTL>G50b3A3gfrIoOZk_*#MPfJj3hhyfSo^)JMuWSlUt=1vT-4_5i
z%jXkt)LMy{m9PR_sa)I$G(c5*0A1psR~E>(bb@~tQP<xhjDY#aGS07cRugxm-j=dA
z36-TF<a{LQ$sAh0!&&=7;8PkfLaZPf6w{FTEv_k&FJBnX^vg70p+JB}rj>j~z5s`N
zXyCP<-OaN~r0aWxXn^?%1C@+LLZbf>poSwX4~$OUjf$&$vs9&#`Hq+Y`<7lh1wka-
zEPg?u%Yu%at%|(~^SwAvL-~j<>$<v^^0EBtbKC3Fc7$ey*Ry)HLewrcax?vcKY|Rj
z_M;}`4Q{Y2SFX7Mdm2`_ogAuvE6XI+x(RckAc+~PvBeUhQI-A8p<0Zs;AL{Lc%CiY
zRb9Tw%w)Y`KdS`XieED(u;yZUcYN_T0$}lF`a*fMg(W41jP+#u`z-&{=03uOvl3@A
z1!41JCzd*2Dm=;%{2}qBIrK=Qct86*QX3XWG4Byhy*^e8;#?AsYI!bB#dfE@LSuN%
zMTU*1jie5A{PCbi|IYpA9W?yb{nhVp@tkUI{HRf8)Re@C)zHPrXC*wWyqn;(%4nz@
zo*r`%y~mZBB%jBl_<-N0D>K`=t|cdh<}87R45y-JA&k@kS73C~z<oq#V@5j4_Z9rZ
z4{B`#wUYd?6w|@nB=0wcljQ1%Tk8;B%ToBdEdL^QZ_BhdG^>Ty5YWSQtjI3tEm&?t
z4RX5uUauKtEYhCS&Zu)J=DE&r`YHMBwmBL!%^%;?wM;~wSY2tl6=)w|4a}HT6)18H
zb)Suv(|T;bil64vYB^^{Fl|&7GSaYIJw0J0-0RFmla72SkmS1Ww6`_Y;G8h<LA9x`
z9Y>%bsebZ4rokVM7Kh@(<QGOuR=`iQ>%Gkri#IQHS?ERQ6cF=|K;2F83sR}PbY*s*
z(JI3^JBY~ZbK?xZ?iR*n?3_=oqJed4b5pYT+x%r%N|t!My+_aW-L=kD=Sqoi;4Uu8
z*e688UiU?xzh{j2#^b#bx+U-~jO}f!N*F0WekFyc;4^GT9!}Y{RXpu|3$A;kv{h<p
zR@AcBb)nNa)!);V$CgoY!8VXVeIcGy)5YPcacb~gWQ?Q+;K`!hES#yNk>Icoy8x#f
zKvC4~NTgwwdTM~FSV!*8q*;~d`89)xj7K#M`^rb)cpTw<!^Y*XpiH~HdbNGNLUfRO
z7DfN{SF^d2i+Oq8Gxf!%{veK`nnwCH<7SIbfD07pilX$>Z%zRPzLF=8-aaCOihMxg
zd+uk2mMTCQxsc&5eCFFjse}!4tCm~EiE>991;2W#OT93;5j_2;(YBTW4<#c9OwB`V
z*D~80xikb=uY{NP^{N@JA^N66P?-D%QIJ-oTQDyNMO?-pOskEA&|C4K_`>#>5!A%q
zWC1Io1*y0cCt|)i4;RIXE1l`|vMe((cX-_Bq^O8cndnI#Xr2#tToo@)avnT8Xi(`j
zRS(~th;eIKHOnTZSK6;A#(v<2yMqgARAYGG8)1=Cx?74P=GPxJK1LKT`yH?>HlJ|E
z!~~^&oZ$ZOXA~Yc(j0mV7=F4z19X(gG1@}>a7#7u_tH+4oRD#!J_Z*KBHl<jFcPx5
z{Pywe3Wu4x14nY#TE}PiE=se;s@pa-!?5PbjIf?3?r~d>a9_=|6u+Ar+oe=jd15u-
zpT5A3WbM0CcnmY?c#3Dhd1#hu^bwf*Ny1_8Xv`#m<iPc}*YCSKux{FGL|9vgUAn>F
z>HtlrwQTWe2%8(w@#<z}7+nn^def6Jape<CCA}f0E*ftvMGXUuFoI^ob4H$+I`rE%
zf)CIqEF+MGL3p+Vq*IMKT2*V*GN{kba$D1Rv_4^*gI34ve0JHXiqO<3HK2J5`J(-b
zc9>0`;#AuN%QoFy;1y^L&0o59#U##JLD_VyRRn*j$=sT--~rF|M#VG}GV5W*wv{to
zqW6d8=@EiUt&_+b$|LzyEoaR*!e2yH(R~F#h-xr!dA4{i-3D<2uBEzX=CwIO2QlFD
zL@klC7HWBHravm>Y1Qi*$^{H<522NAAYGjk55Sq^cp_o378}_EtPV?rl-2~ADP-cS
zmV^pbTTm}X0_2;Ib2&*e)%}}6)%VWDeb$K5YCj($$+|YtD-kU+RM6-0u`w-uk>whI
zlGhq%CSX4%k#ScydP1WG)xD0vB6C8DZ06Q0cyYT8rE^+}5@|G_z_1h7!sDzdPae^=
zt>Dh|7?|F~4fPegV^qMZsp)_v{e}L$)bx!&>(N%RC2=_i^Rbkb<2=M@X~I3_nH)r;
zlAjvqQ*lgBG1NyK!p>dI-JJ|B%-R!OxlFG6i}hJXwy3bKf!P>qcW+QG%>y|XyB2?L
zNZFvRD3v)PV?q0*Z)l1bdklqIs2NSB*Rr?~nM4#8PdDiA?0xZ(GMW9LYQ<#UbW6v3
z<%ApMPHPTqn(JaqE`w)d?1Oi?3WGVgcZ~bjy5uajF%2zhDs35ASs;7qFhD_aTD58=
zG31sHzZ9YZ7j?dCkj1T5TkYa7NXOgph{0K@ZAsKI*e;@+0k(6)z+ZP07ZP$P9|RPA
zcEuHPO7_XoVB%5!wrYXbWOFZvws~iUr+V`J{zlZFQsS#hHVAC_8*y!$DjZ=IOM!Ta
z)E-VU>|cGZ%{evH&e#*hbWQPQ=ko;YTK$YOXEMPt)J<t&!>_p))%^8Sb^O>)x7#E>
zvf=aBOfGz4J3OA4KWBOM*imJs2gkN9N^?_YY&~z*PpTvEjAQyHoRha-hrcY?rfI+U
zOlXzy2>C1xT(d2uh<w>5gu_8Dm3m>r9QX9IwxNq=QuN2;_Hh$p0B1={2GjdhBVy*b
zq#W#n7Y6fQbvT?$6`pXFpF~E8q2LirFtZR%1dG;Er8LWK9y3*{z9-LU<k|jKG*~gR
zC6<qg^pRaMNhlu2fH0mk`r%$Syd7JXu@Y5Av+1G{k+l}$|7Q4D@JC(q=$ex`Ku@{5
zn_$@|FYq%@T?=Q*LgI~msy+CuFOGP77UjTZqjdE$iXRQYw1nv!%46yhgz65w$WY~k
zOi5VRNaI&WEedYhGrhozOxr>#>n;YkSN^$Kw(P>UlqX6vy<?-L`fh-9ytUVxVAFI{
z5vdH{W^bakcT2aNdW3nx4fI%FyU^xsYvv9s|5eeA8G`lHqu@&+&7Lp#3*M7zw-y;h
z!75vl>sjauaho+}jv$f2qp+N0z`Y<(2WM`r>i28@sl}}4&xpZgukp`Gkv?T8iN9A;
z;Nl(M*Cn9s^7U8Xk0)YPrPaPM_H`ouTBA52Uz5{8nbYS_8&_qQ<P?gYHLk86ox2k7
zCdHJ+0OqS)p00Upi5_*+1NpY$NiB~lbj>_!UM{Omw8!3U7YGW^*k)IL3Tu^jlZ46l
zATwgKuE{ahzIdDXxf`#sh2>0-Cg>D$vsz!oOq5GLpgcBIWpnPe-mYdtu;iMSk!?=c
z>`V+M;0peUwB>2(i2e&2cd35fX3#tXNO4Y(E8z!}-=mmCj0cOK!tyE8t*buTdy~%0
zluT;b=~*ts=-iX76si$nrKw_nQC{}Z``kLJL8|$<qk`wRA0|aNbv<CqnVTG)tovfu
zHlnBHypvn1RXCpSMI{l%ju|IWqt|*)%2;^zC+_t|TYt-Y&5>5^F<TydLetg3987&h
z2|f&|ZFFn+D9Dw+uzK|FV1{`lgY(e%=gA$^*VrlRQZRRRoy&2$+T#wE^VQXk#y9-g
z$?V)CBPy8Dh4WhbO7C+DIg*KTwNw;G$oQ$JJZlr!u4=)u>*Gg29eONY`#w=zYJg12
zJE9-<ZMR6`O)|MVQ*ueZ@05<i=2O>Rh|XpjXrz7cSyf6$WW|Cep;Dt6k2n3M;S$kg
z#-&o!s%L|>G$=rY0^22Byiv+<CfFZgaq-qUvQX18xrw|O3SkBw$LylE8jT3{rQ-wn
zQo*ht_2_OWKboCeI3C9lgi0>0h@Tu9vr7I*$J(WSeq}|A6@@d-Rgw5`6NS{5H8RC*
zj)xCUHUgB(B!}KooiS6CYj>0#<$1ykhItlU%AAc}?<G4yb=SI<#*9OGiCmRVvASFZ
z{bq?mE|r-x#%T6a(!h9+zC(*qR91M_3$5EcvdCVA!F=(xqb*7Z6@&&OeK0$wyOW2j
z8l_qyUfRW{WrijcT5^4eyR51p4=CE{Mp!4QZ*67mbJ`0yMxQvd(5cw$k*n3u<sHXR
za^`bQ4VaQZ4}6-<^_cTwU7e~ec7ENhsz@adjYE4ox8RHUT?A`^r$x&2N78JTRATb(
z<8K~WZezi0liNY$v|5^b9*x~v=N-{doCyLt%|FC4?oQtTL-X$TD+~Ir_H%YxVQUw<
zGr%NelI#3VW;$r9waxmfzejfkzo_0?l)E#>2QMvl?J1tG$zYn$M9hn(R(eqMQ;NmX
zC{B#n$ymrY8uD1q#c<SqRbyRl+YPI|ZR5j%tp?*WsUp|l+BlTcoO|1iv2N`g%bkc5
zx^Pq_zzRh~Jw#vQ3!TlW)l-koX#*XhA1A@kS8nCCSp(x;B`;nm2{{z`o{DN;Z>uMd
zOjtQ8t2D{S)7>qX!yHQSK@$ojAggES7pDaM1AH743M#0>-AP@jaiYN8g&~fj1b_Q=
zwhtpKKCuQ9H#(i7Xk<xxxN?me_1}C99ab`9`(V!fs`n;U$K7Yz7U+&w(;Xi}Y78hX
zCAVkA&phwgTQM5Wr#zzP9*oOB4_m;myoo_g;qk*9p^ckTG^)>yS(cUZF!O@=3Z$Z9
zHzN7@t`G&{bh+ZK>6VWXCyYc}6T%nv<$8uct61Mvvb7j&8o>HzYfCNr%4Jz`xTG^(
zDG*6e*;SlsrOMvi)!W~F$~~d&70ldnyY>cWh$(t#Kg&x&HHp846%56u?oHMQ2l?lo
z*vlX<l|qBO{{2rfE8UY6HP<o4gRQWz8N}YVp3aXMGt0C`Pg~LZ@)sb{_uB<)*2lKe
zWAwhdfk^Gs3(EL7;+u}l;&(G*aEwQ!?4x0V3G)0+1y%|!R43fq;~STnetdc`z&2_a
zU)DHV9#^=eT}#k}8Ra|;SarNFgTie!YS-MS)?Tq!;4@kRYR7Y0ShKR*P`ugsjs0q;
z0lSoLTx_<vLz53u-+GN%21SVP)<-mp3tGMFg?UbFpS}Is%cw(`XYW-IxuT*XUd=Se
zWllYdLA_3zN?ONj!W3a3OG{#fRvn$?3#Q`c1|Yn*tvwy%J2dEVj$QP-ju{9LnKvE_
zR2}iG$Gc>A2Ypgtlumwe-qRaa!T<1E1;?A0W5IbeJl6W!#Qe0z->j0eU8-jdX0~*t
zUh%@T<}T43Guyv-aF2nmh3snBw@i;5ql|_k@qC5NiM%AIzkE>K_Dr&-k=TaL(7bpQ
zY_POeKv$^4QUj&ur?k+!lC(axR-L}?J%OB^^4FWXkUmJ~3A8S|F~wWWA}m@Pj0L(Z
zuJ)c66A{*r(2Xi5XbRj2eUliPE3uFyTZ{kjY$Aq~-$faHy(SSt(etVzMD_y$!B-A6
zwTm_jXUv41@>ab<7mx3vORM-(4Sr?_mYaW6ao}upZAoz+>+Iy|0WwE^-X{cppa_U}
z_$(-q0u3_DfPODpBKcC7>i30a&s5aP-grIz$8>RZg-iX>*6~(wp(x_}oxX~8eTGUV
z82#G_jd!avS(=?OG)PrO>24X>`=91WZ7Iay<vXBXNNdr<!sd;1nZyLbM^91Tw$d?S
zvPxnFp@Tm|qS;cPKGNInf@i^hsg>MQn*d!*xw;O@sy?e!^q*>U9BMeWI}4hh&y=$i
z=7}iRffb`kVx@2M^eX>Q7rUL_=sa@4^7Wago<*V6v~gEkVAZzl6jH2CYw))wWWgsp
zV|FR6t+L-T3XG0@|L`=&6$*y8LcNxZJC4rC`KaB{?74aB##=_Uw@R>T4OJtWywJp3
z;;g)PBqZ7M#S!tmAI1jHqQ>k8e_ZAhf+vasgmwL*dzU8IRiDXO&}FY3t!>U#Vm-x8
z)~h+#GM-V<3jo<HD5(;Hk*Gzb?XWt9HaCErUluPq2k8FtDZg{%65>#A1t<U?-f<RU
z@y+i~SDkd=%%qnEER^JitGT#2jq=h_>e?9PT+<nAb{U6ujZvV(pYIo?enOsi2E*5y
z{XLyLUPK8Yx=Jq3&*|zTbWHl++zdKb7V4fZs}3jQHp%h0`x+&hpp8kzZQ9!-m5q@}
ze4N>)o)<(qG6rmD5|8CRFVjelM7z9DKM!XV@+KI9{2y@3;^eU!Zzr0VM@wlI^b)&!
zoBTiEqjK_iA@<4}p5cKtcB~&`B0BV$7V<Z38UXab)mCkn?ssju^8*&!VxgK$h}-7;
zt(EAH)090KM?Jdrr!FMAg)ZKly%8ODS3+^lXjXl4sE7;3G=VPdGU~K_ncsx7$upJ4
z_aOYs%LrK%`nH%zr}CiHCZ5{YJ{1odGG{#iD#K^nJieZH9~0n}-T1GP*=^oZVO1zO
zk<P8*kI#bWy({b&T@{rbY%cvkR&m=dp;Z_)s~k$aO1m%*+ILO$w@T=t47xUzyTj)M
zWU>@tD^M<OYTvmwq~ra8*+(S4KZ?6v*d|LBaGb_~cVGX3?{U99v$92>?FGIzpE~M1
zeVxGu%3q$>5#J<L2G27zoJIW>3HY7Hd&i)g<7d><c7o&^Vq@qE)wz%HmZmq2(~(-F
z{eo>*R&QN^i2ou;hUx%(x85DrgcrhG(Db*_Bs;%ZCo*uJ#S4o%MG@EgrVs!``vYjq
zGTw&*!WMqdd4WlaAh~;!wSr_Ww?qZ&e?0HySE6|1wdwXNR1X8}%lcV)oO7Oh3A7`0
zM34yFWF;m4IZ*hD$a;0^?cG-<7h-fwf(zSk(*^*z@amT92tH|HURwU87gwl4{U@UJ
zubKHJU<W^6QD=?Iz+i<Et_iIRpnWi?y+nl0IexXfeIRYAxb23SVShcKYn@+MM{2x)
z?mY!g$Sa|}yWnxI6;~M;qBQQ-)FuZk3AO?-?GxCKeJh*oMd_6g)O5OB8(&<o{?oDC
zvH_c-%Q3nZaUIKvm^6v!VjUTcvypIGa?^$v<e^-}clrQEc%}JvG!oOk5ci(lEVVer
z)T5qUBzI27O0dA<<J_Gp%dr{v;SRnc0Q^{1bzLG1$#E5CV}vwxfdN?W0mG%+jMLsX
zr=pZ}==me{vEur@NTsw1^fp;y6ZrO=LeK=)gET5RDx|mQvD*7?2H-!1_6|a$ps=9F
zt){&xN>La2+Z{EXDn~ldx*LJRkCVDrlK3g>NvK%;l|Ifq-3Y<2!{#2-6966w5yqz*
zUz7790rp3N0_1G?y*H(DAl8=J-d)~n4t7CW_RDEg1lhUVJzp^pGe@e*@Jmvp9oU{Q
zl$4kA;-4P4AxDArO+12RzVgcr0pdzSc@@yBB_IHd|8Rx>!RNqt;7?=4IfI%*O;2(}
zGW(TzWTJVLCXI#X0Yoj|{YgjBd63>&P<+z%OCEDbn&ZSctFKS&EwB9$tMA*`yD*%%
za(nZ^<XfF7^K-f^T(z6=#u#&{3uUkgXX8$4H;UbJ25+@jQ=EQ<@xJR&*g>b~AMk6X
z(hQW+5qISeLVU0ui3H#=B@KB;(H*Ej0tuEARqfIgiW327UylGX{Kn+0tKQHL>XK$#
zxbOnJ4@h?%K$cIXX{Isq;=`7RfIh0<8uaV^FGKq?e)8@g2hW@Wx$JpoWtD*6`!j70
zYD(+Hf2NBbER#;<!RO}}Mga!ZDF}2u<F%7Q1@I9~!+_ca6n<e%SX&-wNgnedbSA&J
zK#y2!Hy*Sv536gs`-(MyE!m6z^`klxM-GqUn*iYI(y8m;pKPh$ar*tvzqOkT3b_Kp
z6p#mIBT*S-I4r4H5q~Ye?HyQ`>oueMP`}O3dlW%*`}z4Z>i~Z-`wo;q0{ri`&%sb7
z)P>iA1u%g3&jSJyK&f)vCeW1a*B>2xANcz&RqzeFxx^#~JM`WM%Ib6ewOhVP%HP4s
zlL4G%`P`3D?CNz8qP|<ej}JBg@;-dj0TBBw2k>~kS*#%PKUmU{qjE%xwflR8Afeh|
z2;rPx2OP9@5H8Z$D0>%5cVKbr0DLj^<62=j?uU2}nC-d*O~OMHs1Txrml)@-UH|*o
z+AaZiA)!7}<F`Q#0a78^{Y~TCfzAB;qu{L`i$e4OA{rb>U`;q5d%zIfPa&)>gntRp
z&p>ZrM$ohBMt|+<FQG700DBQL#wu{2L`w`nNZd-9(0>c#KbQ6E5C8gU3LKn{a5xM5
zZ>Q%Z<n*AjvabGf-~Za+|FUlIQx_oqx@=ed4xYfk8xCF+&ZYCWg8ubwf1l!ieH!Bv
zhF9LdS0-HrWz9tR8UO2N{+EaR9r*v2LMYE>d5=Z;AN%#6pWy*HdlK*PR}Y-M2a;!`
zBW@(Wf5m<1eHi-LYC0%*7OEfs!D>T5x=~|)^UJ}i{`0s0{y?l0IE}CLi$6$zZSr(G
zq|?)rY0Llqw+Bc5_#bu?lL&=x!*yL0|C8ALPh0G}4i2;*X5#-_VHtpaQT<P!{HG-R
zTBNTH5d0kYGTFfw`icSt%{@jb^ZPCTRXC^Bq1VouL=_)AaT2n)mtMR*`agf;fB&iU
z(iNZy8>K8lpd<)=@8b*Ld<_HRpC5h^SD-~i1g6FwEMoCiN;wICGGNhJ^p7b%?0!s=
z`T8C^@ioTFQxQeX@2RMGpW;ASX`pQehM4q_2h%187UX(T5G3tZn1p|cWr`~0v^_8@
z{m(Qm9`Z3qd{NLBYrJMYxMQYip%)EvMS;GBzwF`v{=ffbga7-1{Nus@|H=q3JZ?7R
zjfa<1z>Euc4oi=kA8h^_FHj#(ou_IBhc;fKkdCX!EB$#Osl)PM6-&12Hbnn=5C<QS
zZXjNBmzj)WUkZe{Z%xn6K9g`;{3fokzqeaY%E^_yZ*lyWe6{sLj)yI`3gWlp@vlN-
z6)GJLc)P^BZn;k-x(#Go2CcUyNr+9i+CdKT_D=8c`YV<Ld2R(}w|^@BH7Tf`{O>aO
zTLIht1e$GsBwK^Sn6NgZ`R25l*68;WKOeUSMeN%T($vily_Gi5Wk#h+3^<rcohO^K
zNCUt;<_W2vRwIQ1Qk)aCi5!Ps+`U)eWG=dMAm7EgHDAb+1s7Yu+eZ+WN1eK=1hpjK
zGYSl#fmQG}8|@Q%AB~5J1k%9VujB$JU^F`?pVT(D=(e$ruq?D0(i@OX+b%uMa$wVb
z@4)Yi^B+0}jyA>f^fc%?m~+_oB<_@&KN~M#`Sm2d&yHhGDUE^6)^bb1;-HPEfUp7J
zwldz?T;a>YtPgN{&8jD7i}k;Ao(d$pR>9B=&g%1x^*+;jz-$k5+p+kwOJhm@;X8A8
zP<XG`uE8O%Rw{K$L1b9qRdmq0qauK$C)<AKr(pOlLc+LVOQmpVVSK;C(l&lPj%{~0
zV0rI(PwJN!CW#3oq$9~{5}NPQ-*vns3kqEys`D0h*_u)H5&Z^|7kn+3UHh(x1Ktmp
z3=p7}2O%~R+0G^kTHn_(M{3T#7-@b&S#qtc&xG$wn8@(;YJi!k`GtaBQvA*%jzIvH
zSr3?_=^z%gN1z8O2=q7<aoAbz#RB@Bwc-8(quQ^{fu)eVuZcp+Y53~?l|xIE=$#Zm
zTeH9M)hCF(Q(s)xH9}5vE!?7oq(m}b!@h(*=Nj6oVqQ^ypcQou!=O$Q4vNBdfak(x
zqG&3~GZ2(Pe;7|?FsKJqfZVU&tyD@~1%ugzk5sBB!LJ{FV^(_`EP{yrYOudtPf;H!
zPj?|7oFM>Hq3}0!?N1jdVX}voig^J95!U-wgZPkY1z;yAA=#1f+0~9+YtKDplKDc?
z@*zvLNSeWqexLqNb;*043A1;U2}n}@{VAV4HUq$wWslkeEAs~{&FA>GbIweQnsuuP
zphX4fJ79#o7M+vHAn@Yi@>QQ2K%Qa@sOg?x0C<F6!#|+Sm4r6eDB(WS;WrnwEm-_f
zOJVW#8vaGrcSClphBx5nA>Q5I=(Wj0jMI)h8>RzIz%vX>;l+zwSV&gtrS?|BmjPE7
zj{yjT(($vomx=ksLb+yumLUSbHq~@=bRCqG{<CWRHcx<}dhLSDq;Ikglii3<|D%cV
zf&d?7n=@P&-*VPeYkpe~mH!;n4^(Nxvbo4Gpeg_KPezhah#aeV|HmuUQ#XT7adU+V
z*WemCA>OgDZI(yX)2X3j9$?ZIKo^n&kS&ArQr=#%0+uR$R%u~%i&aZ>Jw`se=Uew_
zL58etgujW4D&unR+E_TCY<oTF*^{el4Dp+9&zGp`*kq-9l~&|G0#uD8P#UE9CT$P}
zJ)K2s(q+K#wz&*Yqva{$092pBNuF?|zFm==LAj4Z&6dUHl+^x(+hG@}&lx=W5IX{T
zN6%{+AzaArqjx}oryekwQ30|QpX0&TG&3Mtsn5VBOw@scrcUz0ec=Uh(sGM~x4>r!
zu#EaAe;gYl1kyg#!M@?3^8RVLq(Rio_OF-6-yi5EBKR{ngZ2;N`kF%B&2a$-e|=c&
zCDd0!MM&ML-59c)t|JTvD<5q~XW5L%;)|=JT>==?{p9*V{_6A(yc0+h8h>Gl;o|C{
z@Y$??^!3Kntt+F2#`S)vV=?J|&44H)5aN9bp$(<1{P9w;PEG!@CVCDck&@b-QLP85
zO1g*DE1wGibCeuk8bv7(;2`kIEOy0TSiPNphVX#W<?N@JsbnATZ{_cgl4%62NS%`0
z{BGc%y+HXEqN7`v8LM<RfKMPt0lib^0Nb01-kNnZuj_nY_5#6JJuT-H#LttnTQ&-E
z7G&81zg#pl2qbb_f-r}>5Ft&HIEs*sc-Nh+7$hKB<=6)hj-twz+wAt$sicTwcARCc
z&kwe1f?{RWH$dEJQU-Ca04!ssT;eSpU{fN4GFdwa5H1I~^ysq919p-XHxBF$;F_TO
zlY;Kj@gyj?Ub}Py+>j}y_VLc}uTh&F%|vko3_vWu#Wx8tw-o|Zt^kPFg!CHPq1Vuj
zd}G9?R?C?a^wA`saF_T@Zk=RvoB(8g<CW`o4LDx$;@G6N?iy&rnfZ~HEzp*a0?gac
z!KKQ%{FJO#^XwdPL^hqmDukR5fKr`aFB&o`O#mhfH~$m#Uc9fJ8rh9!yRt?Bo?WOT
zvSya`)m4q*yL>-QNhXw)u$P?wNA}`BYj?^L@I$teg<}|2i+V>WYQ1;5g*|1oN%$u;
zaS&%Flt@Y2XlhTBZ?LXH{4pW3dO~Vb=IoUk@N>1Zx~$l!4J8sQ6{+2|t6HUxe<oZ&
zX7p1sTavp;+u30YP@G9sT=mbI`M}~8#ikgCI=2t7*Dv(q3&7-%7|Yw82C2O>%%TuW
zp}n&~_H$O!?$R-B14lU>vq-tI8YorZH7SrB43h*XV}n<-yEG;t==JN<DNjw#cQ-U<
zk_%WgKkH26td2to^q!q5hNwZKyVr|;W;}e$pa?tR%$36jL;8^Nb)uLHCa$cmwc4G9
zx!c;DU&n3=drE7Q@&gXR(LzA1*TDa!J`FW2{Hoy&Jo~jc-03=C4y|u{bF&^~p<uID
zO73U*7qi#1jA?u;@S5Osv~g;x2X`YbrnWSG(X%<0&lqGjpML;c3nNphckHb|lN6&y
z`pRrh!DmsMp?N^U;JI0_Pbk>z{1_v(-QQXl4yffSl#e#c(HM65(Of%YcFx3@3HW}#
zm5|ENQvY#iCv}>M$OH4syfn<0s<_Xk>5e|%{(M&0mSvF8Pp(ZG^svg}`pgnffSN<K
z(fO~!uIUWwaKKRX!uSU^a<n9Q*Dm6G`#ca<GKeE-2Py_b#1!#<N}(C))%pri*FoAE
z()8(cr>;!3_WE>j!+5yNWUg*W9jMXTRpBOn+Hq2;@#g|{5m#>F7C;vv=y2)2%8%q-
z1(`$Tq@+ABsw@U2n_o!T4>-ZkXu9|RapKZx@2w`Iz-}#l?!9Y-Acm4>q=V4O{xeGZ
z@BZQMOYC<PFv8F_cRVh6_(A%k?`&EWK3*0k6_(9|0ePaPUmJ|^=`>`P3z)m$?V^M+
zX0B+4RbbJHA=FWm{$%)MTp?J(Cp-vuKW9}5X_i;3H`>6lUEaahSmL81im-wc?w}I_
zbj(xW0(H&e>2^T-6)BXK+yri1{0Zw@5nG^P56biltES~4fe{ivc~S6cbDRJhw6AIv
zHja=rz0N{#9kjPhz_Iu>UpoFX?{*O+kV>xD-8v{?AHp%Fp_<0~DWQkF6Y?&eqOH)n
z8eeQM%r}xKDP~XsfQH6`1nOp(Lga#KC?2C3)J^K~J^DNl$*-E%)iYy&7pWfRxj-F?
z?=uZQPIWmNfFT%e0mDNpVXSAUrE89yKI060`BM~<n-A`Zn)@}kh>VDf1E#KXXq$K7
zQ71^`01UGi07<UDO>3`#^v<IPM4ET6&t|5XM9g$%1a+!PNvI4hj$2(^2Y9nwxu9mS
zWkD2ogH#JTSixJsoZakuc4&`UnuoQGjVMk(uk!Kr@e*1ZQvQsVz3bCUV>}PfWN_5t
zf_n$-7W2=UWlKZ(*iAq&N8f~Euc8o}FMQOgEFxDB0gSf~Y!b9Yh?_R1q2?oQo+4?u
z<g9d__klE&s2wW<gkq8aBj2uuj6Xvq@gg9j&eA~vR!~N4lQ}m;z={*qsetSj<R*>+
zWZoByTJ|H5>;3EulPrK4HQ@!bZ=p~e==&Ljn0C);iw<v|Fhqn>h7wAScCpEC&B_*T
zG-fs&OXwawPA>p4JPLVPfb`X39tqJ+_Bq(qCjN2c$Vu+Iw`4SGcX4!jtk^D%v5X`S
zo0DuG#+;hCV;b5Up}Fb|zT^=)e$8lzxlSob{Kh5Vy^i{kU28)H+5snP6u8_JwcA5W
zCOZH;OVn$OD*4$Q0F#i(L5Vf|TzrZ*aB1f(<?bBXqb2<5E6IWtpD$<){6gQ-tnWH7
ze*?sh?^ZU*Pdububhmbz&Ie1vLijiyh*Hwr+C9Q3q)0eQYb{pnH?YM|*V$j7j*GO$
zhHL=mE{MCVkCC<gGEp29V%Fn(jp&;MymvMWAsAEq+6Zts=%YcX@YuO~3G#t1yM5z(
zSOuV;>i~4$<z9$NR|~L(SL}g%Pt@a5UI_MA0xR<_5JF|~`M-1M|Kgs2@OhfbubG8L
z_v*<O6qk|HsJHPn!nCf>EhFF^^4wBvoOAPX)vnYTEhCSjM{9Yl0qsjl_9e8<;p|PC
znV{ID5ljWaAubOsd6#Eb1FfP`xqjuf&)yav)Ej@{l<0IyA(k=J9~?F7B>-Ee)|Zty
zBona(3Jn1OUztDJ1=2}v;KTNTNN;=z3UI-N%=j9l^o%nST}drpJKp~0Jz$-29De4q
zxceg=FtspV1_r>ddM$a5G)b5>&P@UY=GPgfvOPRrqhzB1dzBne3cBBW4Vs-K14rq9
zrX8ZFKn~$+pv1rI$KS?xO&N06td*;P!zRx+*`-S#1O<o!lcnwr-(17Y>lGbT!v?wR
z@+NjbbA{5#=4X*q_eY?Fek$J86F_QbbJ&1^xK0-eKnFvSvq{PJ;<A{qm7zLZYOU?&
zkZeSj>>ltgNGNsV^NJfe92?gG&wW3N*9;qB5W(&{2?~C+8|?E6oOx#@eDofW2=G)d
z%WhwYG1{Hgt_O8M4YV?RpleZ6Z1azw7lkIs7ygxF`FC3j-jf)i5MjN*y%ejCYAs7%
zfVrX=oRbmjB=LIsblg6BtI6dYgTR2$$-M%FCnu=-ld}s5%`7*;&^SGal-380KT&Hp
z*8?s}Zeu{0CzHh3B0S=?n!;WMm2)0V##sjbP5_jN?W|=;g&mb65oVd?Dh9XFpCl~m
zeB%$R7S7SRfA^h6;{cX>R!BB~b}nSXHb3!rtD#%H?-+Reh?EZm9W^b&6N<rn5Ua#g
z=L={=rTy46Fj6>Py~yjUK~g)$*TJ=42h4yDdI<;~38lG5<P;cTpsv?G{^M8XsT8`9
zs40aHwL4IV)7C%&CEy}Oq-cjXA6Znzw|h3&X@A@&g1No>RF5`Fp0Y2F6r9w44QPM^
z9LGP)EyY8j+F7oz1;t$nOHi2$!1<g$js%e}MNWRD%`~8|HC_WHq#!^qEvzC@GZ}9i
z2psAv!CcBsD1HN6(@$|a4j6o@WlNoZKk@(N(N1sC@h2y($y6-P1RJYN;*06j3$06}
z^4YA6V*_Xm7`!~c>lwedX*#=T2{~rqTT*zSY(9-%oaoQA*1vis(C*M3l^DKh;mM(>
z^V^Wd-vs8z`T9%JUl09Tnf~LJV}d|zKinDJMRbtKgbJpv7i{<s?==KLE5CU$#N=S*
zl~f@2IFu!HmF&=~81e<HSZpJW`d!Gahw`b$<hLCU@2Wlqmx|bBz6%Gh>Ol`yfhkbV
zI&<h%TxJ6DX}a?aB4_|x2L=>D3E+!GM#rITRu`1E{_~RS@2cNDC2$^mG-ZcBQ#YtQ
zR%Nf+a`58hz-;#OiZUMl35w7Y(#aLk2aZA_bR}7Ku>8z;9qLUy7{S&_6m?$}__cKp
zB*7wXB-1{bKm2L9LSj_K`bPTKH~KC@1?mk4CWT)rb%=FH_d<zfboCeV1IgrsWP-Zo
z4$GlEAS>ual>P7CKUhSKELen*we{@pGWox%nKTBxM~`C2qu&eu0scLCRp-#j<|9WV
zkN7Ex9{nwZ3#>pwhOp26bCmrLrIqG^dK_Xzc)Nf1fIzAJL>Z*u;Sb{rB*;H{(&i8L
zVGFp*lU_$v%YMJre>4xjKLF?<iTSJSJMaB$mW9&pEMQgJW#lY}E@(g419swuPsJ<F
zUwe@v4~ceKLU`Sw3kPi^kW?MjczNJnt+_(EQBN{;sow_hUqxd;5r}|i@R@@ylq0^N
z$gXne!#F~e4TaE?A9#L$;Vh)_r|u9PS|CzXp<+%(d_v=aO8>uWv)}KZK%k8u<&w_4
RKLY-{E2nZRU-p6D{{i+R!-xO?

literal 0
HcmV?d00001

diff --git a/filebeat/docs/modules/o365.asciidoc b/filebeat/docs/modules/o365.asciidoc
new file mode 100644
index 00000000000..05a4f1a7b60
--- /dev/null
+++ b/filebeat/docs/modules/o365.asciidoc
@@ -0,0 +1,226 @@
+////
+This file is generated! See scripts/docs_collector.py
+////
+
+[[filebeat-module-o365]]
+[role="xpack"]
+
+:modulename: o365
+:has-dashboards: true
+
+== Office 365 module
+
+This is a module for Office 365 logs received via one of the Office 365 API
+endpoints. It currently supports user, admin, system, and policy actions and
+events from Office 365 and Azure AD activity logs exposed by the Office 365
+Management Activity API.
+
+The {plugins}/ingest-geoip.html[ingest-geoip] and
+{plugins}/ingest-user-agent.html[ingest-user_agent] Elasticsearch plugins are
+required to run this module.
+
+include::../include/gs-link.asciidoc[]
+
+include::../include/configuring-intro.asciidoc[]
+
+:fileset_ex: audit
+
+include::../include/config-option-intro.asciidoc[]
+
+[float]
+==== `audit` fileset settings
+
+The `audit` fileset uses the Office 365 Management Activity API to retrieve
+audit messages from Office 365 and Azure AD activity logs. These are the same
+logs that are available under _Audit_ _Log_ _Search_ in the _Security_ _and_
+_Compliance_ _Center._
+
+[float]
+===== Setup
+
+To use this fileset you need to https://docs.microsoft.com/en-us/microsoft-365/compliance/turn-audit-log-search-on-or-off?view=o365-worldwide#turn-on-audit-log-search[enable Audit Log Search]
+ and https://docs.microsoft.com/en-us/office/office-365-management-api/get-started-with-office-365-management-apis#register-your-application-in-azure-ad[register an application in Azure AD.]
+
+Once this application is registered note the _Application (client) ID_ and the
+_Directory (tenant) ID._ Then configure the authentication in the _Certificates & Secrets_
+section.
+
+
+Example configuration `o365.yml` using client-secret authentication:
+
+[source,yaml]
+----
+  audit:
+    enabled: true
+    var.application_id: "<My Azure AD Application ID>"
+    var.tenants:
+      - id: "<My Tenant ID>"
+        name: "mytenant.onmicrosoft.com"
+    var.client_secret: "<My client secret>"
+----
+
+Certificate-based authentication is specially useful when monitoring multiple
+tenants. Example configuration:
+
+[source,yaml]
+----
+  audit:
+    enabled: true
+    var.application_id: "<My Azure AD Application ID>"
+    var.tenants:
+      - id: "<Tenant A ID>"
+        name: "tenantA.onmicrosoft.com"
+      - id: "<Tenant B ID>"
+        name: "tenantB.onmicrosoft.com"
+    var.certificate: "/path/to/certificate.pem"
+    var.key: "/path/to/private_key.pem"
+    var.key_passphrase: "my_passphrase" # (optional) for encrypted keys
+----
+
+Finally you need to add permissions in the _API permissions_ section and grant
+it admin consent. Click on _Add permission_ and select
+_Office 365 Management APIs._ The needed permissions are:
+
+- User.Read
+- ActivityFeed.Read
+- ActivityFeed.ReadDlp
+- ServiceHealth.Read
+
+[role="screenshot"]
+image::./images/filebeat-o365-azure-permissions.png[]
+
+Once the required permissions are added, click the _Grant admin consent_ button.
+Note that it can take a while for the required permissions to be in effect, so
+it's possible that you observe some permission errors when running {beatname_uc}
+right away.
+
+[float]
+===== Alternative endpoints
+
+This module supports custom endpoints for on-prem deployments as well as
+alternative endpoints (GCC High endponts, U.S. DoD, European Union, etc). In
+order to point the module to an alternative endpoint, you need to adjust the
+`authentication_endpoint` and `resource` variables accordingly. For example:
+
+[source,yaml]
+----
+    var.api:
+      # default is https://login.microsoftonline.com/
+      authentication_endpoint: https://login.microsoftonline.us/
+      # default is https://manage.office.com
+      resource: https://manage.office365.us
+----
+
+[float]
+===== Configuration options
+
+*`var.application_id`*::
+
+The Application ID (also known as client ID) of the Azure application.
+
+*`var.tenants`*::
+
+A list of one or more tenant IDs and name pairs. Set the `id` field to the
+tenant ID (also known as Directory ID). Set the name to the host name for the
+tenant, that is, the Office 365 domain for your organization.
+
+*`var.client_secret`*::
+
+The client-secret (api_key) used to authenticate your Azure AD application. This
+option cannot be specified at the same time as the `var.certificate` option.
+
+*`var.certificate`*::
+
+Path to the certificate file used for client authentication. This option cannot
+be specified at the same time as the `var.client_secret` option.
+
+*`var.key`*::
+
+Path to the private key file used for client authentication.
+
+*`var.key_passphrase`*::
+
+The passphrase used to decrypt an encrypted key stored in the configured
+`var.key` file. Only set this option when the key is encrypted.
+
+*`var.content_type`*::
+
+The list of content-types to subscribe to. By default, it subscribes to all
+known content-types:
+- Audit.AzureActiveDirectory
+- Audit.Exchange
+- Audit.SharePoint
+- Audit.General
+- DLP.All
+
+
+[float]
+===== Advanced configuration options
+
+The following configuration options are only recomended in case of problems.
+They must be nested under a single `var.api` key, like this:
+
+[source,yaml]
+----
+    var.api:
+      authentication_endpoint: https://login.microsoftonline.com/
+      resource: https://manage.office.com
+      max_retention: 168h
+      poll_interval: 3m
+      max_requests_per_minute: 2000
+      max_query_size: 24h
+----
+
+*`var.api.authentication_endpoint`*::
+
+The authentication endpoint used to authorize the Azure app. This is
+`https://login.microsoftonline.com/` by default, and can be changed to access
+alternative endpoints.
+
+*`var.api.resource`*::
+
+The API resource to retrieve information from. This is
+`https://manage.office.com` by default, and can be changed to access alternative
+endpoints.
+
+*`var.api.max_retention`*::
+
+The maximum data retention period to support. `168h` by default. {beatname_uc}
+will fetch all retained data for a tenant when run for the first time. The
+default is 7 days. Adjust it if your tenant has a different retention period.
+
+*`var.api.poll_interval`*::
+
+The interval to wait before polling the API server for new events. Default `3m`.
+
+*`var.api.max_requests_per_minute`*::
+
+The maximum number of requests to perform per minute, for each tenant. The
+default is `2000`, as this is the server-side limit per tenant.
+
+*`var.api.max_query_size`*::
+
+The maximum time window that API allows in a single query. Defaults to `24h`
+to match Microsoft's documented limit.
+
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard:
+
+[role="screenshot"]
+image::./images/filebeat-o365-audit.png[]
+
+:has-dashboards!:
+
+:fileset_ex!:
+
+:modulename!:
+
+
+[float]
+=== Fields
+
+For a description of each field in the module, see the
+<<exported-fields-o365,exported fields>> section.
+
diff --git a/filebeat/docs/modules_list.asciidoc b/filebeat/docs/modules_list.asciidoc
index f97dff34a0d..bd37f4864c9 100644
--- a/filebeat/docs/modules_list.asciidoc
+++ b/filebeat/docs/modules_list.asciidoc
@@ -29,6 +29,7 @@ This file is generated! See scripts/docs_collector.py
   * <<filebeat-module-nats>>
   * <<filebeat-module-netflow>>
   * <<filebeat-module-nginx>>
+  * <<filebeat-module-o365>>
   * <<filebeat-module-osquery>>
   * <<filebeat-module-panw>>
   * <<filebeat-module-postgresql>>
@@ -70,6 +71,7 @@ include::modules/mysql.asciidoc[]
 include::modules/nats.asciidoc[]
 include::modules/netflow.asciidoc[]
 include::modules/nginx.asciidoc[]
+include::modules/o365.asciidoc[]
 include::modules/osquery.asciidoc[]
 include::modules/panw.asciidoc[]
 include::modules/postgresql.asciidoc[]
diff --git a/x-pack/filebeat/docs/inputs/input-o365audit.asciidoc b/x-pack/filebeat/docs/inputs/input-o365audit.asciidoc
index aa1e5370b28..cca6ed138a4 100644
--- a/x-pack/filebeat/docs/inputs/input-o365audit.asciidoc
+++ b/x-pack/filebeat/docs/inputs/input-o365audit.asciidoc
@@ -23,8 +23,7 @@ This input doesn't perform any transformation on the incoming messages, notably
 no {ecs-ref}/ecs-reference.html[Elastic Common Schema fields] are populated, and
 some data is encoded as arrays of objects, which are difficult to query in
 Elasticsearch. You probably want to use the
-{filebeat-ref}/filebeat-module-o365.html[o365 module] instead.
-// TODO: link to O365 module docs.
+{filebeat-ref}/filebeat-module-o365.html[Office 365 module] instead.
 
 Example configuration:
 
@@ -116,7 +115,7 @@ endpoints.
 
 ===== `api.max_retention`
 
-The maximum data retention period to support. `178h` by default. {beatname_uc}
+The maximum data retention period to support. `168h` by default. {beatname_uc}
 will fetch all retained data for a tenant when run for the first time.
 
 ===== `api.poll_interval`
@@ -132,3 +131,8 @@ default is `2000`, as this is the server-side limit per tenant.
 
 The maximum time window that API allows in a single query. Defaults to `24h`
 to match Microsoft's documented limit.
+
+[id="{beatname_lc}-input-{type}-common-options"]
+include::../../../../filebeat/docs/inputs/input-common-options.asciidoc[]
+
+:type!:
diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml
index 50188721eab..14e217e527e 100644
--- a/x-pack/filebeat/filebeat.reference.yml
+++ b/x-pack/filebeat/filebeat.reference.yml
@@ -695,6 +695,53 @@ filebeat.modules:
   #  # Filebeat will choose the paths depending on your OS.
   #  #var.paths:
 
+#------------------------------ Office 365 Module ------------------------------
+- module: o365
+  audit:
+    enabled: true
+
+    # Set the application_id (also known as client ID):
+    var.application_id: "<MyApplicationID>"
+
+    # Configure the tenants to monitor:
+    # Use the tenant ID (also known as directory ID) and the domain name.
+    # var.tenants:
+    #  - id: "tenant_id_1"
+    #    name: "mydomain.onmicrosoft.com"
+    #  - id: "tenant_id_2"
+    #    name: "mycompany.com"
+    var.tenants:
+     - id: "<MyTenantID>"
+       name: "mytenant.onmicrosoft.com"
+
+    # List of content-types to fetch. By default all known content-types
+    # are retrieved:
+    # var.content_type:
+    #  - "Audit.AzureActiveDirectory"
+    #  - "Audit.Exchange"
+    #  - "Audit.SharePoint"
+    #  - "Audit.General"
+    #  - "DLP.All"
+
+    # Use the following settings to enable certificate-based authentication:
+    # var.certificate: "/path/to/certificate.pem"
+    # var.key: "/path/to/private_key.pem"
+    # var.key_passphrase: "myPrivateKeyPassword"
+
+    # Client-secret based authentication:
+    # Comment the following line if using certificate authentication.
+    var.client_secret: "<YourClientSecretHere>"
+
+    # Advanced settings, use with care:
+    # var.api:
+    #   # Settings for custom endpoints:
+    #   authentication_endpoint: "https://login.microsoftonline.us/"
+    #   resource: "https://manage.office365.us"
+    #
+    #   max_retention: 7d
+    #   max_requests_per_minute: 2000
+    #   poll_interval: 3m
+
 #------------------------------- Osquery Module -------------------------------
 - module: osquery
   result:
diff --git a/x-pack/filebeat/include/list.go b/x-pack/filebeat/include/list.go
index 7970538c0c4..4054ebb3921 100644
--- a/x-pack/filebeat/include/list.go
+++ b/x-pack/filebeat/include/list.go
@@ -28,6 +28,7 @@ import (
 	_ "github.com/elastic/beats/v7/x-pack/filebeat/module/misp"
 	_ "github.com/elastic/beats/v7/x-pack/filebeat/module/mssql"
 	_ "github.com/elastic/beats/v7/x-pack/filebeat/module/netflow"
+	_ "github.com/elastic/beats/v7/x-pack/filebeat/module/o365"
 	_ "github.com/elastic/beats/v7/x-pack/filebeat/module/panw"
 	_ "github.com/elastic/beats/v7/x-pack/filebeat/module/rabbitmq"
 	_ "github.com/elastic/beats/v7/x-pack/filebeat/module/suricata"
diff --git a/x-pack/filebeat/input/o365audit/config.go b/x-pack/filebeat/input/o365audit/config.go
index f30e368a9e2..cb703e61bd1 100644
--- a/x-pack/filebeat/input/o365audit/config.go
+++ b/x-pack/filebeat/input/o365audit/config.go
@@ -6,6 +6,7 @@ package o365audit
 
 import (
 	"fmt"
+	"net/url"
 	"time"
 
 	"github.com/pkg/errors"
@@ -146,6 +147,14 @@ func (c *Config) Validate() (err error) {
 			return errors.Wrap(err, "invalid certificate config")
 		}
 	}
+	c.API.Resource, err = forceURLScheme(c.API.Resource, "https")
+	if err != nil {
+		return errors.Wrapf(err, "resource '%s' is not a valid URL", c.API.Resource)
+	}
+	c.API.AuthenticationEndpoint, err = forceURLScheme(c.API.AuthenticationEndpoint, "https")
+	if err != nil {
+		return errors.Wrapf(err, "authentication_endpoint '%s' is not a valid URL", c.API.AuthenticationEndpoint)
+	}
 	return nil
 }
 
@@ -193,3 +202,20 @@ func (c *Config) NewTokenProvider(tenantID string) (auth.TokenProvider, error) {
 		c.CertificateConfig,
 	)
 }
+
+// Ensures that the passed URL has a scheme, using the provided one if needed.
+// Returns an error is the URL can't be parsed.
+func forceURLScheme(baseURL, scheme string) (urlWithScheme string, err error) {
+	parsed, err := url.Parse(baseURL)
+	if err != nil {
+		return "", err
+	}
+	// Scheme is mandatory
+	if parsed.Scheme == "" {
+		withResource := "https://" + baseURL
+		if parsed, err = url.Parse(withResource); err != nil {
+			return "", err
+		}
+	}
+	return parsed.String(), nil
+}
diff --git a/x-pack/filebeat/module/o365/_meta/config.yml b/x-pack/filebeat/module/o365/_meta/config.yml
new file mode 100644
index 00000000000..8114b404aa4
--- /dev/null
+++ b/x-pack/filebeat/module/o365/_meta/config.yml
@@ -0,0 +1,45 @@
+- module: o365
+  audit:
+    enabled: true
+
+    # Set the application_id (also known as client ID):
+    var.application_id: "<MyApplicationID>"
+
+    # Configure the tenants to monitor:
+    # Use the tenant ID (also known as directory ID) and the domain name.
+    # var.tenants:
+    #  - id: "tenant_id_1"
+    #    name: "mydomain.onmicrosoft.com"
+    #  - id: "tenant_id_2"
+    #    name: "mycompany.com"
+    var.tenants:
+     - id: "<MyTenantID>"
+       name: "mytenant.onmicrosoft.com"
+
+    # List of content-types to fetch. By default all known content-types
+    # are retrieved:
+    # var.content_type:
+    #  - "Audit.AzureActiveDirectory"
+    #  - "Audit.Exchange"
+    #  - "Audit.SharePoint"
+    #  - "Audit.General"
+    #  - "DLP.All"
+
+    # Use the following settings to enable certificate-based authentication:
+    # var.certificate: "/path/to/certificate.pem"
+    # var.key: "/path/to/private_key.pem"
+    # var.key_passphrase: "myPrivateKeyPassword"
+
+    # Client-secret based authentication:
+    # Comment the following line if using certificate authentication.
+    var.client_secret: "<YourClientSecretHere>"
+
+    # Advanced settings, use with care:
+    # var.api:
+    #   # Settings for custom endpoints:
+    #   authentication_endpoint: "https://login.microsoftonline.us/"
+    #   resource: "https://manage.office365.us"
+    #
+    #   max_retention: 7d
+    #   max_requests_per_minute: 2000
+    #   poll_interval: 3m
diff --git a/x-pack/filebeat/module/o365/_meta/docs.asciidoc b/x-pack/filebeat/module/o365/_meta/docs.asciidoc
new file mode 100644
index 00000000000..d2cf4730441
--- /dev/null
+++ b/x-pack/filebeat/module/o365/_meta/docs.asciidoc
@@ -0,0 +1,213 @@
+[role="xpack"]
+
+:modulename: o365
+:has-dashboards: true
+
+== Office 365 module
+
+This is a module for Office 365 logs received via one of the Office 365 API
+endpoints. It currently supports user, admin, system, and policy actions and
+events from Office 365 and Azure AD activity logs exposed by the Office 365
+Management Activity API.
+
+The {plugins}/ingest-geoip.html[ingest-geoip] and
+{plugins}/ingest-user-agent.html[ingest-user_agent] Elasticsearch plugins are
+required to run this module.
+
+include::../include/gs-link.asciidoc[]
+
+include::../include/configuring-intro.asciidoc[]
+
+:fileset_ex: audit
+
+include::../include/config-option-intro.asciidoc[]
+
+[float]
+==== `audit` fileset settings
+
+The `audit` fileset uses the Office 365 Management Activity API to retrieve
+audit messages from Office 365 and Azure AD activity logs. These are the same
+logs that are available under _Audit_ _Log_ _Search_ in the _Security_ _and_
+_Compliance_ _Center._
+
+[float]
+===== Setup
+
+To use this fileset you need to https://docs.microsoft.com/en-us/microsoft-365/compliance/turn-audit-log-search-on-or-off?view=o365-worldwide#turn-on-audit-log-search[enable Audit Log Search]
+ and https://docs.microsoft.com/en-us/office/office-365-management-api/get-started-with-office-365-management-apis#register-your-application-in-azure-ad[register an application in Azure AD.]
+
+Once this application is registered note the _Application (client) ID_ and the
+_Directory (tenant) ID._ Then configure the authentication in the _Certificates & Secrets_
+section.
+
+
+Example configuration `o365.yml` using client-secret authentication:
+
+[source,yaml]
+----
+  audit:
+    enabled: true
+    var.application_id: "<My Azure AD Application ID>"
+    var.tenants:
+      - id: "<My Tenant ID>"
+        name: "mytenant.onmicrosoft.com"
+    var.client_secret: "<My client secret>"
+----
+
+Certificate-based authentication is specially useful when monitoring multiple
+tenants. Example configuration:
+
+[source,yaml]
+----
+  audit:
+    enabled: true
+    var.application_id: "<My Azure AD Application ID>"
+    var.tenants:
+      - id: "<Tenant A ID>"
+        name: "tenantA.onmicrosoft.com"
+      - id: "<Tenant B ID>"
+        name: "tenantB.onmicrosoft.com"
+    var.certificate: "/path/to/certificate.pem"
+    var.key: "/path/to/private_key.pem"
+    var.key_passphrase: "my_passphrase" # (optional) for encrypted keys
+----
+
+Finally you need to add permissions in the _API permissions_ section and grant
+it admin consent. Click on _Add permission_ and select
+_Office 365 Management APIs._ The needed permissions are:
+
+- User.Read
+- ActivityFeed.Read
+- ActivityFeed.ReadDlp
+- ServiceHealth.Read
+
+[role="screenshot"]
+image::./images/filebeat-o365-azure-permissions.png[]
+
+Once the required permissions are added, click the _Grant admin consent_ button.
+Note that it can take a while for the required permissions to be in effect, so
+it's possible that you observe some permission errors when running {beatname_uc}
+right away.
+
+[float]
+===== Alternative endpoints
+
+This module supports custom endpoints for on-prem deployments as well as
+alternative endpoints (GCC High endponts, U.S. DoD, European Union, etc). In
+order to point the module to an alternative endpoint, you need to adjust the
+`authentication_endpoint` and `resource` variables accordingly. For example:
+
+[source,yaml]
+----
+    var.api:
+      # default is https://login.microsoftonline.com/
+      authentication_endpoint: https://login.microsoftonline.us/
+      # default is https://manage.office.com
+      resource: https://manage.office365.us
+----
+
+[float]
+===== Configuration options
+
+*`var.application_id`*::
+
+The Application ID (also known as client ID) of the Azure application.
+
+*`var.tenants`*::
+
+A list of one or more tenant IDs and name pairs. Set the `id` field to the
+tenant ID (also known as Directory ID). Set the name to the host name for the
+tenant, that is, the Office 365 domain for your organization.
+
+*`var.client_secret`*::
+
+The client-secret (api_key) used to authenticate your Azure AD application. This
+option cannot be specified at the same time as the `var.certificate` option.
+
+*`var.certificate`*::
+
+Path to the certificate file used for client authentication. This option cannot
+be specified at the same time as the `var.client_secret` option.
+
+*`var.key`*::
+
+Path to the private key file used for client authentication.
+
+*`var.key_passphrase`*::
+
+The passphrase used to decrypt an encrypted key stored in the configured
+`var.key` file. Only set this option when the key is encrypted.
+
+*`var.content_type`*::
+
+The list of content-types to subscribe to. By default, it subscribes to all
+known content-types:
+- Audit.AzureActiveDirectory
+- Audit.Exchange
+- Audit.SharePoint
+- Audit.General
+- DLP.All
+
+
+[float]
+===== Advanced configuration options
+
+The following configuration options are only recomended in case of problems.
+They must be nested under a single `var.api` key, like this:
+
+[source,yaml]
+----
+    var.api:
+      authentication_endpoint: https://login.microsoftonline.com/
+      resource: https://manage.office.com
+      max_retention: 168h
+      poll_interval: 3m
+      max_requests_per_minute: 2000
+      max_query_size: 24h
+----
+
+*`var.api.authentication_endpoint`*::
+
+The authentication endpoint used to authorize the Azure app. This is
+`https://login.microsoftonline.com/` by default, and can be changed to access
+alternative endpoints.
+
+*`var.api.resource`*::
+
+The API resource to retrieve information from. This is
+`https://manage.office.com` by default, and can be changed to access alternative
+endpoints.
+
+*`var.api.max_retention`*::
+
+The maximum data retention period to support. `168h` by default. {beatname_uc}
+will fetch all retained data for a tenant when run for the first time. The
+default is 7 days. Adjust it if your tenant has a different retention period.
+
+*`var.api.poll_interval`*::
+
+The interval to wait before polling the API server for new events. Default `3m`.
+
+*`var.api.max_requests_per_minute`*::
+
+The maximum number of requests to perform per minute, for each tenant. The
+default is `2000`, as this is the server-side limit per tenant.
+
+*`var.api.max_query_size`*::
+
+The maximum time window that API allows in a single query. Defaults to `24h`
+to match Microsoft's documented limit.
+
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard:
+
+[role="screenshot"]
+image::./images/filebeat-o365-audit.png[]
+
+:has-dashboards!:
+
+:fileset_ex!:
+
+:modulename!:
diff --git a/x-pack/filebeat/module/o365/_meta/fields.yml b/x-pack/filebeat/module/o365/_meta/fields.yml
new file mode 100644
index 00000000000..c97ac480824
--- /dev/null
+++ b/x-pack/filebeat/module/o365/_meta/fields.yml
@@ -0,0 +1,5 @@
+- key: o365
+  title: Office 365
+  description: >
+    Module for handling logs from Office 365.
+  fields:
diff --git a/x-pack/filebeat/module/o365/_meta/kibana/7/dashboard/Filebeat-O365-Audit.json b/x-pack/filebeat/module/o365/_meta/kibana/7/dashboard/Filebeat-O365-Audit.json
new file mode 100644
index 00000000000..16c63c4dbce
--- /dev/null
+++ b/x-pack/filebeat/module/o365/_meta/kibana/7/dashboard/Filebeat-O365-Audit.json
@@ -0,0 +1,1051 @@
+{
+  "objects": [
+    {
+      "attributes": {
+        "description": "Sample dashboard for Office 365 Management Activity events",
+        "hits": 0,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": {
+            "filter": [],
+            "query": {
+              "language": "kuery",
+              "query": ""
+            }
+          }
+        },
+        "optionsJSON": {
+          "hidePanelTitles": false,
+          "useMargins": true
+        },
+        "panelsJSON": [
+          {
+            "embeddableConfig": {
+              "title": "Total audit events"
+            },
+            "gridData": {
+              "h": 6,
+              "i": "b6942e2a-81dc-40e4-a932-8b7a864b28bc",
+              "w": 10,
+              "x": 0,
+              "y": 0
+            },
+            "panelIndex": "b6942e2a-81dc-40e4-a932-8b7a864b28bc",
+            "panelRefName": "panel_0",
+            "title": "Total audit events",
+            "version": "7.6.0"
+          },
+          {
+            "embeddableConfig": {
+              "title": "Event histogram by service"
+            },
+            "gridData": {
+              "h": 14,
+              "i": "9673e6df-4b1e-4771-b1c6-c41c9bfc7272",
+              "w": 38,
+              "x": 10,
+              "y": 0
+            },
+            "panelIndex": "9673e6df-4b1e-4771-b1c6-c41c9bfc7272",
+            "panelRefName": "panel_1",
+            "title": "Event histogram by service",
+            "version": "7.6.0"
+          },
+          {
+            "embeddableConfig": {
+              "colors": {
+                "alert": "#EF843C",
+                "event": "#7EB26D"
+              },
+              "legendOpen": true,
+              "title": "Events by type",
+              "vis": {
+                "colors": {
+                  "alert": "#E24D42",
+                  "event": "#7EB26D"
+                },
+                "legendOpen": true
+              }
+            },
+            "gridData": {
+              "h": 8,
+              "i": "70ab7239-c65c-41da-8242-da61750745d7",
+              "w": 10,
+              "x": 0,
+              "y": 6
+            },
+            "panelIndex": "70ab7239-c65c-41da-8242-da61750745d7",
+            "panelRefName": "panel_2",
+            "title": "Events by type",
+            "version": "7.6.0"
+          },
+          {
+            "embeddableConfig": {
+              "colors": {
+                "failure": "#E24D42",
+                "success": "#629E51"
+              },
+              "legendOpen": false,
+              "title": "Top users by authentication failures",
+              "vis": {
+                "colors": {
+                  "failure": "#E24D42",
+                  "success": "#629E51"
+                },
+                "legendOpen": true
+              }
+            },
+            "gridData": {
+              "h": 17,
+              "i": "775ced7d-7c58-44bc-8d4e-2a757d2c218c",
+              "w": 10,
+              "x": 0,
+              "y": 14
+            },
+            "panelIndex": "775ced7d-7c58-44bc-8d4e-2a757d2c218c",
+            "panelRefName": "panel_3",
+            "title": "Top users by authentication failures",
+            "version": "7.6.0"
+          },
+          {
+            "embeddableConfig": {
+              "hiddenLayers": [],
+              "isLayerTOCOpen": false,
+              "mapCenter": {
+                "lat": 42.68781,
+                "lon": -48.94209,
+                "zoom": 1.88
+              },
+              "openTOCDetails": [],
+              "title": "Client geolocation map"
+            },
+            "gridData": {
+              "h": 17,
+              "i": "15fe975b-6b8b-4445-872d-e06c041e2c31",
+              "w": 38,
+              "x": 10,
+              "y": 14
+            },
+            "panelIndex": "15fe975b-6b8b-4445-872d-e06c041e2c31",
+            "panelRefName": "panel_4",
+            "title": "Client geolocation map",
+            "version": "7.6.0"
+          },
+          {
+            "embeddableConfig": {
+              "title": "Data Loss Prevention alerts"
+            },
+            "gridData": {
+              "h": 13,
+              "i": "481f1778-caad-4971-b598-bb61c94bf998",
+              "w": 48,
+              "x": 0,
+              "y": 31
+            },
+            "panelIndex": "481f1778-caad-4971-b598-bb61c94bf998",
+            "panelRefName": "panel_5",
+            "title": "Data Loss Prevention alerts",
+            "version": "7.6.0"
+          }
+        ],
+        "timeRestore": false,
+        "title": "[Filebeat o365] Audit Dashboard ECS",
+        "version": 1
+      },
+      "id": "712e2c00-685d-11ea-8d6a-292ef5d68366",
+      "migrationVersion": {
+        "dashboard": "7.3.0"
+      },
+      "references": [
+        {
+          "id": "0be1adb0-6860-11ea-8d6a-292ef5d68366",
+          "name": "panel_0",
+          "type": "visualization"
+        },
+        {
+          "id": "8b033510-685a-11ea-8d6a-292ef5d68366",
+          "name": "panel_1",
+          "type": "visualization"
+        },
+        {
+          "id": "d43c95a0-6864-11ea-8d6a-292ef5d68366",
+          "name": "panel_2",
+          "type": "visualization"
+        },
+        {
+          "id": "897d0c70-6869-11ea-8d6a-292ef5d68366",
+          "name": "panel_3",
+          "type": "visualization"
+        },
+        {
+          "id": "dbae13c0-685c-11ea-8d6a-292ef5d68366",
+          "name": "panel_4",
+          "type": "map"
+        },
+        {
+          "id": "8b8e5a10-6886-11ea-8d6a-292ef5d68366",
+          "name": "panel_5",
+          "type": "search"
+        }
+      ],
+      "type": "dashboard",
+      "updated_at": "2020-03-17T19:40:51.528Z",
+      "version": "WzY3MywyXQ=="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": {}
+        },
+        "savedSearchRefName": "search_0",
+        "title": "Audit Event Count [Filebeat o365]",
+        "uiStateJSON": {},
+        "version": 1,
+        "visState": {
+          "aggs": [
+            {
+              "enabled": true,
+              "id": "1",
+              "params": {},
+              "schema": "metric",
+              "type": "count"
+            }
+          ],
+          "params": {
+            "addLegend": false,
+            "addTooltip": true,
+            "dimensions": {
+              "metrics": [
+                {
+                  "accessor": 0,
+                  "format": {
+                    "id": "number",
+                    "params": {}
+                  },
+                  "type": "vis_dimension"
+                }
+              ]
+            },
+            "metric": {
+              "colorSchema": "Green to Red",
+              "colorsRange": [
+                {
+                  "from": 0,
+                  "to": 10000,
+                  "type": "range"
+                }
+              ],
+              "invertColors": false,
+              "labels": {
+                "show": true
+              },
+              "metricColorMode": "None",
+              "percentageMode": false,
+              "style": {
+                "bgColor": false,
+                "bgFill": "#000",
+                "fontSize": 40,
+                "labelColor": false,
+                "subText": ""
+              },
+              "useRanges": false
+            },
+            "type": "metric"
+          },
+          "title": "Audit Event Count [Filebeat o365]",
+          "type": "metric"
+        }
+      },
+      "id": "0be1adb0-6860-11ea-8d6a-292ef5d68366",
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      },
+      "references": [
+        {
+          "id": "fdc14020-6859-11ea-8d6a-292ef5d68366",
+          "name": "search_0",
+          "type": "search"
+        }
+      ],
+      "type": "visualization",
+      "updated_at": "2020-03-17T15:42:14.802Z",
+      "version": "WzU5OCwxXQ=="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": {}
+        },
+        "savedSearchRefName": "search_0",
+        "title": "Events Histogram [Filebeat o365]",
+        "uiStateJSON": {},
+        "version": 1,
+        "visState": {
+          "aggs": [
+            {
+              "enabled": true,
+              "id": "1",
+              "params": {},
+              "schema": "metric",
+              "type": "count"
+            },
+            {
+              "enabled": true,
+              "id": "2",
+              "params": {
+                "field": "event.code",
+                "missingBucket": false,
+                "missingBucketLabel": "Missing",
+                "order": "desc",
+                "orderBy": "1",
+                "otherBucket": true,
+                "otherBucketLabel": "Other",
+                "size": 50
+              },
+              "schema": "group",
+              "type": "terms"
+            },
+            {
+              "enabled": true,
+              "id": "3",
+              "params": {
+                "drop_partials": false,
+                "extended_bounds": {},
+                "field": "@timestamp",
+                "interval": "auto",
+                "min_doc_count": 1,
+                "scaleMetricValues": false,
+                "timeRange": {
+                  "from": "2020-02-05T03:25:59.045Z",
+                  "to": "2020-02-29T10:59:01.067Z"
+                },
+                "useNormalizedEsInterval": true
+              },
+              "schema": "segment",
+              "type": "date_histogram"
+            }
+          ],
+          "params": {
+            "addLegend": true,
+            "addTimeMarker": false,
+            "addTooltip": true,
+            "categoryAxes": [
+              {
+                "id": "CategoryAxis-1",
+                "labels": {
+                  "filter": true,
+                  "show": true,
+                  "truncate": 100
+                },
+                "position": "bottom",
+                "scale": {
+                  "type": "linear"
+                },
+                "show": true,
+                "style": {},
+                "title": {},
+                "type": "category"
+              }
+            ],
+            "dimensions": {
+              "series": [
+                {
+                  "accessor": 0,
+                  "aggType": "terms",
+                  "format": {
+                    "id": "terms",
+                    "params": {
+                      "id": "string",
+                      "missingBucketLabel": "Missing",
+                      "otherBucketLabel": "Other",
+                      "parsedUrl": {
+                        "basePath": "",
+                        "origin": "http://localhost:5601",
+                        "pathname": "/app/kibana"
+                      }
+                    }
+                  },
+                  "label": "event.code: Descending",
+                  "params": {}
+                }
+              ],
+              "x": {
+                "accessor": 1,
+                "aggType": "date_histogram",
+                "format": {
+                  "id": "date",
+                  "params": {
+                    "pattern": "YYYY-MM-DD HH:mm"
+                  }
+                },
+                "label": "@timestamp per 12 hours",
+                "params": {
+                  "bounds": {
+                    "max": "2020-02-29T10:59:01.067Z",
+                    "min": "2020-02-05T03:25:59.045Z"
+                  },
+                  "date": true,
+                  "format": "YYYY-MM-DD HH:mm",
+                  "interval": "PT12H",
+                  "intervalESUnit": "h",
+                  "intervalESValue": 12
+                }
+              },
+              "y": [
+                {
+                  "accessor": 2,
+                  "aggType": "count",
+                  "format": {
+                    "id": "number"
+                  },
+                  "label": "Count",
+                  "params": {}
+                }
+              ]
+            },
+            "grid": {
+              "categoryLines": false
+            },
+            "labels": {
+              "show": false
+            },
+            "legendPosition": "right",
+            "seriesParams": [
+              {
+                "data": {
+                  "id": "1",
+                  "label": "Count"
+                },
+                "drawLinesBetweenPoints": true,
+                "lineWidth": 2,
+                "mode": "stacked",
+                "show": true,
+                "showCircles": true,
+                "type": "histogram",
+                "valueAxis": "ValueAxis-1"
+              }
+            ],
+            "thresholdLine": {
+              "color": "#E7664C",
+              "show": false,
+              "style": "full",
+              "value": 10,
+              "width": 1
+            },
+            "times": [],
+            "type": "histogram",
+            "valueAxes": [
+              {
+                "id": "ValueAxis-1",
+                "labels": {
+                  "filter": false,
+                  "rotate": 0,
+                  "show": true,
+                  "truncate": 100
+                },
+                "name": "LeftAxis-1",
+                "position": "left",
+                "scale": {
+                  "mode": "normal",
+                  "type": "linear"
+                },
+                "show": true,
+                "style": {},
+                "title": {
+                  "text": "Count"
+                },
+                "type": "value"
+              }
+            ]
+          },
+          "title": "Events Histogram [Filebeat o365]",
+          "type": "histogram"
+        }
+      },
+      "id": "8b033510-685a-11ea-8d6a-292ef5d68366",
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      },
+      "references": [
+        {
+          "id": "fdc14020-6859-11ea-8d6a-292ef5d68366",
+          "name": "search_0",
+          "type": "search"
+        }
+      ],
+      "type": "visualization",
+      "updated_at": "2020-03-17T14:21:07.680Z",
+      "version": "WzU3MSwxXQ=="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": {}
+        },
+        "savedSearchRefName": "search_0",
+        "title": "Audit Event Type [Filebeat o365]",
+        "uiStateJSON": {},
+        "version": 1,
+        "visState": {
+          "aggs": [
+            {
+              "enabled": true,
+              "id": "1",
+              "params": {},
+              "schema": "metric",
+              "type": "count"
+            },
+            {
+              "enabled": true,
+              "id": "2",
+              "params": {
+                "field": "event.kind",
+                "missingBucket": true,
+                "missingBucketLabel": "Missing",
+                "order": "desc",
+                "orderBy": "1",
+                "otherBucket": true,
+                "otherBucketLabel": "Other",
+                "size": 5
+              },
+              "schema": "segment",
+              "type": "terms"
+            }
+          ],
+          "params": {
+            "addLegend": true,
+            "addTooltip": true,
+            "dimensions": {
+              "metric": {
+                "accessor": 0,
+                "aggType": "count",
+                "format": {
+                  "id": "number"
+                },
+                "label": "Count",
+                "params": {}
+              }
+            },
+            "isDonut": true,
+            "labels": {
+              "last_level": true,
+              "show": false,
+              "truncate": 100,
+              "values": true
+            },
+            "legendPosition": "right",
+            "type": "pie"
+          },
+          "title": "Audit Event Type [Filebeat o365]",
+          "type": "pie"
+        }
+      },
+      "id": "d43c95a0-6864-11ea-8d6a-292ef5d68366",
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      },
+      "references": [
+        {
+          "id": "fdc14020-6859-11ea-8d6a-292ef5d68366",
+          "name": "search_0",
+          "type": "search"
+        }
+      ],
+      "type": "visualization",
+      "updated_at": "2020-03-17T15:34:45.498Z",
+      "version": "WzU5NiwxXQ=="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": {
+            "filter": [
+              {
+                "$state": {
+                  "store": "appState"
+                },
+                "meta": {
+                  "alias": null,
+                  "disabled": false,
+                  "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+                  "key": "event.category",
+                  "negate": false,
+                  "params": {
+                    "query": "authentication"
+                  },
+                  "type": "phrase"
+                },
+                "query": {
+                  "match_phrase": {
+                    "event.category": "authentication"
+                  }
+                }
+              }
+            ],
+            "query": {
+              "language": "kuery",
+              "query": ""
+            }
+          }
+        },
+        "savedSearchRefName": "search_0",
+        "title": "Top Authentication Failures [Filebeat o365]",
+        "uiStateJSON": {
+          "vis": {
+            "colors": {
+              "failure": "#E24D42",
+              "success": "#629E51"
+            },
+            "legendOpen": true
+          }
+        },
+        "version": 1,
+        "visState": {
+          "aggs": [
+            {
+              "enabled": true,
+              "id": "1",
+              "params": {
+                "customLabel": ""
+              },
+              "schema": "metric",
+              "type": "count"
+            },
+            {
+              "enabled": true,
+              "id": "3",
+              "params": {
+                "field": "event.outcome",
+                "missingBucket": false,
+                "missingBucketLabel": "Missing",
+                "order": "asc",
+                "orderBy": "_key",
+                "otherBucket": false,
+                "otherBucketLabel": "Other",
+                "size": 2
+              },
+              "schema": "group",
+              "type": "terms"
+            },
+            {
+              "enabled": true,
+              "id": "2",
+              "params": {
+                "field": "user.name",
+                "missingBucket": false,
+                "missingBucketLabel": "Missing",
+                "order": "desc",
+                "orderBy": "1",
+                "otherBucket": false,
+                "otherBucketLabel": "Other",
+                "row": true,
+                "size": 15
+              },
+              "schema": "split",
+              "type": "terms"
+            }
+          ],
+          "params": {
+            "addLegend": true,
+            "addTimeMarker": false,
+            "addTooltip": true,
+            "categoryAxes": [
+              {
+                "id": "CategoryAxis-1",
+                "labels": {
+                  "filter": false,
+                  "rotate": 0,
+                  "show": true,
+                  "truncate": 200
+                },
+                "position": "left",
+                "scale": {
+                  "type": "linear"
+                },
+                "show": false,
+                "style": {},
+                "title": {},
+                "type": "category"
+              }
+            ],
+            "dimensions": {
+              "series": [
+                {
+                  "accessor": 0,
+                  "aggType": "terms",
+                  "format": {
+                    "id": "terms",
+                    "params": {
+                      "id": "string",
+                      "missingBucketLabel": "Missing",
+                      "otherBucketLabel": "Other",
+                      "parsedUrl": {
+                        "basePath": "",
+                        "origin": "http://localhost:5601",
+                        "pathname": "/app/kibana"
+                      }
+                    }
+                  },
+                  "label": "event.outcome: Ascending",
+                  "params": {}
+                }
+              ],
+              "splitRow": [
+                {
+                  "accessor": 1,
+                  "aggType": "terms",
+                  "format": {
+                    "id": "terms",
+                    "params": {
+                      "id": "string",
+                      "missingBucketLabel": "Missing",
+                      "otherBucketLabel": "Other",
+                      "parsedUrl": {
+                        "basePath": "",
+                        "origin": "http://localhost:5601",
+                        "pathname": "/app/kibana"
+                      }
+                    }
+                  },
+                  "label": "user.name: Descending",
+                  "params": {}
+                }
+              ],
+              "x": null,
+              "y": [
+                {
+                  "accessor": 2,
+                  "aggType": "count",
+                  "format": {
+                    "id": "number"
+                  },
+                  "label": "Count",
+                  "params": {}
+                }
+              ]
+            },
+            "grid": {
+              "categoryLines": false,
+              "valueAxis": ""
+            },
+            "labels": {
+              "show": true
+            },
+            "legendPosition": "bottom",
+            "orderBucketsBySum": true,
+            "seriesParams": [
+              {
+                "data": {
+                  "id": "1",
+                  "label": "Count"
+                },
+                "drawLinesBetweenPoints": true,
+                "lineWidth": 2,
+                "mode": "stacked",
+                "show": true,
+                "showCircles": true,
+                "type": "histogram",
+                "valueAxis": "ValueAxis-1"
+              }
+            ],
+            "thresholdLine": {
+              "color": "#E7664C",
+              "show": false,
+              "style": "full",
+              "value": 10,
+              "width": 1
+            },
+            "times": [],
+            "type": "histogram",
+            "valueAxes": [
+              {
+                "id": "ValueAxis-1",
+                "labels": {
+                  "filter": true,
+                  "rotate": 75,
+                  "show": false,
+                  "truncate": 100
+                },
+                "name": "LeftAxis-1",
+                "position": "bottom",
+                "scale": {
+                  "mode": "normal",
+                  "type": "linear"
+                },
+                "show": false,
+                "style": {},
+                "title": {
+                  "text": "Count"
+                },
+                "type": "value"
+              }
+            ]
+          },
+          "title": "Top Authentication Failures [Filebeat o365]",
+          "type": "horizontal_bar"
+        }
+      },
+      "id": "897d0c70-6869-11ea-8d6a-292ef5d68366",
+      "migrationVersion": {
+        "visualization": "7.4.2"
+      },
+      "references": [
+        {
+          "id": "filebeat-*",
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+          "type": "index-pattern"
+        },
+        {
+          "id": "fdc14020-6859-11ea-8d6a-292ef5d68366",
+          "name": "search_0",
+          "type": "search"
+        }
+      ],
+      "type": "visualization",
+      "updated_at": "2020-03-17T17:33:41.990Z",
+      "version": "WzYwOCwxXQ=="
+    },
+    {
+      "attributes": {
+        "bounds": {
+          "coordinates": [
+            [
+              [
+                -52.43037,
+                65.94892
+              ],
+              [
+                -52.43037,
+                -22.98633
+              ],
+              [
+                85.77811,
+                -22.98633
+              ],
+              [
+                85.77811,
+                65.94892
+              ],
+              [
+                -52.43037,
+                65.94892
+              ]
+            ]
+          ],
+          "type": "Polygon"
+        },
+        "description": "",
+        "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"0b910b6c-77c8-4223-892a-1ebf69b0ccb4\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"type\":\"ES_GEO_GRID\",\"id\":\"3ba31ffc-7051-44bf-96a0-a684020cd2a3\",\"geoField\":\"source.geo.location\",\"requestType\":\"point\",\"resolution\":\"FINE\",\"applyGlobalQuery\":true,\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFF\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":0}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":8,\"maxSize\":32,\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"}}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbol\":{\"options\":{\"symbolizeAs\":\"circle\",\"symbolId\":\"airfield\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"acc53b7b-3411-406b-9371-6fa62b6b9365\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\"}]",
+        "mapStateJSON": "{\"zoom\":2.88,\"center\":{\"lon\":16.67387,\"lat\":30.87292},\"timeFilters\":{\"from\":\"2020-02-05T03:25:59.045Z\",\"to\":\"2020-02-29T10:59:01.067Z\"},\"refreshConfig\":{\"isPaused\":false,\"interval\":0},\"query\":{\"query\":\"event.dataset:\\\"o365.audit\\\" \",\"language\":\"kuery\"},\"filters\":[]}",
+        "title": "Client Geo Map [Filebeat o365 audit]",
+        "uiStateJSON": {
+          "isLayerTOCOpen": true,
+          "openTOCDetails": []
+        }
+      },
+      "id": "dbae13c0-685c-11ea-8d6a-292ef5d68366",
+      "migrationVersion": {
+        "map": "7.6.0"
+      },
+      "references": [
+        {
+          "id": "filebeat-*",
+          "name": "layer_1_source_index_pattern",
+          "type": "index-pattern"
+        }
+      ],
+      "type": "map",
+      "updated_at": "2020-03-17T14:45:09.571Z",
+      "version": "WzU4NCwxXQ=="
+    },
+    {
+      "attributes": {
+        "columns": [
+          "event.category",
+          "event.type",
+          "event.action",
+          "event.outcome",
+          "user.name",
+          "file.name",
+          "rule.name"
+        ],
+        "description": "",
+        "hits": 0,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": {
+            "filter": [
+              {
+                "$state": {
+                  "store": "appState"
+                },
+                "meta": {
+                  "alias": null,
+                  "disabled": false,
+                  "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+                  "key": "event.dataset",
+                  "negate": false,
+                  "params": {
+                    "query": "o365.audit"
+                  },
+                  "type": "phrase"
+                },
+                "query": {
+                  "match_phrase": {
+                    "event.dataset": "o365.audit"
+                  }
+                }
+              },
+              {
+                "$state": {
+                  "store": "appState"
+                },
+                "meta": {
+                  "alias": null,
+                  "disabled": false,
+                  "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
+                  "key": "event.kind",
+                  "negate": false,
+                  "params": {
+                    "query": "alert"
+                  },
+                  "type": "phrase"
+                },
+                "query": {
+                  "match_phrase": {
+                    "event.kind": "alert"
+                  }
+                }
+              },
+              {
+                "$state": {
+                  "store": "appState"
+                },
+                "meta": {
+                  "alias": null,
+                  "disabled": false,
+                  "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index",
+                  "key": "event.code",
+                  "negate": false,
+                  "params": [
+                    "ComplianceDLPSharePoint",
+                    "ComplianceDLPExchange"
+                  ],
+                  "type": "phrases",
+                  "value": "ComplianceDLPSharePoint, ComplianceDLPExchange"
+                },
+                "query": {
+                  "bool": {
+                    "minimum_should_match": 1,
+                    "should": [
+                      {
+                        "match_phrase": {
+                          "event.code": "ComplianceDLPSharePoint"
+                        }
+                      },
+                      {
+                        "match_phrase": {
+                          "event.code": "ComplianceDLPExchange"
+                        }
+                      }
+                    ]
+                  }
+                }
+              }
+            ],
+            "highlightAll": true,
+            "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+            "query": {
+              "language": "kuery",
+              "query": ""
+            },
+            "version": true
+          }
+        },
+        "sort": [
+          [
+            "@timestamp",
+            "desc"
+          ]
+        ],
+        "title": "Data Loss Prevention [Filebeat o365]",
+        "version": 1
+      },
+      "id": "8b8e5a10-6886-11ea-8d6a-292ef5d68366",
+      "migrationVersion": {
+        "search": "7.4.0"
+      },
+      "references": [
+        {
+          "id": "filebeat-*",
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
+          "type": "index-pattern"
+        },
+        {
+          "id": "filebeat-*",
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index",
+          "type": "index-pattern"
+        }
+      ],
+      "type": "search",
+      "updated_at": "2020-03-17T19:36:06.449Z",
+      "version": "WzY3MCwyXQ=="
+    },
+    {
+      "attributes": {
+        "columns": [
+          "_source"
+        ],
+        "description": "",
+        "hits": 0,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": {
+            "filter": [],
+            "highlightAll": true,
+            "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
+            "query": {
+              "language": "kuery",
+              "query": "event.dataset:\"o365.audit\" "
+            },
+            "version": true
+          }
+        },
+        "sort": [
+          [
+            "@timestamp",
+            "desc"
+          ]
+        ],
+        "title": "Audit Events [Filebeat O365]",
+        "version": 1
+      },
+      "id": "fdc14020-6859-11ea-8d6a-292ef5d68366",
+      "migrationVersion": {
+        "search": "7.4.0"
+      },
+      "references": [
+        {
+          "id": "filebeat-*",
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern"
+        }
+      ],
+      "type": "search",
+      "updated_at": "2020-03-17T14:17:10.688Z",
+      "version": "WzU2OSwxXQ=="
+    }
+  ],
+  "version": "7.6.0"
+}
diff --git a/x-pack/filebeat/module/o365/audit/_meta/fields.yml b/x-pack/filebeat/module/o365/audit/_meta/fields.yml
new file mode 100644
index 00000000000..7d3311fb20c
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/_meta/fields.yml
@@ -0,0 +1,294 @@
+  - name: o365.audit
+    type: group
+    default_field: false
+    description: >
+      Fields from Office 365 Management API audit logs.
+    fields:
+    - name: Actor
+      type: array
+      fields:
+      - name: ID
+        type: keyword
+
+      - name: Type
+        type: keyword
+
+    - name: ActorContextId
+      type: keyword
+
+    - name: ActorIpAddress
+      type: keyword
+
+    - name: ActorUserId
+      type: keyword
+
+    - name: ActorYammerUserId
+      type: keyword
+
+    - name: AlertEntityId
+      type: keyword
+
+    - name: AlertId
+      type: keyword
+
+    - name: AlertLinks
+      type: array
+
+    - name: AlertType
+      type: keyword
+
+    - name: AppId
+      type: keyword
+
+    - name: ApplicationDisplayName
+      type: keyword
+
+    - name: ApplicationId
+      type: keyword
+
+    - name: AzureActiveDirectoryEventType
+      type: keyword
+
+    - name: ExchangeMetaData.*
+      type: object
+
+    - name: Category
+      type: keyword
+
+    - name: ClientAppId
+      type: keyword
+
+    - name: ClientInfoString
+      type: keyword
+
+    - name: ClientIP
+      type: keyword
+
+    - name: ClientIPAddress
+      type: keyword
+
+    - name: Comments
+      type: text
+      norms: false
+
+    - name: CorrelationId
+      type: keyword
+
+    - name: CreationTime
+      type: keyword
+
+    - name: CustomUniqueId
+      type: keyword
+
+    - name: Data
+      type: keyword
+
+    - name: DataType
+      type: keyword
+
+    - name: EntityType
+      type: keyword
+
+    - name: EventData
+      type: keyword
+
+    - name: EventSource
+      type: keyword
+
+    - name: ExceptionInfo.*
+      type: object
+
+    - name: ExtendedProperties.*
+      type: object
+
+    - name: ExternalAccess
+      type: keyword
+
+    - name: GroupName
+      type: keyword
+
+    - name: Id
+      type: keyword
+
+    - name: ImplicitShare
+      type: keyword
+
+    - name: IncidentId
+      type: keyword
+
+    - name: InternalLogonType
+      type: keyword
+
+    - name: InterSystemsId
+      type: keyword
+
+    - name: IntraSystemId
+      type: keyword
+
+    - name: Item.*
+      type: object
+
+    - name: Item.*.*
+      type: object
+
+    - name: ItemName
+      type: keyword
+
+    - name: ItemType
+      type: keyword
+
+    - name: ListId
+      type: keyword
+
+    - name: ListItemUniqueId
+      type: keyword
+
+    - name: LogonError
+      type: keyword
+
+    - name: LogonType
+      type: keyword
+
+    - name: LogonUserSid
+      type: keyword
+
+    - name: MailboxGuid
+      type: keyword
+
+    - name: MailboxOwnerMasterAccountSid
+      type: keyword
+
+    - name: MailboxOwnerSid
+      type: keyword
+
+    - name: MailboxOwnerUPN
+      type: keyword
+
+    - name: Members
+      type: array
+
+    - name: Members.*
+      type: object
+
+    - name: ModifiedProperties.*.*
+      type: object
+
+    - name: Name
+      type: keyword
+
+    - name: ObjectId
+      type: keyword
+
+    - name: Operation
+      type: keyword
+
+    - name: OrganizationId
+      type: keyword
+
+    - name: OrganizationName
+      type: keyword
+
+    - name: OriginatingServer
+      type: keyword
+
+    - name: Parameters.*
+      type: object
+
+    - name: PolicyDetails
+      type: array
+
+    - name: PolicyId
+      type: keyword
+
+    - name: RecordType
+      type: keyword
+
+    - name: ResultStatus
+      type: keyword
+
+    - name: SensitiveInfoDetectionIsIncluded
+      type: keyword
+
+    - name: SharePointMetaData.*
+      type: object
+
+    - name: SessionId
+      type: keyword
+
+    - name: Severity
+      type: keyword
+
+    - name: Site
+      type: keyword
+
+    - name: SiteUrl
+      type: keyword
+
+    - name: Source
+      type: keyword
+
+    - name: SourceFileExtension
+      type: keyword
+
+    - name: SourceFileName
+      type: keyword
+
+    - name: SourceRelativeUrl
+      type: keyword
+
+    - name: Status
+      type: keyword
+
+    - name: SupportTicketId
+      type: keyword
+
+    - name: Target
+      type: array
+      fields:
+      - name: ID
+        type: keyword
+
+      - name: Type
+        type: keyword
+
+    - name: TargetContextId
+      type: keyword
+
+    - name: TargetUserOrGroupName
+      type: keyword
+
+    - name: TargetUserOrGroupType
+      type: keyword
+
+    - name: TeamName
+      type: keyword
+
+    - name: TeamGuid
+      type: keyword
+
+    - name: UniqueSharingId
+      type: keyword
+
+    - name: UserAgent
+      type: keyword
+
+    - name: UserId
+      type: keyword
+
+    - name: UserKey
+      type: keyword
+
+    - name: UserType
+      type: keyword
+
+    - name: Version
+      type: keyword
+
+    - name: WebId
+      type: keyword
+
+    - name: Workload
+      type: keyword
+
+    - name: YammerNetworkId
+      type: keyword
diff --git a/x-pack/filebeat/module/o365/audit/config/input.yml b/x-pack/filebeat/module/o365/audit/config/input.yml
new file mode 100644
index 00000000000..93fe560ddc5
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/config/input.yml
@@ -0,0 +1,62 @@
+{{ if eq .input "o365audit" }}
+
+type: o365audit
+{{ if .application_id }}application_id: {{ .application_id }}{{ end }}
+tenant_id:
+{{ range .tenants }}
+ - {{ .id }}
+{{ end }}
+{{ if .certificate }}certificate: {{ .certificate }}{{ end }}
+{{ if .key }}key: {{ .key }}{{ end }}
+{{ if .key_passphrase }}key_passphrase: {{ .key_passphrase }}{{ end }}
+{{ if .client_secret }}client_secret: {{ .client_secret }}{{ end }}
+{{ if eq "string" (printf "%T" .content_type) }}
+content_type: {{ .content_type }}
+{{ else }}
+content_type:
+{{ range .content_type }}
+ - {{ . }}
+{{ end }}
+{{ end }}
+{{ if .api }}
+api:
+{{ range $k, $v := .api }}
+ - {{ $k }}: {{ $v -}}
+{{ end }}
+{{ end }}
+
+{{ else if eq .input "file" }}
+
+type: log
+paths:
+{{ range .paths }}
+ - {{ . }}
+{{ end }}
+exclude_files: [".gz$"]
+json.add_error_key: true
+
+{{ end }}
+
+processors:
+{{ if eq .input "file" }}
+  - rename:
+     fields:
+      - from: json
+        to: o365audit
+  - timestamp:
+      field: o365audit.CreationTime
+      layouts:
+        - 2006-01-02T15:04:05
+{{ end }}
+  - script:
+      lang: javascript
+      id: o365audit_script
+      file: ${path.home}/module/o365/audit/config/pipeline.js
+      params:
+        debug: false
+        tenants:
+          {{ range .tenants }}
+          - id: "{{ .id }}"
+            name: "{{ .name }}"
+          {{ end }}
+
diff --git a/x-pack/filebeat/module/o365/audit/config/pipeline.js b/x-pack/filebeat/module/o365/audit/config/pipeline.js
new file mode 100644
index 00000000000..679330a494b
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/config/pipeline.js
@@ -0,0 +1,852 @@
+// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+// or more contributor license agreements. Licensed under the Elastic License;
+// you may not use this file except in compliance with the Elastic License.
+
+var processor = require("processor");
+var console   = require("console");
+
+// PipelineBuilder to aid debugging of pipelines during development.
+function PipelineBuilder(pipelineName, debug) {
+    this.pipeline = new processor.Chain();
+    this.add = function (processor) {
+        this.pipeline = this.pipeline.Add(processor);
+    };
+    this.Add = function (name, processor) {
+        this.add(processor);
+        if (debug) {
+            this.add(makeLogEvent("after " + pipelineName + "/" + name));
+        }
+    };
+    this.Build = function () {
+        if (debug) {
+            this.add(makeLogEvent(pipelineName + "processing done"));
+        }
+        return this.pipeline.Build();
+    };
+    if (debug) {
+        this.add(makeLogEvent(pipelineName + ": begin processing event"));
+    }
+}
+
+function appendFields(options) {
+    return function(evt) {
+        options.fields.forEach(function (key) {
+            var value = evt.Get(key);
+            if (value != null) evt.AppendTo(options.to, value);
+        });
+    }
+}
+
+// logEvent(msg)
+//
+// Processor that logs the current value of evt to console.debug.
+function makeLogEvent(msg) {
+    return function (evt) {
+        console.debug(msg + " :" +  JSON.stringify(evt, null, 4));
+    };
+}
+
+// makeConditional({condition:expr, result1:processor|expr, [...]})
+//
+// Processor that selects which processor to run depending on the result of
+// evaluating a _condition_. Result can be boolean (if-else equivalent) or any
+// other value (switch equivalent). Unspecified values are a no-op.
+function makeConditional(options) {
+    return function (evt) {
+        var branch = options[options.condition(evt)] || function(evt){};
+        return (typeof branch === "function" ? branch : branch.Run)(evt);
+    };
+}
+
+// makeMapper({from:field, to:field, default:value mappings:{orig: new, [...]}})
+//
+// Processor that sets the `to` field by mapping of `from` field's value.
+function makeMapper(options) {
+    return function (evt) {
+        var key = evt.Get(options.from);
+        if (key == null && options.skip_missing) return;
+        if (options.lowercase && typeof key == "string") {
+            key = key.toLowerCase();
+        }
+        var value = options.default;
+        if (key in options.mappings) {
+            value = options.mappings[key];
+        } else if (typeof value === "function") {
+            value = value(key);
+        }
+        if (value != null) {
+            evt.Put(options.to, value);
+        }
+    };
+}
+
+// Makes sure a name can be used as a field in the output document.
+function validFieldName(s) {
+    return s.replace(/[\ \.]/g, '_')
+}
+
+/* Turns a `common.NameValuePair` array into an object. Multiple-value fields
+   are stored as arrays.
+ input (a NameValuePair array):
+     from_field: [
+        {Name: name1, Value: value1},
+        {Name: name2, Value: value2},
+        {Name: name2, Value: value2b},
+        [...]
+        {Name: nameN, Value: valueN}
+     ]
+
+ output (an object):
+     to_field: {
+        name1: value1,
+        name2: [value2, value2b],
+        [...]
+        nameN: valueN
+     }
+*/
+function makeObjFromNameValuePairArray(options) {
+    return function(evt) {
+        var src = evt.Get(options.from);
+        var dict = {};
+        if (src == null || !(src instanceof Array)) return;
+        for (var i=0; i < src.length; i++) {
+            var name, value;
+            if (src[i] == null
+                || (name=src[i].Name) == null
+                || (value=src[i].Value) == null) continue;
+            name = validFieldName(name);
+            if (name in dict) {
+                if (dict[name] instanceof Array) {
+                    dict[name].push(value);
+                } else {
+                    dict[name] = [value];
+                }
+            } else {
+                dict[name] = value;
+            }
+        }
+        evt.Put(options.to, dict);
+    }
+}
+
+/* Converts a Common.ModifiedProperty array into an object.
+   input:
+    from_field: [
+        {Name: name1, OldValue: old1, NewValue: new1},
+        {Name: name2, OldValue: old2, NewValue: new2},
+        {Name: name2, OldValue: old2b, NewValue: new2b},
+        [...]
+        {Name: nameN, OldValue: oldN, NewValue: newN},
+    ],
+
+    output:
+    to_field: {
+        name1: { OldValue: old1, NewValue: new1 },
+        name2: { OldValue: [old2, old2b], NewValue: [new2, new2b] },
+        [...]
+        nameN: { OldValue: oldN, NewValue: newN }
+    }
+ */
+function makeDictFromModifiedPropertyArray(options) {
+    return function(evt) {
+        var src = evt.Get(options.from);
+        var dict = {};
+        if (src == null || !(src instanceof Array)) return;
+        for (var i=0; i < src.length; i++) {
+            var name, newValue, oldValue;
+            if (src[i] == null
+                || (name=src[i].Name) == null
+                || (newValue=src[i].NewValue) == null
+                || (oldValue=src[i].OldValue)) continue;
+            name = validFieldName(name);
+            if (name in dict) {
+                if (dict[name].NewValue instanceof Array) {
+                    dict[name].NewValue.push(newValue);
+                    dict[name].OldValue.push(oldValue);
+                } else {
+                    dict[name].NewValue = [newValue];
+                    dict[name].OldValue = [oldValue];
+                }
+            } else {
+                dict[name] = {
+                    NewValue: newValue,
+                    OldValue: oldValue,
+                };
+            }
+        }
+        evt.Put(options.to, dict);
+    }
+}
+
+function exchangeAdminSchema(debug) {
+    var builder = new PipelineBuilder("o365.audit.ExchangeAdmin", debug);
+    builder.Add("saveFields", new processor.Convert({
+        fields: [
+            {from: 'o365audit.OrganizationName', to: 'organization.name'},
+            {from: 'o365audit.OriginatingServer', to: 'server.address'},
+        ],
+        ignore_missing: true,
+        fail_on_error: false
+    }));
+    return builder.Build();
+}
+
+function azureADLogonSchema(debug) {
+    var builder = new PipelineBuilder("o365.audit.AzureActiveDirectory", debug);
+    builder.Add("setEventAuthFields", function(evt){
+       evt.Put("event.category", "authentication");
+       var outcome = evt.Get("event.outcome");
+       // As event.type is an array, this sets both the traditional
+       // "authentication_success"/"authentication_failure"
+       // and the ECS standard "start".
+       var types = ["start"];
+       if (outcome != null && outcome !== "unknown") {
+           types.push("authentication_" + outcome);
+       }
+       evt.Put("event.type", types);
+    });
+    return builder.Build();
+}
+
+function sharePointFileOperationSchema(debug) {
+    var builder = new PipelineBuilder("o365.audit.SharePointFileOperation", debug);
+    builder.Add("saveFields", new processor.Convert({
+        fields: [
+            {from: 'o365audit.ObjectId', to: 'url.original'},
+            {from: 'o365audit.SourceRelativeUrl', to: 'file.directory'},
+            {from: 'o365audit.SourceFileName', to: 'file.name'},
+            {from: 'o365audit.SourceFileExtension', to: 'file.extension'},
+        ],
+        ignore_missing: true,
+        fail_on_error: false
+    }));
+    builder.Add("setEventCategory", new processor.AddFields({
+        target: 'event',
+        fields: {
+            category: 'file',
+        },
+    }));
+    builder.Add("mapEventType", makeMapper({
+        from: 'o365audit.Operation',
+        to: 'event.type',
+        mappings: {
+            'FileAccessed': 'access',
+            'FileDeleted': 'deletion',
+            'FileDownloaded': 'access',
+            'FileModified': 'change',
+            'FileMoved': 'change',
+            'FileRenamed': 'change',
+            'FileRestored': 'change',
+            'FileUploaded': 'creation',
+            'FolderCopied': 'creation',
+            'FolderCreated': 'creation',
+            'FolderDeleted': 'deletion',
+            'FolderModified': 'change',
+            'FolderMoved': 'change',
+            'FolderRenamed': 'change',
+            'FolderRestored': 'change',
+        },
+    }));
+    return builder.Build();
+}
+
+function exchangeMailboxSchema(debug) {
+    var builder = new PipelineBuilder("o365.audit.SharePointFileOperation", debug);
+    builder.Add("saveFields", new processor.Convert({
+        fields: [
+            {from: 'o365audit.MailboxOwnerUPN', to: 'user.email'},
+            {from: 'o365audit.LogonUserSid', to: 'user.id', type: 'string'},
+            {from: 'o365audit.LogonUserDisplayName', to: 'user.full_name'},
+            {from: 'o365audit.OrganizationName', to: 'organization.name'},
+            {from: 'o365audit.OriginatingServer', to: 'server.address'},
+            {from: 'o365audit.ClientIPAddress', to: 'client.address'},
+            {from: 'o365audit.ClientProcessName', to: 'process.name'},
+        ],
+        ignore_missing: true,
+        fail_on_error: false
+    }));
+    return builder.Build();
+}
+
+function dataLossPreventionSchema(debug) {
+    var builder = new PipelineBuilder("o365.audit.DLP", debug);
+    builder.Add("setEventFields", new processor.AddFields({
+        target: 'event',
+        fields: {
+            kind: 'alert',
+            category: 'file',
+            type: 'access',
+        },
+    }));
+
+    builder.Add("saveFields", new processor.Convert({
+        fields: [
+            // SharePoint metadata
+            {from: 'o365audit.SharePointMetaData.From', to: 'user.id'},
+            {from: 'o365audit.SharePointMetaData.FileName', to: 'file.name'},
+            {from: 'o365audit.SharePointMetaData.FilePathUrl', to: 'url.original'},
+            {from: 'o365audit.SharePointMetaData.UniqueId', to: 'file.inode'},
+            {from: 'o365audit.SharePointMetaData.UniqueID', to: 'file.inode'},
+            {from: 'o365audit.SharePointMetaData.FileOwner', to: 'file.owner'},
+
+            // Exchange metadata
+            {from: 'o365audit.ExchangeMetaData.From', to: 'source.user.email'},
+            {from: 'o365audit.ExchangeMetaData.Subject', to: 'message'},
+
+            // Policy details
+            {from: 'o365audit.PolicyId', to: 'rule.id'},
+            {from: 'o365audit.PolicyName', to: 'rule.name'},
+        ],
+        ignore_missing: true,
+        fail_on_error: false
+    }));
+
+    builder.Add("setMTime", new processor.Timestamp({
+        field: "o365audit.SharePointMetaData.LastModifiedTime",
+        target_field: "file.mtime",
+        layouts: [
+            "2006-01-02T15:04:05",
+            "2006-01-02T15:04:05Z",
+        ],
+        ignore_missing: true,
+        ignore_failure: true,
+    }));
+
+    builder.Add("appendDestinationEmails", function(evt) {
+       var list = [];
+       var fields = [
+           'o365audit.ExchangeMetaData.To',
+           'o365audit.ExchangeMetaData.CC',
+           'o365audit.ExchangeMetaData.BCC',
+       ];
+       for (var i=0; i<fields.length; i++) {
+           var value = evt.Get(fields[i]);
+           if (value == null) continue;
+           if (value instanceof Array) {
+               list = list.concat(value);
+           } else {
+               list.push(value);
+           }
+       }
+       if (list.length == 1) {
+           evt.Put("destination.user.email", list[0]);
+       } else if (list.length > 1) {
+           evt.Put("destination.user.email", list);
+       }
+    });
+
+    // ExceptionInfo is documented as string but has been observed to be an object.
+    builder.Add("fixExceptionInfo", function(evt) {
+        var key = "o365audit.ExceptionInfo";
+        var eInfo = evt.Get(key);
+        if (eInfo == null) return;
+        if (typeof eInfo === "string") {
+            if (eInfo === "") {
+                evt.Delete(key);
+            } else {
+                evt.Put(key, {
+                    Reason: eInfo,
+                });
+            }
+        }
+    });
+
+    builder.Add("extractRules", function(evt) {
+        var policies = evt.Get("o365audit.PolicyDetails");
+        if (policies == null) return;
+        // rule.id will be an array of all rules' IDs.
+        var ruleIds = [];
+        // rule.name will be an array of all rules' names.
+        var ruleNames = [];
+        // event.severity will be the higher severity seen.
+        var maxSeverity = -1;
+        // event.outcome will determine if access to sensitive data was allowed.
+        // Either because the rules were configured to only alert or because
+        // the alert was overridden by the user.
+        var allowed = true;
+        for (var i = 0; i < policies.length; i++) {
+            var rules = policies[i].Rules;
+            if (rules == null) continue;
+            for (var j = 0; j < rules.length; j++) {
+                var rule = rules[j];
+                var id = rule.RuleId;
+                var name = rule.RuleName;
+                var sev = severityToCode(rule.Severity);
+                if (id != null && name != null) {
+                    ruleIds.push(id);
+                    ruleNames.push(name);
+                }
+                if (sev > maxSeverity) maxSeverity = sev;
+                if (allowed) {
+                    if (rule.Actions != null && rule.Actions.indexOf("BlockAccess") > -1) {
+                        allowed = false;
+                    }
+                }
+            }
+        }
+        if (ruleIds.length === 1) {
+            evt.Put("rule.id", ruleIds[0]);
+            evt.Put("rule.name", ruleNames[0]);
+        } else if (ruleIds.length > 0) {
+            evt.Put("rule.id", ruleIds);
+            evt.Put("rule.name", ruleNames);
+        }
+        if (maxSeverity > -1) {
+            evt.Put("event.severity", maxSeverity);
+        }
+        evt.Put("event.outcome", (allowed || isBlockOverride(evt))? "success" : "failure");
+    });
+    return builder.Build();
+}
+
+// Numeric mapping for o365 mgmt API severities.
+function severityToCode(str) {
+    if (str == null) return -1;
+    switch (str.toLowerCase()) {
+        case 'informational': return 1; // undocumented severity.
+        case 'low': return 2;
+        case 'medium': return 3;
+        case 'high': return 4;
+        default: return -1;
+    }
+}
+
+// Was a DLP alert overridden with an exception?
+function isBlockOverride(evt) {
+    switch (evt.Get("o365audit.Operation").toLowerCase()) {
+        // Undo means the block was undone via change of policy or override.
+        case "dlpruleundo": return true;
+        // Info means it was detected as a false positive but no action taken.
+        case "dlpinfo": return false;
+    }
+    // It's not clear to me the format of ExceptionInfo. It could be an object
+    // or a string containing a JSON object. Assume that if present, an exception
+    // is made.
+    var exInfo = evt.Get('o365audit.ExceptionInfo');
+    return exInfo != null && exInfo !== "";
+}
+
+function yammerSchema(debug) {
+    var builder = new PipelineBuilder("o365.audit.Yammer", debug);
+    builder.Add("saveFields", new processor.Convert({
+        fields: [
+            {from: 'o365audit.ActorUserId', to: 'user.email'},
+            {from: 'o365audit.ActorYammerUserId', to: 'user.id', type: 'string'},
+            {from: 'o365audit.FileId', to:'file.inode'},
+            {from: 'o365audit.FileName', to: 'file.name'},
+            {from: 'o365audit.GroupName', to: 'group.name'},
+            {from: 'o365audit.TargetUserId', to: 'destination.user.email'},
+            {from: 'o365audit.TargetYammerUserId', to: 'destination.user.id'},
+        ],
+        ignore_missing: true,
+        fail_on_error: false
+    }));
+
+    var actionToCategoryType = {
+        // Network or verified admin changes the information that appears on
+        // member profiles for network users network.
+        ProcessProfileFields: [ "iam", "user"],
+        // Verified admin updates the Yammer network's security configuration.
+        // This includes setting password expiration policies and restrictions
+        // on IP addresses.
+        NetworkSecurityConfigurationUpdated: [ "iam", "admin"],
+        // User uploads a file.
+        FileCreated: [ "file", "creation"],
+        // User creates a group.
+        GroupCreation: [ "iam", ["group", "creation"] ],
+        // A group is deleted from Yammer.
+        GroupDeletion: [ "iam", ["group", "deletion"] ],
+        // User downloads a file.
+        FileDownloaded: [ "file", "access"],
+        // User shares a file with another user.
+        FileShared: [ "file", "access"],
+        // Network or verified admin suspends (deactivates) a user from Yammer.
+        NetworkUserSuspended: [ "iam", "user"],
+        // User account is suspended (deactivated).
+        UserSuspension: [ "iam", "user"],
+        // User changes the description of a file.
+        FileUpdateDescription: [ "file", "access"],
+        // User changes the name of a file.
+        FileUpdateName: [ "file", "creation"],
+        // User views a file.
+        FileVisited: [ "file", "access"],
+    };
+
+    builder.Add("setEventFields", function(evt) {
+        var action = evt.Get("event.action");
+        if (action == null) return;
+        var fields = actionToCategoryType[action];
+        if (fields == null) return;
+        evt.Put("event.category", fields[0]);
+        evt.Put("event.type", fields[1]);
+    });
+    return builder.Build();
+}
+
+function securityComplianceAlertsSchema(debug) {
+    var builder = new PipelineBuilder("o365.audit.SecurityComplianceAlerts", debug);
+    builder.Add("saveFields", new processor.Convert({
+        fields: [
+            {from: 'o365audit.Comments', to: 'message'},
+            {from: 'o365audit.Name', to: 'rule.name'},
+            {from: 'o365audit.PolicyId', to: 'rule.id'},
+            {from: 'o365audit.Category', to: 'rule.category'},
+            {from: 'o365audit.EntityType', to: 'rule.ruleset'},
+            // This contains the entity that triggered the alert.
+            // Name of a malware or email address.
+            // Need to find a better ECS field for it.
+            {from: 'o365audit.AlertEntityId', to: 'rule.description'},
+            {from: 'o365audit.AlertLinks', to: 'rule.reference'},
+        ],
+        ignore_missing: true,
+        fail_on_error: false
+    }));
+    builder.Add("setEventFields", new processor.AddFields({
+        target: 'event',
+        fields: {
+            kind: 'alert',
+            category: 'web',
+            type: 'info',
+        },
+    }));
+    // event.severity is numeric.
+    builder.Add("mapSeverity", function(evt) {
+       var sev = severityToCode(evt.Get("o365audit.Severity"));
+       if (sev >= 0) {
+           evt.Put("event.severity", sev);
+       }
+    });
+    builder.Add("mapCategory", makeMapper({
+        from: 'o365audit.Category',
+        to: 'event.category',
+        default: 'authentication',
+        lowercase: true,
+        mappings: {
+            'accessgovernance': 'authentication',
+            'datagovernance': 'file',
+            'datalossprevention': 'file',
+            'threatmanagement': 'malware',
+        },
+    }));
+    builder.Add("saveEntity", makeConditional({
+        condition: function(evt) {
+            return evt.Get("o365audit.EntityType");
+        },
+        'User': new processor.Convert({
+            fields: [
+                {from: "o365audit.AlertEntityId", to: "user.id", type: 'string'},
+            ],
+            ignore_missing: true,
+            fail_on_error: false
+        }),
+        'Recipients': new processor.Convert({
+            fields: [
+                {from: "o365audit.AlertEntityId", to: "user.email"},
+            ],
+            ignore_missing: true,
+            fail_on_error: false
+        }),
+        'Sender': new processor.Convert({
+            fields: [
+                {from: "o365audit.AlertEntityId", to: "user.email"},
+            ],
+            ignore_missing: true,
+            fail_on_error: false
+        }),
+        'MalwareFamily': new processor.Convert({
+            fields: [
+                {from: "o365audit.AlertEntityId", to: "threat.technique.id"},
+            ],
+            ignore_missing: true,
+            fail_on_error: false
+        }),
+    }));
+    return builder.Build();
+}
+
+function AuditProcessor(tenant_names, debug) {
+    var builder = new PipelineBuilder("o365.audit", debug);
+
+    var unsetIPValues = {"null": true, "<null>": true, "": true};
+    builder.Add("cleanupNulls", function(event) {
+        [
+            "o365audit.ClientIP",
+            "o365audit.ClientIPAddress",
+            "o365audit.ActorIpAddress",
+            "o365audit.OriginatingServer"
+        ].forEach(function(field) {
+            if (event.Get(field) in unsetIPValues) event.Delete(field);
+        });
+    });
+    builder.Add("convertCommonAuditRecordFields", new processor.Convert({
+        fields: [
+            {from: "o365audit.Id", to: "event.id"},
+            {from: "o365audit.ClientIP", to: "client.address"},
+            {from: "o365audit.ClientIPAddress", to: "client.address"},
+            {from: "o365audit.ActorIpAddress", to: "client.address"},
+            {from: "o365audit.UserId", to: "user.id", type: "string"},
+            {from: "o365audit.Workload", to: "event.provider"},
+            {from: "o365audit.Operation", to: "event.action"},
+            {from: "o365audit.OrganizationId", to: "organization.id"},
+            // Extra common fields:
+            {from: "o365audit.UserAgent", to: "user_agent.original"},
+        ],
+        ignore_missing: true,
+        fail_on_error: false
+    }));
+    builder.Add("mapEventType", makeMapper({
+        from: 'o365audit.RecordType',
+        to: 'event.code',
+        // Keep original RecordType for unknown mappings.
+        default: function(recordType) {
+            return recordType;
+        },
+        mappings: {
+            1: 'ExchangeAdmin', // Events from the Exchange admin audit log.
+            2: 'ExchangeItem', // Events from an Exchange mailbox audit log for actions that are performed on a single item, such as creating or receiving an email message.
+            3: 'ExchangeItemGroup', // Events from an Exchange mailbox audit log for actions that can be performed on multiple items, such as moving or deleted one or more email messages.
+            4: 'SharePoint', // SharePoint events.
+            6: 'SharePointFileOperation', // SharePoint file operation events.
+            8: 'AzureActiveDirectory', // Azure Active Directory events.
+            9: 'AzureActiveDirectoryAccountLogon', // Azure Active Directory OrgId logon events (deprecating).
+            10: 'DataCenterSecurityCmdlet', // Data Center security cmdlet events.
+            11: 'ComplianceDLPSharePoint', // Data loss protection (DLP) events in SharePoint and OneDrive for Business.
+            12: 'Sway', // Events from the Sway service and clients.
+            13: 'ComplianceDLPExchange', // Data loss protection (DLP) events in Exchange, when configured via Unified DLP Policy. DLP events based on Exchange Transport Rules are not supported.
+            14: 'SharePointSharingOperation', // SharePoint sharing events.
+            15: 'AzureActiveDirectoryStsLogon', // Secure Token Service (STS) logon events in Azure Active Directory.
+            18: 'SecurityComplianceCenterEOPCmdlet', // Admin actions from the Security & Compliance Center.
+            20: 'PowerBIAudit', // Power BI events.
+            21: 'CRM', // Microsoft CRM events.
+            22: 'Yammer', // Yammer events.
+            23: 'SkypeForBusinessCmdlets', // Skype for Business events.
+            24: 'Discovery', // Events for eDiscovery activities performed by running content searches and managing eDiscovery cases in the Security & Compliance Center.
+            25: 'MicrosoftTeams', // Events from Microsoft Teams.
+            28: 'ThreatIntelligence', // Phishing and malware events from Exchange Online Protection and Office 365 Advanced Threat Protection.
+            30: 'MicrosoftFlow', // Microsoft Power Automate (formerly called Microsoft Flow) events.
+            31: 'AeD', // Advanced eDiscovery events.
+            32: 'MicrosoftStream', // Microsoft Stream events.
+            33: 'ComplianceDLPSharePointClassification', // Events related to DLP classification in SharePoint.
+            35: 'Project', // Microsoft Project events.
+            36: 'SharePointListOperation', // SharePoint List events.
+            38: 'DataGovernance', // Events related to retention policies and retention labels in the Security & Compliance Center
+            40: 'SecurityComplianceAlerts', // Security and compliance alert signals.
+            41: 'ThreatIntelligenceUrl', // Safe links time-of-block and block override events from Office 365 Advanced Threat Protection.
+            42: 'SecurityComplianceInsights', // Events related to insights and reports in the Office 365 security and compliance center.
+            44: 'WorkplaceAnalytics', // Workplace Analytics events.
+            45: 'PowerAppsApp', // Power Apps events.
+            47: 'ThreatIntelligenceAtpContent', // Phishing and malware events for files in SharePoint, OneDrive for Business, and Microsoft Teams from Office 365 Advanced Threat Protection.
+            49: 'TeamsHealthcare', // Events related to the Patients application in Microsoft Teams for Healthcare.
+            52: 'DataInsightsRestApiAudit', // Data Insights REST API events.
+            54: 'SharePointListItemOperation', // SharePoint list item events.
+            55: 'SharePointContentTypeOperation', // SharePoint list content type events.
+            56: 'SharePointFieldOperation', // SharePoint list field events.
+            64: 'AirInvestigation', // Automated incident response (AIR) events.
+            66: 'MicrosoftForms', // Microsoft Forms events.
+        },
+    }));
+
+    builder.Add("setEventFields", new processor.AddFields({
+        target: 'event',
+        fields: {
+            kind: 'event',
+            type: 'info',
+            // Not so sure about web as a default category:
+            category: 'web',
+        },
+    }));
+
+    builder.Add("mapEventOutcome", makeMapper({
+        from: 'o365audit.ResultStatus',
+        to: 'event.outcome',
+        lowercase: true,
+        default: 'success',
+        mappings: {
+            'success': 'success', // This one is necessary to map Success
+            'succeeded': 'success',
+            'partiallysucceeded': 'success',
+            'true': 'success',
+            'failed': 'failure',
+            'false': 'failure',
+        },
+    }));
+
+    builder.Add("makeParametersDict", makeObjFromNameValuePairArray({
+        from: 'o365audit.Parameters',
+        to: 'o365audit.Parameters',
+    }));
+
+    builder.Add("makeExtendedPropertiesDict", makeObjFromNameValuePairArray({
+        from: 'o365audit.ExtendedProperties',
+        to: 'o365audit.ExtendedProperties',
+    }));
+
+    builder.Add("makeModifiedPropertyDict", makeDictFromModifiedPropertyArray({
+        from: 'o365audit.ModifiedProperties',
+        to: 'o365audit.ModifiedProperties',
+    }));
+
+    // Turn AlertLinks into an array of keyword instead of array of objects.
+    builder.Add("alertLinks", function (evt) {
+        var list = evt.Get("o365audit.AlertLinks");
+        if (list == null || !(list instanceof Array)) return;
+        var links = [];
+        for (var i=0; i<list.length; i++) {
+            var link = list[i].AlertLinkHref;
+            if (link != null && typeof link === "string" && link.length > 0) {
+                links.push(link);
+            }
+        }
+        switch (links.length) {
+            case 0:
+                evt.Delete('o365audit.AlertLinks');
+                break;
+            case 1:
+                evt.Put("o365audit.AlertLinks", links[0]);
+                break;
+            default:
+                evt.Put("o365audit.AlertLinks", links);
+        }
+    });
+
+    // Populate event specific fields.
+    var dlp = dataLossPreventionSchema(debug);
+    builder.Add("productSpecific", makeConditional({
+        condition: function(event) {
+            return event.Get("event.code");
+        },
+        'ExchangeAdmin': exchangeAdminSchema(debug).Run,
+        'ExchangeItem': exchangeMailboxSchema(debug).Run,
+        'AzureActiveDirectoryStsLogon': azureADLogonSchema(debug).Run,
+        'SharePointFileOperation': sharePointFileOperationSchema(debug).Run,
+        'SecurityComplianceAlerts': securityComplianceAlertsSchema(debug).Run,
+        'ComplianceDLPSharePoint': dlp.Run,
+        'ComplianceDLPExchange': dlp.Run,
+        'Yammer': yammerSchema(debug).Run,
+    }));
+
+    builder.Add("extractClientIPv4Port", new processor.Dissect({
+        tokenizer: '%{ip}:%{port}',
+        field: 'client.address',
+        target_prefix: 'client',
+        'when.and': [
+            {'contains.client.address': '.'},
+            {'contains.client.address': ':'},
+        ],
+    }));
+    builder.Add("extractClientIPv6Port", new processor.Dissect({
+        tokenizer: '[%{ip}]:%{port}',
+        field: 'client.address',
+        target_prefix: 'client',
+        'when.and': [
+            {'contains.client.address': '['},
+            {'contains.client.address': ':'},
+        ],
+    }));
+
+    // Copy the client/server.address to .ip fields if they are valid IPs.
+    builder.Add("convertIPs", new processor.Convert({
+        fields: [
+            {from: "client.address", to: "client.ip", type: "ip"},
+            {from: "server.address", to: "server.ip", type: "ip"},
+        ],
+        ignore_missing: true,
+        fail_on_error: false
+    }));
+
+    builder.Add("setSrcDstFields", new processor.Convert({
+        fields: [
+            {from: "client.ip", to: "source.ip"},
+            {from: "client.port", to: "source.port"},
+            {from: "server.ip", to: "destination.ip"},
+        ],
+        ignore_missing: true,
+        fail_on_error: false
+    }));
+
+    builder.Add("setUserFieldsFromId", new processor.Dissect({
+        tokenizer: "%{name}@%{domain}",
+        field: "user.id",
+        target_prefix: "user",
+        'when.contains.user.id': '@',
+    }));
+
+    builder.Add("setNetworkType", function(event) {
+        var ip = event.Get("client.ip");
+        if (ip == null) return;
+        event.Put("network.type", ip.indexOf(".") !== -1? "ipv4" : "ipv6");
+    });
+
+    builder.Add("setRelatedIP", appendFields({
+        fields: [
+            "client.ip",
+            "server.ip",
+        ],
+        to: 'related.ip'
+    }));
+
+    builder.Add("setRelatedUser", appendFields({
+        fields: [
+            "user.name",
+            "file.owner",
+        ],
+        to: 'related.user'
+    }));
+
+    // Set user-agent from an alternative location.
+    builder.Add("altUserAgent", function(evt) {
+        var ext = evt.Get("o365audit.ExtendedProperties.UserAgent");
+        if (ext != null) evt.Put("user_agent.original", ext);
+    });
+
+    // Set host.name to the O365 tenant. This is necessary to aggregate events
+    // in SIEM app based on the tenant instead of the host where Filebeat is
+    // running.
+    builder.Add("setHostName", function(evt) {
+        var value;
+        if ((value=evt.Get("organization.id"))!=null) {
+            value = value.toLowerCase();
+            evt.Put("host.id", value);
+            // Use tenant name provided in the configuration.
+            if (value in tenant_names && value !== "") {
+                evt.Put("organization.name", value);
+                evt.Put("host.name", tenant_names[value]);
+                return;
+            }
+        }
+        if ((value=evt.Get("organization.name"))!=null ||
+            (value=evt.Get("user.domain")) != null ) {
+            evt.Put("host.name", value);
+        }
+    });
+
+    builder.Add("saveRaw", new processor.Convert({
+        fields: [
+            {from: "o365audit", to: "o365.audit"},
+        ],
+        mode: "rename"
+    }));
+
+    var chain = builder.Build();
+    return {
+        process: chain.Run
+    };
+}
+
+
+var audit;
+
+// Register params from configuration.
+function register(params) {
+    var tenant_names = {};
+    if (params.tenants != null) {
+        for (var i = 0; i < params.tenants.length; i++) {
+            tenant_names[params.tenants[i].id] = params.tenants[i].name.toLowerCase();
+        }
+    }
+    audit = new AuditProcessor(tenant_names, params.debug);
+}
+
+function process(evt) {
+    return audit.process(evt);
+}
diff --git a/x-pack/filebeat/module/o365/audit/ingest/pipeline.yml b/x-pack/filebeat/module/o365/audit/ingest/pipeline.yml
new file mode 100644
index 00000000000..98fd4f0ff58
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/ingest/pipeline.yml
@@ -0,0 +1,33 @@
+description: Pipeline for Office 365 Audit logs
+
+processors:
+  - user_agent:
+      field: user_agent.original
+      ignore_missing: true
+  # IP Geolocation Lookup
+  - geoip:
+      field: source.ip
+      target_field: source.geo
+      ignore_missing: true
+  # IP Autonomous System (AS) Lookup
+  - geoip:
+      database_file: GeoLite2-ASN.mmdb
+      field: source.ip
+      target_field: source.as
+      properties:
+        - asn
+        - organization_name
+      ignore_missing: true
+  - rename:
+      field: source.as.asn
+      target_field: source.as.number
+      ignore_missing: true
+  - rename:
+      field: source.as.organization_name
+      target_field: source.as.organization.name
+      ignore_missing: true
+
+on_failure:
+  - set:
+      field: error.message
+      value: '{{ _ingest.on_failure_message }}'
diff --git a/x-pack/filebeat/module/o365/audit/manifest.yml b/x-pack/filebeat/module/o365/audit/manifest.yml
new file mode 100644
index 00000000000..a00b9626619
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/manifest.yml
@@ -0,0 +1,21 @@
+module_version: 1.0
+
+var:
+  - name: input
+    default: o365audit
+  - name: certificate
+  - name: key
+  - name: key_passphrase
+  - name: application_id
+  - name: client_secret
+  - name: tenants
+  - name: content_type
+  - name: api
+ingest_pipeline: ingest/pipeline.yml
+input: config/input.yml
+
+requires.processors:
+  - name: geoip
+    plugin: ingest-geoip
+  - name: user_agent
+    plugin: ingest-user_agent
diff --git a/x-pack/filebeat/module/o365/audit/test/01-exchange-admin.log b/x-pack/filebeat/module/o365/audit/test/01-exchange-admin.log
new file mode 100644
index 00000000000..bb5a79acf8c
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/test/01-exchange-admin.log
@@ -0,0 +1,100 @@
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T20:49:49", "AppId": "", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "1c7412a6-858d-49ff-3f93-08d7ac0f45bf", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "6c3454e1-1a13-411b-bed1-08d7adfc0c09", "CreationTime": "2020-02-10T07:37:14"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "b5131b23-3efb-481a-c05b-08d7ac0f2a82", "CreationTime": "2020-02-07T20:49:03"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "testsiem.onmicrosoft.com\\2c6709f0-beaf-4ffd-99ea-d02c796c25d3", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Organization", "Value": "testsiem.onmicrosoft.com"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Install-DefaultSharingPolicy", "Id": "ef597809-1c52-4a85-7cce-08d7adfc0939", "CreationTime": "2020-02-10T07:37:09"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "testsiem.onmicrosoft.com\\Admin Audit Log Settings", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Organization", "Value": "testsiem.onmicrosoft.com"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Install-AdminAuditLogConfig", "Id": "362ff802-6df6-47e5-09a2-08d7adfc095b", "CreationTime": "2020-02-10T07:37:09"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "testsiem.onmicrosoft.com\\Transport Settings", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "CreationTime": "2020-02-10T07:37:13", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "testsiem.onmicrosoft.com"}, {"Name": "OrganizationFederatedMailbox", "Value": "FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@testsiem.onmicrosoft.com"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-TransportConfig", "Id": "ea769bfc-fa67-465c-767a-08d7adfc0b7b"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "Arbitration", "Value": "True"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}"}, {"Name": "UMDataStorage", "Value": "True"}, {"Name": "Force", "Value": "True"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}", "Id": "168019d2-1e8a-4394-e90b-08d7ac0f1e69", "CreationTime": "2020-02-07T20:48:43"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "InstantMessagingType", "Value": "Ocs"}, {"Name": "Identity", "Value": "testsiem.onmicrosoft.com\\OwaMailboxPolicy-Default"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T20:49:34", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-OwaMailboxPolicy", "ObjectId": "testsiem.onmicrosoft.com\\OwaMailboxPolicy-Default", "Id": "0d7995da-038f-40d9-2765-08d7ac0f3d4d"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "CreationTime": "2020-02-07T20:49:20", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", "Id": "b9f4dff2-c7f5-41eb-eae8-08d7ac0f3492"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T07:37:17", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", "Id": "2202ec45-7abc-49dd-e35e-08d7adfc0e15"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "Parameters": [{"Name": "DoNotUpdateRecipients", "Value": "True"}, {"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com"}], "ObjectId": "testsiem.onmicrosoft.com", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "CreationTime": "2020-02-07T20:48:04", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "OrganizationName": "testsiem.onmicrosoft.com", "Operation": "Enable-AddressListPaging", "Id": "a0063917-bb25-4c17-fe2e-08d7ac0f0769", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "RecordType": 1, "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-07T20:48:58", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "a324e83b-d1a3-4855-db2a-08d7ac0f277b", "OrganizationName": "testsiem.onmicrosoft.com"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "RecordType": 1, "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T07:37:15", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", "Id": "ebda487f-6177-432a-e91d-08d7adfc0d0d", "OrganizationName": "testsiem.onmicrosoft.com"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "ClientAppId": "", "RecordType": 1, "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T20:49:09", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", "Id": "7dafe4a3-487a-46ec-dadc-08d7ac0f2e06", "OrganizationName": "testsiem.onmicrosoft.com"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "Version": 1, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Workload": "Exchange", "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "7b5e608f-0a09-4251-8922-08d7adfc0d15", "CreationTime": "2020-02-10T07:37:15", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-07T20:49:09", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "7dafe4a3-487a-46ec-dadc-08d7ac0f2e06", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "TenantAllowBlockLists", "Value": "True"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "a4912729-9b49-43b3-d21f-08d7adfc0e8e", "CreationTime": "2020-02-10T07:37:18", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "ObjectId": "testsiem.onmicrosoft.com", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "AppId": "", "CreationTime": "2020-02-07T20:49:55", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-TenantObjectVersion", "Id": "514d0e07-410f-469c-a7f9-08d7ac0f496e", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "ObjectId": "testsiem.onmicrosoft.com\\Transport Settings", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "testsiem.onmicrosoft.com"}, {"Name": "OrganizationFederatedMailbox", "Value": "FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@testsiem.onmicrosoft.com"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-TransportConfig", "Id": "ea769bfc-fa67-465c-767a-08d7adfc0b7b", "CreationTime": "2020-02-10T07:37:13", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com"}, {"Name": "SupervisionTags", "Value": "Reject;Allow"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-TransportConfig", "ObjectId": "testsiem.onmicrosoft.com\\Transport Settings", "Id": "e022fa0d-13b2-4314-b707-08d7adfc0868", "CreationTime": "2020-02-10T07:37:08", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-TenantObjectVersion", "ObjectId": "testsiem.onmicrosoft.com", "Id": "514d0e07-410f-469c-a7f9-08d7ac0f496e", "CreationTime": "2020-02-07T20:49:55", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "testsiem.onmicrosoft.com"}, {"Name": "OrganizationFederatedMailbox", "Value": "FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@testsiem.onmicrosoft.com"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-07T20:48:52", "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-TransportConfig", "ObjectId": "testsiem.onmicrosoft.com\\Transport Settings", "Id": "8a3c4f54-f2de-4717-dd56-08d7ac0f23be", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "OMEncryptionStore", "Value": "True"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "AppId": "", "CreationTime": "2020-02-07T20:48:49", "UserType": 3, "Version": 1, "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201}", "Id": "9eb764a6-fee5-4c3a-6adc-08d7ac0f220f", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "TenantAllowBlockLists", "Value": "True"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T07:37:18", "AppId": "", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063", "Id": "a4912729-9b49-43b3-d21f-08d7adfc0e8e", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-07T20:48:56", "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", "Id": "d83e97f0-951c-4ccc-630e-08d7ac0f267e", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T07:37:17", "AppId": "", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", "Id": "2cbbd2bb-607e-49b1-c02c-08d7adfc0e1c", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", "Id": "165a283d-6f9b-4dc2-1b86-08d7ac0f273c", "CreationTime": "2020-02-07T20:48:57", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", "Id": "979931d3-c99d-45b1-14e1-08d7ac0f3209", "CreationTime": "2020-02-07T20:49:16", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-07T20:49:20", "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", "Id": "4bddac31-664e-4432-d181-08d7ac0f34d2", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", "Id": "4d2e1010-489d-4aa0-e300-08d7ac0f314c", "CreationTime": "2020-02-07T20:49:14", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136", "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T20:48:44", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "ProhibitSendReceiveQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "Management", "Value": "True"}, {"Name": "Force", "Value": "True"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "DisplayName", "Value": "Microsoft Exchange Migration"}, {"Name": "IssueWarningQuota", "Value": "9 GB (9,663,676,416 bytes)"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "Migration", "Value": "True"}, {"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "ProhibitSendQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136"}, {"Name": "Arbitration", "Value": "True"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "e79cb83c-25b7-4777-57f0-08d7ac0f1f74", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", "ClientAppId": "", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "Version": 1, "AppId": "", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Workload": "Exchange", "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "ee2a5c48-f068-4672-3e34-08d7adfc0bf4", "CreationTime": "2020-02-10T07:37:14", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-10T07:37:14", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "d3533d4d-f62f-4731-d0c9-08d7adfc0c7b", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "b9f4dff2-c7f5-41eb-eae8-08d7ac0f3492", "CreationTime": "2020-02-07T20:49:20", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "AppId": "", "CreationTime": "2020-02-07T20:49:08", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "bc03d223-966c-4e33-6cf7-08d7ac0f2d88", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "b9f4dff2-c7f5-41eb-eae8-08d7ac0f3492", "CreationTime": "2020-02-07T20:49:20", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T20:49:09", "AppId": "", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "7a500a7f-cc56-4dfd-d740-08d7ac0f2e45", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "CreationTime": "2020-02-07T20:49:10", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "6047e3da-8661-44a4-6fd2-08d7ac0f2e85", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "a61cdc9a-89ef-402b-102c-08d7ac0f3592", "CreationTime": "2020-02-07T20:49:21", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "d16f181c-257c-4d40-45e1-08d7adfc0c02", "CreationTime": "2020-02-10T07:37:14", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}", "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "Force", "Value": "True"}, {"Name": "UMGrammar", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "MaxSendSize", "Value": "1 GB (1,073,741,824 bytes)"}, {"Name": "MailRouting", "Value": "True"}, {"Name": "MessageTracking", "Value": "True"}, {"Name": "OMEncryption", "Value": "True"}, {"Name": "OABGen", "Value": "True"}, {"Name": "ClientExtensions", "Value": "True"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}"}, {"Name": "GMGen", "Value": "True"}, {"Name": "SuiteServiceStorage", "Value": "True"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "27fdc2ec-edbd-445c-92bd-08d7ac0f1dc6", "CreationTime": "2020-02-07T20:48:42", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "testsiem.onmicrosoft.com\\Admin Audit Log Settings", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "IgnoreDehydratedFlag", "Value": "True"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com"}, {"Name": "AdminAuditLogEnabled", "Value": "True"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T20:49:55", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-AdminAuditLogConfig", "Id": "0caecd44-0161-44e5-0e45-08d7ac0f49d6", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "testsiem.onmicrosoft.com\\Transport Settings", "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "AppId": "", "CreationTime": "2020-02-07T20:49:52", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "testsiem.onmicrosoft.com"}, {"Name": "HygieneSuite", "Value": "Premium"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-TransportConfig", "Id": "fd804781-7d7f-4d3a-1ef0-08d7ac0f47e4", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "ObjectId": "testsiem.onmicrosoft.com\\Transport Settings", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "testsiem.onmicrosoft.com"}, {"Name": "OrganizationFederatedMailbox", "Value": "FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@testsiem.onmicrosoft.com"}], "Workload": "Exchange", "UserType": 3, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T20:48:52", "ClientAppId": "", "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-TransportConfig", "Id": "8a3c4f54-f2de-4717-dd56-08d7ac0f23be", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Organization", "Value": "testsiem.onmicrosoft.com"}, {"Name": "IgnoreDehydratedFlag", "Value": "True"}], "ObjectId": "testsiem.onmicrosoft.com\\ExchangeAssistance", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "New-ExchangeAssistanceConfig", "Id": "627aa8ff-1411-475d-d202-08d7ac0f08a5", "CreationTime": "2020-02-07T20:48:06", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Parameters": [{"Name": "ProhibitSendReceiveQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "Management", "Value": "True"}, {"Name": "Force", "Value": "True"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "DisplayName", "Value": "Microsoft Exchange Migration"}, {"Name": "IssueWarningQuota", "Value": "9 GB (9,663,676,416 bytes)"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "Migration", "Value": "True"}, {"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "ProhibitSendQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136"}, {"Name": "Arbitration", "Value": "True"}], "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "AppId": "", "CreationTime": "2020-02-10T07:37:12", "UserType": 3, "Version": 1, "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136", "Id": "425128e3-4281-42f6-4ec7-08d7adfc0acd", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "TenantAllowBlockLists", "Value": "True"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-10T07:37:18", "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063", "Id": "a4912729-9b49-43b3-d21f-08d7adfc0e8e", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T20:49:21", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", "Id": "a61cdc9a-89ef-402b-102c-08d7ac0f3592", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", "Id": "8126fd52-b16b-45c5-6aff-08d7adfc0c97", "CreationTime": "2020-02-10T07:37:15", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-10T07:37:14", "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", "Id": "70f24b65-0224-473b-49b8-08d7adfc0c83", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", "Id": "515c88f2-2cbf-4214-2d9b-08d7adfc0e0f", "CreationTime": "2020-02-10T07:37:17", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "CreationTime": "2020-02-07T20:48:57", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", "Id": "02c7f756-40e0-4c47-d49d-08d7ac0f26bd", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-07T20:49:02", "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "40786a66-fbd5-4a24-d9af-08d7ac0f2a42", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", "Id": "ebda487f-6177-432a-e91d-08d7adfc0d0d", "CreationTime": "2020-02-10T07:37:15", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "DisplayName", "Value": "Microsoft Exchange"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "9 GB (9,663,676,416 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042"}, {"Name": "ProhibitSendReceiveQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T20:48:51", "AppId": "", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "Version": 1, "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042", "Id": "93d5f028-263c-45f1-dcf9-08d7ac0f2378", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T07:37:17", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", "Id": "1eea5379-4c86-4d6f-00cf-08d7adfc0e23"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T07:37:17", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", "Id": "2202ec45-7abc-49dd-e35e-08d7adfc0e15"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T07:37:23", "AppId": "", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "IgnoreDehydratedFlag", "Value": "True"}, {"Name": "Identity", "Value": "testsiem.onmicrosoft.com\\Recipient Quota Policy"}, {"Name": "PublicFolderHierarchyMailboxCountQuota", "Value": "100"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-RecipientEnforcementProvisioningPolicy", "ObjectId": "testsiem.onmicrosoft.com\\Recipient Quota Policy", "Id": "80d8b808-c24c-4359-24cf-08d7adfc11e3"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T07:37:24", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "IgnoreDehydratedFlag", "Value": "True"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com"}, {"Name": "AdminAuditLogEnabled", "Value": "True"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-AdminAuditLogConfig", "ObjectId": "testsiem.onmicrosoft.com\\Admin Audit Log Settings", "Id": "9edbf9fe-f844-401f-e9ec-08d7adfc1242"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-10T07:37:15", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", "Id": "7b5e608f-0a09-4251-8922-08d7adfc0d15"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-10T07:37:17", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", "Id": "2cbbd2bb-607e-49b1-c02c-08d7adfc0e1c"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "IgnoreDehydratedFlag", "Value": "True"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com"}, {"Name": "AdminAuditLogEnabled", "Value": "True"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-AdminAuditLogConfig", "ObjectId": "testsiem.onmicrosoft.com\\Admin Audit Log Settings", "Id": "9edbf9fe-f844-401f-e9ec-08d7adfc1242", "CreationTime": "2020-02-10T07:37:24"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "InstantMessagingType", "Value": "Ocs"}, {"Name": "Identity", "Value": "testsiem.onmicrosoft.com\\OwaMailboxPolicy-Default"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-OwaMailboxPolicy", "ObjectId": "testsiem.onmicrosoft.com\\OwaMailboxPolicy-Default", "Id": "0d7995da-038f-40d9-2765-08d7ac0f3d4d", "CreationTime": "2020-02-07T20:49:34"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "ProhibitSendReceiveQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "Management", "Value": "True"}, {"Name": "Force", "Value": "True"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "DisplayName", "Value": "Microsoft Exchange Migration"}, {"Name": "IssueWarningQuota", "Value": "9 GB (9,663,676,416 bytes)"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "Migration", "Value": "True"}, {"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "ProhibitSendQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136"}, {"Name": "Arbitration", "Value": "True"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136", "Id": "425128e3-4281-42f6-4ec7-08d7adfc0acd", "CreationTime": "2020-02-10T07:37:12"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", "Id": "6ddabbf8-4b7c-4982-2683-08d7adfc0c10", "CreationTime": "2020-02-10T07:37:14"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ClientAppId": "", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "CreationTime": "2020-02-10T07:37:13", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "DisplayName", "Value": "Microsoft Exchange"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "9 GB (9,663,676,416 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042"}, {"Name": "ProhibitSendReceiveQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042", "Id": "e6a88958-ff2a-4e9b-d681-08d7adfc0b73"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "CreationTime": "2020-02-07T20:49:02", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "f580aae6-d0d5-4204-1a13-08d7ac0f2a03"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-07T20:48:57", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "165a283d-6f9b-4dc2-1b86-08d7ac0f273c"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T07:37:15", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "2db154f6-63ae-4a31-c548-08d7adfc0d1d"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "CreationTime": "2020-02-07T20:49:21", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ClientAppId": "", "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "a61cdc9a-89ef-402b-102c-08d7ac0f3592"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "2202ec45-7abc-49dd-e35e-08d7adfc0e15", "CreationTime": "2020-02-10T07:37:17"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "testsiem.onmicrosoft.com", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-07T20:48:04", "Parameters": [{"Name": "DoNotUpdateRecipients", "Value": "True"}, {"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com"}], "UserType": 3, "Version": 1, "ClientAppId": "", "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Enable-AddressListPaging", "Id": "a0063917-bb25-4c17-fe2e-08d7ac0f0769"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "testsiem.onmicrosoft.com\\Admin Audit Log Settings", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "CreationTime": "2020-02-07T20:49:55", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "IgnoreDehydratedFlag", "Value": "True"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com"}, {"Name": "AdminAuditLogEnabled", "Value": "True"}], "UserType": 3, "Version": 1, "ClientAppId": "", "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-AdminAuditLogConfig", "Id": "0caecd44-0161-44e5-0e45-08d7ac0f49d6"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "testsiem.onmicrosoft.com\\ExchangeAssistance15", "UserType": 3, "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "Version": 1, "AppId": "", "CreationTime": "2020-02-10T07:37:24", "Parameters": [{"Name": "Identity", "Value": "testsiem.onmicrosoft.com"}, {"Name": "PrivacyStatementURL", "Value": "http://go.microsoft.com/fwlink/?LinkID=259417"}, {"Name": "PrivacyLinkDisplayEnabled", "Value": "True"}], "ClientAppId": "", "Workload": "Exchange", "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-ExchangeAssistanceConfig", "Id": "2cb36c1c-1368-4483-9801-08d7adfc11fe"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "ObjectId": "testsiem.onmicrosoft.com\\Recipient Quota Policy", "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "AppId": "", "CreationTime": "2020-02-10T07:37:23", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "IgnoreDehydratedFlag", "Value": "True"}, {"Name": "Identity", "Value": "testsiem.onmicrosoft.com\\Recipient Quota Policy"}, {"Name": "PublicFolderHierarchyMailboxCountQuota", "Value": "100"}], "UserType": 3, "Version": 1, "ClientAppId": "", "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-RecipientEnforcementProvisioningPolicy", "Id": "80d8b808-c24c-4359-24cf-08d7adfc11e3"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "CreationTime": "2020-02-10T07:37:24", "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-TenantObjectVersion", "ObjectId": "testsiem.onmicrosoft.com", "Id": "a9fb5fce-4ce4-43eb-f429-08d7adfc122c"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}"}, {"Name": "User", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Discovery Management"}, {"Name": "AccessRights", "Value": "FullAccess"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-07T20:49:49", "ClientAppId": "", "Version": 1, "ResultStatus": "True", "UserType": 3, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Add-MailboxPermission", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}", "Id": "5f84ceaa-e6df-4ba1-1085-08d7ac0f4646"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}", "Id": "1c7412a6-858d-49ff-3f93-08d7ac0f45bf", "CreationTime": "2020-02-07T20:49:49"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "IgnoreDehydratedFlag", "Value": "True"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com"}, {"Name": "AdminAuditLogEnabled", "Value": "True"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T20:49:55", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-AdminAuditLogConfig", "ObjectId": "testsiem.onmicrosoft.com\\Admin Audit Log Settings", "Id": "0caecd44-0161-44e5-0e45-08d7ac0f49d6"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "OMEncryptionStore", "Value": "True"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "Workload": "Exchange", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "ClientAppId": "", "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201}", "Id": "7386959b-a0d0-459e-baf8-08d7adfc0b4b", "CreationTime": "2020-02-10T07:37:12"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", "Id": "7b5e608f-0a09-4251-8922-08d7adfc0d15", "CreationTime": "2020-02-10T07:37:15"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserType": 3, "CreationTime": "2020-02-07T20:49:03", "ClientAppId": "", "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", "Id": "96b98335-ab19-4e22-31e0-08d7ac0f2ac2"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-07T20:49:21", "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", "Id": "a61cdc9a-89ef-402b-102c-08d7ac0f3592"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}", "Id": "5cd5fc38-5b48-47d6-2e47-08d7ac0f2b01", "CreationTime": "2020-02-07T20:49:04"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "Workload": "Exchange", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "ClientAppId": "", "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", "Id": "ff48ffeb-5c2a-468f-9113-08d7ac0f3512", "CreationTime": "2020-02-07T20:49:21"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T07:37:14", "UserType": 3, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "ClientAppId": "", "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", "Id": "d16f181c-257c-4d40-45e1-08d7adfc0c02"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "RecordType": 1, "Workload": "Exchange", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", "Id": "02c7f756-40e0-4c47-d49d-08d7ac0f26bd", "CreationTime": "2020-02-07T20:48:57"}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Workload": "Exchange", "ClientAppId": "", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T07:37:21", "AppId": "", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}"}, {"Name": "User", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Discovery Management"}, {"Name": "AccessRights", "Value": "FullAccess"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Add-MailboxPermission", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}", "Id": "86a8ddaf-15d2-44b4-62d5-08d7adfc1062", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Workload": "Exchange", "ClientAppId": "", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}", "Id": "8b544cbd-f42b-4910-82ef-08d7ac0f26fc", "CreationTime": "2020-02-07T20:48:57", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Workload": "Exchange", "ClientAppId": "", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "DisplayName", "Value": "Microsoft Exchange"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "9 GB (9,663,676,416 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042"}, {"Name": "ProhibitSendReceiveQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042", "Id": "e6a88958-ff2a-4e9b-d681-08d7adfc0b73", "CreationTime": "2020-02-10T07:37:13", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Workload": "Exchange", "ClientAppId": "", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "CreationTime": "2020-02-10T07:37:07", "Parameters": [{"Name": "DoNotUpdateRecipients", "Value": "True"}, {"Name": "DomainController", "Value": ""}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com"}], "UserType": 3, "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Enable-AddressListPaging", "ObjectId": "testsiem.onmicrosoft.com", "Id": "d7134fa4-2e25-4a7d-d84d-08d7adfc0802", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Workload": "Exchange", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", "UserType": 3, "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "ClientAppId": "", "Version": 1, "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "ee2a5c48-f068-4672-3e34-08d7adfc0bf4", "CreationTime": "2020-02-10T07:37:14", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Workload": "Exchange", "ObjectId": "testsiem.onmicrosoft.com\\Resource Schema", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-07T20:48:32", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "Organization", "Value": "testsiem.onmicrosoft.com"}], "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Install-ResourceConfig", "Id": "060e0f74-72a7-40d1-30fa-08d7ac0f17d8", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Workload": "Exchange", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "IgnoreDehydratedFlag", "Value": "True"}, {"Name": "Identity", "Value": "testsiem.onmicrosoft.com\\Recipient Quota Policy"}, {"Name": "PublicFolderHierarchyMailboxCountQuota", "Value": "100"}], "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-10T07:37:23", "ClientAppId": "", "UserType": 3, "Version": 1, "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-RecipientEnforcementProvisioningPolicy", "ObjectId": "testsiem.onmicrosoft.com\\Recipient Quota Policy", "Id": "80d8b808-c24c-4359-24cf-08d7adfc11e3", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "OrganizationName": "testsiem.onmicrosoft.com", "Workload": "Exchange", "Parameters": [{"Name": "Force", "Value": "True"}, {"Name": "UMGrammar", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "MaxSendSize", "Value": "1 GB (1,073,741,824 bytes)"}, {"Name": "MailRouting", "Value": "True"}, {"Name": "MessageTracking", "Value": "True"}, {"Name": "OMEncryption", "Value": "True"}, {"Name": "OABGen", "Value": "True"}, {"Name": "ClientExtensions", "Value": "True"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}"}, {"Name": "GMGen", "Value": "True"}, {"Name": "SuiteServiceStorage", "Value": "True"}], "UserType": 3, "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "CreationTime": "2020-02-07T20:48:42", "ClientAppId": "", "Version": 1, "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}", "Id": "27fdc2ec-edbd-445c-92bd-08d7ac0f1dc6", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "Version": 1, "ClientAppId": "", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "AppId": "", "CreationTime": "2020-02-10T07:37:16", "OrganizationName": "testsiem.onmicrosoft.com", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Workload": "Exchange", "ResultStatus": "True", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "c6db95ea-9eae-4b58-d692-08d7adfc0d98", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "Version": 1, "ClientAppId": "", "ObjectId": "testsiem.onmicrosoft.com\\Recipient Quota Policy", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "CreationTime": "2020-02-07T20:49:52", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Parameters": [{"Name": "DomainController", "Value": ""}, {"Name": "IgnoreDehydratedFlag", "Value": "True"}, {"Name": "Identity", "Value": "testsiem.onmicrosoft.com\\Recipient Quota Policy"}, {"Name": "PublicFolderHierarchyMailboxCountQuota", "Value": "100"}], "UserType": 3, "Workload": "Exchange", "ResultStatus": "True", "AppId": "", "ExternalAccess": true, "OrganizationName": "testsiem.onmicrosoft.com", "Operation": "Set-RecipientEnforcementProvisioningPolicy", "Id": "c706f54e-1b00-43ed-5b06-08d7ac0f47a6", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "Version": 1, "ClientAppId": "", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T07:37:15", "AppId": "", "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "OrganizationName": "testsiem.onmicrosoft.com", "UserType": 3, "Workload": "Exchange", "ResultStatus": "True", "ExternalAccess": true, "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}", "Id": "fcd82149-fc1c-4866-e16d-08d7adfc0cff", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "Version": 1, "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136", "Parameters": [{"Name": "ProhibitSendReceiveQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "Management", "Value": "True"}, {"Name": "Force", "Value": "True"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "DisplayName", "Value": "Microsoft Exchange Migration"}, {"Name": "IssueWarningQuota", "Value": "9 GB (9,663,676,416 bytes)"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "Migration", "Value": "True"}, {"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "ProhibitSendQuota", "Value": "10 GB (10,737,418,240 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136"}, {"Name": "Arbitration", "Value": "True"}], "UserType": 3, "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "OrganizationName": "testsiem.onmicrosoft.com", "ClientAppId": "", "Workload": "Exchange", "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "e79cb83c-25b7-4777-57f0-08d7ac0f1f74", "CreationTime": "2020-02-07T20:48:44", "RecordType": 1}
+{"OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)", "Version": 1, "ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}", "ClientAppId": "", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "ExternalAccess": true, "UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "OrganizationName": "testsiem.onmicrosoft.com", "Parameters": [{"Name": "RecoverableItemsQuota", "Value": "30 GB (32,212,254,720 bytes)"}, {"Name": "Force", "Value": "True"}, {"Name": "Arbitration", "Value": "True"}, {"Name": "QuarantineMessageStore", "Value": "True"}, {"Name": "ProhibitSendQuota", "Value": "99 GB (106,300,440,576 bytes)"}, {"Name": "HiddenFromAddressListsEnabled", "Value": "True"}, {"Name": "SCLDeleteEnabled", "Value": "False"}, {"Name": "SCLQuarantineEnabled", "Value": "False"}, {"Name": "SCLRejectEnabled", "Value": "False"}, {"Name": "UseDatabaseQuotaDefaults", "Value": "False"}, {"Name": "RecoverableItemsWarningQuota", "Value": "20 GB (21,474,836,480 bytes)"}, {"Name": "IssueWarningQuota", "Value": "90 GB (96,636,764,160 bytes)"}, {"Name": "Identity", "Value": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}"}, {"Name": "ProhibitSendReceiveQuota", "Value": "100 GB (107,374,182,400 bytes)"}, {"Name": "SCLJunkEnabled", "Value": "False"}], "UserType": 3, "Workload": "Exchange", "ResultStatus": "True", "AppId": "", "UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)", "Operation": "Set-Mailbox", "Id": "e9e580ee-ac04-436f-9214-08d7adfc0d8b", "CreationTime": "2020-02-10T07:37:16", "RecordType": 1}
diff --git a/x-pack/filebeat/module/o365/audit/test/01-exchange-admin.log-expected.json b/x-pack/filebeat/module/o365/audit/test/01-exchange-admin.log-expected.json
new file mode 100644
index 00000000000..43ed055dad6
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/test/01-exchange-admin.log-expected.json
@@ -0,0 +1,5010 @@
+[
+    {
+        "@timestamp": "2020-02-07T20:49:49.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "1c7412a6-858d-49ff-3f93-08d7ac0f45bf",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 0,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:49",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "1c7412a6-858d-49ff-3f93-08d7ac0f45bf",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:14.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "6c3454e1-1a13-411b-bed1-08d7adfc0c09",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 980,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:14",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "6c3454e1-1a13-411b-bed1-08d7adfc0c09",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:03.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "b5131b23-3efb-481a-c05b-08d7ac0f2a82",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 2735,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:03",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "b5131b23-3efb-481a-c05b-08d7ac0f2a82",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:09.000Z",
+        "event.action": "Install-DefaultSharingPolicy",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "ef597809-1c52-4a85-7cce-08d7adfc0939",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 4490,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:09",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "ef597809-1c52-4a85-7cce-08d7adfc0939",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\2c6709f0-beaf-4ffd-99ea-d02c796c25d3",
+        "o365.audit.Operation": "Install-DefaultSharingPolicy",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.Organization": "testsiem.onmicrosoft.com",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:09.000Z",
+        "event.action": "Install-AdminAuditLogConfig",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "362ff802-6df6-47e5-09a2-08d7adfc095b",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 5269,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:09",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "362ff802-6df6-47e5-09a2-08d7adfc095b",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Admin Audit Log Settings",
+        "o365.audit.Operation": "Install-AdminAuditLogConfig",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.Organization": "testsiem.onmicrosoft.com",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:13.000Z",
+        "event.action": "Set-TransportConfig",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "ea769bfc-fa67-465c-767a-08d7adfc0b7b",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 6035,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:13",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "ea769bfc-fa67-465c-767a-08d7adfc0b7b",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Transport Settings",
+        "o365.audit.Operation": "Set-TransportConfig",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.Identity": "testsiem.onmicrosoft.com",
+        "o365.audit.Parameters.OrganizationFederatedMailbox": "FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@testsiem.onmicrosoft.com",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:48:43.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "168019d2-1e8a-4394-e90b-08d7ac0f1e69",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 6914,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:48:43",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "168019d2-1e8a-4394-e90b-08d7ac0f1e69",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}",
+        "o365.audit.Parameters.UMDataStorage": "True",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:34.000Z",
+        "event.action": "Set-OwaMailboxPolicy",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "0d7995da-038f-40d9-2765-08d7ac0f3d4d",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 7955,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:34",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "0d7995da-038f-40d9-2765-08d7ac0f3d4d",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\OwaMailboxPolicy-Default",
+        "o365.audit.Operation": "Set-OwaMailboxPolicy",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Identity": "testsiem.onmicrosoft.com\\OwaMailboxPolicy-Default",
+        "o365.audit.Parameters.InstantMessagingType": "Ocs",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:20.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "b9f4dff2-c7f5-41eb-eae8-08d7ac0f3492",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 8743,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:20",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "b9f4dff2-c7f5-41eb-eae8-08d7ac0f3492",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:17.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "2202ec45-7abc-49dd-e35e-08d7adfc0e15",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 10498,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:17",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "2202ec45-7abc-49dd-e35e-08d7adfc0e15",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:48:04.000Z",
+        "event.action": "Enable-AddressListPaging",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "a0063917-bb25-4c17-fe2e-08d7ac0f0769",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 12253,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:48:04",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "a0063917-bb25-4c17-fe2e-08d7ac0f0769",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com",
+        "o365.audit.Operation": "Enable-AddressListPaging",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.DoNotUpdateRecipients": "True",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:48:58.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "a324e83b-d1a3-4855-db2a-08d7ac0f277b",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 13107,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:48:58",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "a324e83b-d1a3-4855-db2a-08d7ac0f277b",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:15.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "ebda487f-6177-432a-e91d-08d7adfc0d0d",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 14862,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:15",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "ebda487f-6177-432a-e91d-08d7adfc0d0d",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:09.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "7dafe4a3-487a-46ec-dadc-08d7ac0f2e06",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 16617,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:09",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "7dafe4a3-487a-46ec-dadc-08d7ac0f2e06",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:15.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "7b5e608f-0a09-4251-8922-08d7adfc0d15",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 18372,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:15",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "7b5e608f-0a09-4251-8922-08d7adfc0d15",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:09.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "7dafe4a3-487a-46ec-dadc-08d7ac0f2e06",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 20127,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:09",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "7dafe4a3-487a-46ec-dadc-08d7ac0f2e06",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:18.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "a4912729-9b49-43b3-d21f-08d7adfc0e8e",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 21882,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:18",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "a4912729-9b49-43b3-d21f-08d7adfc0e8e",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.TenantAllowBlockLists": "True",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:55.000Z",
+        "event.action": "Set-TenantObjectVersion",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "514d0e07-410f-469c-a7f9-08d7ac0f496e",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 23638,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:55",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "514d0e07-410f-469c-a7f9-08d7ac0f496e",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com",
+        "o365.audit.Operation": "Set-TenantObjectVersion",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:13.000Z",
+        "event.action": "Set-TransportConfig",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "ea769bfc-fa67-465c-767a-08d7adfc0b7b",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 24439,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:13",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "ea769bfc-fa67-465c-767a-08d7adfc0b7b",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Transport Settings",
+        "o365.audit.Operation": "Set-TransportConfig",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.Identity": "testsiem.onmicrosoft.com",
+        "o365.audit.Parameters.OrganizationFederatedMailbox": "FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@testsiem.onmicrosoft.com",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:08.000Z",
+        "event.action": "Set-TransportConfig",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "e022fa0d-13b2-4314-b707-08d7adfc0868",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 25318,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:08",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "e022fa0d-13b2-4314-b707-08d7adfc0868",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Transport Settings",
+        "o365.audit.Operation": "Set-TransportConfig",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com",
+        "o365.audit.Parameters.SupervisionTags": "Reject;Allow",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:55.000Z",
+        "event.action": "Set-TenantObjectVersion",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "514d0e07-410f-469c-a7f9-08d7ac0f496e",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 26189,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:55",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "514d0e07-410f-469c-a7f9-08d7ac0f496e",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com",
+        "o365.audit.Operation": "Set-TenantObjectVersion",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:48:52.000Z",
+        "event.action": "Set-TransportConfig",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "8a3c4f54-f2de-4717-dd56-08d7ac0f23be",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 26990,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:48:52",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "8a3c4f54-f2de-4717-dd56-08d7ac0f23be",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Transport Settings",
+        "o365.audit.Operation": "Set-TransportConfig",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.Identity": "testsiem.onmicrosoft.com",
+        "o365.audit.Parameters.OrganizationFederatedMailbox": "FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@testsiem.onmicrosoft.com",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:48:49.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "9eb764a6-fee5-4c3a-6adc-08d7ac0f220f",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 27869,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:48:49",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "9eb764a6-fee5-4c3a-6adc-08d7ac0f220f",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.OMEncryptionStore": "True",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:18.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "a4912729-9b49-43b3-d21f-08d7adfc0e8e",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 29609,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:18",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "a4912729-9b49-43b3-d21f-08d7adfc0e8e",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.TenantAllowBlockLists": "True",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:48:56.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "d83e97f0-951c-4ccc-630e-08d7ac0f267e",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 31365,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:48:56",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "d83e97f0-951c-4ccc-630e-08d7ac0f267e",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:17.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "2cbbd2bb-607e-49b1-c02c-08d7adfc0e1c",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 33120,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:17",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "2cbbd2bb-607e-49b1-c02c-08d7adfc0e1c",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:48:57.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "165a283d-6f9b-4dc2-1b86-08d7ac0f273c",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 34875,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:48:57",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "165a283d-6f9b-4dc2-1b86-08d7ac0f273c",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:16.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "979931d3-c99d-45b1-14e1-08d7ac0f3209",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 36630,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:16",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "979931d3-c99d-45b1-14e1-08d7ac0f3209",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:20.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "4bddac31-664e-4432-d181-08d7ac0f34d2",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 38385,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:20",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "4bddac31-664e-4432-d181-08d7ac0f34d2",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:14.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "4d2e1010-489d-4aa0-e300-08d7ac0f314c",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 40140,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:14",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "4d2e1010-489d-4aa0-e300-08d7ac0f314c",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:48:44.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "e79cb83c-25b7-4777-57f0-08d7ac0f1f74",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 41895,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:48:44",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "e79cb83c-25b7-4777-57f0-08d7ac0f1f74",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.DisplayName": "Microsoft Exchange Migration",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136",
+        "o365.audit.Parameters.IssueWarningQuota": "9 GB (9,663,676,416 bytes)",
+        "o365.audit.Parameters.Management": "True",
+        "o365.audit.Parameters.Migration": "True",
+        "o365.audit.Parameters.ProhibitSendQuota": "10 GB (10,737,418,240 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "10 GB (10,737,418,240 bytes)",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:14.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "ee2a5c48-f068-4672-3e34-08d7adfc0bf4",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 43719,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:14",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "ee2a5c48-f068-4672-3e34-08d7adfc0bf4",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:14.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "d3533d4d-f62f-4731-d0c9-08d7adfc0c7b",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 45474,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:14",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "d3533d4d-f62f-4731-d0c9-08d7adfc0c7b",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:20.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "b9f4dff2-c7f5-41eb-eae8-08d7ac0f3492",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 47229,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:20",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "b9f4dff2-c7f5-41eb-eae8-08d7ac0f3492",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:08.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "bc03d223-966c-4e33-6cf7-08d7ac0f2d88",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 48984,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:08",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "bc03d223-966c-4e33-6cf7-08d7ac0f2d88",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:20.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "b9f4dff2-c7f5-41eb-eae8-08d7ac0f3492",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 50739,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:20",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "b9f4dff2-c7f5-41eb-eae8-08d7ac0f3492",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:09.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "7a500a7f-cc56-4dfd-d740-08d7ac0f2e45",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 52494,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:09",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "7a500a7f-cc56-4dfd-d740-08d7ac0f2e45",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:10.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "6047e3da-8661-44a4-6fd2-08d7ac0f2e85",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 54249,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:10",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "6047e3da-8661-44a4-6fd2-08d7ac0f2e85",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:21.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "a61cdc9a-89ef-402b-102c-08d7ac0f3592",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 56004,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:21",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "a61cdc9a-89ef-402b-102c-08d7ac0f3592",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:14.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "d16f181c-257c-4d40-45e1-08d7adfc0c02",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 57759,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:14",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "d16f181c-257c-4d40-45e1-08d7adfc0c02",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:48:42.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "27fdc2ec-edbd-445c-92bd-08d7ac0f1dc6",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 59514,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:48:42",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "27fdc2ec-edbd-445c-92bd-08d7ac0f1dc6",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.ClientExtensions": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.GMGen": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}",
+        "o365.audit.Parameters.MailRouting": "True",
+        "o365.audit.Parameters.MaxSendSize": "1 GB (1,073,741,824 bytes)",
+        "o365.audit.Parameters.MessageTracking": "True",
+        "o365.audit.Parameters.OABGen": "True",
+        "o365.audit.Parameters.OMEncryption": "True",
+        "o365.audit.Parameters.SuiteServiceStorage": "True",
+        "o365.audit.Parameters.UMGrammar": "True",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:55.000Z",
+        "event.action": "Set-AdminAuditLogConfig",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "0caecd44-0161-44e5-0e45-08d7ac0f49d6",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 60916,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:55",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "0caecd44-0161-44e5-0e45-08d7ac0f49d6",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Admin Audit Log Settings",
+        "o365.audit.Operation": "Set-AdminAuditLogConfig",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.AdminAuditLogEnabled": "True",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com",
+        "o365.audit.Parameters.IgnoreDehydratedFlag": "True",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:52.000Z",
+        "event.action": "Set-TransportConfig",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "fd804781-7d7f-4d3a-1ef0-08d7ac0f47e4",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 61845,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:52",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "fd804781-7d7f-4d3a-1ef0-08d7ac0f47e4",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Transport Settings",
+        "o365.audit.Operation": "Set-TransportConfig",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.HygieneSuite": "Premium",
+        "o365.audit.Parameters.Identity": "testsiem.onmicrosoft.com",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:48:52.000Z",
+        "event.action": "Set-TransportConfig",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "8a3c4f54-f2de-4717-dd56-08d7ac0f23be",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 62639,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:48:52",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "8a3c4f54-f2de-4717-dd56-08d7ac0f23be",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Transport Settings",
+        "o365.audit.Operation": "Set-TransportConfig",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.Identity": "testsiem.onmicrosoft.com",
+        "o365.audit.Parameters.OrganizationFederatedMailbox": "FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@testsiem.onmicrosoft.com",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:48:06.000Z",
+        "event.action": "New-ExchangeAssistanceConfig",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "627aa8ff-1411-475d-d202-08d7ac0f08a5",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 63518,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:48:06",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "627aa8ff-1411-475d-d202-08d7ac0f08a5",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\ExchangeAssistance",
+        "o365.audit.Operation": "New-ExchangeAssistanceConfig",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.IgnoreDehydratedFlag": "True",
+        "o365.audit.Parameters.Organization": "testsiem.onmicrosoft.com",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:12.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "425128e3-4281-42f6-4ec7-08d7adfc0acd",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 64330,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:12",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "425128e3-4281-42f6-4ec7-08d7adfc0acd",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.DisplayName": "Microsoft Exchange Migration",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136",
+        "o365.audit.Parameters.IssueWarningQuota": "9 GB (9,663,676,416 bytes)",
+        "o365.audit.Parameters.Management": "True",
+        "o365.audit.Parameters.Migration": "True",
+        "o365.audit.Parameters.ProhibitSendQuota": "10 GB (10,737,418,240 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "10 GB (10,737,418,240 bytes)",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:18.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "a4912729-9b49-43b3-d21f-08d7adfc0e8e",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 66154,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:18",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "a4912729-9b49-43b3-d21f-08d7adfc0e8e",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/TenantAllowBlocLists_F0767F09-6B4C-4F78-9234-2C0481176063",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.TenantAllowBlockLists": "True",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:21.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "a61cdc9a-89ef-402b-102c-08d7ac0f3592",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 67910,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:21",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "a61cdc9a-89ef-402b-102c-08d7ac0f3592",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:15.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "8126fd52-b16b-45c5-6aff-08d7adfc0c97",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 69665,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:15",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "8126fd52-b16b-45c5-6aff-08d7adfc0c97",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:14.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "70f24b65-0224-473b-49b8-08d7adfc0c83",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 71420,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:14",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "70f24b65-0224-473b-49b8-08d7adfc0c83",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:17.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "515c88f2-2cbf-4214-2d9b-08d7adfc0e0f",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 73175,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:17",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "515c88f2-2cbf-4214-2d9b-08d7adfc0e0f",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:48:57.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "02c7f756-40e0-4c47-d49d-08d7ac0f26bd",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 74930,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:48:57",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "02c7f756-40e0-4c47-d49d-08d7ac0f26bd",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:02.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "40786a66-fbd5-4a24-d9af-08d7ac0f2a42",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 76685,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:02",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "40786a66-fbd5-4a24-d9af-08d7ac0f2a42",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:15.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "ebda487f-6177-432a-e91d-08d7adfc0d0d",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 78440,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:15",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "ebda487f-6177-432a-e91d-08d7adfc0d0d",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:48:51.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "93d5f028-263c-45f1-dcf9-08d7ac0f2378",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 80195,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:48:51",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "93d5f028-263c-45f1-dcf9-08d7ac0f2378",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.DisplayName": "Microsoft Exchange",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042",
+        "o365.audit.Parameters.IssueWarningQuota": "9 GB (9,663,676,416 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "10 GB (10,737,418,240 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "10 GB (10,737,418,240 bytes)",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:17.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "1eea5379-4c86-4d6f-00cf-08d7adfc0e23",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 81938,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:17",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "1eea5379-4c86-4d6f-00cf-08d7adfc0e23",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:17.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "2202ec45-7abc-49dd-e35e-08d7adfc0e15",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 83693,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:17",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "2202ec45-7abc-49dd-e35e-08d7adfc0e15",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:23.000Z",
+        "event.action": "Set-RecipientEnforcementProvisioningPolicy",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "80d8b808-c24c-4359-24cf-08d7adfc11e3",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 85448,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:23",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "80d8b808-c24c-4359-24cf-08d7adfc11e3",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Recipient Quota Policy",
+        "o365.audit.Operation": "Set-RecipientEnforcementProvisioningPolicy",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.Identity": "testsiem.onmicrosoft.com\\Recipient Quota Policy",
+        "o365.audit.Parameters.IgnoreDehydratedFlag": "True",
+        "o365.audit.Parameters.PublicFolderHierarchyMailboxCountQuota": "100",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:24.000Z",
+        "event.action": "Set-AdminAuditLogConfig",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "9edbf9fe-f844-401f-e9ec-08d7adfc1242",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 86366,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:24",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "9edbf9fe-f844-401f-e9ec-08d7adfc1242",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Admin Audit Log Settings",
+        "o365.audit.Operation": "Set-AdminAuditLogConfig",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.AdminAuditLogEnabled": "True",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com",
+        "o365.audit.Parameters.IgnoreDehydratedFlag": "True",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:15.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "7b5e608f-0a09-4251-8922-08d7adfc0d15",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 87295,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:15",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "7b5e608f-0a09-4251-8922-08d7adfc0d15",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:17.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "2cbbd2bb-607e-49b1-c02c-08d7adfc0e1c",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 89050,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:17",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "2cbbd2bb-607e-49b1-c02c-08d7adfc0e1c",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:24.000Z",
+        "event.action": "Set-AdminAuditLogConfig",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "9edbf9fe-f844-401f-e9ec-08d7adfc1242",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 90805,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:24",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "9edbf9fe-f844-401f-e9ec-08d7adfc1242",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Admin Audit Log Settings",
+        "o365.audit.Operation": "Set-AdminAuditLogConfig",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.AdminAuditLogEnabled": "True",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com",
+        "o365.audit.Parameters.IgnoreDehydratedFlag": "True",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:34.000Z",
+        "event.action": "Set-OwaMailboxPolicy",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "0d7995da-038f-40d9-2765-08d7ac0f3d4d",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 91734,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:34",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "0d7995da-038f-40d9-2765-08d7ac0f3d4d",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\OwaMailboxPolicy-Default",
+        "o365.audit.Operation": "Set-OwaMailboxPolicy",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Identity": "testsiem.onmicrosoft.com\\OwaMailboxPolicy-Default",
+        "o365.audit.Parameters.InstantMessagingType": "Ocs",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:12.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "425128e3-4281-42f6-4ec7-08d7adfc0acd",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 92522,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:12",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "425128e3-4281-42f6-4ec7-08d7adfc0acd",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.DisplayName": "Microsoft Exchange Migration",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136",
+        "o365.audit.Parameters.IssueWarningQuota": "9 GB (9,663,676,416 bytes)",
+        "o365.audit.Parameters.Management": "True",
+        "o365.audit.Parameters.Migration": "True",
+        "o365.audit.Parameters.ProhibitSendQuota": "10 GB (10,737,418,240 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "10 GB (10,737,418,240 bytes)",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:14.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "6ddabbf8-4b7c-4982-2683-08d7adfc0c10",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 94346,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:14",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "6ddabbf8-4b7c-4982-2683-08d7adfc0c10",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:13.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "e6a88958-ff2a-4e9b-d681-08d7adfc0b73",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 96101,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:13",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "e6a88958-ff2a-4e9b-d681-08d7adfc0b73",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.DisplayName": "Microsoft Exchange",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042",
+        "o365.audit.Parameters.IssueWarningQuota": "9 GB (9,663,676,416 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "10 GB (10,737,418,240 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "10 GB (10,737,418,240 bytes)",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:02.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "f580aae6-d0d5-4204-1a13-08d7ac0f2a03",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 97844,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:02",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "f580aae6-d0d5-4204-1a13-08d7ac0f2a03",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:48:57.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "165a283d-6f9b-4dc2-1b86-08d7ac0f273c",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 99599,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:48:57",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "165a283d-6f9b-4dc2-1b86-08d7ac0f273c",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:15.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "2db154f6-63ae-4a31-c548-08d7adfc0d1d",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 101354,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:15",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "2db154f6-63ae-4a31-c548-08d7adfc0d1d",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:21.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "a61cdc9a-89ef-402b-102c-08d7ac0f3592",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 103109,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:21",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "a61cdc9a-89ef-402b-102c-08d7ac0f3592",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:17.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "2202ec45-7abc-49dd-e35e-08d7adfc0e15",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 104864,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:17",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "2202ec45-7abc-49dd-e35e-08d7adfc0e15",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:48:04.000Z",
+        "event.action": "Enable-AddressListPaging",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "a0063917-bb25-4c17-fe2e-08d7ac0f0769",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 106619,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:48:04",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "a0063917-bb25-4c17-fe2e-08d7ac0f0769",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com",
+        "o365.audit.Operation": "Enable-AddressListPaging",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.DoNotUpdateRecipients": "True",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:55.000Z",
+        "event.action": "Set-AdminAuditLogConfig",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "0caecd44-0161-44e5-0e45-08d7ac0f49d6",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 107473,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:55",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "0caecd44-0161-44e5-0e45-08d7ac0f49d6",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Admin Audit Log Settings",
+        "o365.audit.Operation": "Set-AdminAuditLogConfig",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.AdminAuditLogEnabled": "True",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com",
+        "o365.audit.Parameters.IgnoreDehydratedFlag": "True",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:24.000Z",
+        "event.action": "Set-ExchangeAssistanceConfig",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "2cb36c1c-1368-4483-9801-08d7adfc11fe",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 108402,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:24",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "2cb36c1c-1368-4483-9801-08d7adfc11fe",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\ExchangeAssistance15",
+        "o365.audit.Operation": "Set-ExchangeAssistanceConfig",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Identity": "testsiem.onmicrosoft.com",
+        "o365.audit.Parameters.PrivacyLinkDisplayEnabled": "True",
+        "o365.audit.Parameters.PrivacyStatementURL": "http://go.microsoft.com/fwlink/?LinkID=259417",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:23.000Z",
+        "event.action": "Set-RecipientEnforcementProvisioningPolicy",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "80d8b808-c24c-4359-24cf-08d7adfc11e3",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 109265,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:23",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "80d8b808-c24c-4359-24cf-08d7adfc11e3",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Recipient Quota Policy",
+        "o365.audit.Operation": "Set-RecipientEnforcementProvisioningPolicy",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.Identity": "testsiem.onmicrosoft.com\\Recipient Quota Policy",
+        "o365.audit.Parameters.IgnoreDehydratedFlag": "True",
+        "o365.audit.Parameters.PublicFolderHierarchyMailboxCountQuota": "100",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:24.000Z",
+        "event.action": "Set-TenantObjectVersion",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "a9fb5fce-4ce4-43eb-f429-08d7adfc122c",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 110183,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:24",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "a9fb5fce-4ce4-43eb-f429-08d7adfc122c",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com",
+        "o365.audit.Operation": "Set-TenantObjectVersion",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:49.000Z",
+        "event.action": "Add-MailboxPermission",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "5f84ceaa-e6df-4ba1-1085-08d7ac0f4646",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 110984,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:49",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "5f84ceaa-e6df-4ba1-1085-08d7ac0f4646",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}",
+        "o365.audit.Operation": "Add-MailboxPermission",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.AccessRights": "FullAccess",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}",
+        "o365.audit.Parameters.User": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Discovery Management",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:49.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "1c7412a6-858d-49ff-3f93-08d7ac0f45bf",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 112168,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:49",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "1c7412a6-858d-49ff-3f93-08d7ac0f45bf",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:55.000Z",
+        "event.action": "Set-AdminAuditLogConfig",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "0caecd44-0161-44e5-0e45-08d7ac0f49d6",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 113148,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:55",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "0caecd44-0161-44e5-0e45-08d7ac0f49d6",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Admin Audit Log Settings",
+        "o365.audit.Operation": "Set-AdminAuditLogConfig",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.AdminAuditLogEnabled": "True",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com",
+        "o365.audit.Parameters.IgnoreDehydratedFlag": "True",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:12.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "7386959b-a0d0-459e-baf8-08d7adfc0b4b",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 114077,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:12",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "7386959b-a0d0-459e-baf8-08d7adfc0b4b",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.OMEncryptionStore": "True",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:15.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "7b5e608f-0a09-4251-8922-08d7adfc0d15",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 115817,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:15",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "7b5e608f-0a09-4251-8922-08d7adfc0d15",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:03.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "96b98335-ab19-4e22-31e0-08d7ac0f2ac2",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 117572,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:03",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "96b98335-ab19-4e22-31e0-08d7ac0f2ac2",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:21.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "a61cdc9a-89ef-402b-102c-08d7ac0f3592",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 119327,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:21",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "a61cdc9a-89ef-402b-102c-08d7ac0f3592",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:04.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "5cd5fc38-5b48-47d6-2e47-08d7ac0f2b01",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 121082,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:04",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "5cd5fc38-5b48-47d6-2e47-08d7ac0f2b01",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{61D4A3E5-D6B5-401C-B13A-CCAD2BA8E8E9}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:21.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "ff48ffeb-5c2a-468f-9113-08d7ac0f3512",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 122837,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:21",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "ff48ffeb-5c2a-468f-9113-08d7ac0f3512",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:14.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "d16f181c-257c-4d40-45e1-08d7adfc0c02",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 124592,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:14",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "d16f181c-257c-4d40-45e1-08d7adfc0c02",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:48:57.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "02c7f756-40e0-4c47-d49d-08d7ac0f26bd",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 126347,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:48:57",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "02c7f756-40e0-4c47-d49d-08d7ac0f26bd",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:21.000Z",
+        "event.action": "Add-MailboxPermission",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "86a8ddaf-15d2-44b4-62d5-08d7adfc1062",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 128102,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:21",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "86a8ddaf-15d2-44b4-62d5-08d7adfc1062",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}",
+        "o365.audit.Operation": "Add-MailboxPermission",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.AccessRights": "FullAccess",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}",
+        "o365.audit.Parameters.User": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Discovery Management",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:48:57.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "8b544cbd-f42b-4910-82ef-08d7ac0f26fc",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 129286,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:48:57",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "8b544cbd-f42b-4910-82ef-08d7ac0f26fc",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{E9F19AD5-5B1D-4361-BE94-E55A6E1A6AA3}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:13.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "e6a88958-ff2a-4e9b-d681-08d7adfc0b73",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 131041,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:13",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "e6a88958-ff2a-4e9b-d681-08d7adfc0b73",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.DisplayName": "Microsoft Exchange",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042",
+        "o365.audit.Parameters.IssueWarningQuota": "9 GB (9,663,676,416 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "10 GB (10,737,418,240 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "10 GB (10,737,418,240 bytes)",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:07.000Z",
+        "event.action": "Enable-AddressListPaging",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "d7134fa4-2e25-4a7d-d84d-08d7adfc0802",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 132784,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:07",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "d7134fa4-2e25-4a7d-d84d-08d7adfc0802",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com",
+        "o365.audit.Operation": "Enable-AddressListPaging",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.DoNotUpdateRecipients": "True",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:14.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "ee2a5c48-f068-4672-3e34-08d7adfc0bf4",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 133638,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:14",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "ee2a5c48-f068-4672-3e34-08d7adfc0bf4",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:48:32.000Z",
+        "event.action": "Install-ResourceConfig",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "060e0f74-72a7-40d1-30fa-08d7ac0f17d8",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 135393,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:48:32",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "060e0f74-72a7-40d1-30fa-08d7ac0f17d8",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Resource Schema",
+        "o365.audit.Operation": "Install-ResourceConfig",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.Organization": "testsiem.onmicrosoft.com",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:23.000Z",
+        "event.action": "Set-RecipientEnforcementProvisioningPolicy",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "80d8b808-c24c-4359-24cf-08d7adfc11e3",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 136145,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:23",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "80d8b808-c24c-4359-24cf-08d7adfc11e3",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Recipient Quota Policy",
+        "o365.audit.Operation": "Set-RecipientEnforcementProvisioningPolicy",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.Identity": "testsiem.onmicrosoft.com\\Recipient Quota Policy",
+        "o365.audit.Parameters.IgnoreDehydratedFlag": "True",
+        "o365.audit.Parameters.PublicFolderHierarchyMailboxCountQuota": "100",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:48:42.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "27fdc2ec-edbd-445c-92bd-08d7ac0f1dc6",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 137063,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:48:42",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "27fdc2ec-edbd-445c-92bd-08d7ac0f1dc6",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.ClientExtensions": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.GMGen": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}",
+        "o365.audit.Parameters.MailRouting": "True",
+        "o365.audit.Parameters.MaxSendSize": "1 GB (1,073,741,824 bytes)",
+        "o365.audit.Parameters.MessageTracking": "True",
+        "o365.audit.Parameters.OABGen": "True",
+        "o365.audit.Parameters.OMEncryption": "True",
+        "o365.audit.Parameters.SuiteServiceStorage": "True",
+        "o365.audit.Parameters.UMGrammar": "True",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:16.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "c6db95ea-9eae-4b58-d692-08d7adfc0d98",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 138465,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:16",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "c6db95ea-9eae-4b58-d692-08d7adfc0d98",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{505B6405-958B-45A0-BAAE-76A0D7ACAE83}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:49:52.000Z",
+        "event.action": "Set-RecipientEnforcementProvisioningPolicy",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "c706f54e-1b00-43ed-5b06-08d7ac0f47a6",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 140220,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:49:52",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "c706f54e-1b00-43ed-5b06-08d7ac0f47a6",
+        "o365.audit.ObjectId": "testsiem.onmicrosoft.com\\Recipient Quota Policy",
+        "o365.audit.Operation": "Set-RecipientEnforcementProvisioningPolicy",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.DomainController": "",
+        "o365.audit.Parameters.Identity": "testsiem.onmicrosoft.com\\Recipient Quota Policy",
+        "o365.audit.Parameters.IgnoreDehydratedFlag": "True",
+        "o365.audit.Parameters.PublicFolderHierarchyMailboxCountQuota": "100",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:15.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "fcd82149-fc1c-4866-e16d-08d7adfc0cff",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 141138,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:15",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "fcd82149-fc1c-4866-e16d-08d7adfc0cff",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{368F7EFB-D8B2-448B-A304-41EA44801476}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-07T20:48:44.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "e79cb83c-25b7-4777-57f0-08d7ac0f1f74",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 142893,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-07T20:48:44",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "e79cb83c-25b7-4777-57f0-08d7ac0f1f74",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.DisplayName": "Microsoft Exchange Migration",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/Migration.8f3e7716-2011-43e4-96b1-aba62d229136",
+        "o365.audit.Parameters.IssueWarningQuota": "9 GB (9,663,676,416 bytes)",
+        "o365.audit.Parameters.Management": "True",
+        "o365.audit.Parameters.Migration": "True",
+        "o365.audit.Parameters.ProhibitSendQuota": "10 GB (10,737,418,240 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "10 GB (10,737,418,240 bytes)",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    },
+    {
+        "@timestamp": "2020-02-10T07:37:16.000Z",
+        "event.action": "Set-Mailbox",
+        "event.category": "web",
+        "event.code": "ExchangeAdmin",
+        "event.dataset": "o365.audit",
+        "event.id": "e9e580ee-ac04-436f-9214-08d7adfc0d8b",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 144717,
+        "o365.audit.AppId": "",
+        "o365.audit.ClientAppId": "",
+        "o365.audit.CreationTime": "2020-02-10T07:37:16",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "e9e580ee-ac04-436f-9214-08d7adfc0d8b",
+        "o365.audit.ObjectId": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}",
+        "o365.audit.Operation": "Set-Mailbox",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "HE1PR0102MB3228 (15.20.2707.017)",
+        "o365.audit.Parameters.Arbitration": "True",
+        "o365.audit.Parameters.Force": "True",
+        "o365.audit.Parameters.HiddenFromAddressListsEnabled": "True",
+        "o365.audit.Parameters.Identity": "EURPR01A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/testsiem.onmicrosoft.com/QuarantineOrgShard{D5FD6316-0A84-416F-8512-3E97EBAF9B1D}",
+        "o365.audit.Parameters.IssueWarningQuota": "90 GB (96,636,764,160 bytes)",
+        "o365.audit.Parameters.ProhibitSendQuota": "99 GB (106,300,440,576 bytes)",
+        "o365.audit.Parameters.ProhibitSendReceiveQuota": "100 GB (107,374,182,400 bytes)",
+        "o365.audit.Parameters.QuarantineMessageStore": "True",
+        "o365.audit.Parameters.RecoverableItemsQuota": "30 GB (32,212,254,720 bytes)",
+        "o365.audit.Parameters.RecoverableItemsWarningQuota": "20 GB (21,474,836,480 bytes)",
+        "o365.audit.Parameters.SCLDeleteEnabled": "False",
+        "o365.audit.Parameters.SCLJunkEnabled": "False",
+        "o365.audit.Parameters.SCLQuarantineEnabled": "False",
+        "o365.audit.Parameters.SCLRejectEnabled": "False",
+        "o365.audit.Parameters.UseDatabaseQuotaDefaults": "False",
+        "o365.audit.RecordType": 1,
+        "o365.audit.ResultStatus": "True",
+        "o365.audit.UserId": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserKey": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)",
+        "o365.audit.UserType": 3,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "server.address": "HE1PR0102MB3228 (15.20.2707.017)",
+        "service.type": "o365",
+        "user.id": "NT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/o365/audit/test/02-exchange-item.log b/x-pack/filebeat/module/o365/audit/test/02-exchange-item.log
new file mode 100644
index 00000000000..4343b23e7c3
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/test/02-exchange-item.log
@@ -0,0 +1,9 @@
+{"OrganizationName":"testsiem.onmicrosoft.com","UserKey":"S-1-5-18","MailboxGuid":"26286ffa-073d-45ff-9fe9-539891984d69","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"Create","ClientIPAddress":"::1","Item":{"InternetMessageId":"<AM6PR01MB4535D305187FEC8127CF8EDFEE160@AM6PR01MB4535.eurprd01.prod.exchangelabs.com>","IsRecord":false,"Id":"RgAAAACklF6sEsJgSK/ulVd531/WBwCzgXIUnq3lQqXFeCmxHwmHAAAAAAEMAACzgXIUnq3lQqXFeCmxHwmHAAAAABULAAAJ","Attachments":"warming_email_03_2017_calendar.png (599b); warming_email_03_2017_conversation.png (614b); warming_email_03_2017_links.png (1403b); google_play_store_badge.png (4824b); apple_store_badge.png (4446b); windows_store_badge.png (3681b); warming_email_03_2017_files.png (809b); warming_email_03_2017_sharePoint.png (1432b)","ParentFolder":{"Path":"\\Inbox","Id":"LgAAAACklF6sEsJgSK/ulVd531/WAQCzgXIUnq3lQqXFeCmxHwmHAAAAAAEMAAAB"},"Subject":"The new SIEMTest group is ready"},"LogonUserSid":"S-1-5-18","OriginatingServer":"AM6PR01MB4535 (15.20.2729.032)\n","RecordType":2,"Version":1,"ClientInfoString":"Client=WebServices;Action=ConfigureGroupMailbox","MailboxOwnerUPN":"SIEMTest@testsiem.onmicrosoft.com","MailboxOwnerMasterAccountSid":"S-1-5-10","MailboxOwnerSid":"S-1-5-21-3422892061-1135328251-2670905592-26680073","ResultStatus":"Succeeded","ExternalAccess":true,"LogonType":1,"ClientIP":"::1","Workload":"Exchange","InternalLogonType":1,"UserId":"S-1-5-18","CreationTime":"2020-02-17T17:12:03","Id":"3be78a31-dbd3-4c2c-eaf9-08d7b3cc8226","UserType":2}
+{"OrganizationName":"testsiem.onmicrosoft.com","UserKey":"S-1-5-18","MailboxGuid":"778e6fd9-b5d5-4431-a10f-245bde6e0cb8","Operation":"Create","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","ClientIPAddress":"::1","Item":{"InternetMessageId":"<DB3PR0102MB35003D203E5553CBC1B8AAEAE2160@DB3PR0102MB3500.eurprd01.prod.exchangelabs.com>","IsRecord":false,"Id":"RgAAAABQ7FIOAzxlR4hKCRQRbTbvBwBTdQb34omtRrZGvP+4ONQkAAAAAAEMAABTdQb34omtRrZGvP+4ONQkAAAAAA0lAAAJ","ParentFolder":{"Path":"\\Inbox","Id":"LgAAAABQ7FIOAzxlR4hKCRQRbTbvAQBTdQb34omtRrZGvP+4ONQkAAAAAAEMAAAB"},"Attachments":"warming_email_03_2017_calendar.png (598b); warming_email_03_2017_conversation.png (613b); warming_email_03_2017_links.png (1402b); google_play_store_badge.png (4823b); apple_store_badge.png (4445b); windows_store_badge.png (3680b); warming_email_03_2017_files.png (808b); warming_email_03_2017_sharePoint.png (1431b)","Subject":"The new All Company group is ready"},"LogonUserSid":"S-1-5-18","RecordType":2,"OriginatingServer":"DB3PR0102MB3500 (15.20.2729.032)\n","Version":1,"ClientInfoString":"Client=WebServices;Action=ConfigureGroupMailbox","MailboxOwnerUPN":"AllCompany.4529848321.eqpfynvc@testsiem.onmicrosoft.com","MailboxOwnerMasterAccountSid":"S-1-5-10","MailboxOwnerSid":"S-1-5-21-3422892061-1135328251-2670905592-26679883","ResultStatus":"Succeeded","LogonType":1,"ExternalAccess":true,"ClientIP":"::1","Workload":"Exchange","InternalLogonType":1,"UserId":"S-1-5-18","CreationTime":"2020-02-17T08:53:46","Id":"c0790552-9989-4e91-cba4-08d7b386e642","UserType":2}
+{"OrganizationName":"testsiem.onmicrosoft.com","UserKey":"S-1-5-18","MailboxGuid":"685170f5-2238-470d-824b-239a02afafbd","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"Create","ClientIPAddress":"::1","Item":{"InternetMessageId":"<DB7PR01MB442884FC2132AE2A909799BAFC160@DB7PR01MB4428.eurprd01.prod.exchangelabs.com>","IsRecord":false,"Id":"RgAAAABkkJvTy6NaRYV8EL+vMtzZBwAk6unHVumCRJNhRrAMRwYLAAAAAAEMAAAk6unHVumCRJNhRrAMRwYLAAAAAAk9AAAJ","ParentFolder":{"Path":"\\Inbox","Id":"LgAAAABkkJvTy6NaRYV8EL+vMtzZAQAk6unHVumCRJNhRrAMRwYLAAAAAAEMAAAB"},"Attachments":"warming_email_03_2017_calendar.png (598b); warming_email_03_2017_conversation.png (613b); warming_email_03_2017_links.png (1402b); google_play_store_badge.png (4823b); apple_store_badge.png (4445b); windows_store_badge.png (3680b); warming_email_03_2017_files.png (808b); warming_email_03_2017_sharePoint.png (1431b)","Subject":"The new All Company group is ready"},"LogonUserSid":"S-1-5-18","RecordType":2,"OriginatingServer":"DB7PR01MB4428 (15.20.2707.031)\n","Version":1,"ClientInfoString":"Client=WebServices;Action=ConfigureGroupMailbox","MailboxOwnerUPN":"AllCompany.4529848321.sqtielgo@testsiem.onmicrosoft.com","MailboxOwnerMasterAccountSid":"S-1-5-10","MailboxOwnerSid":"S-1-5-21-3422892061-1135328251-2670905592-26679882","ResultStatus":"Succeeded","ExternalAccess":true,"LogonType":1,"ClientIP":"::1","Workload":"Exchange","InternalLogonType":1,"UserId":"S-1-5-18","CreationTime":"2020-02-17T08:53:31","Id":"c6b58ed7-a54a-47cf-a301-08d7b386dd7c","UserType":2}
+{"OrganizationName":"testsiem.onmicrosoft.com","UserKey":"S-1-5-18","MailboxGuid":"778e6fd9-b5d5-4431-a10f-245bde6e0cb8","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"ModifyFolderPermissions","ClientIPAddress":"::1","Item":{"Id":"LgAAAABQ7FIOAzxlR4hKCRQRbTbvAQBTdQb34omtRrZGvP+4ONQkAAAAAAENAAAC","ParentFolder":{"Path":"\\Calendar","MemberRights":"ReadAny, Visible, FreeBusySimple, FreeBusyDetailed","MemberSid":"S-1-8-2005823449-1144108501-1529089953-3087822558-1","Id":"LgAAAABQ7FIOAzxlR4hKCRQRbTbvAQBTdQb34omtRrZGvP+4ONQkAAAAAAENAAAC","MemberUpn":"Member@local","Name":"Calendar"}},"LogonUserSid":"S-1-5-18","RecordType":2,"OriginatingServer":"DB3PR0102MB3500 (15.20.2729.032)","Version":1,"ClientInfoString":"Client=WebServices;Action=ConfigureGroupMailbox","MailboxOwnerUPN":"AllCompany.4529848321.eqpfynvc@testsiem.onmicrosoft.com","MailboxOwnerMasterAccountSid":"S-1-5-10","MailboxOwnerSid":"S-1-5-21-3422892061-1135328251-2670905592-26679883","ResultStatus":"Succeeded","ExternalAccess":true,"LogonType":1,"ClientIP":"::1","Workload":"Exchange","InternalLogonType":1,"UserId":"S-1-5-18","CreationTime":"2020-02-17T08:53:41","Id":"815684be-4e52-4cb2-9242-08d7b386e333","UserType":2}
+{"OrganizationName":"testsiem.onmicrosoft.com","UserKey":"S-1-5-18","MailboxGuid":"685170f5-2238-470d-824b-239a02afafbd","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"ModifyFolderPermissions","ClientIPAddress":"::1","Item":{"Id":"LgAAAABkkJvTy6NaRYV8EL+vMtzZAQAk6unHVumCRJNhRrAMRwYLAAAAAAENAAAC","ParentFolder":{"Path":"\\Calendar","MemberRights":"ReadAny, Create, EditOwned, DeleteOwned, EditAny, DeleteAny, Visible, FreeBusySimple, FreeBusyDetailed","MemberSid":"S-1-8-1750167797-1192043064-2586004354-3182407426-0","Id":"LgAAAABkkJvTy6NaRYV8EL+vMtzZAQAk6unHVumCRJNhRrAMRwYLAAAAAAENAAAC","MemberUpn":"Owner@local","Name":"Calendar"}},"LogonUserSid":"S-1-5-18","RecordType":2,"OriginatingServer":"DB7PR01MB4428 (15.20.2707.031)\n","Version":1,"ClientInfoString":"Client=WebServices;Action=ConfigureGroupMailbox","MailboxOwnerUPN":"AllCompany.4529848321.sqtielgo@testsiem.onmicrosoft.com","MailboxOwnerMasterAccountSid":"S-1-5-10","MailboxOwnerSid":"S-1-5-21-3422892061-1135328251-2670905592-26679882","ResultStatus":"Succeeded","ExternalAccess":true,"LogonType":1,"ClientIP":"::1","Workload":"Exchange","InternalLogonType":1,"UserId":"S-1-5-18","CreationTime":"2020-02-17T08:53:22","Id":"f5b56c26-18aa-4984-822e-08d7b386d7e2","UserType":2}
+{"OrganizationName":"testsiem.onmicrosoft.com","UserKey":"S-1-5-18","MailboxGuid":"685170f5-2238-470d-824b-239a02afafbd","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"ModifyFolderPermissions","ClientIPAddress":"::1","Item":{"Id":"LgAAAABkkJvTy6NaRYV8EL+vMtzZAQAk6unHVumCRJNhRrAMRwYLAAAAAAENAAAC","ParentFolder":{"Path":"\\Calendar","MemberRights":"ReadAny, Visible, FreeBusySimple, FreeBusyDetailed","MemberSid":"S-1-8-1750167797-1192043064-2586004354-3182407426-1","Id":"LgAAAABkkJvTy6NaRYV8EL+vMtzZAQAk6unHVumCRJNhRrAMRwYLAAAAAAENAAAC","MemberUpn":"Member@local","Name":"Calendar"}},"LogonUserSid":"S-1-5-18","OriginatingServer":"DB7PR01MB4428 (15.20.2707.031)\n","RecordType":2,"Version":1,"ClientInfoString":"Client=WebServices;Action=ConfigureGroupMailbox","MailboxOwnerUPN":"AllCompany.4529848321.sqtielgo@testsiem.onmicrosoft.com","MailboxOwnerMasterAccountSid":"S-1-5-10","MailboxOwnerSid":"S-1-5-21-3422892061-1135328251-2670905592-26679882","ResultStatus":"Succeeded","LogonType":1,"ExternalAccess":true,"ClientIP":"::1","Workload":"Exchange","InternalLogonType":1,"UserId":"S-1-5-18","CreationTime":"2020-02-17T08:53:22","Id":"25ccad93-82ad-4742-5231-08d7b386d7e6","UserType":2}
+{"OrganizationName":"testsiem.onmicrosoft.com","UserKey":"S-1-5-18","MailboxGuid":"778e6fd9-b5d5-4431-a10f-245bde6e0cb8","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"ModifyFolderPermissions","ClientIPAddress":"::1","Item":{"Id":"LgAAAABQ7FIOAzxlR4hKCRQRbTbvAQBTdQb34omtRrZGvP+4ONQkAAAAAAENAAAC","ParentFolder":{"Path":"\\Calendar","MemberRights":"ReadAny, Create, EditOwned, DeleteOwned, EditAny, DeleteAny, Visible, FreeBusySimple, FreeBusyDetailed","MemberSid":"S-1-8-2005823449-1144108501-1529089953-3087822558-0","MemberUpn":"Owner@local","Id":"LgAAAABQ7FIOAzxlR4hKCRQRbTbvAQBTdQb34omtRrZGvP+4ONQkAAAAAAENAAAC","Name":"Calendar"}},"LogonUserSid":"S-1-5-18","OriginatingServer":"DB3PR0102MB3500 (15.20.2729.032)\n","RecordType":2,"Version":1,"ClientInfoString":"Client=WebServices;Action=ConfigureGroupMailbox","MailboxOwnerUPN":"AllCompany.4529848321.eqpfynvc@testsiem.onmicrosoft.com","MailboxOwnerMasterAccountSid":"S-1-5-10","MailboxOwnerSid":"S-1-5-21-3422892061-1135328251-2670905592-26679883","ResultStatus":"Succeeded","LogonType":1,"ExternalAccess":true,"ClientIP":"::1","Workload":"Exchange","InternalLogonType":1,"UserId":"S-1-5-18","CreationTime":"2020-02-17T08:53:41","Id":"edb9bb1f-9629-43a1-0a57-08d7b386e31c","UserType":2}
+{"OrganizationName":"testsiem.onmicrosoft.com","UserKey":"S-1-5-18","MailboxGuid":"26286ffa-073d-45ff-9fe9-539891984d69","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"ModifyFolderPermissions","ClientIPAddress":"::1","Item":{"Id":"LgAAAACklF6sEsJgSK/ulVd531/WAQCzgXIUnq3lQqXFeCmxHwmHAAAAAAENAAAC","ParentFolder":{"Path":"\\Calendar","MemberRights":"ReadAny, Create, EditOwned, DeleteOwned, EditAny, DeleteAny, Visible, FreeBusySimple, FreeBusyDetailed","MemberSid":"S-1-8-640184314-1174341437-2555636127-1766693009-1","MemberUpn":"Member@local","Id":"LgAAAACklF6sEsJgSK/ulVd531/WAQCzgXIUnq3lQqXFeCmxHwmHAAAAAAENAAAC","Name":"Calendar"}},"LogonUserSid":"S-1-5-18","OriginatingServer":"AM6PR01MB4535 (15.20.2729.032)\n","RecordType":2,"Version":1,"ClientInfoString":"Client=WebServices;Action=ConfigureGroupMailbox","MailboxOwnerUPN":"SIEMTest@testsiem.onmicrosoft.com","MailboxOwnerMasterAccountSid":"S-1-5-10","MailboxOwnerSid":"S-1-5-21-3422892061-1135328251-2670905592-26680073","ResultStatus":"Succeeded","LogonType":1,"ExternalAccess":true,"ClientIP":"::1","Workload":"Exchange","InternalLogonType":1,"UserId":"S-1-5-18","CreationTime":"2020-02-17T17:12:03","Id":"df63d186-b4d9-49a8-748c-08d7b3cc81fb","UserType":2}
+{"OrganizationName":"testsiem.onmicrosoft.com","UserKey":"S-1-5-18","MailboxGuid":"26286ffa-073d-45ff-9fe9-539891984d69","Operation":"ModifyFolderPermissions","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","ClientIPAddress":"::1","Item":{"Id":"LgAAAACklF6sEsJgSK/ulVd531/WAQCzgXIUnq3lQqXFeCmxHwmHAAAAAAENAAAC","ParentFolder":{"Path":"\\Calendar","MemberRights":"ReadAny, Create, EditOwned, DeleteOwned, EditAny, DeleteAny, Visible, FreeBusySimple, FreeBusyDetailed","MemberSid":"S-1-8-640184314-1174341437-2555636127-1766693009-0","Id":"LgAAAACklF6sEsJgSK/ulVd531/WAQCzgXIUnq3lQqXFeCmxHwmHAAAAAAENAAAC","MemberUpn":"Owner@local","Name":"Calendar"}},"LogonUserSid":"S-1-5-18","OriginatingServer":"AM6PR01MB4535 (15.20.2729.032)\n","RecordType":2,"Version":1,"ClientInfoString":"Client=WebServices;Action=ConfigureGroupMailbox","MailboxOwnerUPN":"SIEMTest@testsiem.onmicrosoft.com","MailboxOwnerMasterAccountSid":"S-1-5-10","MailboxOwnerSid":"S-1-5-21-3422892061-1135328251-2670905592-26680073","ResultStatus":"Succeeded","ExternalAccess":true,"LogonType":1,"ClientIP":"::1","Workload":"Exchange","InternalLogonType":1,"UserId":"S-1-5-18","CreationTime":"2020-02-17T17:12:03","Id":"284dfe85-ab53-48ad-0863-08d7b3cc81f7","UserType":2}
diff --git a/x-pack/filebeat/module/o365/audit/test/02-exchange-item.log-expected.json b/x-pack/filebeat/module/o365/audit/test/02-exchange-item.log-expected.json
new file mode 100644
index 00000000000..525e9dcf362
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/test/02-exchange-item.log-expected.json
@@ -0,0 +1,533 @@
+[
+    {
+        "@timestamp": "2020-02-17T17:12:03.000Z",
+        "client.address": "::1",
+        "client.ip": "::1",
+        "event.action": "Create",
+        "event.category": "web",
+        "event.code": "ExchangeItem",
+        "event.dataset": "o365.audit",
+        "event.id": "3be78a31-dbd3-4c2c-eaf9-08d7b3cc8226",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 0,
+        "network.type": "ipv6",
+        "o365.audit.ClientIP": "::1",
+        "o365.audit.ClientIPAddress": "::1",
+        "o365.audit.ClientInfoString": "Client=WebServices;Action=ConfigureGroupMailbox",
+        "o365.audit.CreationTime": "2020-02-17T17:12:03",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "3be78a31-dbd3-4c2c-eaf9-08d7b3cc8226",
+        "o365.audit.InternalLogonType": 1,
+        "o365.audit.Item.Attachments": "warming_email_03_2017_calendar.png (599b); warming_email_03_2017_conversation.png (614b); warming_email_03_2017_links.png (1403b); google_play_store_badge.png (4824b); apple_store_badge.png (4446b); windows_store_badge.png (3681b); warming_email_03_2017_files.png (809b); warming_email_03_2017_sharePoint.png (1432b)",
+        "o365.audit.Item.Id": "RgAAAACklF6sEsJgSK/ulVd531/WBwCzgXIUnq3lQqXFeCmxHwmHAAAAAAEMAACzgXIUnq3lQqXFeCmxHwmHAAAAABULAAAJ",
+        "o365.audit.Item.InternetMessageId": "<AM6PR01MB4535D305187FEC8127CF8EDFEE160@AM6PR01MB4535.eurprd01.prod.exchangelabs.com>",
+        "o365.audit.Item.IsRecord": false,
+        "o365.audit.Item.ParentFolder.Id": "LgAAAACklF6sEsJgSK/ulVd531/WAQCzgXIUnq3lQqXFeCmxHwmHAAAAAAEMAAAB",
+        "o365.audit.Item.ParentFolder.Path": "\\Inbox",
+        "o365.audit.Item.Subject": "The new SIEMTest group is ready",
+        "o365.audit.LogonType": 1,
+        "o365.audit.LogonUserSid": "S-1-5-18",
+        "o365.audit.MailboxGuid": "26286ffa-073d-45ff-9fe9-539891984d69",
+        "o365.audit.MailboxOwnerMasterAccountSid": "S-1-5-10",
+        "o365.audit.MailboxOwnerSid": "S-1-5-21-3422892061-1135328251-2670905592-26680073",
+        "o365.audit.MailboxOwnerUPN": "SIEMTest@testsiem.onmicrosoft.com",
+        "o365.audit.Operation": "Create",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "AM6PR01MB4535 (15.20.2729.032)\n",
+        "o365.audit.RecordType": 2,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.UserId": "S-1-5-18",
+        "o365.audit.UserKey": "S-1-5-18",
+        "o365.audit.UserType": 2,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "related.ip": "::1",
+        "server.address": "AM6PR01MB4535 (15.20.2729.032)\n",
+        "service.type": "o365",
+        "source.ip": "::1",
+        "user.email": "SIEMTest@testsiem.onmicrosoft.com",
+        "user.id": "S-1-5-18"
+    },
+    {
+        "@timestamp": "2020-02-17T08:53:46.000Z",
+        "client.address": "::1",
+        "client.ip": "::1",
+        "event.action": "Create",
+        "event.category": "web",
+        "event.code": "ExchangeItem",
+        "event.dataset": "o365.audit",
+        "event.id": "c0790552-9989-4e91-cba4-08d7b386e642",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 1526,
+        "network.type": "ipv6",
+        "o365.audit.ClientIP": "::1",
+        "o365.audit.ClientIPAddress": "::1",
+        "o365.audit.ClientInfoString": "Client=WebServices;Action=ConfigureGroupMailbox",
+        "o365.audit.CreationTime": "2020-02-17T08:53:46",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "c0790552-9989-4e91-cba4-08d7b386e642",
+        "o365.audit.InternalLogonType": 1,
+        "o365.audit.Item.Attachments": "warming_email_03_2017_calendar.png (598b); warming_email_03_2017_conversation.png (613b); warming_email_03_2017_links.png (1402b); google_play_store_badge.png (4823b); apple_store_badge.png (4445b); windows_store_badge.png (3680b); warming_email_03_2017_files.png (808b); warming_email_03_2017_sharePoint.png (1431b)",
+        "o365.audit.Item.Id": "RgAAAABQ7FIOAzxlR4hKCRQRbTbvBwBTdQb34omtRrZGvP+4ONQkAAAAAAEMAABTdQb34omtRrZGvP+4ONQkAAAAAA0lAAAJ",
+        "o365.audit.Item.InternetMessageId": "<DB3PR0102MB35003D203E5553CBC1B8AAEAE2160@DB3PR0102MB3500.eurprd01.prod.exchangelabs.com>",
+        "o365.audit.Item.IsRecord": false,
+        "o365.audit.Item.ParentFolder.Id": "LgAAAABQ7FIOAzxlR4hKCRQRbTbvAQBTdQb34omtRrZGvP+4ONQkAAAAAAEMAAAB",
+        "o365.audit.Item.ParentFolder.Path": "\\Inbox",
+        "o365.audit.Item.Subject": "The new All Company group is ready",
+        "o365.audit.LogonType": 1,
+        "o365.audit.LogonUserSid": "S-1-5-18",
+        "o365.audit.MailboxGuid": "778e6fd9-b5d5-4431-a10f-245bde6e0cb8",
+        "o365.audit.MailboxOwnerMasterAccountSid": "S-1-5-10",
+        "o365.audit.MailboxOwnerSid": "S-1-5-21-3422892061-1135328251-2670905592-26679883",
+        "o365.audit.MailboxOwnerUPN": "AllCompany.4529848321.eqpfynvc@testsiem.onmicrosoft.com",
+        "o365.audit.Operation": "Create",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "DB3PR0102MB3500 (15.20.2729.032)\n",
+        "o365.audit.RecordType": 2,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.UserId": "S-1-5-18",
+        "o365.audit.UserKey": "S-1-5-18",
+        "o365.audit.UserType": 2,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "related.ip": "::1",
+        "server.address": "DB3PR0102MB3500 (15.20.2729.032)\n",
+        "service.type": "o365",
+        "source.ip": "::1",
+        "user.email": "AllCompany.4529848321.eqpfynvc@testsiem.onmicrosoft.com",
+        "user.id": "S-1-5-18"
+    },
+    {
+        "@timestamp": "2020-02-17T08:53:31.000Z",
+        "client.address": "::1",
+        "client.ip": "::1",
+        "event.action": "Create",
+        "event.category": "web",
+        "event.code": "ExchangeItem",
+        "event.dataset": "o365.audit",
+        "event.id": "c6b58ed7-a54a-47cf-a301-08d7b386dd7c",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 3083,
+        "network.type": "ipv6",
+        "o365.audit.ClientIP": "::1",
+        "o365.audit.ClientIPAddress": "::1",
+        "o365.audit.ClientInfoString": "Client=WebServices;Action=ConfigureGroupMailbox",
+        "o365.audit.CreationTime": "2020-02-17T08:53:31",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "c6b58ed7-a54a-47cf-a301-08d7b386dd7c",
+        "o365.audit.InternalLogonType": 1,
+        "o365.audit.Item.Attachments": "warming_email_03_2017_calendar.png (598b); warming_email_03_2017_conversation.png (613b); warming_email_03_2017_links.png (1402b); google_play_store_badge.png (4823b); apple_store_badge.png (4445b); windows_store_badge.png (3680b); warming_email_03_2017_files.png (808b); warming_email_03_2017_sharePoint.png (1431b)",
+        "o365.audit.Item.Id": "RgAAAABkkJvTy6NaRYV8EL+vMtzZBwAk6unHVumCRJNhRrAMRwYLAAAAAAEMAAAk6unHVumCRJNhRrAMRwYLAAAAAAk9AAAJ",
+        "o365.audit.Item.InternetMessageId": "<DB7PR01MB442884FC2132AE2A909799BAFC160@DB7PR01MB4428.eurprd01.prod.exchangelabs.com>",
+        "o365.audit.Item.IsRecord": false,
+        "o365.audit.Item.ParentFolder.Id": "LgAAAABkkJvTy6NaRYV8EL+vMtzZAQAk6unHVumCRJNhRrAMRwYLAAAAAAEMAAAB",
+        "o365.audit.Item.ParentFolder.Path": "\\Inbox",
+        "o365.audit.Item.Subject": "The new All Company group is ready",
+        "o365.audit.LogonType": 1,
+        "o365.audit.LogonUserSid": "S-1-5-18",
+        "o365.audit.MailboxGuid": "685170f5-2238-470d-824b-239a02afafbd",
+        "o365.audit.MailboxOwnerMasterAccountSid": "S-1-5-10",
+        "o365.audit.MailboxOwnerSid": "S-1-5-21-3422892061-1135328251-2670905592-26679882",
+        "o365.audit.MailboxOwnerUPN": "AllCompany.4529848321.sqtielgo@testsiem.onmicrosoft.com",
+        "o365.audit.Operation": "Create",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "DB7PR01MB4428 (15.20.2707.031)\n",
+        "o365.audit.RecordType": 2,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.UserId": "S-1-5-18",
+        "o365.audit.UserKey": "S-1-5-18",
+        "o365.audit.UserType": 2,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "related.ip": "::1",
+        "server.address": "DB7PR01MB4428 (15.20.2707.031)\n",
+        "service.type": "o365",
+        "source.ip": "::1",
+        "user.email": "AllCompany.4529848321.sqtielgo@testsiem.onmicrosoft.com",
+        "user.id": "S-1-5-18"
+    },
+    {
+        "@timestamp": "2020-02-17T08:53:41.000Z",
+        "client.address": "::1",
+        "client.ip": "::1",
+        "event.action": "ModifyFolderPermissions",
+        "event.category": "web",
+        "event.code": "ExchangeItem",
+        "event.dataset": "o365.audit",
+        "event.id": "815684be-4e52-4cb2-9242-08d7b386e333",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 4634,
+        "network.type": "ipv6",
+        "o365.audit.ClientIP": "::1",
+        "o365.audit.ClientIPAddress": "::1",
+        "o365.audit.ClientInfoString": "Client=WebServices;Action=ConfigureGroupMailbox",
+        "o365.audit.CreationTime": "2020-02-17T08:53:41",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "815684be-4e52-4cb2-9242-08d7b386e333",
+        "o365.audit.InternalLogonType": 1,
+        "o365.audit.Item.Id": "LgAAAABQ7FIOAzxlR4hKCRQRbTbvAQBTdQb34omtRrZGvP+4ONQkAAAAAAENAAAC",
+        "o365.audit.Item.ParentFolder.Id": "LgAAAABQ7FIOAzxlR4hKCRQRbTbvAQBTdQb34omtRrZGvP+4ONQkAAAAAAENAAAC",
+        "o365.audit.Item.ParentFolder.MemberRights": "ReadAny, Visible, FreeBusySimple, FreeBusyDetailed",
+        "o365.audit.Item.ParentFolder.MemberSid": "S-1-8-2005823449-1144108501-1529089953-3087822558-1",
+        "o365.audit.Item.ParentFolder.MemberUpn": "Member@local",
+        "o365.audit.Item.ParentFolder.Name": "Calendar",
+        "o365.audit.Item.ParentFolder.Path": "\\Calendar",
+        "o365.audit.LogonType": 1,
+        "o365.audit.LogonUserSid": "S-1-5-18",
+        "o365.audit.MailboxGuid": "778e6fd9-b5d5-4431-a10f-245bde6e0cb8",
+        "o365.audit.MailboxOwnerMasterAccountSid": "S-1-5-10",
+        "o365.audit.MailboxOwnerSid": "S-1-5-21-3422892061-1135328251-2670905592-26679883",
+        "o365.audit.MailboxOwnerUPN": "AllCompany.4529848321.eqpfynvc@testsiem.onmicrosoft.com",
+        "o365.audit.Operation": "ModifyFolderPermissions",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "DB3PR0102MB3500 (15.20.2729.032)",
+        "o365.audit.RecordType": 2,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.UserId": "S-1-5-18",
+        "o365.audit.UserKey": "S-1-5-18",
+        "o365.audit.UserType": 2,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "related.ip": "::1",
+        "server.address": "DB3PR0102MB3500 (15.20.2729.032)",
+        "service.type": "o365",
+        "source.ip": "::1",
+        "user.email": "AllCompany.4529848321.eqpfynvc@testsiem.onmicrosoft.com",
+        "user.id": "S-1-5-18"
+    },
+    {
+        "@timestamp": "2020-02-17T08:53:22.000Z",
+        "client.address": "::1",
+        "client.ip": "::1",
+        "event.action": "ModifyFolderPermissions",
+        "event.category": "web",
+        "event.code": "ExchangeItem",
+        "event.dataset": "o365.audit",
+        "event.id": "f5b56c26-18aa-4984-822e-08d7b386d7e2",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 5847,
+        "network.type": "ipv6",
+        "o365.audit.ClientIP": "::1",
+        "o365.audit.ClientIPAddress": "::1",
+        "o365.audit.ClientInfoString": "Client=WebServices;Action=ConfigureGroupMailbox",
+        "o365.audit.CreationTime": "2020-02-17T08:53:22",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "f5b56c26-18aa-4984-822e-08d7b386d7e2",
+        "o365.audit.InternalLogonType": 1,
+        "o365.audit.Item.Id": "LgAAAABkkJvTy6NaRYV8EL+vMtzZAQAk6unHVumCRJNhRrAMRwYLAAAAAAENAAAC",
+        "o365.audit.Item.ParentFolder.Id": "LgAAAABkkJvTy6NaRYV8EL+vMtzZAQAk6unHVumCRJNhRrAMRwYLAAAAAAENAAAC",
+        "o365.audit.Item.ParentFolder.MemberRights": "ReadAny, Create, EditOwned, DeleteOwned, EditAny, DeleteAny, Visible, FreeBusySimple, FreeBusyDetailed",
+        "o365.audit.Item.ParentFolder.MemberSid": "S-1-8-1750167797-1192043064-2586004354-3182407426-0",
+        "o365.audit.Item.ParentFolder.MemberUpn": "Owner@local",
+        "o365.audit.Item.ParentFolder.Name": "Calendar",
+        "o365.audit.Item.ParentFolder.Path": "\\Calendar",
+        "o365.audit.LogonType": 1,
+        "o365.audit.LogonUserSid": "S-1-5-18",
+        "o365.audit.MailboxGuid": "685170f5-2238-470d-824b-239a02afafbd",
+        "o365.audit.MailboxOwnerMasterAccountSid": "S-1-5-10",
+        "o365.audit.MailboxOwnerSid": "S-1-5-21-3422892061-1135328251-2670905592-26679882",
+        "o365.audit.MailboxOwnerUPN": "AllCompany.4529848321.sqtielgo@testsiem.onmicrosoft.com",
+        "o365.audit.Operation": "ModifyFolderPermissions",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "DB7PR01MB4428 (15.20.2707.031)\n",
+        "o365.audit.RecordType": 2,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.UserId": "S-1-5-18",
+        "o365.audit.UserKey": "S-1-5-18",
+        "o365.audit.UserType": 2,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "related.ip": "::1",
+        "server.address": "DB7PR01MB4428 (15.20.2707.031)\n",
+        "service.type": "o365",
+        "source.ip": "::1",
+        "user.email": "AllCompany.4529848321.sqtielgo@testsiem.onmicrosoft.com",
+        "user.id": "S-1-5-18"
+    },
+    {
+        "@timestamp": "2020-02-17T08:53:22.000Z",
+        "client.address": "::1",
+        "client.ip": "::1",
+        "event.action": "ModifyFolderPermissions",
+        "event.category": "web",
+        "event.code": "ExchangeItem",
+        "event.dataset": "o365.audit",
+        "event.id": "25ccad93-82ad-4742-5231-08d7b386d7e6",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 7111,
+        "network.type": "ipv6",
+        "o365.audit.ClientIP": "::1",
+        "o365.audit.ClientIPAddress": "::1",
+        "o365.audit.ClientInfoString": "Client=WebServices;Action=ConfigureGroupMailbox",
+        "o365.audit.CreationTime": "2020-02-17T08:53:22",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "25ccad93-82ad-4742-5231-08d7b386d7e6",
+        "o365.audit.InternalLogonType": 1,
+        "o365.audit.Item.Id": "LgAAAABkkJvTy6NaRYV8EL+vMtzZAQAk6unHVumCRJNhRrAMRwYLAAAAAAENAAAC",
+        "o365.audit.Item.ParentFolder.Id": "LgAAAABkkJvTy6NaRYV8EL+vMtzZAQAk6unHVumCRJNhRrAMRwYLAAAAAAENAAAC",
+        "o365.audit.Item.ParentFolder.MemberRights": "ReadAny, Visible, FreeBusySimple, FreeBusyDetailed",
+        "o365.audit.Item.ParentFolder.MemberSid": "S-1-8-1750167797-1192043064-2586004354-3182407426-1",
+        "o365.audit.Item.ParentFolder.MemberUpn": "Member@local",
+        "o365.audit.Item.ParentFolder.Name": "Calendar",
+        "o365.audit.Item.ParentFolder.Path": "\\Calendar",
+        "o365.audit.LogonType": 1,
+        "o365.audit.LogonUserSid": "S-1-5-18",
+        "o365.audit.MailboxGuid": "685170f5-2238-470d-824b-239a02afafbd",
+        "o365.audit.MailboxOwnerMasterAccountSid": "S-1-5-10",
+        "o365.audit.MailboxOwnerSid": "S-1-5-21-3422892061-1135328251-2670905592-26679882",
+        "o365.audit.MailboxOwnerUPN": "AllCompany.4529848321.sqtielgo@testsiem.onmicrosoft.com",
+        "o365.audit.Operation": "ModifyFolderPermissions",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "DB7PR01MB4428 (15.20.2707.031)\n",
+        "o365.audit.RecordType": 2,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.UserId": "S-1-5-18",
+        "o365.audit.UserKey": "S-1-5-18",
+        "o365.audit.UserType": 2,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "related.ip": "::1",
+        "server.address": "DB7PR01MB4428 (15.20.2707.031)\n",
+        "service.type": "o365",
+        "source.ip": "::1",
+        "user.email": "AllCompany.4529848321.sqtielgo@testsiem.onmicrosoft.com",
+        "user.id": "S-1-5-18"
+    },
+    {
+        "@timestamp": "2020-02-17T08:53:41.000Z",
+        "client.address": "::1",
+        "client.ip": "::1",
+        "event.action": "ModifyFolderPermissions",
+        "event.category": "web",
+        "event.code": "ExchangeItem",
+        "event.dataset": "o365.audit",
+        "event.id": "edb9bb1f-9629-43a1-0a57-08d7b386e31c",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 8324,
+        "network.type": "ipv6",
+        "o365.audit.ClientIP": "::1",
+        "o365.audit.ClientIPAddress": "::1",
+        "o365.audit.ClientInfoString": "Client=WebServices;Action=ConfigureGroupMailbox",
+        "o365.audit.CreationTime": "2020-02-17T08:53:41",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "edb9bb1f-9629-43a1-0a57-08d7b386e31c",
+        "o365.audit.InternalLogonType": 1,
+        "o365.audit.Item.Id": "LgAAAABQ7FIOAzxlR4hKCRQRbTbvAQBTdQb34omtRrZGvP+4ONQkAAAAAAENAAAC",
+        "o365.audit.Item.ParentFolder.Id": "LgAAAABQ7FIOAzxlR4hKCRQRbTbvAQBTdQb34omtRrZGvP+4ONQkAAAAAAENAAAC",
+        "o365.audit.Item.ParentFolder.MemberRights": "ReadAny, Create, EditOwned, DeleteOwned, EditAny, DeleteAny, Visible, FreeBusySimple, FreeBusyDetailed",
+        "o365.audit.Item.ParentFolder.MemberSid": "S-1-8-2005823449-1144108501-1529089953-3087822558-0",
+        "o365.audit.Item.ParentFolder.MemberUpn": "Owner@local",
+        "o365.audit.Item.ParentFolder.Name": "Calendar",
+        "o365.audit.Item.ParentFolder.Path": "\\Calendar",
+        "o365.audit.LogonType": 1,
+        "o365.audit.LogonUserSid": "S-1-5-18",
+        "o365.audit.MailboxGuid": "778e6fd9-b5d5-4431-a10f-245bde6e0cb8",
+        "o365.audit.MailboxOwnerMasterAccountSid": "S-1-5-10",
+        "o365.audit.MailboxOwnerSid": "S-1-5-21-3422892061-1135328251-2670905592-26679883",
+        "o365.audit.MailboxOwnerUPN": "AllCompany.4529848321.eqpfynvc@testsiem.onmicrosoft.com",
+        "o365.audit.Operation": "ModifyFolderPermissions",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "DB3PR0102MB3500 (15.20.2729.032)\n",
+        "o365.audit.RecordType": 2,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.UserId": "S-1-5-18",
+        "o365.audit.UserKey": "S-1-5-18",
+        "o365.audit.UserType": 2,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "related.ip": "::1",
+        "server.address": "DB3PR0102MB3500 (15.20.2729.032)\n",
+        "service.type": "o365",
+        "source.ip": "::1",
+        "user.email": "AllCompany.4529848321.eqpfynvc@testsiem.onmicrosoft.com",
+        "user.id": "S-1-5-18"
+    },
+    {
+        "@timestamp": "2020-02-17T17:12:03.000Z",
+        "client.address": "::1",
+        "client.ip": "::1",
+        "event.action": "ModifyFolderPermissions",
+        "event.category": "web",
+        "event.code": "ExchangeItem",
+        "event.dataset": "o365.audit",
+        "event.id": "df63d186-b4d9-49a8-748c-08d7b3cc81fb",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 9590,
+        "network.type": "ipv6",
+        "o365.audit.ClientIP": "::1",
+        "o365.audit.ClientIPAddress": "::1",
+        "o365.audit.ClientInfoString": "Client=WebServices;Action=ConfigureGroupMailbox",
+        "o365.audit.CreationTime": "2020-02-17T17:12:03",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "df63d186-b4d9-49a8-748c-08d7b3cc81fb",
+        "o365.audit.InternalLogonType": 1,
+        "o365.audit.Item.Id": "LgAAAACklF6sEsJgSK/ulVd531/WAQCzgXIUnq3lQqXFeCmxHwmHAAAAAAENAAAC",
+        "o365.audit.Item.ParentFolder.Id": "LgAAAACklF6sEsJgSK/ulVd531/WAQCzgXIUnq3lQqXFeCmxHwmHAAAAAAENAAAC",
+        "o365.audit.Item.ParentFolder.MemberRights": "ReadAny, Create, EditOwned, DeleteOwned, EditAny, DeleteAny, Visible, FreeBusySimple, FreeBusyDetailed",
+        "o365.audit.Item.ParentFolder.MemberSid": "S-1-8-640184314-1174341437-2555636127-1766693009-1",
+        "o365.audit.Item.ParentFolder.MemberUpn": "Member@local",
+        "o365.audit.Item.ParentFolder.Name": "Calendar",
+        "o365.audit.Item.ParentFolder.Path": "\\Calendar",
+        "o365.audit.LogonType": 1,
+        "o365.audit.LogonUserSid": "S-1-5-18",
+        "o365.audit.MailboxGuid": "26286ffa-073d-45ff-9fe9-539891984d69",
+        "o365.audit.MailboxOwnerMasterAccountSid": "S-1-5-10",
+        "o365.audit.MailboxOwnerSid": "S-1-5-21-3422892061-1135328251-2670905592-26680073",
+        "o365.audit.MailboxOwnerUPN": "SIEMTest@testsiem.onmicrosoft.com",
+        "o365.audit.Operation": "ModifyFolderPermissions",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "AM6PR01MB4535 (15.20.2729.032)\n",
+        "o365.audit.RecordType": 2,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.UserId": "S-1-5-18",
+        "o365.audit.UserKey": "S-1-5-18",
+        "o365.audit.UserType": 2,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "related.ip": "::1",
+        "server.address": "AM6PR01MB4535 (15.20.2729.032)\n",
+        "service.type": "o365",
+        "source.ip": "::1",
+        "user.email": "SIEMTest@testsiem.onmicrosoft.com",
+        "user.id": "S-1-5-18"
+    },
+    {
+        "@timestamp": "2020-02-17T17:12:03.000Z",
+        "client.address": "::1",
+        "client.ip": "::1",
+        "event.action": "ModifyFolderPermissions",
+        "event.category": "web",
+        "event.code": "ExchangeItem",
+        "event.dataset": "o365.audit",
+        "event.id": "284dfe85-ab53-48ad-0863-08d7b3cc81f7",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 10832,
+        "network.type": "ipv6",
+        "o365.audit.ClientIP": "::1",
+        "o365.audit.ClientIPAddress": "::1",
+        "o365.audit.ClientInfoString": "Client=WebServices;Action=ConfigureGroupMailbox",
+        "o365.audit.CreationTime": "2020-02-17T17:12:03",
+        "o365.audit.ExternalAccess": true,
+        "o365.audit.Id": "284dfe85-ab53-48ad-0863-08d7b3cc81f7",
+        "o365.audit.InternalLogonType": 1,
+        "o365.audit.Item.Id": "LgAAAACklF6sEsJgSK/ulVd531/WAQCzgXIUnq3lQqXFeCmxHwmHAAAAAAENAAAC",
+        "o365.audit.Item.ParentFolder.Id": "LgAAAACklF6sEsJgSK/ulVd531/WAQCzgXIUnq3lQqXFeCmxHwmHAAAAAAENAAAC",
+        "o365.audit.Item.ParentFolder.MemberRights": "ReadAny, Create, EditOwned, DeleteOwned, EditAny, DeleteAny, Visible, FreeBusySimple, FreeBusyDetailed",
+        "o365.audit.Item.ParentFolder.MemberSid": "S-1-8-640184314-1174341437-2555636127-1766693009-0",
+        "o365.audit.Item.ParentFolder.MemberUpn": "Owner@local",
+        "o365.audit.Item.ParentFolder.Name": "Calendar",
+        "o365.audit.Item.ParentFolder.Path": "\\Calendar",
+        "o365.audit.LogonType": 1,
+        "o365.audit.LogonUserSid": "S-1-5-18",
+        "o365.audit.MailboxGuid": "26286ffa-073d-45ff-9fe9-539891984d69",
+        "o365.audit.MailboxOwnerMasterAccountSid": "S-1-5-10",
+        "o365.audit.MailboxOwnerSid": "S-1-5-21-3422892061-1135328251-2670905592-26680073",
+        "o365.audit.MailboxOwnerUPN": "SIEMTest@testsiem.onmicrosoft.com",
+        "o365.audit.Operation": "ModifyFolderPermissions",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.OrganizationName": "testsiem.onmicrosoft.com",
+        "o365.audit.OriginatingServer": "AM6PR01MB4535 (15.20.2729.032)\n",
+        "o365.audit.RecordType": 2,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.UserId": "S-1-5-18",
+        "o365.audit.UserKey": "S-1-5-18",
+        "o365.audit.UserType": 2,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "organization.name": "testsiem.onmicrosoft.com",
+        "related.ip": "::1",
+        "server.address": "AM6PR01MB4535 (15.20.2729.032)\n",
+        "service.type": "o365",
+        "source.ip": "::1",
+        "user.email": "SIEMTest@testsiem.onmicrosoft.com",
+        "user.id": "S-1-5-18"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/o365/audit/test/04-sharepoint.log b/x-pack/filebeat/module/o365/audit/test/04-sharepoint.log
new file mode 100644
index 00000000000..ff290c1041b
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/test/04-sharepoint.log
@@ -0,0 +1,4 @@
+{"ListItemUniqueId": "59a8433d-9bb8-cfef-6edc-4c0fc8b86875", "ItemType": "Page", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx", "Workload": "OneDrive", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "asr@testsiem.onmicrosoft.com", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Id": "99d005e6-a4c6-46fd-117c-08d7abeceab5", "CustomUniqueId": true, "UserType": 0, "Version": 1, "EventSource": "SharePoint", "CorrelationId": "622b339f-4000-a000-f25f-92b3478c7a25", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "ClientIP": "213.97.47.133", "Operation": "PageViewed", "CreationTime": "2020-02-07T16:43:53", "RecordType": 4}
+{"ListItemUniqueId": "59a8433d-9bb8-cfef-6edc-4c0fc8b86875", "ItemType": "Page", "Workload": "OneDrive", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "asr@testsiem.onmicrosoft.com", "CreationTime": "2020-02-07T16:43:53", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "ClientIP": "213.97.47.133", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "UserType": 0, "Version": 1, "EventSource": "SharePoint", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "CustomUniqueId": true, "Operation": "PageViewed", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx", "Id": "99d005e6-a4c6-46fd-117c-08d7abeceab5", "CorrelationId": "622b339f-4000-a000-f25f-92b3478c7a25", "RecordType": 4}
+{"UserId": "asr@testsiem.onmicrosoft.com", "ListItemUniqueId": "59a8433d-9bb8-cfef-6edc-4c0fc8b86875", "RecordType": 4, "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx", "Workload": "OneDrive", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "UserType": 0, "CreationTime": "2020-02-07T16:43:53", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "ClientIP": "213.97.47.133", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "Version": 1, "EventSource": "SharePoint", "CustomUniqueId": true, "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "Operation": "PageViewed", "Id": "99d005e6-a4c6-46fd-117c-08d7abeceab5", "CorrelationId": "622b339f-4000-a000-f25f-92b3478c7a25", "ItemType": "Page"}
+{"Workload": "OneDrive", "Version": 1, "RecordType": 4, "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "asr@testsiem.onmicrosoft.com", "CreationTime": "2020-02-07T16:43:53", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Id": "99d005e6-a4c6-46fd-117c-08d7abeceab5", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "UserType": 0, "ListItemUniqueId": "59a8433d-9bb8-cfef-6edc-4c0fc8b86875", "EventSource": "SharePoint", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "CustomUniqueId": true, "ClientIP": "213.97.47.133", "Operation": "PageViewed", "CorrelationId": "622b339f-4000-a000-f25f-92b3478c7a25", "ItemType": "Page"}
diff --git a/x-pack/filebeat/module/o365/audit/test/04-sharepoint.log-expected.json b/x-pack/filebeat/module/o365/audit/test/04-sharepoint.log-expected.json
new file mode 100644
index 00000000000..93b5869d874
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/test/04-sharepoint.log-expected.json
@@ -0,0 +1,258 @@
+[
+    {
+        "@timestamp": "2020-02-07T16:43:53.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "PageViewed",
+        "event.category": "web",
+        "event.code": "SharePoint",
+        "event.dataset": "o365.audit",
+        "event.id": "99d005e6-a4c6-46fd-117c-08d7abeceab5",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "OneDrive",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 0,
+        "network.type": "ipv4",
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CorrelationId": "622b339f-4000-a000-f25f-92b3478c7a25",
+        "o365.audit.CreationTime": "2020-02-07T16:43:53",
+        "o365.audit.CustomUniqueId": true,
+        "o365.audit.EventSource": "SharePoint",
+        "o365.audit.Id": "99d005e6-a4c6-46fd-117c-08d7abeceab5",
+        "o365.audit.ItemType": "Page",
+        "o365.audit.ListItemUniqueId": "59a8433d-9bb8-cfef-6edc-4c0fc8b86875",
+        "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx",
+        "o365.audit.Operation": "PageViewed",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 4,
+        "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3",
+        "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30",
+        "o365.audit.Workload": "OneDrive",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:43:53.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "PageViewed",
+        "event.category": "web",
+        "event.code": "SharePoint",
+        "event.dataset": "o365.audit",
+        "event.id": "99d005e6-a4c6-46fd-117c-08d7abeceab5",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "OneDrive",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 870,
+        "network.type": "ipv4",
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CorrelationId": "622b339f-4000-a000-f25f-92b3478c7a25",
+        "o365.audit.CreationTime": "2020-02-07T16:43:53",
+        "o365.audit.CustomUniqueId": true,
+        "o365.audit.EventSource": "SharePoint",
+        "o365.audit.Id": "99d005e6-a4c6-46fd-117c-08d7abeceab5",
+        "o365.audit.ItemType": "Page",
+        "o365.audit.ListItemUniqueId": "59a8433d-9bb8-cfef-6edc-4c0fc8b86875",
+        "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx",
+        "o365.audit.Operation": "PageViewed",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 4,
+        "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3",
+        "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30",
+        "o365.audit.Workload": "OneDrive",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:43:53.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "PageViewed",
+        "event.category": "web",
+        "event.code": "SharePoint",
+        "event.dataset": "o365.audit",
+        "event.id": "99d005e6-a4c6-46fd-117c-08d7abeceab5",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "OneDrive",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 1740,
+        "network.type": "ipv4",
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CorrelationId": "622b339f-4000-a000-f25f-92b3478c7a25",
+        "o365.audit.CreationTime": "2020-02-07T16:43:53",
+        "o365.audit.CustomUniqueId": true,
+        "o365.audit.EventSource": "SharePoint",
+        "o365.audit.Id": "99d005e6-a4c6-46fd-117c-08d7abeceab5",
+        "o365.audit.ItemType": "Page",
+        "o365.audit.ListItemUniqueId": "59a8433d-9bb8-cfef-6edc-4c0fc8b86875",
+        "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx",
+        "o365.audit.Operation": "PageViewed",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 4,
+        "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3",
+        "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30",
+        "o365.audit.Workload": "OneDrive",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:43:53.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "PageViewed",
+        "event.category": "web",
+        "event.code": "SharePoint",
+        "event.dataset": "o365.audit",
+        "event.id": "99d005e6-a4c6-46fd-117c-08d7abeceab5",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "OneDrive",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 2610,
+        "network.type": "ipv4",
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CorrelationId": "622b339f-4000-a000-f25f-92b3478c7a25",
+        "o365.audit.CreationTime": "2020-02-07T16:43:53",
+        "o365.audit.CustomUniqueId": true,
+        "o365.audit.EventSource": "SharePoint",
+        "o365.audit.Id": "99d005e6-a4c6-46fd-117c-08d7abeceab5",
+        "o365.audit.ItemType": "Page",
+        "o365.audit.ListItemUniqueId": "59a8433d-9bb8-cfef-6edc-4c0fc8b86875",
+        "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx",
+        "o365.audit.Operation": "PageViewed",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 4,
+        "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3",
+        "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30",
+        "o365.audit.Workload": "OneDrive",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/o365/audit/test/06-sharepointfileop.log b/x-pack/filebeat/module/o365/audit/test/06-sharepointfileop.log
new file mode 100644
index 00000000000..bc5573e588d
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/test/06-sharepointfileop.log
@@ -0,0 +1,11 @@
+{"SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:07", "ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", "SourceRelativeUrl": "Documents", "RecordType": 6, "UserId": "asr@testsiem.onmicrosoft.com", "SourceFileExtension": "png", "UserType": 0, "EventSource": "SharePoint", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "ClientIP": "213.97.47.133", "CorrelationId": "652b339f-908c-a000-f25f-91423da7dd9b", "Workload": "OneDrive", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot 2020-01-27 at 11.30.48.png", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "SourceFileName": "Screenshot 2020-01-27 at 11.30.48.png", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "ItemType": "File", "ListItemUniqueId": "4803608a-df7d-4f63-aa73-67aa33bb576e", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Version": 1, "Operation": "FileDeleted", "Id": "ec04aa09-0a43-4879-cdc8-08d7abecf327"}
+{"SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:07", "ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", "Version": 1, "SourceRelativeUrl": "Documents", "ItemType": "File", "UserId": "asr@testsiem.onmicrosoft.com", "SourceFileExtension": "png", "UserType": 0, "EventSource": "SharePoint", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "ClientIP": "213.97.47.133", "CorrelationId": "652b339f-908c-a000-f25f-91423da7dd9b", "Workload": "OneDrive", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot 2020-01-27 at 11.30.48.png", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "SourceFileName": "Screenshot 2020-01-27 at 11.30.48.png", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "RecordType": 6, "ListItemUniqueId": "4803608a-df7d-4f63-aa73-67aa33bb576e", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Operation": "FileDeleted", "Id": "ec04aa09-0a43-4879-cdc8-08d7abecf327"}
+{"SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:08", "ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", "Version": 1, "SourceRelativeUrl": "Documents/Forms", "ItemType": "File", "UserId": "asr@testsiem.onmicrosoft.com", "SourceFileExtension": "aspx", "UserType": 0, "EventSource": "SharePoint", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "ClientIP": "213.97.47.133", "CorrelationId": "652b339f-90a0-a000-f25f-919afc141eb1", "Workload": "OneDrive", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Forms/All.aspx", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "SourceFileName": "All.aspx", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "RecordType": 6, "ListItemUniqueId": "ff3631c1-6189-45c7-ad45-c15cea9e9255", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Operation": "FileAccessed", "Id": "25b08f04-48ee-4755-ce22-08d7abecf3a9"}
+{"SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:08", "ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", "Version": 1, "SourceRelativeUrl": "Documents/Forms", "RecordType": 6, "UserId": "asr@testsiem.onmicrosoft.com", "SourceFileExtension": "aspx", "UserType": 0, "EventSource": "SharePoint", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "ClientIP": "213.97.47.133", "CorrelationId": "652b339f-90a0-a000-f25f-919afc141eb1", "Workload": "OneDrive", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Forms/All.aspx", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "SourceFileName": "All.aspx", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "ItemType": "File", "ListItemUniqueId": "ff3631c1-6189-45c7-ad45-c15cea9e9255", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Operation": "FileAccessed", "Id": "25b08f04-48ee-4755-ce22-08d7abecf3a9"}
+{"SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:21", "ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", "Version": 1, "SourceRelativeUrl": "Documents", "ImplicitShare": "No", "RecordType": 6, "UserId": "asr@testsiem.onmicrosoft.com", "SourceFileExtension": "png", "UserType": 0, "EventSource": "SharePoint", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "ClientIP": "213.97.47.133", "CorrelationId": "692b339f-c016-a000-f25f-990a07b2e011", "Workload": "OneDrive", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "SourceFileName": "Screenshot.png", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "ItemType": "File", "ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Operation": "FileUploaded", "Id": "dac93a9f-f2fb-4cac-d18f-08d7abecfbb6"}
+{"SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:23", "ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", "Version": 1, "SourceRelativeUrl": "Documents", "RecordType": 6, "UserId": "asr@testsiem.onmicrosoft.com", "SourceFileExtension": "png", "UserType": 0, "EventSource": "SharePoint", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "ClientIP": "213.97.47.133", "CorrelationId": "692b339f-902e-a000-f25f-95def5f17903", "Workload": "OneDrive", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "SourceFileName": "Screenshot.png", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "ItemType": "File", "ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Operation": "FileModified", "Id": "5b02fadb-8eac-4aff-af87-08d7abecfca3"}
+{"SourceRelativeUrl": "Documents", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:07", "ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", "Version": 1, "RecordType": 6, "UserId": "asr@testsiem.onmicrosoft.com", "SourceFileExtension": "png", "UserType": 0, "EventSource": "SharePoint", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "ClientIP": "213.97.47.133", "CorrelationId": "652b339f-908c-a000-f25f-91423da7dd9b", "Workload": "OneDrive", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot 2020-01-27 at 11.30.48.png", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", "SourceFileName": "Screenshot 2020-01-27 at 11.30.48.png", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "ItemType": "File", "ListItemUniqueId": "4803608a-df7d-4f63-aa73-67aa33bb576e", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Operation": "FileDeleted", "Id": "ec04aa09-0a43-4879-cdc8-08d7abecf327"}
+{"SourceRelativeUrl": "Documents", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:21", "ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", "Version": 1, "ImplicitShare": "No", "ItemType": "File", "UserId": "asr@testsiem.onmicrosoft.com", "SourceFileExtension": "png", "UserType": 0, "EventSource": "SharePoint", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "ClientIP": "213.97.47.133", "CorrelationId": "692b339f-c016-a000-f25f-990a07b2e011", "Workload": "OneDrive", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", "SourceFileName": "Screenshot.png", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "RecordType": 6, "ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Operation": "FileUploaded", "Id": "dac93a9f-f2fb-4cac-d18f-08d7abecfbb6"}
+{"SourceRelativeUrl": "Documents", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:23", "ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", "SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", "ItemType": "File", "UserId": "asr@testsiem.onmicrosoft.com", "SourceFileExtension": "png", "UserType": 0, "EventSource": "SharePoint", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "ClientIP": "213.97.47.133", "CorrelationId": "692b339f-902e-a000-f25f-95def5f17903", "Workload": "OneDrive", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "SourceFileName": "Screenshot.png", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "RecordType": 6, "ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Version": 1, "Operation": "FileModified", "Id": "5b02fadb-8eac-4aff-af87-08d7abecfca3"}
+{"SourceRelativeUrl": "Documents", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:23", "ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", "Version": 1, "ItemType": "File", "UserId": "asr@testsiem.onmicrosoft.com", "SourceFileExtension": "png", "UserType": 0, "EventSource": "SharePoint", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "ClientIP": "213.97.47.133", "CorrelationId": "692b339f-902e-a000-f25f-95def5f17903", "Workload": "OneDrive", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", "SourceFileName": "Screenshot.png", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "RecordType": 6, "ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Operation": "FileModified", "Id": "5b02fadb-8eac-4aff-af87-08d7abecfca3"}
+{"SourceRelativeUrl": "Documents", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:23", "ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85", "Version": 1, "RecordType": 6, "UserId": "asr@testsiem.onmicrosoft.com", "SourceFileExtension": "png", "UserType": 0, "EventSource": "SharePoint", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "ClientIP": "213.97.47.133", "CorrelationId": "692b339f-902e-a000-f25f-95def5f17903", "Workload": "OneDrive", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/", "SourceFileName": "Screenshot.png", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "ItemType": "File", "ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Operation": "FileModified", "Id": "5b02fadb-8eac-4aff-af87-08d7abecfca3"}
diff --git a/x-pack/filebeat/module/o365/audit/test/06-sharepointfileop.log-expected.json b/x-pack/filebeat/module/o365/audit/test/06-sharepointfileop.log-expected.json
new file mode 100644
index 00000000000..feaff17cf4c
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/test/06-sharepointfileop.log-expected.json
@@ -0,0 +1,796 @@
+[
+    {
+        "@timestamp": "2020-02-07T16:44:07.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "FileDeleted",
+        "event.category": "file",
+        "event.code": "SharePointFileOperation",
+        "event.dataset": "o365.audit",
+        "event.id": "ec04aa09-0a43-4879-cdc8-08d7abecf327",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "OneDrive",
+        "event.type": "deletion",
+        "file.directory": "Documents",
+        "file.extension": "png",
+        "file.name": "Screenshot 2020-01-27 at 11.30.48.png",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 0,
+        "network.type": "ipv4",
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CorrelationId": "652b339f-908c-a000-f25f-91423da7dd9b",
+        "o365.audit.CreationTime": "2020-02-07T16:44:07",
+        "o365.audit.EventSource": "SharePoint",
+        "o365.audit.Id": "ec04aa09-0a43-4879-cdc8-08d7abecf327",
+        "o365.audit.ItemType": "File",
+        "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85",
+        "o365.audit.ListItemUniqueId": "4803608a-df7d-4f63-aa73-67aa33bb576e",
+        "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot 2020-01-27 at 11.30.48.png",
+        "o365.audit.Operation": "FileDeleted",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 6,
+        "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3",
+        "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/",
+        "o365.audit.SourceFileExtension": "png",
+        "o365.audit.SourceFileName": "Screenshot 2020-01-27 at 11.30.48.png",
+        "o365.audit.SourceRelativeUrl": "Documents",
+        "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30",
+        "o365.audit.Workload": "OneDrive",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "url.original": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot 2020-01-27 at 11.30.48.png",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:44:07.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "FileDeleted",
+        "event.category": "file",
+        "event.code": "SharePointFileOperation",
+        "event.dataset": "o365.audit",
+        "event.id": "ec04aa09-0a43-4879-cdc8-08d7abecf327",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "OneDrive",
+        "event.type": "deletion",
+        "file.directory": "Documents",
+        "file.extension": "png",
+        "file.name": "Screenshot 2020-01-27 at 11.30.48.png",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 1130,
+        "network.type": "ipv4",
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CorrelationId": "652b339f-908c-a000-f25f-91423da7dd9b",
+        "o365.audit.CreationTime": "2020-02-07T16:44:07",
+        "o365.audit.EventSource": "SharePoint",
+        "o365.audit.Id": "ec04aa09-0a43-4879-cdc8-08d7abecf327",
+        "o365.audit.ItemType": "File",
+        "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85",
+        "o365.audit.ListItemUniqueId": "4803608a-df7d-4f63-aa73-67aa33bb576e",
+        "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot 2020-01-27 at 11.30.48.png",
+        "o365.audit.Operation": "FileDeleted",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 6,
+        "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3",
+        "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/",
+        "o365.audit.SourceFileExtension": "png",
+        "o365.audit.SourceFileName": "Screenshot 2020-01-27 at 11.30.48.png",
+        "o365.audit.SourceRelativeUrl": "Documents",
+        "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30",
+        "o365.audit.Workload": "OneDrive",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "url.original": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot 2020-01-27 at 11.30.48.png",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:44:08.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "FileAccessed",
+        "event.category": "file",
+        "event.code": "SharePointFileOperation",
+        "event.dataset": "o365.audit",
+        "event.id": "25b08f04-48ee-4755-ce22-08d7abecf3a9",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "OneDrive",
+        "event.type": "access",
+        "file.directory": "Documents/Forms",
+        "file.extension": "aspx",
+        "file.name": "All.aspx",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 2260,
+        "network.type": "ipv4",
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CorrelationId": "652b339f-90a0-a000-f25f-919afc141eb1",
+        "o365.audit.CreationTime": "2020-02-07T16:44:08",
+        "o365.audit.EventSource": "SharePoint",
+        "o365.audit.Id": "25b08f04-48ee-4755-ce22-08d7abecf3a9",
+        "o365.audit.ItemType": "File",
+        "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85",
+        "o365.audit.ListItemUniqueId": "ff3631c1-6189-45c7-ad45-c15cea9e9255",
+        "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Forms/All.aspx",
+        "o365.audit.Operation": "FileAccessed",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 6,
+        "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3",
+        "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/",
+        "o365.audit.SourceFileExtension": "aspx",
+        "o365.audit.SourceFileName": "All.aspx",
+        "o365.audit.SourceRelativeUrl": "Documents/Forms",
+        "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30",
+        "o365.audit.Workload": "OneDrive",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "url.original": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Forms/All.aspx",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:44:08.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "FileAccessed",
+        "event.category": "file",
+        "event.code": "SharePointFileOperation",
+        "event.dataset": "o365.audit",
+        "event.id": "25b08f04-48ee-4755-ce22-08d7abecf3a9",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "OneDrive",
+        "event.type": "access",
+        "file.directory": "Documents/Forms",
+        "file.extension": "aspx",
+        "file.name": "All.aspx",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 3346,
+        "network.type": "ipv4",
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CorrelationId": "652b339f-90a0-a000-f25f-919afc141eb1",
+        "o365.audit.CreationTime": "2020-02-07T16:44:08",
+        "o365.audit.EventSource": "SharePoint",
+        "o365.audit.Id": "25b08f04-48ee-4755-ce22-08d7abecf3a9",
+        "o365.audit.ItemType": "File",
+        "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85",
+        "o365.audit.ListItemUniqueId": "ff3631c1-6189-45c7-ad45-c15cea9e9255",
+        "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Forms/All.aspx",
+        "o365.audit.Operation": "FileAccessed",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 6,
+        "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3",
+        "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/",
+        "o365.audit.SourceFileExtension": "aspx",
+        "o365.audit.SourceFileName": "All.aspx",
+        "o365.audit.SourceRelativeUrl": "Documents/Forms",
+        "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30",
+        "o365.audit.Workload": "OneDrive",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "url.original": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Forms/All.aspx",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:44:21.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "FileUploaded",
+        "event.category": "file",
+        "event.code": "SharePointFileOperation",
+        "event.dataset": "o365.audit",
+        "event.id": "dac93a9f-f2fb-4cac-d18f-08d7abecfbb6",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "OneDrive",
+        "event.type": "creation",
+        "file.directory": "Documents",
+        "file.extension": "png",
+        "file.name": "Screenshot.png",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 4432,
+        "network.type": "ipv4",
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CorrelationId": "692b339f-c016-a000-f25f-990a07b2e011",
+        "o365.audit.CreationTime": "2020-02-07T16:44:21",
+        "o365.audit.EventSource": "SharePoint",
+        "o365.audit.Id": "dac93a9f-f2fb-4cac-d18f-08d7abecfbb6",
+        "o365.audit.ImplicitShare": "No",
+        "o365.audit.ItemType": "File",
+        "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85",
+        "o365.audit.ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8",
+        "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png",
+        "o365.audit.Operation": "FileUploaded",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 6,
+        "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3",
+        "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/",
+        "o365.audit.SourceFileExtension": "png",
+        "o365.audit.SourceFileName": "Screenshot.png",
+        "o365.audit.SourceRelativeUrl": "Documents",
+        "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30",
+        "o365.audit.Workload": "OneDrive",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "url.original": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:44:23.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "FileModified",
+        "event.category": "file",
+        "event.code": "SharePointFileOperation",
+        "event.dataset": "o365.audit",
+        "event.id": "5b02fadb-8eac-4aff-af87-08d7abecfca3",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "OneDrive",
+        "event.type": "change",
+        "file.directory": "Documents",
+        "file.extension": "png",
+        "file.name": "Screenshot.png",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 5540,
+        "network.type": "ipv4",
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CorrelationId": "692b339f-902e-a000-f25f-95def5f17903",
+        "o365.audit.CreationTime": "2020-02-07T16:44:23",
+        "o365.audit.EventSource": "SharePoint",
+        "o365.audit.Id": "5b02fadb-8eac-4aff-af87-08d7abecfca3",
+        "o365.audit.ItemType": "File",
+        "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85",
+        "o365.audit.ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8",
+        "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png",
+        "o365.audit.Operation": "FileModified",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 6,
+        "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3",
+        "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/",
+        "o365.audit.SourceFileExtension": "png",
+        "o365.audit.SourceFileName": "Screenshot.png",
+        "o365.audit.SourceRelativeUrl": "Documents",
+        "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30",
+        "o365.audit.Workload": "OneDrive",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "url.original": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:44:07.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "FileDeleted",
+        "event.category": "file",
+        "event.code": "SharePointFileOperation",
+        "event.dataset": "o365.audit",
+        "event.id": "ec04aa09-0a43-4879-cdc8-08d7abecf327",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "OneDrive",
+        "event.type": "deletion",
+        "file.directory": "Documents",
+        "file.extension": "png",
+        "file.name": "Screenshot 2020-01-27 at 11.30.48.png",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 6625,
+        "network.type": "ipv4",
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CorrelationId": "652b339f-908c-a000-f25f-91423da7dd9b",
+        "o365.audit.CreationTime": "2020-02-07T16:44:07",
+        "o365.audit.EventSource": "SharePoint",
+        "o365.audit.Id": "ec04aa09-0a43-4879-cdc8-08d7abecf327",
+        "o365.audit.ItemType": "File",
+        "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85",
+        "o365.audit.ListItemUniqueId": "4803608a-df7d-4f63-aa73-67aa33bb576e",
+        "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot 2020-01-27 at 11.30.48.png",
+        "o365.audit.Operation": "FileDeleted",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 6,
+        "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3",
+        "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/",
+        "o365.audit.SourceFileExtension": "png",
+        "o365.audit.SourceFileName": "Screenshot 2020-01-27 at 11.30.48.png",
+        "o365.audit.SourceRelativeUrl": "Documents",
+        "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30",
+        "o365.audit.Workload": "OneDrive",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "url.original": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot 2020-01-27 at 11.30.48.png",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:44:21.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "FileUploaded",
+        "event.category": "file",
+        "event.code": "SharePointFileOperation",
+        "event.dataset": "o365.audit",
+        "event.id": "dac93a9f-f2fb-4cac-d18f-08d7abecfbb6",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "OneDrive",
+        "event.type": "creation",
+        "file.directory": "Documents",
+        "file.extension": "png",
+        "file.name": "Screenshot.png",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 7755,
+        "network.type": "ipv4",
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CorrelationId": "692b339f-c016-a000-f25f-990a07b2e011",
+        "o365.audit.CreationTime": "2020-02-07T16:44:21",
+        "o365.audit.EventSource": "SharePoint",
+        "o365.audit.Id": "dac93a9f-f2fb-4cac-d18f-08d7abecfbb6",
+        "o365.audit.ImplicitShare": "No",
+        "o365.audit.ItemType": "File",
+        "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85",
+        "o365.audit.ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8",
+        "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png",
+        "o365.audit.Operation": "FileUploaded",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 6,
+        "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3",
+        "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/",
+        "o365.audit.SourceFileExtension": "png",
+        "o365.audit.SourceFileName": "Screenshot.png",
+        "o365.audit.SourceRelativeUrl": "Documents",
+        "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30",
+        "o365.audit.Workload": "OneDrive",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "url.original": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:44:23.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "FileModified",
+        "event.category": "file",
+        "event.code": "SharePointFileOperation",
+        "event.dataset": "o365.audit",
+        "event.id": "5b02fadb-8eac-4aff-af87-08d7abecfca3",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "OneDrive",
+        "event.type": "change",
+        "file.directory": "Documents",
+        "file.extension": "png",
+        "file.name": "Screenshot.png",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 8863,
+        "network.type": "ipv4",
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CorrelationId": "692b339f-902e-a000-f25f-95def5f17903",
+        "o365.audit.CreationTime": "2020-02-07T16:44:23",
+        "o365.audit.EventSource": "SharePoint",
+        "o365.audit.Id": "5b02fadb-8eac-4aff-af87-08d7abecfca3",
+        "o365.audit.ItemType": "File",
+        "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85",
+        "o365.audit.ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8",
+        "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png",
+        "o365.audit.Operation": "FileModified",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 6,
+        "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3",
+        "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/",
+        "o365.audit.SourceFileExtension": "png",
+        "o365.audit.SourceFileName": "Screenshot.png",
+        "o365.audit.SourceRelativeUrl": "Documents",
+        "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30",
+        "o365.audit.Workload": "OneDrive",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "url.original": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:44:23.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "FileModified",
+        "event.category": "file",
+        "event.code": "SharePointFileOperation",
+        "event.dataset": "o365.audit",
+        "event.id": "5b02fadb-8eac-4aff-af87-08d7abecfca3",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "OneDrive",
+        "event.type": "change",
+        "file.directory": "Documents",
+        "file.extension": "png",
+        "file.name": "Screenshot.png",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 9948,
+        "network.type": "ipv4",
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CorrelationId": "692b339f-902e-a000-f25f-95def5f17903",
+        "o365.audit.CreationTime": "2020-02-07T16:44:23",
+        "o365.audit.EventSource": "SharePoint",
+        "o365.audit.Id": "5b02fadb-8eac-4aff-af87-08d7abecfca3",
+        "o365.audit.ItemType": "File",
+        "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85",
+        "o365.audit.ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8",
+        "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png",
+        "o365.audit.Operation": "FileModified",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 6,
+        "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3",
+        "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/",
+        "o365.audit.SourceFileExtension": "png",
+        "o365.audit.SourceFileName": "Screenshot.png",
+        "o365.audit.SourceRelativeUrl": "Documents",
+        "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30",
+        "o365.audit.Workload": "OneDrive",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "url.original": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:44:23.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "FileModified",
+        "event.category": "file",
+        "event.code": "SharePointFileOperation",
+        "event.dataset": "o365.audit",
+        "event.id": "5b02fadb-8eac-4aff-af87-08d7abecfca3",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "OneDrive",
+        "event.type": "change",
+        "file.directory": "Documents",
+        "file.extension": "png",
+        "file.name": "Screenshot.png",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 11033,
+        "network.type": "ipv4",
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CorrelationId": "692b339f-902e-a000-f25f-95def5f17903",
+        "o365.audit.CreationTime": "2020-02-07T16:44:23",
+        "o365.audit.EventSource": "SharePoint",
+        "o365.audit.Id": "5b02fadb-8eac-4aff-af87-08d7abecfca3",
+        "o365.audit.ItemType": "File",
+        "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85",
+        "o365.audit.ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8",
+        "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png",
+        "o365.audit.Operation": "FileModified",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 6,
+        "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3",
+        "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/",
+        "o365.audit.SourceFileExtension": "png",
+        "o365.audit.SourceFileName": "Screenshot.png",
+        "o365.audit.SourceRelativeUrl": "Documents",
+        "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30",
+        "o365.audit.Workload": "OneDrive",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "url.original": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/o365/audit/test/08-azuread.log b/x-pack/filebeat/module/o365/audit/test/08-azuread.log
new file mode 100644
index 00000000000..7f53e3e5cf9
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/test/08-azuread.log
@@ -0,0 +1,100 @@
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:33:26", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem"}], "ObjectId": "Not Available", "ModifiedProperties": [{"Name": "RequiredResourceAccess", "OldValue": "[\r\n  {\r\n    \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n        \"DirectAccessGrant\": false,\r\n        \"ImpersonationAccessGrants\": [\r\n          20\r\n        ]\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  },\r\n  {\r\n    \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"594c1fb6-4f81-4475-ae41-0c394909246c\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      },\r\n      {\r\n        \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      },\r\n      {\r\n        \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  }\r\n]", "NewValue": "[\r\n  {\r\n    \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      },\r\n      {\r\n        \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  },\r\n  {\r\n    \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n        \"DirectAccessGrant\": false,\r\n        \"ImpersonationAccessGrants\": [\r\n          20\r\n        ]\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  }\r\n]"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "RequiredResourceAccess"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "528b5206-f6de-4c1f-86db-5f750a9960c9"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:33:26.1037807Z"}, {"Name": "env_epoch", "Value": "31CXC"}, {"Name": "env_seqNum", "Value": "38438635"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1_00000000-0000-0000-0000-000000000000_ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR556"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application.", "Id": "8f6eb24b-6e61-4ee2-a376-31368c300613"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:33:26", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem"}], "ObjectId": "Not Available", "ModifiedProperties": [{"Name": "RequiredResourceAccess", "OldValue": "[\r\n  {\r\n    \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n        \"DirectAccessGrant\": false,\r\n        \"ImpersonationAccessGrants\": [\r\n          20\r\n        ]\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  },\r\n  {\r\n    \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"594c1fb6-4f81-4475-ae41-0c394909246c\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      },\r\n      {\r\n        \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      },\r\n      {\r\n        \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  }\r\n]", "NewValue": "[\r\n  {\r\n    \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      },\r\n      {\r\n        \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  },\r\n  {\r\n    \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n        \"DirectAccessGrant\": false,\r\n        \"ImpersonationAccessGrants\": [\r\n          20\r\n        ]\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  }\r\n]"}, {"NewValue": "RequiredResourceAccess", "OldValue": "", "Name": "Included Updated Properties"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "528b5206-f6de-4c1f-86db-5f750a9960c9"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:33:26.1037807Z"}, {"Name": "env_epoch", "Value": "31CXC"}, {"Name": "env_seqNum", "Value": "38438635"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1_00000000-0000-0000-0000-000000000000_ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR556"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application.", "Id": "8f6eb24b-6e61-4ee2-a376-31368c300613"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:33:26", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem"}], "ObjectId": "Not Available", "ModifiedProperties": [{"NewValue": "[\r\n  {\r\n    \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      },\r\n      {\r\n        \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  },\r\n  {\r\n    \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n        \"DirectAccessGrant\": false,\r\n        \"ImpersonationAccessGrants\": [\r\n          20\r\n        ]\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  }\r\n]", "OldValue": "[\r\n  {\r\n    \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n        \"DirectAccessGrant\": false,\r\n        \"ImpersonationAccessGrants\": [\r\n          20\r\n        ]\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  },\r\n  {\r\n    \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"594c1fb6-4f81-4475-ae41-0c394909246c\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      },\r\n      {\r\n        \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      },\r\n      {\r\n        \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  }\r\n]", "Name": "RequiredResourceAccess"}, {"NewValue": "RequiredResourceAccess", "OldValue": "", "Name": "Included Updated Properties"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "528b5206-f6de-4c1f-86db-5f750a9960c9"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:33:26.1037807Z"}, {"Name": "env_epoch", "Value": "31CXC"}, {"Name": "env_seqNum", "Value": "38438635"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1_00000000-0000-0000-0000-000000000000_ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR556"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application.", "Id": "8f6eb24b-6e61-4ee2-a376-31368c300613"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:33:26", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem"}, {"Type": 2, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Type": 4, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585", "ModifiedProperties": [{"Name": "Included Updated Properties", "OldValue": "", "NewValue": ""}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "528b5206-f6de-4c1f-86db-5f750a9960c9"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:33:26.1638042Z"}, {"Name": "env_epoch", "Value": "31CXC"}, {"Name": "env_seqNum", "Value": "38438642"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1_00000000-0000-0000-0000-000000000000_ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR556"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update service principal.", "Id": "b2cc2456-5ac5-4399-b960-82a40036476f"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:33:26", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem"}, {"Type": 2, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Type": 4, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585", "ModifiedProperties": [{"Name": "Included Updated Properties", "OldValue": "", "NewValue": ""}, {"NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "528b5206-f6de-4c1f-86db-5f750a9960c9"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:33:26.1638042Z"}, {"Name": "env_epoch", "Value": "31CXC"}, {"Name": "env_seqNum", "Value": "38438642"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1_00000000-0000-0000-0000-000000000000_ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR556"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update service principal.", "Id": "b2cc2456-5ac5-4399-b960-82a40036476f"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "ac045271-8d7f-49b2-abc9-5130051d879f"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:06.3062012Z"}, {"Name": "env_epoch", "Value": "31CXC"}, {"Name": "env_seqNum", "Value": "38464425"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##2b06f483-d288-458d-b40b-af7ad69a2407_00000000-0000-0000-0000-000000000000_2b06f483-d288-458d-b40b-af7ad69a2407"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR556"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove app role assignment from service principal.", "Id": "7f09b681-251f-4ff0-97cf-5247891b6981"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "ac045271-8d7f-49b2-abc9-5130051d879f"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:06.3062012Z"}, {"Name": "env_epoch", "Value": "31CXC"}, {"Name": "env_seqNum", "Value": "38464434"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##2b06f483-d288-458d-b40b-af7ad69a2407_00000000-0000-0000-0000-000000000000_2b06f483-d288-458d-b40b-af7ad69a2407"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR556"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", "Id": "d8a2ae24-a752-4f8e-adca-c57189a76a71"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "ac045271-8d7f-49b2-abc9-5130051d879f"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:06.3062012Z"}, {"Name": "env_epoch", "Value": "31CXC"}, {"Name": "env_seqNum", "Value": "38464425"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##2b06f483-d288-458d-b40b-af7ad69a2407_00000000-0000-0000-0000-000000000000_2b06f483-d288-458d-b40b-af7ad69a2407"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR556"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove app role assignment from service principal.", "Id": "7f09b681-251f-4ff0-97cf-5247891b6981"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"NewValue": "siem", "OldValue": "", "Name": "ServicePrincipal.DisplayName"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "ac045271-8d7f-49b2-abc9-5130051d879f"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:06.3062012Z"}, {"Name": "env_epoch", "Value": "31CXC"}, {"Name": "env_seqNum", "Value": "38464434"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##2b06f483-d288-458d-b40b-af7ad69a2407_00000000-0000-0000-0000-000000000000_2b06f483-d288-458d-b40b-af7ad69a2407"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR556"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", "Id": "d8a2ae24-a752-4f8e-adca-c57189a76a71"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", "OldValue": "", "Name": "ServicePrincipal.ObjectID"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "ac045271-8d7f-49b2-abc9-5130051d879f"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:06.3062012Z"}, {"Name": "env_epoch", "Value": "31CXC"}, {"Name": "env_seqNum", "Value": "38464425"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##2b06f483-d288-458d-b40b-af7ad69a2407_00000000-0000-0000-0000-000000000000_2b06f483-d288-458d-b40b-af7ad69a2407"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR556"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove app role assignment from service principal.", "Id": "7f09b681-251f-4ff0-97cf-5247891b6981"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:47", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "d37460cd-3d19-4ae9-9515-015f27036e74"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:47.4999796Z"}, {"Name": "env_epoch", "Value": "FYE60"}, {"Name": "env_seqNum", "Value": "51372061"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR568"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", "Id": "02868191-019a-453a-a3a9-a21f44898778"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:47", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "d37460cd-3d19-4ae9-9515-015f27036e74"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:47.4999796Z"}, {"Name": "env_epoch", "Value": "FYE60"}, {"Name": "env_seqNum", "Value": "51372061"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR568"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", "Id": "02868191-019a-453a-a3a9-a21f44898778"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:47", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"NewValue": "siem", "OldValue": "", "Name": "ServicePrincipal.DisplayName"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "d37460cd-3d19-4ae9-9515-015f27036e74"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:47.4999796Z"}, {"Name": "env_epoch", "Value": "FYE60"}, {"Name": "env_seqNum", "Value": "51372052"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR568"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove app role assignment from service principal.", "Id": "115f72b6-e8e6-4710-98e9-63ccd20bf2ec"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:47", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"NewValue": "siem", "OldValue": "", "Name": "ServicePrincipal.DisplayName"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "d37460cd-3d19-4ae9-9515-015f27036e74"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:47.4999796Z"}, {"Name": "env_epoch", "Value": "FYE60"}, {"Name": "env_seqNum", "Value": "51372061"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR568"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", "Id": "02868191-019a-453a-a3a9-a21f44898778"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:47", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"NewValue": "siem", "OldValue": "", "Name": "ServicePrincipal.DisplayName"}, {"NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", "OldValue": "", "Name": "ServicePrincipal.AppId"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "d37460cd-3d19-4ae9-9515-015f27036e74"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:47.4999796Z"}, {"Name": "env_epoch", "Value": "FYE60"}, {"Name": "env_seqNum", "Value": "51372052"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR568"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove app role assignment from service principal.", "Id": "115f72b6-e8e6-4710-98e9-63ccd20bf2ec"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:47", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"NewValue": "siem", "OldValue": "", "Name": "ServicePrincipal.DisplayName"}, {"NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", "OldValue": "", "Name": "ServicePrincipal.AppId"}, {"NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", "OldValue": "", "Name": "ServicePrincipal.Name"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "d37460cd-3d19-4ae9-9515-015f27036e74"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:47.4999796Z"}, {"Name": "env_epoch", "Value": "FYE60"}, {"Name": "env_seqNum", "Value": "51372052"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR568"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove app role assignment from service principal.", "Id": "115f72b6-e8e6-4710-98e9-63ccd20bf2ec"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:47", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", "OldValue": "", "Name": "ServicePrincipal.ObjectID"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "d37460cd-3d19-4ae9-9515-015f27036e74"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:47.4999796Z"}, {"Name": "env_epoch", "Value": "FYE60"}, {"Name": "env_seqNum", "Value": "51372061"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR568"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", "Id": "02868191-019a-453a-a3a9-a21f44898778"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:47", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", "OldValue": "", "Name": "ServicePrincipal.ObjectID"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", "OldValue": "", "Name": "ServicePrincipal.Name"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "d37460cd-3d19-4ae9-9515-015f27036e74"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:47.4999796Z"}, {"Name": "env_epoch", "Value": "FYE60"}, {"Name": "env_seqNum", "Value": "51372052"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR568"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove app role assignment from service principal.", "Id": "115f72b6-e8e6-4710-98e9-63ccd20bf2ec"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:52", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem"}], "ObjectId": "Not Available", "ModifiedProperties": [{"Name": "RequiredResourceAccess", "OldValue": "[\r\n  {\r\n    \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n        \"DirectAccessGrant\": false,\r\n        \"ImpersonationAccessGrants\": [\r\n          20\r\n        ]\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  },\r\n  {\r\n    \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      },\r\n      {\r\n        \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  }\r\n]", "NewValue": "[\r\n  {\r\n    \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  },\r\n  {\r\n    \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n        \"DirectAccessGrant\": false,\r\n        \"ImpersonationAccessGrants\": [\r\n          20\r\n        ]\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  }\r\n]"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "RequiredResourceAccess"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "5345f95e-44e0-48fc-823c-8206ff821338"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:52.5873254Z"}, {"Name": "env_epoch", "Value": "FQXLK"}, {"Name": "env_seqNum", "Value": "42492828"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##957dae7d-5f0a-4e82-a428-61c0dba2878b_00000000-0000-0000-0000-000000000000_957dae7d-5f0a-4e82-a428-61c0dba2878b"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR565"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application.", "Id": "fe115c66-3e08-4ab4-8a00-84ae25a59078"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:52", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem"}], "ObjectId": "Not Available", "ModifiedProperties": [{"NewValue": "[\r\n  {\r\n    \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  },\r\n  {\r\n    \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n        \"DirectAccessGrant\": false,\r\n        \"ImpersonationAccessGrants\": [\r\n          20\r\n        ]\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  }\r\n]", "OldValue": "[\r\n  {\r\n    \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n        \"DirectAccessGrant\": false,\r\n        \"ImpersonationAccessGrants\": [\r\n          20\r\n        ]\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  },\r\n  {\r\n    \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      },\r\n      {\r\n        \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  }\r\n]", "Name": "RequiredResourceAccess"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "RequiredResourceAccess"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "5345f95e-44e0-48fc-823c-8206ff821338"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:52.5873254Z"}, {"Name": "env_epoch", "Value": "FQXLK"}, {"Name": "env_seqNum", "Value": "42492828"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##957dae7d-5f0a-4e82-a428-61c0dba2878b_00000000-0000-0000-0000-000000000000_957dae7d-5f0a-4e82-a428-61c0dba2878b"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR565"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application.", "Id": "fe115c66-3e08-4ab4-8a00-84ae25a59078"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:34:52", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem"}, {"Type": 2, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Type": 4, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585", "ModifiedProperties": [{"Name": "Included Updated Properties", "OldValue": "", "NewValue": ""}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "5345f95e-44e0-48fc-823c-8206ff821338"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T15:34:52.6473040Z"}, {"Name": "env_epoch", "Value": "FQXLK"}, {"Name": "env_seqNum", "Value": "42492835"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##957dae7d-5f0a-4e82-a428-61c0dba2878b_00000000-0000-0000-0000-000000000000_957dae7d-5f0a-4e82-a428-61c0dba2878b"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR565"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update service principal.", "Id": "76f9b173-c35c-4dbb-b5f7-64750ae994ce"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:25:54", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem"}], "ObjectId": "Not Available", "ModifiedProperties": [{"Name": "RequiredResourceAccess", "OldValue": "[\r\n  {\r\n    \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n        \"DirectAccessGrant\": false,\r\n        \"ImpersonationAccessGrants\": [\r\n          20\r\n        ]\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  },\r\n  {\r\n    \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  }\r\n]", "NewValue": "[\r\n  {\r\n    \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n        \"DirectAccessGrant\": false,\r\n        \"ImpersonationAccessGrants\": [\r\n          20\r\n        ]\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  },\r\n  {\r\n    \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"594c1fb6-4f81-4475-ae41-0c394909246c\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      },\r\n      {\r\n        \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      },\r\n      {\r\n        \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  }\r\n]"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "RequiredResourceAccess"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "51e48c97-80b1-42bb-b732-8b578dfac528"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:25:54.7174137Z"}, {"Name": "env_epoch", "Value": "73AB6"}, {"Name": "env_seqNum", "Value": "43793182"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##a3a48e48-9c2c-4655-9862-13069eb7726c_00000000-0000-0000-0000-000000000000_a3a48e48-9c2c-4655-9862-13069eb7726c"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR575"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application.", "Id": "d6ad8dba-dd88-499e-a1e1-e649bf8eeb71"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:25:54", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem"}], "ObjectId": "Not Available", "ModifiedProperties": [{"Name": "RequiredResourceAccess", "OldValue": "[\r\n  {\r\n    \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n        \"DirectAccessGrant\": false,\r\n        \"ImpersonationAccessGrants\": [\r\n          20\r\n        ]\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  },\r\n  {\r\n    \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  }\r\n]", "NewValue": "[\r\n  {\r\n    \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n        \"DirectAccessGrant\": false,\r\n        \"ImpersonationAccessGrants\": [\r\n          20\r\n        ]\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  },\r\n  {\r\n    \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"594c1fb6-4f81-4475-ae41-0c394909246c\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      },\r\n      {\r\n        \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      },\r\n      {\r\n        \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  }\r\n]"}, {"NewValue": "RequiredResourceAccess", "OldValue": "", "Name": "Included Updated Properties"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "51e48c97-80b1-42bb-b732-8b578dfac528"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:25:54.7174137Z"}, {"Name": "env_epoch", "Value": "73AB6"}, {"Name": "env_seqNum", "Value": "43793182"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##a3a48e48-9c2c-4655-9862-13069eb7726c_00000000-0000-0000-0000-000000000000_a3a48e48-9c2c-4655-9862-13069eb7726c"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR575"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application.", "Id": "d6ad8dba-dd88-499e-a1e1-e649bf8eeb71"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:25:54", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem"}], "ObjectId": "Not Available", "ModifiedProperties": [{"NewValue": "[\r\n  {\r\n    \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n        \"DirectAccessGrant\": false,\r\n        \"ImpersonationAccessGrants\": [\r\n          20\r\n        ]\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  },\r\n  {\r\n    \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"594c1fb6-4f81-4475-ae41-0c394909246c\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      },\r\n      {\r\n        \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      },\r\n      {\r\n        \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  }\r\n]", "OldValue": "[\r\n  {\r\n    \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n        \"DirectAccessGrant\": false,\r\n        \"ImpersonationAccessGrants\": [\r\n          20\r\n        ]\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  },\r\n  {\r\n    \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  }\r\n]", "Name": "RequiredResourceAccess"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "RequiredResourceAccess"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "08d8bb01-c269-4a92-9929-a1a89b729512"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "51e48c97-80b1-42bb-b732-8b578dfac528"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:25:54.7174137Z"}, {"Name": "env_epoch", "Value": "73AB6"}, {"Name": "env_seqNum", "Value": "43793182"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##a3a48e48-9c2c-4655-9862-13069eb7726c_00000000-0000-0000-0000-000000000000_a3a48e48-9c2c-4655-9862-13069eb7726c"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR575"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application.", "Id": "d6ad8dba-dd88-499e-a1e1-e649bf8eeb71"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:25:54", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem"}, {"Type": 2, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Type": 4, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585", "ModifiedProperties": [{"Name": "Included Updated Properties", "OldValue": "", "NewValue": ""}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "51e48c97-80b1-42bb-b732-8b578dfac528"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:25:54.7823970Z"}, {"Name": "env_epoch", "Value": "73AB6"}, {"Name": "env_seqNum", "Value": "43793206"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##a3a48e48-9c2c-4655-9862-13069eb7726c_00000000-0000-0000-0000-000000000000_a3a48e48-9c2c-4655-9862-13069eb7726c"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR575"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update service principal.", "Id": "606ae654-e71e-4a6b-a07c-85acd775667b"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:26:05", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "206711cb-0722-49cc-a9ad-af7f34da9452"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:26:05.9242333Z"}, {"Name": "env_epoch", "Value": "0871Y"}, {"Name": "env_seqNum", "Value": "46795815"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR530"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "14f7e7eb-0fd1-4f89-bda8-642d035f3541"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:26:05", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "206711cb-0722-49cc-a9ad-af7f34da9452"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:26:05.9992570Z"}, {"Name": "env_epoch", "Value": "0871Y"}, {"Name": "env_seqNum", "Value": "46795878"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR530"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "41c7d7a7-ce53-4696-aa78-37c451a95fe1"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:26:05", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "206711cb-0722-49cc-a9ad-af7f34da9452"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:26:05.9242333Z"}, {"Name": "env_epoch", "Value": "0871Y"}, {"Name": "env_seqNum", "Value": "46795815"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR530"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "14f7e7eb-0fd1-4f89-bda8-642d035f3541"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:26:05", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "206711cb-0722-49cc-a9ad-af7f34da9452"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:26:05.9992570Z"}, {"Name": "env_epoch", "Value": "0871Y"}, {"Name": "env_seqNum", "Value": "46795878"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR530"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "41c7d7a7-ce53-4696-aa78-37c451a95fe1"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:26:05", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", "OldValue": "", "Name": "ServicePrincipal.Name"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "206711cb-0722-49cc-a9ad-af7f34da9452"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:26:05.9242333Z"}, {"Name": "env_epoch", "Value": "0871Y"}, {"Name": "env_seqNum", "Value": "46795815"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR530"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "14f7e7eb-0fd1-4f89-bda8-642d035f3541"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:26:05", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"NewValue": "siem", "OldValue": "", "Name": "ServicePrincipal.DisplayName"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "206711cb-0722-49cc-a9ad-af7f34da9452"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:26:05.9992570Z"}, {"Name": "env_epoch", "Value": "0871Y"}, {"Name": "env_seqNum", "Value": "46795878"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR530"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "41c7d7a7-ce53-4696-aa78-37c451a95fe1"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:26:05", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"NewValue": "siem", "OldValue": "", "Name": "ServicePrincipal.DisplayName"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", "OldValue": "", "Name": "ServicePrincipal.Name"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "206711cb-0722-49cc-a9ad-af7f34da9452"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:26:05.9992570Z"}, {"Name": "env_epoch", "Value": "0871Y"}, {"Name": "env_seqNum", "Value": "46795878"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR530"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "41c7d7a7-ce53-4696-aa78-37c451a95fe1"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:26:05", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", "OldValue": "", "Name": "ServicePrincipal.ObjectID"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", "OldValue": "", "Name": "ServicePrincipal.Name"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "206711cb-0722-49cc-a9ad-af7f34da9452"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:26:05.9242333Z"}, {"Name": "env_epoch", "Value": "0871Y"}, {"Name": "env_seqNum", "Value": "46795815"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR530"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "14f7e7eb-0fd1-4f89-bda8-642d035f3541"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:26:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem"}, {"Type": 2, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Type": 4, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585", "ModifiedProperties": [{"Name": "ConsentContext.IsAdminConsent", "OldValue": "", "NewValue": "True"}, {"Name": "ConsentContext.IsAppOnly", "OldValue": "", "NewValue": "False"}, {"Name": "ConsentContext.OnBehalfOfAll", "OldValue": "", "NewValue": "True"}, {"Name": "ConsentContext.Tags", "OldValue": "", "NewValue": ""}, {"Name": "ConsentAction.Permissions", "OldValue": "", "NewValue": "[[Id: MygkXJyQa0y8o1D-qqmNI_mOUpib6JpGsZv6jnKgD6Y, ClientId: 5c242833-909c-4c6b-bca3-50feaaa98d23, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]] => [[Id: MygkXJyQa0y8o1D-qqmNI_mOUpib6JpGsZv6jnKgD6Y, ClientId: 5c242833-909c-4c6b-bca3-50feaaa98d23, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; "}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "206711cb-0722-49cc-a9ad-af7f34da9452"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:26:06.0142481Z"}, {"Name": "env_epoch", "Value": "0871Y"}, {"Name": "env_seqNum", "Value": "46795893"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR530"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Consent to application.", "Id": "821dc03c-4e38-4cd1-82b2-3155b41b4418"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T18:26:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem"}, {"Type": 2, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Type": 4, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585", "ModifiedProperties": [{"Name": "ConsentContext.IsAdminConsent", "OldValue": "", "NewValue": "True"}, {"NewValue": "False", "OldValue": "", "Name": "ConsentContext.IsAppOnly"}, {"Name": "ConsentContext.OnBehalfOfAll", "OldValue": "", "NewValue": "True"}, {"Name": "ConsentContext.Tags", "OldValue": "", "NewValue": ""}, {"Name": "ConsentAction.Permissions", "OldValue": "", "NewValue": "[[Id: MygkXJyQa0y8o1D-qqmNI_mOUpib6JpGsZv6jnKgD6Y, ClientId: 5c242833-909c-4c6b-bca3-50feaaa98d23, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]] => [[Id: MygkXJyQa0y8o1D-qqmNI_mOUpib6JpGsZv6jnKgD6Y, ClientId: 5c242833-909c-4c6b-bca3-50feaaa98d23, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; "}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "206711cb-0722-49cc-a9ad-af7f34da9452"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-09T18:26:06.0142481Z"}, {"Name": "env_epoch", "Value": "0871Y"}, {"Name": "env_seqNum", "Value": "46795893"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR530"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Consent to application.", "Id": "821dc03c-4e38-4cd1-82b2-3155b41b4418"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:15:04", "Actor": [{"Type": 5, "ID": "fim_password_service@support.onmicrosoft.com"}, {"Type": 3, "ID": "100300008060F582"}, {"Type": 2, "ID": "User_00000000-0000-0000-0000-000000000000"}, {"Type": 2, "ID": "00000000-0000-0000-0000-000000000000"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "d51ef8df-6617-4356-b8d4-89ad7efef31e", "RecordType": 8, "ActorIpAddress": "", "UserId": "fim_password_service@support.onmicrosoft.com", "UserType": 0, "UserKey": "100300008060F582@support.onmicrosoft.com", "ClientIP": "", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "ObjectId": "asr@testsiem.onmicrosoft.com", "ModifiedProperties": [{"Name": "StrongAuthenticationPhoneAppDetail", "OldValue": "[\r\n  {\r\n    \"DeviceName\": \"NO_DEVICE\",\r\n    \"DeviceToken\": \"NO_DEVICE_TOKEN\",\r\n    \"DeviceTag\": \"SoftwareTokenActivated\",\r\n    \"PhoneAppVersion\": \"NO_PHONE_APP_VERSION\",\r\n    \"OathTokenTimeDrift\": 0,\r\n    \"DeviceId\": null,\r\n    \"Id\": \"3b539b10-3846-4f9b-877d-55b0b8e76147\",\r\n    \"TimeInterval\": null,\r\n    \"AuthenticationType\": 2,\r\n    \"NotificationType\": 1,\r\n    \"SecuredPartitionId\": 0,\r\n    \"SecuredKeyId\": 0\r\n  }\r\n]", "NewValue": "[\r\n  {\r\n    \"DeviceName\": \"NO_DEVICE\",\r\n    \"DeviceToken\": \"NO_DEVICE_TOKEN\",\r\n    \"DeviceTag\": \"SoftwareTokenActivated\",\r\n    \"PhoneAppVersion\": \"NO_PHONE_APP_VERSION\",\r\n    \"OathTokenTimeDrift\": -1,\r\n    \"DeviceId\": null,\r\n    \"Id\": \"3b539b10-3846-4f9b-877d-55b0b8e76147\",\r\n    \"TimeInterval\": null,\r\n    \"AuthenticationType\": 2,\r\n    \"NotificationType\": 1,\r\n    \"SecuredPartitionId\": 0,\r\n    \"SecuredKeyId\": 0\r\n  }\r\n]"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "StrongAuthenticationPhoneAppDetail"}, {"Name": "TargetId.UserType", "OldValue": "", "NewValue": "Member"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "d51ef8df-6617-4356-b8d4-89ad7efef31e"}, {"Name": "actorObjectId", "Value": "00000000-0000-0000-0000-000000000000"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "fim_password_service@support.onmicrosoft.com"}, {"Name": "actorPUID", "Value": "100300008060F582"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "extendedAuditEventCategory", "Value": "User"}, {"Name": "targetUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "targetPUID", "Value": "1003200096971F55"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"StrongAuthenticationPhoneAppDetail\",\"TargetId.UserType\"]"}, {"Name": "correlationId", "Value": "4aa56c6c-8fa5-4787-a165-03f181541438"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"UserType\":\"Member\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "UserManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:15:04.2043419Z"}, {"Name": "env_epoch", "Value": "4QPHR"}, {"Name": "env_seqNum", "Value": "87075075"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##00000000-0000-0000-0000-000000000000_00000000-0000-0000-0000-000000000000_00000000-0000-0000-0000-000000000000"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "becwebservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "becwebservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RBWSR554"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update user.", "Id": "83c924c1-f2e2-4b39-8eda-b80c3823a875"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:16:18", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Microsoft Graph"}, {"Type": 2, "ID": "00000003-0000-0000-c000-000000000000"}, {"Type": 4, "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": ""}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": ""}, {"NewValue": "", "OldValue": "", "Name": "ServicePrincipal.Name"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}, {"Name": "targetName", "Value": "Microsoft Graph"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "2e358876-29c8-45b5-8dba-e233cf769988"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:16:18.9844570Z"}, {"Name": "env_epoch", "Value": "Z4XUI"}, {"Name": "env_seqNum", "Value": "43649666"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##b2c3071c-9589-469b-9fb1-9311682625c0_00000000-0000-0000-0000-000000000000_b2c3071c-9589-469b-9fb1-9311682625c0"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR581"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove OAuth2PermissionGrant.", "Id": "ec6ba716-ec04-460a-8d9e-661d732c4689"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:16:18", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Microsoft Graph"}, {"Type": 2, "ID": "00000003-0000-0000-c000-000000000000"}, {"Type": 4, "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": ""}, {"NewValue": "", "OldValue": "", "Name": "ServicePrincipal.AppId"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": ""}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}, {"Name": "targetName", "Value": "Microsoft Graph"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "2e358876-29c8-45b5-8dba-e233cf769988"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:16:18.9844570Z"}, {"Name": "env_epoch", "Value": "Z4XUI"}, {"Name": "env_seqNum", "Value": "43649666"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##b2c3071c-9589-469b-9fb1-9311682625c0_00000000-0000-0000-0000-000000000000_b2c3071c-9589-469b-9fb1-9311682625c0"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR581"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove OAuth2PermissionGrant.", "Id": "ec6ba716-ec04-460a-8d9e-661d732c4689"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:16:18", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Microsoft Graph"}, {"Type": 2, "ID": "00000003-0000-0000-c000-000000000000"}, {"Type": 4, "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", "ModifiedProperties": [{"NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", "OldValue": "", "Name": "ServicePrincipal.ObjectID"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": ""}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": ""}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": ""}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}, {"Name": "targetName", "Value": "Microsoft Graph"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "2e358876-29c8-45b5-8dba-e233cf769988"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:16:18.9844570Z"}, {"Name": "env_epoch", "Value": "Z4XUI"}, {"Name": "env_seqNum", "Value": "43649666"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##b2c3071c-9589-469b-9fb1-9311682625c0_00000000-0000-0000-0000-000000000000_b2c3071c-9589-469b-9fb1-9311682625c0"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR581"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove OAuth2PermissionGrant.", "Id": "ec6ba716-ec04-460a-8d9e-661d732c4689"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:17:00", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "b2484c3c-5461-43ab-850b-70fccf706796"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:17:00.2133065Z"}, {"Name": "env_epoch", "Value": "OLE3R"}, {"Name": "env_seqNum", "Value": "55908032"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##53a69eec-6bcd-473f-9c68-150d680e0776_00000000-0000-0000-0000-000000000000_53a69eec-6bcd-473f-9c68-150d680e0776"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR551"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove app role assignment from service principal.", "Id": "31d7436e-85aa-4aee-a945-6a0ff51ea975"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:17:00", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "b2484c3c-5461-43ab-850b-70fccf706796"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:17:00.2133065Z"}, {"Name": "env_epoch", "Value": "OLE3R"}, {"Name": "env_seqNum", "Value": "55908041"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##53a69eec-6bcd-473f-9c68-150d680e0776_00000000-0000-0000-0000-000000000000_53a69eec-6bcd-473f-9c68-150d680e0776"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR551"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", "Id": "7bca6665-4d58-4df9-bd34-4d92e1fc63aa"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:17:00", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", "OldValue": "", "Name": "ServicePrincipal.Name"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "b2484c3c-5461-43ab-850b-70fccf706796"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:17:00.2133065Z"}, {"Name": "env_epoch", "Value": "OLE3R"}, {"Name": "env_seqNum", "Value": "55908032"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##53a69eec-6bcd-473f-9c68-150d680e0776_00000000-0000-0000-0000-000000000000_53a69eec-6bcd-473f-9c68-150d680e0776"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR551"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove app role assignment from service principal.", "Id": "31d7436e-85aa-4aee-a945-6a0ff51ea975"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:17:00", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"NewValue": "siem", "OldValue": "", "Name": "ServicePrincipal.DisplayName"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "b2484c3c-5461-43ab-850b-70fccf706796"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:17:00.2133065Z"}, {"Name": "env_epoch", "Value": "OLE3R"}, {"Name": "env_seqNum", "Value": "55908041"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##53a69eec-6bcd-473f-9c68-150d680e0776_00000000-0000-0000-0000-000000000000_53a69eec-6bcd-473f-9c68-150d680e0776"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR551"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", "Id": "7bca6665-4d58-4df9-bd34-4d92e1fc63aa"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:17:00", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"NewValue": "siem", "OldValue": "", "Name": "ServicePrincipal.DisplayName"}, {"NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", "OldValue": "", "Name": "ServicePrincipal.AppId"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "b2484c3c-5461-43ab-850b-70fccf706796"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:17:00.2133065Z"}, {"Name": "env_epoch", "Value": "OLE3R"}, {"Name": "env_seqNum", "Value": "55908041"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##53a69eec-6bcd-473f-9c68-150d680e0776_00000000-0000-0000-0000-000000000000_53a69eec-6bcd-473f-9c68-150d680e0776"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR551"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", "Id": "7bca6665-4d58-4df9-bd34-4d92e1fc63aa"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:17:45", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "2f79971d-1802-40d2-b048-6cf4f85c010b"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:17:45.3474390Z"}, {"Name": "env_epoch", "Value": "95CEL"}, {"Name": "env_seqNum", "Value": "44735117"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR519"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove app role assignment from service principal.", "Id": "227bc85c-0c21-4df3-9e11-3a24f104e1e4"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:17:45", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "2f79971d-1802-40d2-b048-6cf4f85c010b"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:17:45.3474390Z"}, {"Name": "env_epoch", "Value": "95CEL"}, {"Name": "env_seqNum", "Value": "44735126"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR519"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", "Id": "a385881d-d5e8-47b0-83ea-d50d6c9906e4"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:17:45", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "2f79971d-1802-40d2-b048-6cf4f85c010b"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:17:45.3474390Z"}, {"Name": "env_epoch", "Value": "95CEL"}, {"Name": "env_seqNum", "Value": "44735126"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR519"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", "Id": "a385881d-d5e8-47b0-83ea-d50d6c9906e4"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:17:45", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", "OldValue": "", "Name": "ServicePrincipal.Name"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "2f79971d-1802-40d2-b048-6cf4f85c010b"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:17:45.3474390Z"}, {"Name": "env_epoch", "Value": "95CEL"}, {"Name": "env_seqNum", "Value": "44735117"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR519"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove app role assignment from service principal.", "Id": "227bc85c-0c21-4df3-9e11-3a24f104e1e4"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:17:45", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", "OldValue": "", "Name": "ServicePrincipal.ObjectID"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "2f79971d-1802-40d2-b048-6cf4f85c010b"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:17:45.3474390Z"}, {"Name": "env_epoch", "Value": "95CEL"}, {"Name": "env_seqNum", "Value": "44735117"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR519"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Remove app role assignment from service principal.", "Id": "227bc85c-0c21-4df3-9e11-3a24f104e1e4"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:17:45", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", "OldValue": "", "Name": "ServicePrincipal.ObjectID"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "2f79971d-1802-40d2-b048-6cf4f85c010b"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:17:45.3474390Z"}, {"Name": "env_epoch", "Value": "95CEL"}, {"Name": "env_seqNum", "Value": "44735126"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR519"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", "Id": "a385881d-d5e8-47b0-83ea-d50d6c9906e4"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:17:45", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", "OldValue": "", "Name": "ServicePrincipal.ObjectID"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585", "OldValue": "", "Name": "ServicePrincipal.AppId"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "2f79971d-1802-40d2-b048-6cf4f85c010b"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:17:45.3474390Z"}, {"Name": "env_epoch", "Value": "95CEL"}, {"Name": "env_seqNum", "Value": "44735126"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR519"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.", "Id": "a385881d-d5e8-47b0-83ea-d50d6c9906e4"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:30:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem"}, {"Type": 2, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Type": 4, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585", "ModifiedProperties": [{"Name": "ConsentContext.IsAdminConsent", "OldValue": "", "NewValue": "True"}, {"Name": "ConsentContext.IsAppOnly", "OldValue": "", "NewValue": "False"}, {"Name": "ConsentContext.OnBehalfOfAll", "OldValue": "", "NewValue": "True"}, {"Name": "ConsentContext.Tags", "OldValue": "", "NewValue": ""}, {"Name": "ConsentAction.Permissions", "OldValue": "", "NewValue": "[] => [[Id: MygkXJyQa0y8o1D-qqmNI_mOUpib6JpGsZv6jnKgD6Y, ClientId: 5c242833-909c-4c6b-bca3-50feaaa98d23, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; "}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "654d7080-aee6-4826-abd9-c5710b336614"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:30:06.3393756Z"}, {"Name": "env_epoch", "Value": "38FW7"}, {"Name": "env_seqNum", "Value": "43118027"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR57"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Consent to application.", "Id": "0031778a-80cf-49f8-aea2-f798c9bf1ec9"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:30:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem"}, {"Type": 2, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Type": 4, "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585", "ModifiedProperties": [{"Name": "ConsentContext.IsAdminConsent", "OldValue": "", "NewValue": "True"}, {"Name": "ConsentContext.IsAppOnly", "OldValue": "", "NewValue": "False"}, {"NewValue": "True", "OldValue": "", "Name": "ConsentContext.OnBehalfOfAll"}, {"Name": "ConsentContext.Tags", "OldValue": "", "NewValue": ""}, {"Name": "ConsentAction.Permissions", "OldValue": "", "NewValue": "[] => [[Id: MygkXJyQa0y8o1D-qqmNI_mOUpib6JpGsZv6jnKgD6Y, ClientId: 5c242833-909c-4c6b-bca3-50feaaa98d23, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; "}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "targetName", "Value": "siem"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "654d7080-aee6-4826-abd9-c5710b336614"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:30:06.3393756Z"}, {"Name": "env_epoch", "Value": "38FW7"}, {"Name": "env_seqNum", "Value": "43118027"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR57"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Consent to application.", "Id": "0031778a-80cf-49f8-aea2-f798c9bf1ec9"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:30:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Microsoft Graph"}, {"Type": 2, "ID": "00000003-0000-0000-c000-000000000000"}, {"Type": 4, "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": ""}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": ""}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": ""}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}, {"Name": "targetName", "Value": "Microsoft Graph"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "654d7080-aee6-4826-abd9-c5710b336614"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:30:06.3343965Z"}, {"Name": "env_epoch", "Value": "38FW7"}, {"Name": "env_seqNum", "Value": "43118019"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR57"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add OAuth2PermissionGrant.", "Id": "ad12e6ca-cb87-4bc5-8103-dbc83cb9a4f8"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:30:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Microsoft Graph"}, {"Type": 2, "ID": "00000003-0000-0000-c000-000000000000"}, {"Type": 4, "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": ""}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": ""}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": ""}, {"NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}, {"Name": "targetName", "Value": "Microsoft Graph"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "654d7080-aee6-4826-abd9-c5710b336614"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:30:06.3343965Z"}, {"Name": "env_epoch", "Value": "38FW7"}, {"Name": "env_seqNum", "Value": "43118019"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR57"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add OAuth2PermissionGrant.", "Id": "ad12e6ca-cb87-4bc5-8103-dbc83cb9a4f8"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:30:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Microsoft Graph"}, {"Type": 2, "ID": "00000003-0000-0000-c000-000000000000"}, {"Type": 4, "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"NewValue": "", "OldValue": "", "Name": "ServicePrincipal.DisplayName"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": ""}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": ""}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}, {"Name": "targetName", "Value": "Microsoft Graph"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "654d7080-aee6-4826-abd9-c5710b336614"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:30:06.3343965Z"}, {"Name": "env_epoch", "Value": "38FW7"}, {"Name": "env_seqNum", "Value": "43118019"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR57"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add OAuth2PermissionGrant.", "Id": "ad12e6ca-cb87-4bc5-8103-dbc83cb9a4f8"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:30:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Microsoft Graph"}, {"Type": 2, "ID": "00000003-0000-0000-c000-000000000000"}, {"Type": 4, "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", "ModifiedProperties": [{"NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", "OldValue": "", "Name": "ServicePrincipal.ObjectID"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": ""}, {"NewValue": "", "OldValue": "", "Name": "ServicePrincipal.AppId"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": ""}, {"NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}, {"Name": "targetName", "Value": "Microsoft Graph"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "654d7080-aee6-4826-abd9-c5710b336614"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:30:06.3343965Z"}, {"Name": "env_epoch", "Value": "38FW7"}, {"Name": "env_seqNum", "Value": "43118019"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR57"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add OAuth2PermissionGrant.", "Id": "ad12e6ca-cb87-4bc5-8103-dbc83cb9a4f8"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:30:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "654d7080-aee6-4826-abd9-c5710b336614"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:30:06.1843731Z"}, {"Name": "env_epoch", "Value": "38FW7"}, {"Name": "env_seqNum", "Value": "43117912"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR57"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "678f80a3-92c4-4bb6-83a1-1c39d5a87225"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:30:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "654d7080-aee6-4826-abd9-c5710b336614"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:30:06.2593808Z"}, {"Name": "env_epoch", "Value": "38FW7"}, {"Name": "env_seqNum", "Value": "43117959"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR57"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "a73c1c7e-5591-4912-94cc-527ad6f48ed8"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:30:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "654d7080-aee6-4826-abd9-c5710b336614"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:30:06.2593808Z"}, {"Name": "env_epoch", "Value": "38FW7"}, {"Name": "env_seqNum", "Value": "43117959"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR57"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "a73c1c7e-5591-4912-94cc-527ad6f48ed8"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:30:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23"}, {"NewValue": "siem", "OldValue": "", "Name": "ServicePrincipal.DisplayName"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "654d7080-aee6-4826-abd9-c5710b336614"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:30:06.1843731Z"}, {"Name": "env_epoch", "Value": "38FW7"}, {"Name": "env_seqNum", "Value": "43117912"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR57"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "678f80a3-92c4-4bb6-83a1-1c39d5a87225"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:30:06", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23", "OldValue": "", "Name": "ServicePrincipal.ObjectID"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "654d7080-aee6-4826-abd9-c5710b336614"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-10T15:30:06.1843731Z"}, {"Name": "env_epoch", "Value": "38FW7"}, {"Name": "env_seqNum", "Value": "43117912"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR57"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "678f80a3-92c4-4bb6-83a1-1c39d5a87225"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:36:30", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem2"}], "ObjectId": "Not Available", "ModifiedProperties": [{"Name": "AppId", "OldValue": "[]", "NewValue": "[\r\n  \"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"\r\n]"}, {"Name": "AvailableToOtherTenants", "OldValue": "[]", "NewValue": "[\r\n  false\r\n]"}, {"Name": "DisplayName", "OldValue": "[]", "NewValue": "[\r\n  \"siem2\"\r\n]"}, {"Name": "RequiredResourceAccess", "OldValue": "[]", "NewValue": "[\r\n  {\r\n    \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n        \"DirectAccessGrant\": false,\r\n        \"ImpersonationAccessGrants\": [\r\n          20\r\n        ]\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  }\r\n]"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "AppId, AvailableToOtherTenants, DisplayName, RequiredResourceAccess"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"AppId\",\"AvailableToOtherTenants\",\"DisplayName\",\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "484659af-7387-4b77-b889-c4d2a8060004"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:36:30.6833528Z"}, {"Name": "env_epoch", "Value": "SDA9U"}, {"Name": "env_seqNum", "Value": "41554400"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##9758fd77-23a7-4fdc-951a-f9200b1a4af9_00000000-0000-0000-0000-000000000000_9758fd77-23a7-4fdc-951a-f9200b1a4af9"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR521"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add application.", "Id": "689aaff0-b34f-4077-9244-0563b9f9c03b"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:36:30", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem2"}], "ObjectId": "Not Available", "ModifiedProperties": [{"Name": "AppId", "OldValue": "[]", "NewValue": "[\r\n  \"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"\r\n]"}, {"Name": "AvailableToOtherTenants", "OldValue": "[]", "NewValue": "[\r\n  false\r\n]"}, {"Name": "DisplayName", "OldValue": "[]", "NewValue": "[\r\n  \"siem2\"\r\n]"}, {"NewValue": "[\r\n  {\r\n    \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n        \"DirectAccessGrant\": false,\r\n        \"ImpersonationAccessGrants\": [\r\n          20\r\n        ]\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  }\r\n]", "OldValue": "[]", "Name": "RequiredResourceAccess"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "AppId, AvailableToOtherTenants, DisplayName, RequiredResourceAccess"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"AppId\",\"AvailableToOtherTenants\",\"DisplayName\",\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "484659af-7387-4b77-b889-c4d2a8060004"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:36:30.6833528Z"}, {"Name": "env_epoch", "Value": "SDA9U"}, {"Name": "env_seqNum", "Value": "41554400"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##9758fd77-23a7-4fdc-951a-f9200b1a4af9_00000000-0000-0000-0000-000000000000_9758fd77-23a7-4fdc-951a-f9200b1a4af9"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR521"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add application.", "Id": "689aaff0-b34f-4077-9244-0563b9f9c03b"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:36:30", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem2"}], "ObjectId": "Not Available", "ModifiedProperties": [{"Name": "AppId", "OldValue": "[]", "NewValue": "[\r\n  \"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"\r\n]"}, {"Name": "AvailableToOtherTenants", "OldValue": "[]", "NewValue": "[\r\n  false\r\n]"}, {"NewValue": "[\r\n  \"siem2\"\r\n]", "OldValue": "[]", "Name": "DisplayName"}, {"Name": "RequiredResourceAccess", "OldValue": "[]", "NewValue": "[\r\n  {\r\n    \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n        \"DirectAccessGrant\": false,\r\n        \"ImpersonationAccessGrants\": [\r\n          20\r\n        ]\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  }\r\n]"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "AppId, AvailableToOtherTenants, DisplayName, RequiredResourceAccess"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"AppId\",\"AvailableToOtherTenants\",\"DisplayName\",\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "484659af-7387-4b77-b889-c4d2a8060004"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:36:30.6833528Z"}, {"Name": "env_epoch", "Value": "SDA9U"}, {"Name": "env_seqNum", "Value": "41554400"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##9758fd77-23a7-4fdc-951a-f9200b1a4af9_00000000-0000-0000-0000-000000000000_9758fd77-23a7-4fdc-951a-f9200b1a4af9"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR521"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add application.", "Id": "689aaff0-b34f-4077-9244-0563b9f9c03b"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:36:30", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem2"}], "ObjectId": "Not Available", "ModifiedProperties": [{"Name": "AppId", "OldValue": "[]", "NewValue": "[\r\n  \"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"\r\n]"}, {"NewValue": "[\r\n  false\r\n]", "OldValue": "[]", "Name": "AvailableToOtherTenants"}, {"Name": "DisplayName", "OldValue": "[]", "NewValue": "[\r\n  \"siem2\"\r\n]"}, {"Name": "RequiredResourceAccess", "OldValue": "[]", "NewValue": "[\r\n  {\r\n    \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n        \"DirectAccessGrant\": false,\r\n        \"ImpersonationAccessGrants\": [\r\n          20\r\n        ]\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  }\r\n]"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "AppId, AvailableToOtherTenants, DisplayName, RequiredResourceAccess"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"AppId\",\"AvailableToOtherTenants\",\"DisplayName\",\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "484659af-7387-4b77-b889-c4d2a8060004"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:36:30.6833528Z"}, {"Name": "env_epoch", "Value": "SDA9U"}, {"Name": "env_seqNum", "Value": "41554400"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##9758fd77-23a7-4fdc-951a-f9200b1a4af9_00000000-0000-0000-0000-000000000000_9758fd77-23a7-4fdc-951a-f9200b1a4af9"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR521"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add application.", "Id": "689aaff0-b34f-4077-9244-0563b9f9c03b"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:36:30", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "ObjectId": "asr@testsiem.onmicrosoft.com", "ModifiedProperties": [{"Name": "Application.ObjectID", "OldValue": "", "NewValue": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Name": "Application.DisplayName", "OldValue": "", "NewValue": "siem2"}, {"Name": "Application.AppId", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "targetPUID", "Value": "1003200096971F55"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"Application.ObjectID\",\"Application.DisplayName\",\"Application.AppId\"]"}, {"Name": "correlationId", "Value": "484659af-7387-4b77-b889-c4d2a8060004"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"33cdc459-1335-4d6c-b773-f5eef4df7793\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"Application\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:36:30.7383513Z"}, {"Name": "env_epoch", "Value": "SDA9U"}, {"Name": "env_seqNum", "Value": "41554439"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##9758fd77-23a7-4fdc-951a-f9200b1a4af9_00000000-0000-0000-0000-000000000000_9758fd77-23a7-4fdc-951a-f9200b1a4af9"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR521"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add owner to application.", "Id": "ccbe264f-f6bc-42bd-b5b6-2893ce2f465f"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:36:31", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"Name": "AccountEnabled", "OldValue": "[]", "NewValue": "[\r\n  true\r\n]"}, {"Name": "AppPrincipalId", "OldValue": "[]", "NewValue": "[\r\n  \"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"\r\n]"}, {"Name": "DisplayName", "OldValue": "[]", "NewValue": "[\r\n  \"siem2\"\r\n]"}, {"Name": "ServicePrincipalName", "OldValue": "[]", "NewValue": "[\r\n  \"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"\r\n]"}, {"Name": "Credential", "OldValue": "[]", "NewValue": "[\r\n  {\r\n    \"CredentialType\": 2,\r\n    \"KeyStoreId\": \"291154f0-a9f5-45bb-87be-9c8ee5b6d62c\",\r\n    \"KeyGroupId\": \"291154f0-a9f5-45bb-87be-9c8ee5b6d62c\"\r\n  }\r\n]"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "AccountEnabled, AppPrincipalId, DisplayName, ServicePrincipalName, Credential"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"AccountEnabled\",\"AppPrincipalId\",\"DisplayName\",\"ServicePrincipalName\",\"Credential\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "381d015d-6660-4dce-af99-4cd8c3b61d4d"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:36:31.1327910Z"}, {"Name": "env_epoch", "Value": "NNJOH"}, {"Name": "env_seqNum", "Value": "39121960"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##d409567a-16bf-49cb-a4c9-cb4608f62168_00000000-0000-0000-0000-000000000000_d409567a-16bf-49cb-a4c9-cb4608f62168"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR568"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add service principal.", "Id": "48403af8-b712-4e63-a999-686b631240ac"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:36:31", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"Name": "AccountEnabled", "OldValue": "[]", "NewValue": "[\r\n  true\r\n]"}, {"Name": "AppPrincipalId", "OldValue": "[]", "NewValue": "[\r\n  \"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"\r\n]"}, {"NewValue": "[\r\n  \"siem2\"\r\n]", "OldValue": "[]", "Name": "DisplayName"}, {"Name": "ServicePrincipalName", "OldValue": "[]", "NewValue": "[\r\n  \"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"\r\n]"}, {"NewValue": "[\r\n  {\r\n    \"CredentialType\": 2,\r\n    \"KeyStoreId\": \"291154f0-a9f5-45bb-87be-9c8ee5b6d62c\",\r\n    \"KeyGroupId\": \"291154f0-a9f5-45bb-87be-9c8ee5b6d62c\"\r\n  }\r\n]", "OldValue": "[]", "Name": "Credential"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "AccountEnabled, AppPrincipalId, DisplayName, ServicePrincipalName, Credential"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"AccountEnabled\",\"AppPrincipalId\",\"DisplayName\",\"ServicePrincipalName\",\"Credential\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "381d015d-6660-4dce-af99-4cd8c3b61d4d"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:36:31.1327910Z"}, {"Name": "env_epoch", "Value": "NNJOH"}, {"Name": "env_seqNum", "Value": "39121960"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##d409567a-16bf-49cb-a4c9-cb4608f62168_00000000-0000-0000-0000-000000000000_d409567a-16bf-49cb-a4c9-cb4608f62168"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR568"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add service principal.", "Id": "48403af8-b712-4e63-a999-686b631240ac"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:36:31", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"NewValue": "[\r\n  true\r\n]", "OldValue": "[]", "Name": "AccountEnabled"}, {"Name": "AppPrincipalId", "OldValue": "[]", "NewValue": "[\r\n  \"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"\r\n]"}, {"Name": "DisplayName", "OldValue": "[]", "NewValue": "[\r\n  \"siem2\"\r\n]"}, {"Name": "ServicePrincipalName", "OldValue": "[]", "NewValue": "[\r\n  \"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"\r\n]"}, {"Name": "Credential", "OldValue": "[]", "NewValue": "[\r\n  {\r\n    \"CredentialType\": 2,\r\n    \"KeyStoreId\": \"291154f0-a9f5-45bb-87be-9c8ee5b6d62c\",\r\n    \"KeyGroupId\": \"291154f0-a9f5-45bb-87be-9c8ee5b6d62c\"\r\n  }\r\n]"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "AccountEnabled, AppPrincipalId, DisplayName, ServicePrincipalName, Credential"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"AccountEnabled\",\"AppPrincipalId\",\"DisplayName\",\"ServicePrincipalName\",\"Credential\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "381d015d-6660-4dce-af99-4cd8c3b61d4d"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:36:31.1327910Z"}, {"Name": "env_epoch", "Value": "NNJOH"}, {"Name": "env_seqNum", "Value": "39121960"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##d409567a-16bf-49cb-a4c9-cb4608f62168_00000000-0000-0000-0000-000000000000_d409567a-16bf-49cb-a4c9-cb4608f62168"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR568"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add service principal.", "Id": "48403af8-b712-4e63-a999-686b631240ac"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:36:31", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"NewValue": "[\r\n  true\r\n]", "OldValue": "[]", "Name": "AccountEnabled"}, {"Name": "AppPrincipalId", "OldValue": "[]", "NewValue": "[\r\n  \"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"\r\n]"}, {"NewValue": "[\r\n  \"siem2\"\r\n]", "OldValue": "[]", "Name": "DisplayName"}, {"NewValue": "[\r\n  \"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"\r\n]", "OldValue": "[]", "Name": "ServicePrincipalName"}, {"Name": "Credential", "OldValue": "[]", "NewValue": "[\r\n  {\r\n    \"CredentialType\": 2,\r\n    \"KeyStoreId\": \"291154f0-a9f5-45bb-87be-9c8ee5b6d62c\",\r\n    \"KeyGroupId\": \"291154f0-a9f5-45bb-87be-9c8ee5b6d62c\"\r\n  }\r\n]"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "AccountEnabled, AppPrincipalId, DisplayName, ServicePrincipalName, Credential"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"AccountEnabled\",\"AppPrincipalId\",\"DisplayName\",\"ServicePrincipalName\",\"Credential\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "381d015d-6660-4dce-af99-4cd8c3b61d4d"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:36:31.1327910Z"}, {"Name": "env_epoch", "Value": "NNJOH"}, {"Name": "env_seqNum", "Value": "39121960"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##d409567a-16bf-49cb-a4c9-cb4608f62168_00000000-0000-0000-0000-000000000000_d409567a-16bf-49cb-a4c9-cb4608f62168"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR568"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add service principal.", "Id": "48403af8-b712-4e63-a999-686b631240ac"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:42:45", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem2"}], "ObjectId": "Not Available", "ModifiedProperties": [], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[]"}, {"Name": "correlationId", "Value": "531446ed-abd2-468f-96a8-a4dcc7b05168"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:42:45.0442303Z"}, {"Name": "env_epoch", "Value": "VYXPT"}, {"Name": "env_seqNum", "Value": "45826392"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##51f1503a-20a3-43cd-b898-bea330e149be_00000000-0000-0000-0000-000000000000_51f1503a-20a3-43cd-b898-bea330e149be"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR559"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application.", "Id": "aaa361ac-50e8-43f4-9aaf-c19c09e3e3bc"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:42:45", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem2"}], "ObjectId": "Not Available", "ModifiedProperties": [{"Name": "KeyDescription", "OldValue": "[]", "NewValue": "[\r\n  \"[KeyIdentifier=6d944a5f-234c-4879-8de4-39f089d8b96b,KeyType=AsymmetricX509Cert,KeyUsage=Verify,DisplayName=E=asr@example.net, CN=testsiem.onmicrosoft.com, OU=SIEM, O=Elastic, L=Barcelona, S=Barce]\"\r\n]"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "KeyDescription"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"KeyDescription\"]"}, {"Name": "correlationId", "Value": "531446ed-abd2-468f-96a8-a4dcc7b05168"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:42:45.0442303Z"}, {"Name": "env_epoch", "Value": "VYXPT"}, {"Name": "env_seqNum", "Value": "45826385"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##51f1503a-20a3-43cd-b898-bea330e149be_00000000-0000-0000-0000-000000000000_51f1503a-20a3-43cd-b898-bea330e149be"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR559"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application \u2013 Certificates and secrets management ", "Id": "20a82fa1-625b-491a-a3e8-54d779a9b17e"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:42:45", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem2"}], "ObjectId": "Not Available", "ModifiedProperties": [{"NewValue": "[\r\n  \"[KeyIdentifier=6d944a5f-234c-4879-8de4-39f089d8b96b,KeyType=AsymmetricX509Cert,KeyUsage=Verify,DisplayName=E=asr@example.net, CN=testsiem.onmicrosoft.com, OU=SIEM, O=Elastic, L=Barcelona, S=Barce]\"\r\n]", "OldValue": "[]", "Name": "KeyDescription"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "KeyDescription"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"KeyDescription\"]"}, {"Name": "correlationId", "Value": "531446ed-abd2-468f-96a8-a4dcc7b05168"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:42:45.0442303Z"}, {"Name": "env_epoch", "Value": "VYXPT"}, {"Name": "env_seqNum", "Value": "45826385"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##51f1503a-20a3-43cd-b898-bea330e149be_00000000-0000-0000-0000-000000000000_51f1503a-20a3-43cd-b898-bea330e149be"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR559"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application \u2013 Certificates and secrets management ", "Id": "20a82fa1-625b-491a-a3e8-54d779a9b17e"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:42:45", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"Name": "Included Updated Properties", "OldValue": "", "NewValue": ""}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "531446ed-abd2-468f-96a8-a4dcc7b05168"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:42:45.1042022Z"}, {"Name": "env_epoch", "Value": "VYXPT"}, {"Name": "env_seqNum", "Value": "45826464"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##51f1503a-20a3-43cd-b898-bea330e149be_00000000-0000-0000-0000-000000000000_51f1503a-20a3-43cd-b898-bea330e149be"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR559"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update service principal.", "Id": "15adbe69-7974-41ec-8341-208456600ad3"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:42:45", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"Name": "Included Updated Properties", "OldValue": "", "NewValue": ""}, {"NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "531446ed-abd2-468f-96a8-a4dcc7b05168"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:42:45.1042022Z"}, {"Name": "env_epoch", "Value": "VYXPT"}, {"Name": "env_seqNum", "Value": "45826464"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##51f1503a-20a3-43cd-b898-bea330e149be_00000000-0000-0000-0000-000000000000_51f1503a-20a3-43cd-b898-bea330e149be"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR559"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update service principal.", "Id": "15adbe69-7974-41ec-8341-208456600ad3"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:42:45", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"NewValue": "", "OldValue": "", "Name": "Included Updated Properties"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "531446ed-abd2-468f-96a8-a4dcc7b05168"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:42:45.1042022Z"}, {"Name": "env_epoch", "Value": "VYXPT"}, {"Name": "env_seqNum", "Value": "45826464"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##51f1503a-20a3-43cd-b898-bea330e149be_00000000-0000-0000-0000-000000000000_51f1503a-20a3-43cd-b898-bea330e149be"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR559"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update service principal.", "Id": "15adbe69-7974-41ec-8341-208456600ad3"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:37", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem2"}], "ObjectId": "Not Available", "ModifiedProperties": [{"Name": "RequiredResourceAccess", "OldValue": "[\r\n  {\r\n    \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n        \"DirectAccessGrant\": false,\r\n        \"ImpersonationAccessGrants\": [\r\n          20\r\n        ]\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  }\r\n]", "NewValue": "[\r\n  {\r\n    \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n        \"DirectAccessGrant\": false,\r\n        \"ImpersonationAccessGrants\": [\r\n          20\r\n        ]\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  },\r\n  {\r\n    \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"594c1fb6-4f81-4475-ae41-0c394909246c\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      },\r\n      {\r\n        \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      },\r\n      {\r\n        \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  }\r\n]"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "RequiredResourceAccess"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "811fd012-35a6-4a0c-abce-79fb08b9ab6c"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:37.2045249Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34620418"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##ad2523c5-ea21-4329-8c31-ccbd1af8c337_00000000-0000-0000-0000-000000000000_ad2523c5-ea21-4329-8c31-ccbd1af8c337"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application.", "Id": "d23b201c-5436-4ecc-a789-18d3f00ea76c"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:37", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem2"}], "ObjectId": "Not Available", "ModifiedProperties": [{"Name": "RequiredResourceAccess", "OldValue": "[\r\n  {\r\n    \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n        \"DirectAccessGrant\": false,\r\n        \"ImpersonationAccessGrants\": [\r\n          20\r\n        ]\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  }\r\n]", "NewValue": "[\r\n  {\r\n    \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n        \"DirectAccessGrant\": false,\r\n        \"ImpersonationAccessGrants\": [\r\n          20\r\n        ]\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  },\r\n  {\r\n    \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"594c1fb6-4f81-4475-ae41-0c394909246c\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      },\r\n      {\r\n        \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      },\r\n      {\r\n        \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  }\r\n]"}, {"NewValue": "RequiredResourceAccess", "OldValue": "", "Name": "Included Updated Properties"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "811fd012-35a6-4a0c-abce-79fb08b9ab6c"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:37.2045249Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34620418"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##ad2523c5-ea21-4329-8c31-ccbd1af8c337_00000000-0000-0000-0000-000000000000_ad2523c5-ea21-4329-8c31-ccbd1af8c337"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application.", "Id": "d23b201c-5436-4ecc-a789-18d3f00ea76c"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:37", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Type": 2, "ID": "Application"}, {"Type": 1, "ID": "siem2"}], "ObjectId": "Not Available", "ModifiedProperties": [{"NewValue": "[\r\n  {\r\n    \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n        \"DirectAccessGrant\": false,\r\n        \"ImpersonationAccessGrants\": [\r\n          20\r\n        ]\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  },\r\n  {\r\n    \"ResourceAppId\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"594c1fb6-4f81-4475-ae41-0c394909246c\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      },\r\n      {\r\n        \"EntitlementId\": \"4807a72c-ad38-4250-94c9-4eabfe26cd55\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      },\r\n      {\r\n        \"EntitlementId\": \"e2cea78f-e743-4d8f-a16a-75b629a038ae\",\r\n        \"DirectAccessGrant\": true,\r\n        \"ImpersonationAccessGrants\": []\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  }\r\n]", "OldValue": "[\r\n  {\r\n    \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n    \"RequiredAppPermissions\": [\r\n      {\r\n        \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n        \"DirectAccessGrant\": false,\r\n        \"ImpersonationAccessGrants\": [\r\n          20\r\n        ]\r\n      }\r\n    ],\r\n    \"EncodingVersion\": 1\r\n  }\r\n]", "Name": "RequiredResourceAccess"}, {"Name": "Included Updated Properties", "OldValue": "", "NewValue": "RequiredResourceAccess"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "33cdc459-1335-4d6c-b773-f5eef4df7793"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"RequiredResourceAccess\"]"}, {"Name": "correlationId", "Value": "811fd012-35a6-4a0c-abce-79fb08b9ab6c"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:37.2045249Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34620418"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##ad2523c5-ea21-4329-8c31-ccbd1af8c337_00000000-0000-0000-0000-000000000000_ad2523c5-ea21-4329-8c31-ccbd1af8c337"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update application.", "Id": "d23b201c-5436-4ecc-a789-18d3f00ea76c"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:37", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"Name": "Included Updated Properties", "OldValue": "", "NewValue": ""}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "811fd012-35a6-4a0c-abce-79fb08b9ab6c"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:37.2595378Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34620448"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##ad2523c5-ea21-4329-8c31-ccbd1af8c337_00000000-0000-0000-0000-000000000000_ad2523c5-ea21-4329-8c31-ccbd1af8c337"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update service principal.", "Id": "99a3d3e3-e4f6-4de7-96e0-6333564e1b25"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:37", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"Name": "Included Updated Properties", "OldValue": "", "NewValue": ""}, {"NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "811fd012-35a6-4a0c-abce-79fb08b9ab6c"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:37.2595378Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34620448"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##ad2523c5-ea21-4329-8c31-ccbd1af8c337_00000000-0000-0000-0000-000000000000_ad2523c5-ea21-4329-8c31-ccbd1af8c337"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update service principal.", "Id": "99a3d3e3-e4f6-4de7-96e0-6333564e1b25"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:37", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"NewValue": "", "OldValue": "", "Name": "Included Updated Properties"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "811fd012-35a6-4a0c-abce-79fb08b9ab6c"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:37.2595378Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34620448"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##ad2523c5-ea21-4329-8c31-ccbd1af8c337_00000000-0000-0000-0000-000000000000_ad2523c5-ea21-4329-8c31-ccbd1af8c337"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Update service principal.", "Id": "99a3d3e3-e4f6-4de7-96e0-6333564e1b25"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:41", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem2"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:41.8071361Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622707"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "256e3859-87ca-4b23-b2c0-45a26ccd7925"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:41", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem2"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:41.8821342Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622751"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "411fc666-cabf-4cb0-b8a3-e5a2cc515b79"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:41", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem2"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:41.9571526Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622781"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "a4a12952-3467-4d48-9950-48b4b9ac87b3"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:41", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem2"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:41.8821342Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622751"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "411fc666-cabf-4cb0-b8a3-e5a2cc515b79"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:41", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem2"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "OldValue": "", "Name": "ServicePrincipal.Name"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:41.9571526Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622781"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "a4a12952-3467-4d48-9950-48b4b9ac87b3"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:41", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem2"}, {"NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "OldValue": "", "Name": "ServicePrincipal.AppId"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:41.8821342Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622751"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "411fc666-cabf-4cb0-b8a3-e5a2cc515b79"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:41", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": "siem2"}, {"NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "OldValue": "", "Name": "ServicePrincipal.AppId"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:41.8071361Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622707"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "256e3859-87ca-4b23-b2c0-45a26ccd7925"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:41", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Office 365 Management APIs"}, {"Type": 2, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2"}, {"Type": 4, "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}], "ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"NewValue": "siem2", "OldValue": "", "Name": "ServicePrincipal.DisplayName"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "efe101d0-818a-4f19-b2f8-53186f8218ad"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com"}, {"Name": "targetName", "Value": "Office 365 Management APIs"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:41.9571526Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622781"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment to service principal.", "Id": "a4a12952-3467-4d48-9950-48b4b9ac87b3"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:42", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Microsoft Graph"}, {"Type": 2, "ID": "00000003-0000-0000-c000-000000000000"}, {"Type": 4, "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": ""}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": ""}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": ""}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}, {"Name": "targetName", "Value": "Microsoft Graph"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:42.0571467Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622817"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add OAuth2PermissionGrant.", "Id": "db3ce560-1c2f-4c85-b305-55ad6476250f"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:42", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Microsoft Graph"}, {"Type": 2, "ID": "00000003-0000-0000-c000-000000000000"}, {"Type": 4, "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", "ModifiedProperties": [{"Name": "ServicePrincipal.ObjectID", "OldValue": "", "NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"NewValue": "", "OldValue": "", "Name": "ServicePrincipal.DisplayName"}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": ""}, {"Name": "ServicePrincipal.Name", "OldValue": "", "NewValue": ""}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}, {"Name": "targetName", "Value": "Microsoft Graph"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:42.0571467Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622817"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add OAuth2PermissionGrant.", "Id": "db3ce560-1c2f-4c85-b305-55ad6476250f"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:42", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "Microsoft Graph"}, {"Type": 2, "ID": "00000003-0000-0000-c000-000000000000"}, {"Type": 4, "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us", "ModifiedProperties": [{"NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855", "OldValue": "", "Name": "ServicePrincipal.ObjectID"}, {"Name": "ServicePrincipal.DisplayName", "OldValue": "", "NewValue": ""}, {"Name": "ServicePrincipal.AppId", "OldValue": "", "NewValue": ""}, {"NewValue": "", "OldValue": "", "Name": "ServicePrincipal.Name"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "98528ef9-e89b-469a-b19b-fa8e72a00fa6"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us"}, {"Name": "targetName", "Value": "Microsoft Graph"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:42.0571467Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622817"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add OAuth2PermissionGrant.", "Id": "db3ce560-1c2f-4c85-b305-55ad6476250f"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:42", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"Name": "ConsentContext.IsAdminConsent", "OldValue": "", "NewValue": "True"}, {"Name": "ConsentContext.IsAppOnly", "OldValue": "", "NewValue": "False"}, {"Name": "ConsentContext.OnBehalfOfAll", "OldValue": "", "NewValue": "True"}, {"NewValue": "", "OldValue": "", "Name": "ConsentContext.Tags"}, {"Name": "ConsentAction.Permissions", "OldValue": "", "NewValue": "[] => [[Id: 8OmR-4WUaEqJ6aFk0groVfmOUpib6JpGsZv6jnKgD6Y, ClientId: fb91e9f0-9485-4a68-89e9-a164d20ae855, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; "}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:42.1421458Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622848"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Consent to application.", "Id": "24524679-8930-4afd-83b8-2dc70aa0a016"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:42", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"Name": "ConsentContext.IsAdminConsent", "OldValue": "", "NewValue": "True"}, {"NewValue": "False", "OldValue": "", "Name": "ConsentContext.IsAppOnly"}, {"Name": "ConsentContext.OnBehalfOfAll", "OldValue": "", "NewValue": "True"}, {"Name": "ConsentContext.Tags", "OldValue": "", "NewValue": ""}, {"Name": "ConsentAction.Permissions", "OldValue": "", "NewValue": "[] => [[Id: 8OmR-4WUaEqJ6aFk0groVfmOUpib6JpGsZv6jnKgD6Y, ClientId: fb91e9f0-9485-4a68-89e9-a164d20ae855, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; "}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:42.1421458Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622848"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Consent to application.", "Id": "24524679-8930-4afd-83b8-2dc70aa0a016"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:42", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"Name": "ConsentContext.IsAdminConsent", "OldValue": "", "NewValue": "True"}, {"NewValue": "False", "OldValue": "", "Name": "ConsentContext.IsAppOnly"}, {"NewValue": "True", "OldValue": "", "Name": "ConsentContext.OnBehalfOfAll"}, {"Name": "ConsentContext.Tags", "OldValue": "", "NewValue": ""}, {"Name": "ConsentAction.Permissions", "OldValue": "", "NewValue": "[] => [[Id: 8OmR-4WUaEqJ6aFk0groVfmOUpib6JpGsZv6jnKgD6Y, ClientId: fb91e9f0-9485-4a68-89e9-a164d20ae855, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; "}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "ApplicationManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:42.1421458Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622848"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Consent to application.", "Id": "24524679-8930-4afd-83b8-2dc70aa0a016"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:42", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"Name": "User.ObjectID", "OldValue": "", "NewValue": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "User.UPN", "OldValue": "", "NewValue": "asr@testsiem.onmicrosoft.com"}, {"Name": "User.PUID", "OldValue": "", "NewValue": "1003200096971F55"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "UserManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "User"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"User.ObjectID\",\"User.UPN\",\"User.PUID\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"755e500a-6c03-46b0-b53b-282f23374e3b\",\"ObjectClass\":\"User\",\"UPN\":\"asr@testsiem.onmicrosoft.com\",\"PUID\":\"1003200096971F55\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:42.1421458Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622843"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment grant to user.", "Id": "fb84e87b-9a45-49bf-91d8-30f3880ca99d"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:42", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"Name": "User.ObjectID", "OldValue": "", "NewValue": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "User.UPN", "OldValue": "", "NewValue": "asr@testsiem.onmicrosoft.com"}, {"Name": "User.PUID", "OldValue": "", "NewValue": "1003200096971F55"}, {"NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "OldValue": "", "Name": "TargetId.ServicePrincipalNames"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "UserManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "User"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"User.ObjectID\",\"User.UPN\",\"User.PUID\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"755e500a-6c03-46b0-b53b-282f23374e3b\",\"ObjectClass\":\"User\",\"UPN\":\"asr@testsiem.onmicrosoft.com\",\"PUID\":\"1003200096971F55\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:42.1421458Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622843"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment grant to user.", "Id": "fb84e87b-9a45-49bf-91d8-30f3880ca99d"}
+{"OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:45:42", "Actor": [{"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}, {"Type": 2, "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Type": 2, "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 2, "ID": "User"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 8, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 2, "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Type": 2, "ID": "ServicePrincipal"}, {"Type": 1, "ID": "siem2"}, {"Type": 2, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Type": 4, "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40", "ModifiedProperties": [{"Name": "User.ObjectID", "OldValue": "", "NewValue": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"NewValue": "asr@testsiem.onmicrosoft.com", "OldValue": "", "Name": "User.UPN"}, {"Name": "User.PUID", "OldValue": "", "NewValue": "1003200096971F55"}, {"Name": "TargetId.ServicePrincipalNames", "OldValue": "", "NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}], "ResultStatus": "Success", "ExtendedProperties": [{"Name": "resultType", "Value": "Success"}, {"Name": "auditEventCategory", "Value": "UserManagement"}, {"Name": "nCloud", "Value": "<null>"}, {"Name": "actorContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "actorObjectId", "Value": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Name": "actorObjectClass", "Value": "User"}, {"Name": "actorUPN", "Value": "asr@testsiem.onmicrosoft.com"}, {"Name": "actorAppID", "Value": "18ed3507-a475-4ccb-b669-d66bc9f2a36e"}, {"Name": "actorPUID", "Value": "1003200096971F55"}, {"Name": "teamName", "Value": "MSODS."}, {"Name": "targetContextId", "Value": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd"}, {"Name": "targetObjectId", "Value": "fb91e9f0-9485-4a68-89e9-a164d20ae855"}, {"Name": "extendedAuditEventCategory", "Value": "User"}, {"Name": "targetSPN", "Value": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40"}, {"Name": "targetName", "Value": "siem2"}, {"Name": "targetIncludedUpdatedProperties", "Value": "[\"User.ObjectID\",\"User.UPN\",\"User.PUID\",\"TargetId.ServicePrincipalNames\"]"}, {"Name": "correlationId", "Value": "1e80f57e-764e-4c42-bead-7ccf998fe780"}, {"Name": "version", "Value": "2"}, {"Name": "additionalTargets", "Value": "[{\"ObjectID\":\"755e500a-6c03-46b0-b53b-282f23374e3b\",\"ObjectClass\":\"User\",\"UPN\":\"asr@testsiem.onmicrosoft.com\",\"PUID\":\"1003200096971F55\"}]"}, {"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}"}, {"Name": "env_ver", "Value": "2.1"}, {"Name": "env_name", "Value": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent"}, {"Name": "env_time", "Value": "2020-02-11T16:45:42.1421458Z"}, {"Name": "env_epoch", "Value": "748B6"}, {"Name": "env_seqNum", "Value": "34622843"}, {"Name": "env_popSample", "Value": "0"}, {"Name": "env_iKey", "Value": "ikey"}, {"Name": "env_flags", "Value": "257"}, {"Name": "env_cv", "Value": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e"}, {"Name": "env_os", "Value": "<null>"}, {"Name": "env_osVer", "Value": "<null>"}, {"Name": "env_appId", "Value": "restdirectoryservice"}, {"Name": "env_appVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_ver", "Value": "1.0"}, {"Name": "env_cloud_name", "Value": "MSO-AM5R"}, {"Name": "env_cloud_role", "Value": "restdirectoryservice"}, {"Name": "env_cloud_roleVer", "Value": "1.0.11737.0"}, {"Name": "env_cloud_roleInstance", "Value": "AM5RRDSR571"}, {"Name": "env_cloud_environment", "Value": "PROD"}, {"Name": "env_cloud_deploymentUnit", "Value": "R5"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "Add app role assignment grant to user.", "Id": "fb84e87b-9a45-49bf-91d8-30f3880ca99d"}
diff --git a/x-pack/filebeat/module/o365/audit/test/08-azuread.log-expected.json b/x-pack/filebeat/module/o365/audit/test/08-azuread.log-expected.json
new file mode 100644
index 00000000000..8c4c7233407
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/test/08-azuread.log-expected.json
@@ -0,0 +1,15239 @@
+[
+    {
+        "@timestamp": "2020-02-09T15:33:26.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Update application.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "8f6eb24b-6e61-4ee2-a376-31368c300613",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 0,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:33:26",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "528b5206-f6de-4c1f-86db-5f750a9960c9",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR556",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1_00000000-0000-0000-0000-000000000000_ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1",
+        "o365.audit.ExtendedProperties.env_epoch": "31CXC",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "38438635",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:33:26.1037807Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"RequiredResourceAccess\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem",
+        "o365.audit.ExtendedProperties.targetObjectId": "08d8bb01-c269-4a92-9929-a1a89b729512",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "8f6eb24b-6e61-4ee2-a376-31368c300613",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "RequiredResourceAccess",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ObjectId": "Not Available",
+        "o365.audit.Operation": "Update application.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512",
+                "Type": 2
+            },
+            {
+                "ID": "08d8bb01-c269-4a92-9929-a1a89b729512",
+                "Type": 2
+            },
+            {
+                "ID": "Application",
+                "Type": 2
+            },
+            {
+                "ID": "siem",
+                "Type": 1
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T15:33:26.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Update application.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "8f6eb24b-6e61-4ee2-a376-31368c300613",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 5611,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:33:26",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "528b5206-f6de-4c1f-86db-5f750a9960c9",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR556",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1_00000000-0000-0000-0000-000000000000_ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1",
+        "o365.audit.ExtendedProperties.env_epoch": "31CXC",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "38438635",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:33:26.1037807Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"RequiredResourceAccess\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem",
+        "o365.audit.ExtendedProperties.targetObjectId": "08d8bb01-c269-4a92-9929-a1a89b729512",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "8f6eb24b-6e61-4ee2-a376-31368c300613",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "RequiredResourceAccess",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ObjectId": "Not Available",
+        "o365.audit.Operation": "Update application.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512",
+                "Type": 2
+            },
+            {
+                "ID": "08d8bb01-c269-4a92-9929-a1a89b729512",
+                "Type": 2
+            },
+            {
+                "ID": "Application",
+                "Type": 2
+            },
+            {
+                "ID": "siem",
+                "Type": 1
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T15:33:26.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Update application.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "8f6eb24b-6e61-4ee2-a376-31368c300613",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 11222,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:33:26",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "528b5206-f6de-4c1f-86db-5f750a9960c9",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR556",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1_00000000-0000-0000-0000-000000000000_ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1",
+        "o365.audit.ExtendedProperties.env_epoch": "31CXC",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "38438635",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:33:26.1037807Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"RequiredResourceAccess\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem",
+        "o365.audit.ExtendedProperties.targetObjectId": "08d8bb01-c269-4a92-9929-a1a89b729512",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "8f6eb24b-6e61-4ee2-a376-31368c300613",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "RequiredResourceAccess",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ObjectId": "Not Available",
+        "o365.audit.Operation": "Update application.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512",
+                "Type": 2
+            },
+            {
+                "ID": "08d8bb01-c269-4a92-9929-a1a89b729512",
+                "Type": 2
+            },
+            {
+                "ID": "Application",
+                "Type": 2
+            },
+            {
+                "ID": "siem",
+                "Type": 1
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T15:33:26.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Update service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "b2cc2456-5ac5-4399-b960-82a40036476f",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 16833,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:33:26",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "528b5206-f6de-4c1f-86db-5f750a9960c9",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR556",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1_00000000-0000-0000-0000-000000000000_ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1",
+        "o365.audit.ExtendedProperties.env_epoch": "31CXC",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "38438642",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:33:26.1638042Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem",
+        "o365.audit.ExtendedProperties.targetObjectId": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ExtendedProperties.targetSPN": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "b2cc2456-5ac5-4399-b960-82a40036476f",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.Operation": "Update service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23",
+                "Type": 2
+            },
+            {
+                "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "siem",
+                "Type": 1
+            },
+            {
+                "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+                "Type": 2
+            },
+            {
+                "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T15:33:26.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Update service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "b2cc2456-5ac5-4399-b960-82a40036476f",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 20744,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:33:26",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "528b5206-f6de-4c1f-86db-5f750a9960c9",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR556",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1_00000000-0000-0000-0000-000000000000_ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1",
+        "o365.audit.ExtendedProperties.env_epoch": "31CXC",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "38438642",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:33:26.1638042Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem",
+        "o365.audit.ExtendedProperties.targetObjectId": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ExtendedProperties.targetSPN": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "b2cc2456-5ac5-4399-b960-82a40036476f",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.Operation": "Update service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23",
+                "Type": 2
+            },
+            {
+                "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "siem",
+                "Type": 1
+            },
+            {
+                "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+                "Type": 2
+            },
+            {
+                "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T15:34:06.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Remove app role assignment from service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "7f09b681-251f-4ff0-97cf-5247891b6981",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 24655,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:34:06",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "ac045271-8d7f-49b2-abc9-5130051d879f",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR556",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##2b06f483-d288-458d-b40b-af7ad69a2407_00000000-0000-0000-0000-000000000000_2b06f483-d288-458d-b40b-af7ad69a2407",
+        "o365.audit.ExtendedProperties.env_epoch": "31CXC",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "38464425",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:06.3062012Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "7f09b681-251f-4ff0-97cf-5247891b6981",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Remove app role assignment from service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T15:34:06.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "d8a2ae24-a752-4f8e-adca-c57189a76a71",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 29810,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:34:06",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "ac045271-8d7f-49b2-abc9-5130051d879f",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR556",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##2b06f483-d288-458d-b40b-af7ad69a2407_00000000-0000-0000-0000-000000000000_2b06f483-d288-458d-b40b-af7ad69a2407",
+        "o365.audit.ExtendedProperties.env_epoch": "31CXC",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "38464434",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:06.3062012Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "d8a2ae24-a752-4f8e-adca-c57189a76a71",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T15:34:06.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Remove app role assignment from service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "7f09b681-251f-4ff0-97cf-5247891b6981",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 35008,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:34:06",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "ac045271-8d7f-49b2-abc9-5130051d879f",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR556",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##2b06f483-d288-458d-b40b-af7ad69a2407_00000000-0000-0000-0000-000000000000_2b06f483-d288-458d-b40b-af7ad69a2407",
+        "o365.audit.ExtendedProperties.env_epoch": "31CXC",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "38464425",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:06.3062012Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "7f09b681-251f-4ff0-97cf-5247891b6981",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Remove app role assignment from service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T15:34:06.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "d8a2ae24-a752-4f8e-adca-c57189a76a71",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 40163,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:34:06",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "ac045271-8d7f-49b2-abc9-5130051d879f",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR556",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##2b06f483-d288-458d-b40b-af7ad69a2407_00000000-0000-0000-0000-000000000000_2b06f483-d288-458d-b40b-af7ad69a2407",
+        "o365.audit.ExtendedProperties.env_epoch": "31CXC",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "38464434",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:06.3062012Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "d8a2ae24-a752-4f8e-adca-c57189a76a71",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T15:34:06.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Remove app role assignment from service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "7f09b681-251f-4ff0-97cf-5247891b6981",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 45361,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:34:06",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "ac045271-8d7f-49b2-abc9-5130051d879f",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR556",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##2b06f483-d288-458d-b40b-af7ad69a2407_00000000-0000-0000-0000-000000000000_2b06f483-d288-458d-b40b-af7ad69a2407",
+        "o365.audit.ExtendedProperties.env_epoch": "31CXC",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "38464425",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:06.3062012Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "7f09b681-251f-4ff0-97cf-5247891b6981",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Remove app role assignment from service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T15:34:47.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "02868191-019a-453a-a3a9-a21f44898778",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 50516,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:34:47",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "d37460cd-3d19-4ae9-9515-015f27036e74",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR568",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555",
+        "o365.audit.ExtendedProperties.env_epoch": "FYE60",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "51372061",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:47.4999796Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "02868191-019a-453a-a3a9-a21f44898778",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T15:34:47.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "02868191-019a-453a-a3a9-a21f44898778",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 55714,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:34:47",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "d37460cd-3d19-4ae9-9515-015f27036e74",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR568",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555",
+        "o365.audit.ExtendedProperties.env_epoch": "FYE60",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "51372061",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:47.4999796Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "02868191-019a-453a-a3a9-a21f44898778",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T15:34:47.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Remove app role assignment from service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "115f72b6-e8e6-4710-98e9-63ccd20bf2ec",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 60912,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:34:47",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "d37460cd-3d19-4ae9-9515-015f27036e74",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR568",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555",
+        "o365.audit.ExtendedProperties.env_epoch": "FYE60",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "51372052",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:47.4999796Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "115f72b6-e8e6-4710-98e9-63ccd20bf2ec",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Remove app role assignment from service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T15:34:47.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "02868191-019a-453a-a3a9-a21f44898778",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 66067,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:34:47",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "d37460cd-3d19-4ae9-9515-015f27036e74",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR568",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555",
+        "o365.audit.ExtendedProperties.env_epoch": "FYE60",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "51372061",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:47.4999796Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "02868191-019a-453a-a3a9-a21f44898778",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T15:34:47.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Remove app role assignment from service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "115f72b6-e8e6-4710-98e9-63ccd20bf2ec",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 71265,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:34:47",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "d37460cd-3d19-4ae9-9515-015f27036e74",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR568",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555",
+        "o365.audit.ExtendedProperties.env_epoch": "FYE60",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "51372052",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:47.4999796Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "115f72b6-e8e6-4710-98e9-63ccd20bf2ec",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Remove app role assignment from service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T15:34:47.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Remove app role assignment from service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "115f72b6-e8e6-4710-98e9-63ccd20bf2ec",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 76420,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:34:47",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "d37460cd-3d19-4ae9-9515-015f27036e74",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR568",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555",
+        "o365.audit.ExtendedProperties.env_epoch": "FYE60",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "51372052",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:47.4999796Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "115f72b6-e8e6-4710-98e9-63ccd20bf2ec",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Remove app role assignment from service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T15:34:47.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "02868191-019a-453a-a3a9-a21f44898778",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 81575,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:34:47",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "d37460cd-3d19-4ae9-9515-015f27036e74",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR568",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555",
+        "o365.audit.ExtendedProperties.env_epoch": "FYE60",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "51372061",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:47.4999796Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "02868191-019a-453a-a3a9-a21f44898778",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T15:34:47.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Remove app role assignment from service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "115f72b6-e8e6-4710-98e9-63ccd20bf2ec",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 86773,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:34:47",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "d37460cd-3d19-4ae9-9515-015f27036e74",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR568",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##bbd4acc6-20b3-4cd0-8b7a-219510222555_00000000-0000-0000-0000-000000000000_bbd4acc6-20b3-4cd0-8b7a-219510222555",
+        "o365.audit.ExtendedProperties.env_epoch": "FYE60",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "51372052",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:47.4999796Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "115f72b6-e8e6-4710-98e9-63ccd20bf2ec",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Remove app role assignment from service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T15:34:52.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Update application.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "fe115c66-3e08-4ab4-8a00-84ae25a59078",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 91928,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:34:52",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "5345f95e-44e0-48fc-823c-8206ff821338",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR565",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##957dae7d-5f0a-4e82-a428-61c0dba2878b_00000000-0000-0000-0000-000000000000_957dae7d-5f0a-4e82-a428-61c0dba2878b",
+        "o365.audit.ExtendedProperties.env_epoch": "FQXLK",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "42492828",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:52.5873254Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"RequiredResourceAccess\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem",
+        "o365.audit.ExtendedProperties.targetObjectId": "08d8bb01-c269-4a92-9929-a1a89b729512",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "fe115c66-3e08-4ab4-8a00-84ae25a59078",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "RequiredResourceAccess",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ObjectId": "Not Available",
+        "o365.audit.Operation": "Update application.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512",
+                "Type": 2
+            },
+            {
+                "ID": "08d8bb01-c269-4a92-9929-a1a89b729512",
+                "Type": 2
+            },
+            {
+                "ID": "Application",
+                "Type": 2
+            },
+            {
+                "ID": "siem",
+                "Type": 1
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T15:34:52.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Update application.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "fe115c66-3e08-4ab4-8a00-84ae25a59078",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 97179,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:34:52",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "5345f95e-44e0-48fc-823c-8206ff821338",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR565",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##957dae7d-5f0a-4e82-a428-61c0dba2878b_00000000-0000-0000-0000-000000000000_957dae7d-5f0a-4e82-a428-61c0dba2878b",
+        "o365.audit.ExtendedProperties.env_epoch": "FQXLK",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "42492828",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:52.5873254Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"RequiredResourceAccess\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem",
+        "o365.audit.ExtendedProperties.targetObjectId": "08d8bb01-c269-4a92-9929-a1a89b729512",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "fe115c66-3e08-4ab4-8a00-84ae25a59078",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "RequiredResourceAccess",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ObjectId": "Not Available",
+        "o365.audit.Operation": "Update application.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512",
+                "Type": 2
+            },
+            {
+                "ID": "08d8bb01-c269-4a92-9929-a1a89b729512",
+                "Type": 2
+            },
+            {
+                "ID": "Application",
+                "Type": 2
+            },
+            {
+                "ID": "siem",
+                "Type": 1
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T15:34:52.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Update service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "76f9b173-c35c-4dbb-b5f7-64750ae994ce",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 102430,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:34:52",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "5345f95e-44e0-48fc-823c-8206ff821338",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR565",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##957dae7d-5f0a-4e82-a428-61c0dba2878b_00000000-0000-0000-0000-000000000000_957dae7d-5f0a-4e82-a428-61c0dba2878b",
+        "o365.audit.ExtendedProperties.env_epoch": "FQXLK",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "42492835",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T15:34:52.6473040Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem",
+        "o365.audit.ExtendedProperties.targetObjectId": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ExtendedProperties.targetSPN": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "76f9b173-c35c-4dbb-b5f7-64750ae994ce",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.Operation": "Update service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23",
+                "Type": 2
+            },
+            {
+                "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "siem",
+                "Type": 1
+            },
+            {
+                "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+                "Type": 2
+            },
+            {
+                "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T18:25:54.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Update application.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "d6ad8dba-dd88-499e-a1e1-e649bf8eeb71",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 106341,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T18:25:54",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "51e48c97-80b1-42bb-b732-8b578dfac528",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR575",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##a3a48e48-9c2c-4655-9862-13069eb7726c_00000000-0000-0000-0000-000000000000_a3a48e48-9c2c-4655-9862-13069eb7726c",
+        "o365.audit.ExtendedProperties.env_epoch": "73AB6",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "43793182",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:25:54.7174137Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"RequiredResourceAccess\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem",
+        "o365.audit.ExtendedProperties.targetObjectId": "08d8bb01-c269-4a92-9929-a1a89b729512",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "d6ad8dba-dd88-499e-a1e1-e649bf8eeb71",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "RequiredResourceAccess",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ObjectId": "Not Available",
+        "o365.audit.Operation": "Update application.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512",
+                "Type": 2
+            },
+            {
+                "ID": "08d8bb01-c269-4a92-9929-a1a89b729512",
+                "Type": 2
+            },
+            {
+                "ID": "Application",
+                "Type": 2
+            },
+            {
+                "ID": "siem",
+                "Type": 1
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T18:25:54.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Update application.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "d6ad8dba-dd88-499e-a1e1-e649bf8eeb71",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 111772,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T18:25:54",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "51e48c97-80b1-42bb-b732-8b578dfac528",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR575",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##a3a48e48-9c2c-4655-9862-13069eb7726c_00000000-0000-0000-0000-000000000000_a3a48e48-9c2c-4655-9862-13069eb7726c",
+        "o365.audit.ExtendedProperties.env_epoch": "73AB6",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "43793182",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:25:54.7174137Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"RequiredResourceAccess\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem",
+        "o365.audit.ExtendedProperties.targetObjectId": "08d8bb01-c269-4a92-9929-a1a89b729512",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "d6ad8dba-dd88-499e-a1e1-e649bf8eeb71",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "RequiredResourceAccess",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ObjectId": "Not Available",
+        "o365.audit.Operation": "Update application.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512",
+                "Type": 2
+            },
+            {
+                "ID": "08d8bb01-c269-4a92-9929-a1a89b729512",
+                "Type": 2
+            },
+            {
+                "ID": "Application",
+                "Type": 2
+            },
+            {
+                "ID": "siem",
+                "Type": 1
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T18:25:54.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Update application.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "d6ad8dba-dd88-499e-a1e1-e649bf8eeb71",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 117203,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T18:25:54",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "51e48c97-80b1-42bb-b732-8b578dfac528",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR575",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##a3a48e48-9c2c-4655-9862-13069eb7726c_00000000-0000-0000-0000-000000000000_a3a48e48-9c2c-4655-9862-13069eb7726c",
+        "o365.audit.ExtendedProperties.env_epoch": "73AB6",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "43793182",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:25:54.7174137Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"RequiredResourceAccess\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem",
+        "o365.audit.ExtendedProperties.targetObjectId": "08d8bb01-c269-4a92-9929-a1a89b729512",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "d6ad8dba-dd88-499e-a1e1-e649bf8eeb71",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "RequiredResourceAccess",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ObjectId": "Not Available",
+        "o365.audit.Operation": "Update application.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Application_08d8bb01-c269-4a92-9929-a1a89b729512",
+                "Type": 2
+            },
+            {
+                "ID": "08d8bb01-c269-4a92-9929-a1a89b729512",
+                "Type": 2
+            },
+            {
+                "ID": "Application",
+                "Type": 2
+            },
+            {
+                "ID": "siem",
+                "Type": 1
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T18:25:54.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Update service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "606ae654-e71e-4a6b-a07c-85acd775667b",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 122634,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T18:25:54",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "51e48c97-80b1-42bb-b732-8b578dfac528",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR575",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##a3a48e48-9c2c-4655-9862-13069eb7726c_00000000-0000-0000-0000-000000000000_a3a48e48-9c2c-4655-9862-13069eb7726c",
+        "o365.audit.ExtendedProperties.env_epoch": "73AB6",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "43793206",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:25:54.7823970Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem",
+        "o365.audit.ExtendedProperties.targetObjectId": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ExtendedProperties.targetSPN": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "606ae654-e71e-4a6b-a07c-85acd775667b",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.Operation": "Update service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23",
+                "Type": 2
+            },
+            {
+                "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "siem",
+                "Type": 1
+            },
+            {
+                "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+                "Type": 2
+            },
+            {
+                "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T18:26:05.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add app role assignment to service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "14f7e7eb-0fd1-4f89-bda8-642d035f3541",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 126545,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T18:26:05",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR530",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99",
+        "o365.audit.ExtendedProperties.env_epoch": "0871Y",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "46795815",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:26:05.9242333Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "14f7e7eb-0fd1-4f89-bda8-642d035f3541",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add app role assignment to service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T18:26:05.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add app role assignment to service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "41c7d7a7-ce53-4696-aa78-37c451a95fe1",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 131695,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T18:26:05",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR530",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99",
+        "o365.audit.ExtendedProperties.env_epoch": "0871Y",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "46795878",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:26:05.9992570Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "41c7d7a7-ce53-4696-aa78-37c451a95fe1",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add app role assignment to service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T18:26:05.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add app role assignment to service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "14f7e7eb-0fd1-4f89-bda8-642d035f3541",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 136845,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T18:26:05",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR530",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99",
+        "o365.audit.ExtendedProperties.env_epoch": "0871Y",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "46795815",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:26:05.9242333Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "14f7e7eb-0fd1-4f89-bda8-642d035f3541",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add app role assignment to service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T18:26:05.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add app role assignment to service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "41c7d7a7-ce53-4696-aa78-37c451a95fe1",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 141995,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T18:26:05",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR530",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99",
+        "o365.audit.ExtendedProperties.env_epoch": "0871Y",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "46795878",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:26:05.9992570Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "41c7d7a7-ce53-4696-aa78-37c451a95fe1",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add app role assignment to service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T18:26:05.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add app role assignment to service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "14f7e7eb-0fd1-4f89-bda8-642d035f3541",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 147145,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T18:26:05",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR530",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99",
+        "o365.audit.ExtendedProperties.env_epoch": "0871Y",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "46795815",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:26:05.9242333Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "14f7e7eb-0fd1-4f89-bda8-642d035f3541",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add app role assignment to service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T18:26:05.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add app role assignment to service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "41c7d7a7-ce53-4696-aa78-37c451a95fe1",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 152295,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T18:26:05",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR530",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99",
+        "o365.audit.ExtendedProperties.env_epoch": "0871Y",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "46795878",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:26:05.9992570Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "41c7d7a7-ce53-4696-aa78-37c451a95fe1",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add app role assignment to service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T18:26:05.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add app role assignment to service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "41c7d7a7-ce53-4696-aa78-37c451a95fe1",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 157445,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T18:26:05",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR530",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99",
+        "o365.audit.ExtendedProperties.env_epoch": "0871Y",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "46795878",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:26:05.9992570Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "41c7d7a7-ce53-4696-aa78-37c451a95fe1",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add app role assignment to service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T18:26:05.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add app role assignment to service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "14f7e7eb-0fd1-4f89-bda8-642d035f3541",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 162595,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T18:26:05",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR530",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99",
+        "o365.audit.ExtendedProperties.env_epoch": "0871Y",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "46795815",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:26:05.9242333Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "14f7e7eb-0fd1-4f89-bda8-642d035f3541",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add app role assignment to service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T18:26:06.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Consent to application.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "821dc03c-4e38-4cd1-82b2-3155b41b4418",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 167745,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T18:26:06",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR530",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99",
+        "o365.audit.ExtendedProperties.env_epoch": "0871Y",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "46795893",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:26:06.0142481Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem",
+        "o365.audit.ExtendedProperties.targetObjectId": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ExtendedProperties.targetSPN": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "821dc03c-4e38-4cd1-82b2-3155b41b4418",
+        "o365.audit.ModifiedProperties.ConsentAction_Permissions.NewValue": "[[Id: MygkXJyQa0y8o1D-qqmNI_mOUpib6JpGsZv6jnKgD6Y, ClientId: 5c242833-909c-4c6b-bca3-50feaaa98d23, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]] => [[Id: MygkXJyQa0y8o1D-qqmNI_mOUpib6JpGsZv6jnKgD6Y, ClientId: 5c242833-909c-4c6b-bca3-50feaaa98d23, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; ",
+        "o365.audit.ModifiedProperties.ConsentAction_Permissions.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.NewValue": "True",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.NewValue": "False",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.NewValue": "True",
+        "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_Tags.NewValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_Tags.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.Operation": "Consent to application.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23",
+                "Type": 2
+            },
+            {
+                "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "siem",
+                "Type": 1
+            },
+            {
+                "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+                "Type": 2
+            },
+            {
+                "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-09T18:26:06.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Consent to application.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "821dc03c-4e38-4cd1-82b2-3155b41b4418",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 172525,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T18:26:06",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "206711cb-0722-49cc-a9ad-af7f34da9452",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR530",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##7d51f55f-78c7-4cb8-8046-40aecfef1c99_00000000-0000-0000-0000-000000000000_7d51f55f-78c7-4cb8-8046-40aecfef1c99",
+        "o365.audit.ExtendedProperties.env_epoch": "0871Y",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "46795893",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-09T18:26:06.0142481Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem",
+        "o365.audit.ExtendedProperties.targetObjectId": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ExtendedProperties.targetSPN": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "821dc03c-4e38-4cd1-82b2-3155b41b4418",
+        "o365.audit.ModifiedProperties.ConsentAction_Permissions.NewValue": "[[Id: MygkXJyQa0y8o1D-qqmNI_mOUpib6JpGsZv6jnKgD6Y, ClientId: 5c242833-909c-4c6b-bca3-50feaaa98d23, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]] => [[Id: MygkXJyQa0y8o1D-qqmNI_mOUpib6JpGsZv6jnKgD6Y, ClientId: 5c242833-909c-4c6b-bca3-50feaaa98d23, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; ",
+        "o365.audit.ModifiedProperties.ConsentAction_Permissions.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.NewValue": "True",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.NewValue": "False",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.NewValue": "True",
+        "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_Tags.NewValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_Tags.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.Operation": "Consent to application.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23",
+                "Type": 2
+            },
+            {
+                "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "siem",
+                "Type": 1
+            },
+            {
+                "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+                "Type": 2
+            },
+            {
+                "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-10T15:15:04.000Z",
+        "event.action": "Update user.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "83c924c1-f2e2-4b39-8eda-b80c3823a875",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 177305,
+        "o365.audit.Actor": [
+            {
+                "ID": "fim_password_service@support.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "100300008060F582",
+                "Type": 3
+            },
+            {
+                "ID": "User_00000000-0000-0000-0000-000000000000",
+                "Type": 2
+            },
+            {
+                "ID": "00000000-0000-0000-0000-000000000000",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "d51ef8df-6617-4356-b8d4-89ad7efef31e",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.CreationTime": "2020-02-10T15:15:04",
+        "o365.audit.ExtendedProperties.actorContextId": "d51ef8df-6617-4356-b8d4-89ad7efef31e",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "00000000-0000-0000-0000-000000000000",
+        "o365.audit.ExtendedProperties.actorPUID": "100300008060F582",
+        "o365.audit.ExtendedProperties.actorUPN": "fim_password_service@support.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"UserType\":\"Member\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "UserManagement",
+        "o365.audit.ExtendedProperties.correlationId": "4aa56c6c-8fa5-4787-a165-03f181541438",
+        "o365.audit.ExtendedProperties.env_appId": "becwebservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "becwebservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RBWSR554",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##00000000-0000-0000-0000-000000000000_00000000-0000-0000-0000-000000000000_00000000-0000-0000-0000-000000000000",
+        "o365.audit.ExtendedProperties.env_epoch": "4QPHR",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "87075075",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:15:04.2043419Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "User",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"StrongAuthenticationPhoneAppDetail\",\"TargetId.UserType\"]",
+        "o365.audit.ExtendedProperties.targetObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.targetPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.targetUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "83c924c1-f2e2-4b39-8eda-b80c3823a875",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "StrongAuthenticationPhoneAppDetail",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_UserType.NewValue": "Member",
+        "o365.audit.ModifiedProperties.TargetId_UserType.OldValue": "",
+        "o365.audit.ObjectId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.Operation": "Update user.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "fim_password_service@support.onmicrosoft.com",
+        "o365.audit.UserKey": "100300008060F582@support.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.user": "fim_password_service",
+        "service.type": "o365",
+        "user.domain": "support.onmicrosoft.com",
+        "user.id": "fim_password_service@support.onmicrosoft.com",
+        "user.name": "fim_password_service"
+    },
+    {
+        "@timestamp": "2020-02-10T15:16:18.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Remove OAuth2PermissionGrant.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "ec6ba716-ec04-460a-8d9e-661d732c4689",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 181962,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:16:18",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "2e358876-29c8-45b5-8dba-e233cf769988",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR581",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##b2c3071c-9589-469b-9fb1-9311682625c0_00000000-0000-0000-0000-000000000000_b2c3071c-9589-469b-9fb1-9311682625c0",
+        "o365.audit.ExtendedProperties.env_epoch": "Z4XUI",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "43649666",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:16:18.9844570Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Microsoft Graph",
+        "o365.audit.ExtendedProperties.targetObjectId": "98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+        "o365.audit.ExtendedProperties.targetSPN": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "ec6ba716-ec04-460a-8d9e-661d732c4689",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.Operation": "Remove OAuth2PermissionGrant.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+                "Type": 2
+            },
+            {
+                "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Microsoft Graph",
+                "Type": 1
+            },
+            {
+                "ID": "00000003-0000-0000-c000-000000000000",
+                "Type": 2
+            },
+            {
+                "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-10T15:16:18.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Remove OAuth2PermissionGrant.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "ec6ba716-ec04-460a-8d9e-661d732c4689",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 187354,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:16:18",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "2e358876-29c8-45b5-8dba-e233cf769988",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR581",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##b2c3071c-9589-469b-9fb1-9311682625c0_00000000-0000-0000-0000-000000000000_b2c3071c-9589-469b-9fb1-9311682625c0",
+        "o365.audit.ExtendedProperties.env_epoch": "Z4XUI",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "43649666",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:16:18.9844570Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Microsoft Graph",
+        "o365.audit.ExtendedProperties.targetObjectId": "98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+        "o365.audit.ExtendedProperties.targetSPN": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "ec6ba716-ec04-460a-8d9e-661d732c4689",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.Operation": "Remove OAuth2PermissionGrant.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+                "Type": 2
+            },
+            {
+                "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Microsoft Graph",
+                "Type": 1
+            },
+            {
+                "ID": "00000003-0000-0000-c000-000000000000",
+                "Type": 2
+            },
+            {
+                "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-10T15:16:18.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Remove OAuth2PermissionGrant.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "ec6ba716-ec04-460a-8d9e-661d732c4689",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 192746,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:16:18",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "2e358876-29c8-45b5-8dba-e233cf769988",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR581",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##b2c3071c-9589-469b-9fb1-9311682625c0_00000000-0000-0000-0000-000000000000_b2c3071c-9589-469b-9fb1-9311682625c0",
+        "o365.audit.ExtendedProperties.env_epoch": "Z4XUI",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "43649666",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:16:18.9844570Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Microsoft Graph",
+        "o365.audit.ExtendedProperties.targetObjectId": "98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+        "o365.audit.ExtendedProperties.targetSPN": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "ec6ba716-ec04-460a-8d9e-661d732c4689",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.Operation": "Remove OAuth2PermissionGrant.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+                "Type": 2
+            },
+            {
+                "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Microsoft Graph",
+                "Type": 1
+            },
+            {
+                "ID": "00000003-0000-0000-c000-000000000000",
+                "Type": 2
+            },
+            {
+                "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-10T15:17:00.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Remove app role assignment from service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "31d7436e-85aa-4aee-a945-6a0ff51ea975",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 198138,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:17:00",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "b2484c3c-5461-43ab-850b-70fccf706796",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR551",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##53a69eec-6bcd-473f-9c68-150d680e0776_00000000-0000-0000-0000-000000000000_53a69eec-6bcd-473f-9c68-150d680e0776",
+        "o365.audit.ExtendedProperties.env_epoch": "OLE3R",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "55908032",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:17:00.2133065Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "31d7436e-85aa-4aee-a945-6a0ff51ea975",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Remove app role assignment from service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-10T15:17:00.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "7bca6665-4d58-4df9-bd34-4d92e1fc63aa",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 203293,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:17:00",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "b2484c3c-5461-43ab-850b-70fccf706796",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR551",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##53a69eec-6bcd-473f-9c68-150d680e0776_00000000-0000-0000-0000-000000000000_53a69eec-6bcd-473f-9c68-150d680e0776",
+        "o365.audit.ExtendedProperties.env_epoch": "OLE3R",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "55908041",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:17:00.2133065Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "7bca6665-4d58-4df9-bd34-4d92e1fc63aa",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-10T15:17:00.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Remove app role assignment from service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "31d7436e-85aa-4aee-a945-6a0ff51ea975",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 208491,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:17:00",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "b2484c3c-5461-43ab-850b-70fccf706796",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR551",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##53a69eec-6bcd-473f-9c68-150d680e0776_00000000-0000-0000-0000-000000000000_53a69eec-6bcd-473f-9c68-150d680e0776",
+        "o365.audit.ExtendedProperties.env_epoch": "OLE3R",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "55908032",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:17:00.2133065Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "31d7436e-85aa-4aee-a945-6a0ff51ea975",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Remove app role assignment from service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-10T15:17:00.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "7bca6665-4d58-4df9-bd34-4d92e1fc63aa",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 213646,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:17:00",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "b2484c3c-5461-43ab-850b-70fccf706796",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR551",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##53a69eec-6bcd-473f-9c68-150d680e0776_00000000-0000-0000-0000-000000000000_53a69eec-6bcd-473f-9c68-150d680e0776",
+        "o365.audit.ExtendedProperties.env_epoch": "OLE3R",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "55908041",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:17:00.2133065Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "7bca6665-4d58-4df9-bd34-4d92e1fc63aa",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-10T15:17:00.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "7bca6665-4d58-4df9-bd34-4d92e1fc63aa",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 218844,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:17:00",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "b2484c3c-5461-43ab-850b-70fccf706796",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR551",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##53a69eec-6bcd-473f-9c68-150d680e0776_00000000-0000-0000-0000-000000000000_53a69eec-6bcd-473f-9c68-150d680e0776",
+        "o365.audit.ExtendedProperties.env_epoch": "OLE3R",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "55908041",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:17:00.2133065Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "7bca6665-4d58-4df9-bd34-4d92e1fc63aa",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-10T15:17:45.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Remove app role assignment from service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "227bc85c-0c21-4df3-9e11-3a24f104e1e4",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 224042,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:17:45",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "2f79971d-1802-40d2-b048-6cf4f85c010b",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR519",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c",
+        "o365.audit.ExtendedProperties.env_epoch": "95CEL",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "44735117",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:17:45.3474390Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "227bc85c-0c21-4df3-9e11-3a24f104e1e4",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Remove app role assignment from service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-10T15:17:45.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "a385881d-d5e8-47b0-83ea-d50d6c9906e4",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 229197,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:17:45",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "2f79971d-1802-40d2-b048-6cf4f85c010b",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR519",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c",
+        "o365.audit.ExtendedProperties.env_epoch": "95CEL",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "44735126",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:17:45.3474390Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "a385881d-d5e8-47b0-83ea-d50d6c9906e4",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-10T15:17:45.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "a385881d-d5e8-47b0-83ea-d50d6c9906e4",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 234395,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:17:45",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "2f79971d-1802-40d2-b048-6cf4f85c010b",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR519",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c",
+        "o365.audit.ExtendedProperties.env_epoch": "95CEL",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "44735126",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:17:45.3474390Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "a385881d-d5e8-47b0-83ea-d50d6c9906e4",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-10T15:17:45.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Remove app role assignment from service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "227bc85c-0c21-4df3-9e11-3a24f104e1e4",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 239593,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:17:45",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "2f79971d-1802-40d2-b048-6cf4f85c010b",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR519",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c",
+        "o365.audit.ExtendedProperties.env_epoch": "95CEL",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "44735117",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:17:45.3474390Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "227bc85c-0c21-4df3-9e11-3a24f104e1e4",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Remove app role assignment from service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-10T15:17:45.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Remove app role assignment from service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "227bc85c-0c21-4df3-9e11-3a24f104e1e4",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 244748,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:17:45",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "2f79971d-1802-40d2-b048-6cf4f85c010b",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR519",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c",
+        "o365.audit.ExtendedProperties.env_epoch": "95CEL",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "44735117",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:17:45.3474390Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "227bc85c-0c21-4df3-9e11-3a24f104e1e4",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Remove app role assignment from service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-10T15:17:45.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "a385881d-d5e8-47b0-83ea-d50d6c9906e4",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 249903,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:17:45",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "2f79971d-1802-40d2-b048-6cf4f85c010b",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR519",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c",
+        "o365.audit.ExtendedProperties.env_epoch": "95CEL",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "44735126",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:17:45.3474390Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "a385881d-d5e8-47b0-83ea-d50d6c9906e4",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-10T15:17:45.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add a deletion-marked app role assignment grant to service principal as part of link removal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "a385881d-d5e8-47b0-83ea-d50d6c9906e4",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 255101,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:17:45",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "2f79971d-1802-40d2-b048-6cf4f85c010b",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR519",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##7680db8f-eddb-4082-952a-0a3cfafd117c_00000000-0000-0000-0000-000000000000_7680db8f-eddb-4082-952a-0a3cfafd117c",
+        "o365.audit.ExtendedProperties.env_epoch": "95CEL",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "44735126",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:17:45.3474390Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "a385881d-d5e8-47b0-83ea-d50d6c9906e4",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add a deletion-marked app role assignment grant to service principal as part of link removal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-10T15:30:06.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Consent to application.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "0031778a-80cf-49f8-aea2-f798c9bf1ec9",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 260299,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:30:06",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "654d7080-aee6-4826-abd9-c5710b336614",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR57",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78",
+        "o365.audit.ExtendedProperties.env_epoch": "38FW7",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "43118027",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:30:06.3393756Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem",
+        "o365.audit.ExtendedProperties.targetObjectId": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ExtendedProperties.targetSPN": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "0031778a-80cf-49f8-aea2-f798c9bf1ec9",
+        "o365.audit.ModifiedProperties.ConsentAction_Permissions.NewValue": "[] => [[Id: MygkXJyQa0y8o1D-qqmNI_mOUpib6JpGsZv6jnKgD6Y, ClientId: 5c242833-909c-4c6b-bca3-50feaaa98d23, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; ",
+        "o365.audit.ModifiedProperties.ConsentAction_Permissions.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.NewValue": "True",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.NewValue": "False",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.NewValue": "True",
+        "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_Tags.NewValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_Tags.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.Operation": "Consent to application.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23",
+                "Type": 2
+            },
+            {
+                "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "siem",
+                "Type": 1
+            },
+            {
+                "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+                "Type": 2
+            },
+            {
+                "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-10T15:30:06.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Consent to application.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "0031778a-80cf-49f8-aea2-f798c9bf1ec9",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 264870,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:30:06",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "654d7080-aee6-4826-abd9-c5710b336614",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR57",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78",
+        "o365.audit.ExtendedProperties.env_epoch": "38FW7",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "43118027",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:30:06.3393756Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem",
+        "o365.audit.ExtendedProperties.targetObjectId": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ExtendedProperties.targetSPN": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "0031778a-80cf-49f8-aea2-f798c9bf1ec9",
+        "o365.audit.ModifiedProperties.ConsentAction_Permissions.NewValue": "[] => [[Id: MygkXJyQa0y8o1D-qqmNI_mOUpib6JpGsZv6jnKgD6Y, ClientId: 5c242833-909c-4c6b-bca3-50feaaa98d23, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; ",
+        "o365.audit.ModifiedProperties.ConsentAction_Permissions.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.NewValue": "True",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.NewValue": "False",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.NewValue": "True",
+        "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_Tags.NewValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_Tags.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.Operation": "Consent to application.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_5c242833-909c-4c6b-bca3-50feaaa98d23",
+                "Type": 2
+            },
+            {
+                "ID": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "siem",
+                "Type": 1
+            },
+            {
+                "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+                "Type": 2
+            },
+            {
+                "ID": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-10T15:30:06.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add OAuth2PermissionGrant.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "ad12e6ca-cb87-4bc5-8103-dbc83cb9a4f8",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 269441,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:30:06",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "654d7080-aee6-4826-abd9-c5710b336614",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR57",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78",
+        "o365.audit.ExtendedProperties.env_epoch": "38FW7",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "43118019",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:30:06.3343965Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Microsoft Graph",
+        "o365.audit.ExtendedProperties.targetObjectId": "98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+        "o365.audit.ExtendedProperties.targetSPN": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "ad12e6ca-cb87-4bc5-8103-dbc83cb9a4f8",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.Operation": "Add OAuth2PermissionGrant.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+                "Type": 2
+            },
+            {
+                "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Microsoft Graph",
+                "Type": 1
+            },
+            {
+                "ID": "00000003-0000-0000-c000-000000000000",
+                "Type": 2
+            },
+            {
+                "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-10T15:30:06.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add OAuth2PermissionGrant.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "ad12e6ca-cb87-4bc5-8103-dbc83cb9a4f8",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 274829,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:30:06",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "654d7080-aee6-4826-abd9-c5710b336614",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR57",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78",
+        "o365.audit.ExtendedProperties.env_epoch": "38FW7",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "43118019",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:30:06.3343965Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Microsoft Graph",
+        "o365.audit.ExtendedProperties.targetObjectId": "98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+        "o365.audit.ExtendedProperties.targetSPN": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "ad12e6ca-cb87-4bc5-8103-dbc83cb9a4f8",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.Operation": "Add OAuth2PermissionGrant.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+                "Type": 2
+            },
+            {
+                "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Microsoft Graph",
+                "Type": 1
+            },
+            {
+                "ID": "00000003-0000-0000-c000-000000000000",
+                "Type": 2
+            },
+            {
+                "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-10T15:30:06.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add OAuth2PermissionGrant.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "ad12e6ca-cb87-4bc5-8103-dbc83cb9a4f8",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 280217,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:30:06",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "654d7080-aee6-4826-abd9-c5710b336614",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR57",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78",
+        "o365.audit.ExtendedProperties.env_epoch": "38FW7",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "43118019",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:30:06.3343965Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Microsoft Graph",
+        "o365.audit.ExtendedProperties.targetObjectId": "98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+        "o365.audit.ExtendedProperties.targetSPN": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "ad12e6ca-cb87-4bc5-8103-dbc83cb9a4f8",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.Operation": "Add OAuth2PermissionGrant.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+                "Type": 2
+            },
+            {
+                "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Microsoft Graph",
+                "Type": 1
+            },
+            {
+                "ID": "00000003-0000-0000-c000-000000000000",
+                "Type": 2
+            },
+            {
+                "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-10T15:30:06.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add OAuth2PermissionGrant.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "ad12e6ca-cb87-4bc5-8103-dbc83cb9a4f8",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 285605,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:30:06",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "654d7080-aee6-4826-abd9-c5710b336614",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR57",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78",
+        "o365.audit.ExtendedProperties.env_epoch": "38FW7",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "43118019",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:30:06.3343965Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Microsoft Graph",
+        "o365.audit.ExtendedProperties.targetObjectId": "98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+        "o365.audit.ExtendedProperties.targetSPN": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "ad12e6ca-cb87-4bc5-8103-dbc83cb9a4f8",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.Operation": "Add OAuth2PermissionGrant.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+                "Type": 2
+            },
+            {
+                "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Microsoft Graph",
+                "Type": 1
+            },
+            {
+                "ID": "00000003-0000-0000-c000-000000000000",
+                "Type": 2
+            },
+            {
+                "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-10T15:30:06.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add app role assignment to service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "678f80a3-92c4-4bb6-83a1-1c39d5a87225",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 290993,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:30:06",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "654d7080-aee6-4826-abd9-c5710b336614",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR57",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78",
+        "o365.audit.ExtendedProperties.env_epoch": "38FW7",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "43117912",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:30:06.1843731Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "678f80a3-92c4-4bb6-83a1-1c39d5a87225",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add app role assignment to service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-10T15:30:06.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add app role assignment to service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "a73c1c7e-5591-4912-94cc-527ad6f48ed8",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 296142,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:30:06",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "654d7080-aee6-4826-abd9-c5710b336614",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR57",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78",
+        "o365.audit.ExtendedProperties.env_epoch": "38FW7",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "43117959",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:30:06.2593808Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "a73c1c7e-5591-4912-94cc-527ad6f48ed8",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add app role assignment to service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-10T15:30:06.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add app role assignment to service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "a73c1c7e-5591-4912-94cc-527ad6f48ed8",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 301291,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:30:06",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "654d7080-aee6-4826-abd9-c5710b336614",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR57",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78",
+        "o365.audit.ExtendedProperties.env_epoch": "38FW7",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "43117959",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:30:06.2593808Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "a73c1c7e-5591-4912-94cc-527ad6f48ed8",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add app role assignment to service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-10T15:30:06.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add app role assignment to service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "678f80a3-92c4-4bb6-83a1-1c39d5a87225",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 306440,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:30:06",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "654d7080-aee6-4826-abd9-c5710b336614",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR57",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78",
+        "o365.audit.ExtendedProperties.env_epoch": "38FW7",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "43117912",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:30:06.1843731Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "678f80a3-92c4-4bb6-83a1-1c39d5a87225",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add app role assignment to service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-10T15:30:06.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add app role assignment to service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "678f80a3-92c4-4bb6-83a1-1c39d5a87225",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 311589,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:30:06",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"5c242833-909c-4c6b-bca3-50feaaa98d23\",\"DisplayName\":\"siem\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\",\"Name\":\"71a0194b-b70c-44a6-82f2-d4670aee4585\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "654d7080-aee6-4826-abd9-c5710b336614",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR57",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78_00000000-0000-0000-0000-000000000000_eb6f4dc6-03bb-4c63-9cab-f08dd1f79c78",
+        "o365.audit.ExtendedProperties.env_epoch": "38FW7",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "43117912",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-10T15:30:06.1843731Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "678f80a3-92c4-4bb6-83a1-1c39d5a87225",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "71a0194b-b70c-44a6-82f2-d4670aee4585",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "5c242833-909c-4c6b-bca3-50feaaa98d23",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add app role assignment to service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:36:30.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add application.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "689aaff0-b34f-4077-9244-0563b9f9c03b",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 316738,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:36:30",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "484659af-7387-4b77-b889-c4d2a8060004",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR521",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##9758fd77-23a7-4fdc-951a-f9200b1a4af9_00000000-0000-0000-0000-000000000000_9758fd77-23a7-4fdc-951a-f9200b1a4af9",
+        "o365.audit.ExtendedProperties.env_epoch": "SDA9U",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "41554400",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:36:30.6833528Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"AppId\",\"AvailableToOtherTenants\",\"DisplayName\",\"RequiredResourceAccess\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem2",
+        "o365.audit.ExtendedProperties.targetObjectId": "33cdc459-1335-4d6c-b773-f5eef4df7793",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "689aaff0-b34f-4077-9244-0563b9f9c03b",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "AppId, AvailableToOtherTenants, DisplayName, RequiredResourceAccess",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ObjectId": "Not Available",
+        "o365.audit.Operation": "Add application.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793",
+                "Type": 2
+            },
+            {
+                "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793",
+                "Type": 2
+            },
+            {
+                "ID": "Application",
+                "Type": 2
+            },
+            {
+                "ID": "siem2",
+                "Type": 1
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:36:30.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add application.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "689aaff0-b34f-4077-9244-0563b9f9c03b",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 321131,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:36:30",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "484659af-7387-4b77-b889-c4d2a8060004",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR521",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##9758fd77-23a7-4fdc-951a-f9200b1a4af9_00000000-0000-0000-0000-000000000000_9758fd77-23a7-4fdc-951a-f9200b1a4af9",
+        "o365.audit.ExtendedProperties.env_epoch": "SDA9U",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "41554400",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:36:30.6833528Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"AppId\",\"AvailableToOtherTenants\",\"DisplayName\",\"RequiredResourceAccess\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem2",
+        "o365.audit.ExtendedProperties.targetObjectId": "33cdc459-1335-4d6c-b773-f5eef4df7793",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "689aaff0-b34f-4077-9244-0563b9f9c03b",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "AppId, AvailableToOtherTenants, DisplayName, RequiredResourceAccess",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ObjectId": "Not Available",
+        "o365.audit.Operation": "Add application.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793",
+                "Type": 2
+            },
+            {
+                "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793",
+                "Type": 2
+            },
+            {
+                "ID": "Application",
+                "Type": 2
+            },
+            {
+                "ID": "siem2",
+                "Type": 1
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:36:30.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add application.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "689aaff0-b34f-4077-9244-0563b9f9c03b",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 325524,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:36:30",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "484659af-7387-4b77-b889-c4d2a8060004",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR521",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##9758fd77-23a7-4fdc-951a-f9200b1a4af9_00000000-0000-0000-0000-000000000000_9758fd77-23a7-4fdc-951a-f9200b1a4af9",
+        "o365.audit.ExtendedProperties.env_epoch": "SDA9U",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "41554400",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:36:30.6833528Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"AppId\",\"AvailableToOtherTenants\",\"DisplayName\",\"RequiredResourceAccess\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem2",
+        "o365.audit.ExtendedProperties.targetObjectId": "33cdc459-1335-4d6c-b773-f5eef4df7793",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "689aaff0-b34f-4077-9244-0563b9f9c03b",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "AppId, AvailableToOtherTenants, DisplayName, RequiredResourceAccess",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ObjectId": "Not Available",
+        "o365.audit.Operation": "Add application.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793",
+                "Type": 2
+            },
+            {
+                "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793",
+                "Type": 2
+            },
+            {
+                "ID": "Application",
+                "Type": 2
+            },
+            {
+                "ID": "siem2",
+                "Type": 1
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:36:30.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add application.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "689aaff0-b34f-4077-9244-0563b9f9c03b",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 329917,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:36:30",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "484659af-7387-4b77-b889-c4d2a8060004",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR521",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##9758fd77-23a7-4fdc-951a-f9200b1a4af9_00000000-0000-0000-0000-000000000000_9758fd77-23a7-4fdc-951a-f9200b1a4af9",
+        "o365.audit.ExtendedProperties.env_epoch": "SDA9U",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "41554400",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:36:30.6833528Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"AppId\",\"AvailableToOtherTenants\",\"DisplayName\",\"RequiredResourceAccess\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem2",
+        "o365.audit.ExtendedProperties.targetObjectId": "33cdc459-1335-4d6c-b773-f5eef4df7793",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "689aaff0-b34f-4077-9244-0563b9f9c03b",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "AppId, AvailableToOtherTenants, DisplayName, RequiredResourceAccess",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ObjectId": "Not Available",
+        "o365.audit.Operation": "Add application.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793",
+                "Type": 2
+            },
+            {
+                "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793",
+                "Type": 2
+            },
+            {
+                "ID": "Application",
+                "Type": 2
+            },
+            {
+                "ID": "siem2",
+                "Type": 1
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:36:30.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add owner to application.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "ccbe264f-f6bc-42bd-b5b6-2893ce2f465f",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 334310,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:36:30",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"33cdc459-1335-4d6c-b773-f5eef4df7793\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"Application\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "484659af-7387-4b77-b889-c4d2a8060004",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR521",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##9758fd77-23a7-4fdc-951a-f9200b1a4af9_00000000-0000-0000-0000-000000000000_9758fd77-23a7-4fdc-951a-f9200b1a4af9",
+        "o365.audit.ExtendedProperties.env_epoch": "SDA9U",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "41554439",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:36:30.7383513Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"Application.ObjectID\",\"Application.DisplayName\",\"Application.AppId\"]",
+        "o365.audit.ExtendedProperties.targetObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.targetPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.targetUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "ccbe264f-f6bc-42bd-b5b6-2893ce2f465f",
+        "o365.audit.ModifiedProperties.Application_AppId.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.Application_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.Application_DisplayName.NewValue": "siem2",
+        "o365.audit.ModifiedProperties.Application_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.Application_ObjectID.NewValue": "33cdc459-1335-4d6c-b773-f5eef4df7793",
+        "o365.audit.ModifiedProperties.Application_ObjectID.OldValue": "",
+        "o365.audit.ObjectId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.Operation": "Add owner to application.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:36:31.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "48403af8-b712-4e63-a999-686b631240ac",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 338473,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:36:31",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "381d015d-6660-4dce-af99-4cd8c3b61d4d",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR568",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##d409567a-16bf-49cb-a4c9-cb4608f62168_00000000-0000-0000-0000-000000000000_d409567a-16bf-49cb-a4c9-cb4608f62168",
+        "o365.audit.ExtendedProperties.env_epoch": "NNJOH",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "39121960",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:36:31.1327910Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"AccountEnabled\",\"AppPrincipalId\",\"DisplayName\",\"ServicePrincipalName\",\"Credential\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem2",
+        "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+        "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "48403af8-b712-4e63-a999-686b631240ac",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "AccountEnabled, AppPrincipalId, DisplayName, ServicePrincipalName, Credential",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.Operation": "Add service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "siem2",
+                "Type": 1
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 2
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:36:31.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "48403af8-b712-4e63-a999-686b631240ac",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 343183,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:36:31",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "381d015d-6660-4dce-af99-4cd8c3b61d4d",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR568",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##d409567a-16bf-49cb-a4c9-cb4608f62168_00000000-0000-0000-0000-000000000000_d409567a-16bf-49cb-a4c9-cb4608f62168",
+        "o365.audit.ExtendedProperties.env_epoch": "NNJOH",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "39121960",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:36:31.1327910Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"AccountEnabled\",\"AppPrincipalId\",\"DisplayName\",\"ServicePrincipalName\",\"Credential\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem2",
+        "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+        "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "48403af8-b712-4e63-a999-686b631240ac",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "AccountEnabled, AppPrincipalId, DisplayName, ServicePrincipalName, Credential",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.Operation": "Add service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "siem2",
+                "Type": 1
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 2
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:36:31.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "48403af8-b712-4e63-a999-686b631240ac",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 347893,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:36:31",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "381d015d-6660-4dce-af99-4cd8c3b61d4d",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR568",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##d409567a-16bf-49cb-a4c9-cb4608f62168_00000000-0000-0000-0000-000000000000_d409567a-16bf-49cb-a4c9-cb4608f62168",
+        "o365.audit.ExtendedProperties.env_epoch": "NNJOH",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "39121960",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:36:31.1327910Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"AccountEnabled\",\"AppPrincipalId\",\"DisplayName\",\"ServicePrincipalName\",\"Credential\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem2",
+        "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+        "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "48403af8-b712-4e63-a999-686b631240ac",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "AccountEnabled, AppPrincipalId, DisplayName, ServicePrincipalName, Credential",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.Operation": "Add service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "siem2",
+                "Type": 1
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 2
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:36:31.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "48403af8-b712-4e63-a999-686b631240ac",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 352603,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:36:31",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "381d015d-6660-4dce-af99-4cd8c3b61d4d",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR568",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##d409567a-16bf-49cb-a4c9-cb4608f62168_00000000-0000-0000-0000-000000000000_d409567a-16bf-49cb-a4c9-cb4608f62168",
+        "o365.audit.ExtendedProperties.env_epoch": "NNJOH",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "39121960",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:36:31.1327910Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"AccountEnabled\",\"AppPrincipalId\",\"DisplayName\",\"ServicePrincipalName\",\"Credential\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem2",
+        "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+        "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "48403af8-b712-4e63-a999-686b631240ac",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "AccountEnabled, AppPrincipalId, DisplayName, ServicePrincipalName, Credential",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.Operation": "Add service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "siem2",
+                "Type": 1
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 2
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:42:45.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Update application.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "aaa361ac-50e8-43f4-9aaf-c19c09e3e3bc",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 357313,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:42:45",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "531446ed-abd2-468f-96a8-a4dcc7b05168",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR559",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##51f1503a-20a3-43cd-b898-bea330e149be_00000000-0000-0000-0000-000000000000_51f1503a-20a3-43cd-b898-bea330e149be",
+        "o365.audit.ExtendedProperties.env_epoch": "VYXPT",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "45826392",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:42:45.0442303Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[]",
+        "o365.audit.ExtendedProperties.targetName": "siem2",
+        "o365.audit.ExtendedProperties.targetObjectId": "33cdc459-1335-4d6c-b773-f5eef4df7793",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "aaa361ac-50e8-43f4-9aaf-c19c09e3e3bc",
+        "o365.audit.ObjectId": "Not Available",
+        "o365.audit.Operation": "Update application.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793",
+                "Type": 2
+            },
+            {
+                "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793",
+                "Type": 2
+            },
+            {
+                "ID": "Application",
+                "Type": 2
+            },
+            {
+                "ID": "siem2",
+                "Type": 1
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:42:45.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Update application \u2013 Certificates and secrets management ",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "20a82fa1-625b-491a-a3e8-54d779a9b17e",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 360775,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:42:45",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "531446ed-abd2-468f-96a8-a4dcc7b05168",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR559",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##51f1503a-20a3-43cd-b898-bea330e149be_00000000-0000-0000-0000-000000000000_51f1503a-20a3-43cd-b898-bea330e149be",
+        "o365.audit.ExtendedProperties.env_epoch": "VYXPT",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "45826385",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:42:45.0442303Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"KeyDescription\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem2",
+        "o365.audit.ExtendedProperties.targetObjectId": "33cdc459-1335-4d6c-b773-f5eef4df7793",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "20a82fa1-625b-491a-a3e8-54d779a9b17e",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "KeyDescription",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ObjectId": "Not Available",
+        "o365.audit.Operation": "Update application \u2013 Certificates and secrets management ",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793",
+                "Type": 2
+            },
+            {
+                "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793",
+                "Type": 2
+            },
+            {
+                "ID": "Application",
+                "Type": 2
+            },
+            {
+                "ID": "siem2",
+                "Type": 1
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:42:45.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Update application \u2013 Certificates and secrets management ",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "20a82fa1-625b-491a-a3e8-54d779a9b17e",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 364657,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:42:45",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "531446ed-abd2-468f-96a8-a4dcc7b05168",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR559",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##51f1503a-20a3-43cd-b898-bea330e149be_00000000-0000-0000-0000-000000000000_51f1503a-20a3-43cd-b898-bea330e149be",
+        "o365.audit.ExtendedProperties.env_epoch": "VYXPT",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "45826385",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:42:45.0442303Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"KeyDescription\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem2",
+        "o365.audit.ExtendedProperties.targetObjectId": "33cdc459-1335-4d6c-b773-f5eef4df7793",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "20a82fa1-625b-491a-a3e8-54d779a9b17e",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "KeyDescription",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ObjectId": "Not Available",
+        "o365.audit.Operation": "Update application \u2013 Certificates and secrets management ",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793",
+                "Type": 2
+            },
+            {
+                "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793",
+                "Type": 2
+            },
+            {
+                "ID": "Application",
+                "Type": 2
+            },
+            {
+                "ID": "siem2",
+                "Type": 1
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:42:45.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Update service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "15adbe69-7974-41ec-8341-208456600ad3",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 368539,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:42:45",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "531446ed-abd2-468f-96a8-a4dcc7b05168",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR559",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##51f1503a-20a3-43cd-b898-bea330e149be_00000000-0000-0000-0000-000000000000_51f1503a-20a3-43cd-b898-bea330e149be",
+        "o365.audit.ExtendedProperties.env_epoch": "VYXPT",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "45826464",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:42:45.1042022Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem2",
+        "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+        "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "15adbe69-7974-41ec-8341-208456600ad3",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.Operation": "Update service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "siem2",
+                "Type": 1
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 2
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:42:45.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Update service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "15adbe69-7974-41ec-8341-208456600ad3",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 372452,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:42:45",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "531446ed-abd2-468f-96a8-a4dcc7b05168",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR559",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##51f1503a-20a3-43cd-b898-bea330e149be_00000000-0000-0000-0000-000000000000_51f1503a-20a3-43cd-b898-bea330e149be",
+        "o365.audit.ExtendedProperties.env_epoch": "VYXPT",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "45826464",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:42:45.1042022Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem2",
+        "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+        "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "15adbe69-7974-41ec-8341-208456600ad3",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.Operation": "Update service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "siem2",
+                "Type": 1
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 2
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:42:45.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Update service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "15adbe69-7974-41ec-8341-208456600ad3",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 376365,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:42:45",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "531446ed-abd2-468f-96a8-a4dcc7b05168",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR559",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##51f1503a-20a3-43cd-b898-bea330e149be_00000000-0000-0000-0000-000000000000_51f1503a-20a3-43cd-b898-bea330e149be",
+        "o365.audit.ExtendedProperties.env_epoch": "VYXPT",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "45826464",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:42:45.1042022Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem2",
+        "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+        "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "15adbe69-7974-41ec-8341-208456600ad3",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.Operation": "Update service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "siem2",
+                "Type": 1
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 2
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:45:37.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Update application.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "d23b201c-5436-4ecc-a789-18d3f00ea76c",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 380278,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:45:37",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "811fd012-35a6-4a0c-abce-79fb08b9ab6c",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##ad2523c5-ea21-4329-8c31-ccbd1af8c337_00000000-0000-0000-0000-000000000000_ad2523c5-ea21-4329-8c31-ccbd1af8c337",
+        "o365.audit.ExtendedProperties.env_epoch": "748B6",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "34620418",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:37.2045249Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"RequiredResourceAccess\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem2",
+        "o365.audit.ExtendedProperties.targetObjectId": "33cdc459-1335-4d6c-b773-f5eef4df7793",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "d23b201c-5436-4ecc-a789-18d3f00ea76c",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "RequiredResourceAccess",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ObjectId": "Not Available",
+        "o365.audit.Operation": "Update application.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793",
+                "Type": 2
+            },
+            {
+                "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793",
+                "Type": 2
+            },
+            {
+                "ID": "Application",
+                "Type": 2
+            },
+            {
+                "ID": "siem2",
+                "Type": 1
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:45:37.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Update application.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "d23b201c-5436-4ecc-a789-18d3f00ea76c",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 385372,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:45:37",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "811fd012-35a6-4a0c-abce-79fb08b9ab6c",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##ad2523c5-ea21-4329-8c31-ccbd1af8c337_00000000-0000-0000-0000-000000000000_ad2523c5-ea21-4329-8c31-ccbd1af8c337",
+        "o365.audit.ExtendedProperties.env_epoch": "748B6",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "34620418",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:37.2045249Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"RequiredResourceAccess\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem2",
+        "o365.audit.ExtendedProperties.targetObjectId": "33cdc459-1335-4d6c-b773-f5eef4df7793",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "d23b201c-5436-4ecc-a789-18d3f00ea76c",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "RequiredResourceAccess",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ObjectId": "Not Available",
+        "o365.audit.Operation": "Update application.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793",
+                "Type": 2
+            },
+            {
+                "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793",
+                "Type": 2
+            },
+            {
+                "ID": "Application",
+                "Type": 2
+            },
+            {
+                "ID": "siem2",
+                "Type": 1
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:45:37.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Update application.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "d23b201c-5436-4ecc-a789-18d3f00ea76c",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 390466,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:45:37",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "811fd012-35a6-4a0c-abce-79fb08b9ab6c",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##ad2523c5-ea21-4329-8c31-ccbd1af8c337_00000000-0000-0000-0000-000000000000_ad2523c5-ea21-4329-8c31-ccbd1af8c337",
+        "o365.audit.ExtendedProperties.env_epoch": "748B6",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "34620418",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:37.2045249Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "Application",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"RequiredResourceAccess\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem2",
+        "o365.audit.ExtendedProperties.targetObjectId": "33cdc459-1335-4d6c-b773-f5eef4df7793",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "d23b201c-5436-4ecc-a789-18d3f00ea76c",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "RequiredResourceAccess",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ObjectId": "Not Available",
+        "o365.audit.Operation": "Update application.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Application_33cdc459-1335-4d6c-b773-f5eef4df7793",
+                "Type": 2
+            },
+            {
+                "ID": "33cdc459-1335-4d6c-b773-f5eef4df7793",
+                "Type": 2
+            },
+            {
+                "ID": "Application",
+                "Type": 2
+            },
+            {
+                "ID": "siem2",
+                "Type": 1
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:45:37.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Update service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "99a3d3e3-e4f6-4de7-96e0-6333564e1b25",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 395560,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:45:37",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "811fd012-35a6-4a0c-abce-79fb08b9ab6c",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##ad2523c5-ea21-4329-8c31-ccbd1af8c337_00000000-0000-0000-0000-000000000000_ad2523c5-ea21-4329-8c31-ccbd1af8c337",
+        "o365.audit.ExtendedProperties.env_epoch": "748B6",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "34620448",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:37.2595378Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem2",
+        "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+        "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "99a3d3e3-e4f6-4de7-96e0-6333564e1b25",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.Operation": "Update service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "siem2",
+                "Type": 1
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 2
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:45:37.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Update service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "99a3d3e3-e4f6-4de7-96e0-6333564e1b25",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 399473,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:45:37",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "811fd012-35a6-4a0c-abce-79fb08b9ab6c",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##ad2523c5-ea21-4329-8c31-ccbd1af8c337_00000000-0000-0000-0000-000000000000_ad2523c5-ea21-4329-8c31-ccbd1af8c337",
+        "o365.audit.ExtendedProperties.env_epoch": "748B6",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "34620448",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:37.2595378Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem2",
+        "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+        "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "99a3d3e3-e4f6-4de7-96e0-6333564e1b25",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.Operation": "Update service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "siem2",
+                "Type": 1
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 2
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:45:37.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Update service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "99a3d3e3-e4f6-4de7-96e0-6333564e1b25",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 403386,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:45:37",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "811fd012-35a6-4a0c-abce-79fb08b9ab6c",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##ad2523c5-ea21-4329-8c31-ccbd1af8c337_00000000-0000-0000-0000-000000000000_ad2523c5-ea21-4329-8c31-ccbd1af8c337",
+        "o365.audit.ExtendedProperties.env_epoch": "748B6",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "34620448",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:37.2595378Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem2",
+        "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+        "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "99a3d3e3-e4f6-4de7-96e0-6333564e1b25",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue": "",
+        "o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.Operation": "Update service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "siem2",
+                "Type": 1
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 2
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:45:41.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add app role assignment to service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "256e3859-87ca-4b23-b2c0-45a26ccd7925",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 407299,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:45:41",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e",
+        "o365.audit.ExtendedProperties.env_epoch": "748B6",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "34622707",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:41.8071361Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "256e3859-87ca-4b23-b2c0-45a26ccd7925",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem2",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add app role assignment to service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:45:41.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add app role assignment to service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "411fc666-cabf-4cb0-b8a3-e5a2cc515b79",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 412451,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:45:41",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e",
+        "o365.audit.ExtendedProperties.env_epoch": "748B6",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "34622751",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:41.8821342Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "411fc666-cabf-4cb0-b8a3-e5a2cc515b79",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem2",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add app role assignment to service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:45:41.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add app role assignment to service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "a4a12952-3467-4d48-9950-48b4b9ac87b3",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 417603,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:45:41",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e",
+        "o365.audit.ExtendedProperties.env_epoch": "748B6",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "34622781",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:41.9571526Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "a4a12952-3467-4d48-9950-48b4b9ac87b3",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem2",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add app role assignment to service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:45:41.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add app role assignment to service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "411fc666-cabf-4cb0-b8a3-e5a2cc515b79",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 422755,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:45:41",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e",
+        "o365.audit.ExtendedProperties.env_epoch": "748B6",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "34622751",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:41.8821342Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "411fc666-cabf-4cb0-b8a3-e5a2cc515b79",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem2",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add app role assignment to service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:45:41.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add app role assignment to service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "a4a12952-3467-4d48-9950-48b4b9ac87b3",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 427907,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:45:41",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e",
+        "o365.audit.ExtendedProperties.env_epoch": "748B6",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "34622781",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:41.9571526Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "a4a12952-3467-4d48-9950-48b4b9ac87b3",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem2",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add app role assignment to service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:45:41.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add app role assignment to service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "411fc666-cabf-4cb0-b8a3-e5a2cc515b79",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 433059,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:45:41",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e",
+        "o365.audit.ExtendedProperties.env_epoch": "748B6",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "34622751",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:41.8821342Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "411fc666-cabf-4cb0-b8a3-e5a2cc515b79",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem2",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add app role assignment to service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:45:41.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add app role assignment to service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "256e3859-87ca-4b23-b2c0-45a26ccd7925",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 438211,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:45:41",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e",
+        "o365.audit.ExtendedProperties.env_epoch": "748B6",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "34622707",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:41.8071361Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "256e3859-87ca-4b23-b2c0-45a26ccd7925",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem2",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add app role assignment to service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:45:41.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add app role assignment to service principal.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "a4a12952-3467-4d48-9950-48b4b9ac87b3",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 443363,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:45:41",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":\"siem2\",\"ObjectClass\":\"ServicePrincipal\",\"AppId\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\",\"Name\":\"7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e",
+        "o365.audit.ExtendedProperties.env_epoch": "748B6",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "34622781",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:41.9571526Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Office 365 Management APIs",
+        "o365.audit.ExtendedProperties.targetObjectId": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+        "o365.audit.ExtendedProperties.targetSPN": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "a4a12952-3467-4d48-9950-48b4b9ac87b3",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "siem2",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+        "o365.audit.Operation": "Add app role assignment to service principal.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "efe101d0-818a-4f19-b2f8-53186f8218ad",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Office 365 Management APIs",
+                "Type": 1
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                "Type": 2
+            },
+            {
+                "ID": "c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:45:42.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add OAuth2PermissionGrant.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "db3ce560-1c2f-4c85-b305-55ad6476250f",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 448515,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:45:42",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e",
+        "o365.audit.ExtendedProperties.env_epoch": "748B6",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "34622817",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:42.0571467Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Microsoft Graph",
+        "o365.audit.ExtendedProperties.targetObjectId": "98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+        "o365.audit.ExtendedProperties.targetSPN": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "db3ce560-1c2f-4c85-b305-55ad6476250f",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.Operation": "Add OAuth2PermissionGrant.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+                "Type": 2
+            },
+            {
+                "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Microsoft Graph",
+                "Type": 1
+            },
+            {
+                "ID": "00000003-0000-0000-c000-000000000000",
+                "Type": 2
+            },
+            {
+                "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:45:42.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add OAuth2PermissionGrant.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "db3ce560-1c2f-4c85-b305-55ad6476250f",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 453904,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:45:42",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e",
+        "o365.audit.ExtendedProperties.env_epoch": "748B6",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "34622817",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:42.0571467Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Microsoft Graph",
+        "o365.audit.ExtendedProperties.targetObjectId": "98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+        "o365.audit.ExtendedProperties.targetSPN": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "db3ce560-1c2f-4c85-b305-55ad6476250f",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.Operation": "Add OAuth2PermissionGrant.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+                "Type": 2
+            },
+            {
+                "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Microsoft Graph",
+                "Type": 1
+            },
+            {
+                "ID": "00000003-0000-0000-c000-000000000000",
+                "Type": 2
+            },
+            {
+                "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:45:42.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add OAuth2PermissionGrant.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "db3ce560-1c2f-4c85-b305-55ad6476250f",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 459293,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:45:42",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"fb91e9f0-9485-4a68-89e9-a164d20ae855\",\"DisplayName\":null,\"ObjectClass\":\"ServicePrincipal\",\"AppId\":null,\"Name\":null}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e",
+        "o365.audit.ExtendedProperties.env_epoch": "748B6",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "34622817",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:42.0571467Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ServicePrincipal.ObjectID\",\"ServicePrincipal.DisplayName\",\"ServicePrincipal.AppId\",\"ServicePrincipal.Name\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "Microsoft Graph",
+        "o365.audit.ExtendedProperties.targetObjectId": "98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+        "o365.audit.ExtendedProperties.targetSPN": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "db3ce560-1c2f-4c85-b305-55ad6476250f",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_AppId.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_DisplayName.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.NewValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_Name.OldValue": "",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.NewValue": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+        "o365.audit.ModifiedProperties.ServicePrincipal_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+        "o365.audit.Operation": "Add OAuth2PermissionGrant.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+                "Type": 2
+            },
+            {
+                "ID": "98528ef9-e89b-469a-b19b-fa8e72a00fa6",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "Microsoft Graph",
+                "Type": 1
+            },
+            {
+                "ID": "00000003-0000-0000-c000-000000000000",
+                "Type": 2
+            },
+            {
+                "ID": "00000003-0000-0000-c000-000000000000/ags.windows.net;00000003-0000-0000-c000-000000000000;https://canary.graph.microsoft.com;https://graph.microsoft.com;https://ags.windows.net;https://graph.microsoft.us;https://graph.microsoft.com/;https://dod-graph.microsoft.us",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:45:42.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Consent to application.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "24524679-8930-4afd-83b8-2dc70aa0a016",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 464682,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:45:42",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e",
+        "o365.audit.ExtendedProperties.env_epoch": "748B6",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "34622848",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:42.1421458Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem2",
+        "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+        "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "24524679-8930-4afd-83b8-2dc70aa0a016",
+        "o365.audit.ModifiedProperties.ConsentAction_Permissions.NewValue": "[] => [[Id: 8OmR-4WUaEqJ6aFk0groVfmOUpib6JpGsZv6jnKgD6Y, ClientId: fb91e9f0-9485-4a68-89e9-a164d20ae855, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; ",
+        "o365.audit.ModifiedProperties.ConsentAction_Permissions.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.NewValue": "True",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.NewValue": "False",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.NewValue": "True",
+        "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_Tags.NewValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_Tags.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.Operation": "Consent to application.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "siem2",
+                "Type": 1
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 2
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:45:42.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Consent to application.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "24524679-8930-4afd-83b8-2dc70aa0a016",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 469256,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:45:42",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e",
+        "o365.audit.ExtendedProperties.env_epoch": "748B6",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "34622848",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:42.1421458Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem2",
+        "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+        "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "24524679-8930-4afd-83b8-2dc70aa0a016",
+        "o365.audit.ModifiedProperties.ConsentAction_Permissions.NewValue": "[] => [[Id: 8OmR-4WUaEqJ6aFk0groVfmOUpib6JpGsZv6jnKgD6Y, ClientId: fb91e9f0-9485-4a68-89e9-a164d20ae855, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; ",
+        "o365.audit.ModifiedProperties.ConsentAction_Permissions.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.NewValue": "True",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.NewValue": "False",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.NewValue": "True",
+        "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_Tags.NewValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_Tags.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.Operation": "Consent to application.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "siem2",
+                "Type": 1
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 2
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:45:42.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Consent to application.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "24524679-8930-4afd-83b8-2dc70aa0a016",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 473830,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:45:42",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.auditEventCategory": "ApplicationManagement",
+        "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e",
+        "o365.audit.ExtendedProperties.env_epoch": "748B6",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "34622848",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:42.1421458Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "ServicePrincipal",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"ConsentContext.IsAdminConsent\",\"ConsentContext.IsAppOnly\",\"ConsentContext.OnBehalfOfAll\",\"ConsentContext.Tags\",\"ConsentAction.Permissions\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem2",
+        "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+        "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "24524679-8930-4afd-83b8-2dc70aa0a016",
+        "o365.audit.ModifiedProperties.ConsentAction_Permissions.NewValue": "[] => [[Id: 8OmR-4WUaEqJ6aFk0groVfmOUpib6JpGsZv6jnKgD6Y, ClientId: fb91e9f0-9485-4a68-89e9-a164d20ae855, PrincipalId: , ResourceId: 98528ef9-e89b-469a-b19b-fa8e72a00fa6, ConsentType: AllPrincipals, Scope: User.Read]]; ",
+        "o365.audit.ModifiedProperties.ConsentAction_Permissions.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.NewValue": "True",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAdminConsent.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.NewValue": "False",
+        "o365.audit.ModifiedProperties.ConsentContext_IsAppOnly.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.NewValue": "True",
+        "o365.audit.ModifiedProperties.ConsentContext_OnBehalfOfAll.OldValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_Tags.NewValue": "",
+        "o365.audit.ModifiedProperties.ConsentContext_Tags.OldValue": "",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.Operation": "Consent to application.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "siem2",
+                "Type": 1
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 2
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:45:42.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add app role assignment grant to user.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "fb84e87b-9a45-49bf-91d8-30f3880ca99d",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 478404,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:45:42",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"755e500a-6c03-46b0-b53b-282f23374e3b\",\"ObjectClass\":\"User\",\"UPN\":\"asr@testsiem.onmicrosoft.com\",\"PUID\":\"1003200096971F55\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "UserManagement",
+        "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e",
+        "o365.audit.ExtendedProperties.env_epoch": "748B6",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "34622843",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:42.1421458Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "User",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"User.ObjectID\",\"User.UPN\",\"User.PUID\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem2",
+        "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+        "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "fb84e87b-9a45-49bf-91d8-30f3880ca99d",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ModifiedProperties.User_ObjectID.NewValue": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ModifiedProperties.User_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.User_PUID.NewValue": "1003200096971F55",
+        "o365.audit.ModifiedProperties.User_PUID.OldValue": "",
+        "o365.audit.ModifiedProperties.User_UPN.NewValue": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ModifiedProperties.User_UPN.OldValue": "",
+        "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.Operation": "Add app role assignment grant to user.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "siem2",
+                "Type": 1
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 2
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:45:42.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add app role assignment grant to user.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "fb84e87b-9a45-49bf-91d8-30f3880ca99d",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 482728,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:45:42",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"755e500a-6c03-46b0-b53b-282f23374e3b\",\"ObjectClass\":\"User\",\"UPN\":\"asr@testsiem.onmicrosoft.com\",\"PUID\":\"1003200096971F55\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "UserManagement",
+        "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e",
+        "o365.audit.ExtendedProperties.env_epoch": "748B6",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "34622843",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:42.1421458Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "User",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"User.ObjectID\",\"User.UPN\",\"User.PUID\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem2",
+        "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+        "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "fb84e87b-9a45-49bf-91d8-30f3880ca99d",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ModifiedProperties.User_ObjectID.NewValue": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ModifiedProperties.User_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.User_PUID.NewValue": "1003200096971F55",
+        "o365.audit.ModifiedProperties.User_PUID.OldValue": "",
+        "o365.audit.ModifiedProperties.User_UPN.NewValue": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ModifiedProperties.User_UPN.OldValue": "",
+        "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.Operation": "Add app role assignment grant to user.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "siem2",
+                "Type": 1
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 2
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-11T16:45:42.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "Add app role assignment grant to user.",
+        "event.category": "web",
+        "event.code": "AzureActiveDirectory",
+        "event.dataset": "o365.audit",
+        "event.id": "fb84e87b-9a45-49bf-91d8-30f3880ca99d",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 487052,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            },
+            {
+                "ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+                "Type": 2
+            },
+            {
+                "ID": "User_755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 2
+            },
+            {
+                "ID": "User",
+                "Type": 2
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:45:42",
+        "o365.audit.ExtendedProperties.actorAppID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e",
+        "o365.audit.ExtendedProperties.actorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.actorObjectClass": "User",
+        "o365.audit.ExtendedProperties.actorObjectId": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ExtendedProperties.actorPUID": "1003200096971F55",
+        "o365.audit.ExtendedProperties.actorUPN": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ExtendedProperties.additionalDetails": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0\"}",
+        "o365.audit.ExtendedProperties.additionalTargets": "[{\"ObjectID\":\"755e500a-6c03-46b0-b53b-282f23374e3b\",\"ObjectClass\":\"User\",\"UPN\":\"asr@testsiem.onmicrosoft.com\",\"PUID\":\"1003200096971F55\"}]",
+        "o365.audit.ExtendedProperties.auditEventCategory": "UserManagement",
+        "o365.audit.ExtendedProperties.correlationId": "1e80f57e-764e-4c42-bead-7ccf998fe780",
+        "o365.audit.ExtendedProperties.env_appId": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_appVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_deploymentUnit": "R5",
+        "o365.audit.ExtendedProperties.env_cloud_environment": "PROD",
+        "o365.audit.ExtendedProperties.env_cloud_name": "MSO-AM5R",
+        "o365.audit.ExtendedProperties.env_cloud_role": "restdirectoryservice",
+        "o365.audit.ExtendedProperties.env_cloud_roleInstance": "AM5RRDSR571",
+        "o365.audit.ExtendedProperties.env_cloud_roleVer": "1.0.11737.0",
+        "o365.audit.ExtendedProperties.env_cloud_ver": "1.0",
+        "o365.audit.ExtendedProperties.env_cv": "##66bd1840-878d-4dd1-aa64-c618c53aff2e_00000000-0000-0000-0000-000000000000_66bd1840-878d-4dd1-aa64-c618c53aff2e",
+        "o365.audit.ExtendedProperties.env_epoch": "748B6",
+        "o365.audit.ExtendedProperties.env_flags": "257",
+        "o365.audit.ExtendedProperties.env_iKey": "ikey",
+        "o365.audit.ExtendedProperties.env_name": "#Ifx.AuditSchema#IfxMsods.AuditCommonEvent",
+        "o365.audit.ExtendedProperties.env_os": "<null>",
+        "o365.audit.ExtendedProperties.env_osVer": "<null>",
+        "o365.audit.ExtendedProperties.env_popSample": "0",
+        "o365.audit.ExtendedProperties.env_seqNum": "34622843",
+        "o365.audit.ExtendedProperties.env_time": "2020-02-11T16:45:42.1421458Z",
+        "o365.audit.ExtendedProperties.env_ver": "2.1",
+        "o365.audit.ExtendedProperties.extendedAuditEventCategory": "User",
+        "o365.audit.ExtendedProperties.nCloud": "<null>",
+        "o365.audit.ExtendedProperties.resultType": "Success",
+        "o365.audit.ExtendedProperties.targetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ExtendedProperties.targetIncludedUpdatedProperties": "[\"User.ObjectID\",\"User.UPN\",\"User.PUID\",\"TargetId.ServicePrincipalNames\"]",
+        "o365.audit.ExtendedProperties.targetName": "siem2",
+        "o365.audit.ExtendedProperties.targetObjectId": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+        "o365.audit.ExtendedProperties.targetSPN": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ExtendedProperties.teamName": "MSODS.",
+        "o365.audit.ExtendedProperties.version": "2",
+        "o365.audit.Id": "fb84e87b-9a45-49bf-91d8-30f3880ca99d",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.NewValue": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.ModifiedProperties.TargetId_ServicePrincipalNames.OldValue": "",
+        "o365.audit.ModifiedProperties.User_ObjectID.NewValue": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.ModifiedProperties.User_ObjectID.OldValue": "",
+        "o365.audit.ModifiedProperties.User_PUID.NewValue": "1003200096971F55",
+        "o365.audit.ModifiedProperties.User_PUID.OldValue": "",
+        "o365.audit.ModifiedProperties.User_UPN.NewValue": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.ModifiedProperties.User_UPN.OldValue": "",
+        "o365.audit.ObjectId": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+        "o365.audit.Operation": "Add app role assignment grant to user.",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 8,
+        "o365.audit.ResultStatus": "Success",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "ServicePrincipal_fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "fb91e9f0-9485-4a68-89e9-a164d20ae855",
+                "Type": 2
+            },
+            {
+                "ID": "ServicePrincipal",
+                "Type": 2
+            },
+            {
+                "ID": "siem2",
+                "Type": 1
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 2
+            },
+            {
+                "ID": "7d74cd19-0dc4-4e59-a2d7-ba6fdb44ac40",
+                "Type": 4
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/o365/audit/test/11-dlp-sharepoint.log b/x-pack/filebeat/module/o365/audit/test/11-dlp-sharepoint.log
new file mode 100644
index 00000000000..ee5223f953d
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/test/11-dlp-sharepoint.log
@@ -0,0 +1,7 @@
+{"Workload": "OneDrive", "SensitiveInfoDetectionIsIncluded": false, "ObjectId": "9cc7be1c-dd5a-4895-b7cb-757de6d51b42", "OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", "UserId": "DlpPolicyEventBasedAssistantOneDriveForBusiness", "CreationTime": "2020-02-25T16:20:15", "UserType": 4, "Version": 1, "PolicyDetails": [{"Rules": [{"Severity": "Low", "RuleId": "c5981414-9f1f-4275-a2df-2fbfb1d03795", "ConditionsMatched": {"SensitiveInformation": [{"Count": 1, "Confidence": 75, "SensitiveType": "cb353f78-2b72-4c3c-8827-92ebe4f69fdf"}]}, "Actions": ["NotifyUser"], "RuleName": "Low volume of content detected U.S. Financial", "ActionParameters": [], "RuleMode": "Enable"}], "PolicyName": "U.S. Financial Data", "PolicyId": "a15b4790-085f-43c1-90ad-853b16cedeec"}], "SharePointMetaData": {"From": "ASR@TESTSIEM2.ONMICROSOFT.COM", "FilePathUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/Customers%20Financial%20Data.docx", "ItemLastModifiedTime": "2020-02-25T16:19:43", "ItemCreationTime": "2020-02-25T15:22:49", "FileName": "Customers Financial Data.docx", "SiteCollectionGuid": "eae3edad-a192-43a9-b317-98d7ea5e3939", "UniqueID": "9cc7be1c-dd5a-4895-b7cb-757de6d51b42", "FileOwner": "Alan Smithee", "SiteCollectionUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com"}, "UserKey": "DlpPolicyEventBasedAssistantOneDriveForBusiness", "Operation": "DLPRuleMatch", "IncidentId": "3066c3c5-eb56-dd03-b000-08d7ba115afd", "Id": "a21f13b9-22b6-405b-bf9e-a07ad8d456da", "RecordType": 11}
+{"Workload": "OneDrive", "SensitiveInfoDetectionIsIncluded": false, "ObjectId": "856386d5-c9cd-46e9-b53b-fd01ed590b68", "OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", "UserId": "DlpPolicyEventBasedAssistantOneDriveForBusiness", "CreationTime": "2020-02-25T16:23:39", "UserType": 4, "Version": 1, "PolicyDetails": [{"Rules": [{"Severity": "High", "RuleId": "7503b92a-67c2-494b-8a46-57ef0d738886", "ConditionsMatched": {"SensitiveInformation": [{"Count": 12, "Confidence": 85, "SensitiveType": "50842eb7-edc8-4019-85dd-5a5c1f2bb085"}, {"Count": 1, "Confidence": 75, "SensitiveType": "cb353f78-2b72-4c3c-8827-92ebe4f69fdf"}]}, "Actions": ["BlockAccess", "NotifyUser", "GenerateIncidentReport"], "RuleName": "High volume of content detected U.S. Financial", "ActionParameters": ["GenerateIncidentReport:SiteAdmin"], "RuleMode": "Enable"}], "PolicyName": "U.S. Financial Data", "PolicyId": "a15b4790-085f-43c1-90ad-853b16cedeec"}], "SharePointMetaData": {"From": "ASR@TESTSIEM2.ONMICROSOFT.COM", "FilePathUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/Customers%20Financial%20Data%20Copy.docx", "ItemLastModifiedTime": "2020-02-25T16:21:44", "SiteCollectionUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com", "ItemCreationTime": "2020-02-25T16:21:50", "FileName": "Customers Financial Data Copy.docx", "SiteCollectionGuid": "eae3edad-a192-43a9-b317-98d7ea5e3939", "UniqueID": "856386d5-c9cd-46e9-b53b-fd01ed590b68", "FileOwner": "Alan Smithee"}, "UserKey": "DlpPolicyEventBasedAssistantOneDriveForBusiness", "Operation": "DLPRuleMatch", "IncidentId": "eeeb7b44-fc69-c19f-b000-08d7ba115afd", "Id": "eb8259c8-d2c2-449d-bd35-5c8a033eb629", "RecordType": 11}
+{"Workload": "OneDrive", "RecordType": 11, "ObjectId": "856386d5-c9cd-46e9-b53b-fd01ed590b68", "OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", "UserId": "DlpPolicyEventBasedAssistantOneDriveForBusiness", "CreationTime": "2020-02-25T16:23:39", "UserType": 4, "Version": 1, "PolicyDetails": [{"Rules": [{"Severity": "Low", "RuleId": "c5981414-9f1f-4275-a2df-2fbfb1d03795", "ConditionsMatched": {"SensitiveInformation": [{"Count": 12, "Confidence": 85, "SensitiveType": "50842eb7-edc8-4019-85dd-5a5c1f2bb085"}, {"Count": 1, "Confidence": 75, "SensitiveType": "cb353f78-2b72-4c3c-8827-92ebe4f69fdf"}]}, "Actions": ["NotifyUser"], "RuleName": "Low volume of content detected U.S. Financial", "ActionParameters": [], "RuleMode": "Enable"}], "PolicyName": "U.S. Financial Data", "PolicyId": "a15b4790-085f-43c1-90ad-853b16cedeec"}], "SharePointMetaData": {"From": "ASR@TESTSIEM2.ONMICROSOFT.COM", "FilePathUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/Customers%20Financial%20Data%20Copy.docx", "ItemLastModifiedTime": "2020-02-25T16:21:44", "ItemCreationTime": "2020-02-25T16:21:50", "FileName": "Customers Financial Data Copy.docx", "SiteCollectionGuid": "eae3edad-a192-43a9-b317-98d7ea5e3939", "UniqueID": "856386d5-c9cd-46e9-b53b-fd01ed590b68", "FileOwner": "Alan Smithee", "SiteCollectionUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com"}, "UserKey": "DlpPolicyEventBasedAssistantOneDriveForBusiness", "Operation": "DLPRuleMatch", "IncidentId": "eeeb7b44-fc69-c19f-b000-08d7ba115afd", "Id": "50a90c83-7e15-4679-8778-d9dd30927e66", "SensitiveInfoDetectionIsIncluded": false}
+{"Workload": "OneDrive", "RecordType": 11, "ObjectId": "9cc7be1c-dd5a-4895-b7cb-757de6d51b42", "OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", "CreationTime": "2020-02-25T16:22:22", "UserId": "DlpPolicyEventBasedAssistantOneDriveForBusiness", "UserType": 4, "Version": 1, "PolicyDetails": [{"Rules": [{"Severity": "High", "RuleId": "7503b92a-67c2-494b-8a46-57ef0d738886", "ConditionsMatched": {"SensitiveInformation": [{"Count": 12, "Confidence": 85, "SensitiveType": "50842eb7-edc8-4019-85dd-5a5c1f2bb085"}, {"Count": 1, "Confidence": 75, "SensitiveType": "cb353f78-2b72-4c3c-8827-92ebe4f69fdf"}]}, "Actions": ["BlockAccess", "NotifyUser", "GenerateIncidentReport"], "RuleName": "High volume of content detected U.S. Financial", "ActionParameters": ["GenerateIncidentReport:SiteAdmin"], "RuleMode": "Enable"}], "PolicyName": "U.S. Financial Data", "PolicyId": "a15b4790-085f-43c1-90ad-853b16cedeec"}], "SharePointMetaData": {"From": "ASR@TESTSIEM2.ONMICROSOFT.COM", "FilePathUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/Customers%20Financial%20Data.docx", "ItemLastModifiedTime": "2020-02-25T16:21:44", "ItemCreationTime": "2020-02-25T15:22:49", "SiteCollectionUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com", "SiteCollectionGuid": "eae3edad-a192-43a9-b317-98d7ea5e3939", "UniqueID": "9cc7be1c-dd5a-4895-b7cb-757de6d51b42", "FileOwner": "Alan Smithee", "FileName": "Customers Financial Data.docx"}, "UserKey": "DlpPolicyEventBasedAssistantOneDriveForBusiness", "Operation": "DLPRuleMatch", "IncidentId": "3066c3c5-eb56-dd03-b000-08d7ba115afd", "Id": "59652f9a-087c-4b65-b88c-b293ade34202", "SensitiveInfoDetectionIsIncluded": false}
+{"Workload": "OneDrive", "RecordType": 11, "ObjectId": "f026407b-090a-4c15-99b5-09851842d96d", "OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", "UserId": "DlpPolicyEventBasedAssistantOneDriveForBusiness", "CreationTime": "2020-02-26T10:13:48", "UserType": 4, "Version": 1, "PolicyDetails": [{"Rules": [{"Severity": "High", "RuleId": "bc4d376f-b038-4695-9362-609d32f963cf", "ConditionsMatched": {"SensitiveInformation": [{"Count": 42, "Confidence": 85, "SensitiveType": "50842eb7-edc8-4019-85dd-5a5c1f2bb085"}, {"Count": 23, "Confidence": 85, "SensitiveType": "0e9b3178-9678-47dd-a509-37222ca96b42"}]}, "Actions": ["BlockAccess", "NotifyUser", "GenerateIncidentReport"], "RuleName": "High volume of content detected France Financial", "ActionParameters": ["GenerateIncidentReport:SiteAdmin"], "RuleMode": "Enable"}], "PolicyName": "Financial Data Detection", "PolicyId": "08745d02-5d45-48bd-98e1-8199ab1efdbe"}], "SharePointMetaData": {"From": "ASR@TESTSIEM2.ONMICROSOFT.COM", "FilePathUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/INTERNAL%20CREDIT%20CARD%20NUMBERS.docx", "ItemLastModifiedTime": "2020-02-26T09:46:23", "SiteCollectionUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com", "ItemCreationTime": "2020-02-26T09:44:40", "FileName": "INTERNAL CREDIT CARD NUMBERS.docx", "SiteCollectionGuid": "eae3edad-a192-43a9-b317-98d7ea5e3939", "UniqueID": "f026407b-090a-4c15-99b5-09851842d96d", "FileOwner": "Alan Smithee"}, "UserKey": "DlpPolicyEventBasedAssistantOneDriveForBusiness", "Operation": "DLPRuleMatch", "IncidentId": "f7295114-e601-f2b6-8800-08d7baa56f8b", "Id": "d69c6758-f210-43bd-bac1-563adef4b4cf", "SensitiveInfoDetectionIsIncluded": false}
+{"Workload": "SharePoint", "SensitiveInfoDetectionIsIncluded": false, "OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", "UserId": "DLPAgent", "CreationTime": "2020-02-26T12:39:40", "UserType": 4, "Version": 1, "PolicyDetails": [{"Rules": [{"Severity": "High", "RuleId": "121c85c3-b2b2-4d5b-af11-b1d1bc0b36fd", "RuleName": "Low volume of content detected France Financial", "Actions": ["NotifyUser", "GenerateAlert"], "ConditionsMatched": {"SensitiveInformation": [{"Count": 42, "Confidence": 85, "SensitiveType": "50842eb7-edc8-4019-85dd-5a5c1f2bb085"}, {"Count": 2, "Confidence": 85, "SensitiveType": "0e9b3178-9678-47dd-a509-37222ca96b42"}]}, "ActionParameters": ["GenerateAlert:asr@testsiem2.onmicrosoft.com"], "RuleMode": "Enable"}], "PolicyName": "Financial Data Detection", "PolicyId": "08745d02-5d45-48bd-98e1-8199ab1efdbe"}], "SharePointMetaData": {"From": "alice@testsiem2.onmicrosoft.com", "UniqueID": "3ace820e-9358-4520-9df6-5bd65602cef0", "FilePathUrl": "https://testsiem2.sharepoint.com/sites/Internalcommunications/Shared%20Documents/Document.docx", "ItemLastModifiedTime": "2020-02-26T09:56:12", "SiteCollectionUrl": "https://testsiem2.sharepoint.com/sites/Internalcommunications", "ItemCreationTime": "2020-02-26T09:55:38", "SiteCollectionGuid": "4aaa3319-df17-4ea0-a142-42cf204cfc62", "FileSize": 35920, "IsViewableByExternalUsers": false, "FileOwner": "alice@testsiem2.onmicrosoft.com", "FileName": "Document.docx"}, "UserKey": "DLPAgent", "Operation": "DLPRuleMatch", "IncidentId": "0ae82be2-e321-ab52-d000-08d7bab8fe55", "Id": "93585ace-96eb-4af1-fdb2-08d7bab8f2bd", "RecordType": 11}
+{"Workload": "SharePoint", "SensitiveInfoDetectionIsIncluded": false, "OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", "UserId": "DLPAgent", "CreationTime": "2020-02-26T12:39:40", "UserType": 4, "Version": 1, "PolicyDetails": [{"Rules": [{"Severity": "High", "RuleId": "121c85c3-b2b2-4d5b-af11-b1d1bc0b36fd", "ConditionsMatched": {"SensitiveInformation": [{"Count": 42, "Confidence": 85, "SensitiveType": "50842eb7-edc8-4019-85dd-5a5c1f2bb085"}, {"Count": 2, "Confidence": 85, "SensitiveType": "0e9b3178-9678-47dd-a509-37222ca96b42"}]}, "Actions": ["NotifyUser", "GenerateAlert"], "RuleName": "Low volume of content detected France Financial", "ActionParameters": ["GenerateAlert:asr@testsiem2.onmicrosoft.com"], "RuleMode": "Enable"}], "PolicyName": "Financial Data Detection", "PolicyId": "08745d02-5d45-48bd-98e1-8199ab1efdbe"}], "SharePointMetaData": {"From": "alice@testsiem2.onmicrosoft.com", "IsViewableByExternalUsers": false, "FilePathUrl": "https://testsiem2.sharepoint.com/sites/Internalcommunications/Shared%20Documents/Document.docx", "ItemLastModifiedTime": "2020-02-26T09:56:12", "SiteCollectionUrl": "https://testsiem2.sharepoint.com/sites/Internalcommunications", "ItemCreationTime": "2020-02-26T09:55:38", "FileName": "Document.docx", "SiteCollectionGuid": "4aaa3319-df17-4ea0-a142-42cf204cfc62", "FileSize": 35920, "UniqueID": "3ace820e-9358-4520-9df6-5bd65602cef0", "FileOwner": "alice@testsiem2.onmicrosoft.com"}, "UserKey": "DLPAgent", "Operation": "DLPRuleMatch", "IncidentId": "0ae82be2-e321-ab52-d000-08d7bab8fe55", "Id": "93585ace-96eb-4af1-fdb2-08d7bab8f2bd", "RecordType": 11}
diff --git a/x-pack/filebeat/module/o365/audit/test/11-dlp-sharepoint.log-expected.json b/x-pack/filebeat/module/o365/audit/test/11-dlp-sharepoint.log-expected.json
new file mode 100644
index 00000000000..8d1e8e5a328
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/test/11-dlp-sharepoint.log-expected.json
@@ -0,0 +1,626 @@
+[
+    {
+        "@timestamp": "2020-02-25T16:20:15.000Z",
+        "event.action": "DLPRuleMatch",
+        "event.category": "file",
+        "event.code": "ComplianceDLPSharePoint",
+        "event.dataset": "o365.audit",
+        "event.id": "a21f13b9-22b6-405b-bf9e-a07ad8d456da",
+        "event.kind": "alert",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "OneDrive",
+        "event.severity": 2,
+        "event.type": "access",
+        "file.inode": "9cc7be1c-dd5a-4895-b7cb-757de6d51b42",
+        "file.name": "Customers Financial Data.docx",
+        "file.owner": "Alan Smithee",
+        "fileset.name": "audit",
+        "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "input.type": "log",
+        "log.offset": 0,
+        "o365.audit.CreationTime": "2020-02-25T16:20:15",
+        "o365.audit.Id": "a21f13b9-22b6-405b-bf9e-a07ad8d456da",
+        "o365.audit.IncidentId": "3066c3c5-eb56-dd03-b000-08d7ba115afd",
+        "o365.audit.ObjectId": "9cc7be1c-dd5a-4895-b7cb-757de6d51b42",
+        "o365.audit.Operation": "DLPRuleMatch",
+        "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "o365.audit.PolicyDetails": [
+            {
+                "PolicyId": "a15b4790-085f-43c1-90ad-853b16cedeec",
+                "PolicyName": "U.S. Financial Data",
+                "Rules": [
+                    {
+                        "ActionParameters": [],
+                        "Actions": [
+                            "NotifyUser"
+                        ],
+                        "ConditionsMatched": {
+                            "SensitiveInformation": [
+                                {
+                                    "Confidence": 75,
+                                    "Count": 1,
+                                    "SensitiveType": "cb353f78-2b72-4c3c-8827-92ebe4f69fdf"
+                                }
+                            ]
+                        },
+                        "RuleId": "c5981414-9f1f-4275-a2df-2fbfb1d03795",
+                        "RuleMode": "Enable",
+                        "RuleName": "Low volume of content detected U.S. Financial",
+                        "Severity": "Low"
+                    }
+                ]
+            }
+        ],
+        "o365.audit.RecordType": 11,
+        "o365.audit.SensitiveInfoDetectionIsIncluded": false,
+        "o365.audit.SharePointMetaData.FileName": "Customers Financial Data.docx",
+        "o365.audit.SharePointMetaData.FileOwner": "Alan Smithee",
+        "o365.audit.SharePointMetaData.FilePathUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/Customers%20Financial%20Data.docx",
+        "o365.audit.SharePointMetaData.From": "ASR@TESTSIEM2.ONMICROSOFT.COM",
+        "o365.audit.SharePointMetaData.ItemCreationTime": "2020-02-25T15:22:49",
+        "o365.audit.SharePointMetaData.ItemLastModifiedTime": "2020-02-25T16:19:43",
+        "o365.audit.SharePointMetaData.SiteCollectionGuid": "eae3edad-a192-43a9-b317-98d7ea5e3939",
+        "o365.audit.SharePointMetaData.SiteCollectionUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com",
+        "o365.audit.SharePointMetaData.UniqueID": "9cc7be1c-dd5a-4895-b7cb-757de6d51b42",
+        "o365.audit.UserId": "DlpPolicyEventBasedAssistantOneDriveForBusiness",
+        "o365.audit.UserKey": "DlpPolicyEventBasedAssistantOneDriveForBusiness",
+        "o365.audit.UserType": 4,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "OneDrive",
+        "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "related.user": [
+            "ASR",
+            "Alan Smithee"
+        ],
+        "rule.id": "c5981414-9f1f-4275-a2df-2fbfb1d03795",
+        "rule.name": "Low volume of content detected U.S. Financial",
+        "service.type": "o365",
+        "url.original": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/Customers%20Financial%20Data.docx",
+        "user.domain": "TESTSIEM2.ONMICROSOFT.COM",
+        "user.id": "ASR@TESTSIEM2.ONMICROSOFT.COM",
+        "user.name": "ASR"
+    },
+    {
+        "@timestamp": "2020-02-25T16:23:39.000Z",
+        "event.action": "DLPRuleMatch",
+        "event.category": "file",
+        "event.code": "ComplianceDLPSharePoint",
+        "event.dataset": "o365.audit",
+        "event.id": "eb8259c8-d2c2-449d-bd35-5c8a033eb629",
+        "event.kind": "alert",
+        "event.module": "o365",
+        "event.outcome": "failure",
+        "event.provider": "OneDrive",
+        "event.severity": 4,
+        "event.type": "access",
+        "file.inode": "856386d5-c9cd-46e9-b53b-fd01ed590b68",
+        "file.name": "Customers Financial Data Copy.docx",
+        "file.owner": "Alan Smithee",
+        "fileset.name": "audit",
+        "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "input.type": "log",
+        "log.offset": 1559,
+        "o365.audit.CreationTime": "2020-02-25T16:23:39",
+        "o365.audit.Id": "eb8259c8-d2c2-449d-bd35-5c8a033eb629",
+        "o365.audit.IncidentId": "eeeb7b44-fc69-c19f-b000-08d7ba115afd",
+        "o365.audit.ObjectId": "856386d5-c9cd-46e9-b53b-fd01ed590b68",
+        "o365.audit.Operation": "DLPRuleMatch",
+        "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "o365.audit.PolicyDetails": [
+            {
+                "PolicyId": "a15b4790-085f-43c1-90ad-853b16cedeec",
+                "PolicyName": "U.S. Financial Data",
+                "Rules": [
+                    {
+                        "ActionParameters": [
+                            "GenerateIncidentReport:SiteAdmin"
+                        ],
+                        "Actions": [
+                            "BlockAccess",
+                            "NotifyUser",
+                            "GenerateIncidentReport"
+                        ],
+                        "ConditionsMatched": {
+                            "SensitiveInformation": [
+                                {
+                                    "Confidence": 85,
+                                    "Count": 12,
+                                    "SensitiveType": "50842eb7-edc8-4019-85dd-5a5c1f2bb085"
+                                },
+                                {
+                                    "Confidence": 75,
+                                    "Count": 1,
+                                    "SensitiveType": "cb353f78-2b72-4c3c-8827-92ebe4f69fdf"
+                                }
+                            ]
+                        },
+                        "RuleId": "7503b92a-67c2-494b-8a46-57ef0d738886",
+                        "RuleMode": "Enable",
+                        "RuleName": "High volume of content detected U.S. Financial",
+                        "Severity": "High"
+                    }
+                ]
+            }
+        ],
+        "o365.audit.RecordType": 11,
+        "o365.audit.SensitiveInfoDetectionIsIncluded": false,
+        "o365.audit.SharePointMetaData.FileName": "Customers Financial Data Copy.docx",
+        "o365.audit.SharePointMetaData.FileOwner": "Alan Smithee",
+        "o365.audit.SharePointMetaData.FilePathUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/Customers%20Financial%20Data%20Copy.docx",
+        "o365.audit.SharePointMetaData.From": "ASR@TESTSIEM2.ONMICROSOFT.COM",
+        "o365.audit.SharePointMetaData.ItemCreationTime": "2020-02-25T16:21:50",
+        "o365.audit.SharePointMetaData.ItemLastModifiedTime": "2020-02-25T16:21:44",
+        "o365.audit.SharePointMetaData.SiteCollectionGuid": "eae3edad-a192-43a9-b317-98d7ea5e3939",
+        "o365.audit.SharePointMetaData.SiteCollectionUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com",
+        "o365.audit.SharePointMetaData.UniqueID": "856386d5-c9cd-46e9-b53b-fd01ed590b68",
+        "o365.audit.UserId": "DlpPolicyEventBasedAssistantOneDriveForBusiness",
+        "o365.audit.UserKey": "DlpPolicyEventBasedAssistantOneDriveForBusiness",
+        "o365.audit.UserType": 4,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "OneDrive",
+        "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "related.user": [
+            "ASR",
+            "Alan Smithee"
+        ],
+        "rule.id": "7503b92a-67c2-494b-8a46-57ef0d738886",
+        "rule.name": "High volume of content detected U.S. Financial",
+        "service.type": "o365",
+        "url.original": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/Customers%20Financial%20Data%20Copy.docx",
+        "user.domain": "TESTSIEM2.ONMICROSOFT.COM",
+        "user.id": "ASR@TESTSIEM2.ONMICROSOFT.COM",
+        "user.name": "ASR"
+    },
+    {
+        "@timestamp": "2020-02-25T16:23:39.000Z",
+        "event.action": "DLPRuleMatch",
+        "event.category": "file",
+        "event.code": "ComplianceDLPSharePoint",
+        "event.dataset": "o365.audit",
+        "event.id": "50a90c83-7e15-4679-8778-d9dd30927e66",
+        "event.kind": "alert",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "OneDrive",
+        "event.severity": 2,
+        "event.type": "access",
+        "file.inode": "856386d5-c9cd-46e9-b53b-fd01ed590b68",
+        "file.name": "Customers Financial Data Copy.docx",
+        "file.owner": "Alan Smithee",
+        "fileset.name": "audit",
+        "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "input.type": "log",
+        "log.offset": 3297,
+        "o365.audit.CreationTime": "2020-02-25T16:23:39",
+        "o365.audit.Id": "50a90c83-7e15-4679-8778-d9dd30927e66",
+        "o365.audit.IncidentId": "eeeb7b44-fc69-c19f-b000-08d7ba115afd",
+        "o365.audit.ObjectId": "856386d5-c9cd-46e9-b53b-fd01ed590b68",
+        "o365.audit.Operation": "DLPRuleMatch",
+        "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "o365.audit.PolicyDetails": [
+            {
+                "PolicyId": "a15b4790-085f-43c1-90ad-853b16cedeec",
+                "PolicyName": "U.S. Financial Data",
+                "Rules": [
+                    {
+                        "ActionParameters": [],
+                        "Actions": [
+                            "NotifyUser"
+                        ],
+                        "ConditionsMatched": {
+                            "SensitiveInformation": [
+                                {
+                                    "Confidence": 85,
+                                    "Count": 12,
+                                    "SensitiveType": "50842eb7-edc8-4019-85dd-5a5c1f2bb085"
+                                },
+                                {
+                                    "Confidence": 75,
+                                    "Count": 1,
+                                    "SensitiveType": "cb353f78-2b72-4c3c-8827-92ebe4f69fdf"
+                                }
+                            ]
+                        },
+                        "RuleId": "c5981414-9f1f-4275-a2df-2fbfb1d03795",
+                        "RuleMode": "Enable",
+                        "RuleName": "Low volume of content detected U.S. Financial",
+                        "Severity": "Low"
+                    }
+                ]
+            }
+        ],
+        "o365.audit.RecordType": 11,
+        "o365.audit.SensitiveInfoDetectionIsIncluded": false,
+        "o365.audit.SharePointMetaData.FileName": "Customers Financial Data Copy.docx",
+        "o365.audit.SharePointMetaData.FileOwner": "Alan Smithee",
+        "o365.audit.SharePointMetaData.FilePathUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/Customers%20Financial%20Data%20Copy.docx",
+        "o365.audit.SharePointMetaData.From": "ASR@TESTSIEM2.ONMICROSOFT.COM",
+        "o365.audit.SharePointMetaData.ItemCreationTime": "2020-02-25T16:21:50",
+        "o365.audit.SharePointMetaData.ItemLastModifiedTime": "2020-02-25T16:21:44",
+        "o365.audit.SharePointMetaData.SiteCollectionGuid": "eae3edad-a192-43a9-b317-98d7ea5e3939",
+        "o365.audit.SharePointMetaData.SiteCollectionUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com",
+        "o365.audit.SharePointMetaData.UniqueID": "856386d5-c9cd-46e9-b53b-fd01ed590b68",
+        "o365.audit.UserId": "DlpPolicyEventBasedAssistantOneDriveForBusiness",
+        "o365.audit.UserKey": "DlpPolicyEventBasedAssistantOneDriveForBusiness",
+        "o365.audit.UserType": 4,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "OneDrive",
+        "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "related.user": [
+            "ASR",
+            "Alan Smithee"
+        ],
+        "rule.id": "c5981414-9f1f-4275-a2df-2fbfb1d03795",
+        "rule.name": "Low volume of content detected U.S. Financial",
+        "service.type": "o365",
+        "url.original": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/Customers%20Financial%20Data%20Copy.docx",
+        "user.domain": "TESTSIEM2.ONMICROSOFT.COM",
+        "user.id": "ASR@TESTSIEM2.ONMICROSOFT.COM",
+        "user.name": "ASR"
+    },
+    {
+        "@timestamp": "2020-02-25T16:22:22.000Z",
+        "event.action": "DLPRuleMatch",
+        "event.category": "file",
+        "event.code": "ComplianceDLPSharePoint",
+        "event.dataset": "o365.audit",
+        "event.id": "59652f9a-087c-4b65-b88c-b293ade34202",
+        "event.kind": "alert",
+        "event.module": "o365",
+        "event.outcome": "failure",
+        "event.provider": "OneDrive",
+        "event.severity": 4,
+        "event.type": "access",
+        "file.inode": "9cc7be1c-dd5a-4895-b7cb-757de6d51b42",
+        "file.name": "Customers Financial Data.docx",
+        "file.owner": "Alan Smithee",
+        "fileset.name": "audit",
+        "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "input.type": "log",
+        "log.offset": 4958,
+        "o365.audit.CreationTime": "2020-02-25T16:22:22",
+        "o365.audit.Id": "59652f9a-087c-4b65-b88c-b293ade34202",
+        "o365.audit.IncidentId": "3066c3c5-eb56-dd03-b000-08d7ba115afd",
+        "o365.audit.ObjectId": "9cc7be1c-dd5a-4895-b7cb-757de6d51b42",
+        "o365.audit.Operation": "DLPRuleMatch",
+        "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "o365.audit.PolicyDetails": [
+            {
+                "PolicyId": "a15b4790-085f-43c1-90ad-853b16cedeec",
+                "PolicyName": "U.S. Financial Data",
+                "Rules": [
+                    {
+                        "ActionParameters": [
+                            "GenerateIncidentReport:SiteAdmin"
+                        ],
+                        "Actions": [
+                            "BlockAccess",
+                            "NotifyUser",
+                            "GenerateIncidentReport"
+                        ],
+                        "ConditionsMatched": {
+                            "SensitiveInformation": [
+                                {
+                                    "Confidence": 85,
+                                    "Count": 12,
+                                    "SensitiveType": "50842eb7-edc8-4019-85dd-5a5c1f2bb085"
+                                },
+                                {
+                                    "Confidence": 75,
+                                    "Count": 1,
+                                    "SensitiveType": "cb353f78-2b72-4c3c-8827-92ebe4f69fdf"
+                                }
+                            ]
+                        },
+                        "RuleId": "7503b92a-67c2-494b-8a46-57ef0d738886",
+                        "RuleMode": "Enable",
+                        "RuleName": "High volume of content detected U.S. Financial",
+                        "Severity": "High"
+                    }
+                ]
+            }
+        ],
+        "o365.audit.RecordType": 11,
+        "o365.audit.SensitiveInfoDetectionIsIncluded": false,
+        "o365.audit.SharePointMetaData.FileName": "Customers Financial Data.docx",
+        "o365.audit.SharePointMetaData.FileOwner": "Alan Smithee",
+        "o365.audit.SharePointMetaData.FilePathUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/Customers%20Financial%20Data.docx",
+        "o365.audit.SharePointMetaData.From": "ASR@TESTSIEM2.ONMICROSOFT.COM",
+        "o365.audit.SharePointMetaData.ItemCreationTime": "2020-02-25T15:22:49",
+        "o365.audit.SharePointMetaData.ItemLastModifiedTime": "2020-02-25T16:21:44",
+        "o365.audit.SharePointMetaData.SiteCollectionGuid": "eae3edad-a192-43a9-b317-98d7ea5e3939",
+        "o365.audit.SharePointMetaData.SiteCollectionUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com",
+        "o365.audit.SharePointMetaData.UniqueID": "9cc7be1c-dd5a-4895-b7cb-757de6d51b42",
+        "o365.audit.UserId": "DlpPolicyEventBasedAssistantOneDriveForBusiness",
+        "o365.audit.UserKey": "DlpPolicyEventBasedAssistantOneDriveForBusiness",
+        "o365.audit.UserType": 4,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "OneDrive",
+        "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "related.user": [
+            "ASR",
+            "Alan Smithee"
+        ],
+        "rule.id": "7503b92a-67c2-494b-8a46-57ef0d738886",
+        "rule.name": "High volume of content detected U.S. Financial",
+        "service.type": "o365",
+        "url.original": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/Customers%20Financial%20Data.docx",
+        "user.domain": "TESTSIEM2.ONMICROSOFT.COM",
+        "user.id": "ASR@TESTSIEM2.ONMICROSOFT.COM",
+        "user.name": "ASR"
+    },
+    {
+        "@timestamp": "2020-02-26T10:13:48.000Z",
+        "event.action": "DLPRuleMatch",
+        "event.category": "file",
+        "event.code": "ComplianceDLPSharePoint",
+        "event.dataset": "o365.audit",
+        "event.id": "d69c6758-f210-43bd-bac1-563adef4b4cf",
+        "event.kind": "alert",
+        "event.module": "o365",
+        "event.outcome": "failure",
+        "event.provider": "OneDrive",
+        "event.severity": 4,
+        "event.type": "access",
+        "file.inode": "f026407b-090a-4c15-99b5-09851842d96d",
+        "file.name": "INTERNAL CREDIT CARD NUMBERS.docx",
+        "file.owner": "Alan Smithee",
+        "fileset.name": "audit",
+        "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "input.type": "log",
+        "log.offset": 6684,
+        "o365.audit.CreationTime": "2020-02-26T10:13:48",
+        "o365.audit.Id": "d69c6758-f210-43bd-bac1-563adef4b4cf",
+        "o365.audit.IncidentId": "f7295114-e601-f2b6-8800-08d7baa56f8b",
+        "o365.audit.ObjectId": "f026407b-090a-4c15-99b5-09851842d96d",
+        "o365.audit.Operation": "DLPRuleMatch",
+        "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "o365.audit.PolicyDetails": [
+            {
+                "PolicyId": "08745d02-5d45-48bd-98e1-8199ab1efdbe",
+                "PolicyName": "Financial Data Detection",
+                "Rules": [
+                    {
+                        "ActionParameters": [
+                            "GenerateIncidentReport:SiteAdmin"
+                        ],
+                        "Actions": [
+                            "BlockAccess",
+                            "NotifyUser",
+                            "GenerateIncidentReport"
+                        ],
+                        "ConditionsMatched": {
+                            "SensitiveInformation": [
+                                {
+                                    "Confidence": 85,
+                                    "Count": 42,
+                                    "SensitiveType": "50842eb7-edc8-4019-85dd-5a5c1f2bb085"
+                                },
+                                {
+                                    "Confidence": 85,
+                                    "Count": 23,
+                                    "SensitiveType": "0e9b3178-9678-47dd-a509-37222ca96b42"
+                                }
+                            ]
+                        },
+                        "RuleId": "bc4d376f-b038-4695-9362-609d32f963cf",
+                        "RuleMode": "Enable",
+                        "RuleName": "High volume of content detected France Financial",
+                        "Severity": "High"
+                    }
+                ]
+            }
+        ],
+        "o365.audit.RecordType": 11,
+        "o365.audit.SensitiveInfoDetectionIsIncluded": false,
+        "o365.audit.SharePointMetaData.FileName": "INTERNAL CREDIT CARD NUMBERS.docx",
+        "o365.audit.SharePointMetaData.FileOwner": "Alan Smithee",
+        "o365.audit.SharePointMetaData.FilePathUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/INTERNAL%20CREDIT%20CARD%20NUMBERS.docx",
+        "o365.audit.SharePointMetaData.From": "ASR@TESTSIEM2.ONMICROSOFT.COM",
+        "o365.audit.SharePointMetaData.ItemCreationTime": "2020-02-26T09:44:40",
+        "o365.audit.SharePointMetaData.ItemLastModifiedTime": "2020-02-26T09:46:23",
+        "o365.audit.SharePointMetaData.SiteCollectionGuid": "eae3edad-a192-43a9-b317-98d7ea5e3939",
+        "o365.audit.SharePointMetaData.SiteCollectionUrl": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com",
+        "o365.audit.SharePointMetaData.UniqueID": "f026407b-090a-4c15-99b5-09851842d96d",
+        "o365.audit.UserId": "DlpPolicyEventBasedAssistantOneDriveForBusiness",
+        "o365.audit.UserKey": "DlpPolicyEventBasedAssistantOneDriveForBusiness",
+        "o365.audit.UserType": 4,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "OneDrive",
+        "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "related.user": [
+            "ASR",
+            "Alan Smithee"
+        ],
+        "rule.id": "bc4d376f-b038-4695-9362-609d32f963cf",
+        "rule.name": "High volume of content detected France Financial",
+        "service.type": "o365",
+        "url.original": "https://testsiem2-my.sharepoint.com/personal/asr_testsiem2_onmicrosoft_com/Documents/INTERNAL%20CREDIT%20CARD%20NUMBERS.docx",
+        "user.domain": "TESTSIEM2.ONMICROSOFT.COM",
+        "user.id": "ASR@TESTSIEM2.ONMICROSOFT.COM",
+        "user.name": "ASR"
+    },
+    {
+        "@timestamp": "2020-02-26T12:39:40.000Z",
+        "event.action": "DLPRuleMatch",
+        "event.category": "file",
+        "event.code": "ComplianceDLPSharePoint",
+        "event.dataset": "o365.audit",
+        "event.id": "93585ace-96eb-4af1-fdb2-08d7bab8f2bd",
+        "event.kind": "alert",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "SharePoint",
+        "event.severity": 4,
+        "event.type": "access",
+        "file.inode": "3ace820e-9358-4520-9df6-5bd65602cef0",
+        "file.name": "Document.docx",
+        "file.owner": "alice@testsiem2.onmicrosoft.com",
+        "fileset.name": "audit",
+        "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "input.type": "log",
+        "log.offset": 8428,
+        "o365.audit.CreationTime": "2020-02-26T12:39:40",
+        "o365.audit.Id": "93585ace-96eb-4af1-fdb2-08d7bab8f2bd",
+        "o365.audit.IncidentId": "0ae82be2-e321-ab52-d000-08d7bab8fe55",
+        "o365.audit.Operation": "DLPRuleMatch",
+        "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "o365.audit.PolicyDetails": [
+            {
+                "PolicyId": "08745d02-5d45-48bd-98e1-8199ab1efdbe",
+                "PolicyName": "Financial Data Detection",
+                "Rules": [
+                    {
+                        "ActionParameters": [
+                            "GenerateAlert:asr@testsiem2.onmicrosoft.com"
+                        ],
+                        "Actions": [
+                            "NotifyUser",
+                            "GenerateAlert"
+                        ],
+                        "ConditionsMatched": {
+                            "SensitiveInformation": [
+                                {
+                                    "Confidence": 85,
+                                    "Count": 42,
+                                    "SensitiveType": "50842eb7-edc8-4019-85dd-5a5c1f2bb085"
+                                },
+                                {
+                                    "Confidence": 85,
+                                    "Count": 2,
+                                    "SensitiveType": "0e9b3178-9678-47dd-a509-37222ca96b42"
+                                }
+                            ]
+                        },
+                        "RuleId": "121c85c3-b2b2-4d5b-af11-b1d1bc0b36fd",
+                        "RuleMode": "Enable",
+                        "RuleName": "Low volume of content detected France Financial",
+                        "Severity": "High"
+                    }
+                ]
+            }
+        ],
+        "o365.audit.RecordType": 11,
+        "o365.audit.SensitiveInfoDetectionIsIncluded": false,
+        "o365.audit.SharePointMetaData.FileName": "Document.docx",
+        "o365.audit.SharePointMetaData.FileOwner": "alice@testsiem2.onmicrosoft.com",
+        "o365.audit.SharePointMetaData.FilePathUrl": "https://testsiem2.sharepoint.com/sites/Internalcommunications/Shared%20Documents/Document.docx",
+        "o365.audit.SharePointMetaData.FileSize": 35920,
+        "o365.audit.SharePointMetaData.From": "alice@testsiem2.onmicrosoft.com",
+        "o365.audit.SharePointMetaData.IsViewableByExternalUsers": false,
+        "o365.audit.SharePointMetaData.ItemCreationTime": "2020-02-26T09:55:38",
+        "o365.audit.SharePointMetaData.ItemLastModifiedTime": "2020-02-26T09:56:12",
+        "o365.audit.SharePointMetaData.SiteCollectionGuid": "4aaa3319-df17-4ea0-a142-42cf204cfc62",
+        "o365.audit.SharePointMetaData.SiteCollectionUrl": "https://testsiem2.sharepoint.com/sites/Internalcommunications",
+        "o365.audit.SharePointMetaData.UniqueID": "3ace820e-9358-4520-9df6-5bd65602cef0",
+        "o365.audit.UserId": "DLPAgent",
+        "o365.audit.UserKey": "DLPAgent",
+        "o365.audit.UserType": 4,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "SharePoint",
+        "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "related.user": [
+            "alice",
+            "alice@testsiem2.onmicrosoft.com"
+        ],
+        "rule.id": "121c85c3-b2b2-4d5b-af11-b1d1bc0b36fd",
+        "rule.name": "Low volume of content detected France Financial",
+        "service.type": "o365",
+        "url.original": "https://testsiem2.sharepoint.com/sites/Internalcommunications/Shared%20Documents/Document.docx",
+        "user.domain": "testsiem2.onmicrosoft.com",
+        "user.id": "alice@testsiem2.onmicrosoft.com",
+        "user.name": "alice"
+    },
+    {
+        "@timestamp": "2020-02-26T12:39:40.000Z",
+        "event.action": "DLPRuleMatch",
+        "event.category": "file",
+        "event.code": "ComplianceDLPSharePoint",
+        "event.dataset": "o365.audit",
+        "event.id": "93585ace-96eb-4af1-fdb2-08d7bab8f2bd",
+        "event.kind": "alert",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "SharePoint",
+        "event.severity": 4,
+        "event.type": "access",
+        "file.inode": "3ace820e-9358-4520-9df6-5bd65602cef0",
+        "file.name": "Document.docx",
+        "file.owner": "alice@testsiem2.onmicrosoft.com",
+        "fileset.name": "audit",
+        "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "input.type": "log",
+        "log.offset": 10042,
+        "o365.audit.CreationTime": "2020-02-26T12:39:40",
+        "o365.audit.Id": "93585ace-96eb-4af1-fdb2-08d7bab8f2bd",
+        "o365.audit.IncidentId": "0ae82be2-e321-ab52-d000-08d7bab8fe55",
+        "o365.audit.Operation": "DLPRuleMatch",
+        "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "o365.audit.PolicyDetails": [
+            {
+                "PolicyId": "08745d02-5d45-48bd-98e1-8199ab1efdbe",
+                "PolicyName": "Financial Data Detection",
+                "Rules": [
+                    {
+                        "ActionParameters": [
+                            "GenerateAlert:asr@testsiem2.onmicrosoft.com"
+                        ],
+                        "Actions": [
+                            "NotifyUser",
+                            "GenerateAlert"
+                        ],
+                        "ConditionsMatched": {
+                            "SensitiveInformation": [
+                                {
+                                    "Confidence": 85,
+                                    "Count": 42,
+                                    "SensitiveType": "50842eb7-edc8-4019-85dd-5a5c1f2bb085"
+                                },
+                                {
+                                    "Confidence": 85,
+                                    "Count": 2,
+                                    "SensitiveType": "0e9b3178-9678-47dd-a509-37222ca96b42"
+                                }
+                            ]
+                        },
+                        "RuleId": "121c85c3-b2b2-4d5b-af11-b1d1bc0b36fd",
+                        "RuleMode": "Enable",
+                        "RuleName": "Low volume of content detected France Financial",
+                        "Severity": "High"
+                    }
+                ]
+            }
+        ],
+        "o365.audit.RecordType": 11,
+        "o365.audit.SensitiveInfoDetectionIsIncluded": false,
+        "o365.audit.SharePointMetaData.FileName": "Document.docx",
+        "o365.audit.SharePointMetaData.FileOwner": "alice@testsiem2.onmicrosoft.com",
+        "o365.audit.SharePointMetaData.FilePathUrl": "https://testsiem2.sharepoint.com/sites/Internalcommunications/Shared%20Documents/Document.docx",
+        "o365.audit.SharePointMetaData.FileSize": 35920,
+        "o365.audit.SharePointMetaData.From": "alice@testsiem2.onmicrosoft.com",
+        "o365.audit.SharePointMetaData.IsViewableByExternalUsers": false,
+        "o365.audit.SharePointMetaData.ItemCreationTime": "2020-02-26T09:55:38",
+        "o365.audit.SharePointMetaData.ItemLastModifiedTime": "2020-02-26T09:56:12",
+        "o365.audit.SharePointMetaData.SiteCollectionGuid": "4aaa3319-df17-4ea0-a142-42cf204cfc62",
+        "o365.audit.SharePointMetaData.SiteCollectionUrl": "https://testsiem2.sharepoint.com/sites/Internalcommunications",
+        "o365.audit.SharePointMetaData.UniqueID": "3ace820e-9358-4520-9df6-5bd65602cef0",
+        "o365.audit.UserId": "DLPAgent",
+        "o365.audit.UserKey": "DLPAgent",
+        "o365.audit.UserType": 4,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "SharePoint",
+        "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "related.user": [
+            "alice",
+            "alice@testsiem2.onmicrosoft.com"
+        ],
+        "rule.id": "121c85c3-b2b2-4d5b-af11-b1d1bc0b36fd",
+        "rule.name": "Low volume of content detected France Financial",
+        "service.type": "o365",
+        "url.original": "https://testsiem2.sharepoint.com/sites/Internalcommunications/Shared%20Documents/Document.docx",
+        "user.domain": "testsiem2.onmicrosoft.com",
+        "user.id": "alice@testsiem2.onmicrosoft.com",
+        "user.name": "alice"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/o365/audit/test/13-dlp-exchange.log b/x-pack/filebeat/module/o365/audit/test/13-dlp-exchange.log
new file mode 100644
index 00000000000..8d0622d352f
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/test/13-dlp-exchange.log
@@ -0,0 +1,6 @@
+{"Workload":"Exchange","SensitiveInfoDetectionIsIncluded":false,"ObjectId":"<AM0PR05MB4803CDA6206C2F2FEB36DB5AB8EC0@AM0PR05MB4803.eurprd05.prod.outlook.com>","OrganizationId":"0e1dddce-163e-4b0b-9e33-87ba56ac4655","CreationTime":"2020-02-24T20:11:15","UserId":"DlpAgent","UserType":4,"Version":1,"PolicyDetails":[{"Rules":[{"Severity":"High","RuleId":"51e3d97a-e159-4645-9092-608bd24e083a","ConditionsMatched":{"OtherConditions":[{"Name":"AccessScope","Value":"IncludeExternalUsers"}],"SensitiveInformation":[{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"419f449f-6d9d-4be1-a154-b531f7a91b41"},{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"b8fe86d1-c056-453b-bfaa-9fe698699ecc"}]},"Actions":["BlockAccess","NotifyUser","GenerateIncidentReport"],"RuleName":"High volume of content detected test","ActionParameters":["GenerateIncidentReport:asr@testsiem2.onmicrosoft.com"],"RuleMode":"Enable"},{"Severity":"Medium","RuleId":"51e3d97a-1234-4645-9092-608bd24e083a","ConditionsMatched":{"OtherConditions":[{"Name":"AccessScope","Value":"IncludeExternalUsers"}],"SensitiveInformation":[{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"419f449f-6d9d-4be1-a154-b531f7a91b41"},{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"b8fe86d1-c056-453b-bfaa-9fe698699ecc"}]},"Actions":["BlockAccess","NotifyUser","GenerateIncidentReport"],"RuleName":"Mid volume of content detected test","ActionParameters":["GenerateIncidentReport:asr@testsiem2.onmicrosoft.com"],"RuleMode":"Enable"}],"PolicyName":"test","PolicyId":"88956b36-45b3-4828-bf53-78603c0e5f58"}],"ExchangeMetaData":{"From":"asr@testsiem2.onmicrosoft.com","CC":["asr@example.net"],"BCC":[],"To":["asr@example.org"],"FileSize":13405,"UniqueID":"8e103f2f-b293-4062-38b8-08d7b965b2fa","MessageID":"<AM0PR05MB4803CDA6206C2F2FEB36DB5AB8EC0@AM0PR05MB4803.eurprd05.prod.outlook.com>","RecipientCount":2,"Sent":"2020-02-24T20:11:14","Subject":"Here's the phony data"},"UserKey":"1153801116545789462","Operation":"DlpRuleMatch","IncidentId":"c1dc582b-fa61-6020-1800-08d7b966ec64","Id":"d5a0e7d9-e06f-498c-8413-eb83b7dbd516","RecordType":13}
+{"Workload":"Exchange","SensitiveInfoDetectionIsIncluded":false,"ObjectId":"<AM0PR05MB4803CDA6206C2F2FEB36DB5AB8EC0@AM0PR05MB4803.eurprd05.prod.outlook.com>","OrganizationId":"0e1dddce-163e-4b0b-9e33-87ba56ac4655","CreationTime":"2020-02-24T20:11:15","UserId":"DlpAgent","UserType":4,"Version":1,"PolicyDetails":[{"Rules":[{"Severity":"High","RuleId":"51e3d97a-e159-4645-9092-608bd24e083a","ConditionsMatched":{"OtherConditions":[{"Name":"AccessScope","Value":"IncludeExternalUsers"}],"SensitiveInformation":[{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"419f449f-6d9d-4be1-a154-b531f7a91b41"},{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"b8fe86d1-c056-453b-bfaa-9fe698699ecc"}]},"Actions":["BlockAccess","NotifyUser","GenerateIncidentReport"],"RuleName":"High volume of content detected test","ActionParameters":["GenerateIncidentReport:asr@testsiem2.onmicrosoft.com"],"RuleMode":"Enable"},{"Severity":"Medium","RuleId":"51e3d97a-1234-4645-9092-608bd24e083a","ConditionsMatched":{"OtherConditions":[{"Name":"AccessScope","Value":"IncludeExternalUsers"}],"SensitiveInformation":[{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"419f449f-6d9d-4be1-a154-b531f7a91b41"},{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"b8fe86d1-c056-453b-bfaa-9fe698699ecc"}]},"Actions":["BlockAccess","NotifyUser","GenerateIncidentReport"],"RuleName":"Mid volume of content detected test","ActionParameters":["GenerateIncidentReport:asr@testsiem2.onmicrosoft.com"],"RuleMode":"Enable"}],"PolicyName":"test","PolicyId":"88956b36-45b3-4828-bf53-78603c0e5f58"}],"ExchangeMetaData":{"From":"asr@testsiem2.onmicrosoft.com","CC":["asr@example.net"],"BCC":[],"To":["asr@example.org"],"FileSize":13405,"UniqueID":"8e103f2f-b293-4062-38b8-08d7b965b2fa","MessageID":"<AM0PR05MB4803CDA6206C2F2FEB36DB5AB8EC0@AM0PR05MB4803.eurprd05.prod.outlook.com>","RecipientCount":2,"Sent":"2020-02-24T20:11:14","Subject":"Here's the phony data"},"UserKey":"1153801116545789462","Operation":"DlpRuleUndo","IncidentId":"c1dc582b-fa61-6020-1800-08d7b966ec64","Id":"d5a0e7d9-e06f-498c-8413-eb83b7dbd516","RecordType":13}
+{"Workload":"Exchange","SensitiveInfoDetectionIsIncluded":false,"ObjectId":"<AM0PR05MB4803CDA6206C2F2FEB36DB5AB8EC0@AM0PR05MB4803.eurprd05.prod.outlook.com>","OrganizationId":"0e1dddce-163e-4b0b-9e33-87ba56ac4655","CreationTime":"2020-02-24T20:11:15","UserId":"DlpAgent","UserType":4,"Version":1,"ExceptionInfo":"{ \"Justification\": \"I really need to share those files\" }","PolicyDetails":[{"Rules":[{"Severity":"High","RuleId":"51e3d97a-e159-4645-9092-608bd24e083a","ConditionsMatched":{"OtherConditions":[{"Name":"AccessScope","Value":"IncludeExternalUsers"}],"SensitiveInformation":[{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"419f449f-6d9d-4be1-a154-b531f7a91b41"},{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"b8fe86d1-c056-453b-bfaa-9fe698699ecc"}]},"Actions":["BlockAccess","NotifyUser","GenerateIncidentReport"],"RuleName":"High volume of content detected test","ActionParameters":["GenerateIncidentReport:asr@testsiem2.onmicrosoft.com"],"RuleMode":"Enable"},{"Severity":"Medium","RuleId":"51e3d97a-1234-4645-9092-608bd24e083a","ConditionsMatched":{"OtherConditions":[{"Name":"AccessScope","Value":"IncludeExternalUsers"}],"SensitiveInformation":[{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"419f449f-6d9d-4be1-a154-b531f7a91b41"},{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"b8fe86d1-c056-453b-bfaa-9fe698699ecc"}]},"Actions":["BlockAccess","NotifyUser","GenerateIncidentReport"],"RuleName":"Mid volume of content detected test","ActionParameters":["GenerateIncidentReport:asr@testsiem2.onmicrosoft.com"],"RuleMode":"Enable"}],"PolicyName":"test","PolicyId":"88956b36-45b3-4828-bf53-78603c0e5f58"}],"ExchangeMetaData":{"From":"asr@testsiem2.onmicrosoft.com","CC":["asr@example.net"],"BCC":[],"To":["asr@example.org"],"FileSize":13405,"UniqueID":"8e103f2f-b293-4062-38b8-08d7b965b2fa","MessageID":"<AM0PR05MB4803CDA6206C2F2FEB36DB5AB8EC0@AM0PR05MB4803.eurprd05.prod.outlook.com>","RecipientCount":2,"Sent":"2020-02-24T20:11:14","Subject":"Here's the phony data"},"UserKey":"1153801116545789462","Operation":"DlpRuleMatch","IncidentId":"c1dc582b-fa61-6020-1800-08d7b966ec64","Id":"d5a0e7d9-e06f-498c-8413-eb83b7dbd516","RecordType":13}
+{"Workload":"Exchange","SensitiveInfoDetectionIsIncluded":false,"ObjectId":"<AM0PR05MB4803CDA6206C2F2FEB36DB5AB8EC0@AM0PR05MB4803.eurprd05.prod.outlook.com>","OrganizationId":"0e1dddce-163e-4b0b-9e33-87ba56ac4655","CreationTime":"2020-02-24T20:11:15","UserId":"DlpAgent","UserType":4,"Version":1,"ExceptionInfo":{ "FalsePositive": true },"PolicyDetails":[{"Rules":[{"Severity":"High","RuleId":"51e3d97a-e159-4645-9092-608bd24e083a","ConditionsMatched":{"OtherConditions":[{"Name":"AccessScope","Value":"IncludeExternalUsers"}],"SensitiveInformation":[{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"419f449f-6d9d-4be1-a154-b531f7a91b41"},{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"b8fe86d1-c056-453b-bfaa-9fe698699ecc"}]},"Actions":["BlockAccess","NotifyUser","GenerateIncidentReport"],"RuleName":"High volume of content detected test","ActionParameters":["GenerateIncidentReport:asr@testsiem2.onmicrosoft.com"],"RuleMode":"Enable"},{"Severity":"Medium","RuleId":"51e3d97a-1234-4645-9092-608bd24e083a","ConditionsMatched":{"OtherConditions":[{"Name":"AccessScope","Value":"IncludeExternalUsers"}],"SensitiveInformation":[{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"419f449f-6d9d-4be1-a154-b531f7a91b41"},{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"b8fe86d1-c056-453b-bfaa-9fe698699ecc"}]},"Actions":["BlockAccess","NotifyUser","GenerateIncidentReport"],"RuleName":"Mid volume of content detected test","ActionParameters":["GenerateIncidentReport:asr@testsiem2.onmicrosoft.com"],"RuleMode":"Enable"}],"PolicyName":"test","PolicyId":"88956b36-45b3-4828-bf53-78603c0e5f58"}],"ExchangeMetaData":{"From":"asr@testsiem2.onmicrosoft.com","CC":["asr@example.net"],"BCC":[],"To":["asr@example.org"],"FileSize":13405,"UniqueID":"8e103f2f-b293-4062-38b8-08d7b965b2fa","MessageID":"<AM0PR05MB4803CDA6206C2F2FEB36DB5AB8EC0@AM0PR05MB4803.eurprd05.prod.outlook.com>","RecipientCount":2,"Sent":"2020-02-24T20:11:14","Subject":"Here's the phony data"},"UserKey":"1153801116545789462","Operation":"DlpRuleMatch","IncidentId":"c1dc582b-fa61-6020-1800-08d7b966ec64","Id":"d5a0e7d9-e06f-498c-8413-eb83b7dbd516","RecordType":13}
+{"Workload":"Exchange","SensitiveInfoDetectionIsIncluded":false,"ObjectId":"<AM0PR05MB4803CDA6206C2F2FEB36DB5AB8EC0@AM0PR05MB4803.eurprd05.prod.outlook.com>","OrganizationId":"0e1dddce-163e-4b0b-9e33-87ba56ac4655","UserId":"DlpAgent","CreationTime":"2020-02-24T20:11:15","UserType":4,"Version":1,"PolicyDetails":[{"Rules":[{"Severity":"Low","RuleId":"8398c03a-a00d-42bb-8f80-ead0ad04e1df","RuleName":"Low volume of content detected test","Actions":["NotifyUser"],"ConditionsMatched":{"OtherConditions":[{"Name":"AccessScope","Value":"IncludeExternalUsers"}],"SensitiveInformation":[{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"419f449f-6d9d-4be1-a154-b531f7a91b41"},{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"b8fe86d1-c056-453b-bfaa-9fe698699ecc"}]},"RuleMode":"Enable"}],"PolicyName":"test","PolicyId":"88956b36-45b3-4828-bf53-78603c0e5f58"}],"ExchangeMetaData":{"From":"asr@testsiem2.onmicrosoft.com","CC":["asr@example.net"],"BCC":[],"To":["asr@example.org"],"FileSize":13310,"UniqueID":"8e103f2f-b293-4062-38b8-08d7b965b2fa","MessageID":"<AM0PR05MB4803CDA6206C2F2FEB36DB5AB8EC0@AM0PR05MB4803.eurprd05.prod.outlook.com>","RecipientCount":2,"Sent":"2020-02-24T20:11:14","Subject":"Here's the phony data"},"UserKey":"1153801116545789462","Operation":"DlpRuleMatch","IncidentId":"c1dc582b-fa61-6020-1800-08d7b966ec64","Id":"a42123a9-1c07-4dde-9be6-ac71cb9fd16b","RecordType":13}
+{"Workload":"Exchange","SensitiveInfoDetectionIsIncluded":false,"ObjectId":"<AM0PR05MB4803CDA6206C2F2FEB36DB5AB8EC0@AM0PR05MB4803.eurprd05.prod.outlook.com>","OrganizationId":"0e1dddce-163e-4b0b-9e33-87ba56ac4655","UserId":"DlpAgent","CreationTime":"2020-02-24T20:11:15","UserType":4,"Version":1,"PolicyDetails":[{"Rules":[{"Severity":"Low","RuleId":"8398c03a-a00d-42bb-8f80-ead0ad04e1df","RuleName":"Low volume of content detected test","Actions":["NotifyUser"],"ConditionsMatched":{"OtherConditions":[{"Name":"AccessScope","Value":"IncludeExternalUsers"}],"SensitiveInformation":[{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"419f449f-6d9d-4be1-a154-b531f7a91b41"},{"Count":1,"UniqueCount":1,"Confidence":75,"Location":"Message Body","SensitiveType":"b8fe86d1-c056-453b-bfaa-9fe698699ecc"}]},"RuleMode":"Enable"}],"PolicyName":"test","PolicyId":"88956b36-45b3-4828-bf53-78603c0e5f58"}],"SharePointMetaData":{"From":"alice@testsiem2.onmicrosoft.com","itemCreationTime":"2020-02-20T11:23:45","UniqueID":"8e103f2f-b293-4062-38b8-08d7b965b2fa","FileName":"Company-Internal-Financial.docx","FileOwner":"alice@testsiem2.onmicrosoft.com","FilePathUrl":"https://example.net/testsiem2.onmicrosoft.com/sharepoint","LastModifiedTime":"2020-02-24T12:13:14Z"},"UserKey":"1153801116545789462","Operation":"DlpRuleMatch","IncidentId":"c1dc582b-fa61-6020-1800-08d7b966ec64","Id":"a42123a9-1c07-4dde-9be6-ac71cb9fd16b","RecordType":13}
diff --git a/x-pack/filebeat/module/o365/audit/test/13-dlp-exchange.log-expected.json b/x-pack/filebeat/module/o365/audit/test/13-dlp-exchange.log-expected.json
new file mode 100644
index 00000000000..2a245f64168
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/test/13-dlp-exchange.log-expected.json
@@ -0,0 +1,780 @@
+[
+    {
+        "@timestamp": "2020-02-24T20:11:15.000Z",
+        "destination.user.email": [
+            "asr@example.org",
+            "asr@example.net"
+        ],
+        "event.action": "DlpRuleMatch",
+        "event.category": "file",
+        "event.code": "ComplianceDLPExchange",
+        "event.dataset": "o365.audit",
+        "event.id": "d5a0e7d9-e06f-498c-8413-eb83b7dbd516",
+        "event.kind": "alert",
+        "event.module": "o365",
+        "event.outcome": "failure",
+        "event.provider": "Exchange",
+        "event.severity": 4,
+        "event.type": "access",
+        "fileset.name": "audit",
+        "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "input.type": "log",
+        "log.offset": 0,
+        "message": "Here's the phony data",
+        "o365.audit.CreationTime": "2020-02-24T20:11:15",
+        "o365.audit.ExchangeMetaData.BCC": [],
+        "o365.audit.ExchangeMetaData.CC": [
+            "asr@example.net"
+        ],
+        "o365.audit.ExchangeMetaData.FileSize": 13405,
+        "o365.audit.ExchangeMetaData.From": "asr@testsiem2.onmicrosoft.com",
+        "o365.audit.ExchangeMetaData.MessageID": "<AM0PR05MB4803CDA6206C2F2FEB36DB5AB8EC0@AM0PR05MB4803.eurprd05.prod.outlook.com>",
+        "o365.audit.ExchangeMetaData.RecipientCount": 2,
+        "o365.audit.ExchangeMetaData.Sent": "2020-02-24T20:11:14",
+        "o365.audit.ExchangeMetaData.Subject": "Here's the phony data",
+        "o365.audit.ExchangeMetaData.To": [
+            "asr@example.org"
+        ],
+        "o365.audit.ExchangeMetaData.UniqueID": "8e103f2f-b293-4062-38b8-08d7b965b2fa",
+        "o365.audit.Id": "d5a0e7d9-e06f-498c-8413-eb83b7dbd516",
+        "o365.audit.IncidentId": "c1dc582b-fa61-6020-1800-08d7b966ec64",
+        "o365.audit.ObjectId": "<AM0PR05MB4803CDA6206C2F2FEB36DB5AB8EC0@AM0PR05MB4803.eurprd05.prod.outlook.com>",
+        "o365.audit.Operation": "DlpRuleMatch",
+        "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "o365.audit.PolicyDetails": [
+            {
+                "PolicyId": "88956b36-45b3-4828-bf53-78603c0e5f58",
+                "PolicyName": "test",
+                "Rules": [
+                    {
+                        "ActionParameters": [
+                            "GenerateIncidentReport:asr@testsiem2.onmicrosoft.com"
+                        ],
+                        "Actions": [
+                            "BlockAccess",
+                            "NotifyUser",
+                            "GenerateIncidentReport"
+                        ],
+                        "ConditionsMatched": {
+                            "OtherConditions": [
+                                {
+                                    "Name": "AccessScope",
+                                    "Value": "IncludeExternalUsers"
+                                }
+                            ],
+                            "SensitiveInformation": [
+                                {
+                                    "Confidence": 75,
+                                    "Count": 1,
+                                    "Location": "Message Body",
+                                    "SensitiveType": "419f449f-6d9d-4be1-a154-b531f7a91b41",
+                                    "UniqueCount": 1
+                                },
+                                {
+                                    "Confidence": 75,
+                                    "Count": 1,
+                                    "Location": "Message Body",
+                                    "SensitiveType": "b8fe86d1-c056-453b-bfaa-9fe698699ecc",
+                                    "UniqueCount": 1
+                                }
+                            ]
+                        },
+                        "RuleId": "51e3d97a-e159-4645-9092-608bd24e083a",
+                        "RuleMode": "Enable",
+                        "RuleName": "High volume of content detected test",
+                        "Severity": "High"
+                    },
+                    {
+                        "ActionParameters": [
+                            "GenerateIncidentReport:asr@testsiem2.onmicrosoft.com"
+                        ],
+                        "Actions": [
+                            "BlockAccess",
+                            "NotifyUser",
+                            "GenerateIncidentReport"
+                        ],
+                        "ConditionsMatched": {
+                            "OtherConditions": [
+                                {
+                                    "Name": "AccessScope",
+                                    "Value": "IncludeExternalUsers"
+                                }
+                            ],
+                            "SensitiveInformation": [
+                                {
+                                    "Confidence": 75,
+                                    "Count": 1,
+                                    "Location": "Message Body",
+                                    "SensitiveType": "419f449f-6d9d-4be1-a154-b531f7a91b41",
+                                    "UniqueCount": 1
+                                },
+                                {
+                                    "Confidence": 75,
+                                    "Count": 1,
+                                    "Location": "Message Body",
+                                    "SensitiveType": "b8fe86d1-c056-453b-bfaa-9fe698699ecc",
+                                    "UniqueCount": 1
+                                }
+                            ]
+                        },
+                        "RuleId": "51e3d97a-1234-4645-9092-608bd24e083a",
+                        "RuleMode": "Enable",
+                        "RuleName": "Mid volume of content detected test",
+                        "Severity": "Medium"
+                    }
+                ]
+            }
+        ],
+        "o365.audit.RecordType": 13,
+        "o365.audit.SensitiveInfoDetectionIsIncluded": false,
+        "o365.audit.UserId": "DlpAgent",
+        "o365.audit.UserKey": "1153801116545789462",
+        "o365.audit.UserType": 4,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "rule.id": [
+            "51e3d97a-e159-4645-9092-608bd24e083a",
+            "51e3d97a-1234-4645-9092-608bd24e083a"
+        ],
+        "rule.name": [
+            "High volume of content detected test",
+            "Mid volume of content detected test"
+        ],
+        "service.type": "o365",
+        "source.user.email": "asr@testsiem2.onmicrosoft.com",
+        "user.id": "DlpAgent"
+    },
+    {
+        "@timestamp": "2020-02-24T20:11:15.000Z",
+        "destination.user.email": [
+            "asr@example.org",
+            "asr@example.net"
+        ],
+        "event.action": "DlpRuleUndo",
+        "event.category": "file",
+        "event.code": "ComplianceDLPExchange",
+        "event.dataset": "o365.audit",
+        "event.id": "d5a0e7d9-e06f-498c-8413-eb83b7dbd516",
+        "event.kind": "alert",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.severity": 4,
+        "event.type": "access",
+        "fileset.name": "audit",
+        "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "input.type": "log",
+        "log.offset": 2230,
+        "message": "Here's the phony data",
+        "o365.audit.CreationTime": "2020-02-24T20:11:15",
+        "o365.audit.ExchangeMetaData.BCC": [],
+        "o365.audit.ExchangeMetaData.CC": [
+            "asr@example.net"
+        ],
+        "o365.audit.ExchangeMetaData.FileSize": 13405,
+        "o365.audit.ExchangeMetaData.From": "asr@testsiem2.onmicrosoft.com",
+        "o365.audit.ExchangeMetaData.MessageID": "<AM0PR05MB4803CDA6206C2F2FEB36DB5AB8EC0@AM0PR05MB4803.eurprd05.prod.outlook.com>",
+        "o365.audit.ExchangeMetaData.RecipientCount": 2,
+        "o365.audit.ExchangeMetaData.Sent": "2020-02-24T20:11:14",
+        "o365.audit.ExchangeMetaData.Subject": "Here's the phony data",
+        "o365.audit.ExchangeMetaData.To": [
+            "asr@example.org"
+        ],
+        "o365.audit.ExchangeMetaData.UniqueID": "8e103f2f-b293-4062-38b8-08d7b965b2fa",
+        "o365.audit.Id": "d5a0e7d9-e06f-498c-8413-eb83b7dbd516",
+        "o365.audit.IncidentId": "c1dc582b-fa61-6020-1800-08d7b966ec64",
+        "o365.audit.ObjectId": "<AM0PR05MB4803CDA6206C2F2FEB36DB5AB8EC0@AM0PR05MB4803.eurprd05.prod.outlook.com>",
+        "o365.audit.Operation": "DlpRuleUndo",
+        "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "o365.audit.PolicyDetails": [
+            {
+                "PolicyId": "88956b36-45b3-4828-bf53-78603c0e5f58",
+                "PolicyName": "test",
+                "Rules": [
+                    {
+                        "ActionParameters": [
+                            "GenerateIncidentReport:asr@testsiem2.onmicrosoft.com"
+                        ],
+                        "Actions": [
+                            "BlockAccess",
+                            "NotifyUser",
+                            "GenerateIncidentReport"
+                        ],
+                        "ConditionsMatched": {
+                            "OtherConditions": [
+                                {
+                                    "Name": "AccessScope",
+                                    "Value": "IncludeExternalUsers"
+                                }
+                            ],
+                            "SensitiveInformation": [
+                                {
+                                    "Confidence": 75,
+                                    "Count": 1,
+                                    "Location": "Message Body",
+                                    "SensitiveType": "419f449f-6d9d-4be1-a154-b531f7a91b41",
+                                    "UniqueCount": 1
+                                },
+                                {
+                                    "Confidence": 75,
+                                    "Count": 1,
+                                    "Location": "Message Body",
+                                    "SensitiveType": "b8fe86d1-c056-453b-bfaa-9fe698699ecc",
+                                    "UniqueCount": 1
+                                }
+                            ]
+                        },
+                        "RuleId": "51e3d97a-e159-4645-9092-608bd24e083a",
+                        "RuleMode": "Enable",
+                        "RuleName": "High volume of content detected test",
+                        "Severity": "High"
+                    },
+                    {
+                        "ActionParameters": [
+                            "GenerateIncidentReport:asr@testsiem2.onmicrosoft.com"
+                        ],
+                        "Actions": [
+                            "BlockAccess",
+                            "NotifyUser",
+                            "GenerateIncidentReport"
+                        ],
+                        "ConditionsMatched": {
+                            "OtherConditions": [
+                                {
+                                    "Name": "AccessScope",
+                                    "Value": "IncludeExternalUsers"
+                                }
+                            ],
+                            "SensitiveInformation": [
+                                {
+                                    "Confidence": 75,
+                                    "Count": 1,
+                                    "Location": "Message Body",
+                                    "SensitiveType": "419f449f-6d9d-4be1-a154-b531f7a91b41",
+                                    "UniqueCount": 1
+                                },
+                                {
+                                    "Confidence": 75,
+                                    "Count": 1,
+                                    "Location": "Message Body",
+                                    "SensitiveType": "b8fe86d1-c056-453b-bfaa-9fe698699ecc",
+                                    "UniqueCount": 1
+                                }
+                            ]
+                        },
+                        "RuleId": "51e3d97a-1234-4645-9092-608bd24e083a",
+                        "RuleMode": "Enable",
+                        "RuleName": "Mid volume of content detected test",
+                        "Severity": "Medium"
+                    }
+                ]
+            }
+        ],
+        "o365.audit.RecordType": 13,
+        "o365.audit.SensitiveInfoDetectionIsIncluded": false,
+        "o365.audit.UserId": "DlpAgent",
+        "o365.audit.UserKey": "1153801116545789462",
+        "o365.audit.UserType": 4,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "rule.id": [
+            "51e3d97a-e159-4645-9092-608bd24e083a",
+            "51e3d97a-1234-4645-9092-608bd24e083a"
+        ],
+        "rule.name": [
+            "High volume of content detected test",
+            "Mid volume of content detected test"
+        ],
+        "service.type": "o365",
+        "source.user.email": "asr@testsiem2.onmicrosoft.com",
+        "user.id": "DlpAgent"
+    },
+    {
+        "@timestamp": "2020-02-24T20:11:15.000Z",
+        "destination.user.email": [
+            "asr@example.org",
+            "asr@example.net"
+        ],
+        "event.action": "DlpRuleMatch",
+        "event.category": "file",
+        "event.code": "ComplianceDLPExchange",
+        "event.dataset": "o365.audit",
+        "event.id": "d5a0e7d9-e06f-498c-8413-eb83b7dbd516",
+        "event.kind": "alert",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.severity": 4,
+        "event.type": "access",
+        "fileset.name": "audit",
+        "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "input.type": "log",
+        "log.offset": 4459,
+        "message": "Here's the phony data",
+        "o365.audit.CreationTime": "2020-02-24T20:11:15",
+        "o365.audit.ExceptionInfo.Reason": "{ \"Justification\": \"I really need to share those files\" }",
+        "o365.audit.ExchangeMetaData.BCC": [],
+        "o365.audit.ExchangeMetaData.CC": [
+            "asr@example.net"
+        ],
+        "o365.audit.ExchangeMetaData.FileSize": 13405,
+        "o365.audit.ExchangeMetaData.From": "asr@testsiem2.onmicrosoft.com",
+        "o365.audit.ExchangeMetaData.MessageID": "<AM0PR05MB4803CDA6206C2F2FEB36DB5AB8EC0@AM0PR05MB4803.eurprd05.prod.outlook.com>",
+        "o365.audit.ExchangeMetaData.RecipientCount": 2,
+        "o365.audit.ExchangeMetaData.Sent": "2020-02-24T20:11:14",
+        "o365.audit.ExchangeMetaData.Subject": "Here's the phony data",
+        "o365.audit.ExchangeMetaData.To": [
+            "asr@example.org"
+        ],
+        "o365.audit.ExchangeMetaData.UniqueID": "8e103f2f-b293-4062-38b8-08d7b965b2fa",
+        "o365.audit.Id": "d5a0e7d9-e06f-498c-8413-eb83b7dbd516",
+        "o365.audit.IncidentId": "c1dc582b-fa61-6020-1800-08d7b966ec64",
+        "o365.audit.ObjectId": "<AM0PR05MB4803CDA6206C2F2FEB36DB5AB8EC0@AM0PR05MB4803.eurprd05.prod.outlook.com>",
+        "o365.audit.Operation": "DlpRuleMatch",
+        "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "o365.audit.PolicyDetails": [
+            {
+                "PolicyId": "88956b36-45b3-4828-bf53-78603c0e5f58",
+                "PolicyName": "test",
+                "Rules": [
+                    {
+                        "ActionParameters": [
+                            "GenerateIncidentReport:asr@testsiem2.onmicrosoft.com"
+                        ],
+                        "Actions": [
+                            "BlockAccess",
+                            "NotifyUser",
+                            "GenerateIncidentReport"
+                        ],
+                        "ConditionsMatched": {
+                            "OtherConditions": [
+                                {
+                                    "Name": "AccessScope",
+                                    "Value": "IncludeExternalUsers"
+                                }
+                            ],
+                            "SensitiveInformation": [
+                                {
+                                    "Confidence": 75,
+                                    "Count": 1,
+                                    "Location": "Message Body",
+                                    "SensitiveType": "419f449f-6d9d-4be1-a154-b531f7a91b41",
+                                    "UniqueCount": 1
+                                },
+                                {
+                                    "Confidence": 75,
+                                    "Count": 1,
+                                    "Location": "Message Body",
+                                    "SensitiveType": "b8fe86d1-c056-453b-bfaa-9fe698699ecc",
+                                    "UniqueCount": 1
+                                }
+                            ]
+                        },
+                        "RuleId": "51e3d97a-e159-4645-9092-608bd24e083a",
+                        "RuleMode": "Enable",
+                        "RuleName": "High volume of content detected test",
+                        "Severity": "High"
+                    },
+                    {
+                        "ActionParameters": [
+                            "GenerateIncidentReport:asr@testsiem2.onmicrosoft.com"
+                        ],
+                        "Actions": [
+                            "BlockAccess",
+                            "NotifyUser",
+                            "GenerateIncidentReport"
+                        ],
+                        "ConditionsMatched": {
+                            "OtherConditions": [
+                                {
+                                    "Name": "AccessScope",
+                                    "Value": "IncludeExternalUsers"
+                                }
+                            ],
+                            "SensitiveInformation": [
+                                {
+                                    "Confidence": 75,
+                                    "Count": 1,
+                                    "Location": "Message Body",
+                                    "SensitiveType": "419f449f-6d9d-4be1-a154-b531f7a91b41",
+                                    "UniqueCount": 1
+                                },
+                                {
+                                    "Confidence": 75,
+                                    "Count": 1,
+                                    "Location": "Message Body",
+                                    "SensitiveType": "b8fe86d1-c056-453b-bfaa-9fe698699ecc",
+                                    "UniqueCount": 1
+                                }
+                            ]
+                        },
+                        "RuleId": "51e3d97a-1234-4645-9092-608bd24e083a",
+                        "RuleMode": "Enable",
+                        "RuleName": "Mid volume of content detected test",
+                        "Severity": "Medium"
+                    }
+                ]
+            }
+        ],
+        "o365.audit.RecordType": 13,
+        "o365.audit.SensitiveInfoDetectionIsIncluded": false,
+        "o365.audit.UserId": "DlpAgent",
+        "o365.audit.UserKey": "1153801116545789462",
+        "o365.audit.UserType": 4,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "rule.id": [
+            "51e3d97a-e159-4645-9092-608bd24e083a",
+            "51e3d97a-1234-4645-9092-608bd24e083a"
+        ],
+        "rule.name": [
+            "High volume of content detected test",
+            "Mid volume of content detected test"
+        ],
+        "service.type": "o365",
+        "source.user.email": "asr@testsiem2.onmicrosoft.com",
+        "user.id": "DlpAgent"
+    },
+    {
+        "@timestamp": "2020-02-24T20:11:15.000Z",
+        "destination.user.email": [
+            "asr@example.org",
+            "asr@example.net"
+        ],
+        "event.action": "DlpRuleMatch",
+        "event.category": "file",
+        "event.code": "ComplianceDLPExchange",
+        "event.dataset": "o365.audit",
+        "event.id": "d5a0e7d9-e06f-498c-8413-eb83b7dbd516",
+        "event.kind": "alert",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.severity": 4,
+        "event.type": "access",
+        "fileset.name": "audit",
+        "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "input.type": "log",
+        "log.offset": 6769,
+        "message": "Here's the phony data",
+        "o365.audit.CreationTime": "2020-02-24T20:11:15",
+        "o365.audit.ExceptionInfo.FalsePositive": true,
+        "o365.audit.ExchangeMetaData.BCC": [],
+        "o365.audit.ExchangeMetaData.CC": [
+            "asr@example.net"
+        ],
+        "o365.audit.ExchangeMetaData.FileSize": 13405,
+        "o365.audit.ExchangeMetaData.From": "asr@testsiem2.onmicrosoft.com",
+        "o365.audit.ExchangeMetaData.MessageID": "<AM0PR05MB4803CDA6206C2F2FEB36DB5AB8EC0@AM0PR05MB4803.eurprd05.prod.outlook.com>",
+        "o365.audit.ExchangeMetaData.RecipientCount": 2,
+        "o365.audit.ExchangeMetaData.Sent": "2020-02-24T20:11:14",
+        "o365.audit.ExchangeMetaData.Subject": "Here's the phony data",
+        "o365.audit.ExchangeMetaData.To": [
+            "asr@example.org"
+        ],
+        "o365.audit.ExchangeMetaData.UniqueID": "8e103f2f-b293-4062-38b8-08d7b965b2fa",
+        "o365.audit.Id": "d5a0e7d9-e06f-498c-8413-eb83b7dbd516",
+        "o365.audit.IncidentId": "c1dc582b-fa61-6020-1800-08d7b966ec64",
+        "o365.audit.ObjectId": "<AM0PR05MB4803CDA6206C2F2FEB36DB5AB8EC0@AM0PR05MB4803.eurprd05.prod.outlook.com>",
+        "o365.audit.Operation": "DlpRuleMatch",
+        "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "o365.audit.PolicyDetails": [
+            {
+                "PolicyId": "88956b36-45b3-4828-bf53-78603c0e5f58",
+                "PolicyName": "test",
+                "Rules": [
+                    {
+                        "ActionParameters": [
+                            "GenerateIncidentReport:asr@testsiem2.onmicrosoft.com"
+                        ],
+                        "Actions": [
+                            "BlockAccess",
+                            "NotifyUser",
+                            "GenerateIncidentReport"
+                        ],
+                        "ConditionsMatched": {
+                            "OtherConditions": [
+                                {
+                                    "Name": "AccessScope",
+                                    "Value": "IncludeExternalUsers"
+                                }
+                            ],
+                            "SensitiveInformation": [
+                                {
+                                    "Confidence": 75,
+                                    "Count": 1,
+                                    "Location": "Message Body",
+                                    "SensitiveType": "419f449f-6d9d-4be1-a154-b531f7a91b41",
+                                    "UniqueCount": 1
+                                },
+                                {
+                                    "Confidence": 75,
+                                    "Count": 1,
+                                    "Location": "Message Body",
+                                    "SensitiveType": "b8fe86d1-c056-453b-bfaa-9fe698699ecc",
+                                    "UniqueCount": 1
+                                }
+                            ]
+                        },
+                        "RuleId": "51e3d97a-e159-4645-9092-608bd24e083a",
+                        "RuleMode": "Enable",
+                        "RuleName": "High volume of content detected test",
+                        "Severity": "High"
+                    },
+                    {
+                        "ActionParameters": [
+                            "GenerateIncidentReport:asr@testsiem2.onmicrosoft.com"
+                        ],
+                        "Actions": [
+                            "BlockAccess",
+                            "NotifyUser",
+                            "GenerateIncidentReport"
+                        ],
+                        "ConditionsMatched": {
+                            "OtherConditions": [
+                                {
+                                    "Name": "AccessScope",
+                                    "Value": "IncludeExternalUsers"
+                                }
+                            ],
+                            "SensitiveInformation": [
+                                {
+                                    "Confidence": 75,
+                                    "Count": 1,
+                                    "Location": "Message Body",
+                                    "SensitiveType": "419f449f-6d9d-4be1-a154-b531f7a91b41",
+                                    "UniqueCount": 1
+                                },
+                                {
+                                    "Confidence": 75,
+                                    "Count": 1,
+                                    "Location": "Message Body",
+                                    "SensitiveType": "b8fe86d1-c056-453b-bfaa-9fe698699ecc",
+                                    "UniqueCount": 1
+                                }
+                            ]
+                        },
+                        "RuleId": "51e3d97a-1234-4645-9092-608bd24e083a",
+                        "RuleMode": "Enable",
+                        "RuleName": "Mid volume of content detected test",
+                        "Severity": "Medium"
+                    }
+                ]
+            }
+        ],
+        "o365.audit.RecordType": 13,
+        "o365.audit.SensitiveInfoDetectionIsIncluded": false,
+        "o365.audit.UserId": "DlpAgent",
+        "o365.audit.UserKey": "1153801116545789462",
+        "o365.audit.UserType": 4,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "rule.id": [
+            "51e3d97a-e159-4645-9092-608bd24e083a",
+            "51e3d97a-1234-4645-9092-608bd24e083a"
+        ],
+        "rule.name": [
+            "High volume of content detected test",
+            "Mid volume of content detected test"
+        ],
+        "service.type": "o365",
+        "source.user.email": "asr@testsiem2.onmicrosoft.com",
+        "user.id": "DlpAgent"
+    },
+    {
+        "@timestamp": "2020-02-24T20:11:15.000Z",
+        "destination.user.email": [
+            "asr@example.org",
+            "asr@example.net"
+        ],
+        "event.action": "DlpRuleMatch",
+        "event.category": "file",
+        "event.code": "ComplianceDLPExchange",
+        "event.dataset": "o365.audit",
+        "event.id": "a42123a9-1c07-4dde-9be6-ac71cb9fd16b",
+        "event.kind": "alert",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.severity": 2,
+        "event.type": "access",
+        "fileset.name": "audit",
+        "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "input.type": "log",
+        "log.offset": 9041,
+        "message": "Here's the phony data",
+        "o365.audit.CreationTime": "2020-02-24T20:11:15",
+        "o365.audit.ExchangeMetaData.BCC": [],
+        "o365.audit.ExchangeMetaData.CC": [
+            "asr@example.net"
+        ],
+        "o365.audit.ExchangeMetaData.FileSize": 13310,
+        "o365.audit.ExchangeMetaData.From": "asr@testsiem2.onmicrosoft.com",
+        "o365.audit.ExchangeMetaData.MessageID": "<AM0PR05MB4803CDA6206C2F2FEB36DB5AB8EC0@AM0PR05MB4803.eurprd05.prod.outlook.com>",
+        "o365.audit.ExchangeMetaData.RecipientCount": 2,
+        "o365.audit.ExchangeMetaData.Sent": "2020-02-24T20:11:14",
+        "o365.audit.ExchangeMetaData.Subject": "Here's the phony data",
+        "o365.audit.ExchangeMetaData.To": [
+            "asr@example.org"
+        ],
+        "o365.audit.ExchangeMetaData.UniqueID": "8e103f2f-b293-4062-38b8-08d7b965b2fa",
+        "o365.audit.Id": "a42123a9-1c07-4dde-9be6-ac71cb9fd16b",
+        "o365.audit.IncidentId": "c1dc582b-fa61-6020-1800-08d7b966ec64",
+        "o365.audit.ObjectId": "<AM0PR05MB4803CDA6206C2F2FEB36DB5AB8EC0@AM0PR05MB4803.eurprd05.prod.outlook.com>",
+        "o365.audit.Operation": "DlpRuleMatch",
+        "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "o365.audit.PolicyDetails": [
+            {
+                "PolicyId": "88956b36-45b3-4828-bf53-78603c0e5f58",
+                "PolicyName": "test",
+                "Rules": [
+                    {
+                        "Actions": [
+                            "NotifyUser"
+                        ],
+                        "ConditionsMatched": {
+                            "OtherConditions": [
+                                {
+                                    "Name": "AccessScope",
+                                    "Value": "IncludeExternalUsers"
+                                }
+                            ],
+                            "SensitiveInformation": [
+                                {
+                                    "Confidence": 75,
+                                    "Count": 1,
+                                    "Location": "Message Body",
+                                    "SensitiveType": "419f449f-6d9d-4be1-a154-b531f7a91b41",
+                                    "UniqueCount": 1
+                                },
+                                {
+                                    "Confidence": 75,
+                                    "Count": 1,
+                                    "Location": "Message Body",
+                                    "SensitiveType": "b8fe86d1-c056-453b-bfaa-9fe698699ecc",
+                                    "UniqueCount": 1
+                                }
+                            ]
+                        },
+                        "RuleId": "8398c03a-a00d-42bb-8f80-ead0ad04e1df",
+                        "RuleMode": "Enable",
+                        "RuleName": "Low volume of content detected test",
+                        "Severity": "Low"
+                    }
+                ]
+            }
+        ],
+        "o365.audit.RecordType": 13,
+        "o365.audit.SensitiveInfoDetectionIsIncluded": false,
+        "o365.audit.UserId": "DlpAgent",
+        "o365.audit.UserKey": "1153801116545789462",
+        "o365.audit.UserType": 4,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "rule.id": "8398c03a-a00d-42bb-8f80-ead0ad04e1df",
+        "rule.name": "Low volume of content detected test",
+        "service.type": "o365",
+        "source.user.email": "asr@testsiem2.onmicrosoft.com",
+        "user.id": "DlpAgent"
+    },
+    {
+        "@timestamp": "2020-02-24T20:11:15.000Z",
+        "event.action": "DlpRuleMatch",
+        "event.category": "file",
+        "event.code": "ComplianceDLPExchange",
+        "event.dataset": "o365.audit",
+        "event.id": "a42123a9-1c07-4dde-9be6-ac71cb9fd16b",
+        "event.kind": "alert",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Exchange",
+        "event.severity": 2,
+        "event.type": "access",
+        "file.inode": "8e103f2f-b293-4062-38b8-08d7b965b2fa",
+        "file.mtime": "2020-02-24T12:13:14.000Z",
+        "file.name": "Company-Internal-Financial.docx",
+        "file.owner": "alice@testsiem2.onmicrosoft.com",
+        "fileset.name": "audit",
+        "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "input.type": "log",
+        "log.offset": 10504,
+        "o365.audit.CreationTime": "2020-02-24T20:11:15",
+        "o365.audit.Id": "a42123a9-1c07-4dde-9be6-ac71cb9fd16b",
+        "o365.audit.IncidentId": "c1dc582b-fa61-6020-1800-08d7b966ec64",
+        "o365.audit.ObjectId": "<AM0PR05MB4803CDA6206C2F2FEB36DB5AB8EC0@AM0PR05MB4803.eurprd05.prod.outlook.com>",
+        "o365.audit.Operation": "DlpRuleMatch",
+        "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "o365.audit.PolicyDetails": [
+            {
+                "PolicyId": "88956b36-45b3-4828-bf53-78603c0e5f58",
+                "PolicyName": "test",
+                "Rules": [
+                    {
+                        "Actions": [
+                            "NotifyUser"
+                        ],
+                        "ConditionsMatched": {
+                            "OtherConditions": [
+                                {
+                                    "Name": "AccessScope",
+                                    "Value": "IncludeExternalUsers"
+                                }
+                            ],
+                            "SensitiveInformation": [
+                                {
+                                    "Confidence": 75,
+                                    "Count": 1,
+                                    "Location": "Message Body",
+                                    "SensitiveType": "419f449f-6d9d-4be1-a154-b531f7a91b41",
+                                    "UniqueCount": 1
+                                },
+                                {
+                                    "Confidence": 75,
+                                    "Count": 1,
+                                    "Location": "Message Body",
+                                    "SensitiveType": "b8fe86d1-c056-453b-bfaa-9fe698699ecc",
+                                    "UniqueCount": 1
+                                }
+                            ]
+                        },
+                        "RuleId": "8398c03a-a00d-42bb-8f80-ead0ad04e1df",
+                        "RuleMode": "Enable",
+                        "RuleName": "Low volume of content detected test",
+                        "Severity": "Low"
+                    }
+                ]
+            }
+        ],
+        "o365.audit.RecordType": 13,
+        "o365.audit.SensitiveInfoDetectionIsIncluded": false,
+        "o365.audit.SharePointMetaData.FileName": "Company-Internal-Financial.docx",
+        "o365.audit.SharePointMetaData.FileOwner": "alice@testsiem2.onmicrosoft.com",
+        "o365.audit.SharePointMetaData.FilePathUrl": "https://example.net/testsiem2.onmicrosoft.com/sharepoint",
+        "o365.audit.SharePointMetaData.From": "alice@testsiem2.onmicrosoft.com",
+        "o365.audit.SharePointMetaData.LastModifiedTime": "2020-02-24T12:13:14Z",
+        "o365.audit.SharePointMetaData.UniqueID": "8e103f2f-b293-4062-38b8-08d7b965b2fa",
+        "o365.audit.SharePointMetaData.itemCreationTime": "2020-02-20T11:23:45",
+        "o365.audit.UserId": "DlpAgent",
+        "o365.audit.UserKey": "1153801116545789462",
+        "o365.audit.UserType": 4,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Exchange",
+        "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "related.user": [
+            "alice",
+            "alice@testsiem2.onmicrosoft.com"
+        ],
+        "rule.id": "8398c03a-a00d-42bb-8f80-ead0ad04e1df",
+        "rule.name": "Low volume of content detected test",
+        "service.type": "o365",
+        "url.original": "https://example.net/testsiem2.onmicrosoft.com/sharepoint",
+        "user.domain": "testsiem2.onmicrosoft.com",
+        "user.id": "alice@testsiem2.onmicrosoft.com",
+        "user.name": "alice"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/o365/audit/test/14-sp-sharing-op.log b/x-pack/filebeat/module/o365/audit/test/14-sp-sharing-op.log
new file mode 100644
index 00000000000..1e4f08e2f59
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/test/14-sp-sharing-op.log
@@ -0,0 +1,10 @@
+{"Site":"9d58b52e-2adb-4976-8c1f-9932c32a8bd2","ObjectId":"https://testsiem.sharepoint.com/sites/SIEMTest","ItemType":"Web","UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","TargetUserOrGroupName":"Everyone except external users","Operation":"AddedToGroup","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","SiteUrl":"https://testsiem.sharepoint.com/sites/SIEMTest","ClientIP":"","EventData":"<Group>Site Members</Group>","Workload":"SharePoint","EventSource":"SharePoint","RecordType":14,"TargetUserOrGroupType":"SecurityGroup","Version":1,"UserId":"app@sharepoint","WebId":"54cfe39c-0e16-4f8e-bd62-f2ac40248083","CreationTime":"2020-02-17T16:59:50","UserAgent":"","Id":"4d1a6a2b-360c-423d-96e5-08d7b3cacd83","CorrelationId":"4464369f-303c-b000-7cb1-c0cce4f2da18","UserType":0}
+{"Site":"9d58b52e-2adb-4976-8c1f-9932c32a8bd2","ObjectId":"https://testsiem.sharepoint.com/sites/SIEMTest","ItemType":"Web","UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","TargetUserOrGroupName":"SHAREPOINT\\system","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","SiteUrl":"https://testsiem.sharepoint.com/sites/SIEMTest","Operation":"AddedToGroup","ClientIP":"","EventData":"<Group>Site Owners</Group>","Workload":"SharePoint","EventSource":"SharePoint","RecordType":14,"Version":1,"TargetUserOrGroupType":"Member","WebId":"54cfe39c-0e16-4f8e-bd62-f2ac40248083","UserId":"app@sharepoint","UserAgent":"","CreationTime":"2020-02-17T16:59:50","Id":"56696ec0-5a7e-4561-5e88-08d7b3cacd4a","CorrelationId":"4464369f-303c-b000-7cb1-c0cce4f2da18","UserType":0}
+{"Site":"9d58b52e-2adb-4976-8c1f-9932c32a8bd2","ObjectId":"https://testsiem.sharepoint.com/sites/SIEMTest","UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","ItemType":"Web","TargetUserOrGroupName":"SIEMTest Owners","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","SiteUrl":"https://testsiem.sharepoint.com/sites/SIEMTest","Operation":"AddedToGroup","ClientIP":"","EventData":"<Group>Site Owners</Group>","Workload":"SharePoint","EventSource":"SharePoint","RecordType":14,"Version":1,"TargetUserOrGroupType":"SecurityGroup","WebId":"54cfe39c-0e16-4f8e-bd62-f2ac40248083","UserId":"app@sharepoint","CreationTime":"2020-02-17T16:59:50","UserAgent":"","CorrelationId":"4464369f-303c-b000-7cb1-c0cce4f2da18","Id":"b8c880ff-e8fe-407c-9ce9-08d7b3cacd07","UserType":0}
+{"Site":"9d58b52e-2adb-4976-8c1f-9932c32a8bd2","ObjectId":"https://testsiem.sharepoint.com/sites/SIEMTest","ItemType":"Web","UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","TargetUserOrGroupName":"SIEMTest Members","Operation":"AddedToGroup","SiteUrl":"https://testsiem.sharepoint.com/sites/SIEMTest","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","ClientIP":"","EventData":"<Group>Site Members</Group>","Workload":"SharePoint","EventSource":"SharePoint","RecordType":14,"Version":1,"TargetUserOrGroupType":"SecurityGroup","UserId":"app@sharepoint","WebId":"54cfe39c-0e16-4f8e-bd62-f2ac40248083","UserAgent":"","CreationTime":"2020-02-17T16:59:50","CorrelationId":"4464369f-303c-b000-7cb1-c0cce4f2da18","Id":"483f657f-9141-45fc-b141-08d7b3caccfb","UserType":0}
+{"Site":"9d58b52e-2adb-4976-8c1f-9932c32a8bd2","ObjectId":"https://testsiem.sharepoint.com/sites/SIEMTest","ItemType":"Web","TargetUserOrGroupName":"SHAREPOINT\\system","UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","SiteUrl":"https://testsiem.sharepoint.com/sites/SIEMTest","Operation":"AddedToGroup","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","ClientIP":"","EventData":"<Group>Site Owners</Group>","Workload":"SharePoint","EventSource":"SharePoint","RecordType":14,"TargetUserOrGroupType":"Member","Version":1,"UserId":"app@sharepoint","WebId":"54cfe39c-0e16-4f8e-bd62-f2ac40248083","CreationTime":"2020-02-17T16:59:49","UserAgent":"","CorrelationId":"4464369f-303c-b000-7cb1-c0cce4f2da18","Id":"13004a30-d15a-48a5-16ec-08d7b3caccc0","UserType":0}
+{"Site":"d5180cfc-3479-44d6-b410-8c985ac894e3","ObjectId":"https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com//personal/asr_testsiem_onmicrosoft_com/Sharing Links","ItemType":"List","UserKey":"i:0h.f|membership|1003200096971f55@live.com","SiteUrl":"https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"SharingInheritanceBroken","ClientIP":"79.159.10.151","EventData":"<copyRoleAssignments>False</copyRoleAssignments><clearSubScopes>False</clearSubScopes>","Workload":"OneDrive","SourceRelativeUrl":"Sharing Links","EventSource":"SharePoint","ListId":"b108938d-3546-4359-925d-a1b54b4db8c2","RecordType":14,"Version":1,"WebId":"8c5c94bb-8396-470c-87d7-8999f440cd30","UserId":"asr@testsiem.onmicrosoft.com","CreationTime":"2020-02-14T18:25:45","UserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0","Id":"dd162cd7-5df5-4fef-078a-08d7b17b4e95","CorrelationId":"fe71359f-005f-9000-7cb1-ccf5124703db","UserType":0}
+{"Site":"d5180cfc-3479-44d6-b410-8c985ac894e3","UserKey":"i:0h.f|membership|1003200096971f55@live.com","ItemType":"File","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"AnonymousLinkCreated","EventData":"<Type>Edit</Type>","ListId":"2b6ad2bd-0fd7-4556-9c89-a97847085b85","RecordType":14,"Version":1,"WebId":"8c5c94bb-8396-470c-87d7-8999f440cd30","UserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0","CorrelationId":"fe71359f-005f-9000-7cb1-ccf5124703db","ListItemUniqueId":"7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8","UniqueSharingId":"d323b5ea-ceca-4d65-a628-e22ca9296a76","SourceFileName":"Screenshot.png","ObjectId":"https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png","SiteUrl":"https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com","SourceFileExtension":"png","ClientIP":"79.159.10.151","Workload":"OneDrive","SourceRelativeUrl":"Documents/Screenshot.png","EventSource":"SharePoint","UserId":"asr@testsiem.onmicrosoft.com","CreationTime":"2020-02-14T18:25:45","Id":"1cb54d72-3a76-4a7c-7b3d-08d7b17b4ec9","UserType":0}
+{"Site":"d5180cfc-3479-44d6-b410-8c985ac894e3","UserKey":"i:0h.f|membership|1003200096971f55@live.com","ItemType":"File","TargetUserOrGroupName":"SharingLinks.7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8.AnonymousEdit.d323b5ea-ceca-4d65-a628-e22ca9296a76","Operation":"SharingSet","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","EventData":"<Permissions granted>Contribute</Permissions granted>","ListId":"2b6ad2bd-0fd7-4556-9c89-a97847085b85","RecordType":14,"Version":1,"WebId":"8c5c94bb-8396-470c-87d7-8999f440cd30","UserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0","CorrelationId":"fe71359f-005f-9000-7cb1-ccf5124703db","ListItemUniqueId":"7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8","ObjectId":"https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png","SourceFileName":"Screenshot.png","SiteUrl":"https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com","ClientIP":"79.159.10.151","SourceFileExtension":"png","Workload":"OneDrive","SourceRelativeUrl":"Documents/Screenshot.png","EventSource":"SharePoint","TargetUserOrGroupType":"SharePointGroup","UserId":"asr@testsiem.onmicrosoft.com","CreationTime":"2020-02-14T18:25:45","Id":"a8c23ab8-9447-4824-3208-08d7b17b4e5e","UserType":0}
+{"Site":"d5180cfc-3479-44d6-b410-8c985ac894e3","TargetUserOrGroupName":"Limited Access System Group","UserKey":"i:0h.f|membership|1003200096971f55@live.com","ItemType":"File","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"SharingSet","EventData":"<Permissions granted>Limited Access</Permissions granted>","RecordType":14,"ListId":"2b6ad2bd-0fd7-4556-9c89-a97847085b85","Version":1,"WebId":"8c5c94bb-8396-470c-87d7-8999f440cd30","UserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0","CorrelationId":"fe71359f-005f-9000-7cb1-ccf5124703db","ListItemUniqueId":"7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8","SourceFileName":"Screenshot.png","ObjectId":"https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png","SiteUrl":"https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com","SourceFileExtension":"png","ClientIP":"79.159.10.151","Workload":"OneDrive","SourceRelativeUrl":"Documents/Screenshot.png","EventSource":"SharePoint","TargetUserOrGroupType":"SharePointGroup","UserId":"asr@testsiem.onmicrosoft.com","CreationTime":"2020-02-14T18:25:44","Id":"88a041e3-2f3a-483c-cf76-08d7b17b4e5b","UserType":0}
+{"Site":"d5180cfc-3479-44d6-b410-8c985ac894e3","ItemType":"File","UserKey":"i:0h.f|membership|1003200096971f55@live.com","TargetUserOrGroupName":"4da1e7f54501bb99b6e0ab2ff8749842152ac02ff8c0c8017b0e40e6b67fecdd","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"SharingSet","EventData":"<Permissions granted>System.LimitedEdit</Permissions granted>","ListId":"2b6ad2bd-0fd7-4556-9c89-a97847085b85","RecordType":14,"Version":1,"WebId":"8c5c94bb-8396-470c-87d7-8999f440cd30","UserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0","CorrelationId":"fe71359f-005f-9000-7cb1-ccf5124703db","ListItemUniqueId":"7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8","ObjectId":"https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png","SourceFileName":"Screenshot.png","SiteUrl":"https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com","ClientIP":"79.159.10.151","SourceFileExtension":"png","Workload":"OneDrive","SourceRelativeUrl":"Documents/Screenshot.png","EventSource":"SharePoint","TargetUserOrGroupType":"SecurityGroup","UserId":"asr@testsiem.onmicrosoft.com","CreationTime":"2020-02-14T18:25:44","Id":"98633e47-3540-4e8a-bcfc-08d7b17b4e48","UserType":0}
diff --git a/x-pack/filebeat/module/o365/audit/test/14-sp-sharing-op.log-expected.json b/x-pack/filebeat/module/o365/audit/test/14-sp-sharing-op.log-expected.json
new file mode 100644
index 00000000000..399814ae9a0
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/test/14-sp-sharing-op.log-expected.json
@@ -0,0 +1,586 @@
+[
+    {
+        "@timestamp": "2020-02-17T16:59:50.000Z",
+        "event.action": "AddedToGroup",
+        "event.category": "web",
+        "event.code": "SharePointSharingOperation",
+        "event.dataset": "o365.audit",
+        "event.id": "4d1a6a2b-360c-423d-96e5-08d7b3cacd83",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "SharePoint",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 0,
+        "o365.audit.CorrelationId": "4464369f-303c-b000-7cb1-c0cce4f2da18",
+        "o365.audit.CreationTime": "2020-02-17T16:59:50",
+        "o365.audit.EventData": "<Group>Site Members</Group>",
+        "o365.audit.EventSource": "SharePoint",
+        "o365.audit.Id": "4d1a6a2b-360c-423d-96e5-08d7b3cacd83",
+        "o365.audit.ItemType": "Web",
+        "o365.audit.ObjectId": "https://testsiem.sharepoint.com/sites/SIEMTest",
+        "o365.audit.Operation": "AddedToGroup",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 14,
+        "o365.audit.Site": "9d58b52e-2adb-4976-8c1f-9932c32a8bd2",
+        "o365.audit.SiteUrl": "https://testsiem.sharepoint.com/sites/SIEMTest",
+        "o365.audit.TargetUserOrGroupName": "Everyone except external users",
+        "o365.audit.TargetUserOrGroupType": "SecurityGroup",
+        "o365.audit.UserAgent": "",
+        "o365.audit.UserId": "app@sharepoint",
+        "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.WebId": "54cfe39c-0e16-4f8e-bd62-f2ac40248083",
+        "o365.audit.Workload": "SharePoint",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.user": "app",
+        "service.type": "o365",
+        "user.domain": "sharepoint",
+        "user.id": "app@sharepoint",
+        "user.name": "app",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Other",
+        "user_agent.original": ""
+    },
+    {
+        "@timestamp": "2020-02-17T16:59:50.000Z",
+        "event.action": "AddedToGroup",
+        "event.category": "web",
+        "event.code": "SharePointSharingOperation",
+        "event.dataset": "o365.audit",
+        "event.id": "56696ec0-5a7e-4561-5e88-08d7b3cacd4a",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "SharePoint",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 807,
+        "o365.audit.CorrelationId": "4464369f-303c-b000-7cb1-c0cce4f2da18",
+        "o365.audit.CreationTime": "2020-02-17T16:59:50",
+        "o365.audit.EventData": "<Group>Site Owners</Group>",
+        "o365.audit.EventSource": "SharePoint",
+        "o365.audit.Id": "56696ec0-5a7e-4561-5e88-08d7b3cacd4a",
+        "o365.audit.ItemType": "Web",
+        "o365.audit.ObjectId": "https://testsiem.sharepoint.com/sites/SIEMTest",
+        "o365.audit.Operation": "AddedToGroup",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 14,
+        "o365.audit.Site": "9d58b52e-2adb-4976-8c1f-9932c32a8bd2",
+        "o365.audit.SiteUrl": "https://testsiem.sharepoint.com/sites/SIEMTest",
+        "o365.audit.TargetUserOrGroupName": "SHAREPOINT\\system",
+        "o365.audit.TargetUserOrGroupType": "Member",
+        "o365.audit.UserAgent": "",
+        "o365.audit.UserId": "app@sharepoint",
+        "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.WebId": "54cfe39c-0e16-4f8e-bd62-f2ac40248083",
+        "o365.audit.Workload": "SharePoint",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.user": "app",
+        "service.type": "o365",
+        "user.domain": "sharepoint",
+        "user.id": "app@sharepoint",
+        "user.name": "app",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Other",
+        "user_agent.original": ""
+    },
+    {
+        "@timestamp": "2020-02-17T16:59:50.000Z",
+        "event.action": "AddedToGroup",
+        "event.category": "web",
+        "event.code": "SharePointSharingOperation",
+        "event.dataset": "o365.audit",
+        "event.id": "b8c880ff-e8fe-407c-9ce9-08d7b3cacd07",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "SharePoint",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 1594,
+        "o365.audit.CorrelationId": "4464369f-303c-b000-7cb1-c0cce4f2da18",
+        "o365.audit.CreationTime": "2020-02-17T16:59:50",
+        "o365.audit.EventData": "<Group>Site Owners</Group>",
+        "o365.audit.EventSource": "SharePoint",
+        "o365.audit.Id": "b8c880ff-e8fe-407c-9ce9-08d7b3cacd07",
+        "o365.audit.ItemType": "Web",
+        "o365.audit.ObjectId": "https://testsiem.sharepoint.com/sites/SIEMTest",
+        "o365.audit.Operation": "AddedToGroup",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 14,
+        "o365.audit.Site": "9d58b52e-2adb-4976-8c1f-9932c32a8bd2",
+        "o365.audit.SiteUrl": "https://testsiem.sharepoint.com/sites/SIEMTest",
+        "o365.audit.TargetUserOrGroupName": "SIEMTest Owners",
+        "o365.audit.TargetUserOrGroupType": "SecurityGroup",
+        "o365.audit.UserAgent": "",
+        "o365.audit.UserId": "app@sharepoint",
+        "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.WebId": "54cfe39c-0e16-4f8e-bd62-f2ac40248083",
+        "o365.audit.Workload": "SharePoint",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.user": "app",
+        "service.type": "o365",
+        "user.domain": "sharepoint",
+        "user.id": "app@sharepoint",
+        "user.name": "app",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Other",
+        "user_agent.original": ""
+    },
+    {
+        "@timestamp": "2020-02-17T16:59:50.000Z",
+        "event.action": "AddedToGroup",
+        "event.category": "web",
+        "event.code": "SharePointSharingOperation",
+        "event.dataset": "o365.audit",
+        "event.id": "483f657f-9141-45fc-b141-08d7b3caccfb",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "SharePoint",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 2385,
+        "o365.audit.CorrelationId": "4464369f-303c-b000-7cb1-c0cce4f2da18",
+        "o365.audit.CreationTime": "2020-02-17T16:59:50",
+        "o365.audit.EventData": "<Group>Site Members</Group>",
+        "o365.audit.EventSource": "SharePoint",
+        "o365.audit.Id": "483f657f-9141-45fc-b141-08d7b3caccfb",
+        "o365.audit.ItemType": "Web",
+        "o365.audit.ObjectId": "https://testsiem.sharepoint.com/sites/SIEMTest",
+        "o365.audit.Operation": "AddedToGroup",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 14,
+        "o365.audit.Site": "9d58b52e-2adb-4976-8c1f-9932c32a8bd2",
+        "o365.audit.SiteUrl": "https://testsiem.sharepoint.com/sites/SIEMTest",
+        "o365.audit.TargetUserOrGroupName": "SIEMTest Members",
+        "o365.audit.TargetUserOrGroupType": "SecurityGroup",
+        "o365.audit.UserAgent": "",
+        "o365.audit.UserId": "app@sharepoint",
+        "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.WebId": "54cfe39c-0e16-4f8e-bd62-f2ac40248083",
+        "o365.audit.Workload": "SharePoint",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.user": "app",
+        "service.type": "o365",
+        "user.domain": "sharepoint",
+        "user.id": "app@sharepoint",
+        "user.name": "app",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Other",
+        "user_agent.original": ""
+    },
+    {
+        "@timestamp": "2020-02-17T16:59:49.000Z",
+        "event.action": "AddedToGroup",
+        "event.category": "web",
+        "event.code": "SharePointSharingOperation",
+        "event.dataset": "o365.audit",
+        "event.id": "13004a30-d15a-48a5-16ec-08d7b3caccc0",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "SharePoint",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 3178,
+        "o365.audit.CorrelationId": "4464369f-303c-b000-7cb1-c0cce4f2da18",
+        "o365.audit.CreationTime": "2020-02-17T16:59:49",
+        "o365.audit.EventData": "<Group>Site Owners</Group>",
+        "o365.audit.EventSource": "SharePoint",
+        "o365.audit.Id": "13004a30-d15a-48a5-16ec-08d7b3caccc0",
+        "o365.audit.ItemType": "Web",
+        "o365.audit.ObjectId": "https://testsiem.sharepoint.com/sites/SIEMTest",
+        "o365.audit.Operation": "AddedToGroup",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 14,
+        "o365.audit.Site": "9d58b52e-2adb-4976-8c1f-9932c32a8bd2",
+        "o365.audit.SiteUrl": "https://testsiem.sharepoint.com/sites/SIEMTest",
+        "o365.audit.TargetUserOrGroupName": "SHAREPOINT\\system",
+        "o365.audit.TargetUserOrGroupType": "Member",
+        "o365.audit.UserAgent": "",
+        "o365.audit.UserId": "app@sharepoint",
+        "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.WebId": "54cfe39c-0e16-4f8e-bd62-f2ac40248083",
+        "o365.audit.Workload": "SharePoint",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.user": "app",
+        "service.type": "o365",
+        "user.domain": "sharepoint",
+        "user.id": "app@sharepoint",
+        "user.name": "app",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Other",
+        "user_agent.original": ""
+    },
+    {
+        "@timestamp": "2020-02-14T18:25:45.000Z",
+        "client.address": "79.159.10.151",
+        "client.ip": "79.159.10.151",
+        "event.action": "SharingInheritanceBroken",
+        "event.category": "web",
+        "event.code": "SharePointSharingOperation",
+        "event.dataset": "o365.audit",
+        "event.id": "dd162cd7-5df5-4fef-078a-08d7b17b4e95",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "OneDrive",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 3965,
+        "network.type": "ipv4",
+        "o365.audit.ClientIP": "79.159.10.151",
+        "o365.audit.CorrelationId": "fe71359f-005f-9000-7cb1-ccf5124703db",
+        "o365.audit.CreationTime": "2020-02-14T18:25:45",
+        "o365.audit.EventData": "<copyRoleAssignments>False</copyRoleAssignments><clearSubScopes>False</clearSubScopes>",
+        "o365.audit.EventSource": "SharePoint",
+        "o365.audit.Id": "dd162cd7-5df5-4fef-078a-08d7b17b4e95",
+        "o365.audit.ItemType": "List",
+        "o365.audit.ListId": "b108938d-3546-4359-925d-a1b54b4db8c2",
+        "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com//personal/asr_testsiem_onmicrosoft_com/Sharing Links",
+        "o365.audit.Operation": "SharingInheritanceBroken",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 14,
+        "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3",
+        "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com",
+        "o365.audit.SourceRelativeUrl": "Sharing Links",
+        "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30",
+        "o365.audit.Workload": "OneDrive",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "79.159.10.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "79.159.10.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "73.0."
+    },
+    {
+        "@timestamp": "2020-02-14T18:25:45.000Z",
+        "client.address": "79.159.10.151",
+        "client.ip": "79.159.10.151",
+        "event.action": "AnonymousLinkCreated",
+        "event.category": "web",
+        "event.code": "SharePointSharingOperation",
+        "event.dataset": "o365.audit",
+        "event.id": "1cb54d72-3a76-4a7c-7b3d-08d7b17b4ec9",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "OneDrive",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 5028,
+        "network.type": "ipv4",
+        "o365.audit.ClientIP": "79.159.10.151",
+        "o365.audit.CorrelationId": "fe71359f-005f-9000-7cb1-ccf5124703db",
+        "o365.audit.CreationTime": "2020-02-14T18:25:45",
+        "o365.audit.EventData": "<Type>Edit</Type>",
+        "o365.audit.EventSource": "SharePoint",
+        "o365.audit.Id": "1cb54d72-3a76-4a7c-7b3d-08d7b17b4ec9",
+        "o365.audit.ItemType": "File",
+        "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85",
+        "o365.audit.ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8",
+        "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png",
+        "o365.audit.Operation": "AnonymousLinkCreated",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 14,
+        "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3",
+        "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com",
+        "o365.audit.SourceFileExtension": "png",
+        "o365.audit.SourceFileName": "Screenshot.png",
+        "o365.audit.SourceRelativeUrl": "Documents/Screenshot.png",
+        "o365.audit.UniqueSharingId": "d323b5ea-ceca-4d65-a628-e22ca9296a76",
+        "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30",
+        "o365.audit.Workload": "OneDrive",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "79.159.10.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "79.159.10.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "73.0."
+    },
+    {
+        "@timestamp": "2020-02-14T18:25:45.000Z",
+        "client.address": "79.159.10.151",
+        "client.ip": "79.159.10.151",
+        "event.action": "SharingSet",
+        "event.category": "web",
+        "event.code": "SharePointSharingOperation",
+        "event.dataset": "o365.audit",
+        "event.id": "a8c23ab8-9447-4824-3208-08d7b17b4e5e",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "OneDrive",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 6178,
+        "network.type": "ipv4",
+        "o365.audit.ClientIP": "79.159.10.151",
+        "o365.audit.CorrelationId": "fe71359f-005f-9000-7cb1-ccf5124703db",
+        "o365.audit.CreationTime": "2020-02-14T18:25:45",
+        "o365.audit.EventData": "<Permissions granted>Contribute</Permissions granted>",
+        "o365.audit.EventSource": "SharePoint",
+        "o365.audit.Id": "a8c23ab8-9447-4824-3208-08d7b17b4e5e",
+        "o365.audit.ItemType": "File",
+        "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85",
+        "o365.audit.ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8",
+        "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png",
+        "o365.audit.Operation": "SharingSet",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 14,
+        "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3",
+        "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com",
+        "o365.audit.SourceFileExtension": "png",
+        "o365.audit.SourceFileName": "Screenshot.png",
+        "o365.audit.SourceRelativeUrl": "Documents/Screenshot.png",
+        "o365.audit.TargetUserOrGroupName": "SharingLinks.7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8.AnonymousEdit.d323b5ea-ceca-4d65-a628-e22ca9296a76",
+        "o365.audit.TargetUserOrGroupType": "SharePointGroup",
+        "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30",
+        "o365.audit.Workload": "OneDrive",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "79.159.10.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "79.159.10.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "73.0."
+    },
+    {
+        "@timestamp": "2020-02-14T18:25:44.000Z",
+        "client.address": "79.159.10.151",
+        "client.ip": "79.159.10.151",
+        "event.action": "SharingSet",
+        "event.category": "web",
+        "event.code": "SharePointSharingOperation",
+        "event.dataset": "o365.audit",
+        "event.id": "88a041e3-2f3a-483c-cf76-08d7b17b4e5b",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "OneDrive",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 7466,
+        "network.type": "ipv4",
+        "o365.audit.ClientIP": "79.159.10.151",
+        "o365.audit.CorrelationId": "fe71359f-005f-9000-7cb1-ccf5124703db",
+        "o365.audit.CreationTime": "2020-02-14T18:25:44",
+        "o365.audit.EventData": "<Permissions granted>Limited Access</Permissions granted>",
+        "o365.audit.EventSource": "SharePoint",
+        "o365.audit.Id": "88a041e3-2f3a-483c-cf76-08d7b17b4e5b",
+        "o365.audit.ItemType": "File",
+        "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85",
+        "o365.audit.ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8",
+        "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png",
+        "o365.audit.Operation": "SharingSet",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 14,
+        "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3",
+        "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com",
+        "o365.audit.SourceFileExtension": "png",
+        "o365.audit.SourceFileName": "Screenshot.png",
+        "o365.audit.SourceRelativeUrl": "Documents/Screenshot.png",
+        "o365.audit.TargetUserOrGroupName": "Limited Access System Group",
+        "o365.audit.TargetUserOrGroupType": "SharePointGroup",
+        "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30",
+        "o365.audit.Workload": "OneDrive",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "79.159.10.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "79.159.10.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "73.0."
+    },
+    {
+        "@timestamp": "2020-02-14T18:25:44.000Z",
+        "client.address": "79.159.10.151",
+        "client.ip": "79.159.10.151",
+        "event.action": "SharingSet",
+        "event.category": "web",
+        "event.code": "SharePointSharingOperation",
+        "event.dataset": "o365.audit",
+        "event.id": "98633e47-3540-4e8a-bcfc-08d7b17b4e48",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "OneDrive",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 8685,
+        "network.type": "ipv4",
+        "o365.audit.ClientIP": "79.159.10.151",
+        "o365.audit.CorrelationId": "fe71359f-005f-9000-7cb1-ccf5124703db",
+        "o365.audit.CreationTime": "2020-02-14T18:25:44",
+        "o365.audit.EventData": "<Permissions granted>System.LimitedEdit</Permissions granted>",
+        "o365.audit.EventSource": "SharePoint",
+        "o365.audit.Id": "98633e47-3540-4e8a-bcfc-08d7b17b4e48",
+        "o365.audit.ItemType": "File",
+        "o365.audit.ListId": "2b6ad2bd-0fd7-4556-9c89-a97847085b85",
+        "o365.audit.ListItemUniqueId": "7f06ab3a-bd98-41d3-a0b2-ad270d71e4d8",
+        "o365.audit.ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot.png",
+        "o365.audit.Operation": "SharingSet",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 14,
+        "o365.audit.Site": "d5180cfc-3479-44d6-b410-8c985ac894e3",
+        "o365.audit.SiteUrl": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com",
+        "o365.audit.SourceFileExtension": "png",
+        "o365.audit.SourceFileName": "Screenshot.png",
+        "o365.audit.SourceRelativeUrl": "Documents/Screenshot.png",
+        "o365.audit.TargetUserOrGroupName": "4da1e7f54501bb99b6e0ab2ff8749842152ac02ff8c0c8017b0e40e6b67fecdd",
+        "o365.audit.TargetUserOrGroupType": "SecurityGroup",
+        "o365.audit.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "i:0h.f|membership|1003200096971f55@live.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30",
+        "o365.audit.Workload": "OneDrive",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "79.159.10.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "79.159.10.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "73.0."
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/o365/audit/test/15-azuread-sts-logon.log b/x-pack/filebeat/module/o365/audit/test/15-azuread-sts-logon.log
new file mode 100644
index 00000000000..c3ce778caf0
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/test/15-azuread-sts-logon.log
@@ -0,0 +1,69 @@
+{"InterSystemsId": "03616b3a-fc75-46a1-b34a-2d82fc8f1e7e", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:13:13", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "c4206c29-46c2-4a6f-a46b-735107705400", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "ca0efc24-1b89-4962-8fef-a3ac5437302f"}
+{"InterSystemsId": "05d69096-cb90-4690-ae69-8acd5177b3e0", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T10:53:24", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000003-0000-0000-c000-000000000000"}], "ObjectId": "00000003-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "ed155e11-60b3-4764-b9aa-05c35f3bb800", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "b53de36d-ea71-4ebf-9b71-feb431bd4eba"}
+{"InterSystemsId": "0f5eb16e-8b22-49bf-a927-f6f310fd5879", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:29:01", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "6634d05a-72ec-4c27-8e69-03c57b202000", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "10e2d141-839e-4913-ab3d-6cf1f4856eae"}
+{"InterSystemsId": "1150acae-a48d-4752-8847-7bacb7fe6e6c", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T10:52:06", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000003-0000-0000-c000-000000000000"}], "ObjectId": "00000003-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "1809f830-b010-4389-9607-e01ae175ca00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "68b3fd99-0dae-4479-926d-03cc0073dd08"}
+{"InterSystemsId": "16e81fcc-add3-46c2-8834-10ce330ffe76", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T10:53:22", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "2a84e6ff-7340-426e-9d0d-e53092c0c600", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "550af372-cdfd-4286-a1b7-d58df0dcd5d6"}
+{"InterSystemsId": "172703f7-324e-415a-a846-c39ca97eb1c8", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:43:23", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "5f09333a-842c-47da-a157-57da27fcbca5"}], "ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "d66cd29f-596e-4878-b756-92b545d25f00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "b5f59a43-00cf-42c4-8685-a7166fd20e38"}
+{"InterSystemsId": "17f8756c-0bfa-49ad-8537-ada4e17a5f7d", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:43:41", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000003-0000-0000-c000-000000000000"}], "ObjectId": "00000003-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "1b395e92-5d02-408f-8bfe-139098a95500", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "32e7fb94-6289-4fb4-855b-2ab78671ca4e"}
+{"InterSystemsId": "22aac168-9d0d-4c70-b94d-adc337ab7b06", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:43:22", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "280b3410-9d51-4ce3-952d-5bba18ea6600", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "7314a65a-f383-40fb-a0c7-00c6c4cfabc0"}
+{"InterSystemsId": "23321532-a321-4c97-909d-9489979777d6", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T10:52:05", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "1909acba-a486-4ffc-805c-09fb73c0bf00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "97b494ee-9ba1-4444-b052-3459bdc9eaa5"}
+{"InterSystemsId": "291fb7ce-4e56-47fd-a78e-4e9012f112ab", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:43:45", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "5e3ce6c0-2b1f-4285-8d4b-75ee78787346", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "9d47f3e0-1b2d-4c1c-b47b-dcf4bc4d5700", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "391870e6-1729-40ae-9ebb-51e0652fec9b"}
+{"InterSystemsId": "30e5377b-31d8-42c2-8170-13404afacde7", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T10:51:49", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "00000002-0000-0ff1-ce00-000000000000", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0ff1-ce00-000000000000"}], "ObjectId": "00000002-0000-0ff1-ce00-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "8971516f-3ef3-4de0-b6b8-ebfae386bc00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "a7538fb0-3213-41dc-ab38-1aed787e0cdc"}
+{"InterSystemsId": "32e2f533-40fb-4783-8c66-d1bad7e1cc88", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:29:02", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000003-0000-0000-c000-000000000000"}], "ObjectId": "00000003-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "74ab94ce-8928-4aff-8fa2-a66ad6d41f00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "e2a15fc0-6892-41f5-a41c-e515231cbb0a"}
+{"InterSystemsId": "3c5d16f4-16a6-45f4-a53d-abb86e35005b", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:13:08", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "f67a1615-4606-4673-b6fb-68f716345800", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "e11538ff-5fe1-4fdd-8c5d-219d85c47bb3"}
+{"InterSystemsId": "40077a75-7b58-4623-a64a-f1b7de70fa54", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:43:27", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "00000002-0000-0ff1-ce00-000000000000", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0ff1-ce00-000000000000"}], "ObjectId": "00000002-0000-0ff1-ce00-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "4d1bd763-9b0b-4d5a-bda9-5c7a0a0a6000", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "e031670b-bb84-45ee-94ff-0e70a8cd1138"}
+{"InterSystemsId": "425503c9-ccbf-4674-8f1e-4d56510474fd", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-08T14:33:54", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "37.29.234.179", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "37.29.234.179", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000003-0000-0000-c000-000000000000"}], "ObjectId": "00000003-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "57ef1056-6ce2-424a-b241-ce3939d00900", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "d39944c4-6766-4a89-8d5a-c789175830ee"}
+{"InterSystemsId": "4409eeeb-0ca5-42dd-99d9-4a6b2fabfa4f", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:13:12", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "0c8fcffc-a810-4a85-b8e2-3a2fda925c00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "6f2b7716-1acc-450d-ae13-afad7e02d07e"}
+{"InterSystemsId": "4542ce7e-270b-435e-8f81-ee23ea74be75", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T21:38:35", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "9718abaa-220e-49c5-8c9b-588d32b8db00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "47f3c440-3fb7-4b5e-9c20-455470b289d2"}
+{"InterSystemsId": "4836e306-1460-4f34-ab55-a74c9a14f50d", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-08T14:38:40", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "37.29.234.179", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "37.29.234.179", "ApplicationId": "80ccca67-54bd-44ab-8625-4b79c4dc7775", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "2fde8302-c39e-40b6-9c7f-1bb9d4800a00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "5a3435d0-229a-41c8-bd21-b4f2b662d0f6"}
+{"InterSystemsId": "4a50a549-adf3-4a22-9037-7fd8cd3d0116", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:13:16", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "1d856a16-b179-41ab-9c0d-af1d2b925100", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "5aff2d1c-b203-46a6-96f0-b8f908f0e968"}
+{"InterSystemsId": "4e44a55e-9c0d-4cea-b000-1b79e96dcf57", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:13:16", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "fc33c54e-38b9-4ef2-a4ee-a3a324a45500", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "3d8033cf-eecd-4eee-87a5-795efd8a1d3d"}
+{"InterSystemsId": "4e91c3e1-819e-4ebc-ae68-2037cfc2db92", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T21:38:25", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "a063e495-5883-4837-8186-5828f9f2d500", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "8bd0a250-74f6-4eeb-ba20-c5bdbd977013"}
+{"InterSystemsId": "50d648cb-466d-4cf4-b2f8-3b7e84f47040", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:04", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "08e18876-6177-487e-b8b5-cf950c1e598c", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000003-0000-0ff1-ce00-000000000000"}], "ObjectId": "00000003-0000-0ff1-ce00-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "64613cae-510d-4a52-b486-070b775e5800", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "a6fc9a9b-3b7e-4d33-8c0c-1d33d023e558"}
+{"InterSystemsId": "5a453031-0cc3-4577-a589-4c3bf37eed78", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T10:51:45", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "814a32f0-27fd-4e82-855c-13da15a4c300", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "19d57a4a-d32e-4dc6-971f-3491bc440023"}
+{"InterSystemsId": "5cd6215d-e206-4c3f-805d-6e386cbdab7a", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:13:01", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "9c218a27-ed51-4011-8383-e76850e85000", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "0b158f74-e223-43c8-9cfd-5f4442f29fc7"}
+{"InterSystemsId": "612b339f-1088-a000-f25f-9c8af4d57894", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:43:51", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000003-0000-0ff1-ce00-000000000000"}], "ObjectId": "00000003-0000-0ff1-ce00-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "c847a864-4ba2-4d8b-a9f2-5f1c1c5c5e00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "4819a0c2-2050-4549-ab66-f5b90cbbcc5a"}
+{"InterSystemsId": "61eb5713-2687-4c00-a7b2-fde4788c395b", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T21:38:29", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "80ccca67-54bd-44ab-8625-4b79c4dc7775", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "3db9a461-6dd1-4950-b3e3-fbe8c2d5c700", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "e94002d9-f6e8-46f9-8702-2a29e908e73d"}
+{"InterSystemsId": "61f81224-65fd-4c1b-b388-ee0e25485191", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T21:38:37", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000003-0000-0000-c000-000000000000"}], "ObjectId": "00000003-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "dc0cc415-9a00-470d-bda3-867e11fdd400", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "1ca4f684-3a34-44a8-99b8-064d1071768a"}
+{"InterSystemsId": "661f2330-3e04-483d-9781-caaa4543cc13", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T10:51:50", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000003-0000-0000-c000-000000000000"}], "ObjectId": "00000003-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "01c15486-46e2-487a-91f5-11445da0b600", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "3f6c8eb2-c64b-4dc5-b8fd-be252f8e09c2"}
+{"InterSystemsId": "68d7eaa4-aa57-4508-9792-09e80c911aa1", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:13:42", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "0f698dd4-f011-4d23-a33e-b36416dcb1e6"}], "ObjectId": "0f698dd4-f011-4d23-a33e-b36416dcb1e6", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "1590b91f-bffe-4cd8-9028-de52692f5400", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "b290b902-b6f2-49f6-b7f8-ea1541d85c8c"}
+{"InterSystemsId": "6ae96167-2df2-425c-9f91-27e6345eb782", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:42:59", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "LogonError": "FlowTokenExpired", "ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "f54da4fe-0a54-45f3-b6ea-39f873eb6000", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "RequestType", "Value": "Login:login"}, {"Name": "ResultStatusDetail", "Value": "Success"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "b0c1c4a7-c6db-4f14-b628-54e37a7a6785"}
+{"InterSystemsId": "6ae96167-2df2-425c-9f91-27e6345eb782", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:43:02", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "LogonError": "UserStrongAuthClientAuthNRequiredInterrupt", "ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Failed", "IntraSystemId": "7fa5e138-ac87-4063-a278-56c6c6965e00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "FlowTokenScenario", "Value": "Login"}, {"Name": "UserAuthenticationMethod", "Value": "1"}, {"Name": "RequestType", "Value": "Login:login"}, {"Name": "ResultStatusDetail", "Value": "Success"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoginFailed", "Id": "82d834e4-f6f2-476a-902e-e1e9fd6f87d8"}
+{"InterSystemsId": "6b9a8662-857f-45e4-bbb2-d106d5aab41e", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T21:38:19", "Actor": [{"Type": 0, "ID": "Unknown"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "Unknown", "UserType": 5, "UserKey": "Not Available", "ClientIP": "79.159.10.151", "LogonError": "None", "ApplicationId": "", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "0fee3b91-5e56-45f6-9b3c-792602b1e500", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "RequestType", "Value": "OAuth2:Logout"}, {"Name": "ResultStatusDetail", "Value": "Success"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "e5e2c41a-55ea-4681-9d64-78ddd7145bd2"}
+{"InterSystemsId": "6bab76a8-98bd-42e4-b722-a31fe81b030a", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:43:40", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "5f09333a-842c-47da-a157-57da27fcbca5"}], "ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "c3ebcde8-62f6-4cc4-8e0c-c11c08e76100", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "2a23206a-2f5d-4cb7-aeb8-f285d10e6f80"}
+{"InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:30:58", "Actor": [{"Type": 0, "ID": "Unknown"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "Unknown", "UserType": 5, "UserKey": "Not Available", "ClientIP": "83.57.233.151", "LogonError": "None", "ApplicationId": "", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "8b270c82-1240-4a0a-ac15-1e1116261400", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "RequestType", "Value": "OAuth2:Logout"}, {"Name": "ResultStatusDetail", "Value": "Success"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "c0a0d198-825b-4e39-b868-0a7b0552b209"}
+{"InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:31:33", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "LogonError": "UserStrongAuthClientAuthNRequiredInterrupt", "ApplicationId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "797f4846-ba00-4fd7-ba43-dac1f8f63013"}], "ObjectId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "ModifiedProperties": [], "ResultStatus": "Failed", "IntraSystemId": "b0faaf7a-913e-4a93-8ccc-ecfaa2b42400", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "FlowTokenScenario", "Value": "Login"}, {"Name": "UserAuthenticationMethod", "Value": "1"}, {"Name": "RequestType", "Value": "Login:login"}, {"Name": "ResultStatusDetail", "Value": "Success"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoginFailed", "Id": "52b07191-3887-40fb-a001-f4122b0851d1"}
+{"InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:14:25", "Actor": [{"Type": 0, "ID": "Unknown"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "Unknown", "UserType": 5, "UserKey": "Not Available", "ClientIP": "83.57.233.151", "LogonError": "None", "ApplicationId": "", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "d949d6c2-472e-4901-bd70-96cbfe534c00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "RequestType", "Value": "OAuth2:Logout"}, {"Name": "ResultStatusDetail", "Value": "Success"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "c62fa78d-daab-494e-a638-8321ebd71b9e"}
+{"InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:14:51", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "LogonError": "UserStrongAuthClientAuthNRequiredInterrupt", "ApplicationId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "797f4846-ba00-4fd7-ba43-dac1f8f63013"}], "ObjectId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "ModifiedProperties": [], "ResultStatus": "Failed", "IntraSystemId": "42c7ec91-1e2f-4505-b728-3a165b244f00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "FlowTokenScenario", "Value": "Login"}, {"Name": "UserAuthenticationMethod", "Value": "1"}, {"Name": "RequestType", "Value": "Login:login"}, {"Name": "ResultStatusDetail", "Value": "Success"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoginFailed", "Id": "73c76212-8120-4e21-a383-c80d8327b606"}
+{"InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:29:56", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "797f4846-ba00-4fd7-ba43-dac1f8f63013"}], "ObjectId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "8b8e8663-8a8c-4959-a692-e3eece085300", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "29f94716-3717-4671-962e-9c739b764f07"}
+{"InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-11T16:51:23", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "797f4846-ba00-4fd7-ba43-dac1f8f63013"}], "ObjectId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "361dd87e-3bc9-4f0a-b236-ed7365e28d00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "17d02385-1e30-45b7-949c-4d3dd549a0e7"}
+{"InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T21:39:45", "Actor": [{"Type": 0, "ID": "Unknown"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "Unknown", "UserType": 5, "UserKey": "Not Available", "ClientIP": "79.159.10.151", "LogonError": "None", "ApplicationId": "", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "32b4cec1-00eb-44ea-be73-adc82387db00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "RequestType", "Value": "OAuth2:Logout"}, {"Name": "ResultStatusDetail", "Value": "Success"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "e3346dd0-ecf6-4676-8765-365c7370b6fe"}
+{"InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T21:40:16", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "LogonError": "UserStrongAuthClientAuthNRequiredInterrupt", "ApplicationId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "797f4846-ba00-4fd7-ba43-dac1f8f63013"}], "ObjectId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "ModifiedProperties": [], "ResultStatus": "Failed", "IntraSystemId": "a063e495-5883-4837-8186-582817fdd500", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "FlowTokenScenario", "Value": "Login"}, {"Name": "UserAuthenticationMethod", "Value": "1"}, {"Name": "RequestType", "Value": "Login:login"}, {"Name": "ResultStatusDetail", "Value": "Success"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoginFailed", "Id": "a772fd76-847f-4703-90f1-37eb81c9f392"}
+{"InterSystemsId": "7766ac63-ae7f-43e6-868a-a5422a96fd8b", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-08T14:33:52", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "37.29.234.179", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "37.29.234.179", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "5f09333a-842c-47da-a157-57da27fcbca5"}], "ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "adc9d69c-8ae6-41c7-b685-331453060a00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "487e4f43-53db-4d6f-a314-5355746d4853"}
+{"InterSystemsId": "781c1055-e731-48ee-a806-c3f39ba160e3", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T10:53:24", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "5f09333a-842c-47da-a157-57da27fcbca5"}], "ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "e7fe21ea-ec03-46dd-b272-0a72ebbeac00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "41f6b2dc-4db6-444c-93d9-829a842b87e2"}
+{"InterSystemsId": "82b07417-7b33-4531-952f-d3f719e2356a", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:43:22", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "00000002-0000-0ff1-ce00-000000000000", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0ff1-ce00-000000000000"}], "ObjectId": "00000002-0000-0ff1-ce00-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "280b3410-9d51-4ce3-952d-5bba0bea6600", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "ec9fa29b-6201-456d-b228-ca1759e0bf6c"}
+{"InterSystemsId": "8571fe85-eb4a-430d-b468-97900e344923", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-06T09:28:04", "Actor": [{"Type": 0, "ID": "Unknown"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "Unknown", "UserType": 5, "UserKey": "Not Available", "ClientIP": "83.57.233.151", "LogonError": "None", "ApplicationId": "", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "d239e473-6687-4ff9-ac65-0e3c59961600", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "RequestType", "Value": "OAuth2:Logout"}, {"Name": "ResultStatusDetail", "Value": "Success"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "e988fd90-2eff-4ad7-9f02-030a9d73ad6e"}
+{"InterSystemsId": "8d662bc0-0011-424d-a7dc-56bfc5a142b4", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T21:38:35", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "00000002-0000-0ff1-ce00-000000000000", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0ff1-ce00-000000000000"}], "ObjectId": "00000002-0000-0ff1-ce00-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "d0a4e1ed-206d-4602-aaae-406a02c5c300", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "3cbf15a5-84d0-4b0e-ba8e-c3ed43477293"}
+{"InterSystemsId": "9270f20a-56f2-493e-b6a7-a859adcaf626", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:13:36", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "00000002-0000-0ff1-ce00-000000000000", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0ff1-ce00-000000000000"}], "ObjectId": "00000002-0000-0ff1-ce00-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "97aa710f-536f-44c8-a8d5-711dc55f5500", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "d2bb7eae-bc6e-42d2-b270-a885ec626235"}
+{"InterSystemsId": "97c52753-c410-438f-89e2-22741e5ccc6a", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T10:51:49", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "c9ef5d5f-e3af-4669-b465-921d8b58bd00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "03de6d95-b955-451c-8311-473b6853d774"}
+{"InterSystemsId": "9e0a494b-0db0-4481-a70e-eea6124b7018", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:43:37", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "e48d4214-364e-4731-b2b6-47dabf529218", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000004-0000-0ff1-ce00-000000000000"}], "ObjectId": "00000004-0000-0ff1-ce00-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "e7a84bcf-41ff-4953-8e99-fb1820685f00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "ac8fcffb-7c44-498d-ad6b-24b85a3a1b59"}
+{"InterSystemsId": "9fc4af4c-bf19-4f88-92ac-0fd029ca21bd", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:13:36", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "56fa424b-64bd-4ea5-abc4-38256f8a5600", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "880fb7bc-5708-42d1-86a8-760c32ac5e6b"}
+{"InterSystemsId": "a35e980b-88be-4343-9691-629473e01983", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T21:38:37", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "5f09333a-842c-47da-a157-57da27fcbca5"}], "ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "78a2aa65-5026-4124-970a-00e06dc7df00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "30c7afcc-f74d-4b5a-898e-ce72da9386b8"}
+{"InterSystemsId": "a89e9b3b-b394-4ecf-8abc-a3f6aaf9237f", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-06T09:28:00", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "bfe22fb6-c763-4972-91a7-5b13d3d51400", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "d4f90f07-f5c4-4b36-a81c-6c9bae8660d6"}
+{"InterSystemsId": "aca3d9a3-792d-4357-87c6-ef50c3215baa", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:28:52", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "5f09333a-842c-47da-a157-57da27fcbca5"}], "ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "f67a1615-4606-4673-b6fb-68f714fa2200", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "d2ad235b-d73f-4bd8-8aef-6e4909ee1b7c"}
+{"InterSystemsId": "ae211253-88cf-4921-9014-2f9beab64fb0", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:13:37", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "5f09333a-842c-47da-a157-57da27fcbca5"}], "ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "ccfec0f3-498b-43b1-a4c0-fb42f0fb5300", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "8ff18278-32ca-49d1-8658-91e577e0854f"}
+{"InterSystemsId": "b3997fcc-6b0e-45b1-b88d-b4ee4a8a7ddc", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:28:52", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000003-0000-0000-c000-000000000000"}], "ObjectId": "00000003-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "c1ffa732-6576-4f86-9294-44387abc1f00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "a3939990-f7b4-4dc5-af4d-42b70a9485ea"}
+{"InterSystemsId": "b3ab6d58-7b90-45d6-95e3-ee11333ebc34", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:13:01", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "d949d6c2-472e-4901-bd70-96cb90424c00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "61ba70f4-bd75-4bc2-a681-2e219d920e63"}
+{"InterSystemsId": "b5c5fd00-b659-413e-8739-6271a4d70506", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T10:53:12", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "80ccca67-54bd-44ab-8625-4b79c4dc7775", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000002-0000-0000-c000-000000000000"}], "ObjectId": "00000002-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "fabbe34e-a6dd-46f8-805f-4ca633c2ae00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Success"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "3e17bf8e-92de-45b6-b668-7618ab0e0c95"}
+{"InterSystemsId": "b744259e-13e0-43d7-9f56-82cdbd54cf7c", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T10:52:06", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "5f09333a-842c-47da-a157-57da27fcbca5"}], "ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "ce9f104d-1a1b-488e-9313-b9729e99c400", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "f100d714-ffa2-4077-bf90-2f57a3b366c0"}
+{"InterSystemsId": "b7d9a234-9fdd-4e36-9cf3-fd825f22697a", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-08T14:33:50", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "37.29.234.179", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "37.29.234.179", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "49092519-a590-4207-b1b3-1d49f9100a00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "4b0f0d57-0766-4621-8aa0-04b8d8b63a78"}
+{"InterSystemsId": "bb677f9e-953a-4bde-bb91-0ef8209200a1", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:13:38", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000003-0000-0000-c000-000000000000"}], "ObjectId": "00000003-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "1da3c318-642f-48dc-836b-e83b27655b00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "8d9a1fa8-7b85-4c5d-9e96-5728d572fb95"}
+{"InterSystemsId": "c355f078-53d7-4d60-b836-851a09a98208", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:05", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000003-0000-0000-c000-000000000000"}], "ObjectId": "00000003-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "20e56367-e902-4200-855b-2ef7b99e5f00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "9756fe5b-ea0d-42fa-a665-be8e0eb100e5"}
+{"InterSystemsId": "c5874ff2-7c53-4d51-9252-7abbf0524b1c", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:28:51", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "3188aef9-6b4e-44f2-8455-c28b49552200", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "abbf584f-b3a9-4b6d-9b37-4cc4b802ca4d"}
+{"InterSystemsId": "cf2168a1-6537-4ed6-80a5-797c3458180c", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:25:21", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "00000003-0000-0000-c000-000000000000"}], "ObjectId": "00000003-0000-0000-c000-000000000000", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "23f53edd-63a7-4292-9d80-4fbc49c11e00", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "d137a5e4-7004-493a-acca-5fb167d1f207"}
+{"InterSystemsId": "d21f6867-0670-4c94-b6fa-bde326fcf3c6", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T21:38:20", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "79.159.10.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "79.159.10.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "1fa4819f-605a-4ebe-a2c3-bc11c3f8e200", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "False"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "73f0a2ef-35be-4a71-9545-59d879fc8fb2"}
+{"InterSystemsId": "d5effb7f-9d39-4893-90f6-9cfeec7ed1a7", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:02", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "f22a3ad7-22e7-4296-a600-e4e9161a6000", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "3783acda-5ded-4d69-95b6-3df5344c0ce0"}
+{"InterSystemsId": "d960e058-1adb-4a84-a65b-1a6ce367e323", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:44:03", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "5f09333a-842c-47da-a157-57da27fcbca5"}], "ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "1dfdb693-18a1-4cff-aa3e-61feaa356100", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "f67568b1-64c4-4165-bdd9-16a5b9142eef"}
+{"InterSystemsId": "e2565aaf-91b0-4ccd-8810-743123eb7383", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:29:02", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "5f09333a-842c-47da-a157-57da27fcbca5"}], "ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "21166e08-6589-4c2d-a325-c97ba45f2200", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "a8114a24-d342-4689-b75e-51e6386763de"}
+{"InterSystemsId": "ede626b9-2035-4d02-8330-201c4ae82af6", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-09T15:25:21", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "83.57.233.151", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "83.57.233.151", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "5f09333a-842c-47da-a157-57da27fcbca5"}], "ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "98612804-9aa6-40a4-b72a-808bc7742000", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "1eaf9c65-8c67-4cd9-9277-771589113752"}
+{"InterSystemsId": "fc5c6c90-a6ba-486c-b685-8d67c529d3aa", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-07T16:43:39", "Actor": [{"Type": 0, "ID": "755e500a-6c03-46b0-b53b-282f23374e3b"}, {"Type": 5, "ID": "asr@testsiem.onmicrosoft.com"}, {"Type": 3, "ID": "1003200096971F55"}], "Version": 1, "ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "RecordType": 15, "ActorIpAddress": "213.97.47.133", "UserId": "asr@testsiem.onmicrosoft.com", "UserType": 0, "UserKey": "1003200096971F55@testsiem.onmicrosoft.com", "ClientIP": "213.97.47.133", "ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "SupportTicketId": "", "Workload": "AzureActiveDirectory", "Target": [{"Type": 0, "ID": "Unknown"}], "ObjectId": "Unknown", "ModifiedProperties": [], "ResultStatus": "Succeeded", "IntraSystemId": "6e184f6f-887b-4410-b24d-723031366000", "ExtendedProperties": [{"Name": "UserAgent", "Value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}, {"Name": "UserAuthenticationMethod", "Value": "9"}, {"Name": "RequestType", "Value": "OAuth2:Authorize"}, {"Name": "ResultStatusDetail", "Value": "Redirect"}, {"Name": "KeepMeSignedIn", "Value": "True"}], "TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AzureActiveDirectoryEventType": 1, "Operation": "UserLoggedIn", "Id": "3c439e46-d454-4767-9320-1e75540821b7"}
diff --git a/x-pack/filebeat/module/o365/audit/test/15-azuread-sts-logon.log-expected.json b/x-pack/filebeat/module/o365/audit/test/15-azuread-sts-logon.log-expected.json
new file mode 100644
index 00000000000..948359f11ca
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/test/15-azuread-sts-logon.log-expected.json
@@ -0,0 +1,6350 @@
+[
+    {
+        "@timestamp": "2020-02-10T15:13:13.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "ca0efc24-1b89-4962-8fef-a3ac5437302f",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 0,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:13:13",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "ca0efc24-1b89-4962-8fef-a3ac5437302f",
+        "o365.audit.InterSystemsId": "03616b3a-fc75-46a1-b34a-2d82fc8f1e7e",
+        "o365.audit.IntraSystemId": "c4206c29-46c2-4a6f-a46b-735107705400",
+        "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000002-0000-0000-c000-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-12T10:53:24.000Z",
+        "client.address": "79.159.10.151",
+        "client.ip": "79.159.10.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "b53de36d-ea71-4ebf-9b71-feb431bd4eba",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 1450,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "79.159.10.151",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "79.159.10.151",
+        "o365.audit.CreationTime": "2020-02-12T10:53:24",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "b53de36d-ea71-4ebf-9b71-feb431bd4eba",
+        "o365.audit.InterSystemsId": "05d69096-cb90-4690-ae69-8acd5177b3e0",
+        "o365.audit.IntraSystemId": "ed155e11-60b3-4764-b9aa-05c35f3bb800",
+        "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000003-0000-0000-c000-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "79.159.10.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "79.159.10.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-09T15:29:01.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "10e2d141-839e-4913-ab3d-6cf1f4856eae",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 2901,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:29:01",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "True",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "10e2d141-839e-4913-ab3d-6cf1f4856eae",
+        "o365.audit.InterSystemsId": "0f5eb16e-8b22-49bf-a927-f6f310fd5879",
+        "o365.audit.IntraSystemId": "6634d05a-72ec-4c27-8e69-03c57b202000",
+        "o365.audit.ObjectId": "Unknown",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Unknown",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-12T10:52:06.000Z",
+        "client.address": "79.159.10.151",
+        "client.ip": "79.159.10.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "68b3fd99-0dae-4479-926d-03cc0073dd08",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 4293,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "79.159.10.151",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "79.159.10.151",
+        "o365.audit.CreationTime": "2020-02-12T10:52:06",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "68b3fd99-0dae-4479-926d-03cc0073dd08",
+        "o365.audit.InterSystemsId": "1150acae-a48d-4752-8847-7bacb7fe6e6c",
+        "o365.audit.IntraSystemId": "1809f830-b010-4389-9607-e01ae175ca00",
+        "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000003-0000-0000-c000-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "79.159.10.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "79.159.10.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-12T10:53:22.000Z",
+        "client.address": "79.159.10.151",
+        "client.ip": "79.159.10.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "550af372-cdfd-4286-a1b7-d58df0dcd5d6",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 5744,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "79.159.10.151",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "79.159.10.151",
+        "o365.audit.CreationTime": "2020-02-12T10:53:22",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "550af372-cdfd-4286-a1b7-d58df0dcd5d6",
+        "o365.audit.InterSystemsId": "16e81fcc-add3-46c2-8834-10ce330ffe76",
+        "o365.audit.IntraSystemId": "2a84e6ff-7340-426e-9d0d-e53092c0c600",
+        "o365.audit.ObjectId": "Unknown",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Unknown",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "79.159.10.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "79.159.10.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:43:23.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "b5f59a43-00cf-42c4-8685-a7166fd20e38",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 7137,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "213.97.47.133",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CreationTime": "2020-02-07T16:43:23",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "True",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "b5f59a43-00cf-42c4-8685-a7166fd20e38",
+        "o365.audit.InterSystemsId": "172703f7-324e-415a-a846-c39ca97eb1c8",
+        "o365.audit.IntraSystemId": "d66cd29f-596e-4878-b756-92b545d25f00",
+        "o365.audit.ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "5f09333a-842c-47da-a157-57da27fcbca5",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:43:41.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "32e7fb94-6289-4fb4-855b-2ab78671ca4e",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 8587,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "213.97.47.133",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CreationTime": "2020-02-07T16:43:41",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "True",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "32e7fb94-6289-4fb4-855b-2ab78671ca4e",
+        "o365.audit.InterSystemsId": "17f8756c-0bfa-49ad-8537-ada4e17a5f7d",
+        "o365.audit.IntraSystemId": "1b395e92-5d02-408f-8bfe-139098a95500",
+        "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000003-0000-0000-c000-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:43:22.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "7314a65a-f383-40fb-a0c7-00c6c4cfabc0",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 10037,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "213.97.47.133",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CreationTime": "2020-02-07T16:43:22",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "True",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "7314a65a-f383-40fb-a0c7-00c6c4cfabc0",
+        "o365.audit.InterSystemsId": "22aac168-9d0d-4c70-b94d-adc337ab7b06",
+        "o365.audit.IntraSystemId": "280b3410-9d51-4ce3-952d-5bba18ea6600",
+        "o365.audit.ObjectId": "Unknown",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Unknown",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-12T10:52:05.000Z",
+        "client.address": "79.159.10.151",
+        "client.ip": "79.159.10.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "97b494ee-9ba1-4444-b052-3459bdc9eaa5",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 11429,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "79.159.10.151",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "79.159.10.151",
+        "o365.audit.CreationTime": "2020-02-12T10:52:05",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "97b494ee-9ba1-4444-b052-3459bdc9eaa5",
+        "o365.audit.InterSystemsId": "23321532-a321-4c97-909d-9489979777d6",
+        "o365.audit.IntraSystemId": "1909acba-a486-4ffc-805c-09fb73c0bf00",
+        "o365.audit.ObjectId": "Unknown",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Unknown",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "79.159.10.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "79.159.10.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:43:45.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "391870e6-1729-40ae-9ebb-51e0652fec9b",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 12822,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "213.97.47.133",
+        "o365.audit.ApplicationId": "5e3ce6c0-2b1f-4285-8d4b-75ee78787346",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CreationTime": "2020-02-07T16:43:45",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "True",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "391870e6-1729-40ae-9ebb-51e0652fec9b",
+        "o365.audit.InterSystemsId": "291fb7ce-4e56-47fd-a78e-4e9012f112ab",
+        "o365.audit.IntraSystemId": "9d47f3e0-1b2d-4c1c-b47b-dcf4bc4d5700",
+        "o365.audit.ObjectId": "Unknown",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Unknown",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-12T10:51:49.000Z",
+        "client.address": "79.159.10.151",
+        "client.ip": "79.159.10.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "a7538fb0-3213-41dc-ab38-1aed787e0cdc",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 14214,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "79.159.10.151",
+        "o365.audit.ApplicationId": "00000002-0000-0ff1-ce00-000000000000",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "79.159.10.151",
+        "o365.audit.CreationTime": "2020-02-12T10:51:49",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "a7538fb0-3213-41dc-ab38-1aed787e0cdc",
+        "o365.audit.InterSystemsId": "30e5377b-31d8-42c2-8170-13404afacde7",
+        "o365.audit.IntraSystemId": "8971516f-3ef3-4de0-b6b8-ebfae386bc00",
+        "o365.audit.ObjectId": "00000002-0000-0ff1-ce00-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000002-0000-0ff1-ce00-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "79.159.10.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "79.159.10.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-09T15:29:02.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "e2a15fc0-6892-41f5-a41c-e515231cbb0a",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 15664,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:29:02",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "True",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "e2a15fc0-6892-41f5-a41c-e515231cbb0a",
+        "o365.audit.InterSystemsId": "32e2f533-40fb-4783-8c66-d1bad7e1cc88",
+        "o365.audit.IntraSystemId": "74ab94ce-8928-4aff-8fa2-a66ad6d41f00",
+        "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000003-0000-0000-c000-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-10T15:13:08.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "e11538ff-5fe1-4fdd-8c5d-219d85c47bb3",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 17114,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:13:08",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "e11538ff-5fe1-4fdd-8c5d-219d85c47bb3",
+        "o365.audit.InterSystemsId": "3c5d16f4-16a6-45f4-a53d-abb86e35005b",
+        "o365.audit.IntraSystemId": "f67a1615-4606-4673-b6fb-68f716345800",
+        "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000002-0000-0000-c000-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:43:27.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "e031670b-bb84-45ee-94ff-0e70a8cd1138",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 18564,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "213.97.47.133",
+        "o365.audit.ApplicationId": "00000002-0000-0ff1-ce00-000000000000",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CreationTime": "2020-02-07T16:43:27",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "True",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "e031670b-bb84-45ee-94ff-0e70a8cd1138",
+        "o365.audit.InterSystemsId": "40077a75-7b58-4623-a64a-f1b7de70fa54",
+        "o365.audit.IntraSystemId": "4d1bd763-9b0b-4d5a-bda9-5c7a0a0a6000",
+        "o365.audit.ObjectId": "00000002-0000-0ff1-ce00-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000002-0000-0ff1-ce00-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-08T14:33:54.000Z",
+        "client.address": "37.29.234.179",
+        "client.ip": "37.29.234.179",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "d39944c4-6766-4a89-8d5a-c789175830ee",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 20013,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "37.29.234.179",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "37.29.234.179",
+        "o365.audit.CreationTime": "2020-02-08T14:33:54",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "True",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "d39944c4-6766-4a89-8d5a-c789175830ee",
+        "o365.audit.InterSystemsId": "425503c9-ccbf-4674-8f1e-4d56510474fd",
+        "o365.audit.IntraSystemId": "57ef1056-6ce2-424a-b241-ce3939d00900",
+        "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000003-0000-0000-c000-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "37.29.234.179",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 16299,
+        "source.as.organization.name": "XFERA Moviles S.A.",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 40.4172,
+        "source.geo.location.lon": -3.684,
+        "source.ip": "37.29.234.179",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-10T15:13:12.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "6f2b7716-1acc-450d-ae13-afad7e02d07e",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 21463,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:13:12",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "6f2b7716-1acc-450d-ae13-afad7e02d07e",
+        "o365.audit.InterSystemsId": "4409eeeb-0ca5-42dd-99d9-4a6b2fabfa4f",
+        "o365.audit.IntraSystemId": "0c8fcffc-a810-4a85-b8e2-3a2fda925c00",
+        "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000002-0000-0000-c000-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-12T21:38:35.000Z",
+        "client.address": "79.159.10.151",
+        "client.ip": "79.159.10.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "47f3c440-3fb7-4b5e-9c20-455470b289d2",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 22913,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "79.159.10.151",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "79.159.10.151",
+        "o365.audit.CreationTime": "2020-02-12T21:38:35",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "47f3c440-3fb7-4b5e-9c20-455470b289d2",
+        "o365.audit.InterSystemsId": "4542ce7e-270b-435e-8f81-ee23ea74be75",
+        "o365.audit.IntraSystemId": "9718abaa-220e-49c5-8c9b-588d32b8db00",
+        "o365.audit.ObjectId": "Unknown",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Unknown",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "79.159.10.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "79.159.10.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-08T14:38:40.000Z",
+        "client.address": "37.29.234.179",
+        "client.ip": "37.29.234.179",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "5a3435d0-229a-41c8-bd21-b4f2b662d0f6",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 24306,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "37.29.234.179",
+        "o365.audit.ApplicationId": "80ccca67-54bd-44ab-8625-4b79c4dc7775",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "37.29.234.179",
+        "o365.audit.CreationTime": "2020-02-08T14:38:40",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "True",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "5a3435d0-229a-41c8-bd21-b4f2b662d0f6",
+        "o365.audit.InterSystemsId": "4836e306-1460-4f34-ab55-a74c9a14f50d",
+        "o365.audit.IntraSystemId": "2fde8302-c39e-40b6-9c7f-1bb9d4800a00",
+        "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000002-0000-0000-c000-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "37.29.234.179",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 16299,
+        "source.as.organization.name": "XFERA Moviles S.A.",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 40.4172,
+        "source.geo.location.lon": -3.684,
+        "source.ip": "37.29.234.179",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-10T15:13:16.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "5aff2d1c-b203-46a6-96f0-b8f908f0e968",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 25755,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:13:16",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "5aff2d1c-b203-46a6-96f0-b8f908f0e968",
+        "o365.audit.InterSystemsId": "4a50a549-adf3-4a22-9037-7fd8cd3d0116",
+        "o365.audit.IntraSystemId": "1d856a16-b179-41ab-9c0d-af1d2b925100",
+        "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000002-0000-0000-c000-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-10T15:13:16.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "3d8033cf-eecd-4eee-87a5-795efd8a1d3d",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 27205,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:13:16",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "3d8033cf-eecd-4eee-87a5-795efd8a1d3d",
+        "o365.audit.InterSystemsId": "4e44a55e-9c0d-4cea-b000-1b79e96dcf57",
+        "o365.audit.IntraSystemId": "fc33c54e-38b9-4ef2-a4ee-a3a324a45500",
+        "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000002-0000-0000-c000-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-12T21:38:25.000Z",
+        "client.address": "79.159.10.151",
+        "client.ip": "79.159.10.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "8bd0a250-74f6-4eeb-ba20-c5bdbd977013",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 28655,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "79.159.10.151",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "79.159.10.151",
+        "o365.audit.CreationTime": "2020-02-12T21:38:25",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "8bd0a250-74f6-4eeb-ba20-c5bdbd977013",
+        "o365.audit.InterSystemsId": "4e91c3e1-819e-4ebc-ae68-2037cfc2db92",
+        "o365.audit.IntraSystemId": "a063e495-5883-4837-8186-5828f9f2d500",
+        "o365.audit.ObjectId": "Unknown",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Unknown",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "79.159.10.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "79.159.10.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:44:04.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "a6fc9a9b-3b7e-4d33-8c0c-1d33d023e558",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 30048,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "213.97.47.133",
+        "o365.audit.ApplicationId": "08e18876-6177-487e-b8b5-cf950c1e598c",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CreationTime": "2020-02-07T16:44:04",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "True",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "a6fc9a9b-3b7e-4d33-8c0c-1d33d023e558",
+        "o365.audit.InterSystemsId": "50d648cb-466d-4cf4-b2f8-3b7e84f47040",
+        "o365.audit.IntraSystemId": "64613cae-510d-4a52-b486-070b775e5800",
+        "o365.audit.ObjectId": "00000003-0000-0ff1-ce00-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000003-0000-0ff1-ce00-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-12T10:51:45.000Z",
+        "client.address": "79.159.10.151",
+        "client.ip": "79.159.10.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "19d57a4a-d32e-4dc6-971f-3491bc440023",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 31498,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "79.159.10.151",
+        "o365.audit.ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "79.159.10.151",
+        "o365.audit.CreationTime": "2020-02-12T10:51:45",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "19d57a4a-d32e-4dc6-971f-3491bc440023",
+        "o365.audit.InterSystemsId": "5a453031-0cc3-4577-a589-4c3bf37eed78",
+        "o365.audit.IntraSystemId": "814a32f0-27fd-4e82-855c-13da15a4c300",
+        "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000002-0000-0000-c000-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "79.159.10.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "79.159.10.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-10T15:13:01.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "0b158f74-e223-43c8-9cfd-5f4442f29fc7",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 32948,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:13:01",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "0b158f74-e223-43c8-9cfd-5f4442f29fc7",
+        "o365.audit.InterSystemsId": "5cd6215d-e206-4c3f-805d-6e386cbdab7a",
+        "o365.audit.IntraSystemId": "9c218a27-ed51-4011-8383-e76850e85000",
+        "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000002-0000-0000-c000-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:43:51.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "4819a0c2-2050-4549-ab66-f5b90cbbcc5a",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 34398,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "213.97.47.133",
+        "o365.audit.ApplicationId": "00000003-0000-0ff1-ce00-000000000000",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CreationTime": "2020-02-07T16:43:51",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "True",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "4819a0c2-2050-4549-ab66-f5b90cbbcc5a",
+        "o365.audit.InterSystemsId": "612b339f-1088-a000-f25f-9c8af4d57894",
+        "o365.audit.IntraSystemId": "c847a864-4ba2-4d8b-a9f2-5f1c1c5c5e00",
+        "o365.audit.ObjectId": "00000003-0000-0ff1-ce00-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000003-0000-0ff1-ce00-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-12T21:38:29.000Z",
+        "client.address": "79.159.10.151",
+        "client.ip": "79.159.10.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "e94002d9-f6e8-46f9-8702-2a29e908e73d",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 35847,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "79.159.10.151",
+        "o365.audit.ApplicationId": "80ccca67-54bd-44ab-8625-4b79c4dc7775",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "79.159.10.151",
+        "o365.audit.CreationTime": "2020-02-12T21:38:29",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "e94002d9-f6e8-46f9-8702-2a29e908e73d",
+        "o365.audit.InterSystemsId": "61eb5713-2687-4c00-a7b2-fde4788c395b",
+        "o365.audit.IntraSystemId": "3db9a461-6dd1-4950-b3e3-fbe8c2d5c700",
+        "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000002-0000-0000-c000-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "79.159.10.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "79.159.10.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-12T21:38:37.000Z",
+        "client.address": "79.159.10.151",
+        "client.ip": "79.159.10.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "1ca4f684-3a34-44a8-99b8-064d1071768a",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 37297,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "79.159.10.151",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "79.159.10.151",
+        "o365.audit.CreationTime": "2020-02-12T21:38:37",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "1ca4f684-3a34-44a8-99b8-064d1071768a",
+        "o365.audit.InterSystemsId": "61f81224-65fd-4c1b-b388-ee0e25485191",
+        "o365.audit.IntraSystemId": "dc0cc415-9a00-470d-bda3-867e11fdd400",
+        "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000003-0000-0000-c000-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "79.159.10.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "79.159.10.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-12T10:51:50.000Z",
+        "client.address": "79.159.10.151",
+        "client.ip": "79.159.10.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "3f6c8eb2-c64b-4dc5-b8fd-be252f8e09c2",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 38748,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "79.159.10.151",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "79.159.10.151",
+        "o365.audit.CreationTime": "2020-02-12T10:51:50",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "3f6c8eb2-c64b-4dc5-b8fd-be252f8e09c2",
+        "o365.audit.InterSystemsId": "661f2330-3e04-483d-9781-caaa4543cc13",
+        "o365.audit.IntraSystemId": "01c15486-46e2-487a-91f5-11445da0b600",
+        "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000003-0000-0000-c000-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "79.159.10.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "79.159.10.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-10T15:13:42.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "b290b902-b6f2-49f6-b7f8-ea1541d85c8c",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 40199,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:13:42",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "b290b902-b6f2-49f6-b7f8-ea1541d85c8c",
+        "o365.audit.InterSystemsId": "68d7eaa4-aa57-4508-9792-09e80c911aa1",
+        "o365.audit.IntraSystemId": "1590b91f-bffe-4cd8-9028-de52692f5400",
+        "o365.audit.ObjectId": "0f698dd4-f011-4d23-a33e-b36416dcb1e6",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "0f698dd4-f011-4d23-a33e-b36416dcb1e6",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:42:59.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "b0c1c4a7-c6db-4f14-b628-54e37a7a6785",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 41650,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "213.97.47.133",
+        "o365.audit.ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CreationTime": "2020-02-07T16:42:59",
+        "o365.audit.ExtendedProperties.RequestType": "Login:login",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.Id": "b0c1c4a7-c6db-4f14-b628-54e37a7a6785",
+        "o365.audit.InterSystemsId": "6ae96167-2df2-425c-9f91-27e6345eb782",
+        "o365.audit.IntraSystemId": "f54da4fe-0a54-45f3-b6ea-39f873eb6000",
+        "o365.audit.LogonError": "FlowTokenExpired",
+        "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000002-0000-0000-c000-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:43:02.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "UserLoginFailed",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "82d834e4-f6f2-476a-902e-e1e9fd6f87d8",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "failure",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_failure"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 43031,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "213.97.47.133",
+        "o365.audit.ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CreationTime": "2020-02-07T16:43:02",
+        "o365.audit.ExtendedProperties.FlowTokenScenario": "Login",
+        "o365.audit.ExtendedProperties.RequestType": "Login:login",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "1",
+        "o365.audit.Id": "82d834e4-f6f2-476a-902e-e1e9fd6f87d8",
+        "o365.audit.InterSystemsId": "6ae96167-2df2-425c-9f91-27e6345eb782",
+        "o365.audit.IntraSystemId": "7fa5e138-ac87-4063-a278-56c6c6965e00",
+        "o365.audit.LogonError": "UserStrongAuthClientAuthNRequiredInterrupt",
+        "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000",
+        "o365.audit.Operation": "UserLoginFailed",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Failed",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000002-0000-0000-c000-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-12T21:38:19.000Z",
+        "client.address": "79.159.10.151",
+        "client.ip": "79.159.10.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "e5e2c41a-55ea-4681-9d64-78ddd7145bd2",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 44539,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "Unknown",
+                "Type": 0
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "79.159.10.151",
+        "o365.audit.ApplicationId": "",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "79.159.10.151",
+        "o365.audit.CreationTime": "2020-02-12T21:38:19",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Logout",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.Id": "e5e2c41a-55ea-4681-9d64-78ddd7145bd2",
+        "o365.audit.InterSystemsId": "6b9a8662-857f-45e4-bbb2-d106d5aab41e",
+        "o365.audit.IntraSystemId": "0fee3b91-5e56-45f6-9b3c-792602b1e500",
+        "o365.audit.LogonError": "None",
+        "o365.audit.ObjectId": "Unknown",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Unknown",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "Unknown",
+        "o365.audit.UserKey": "Not Available",
+        "o365.audit.UserType": 5,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "79.159.10.151",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "79.159.10.151",
+        "user.id": "Unknown",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:43:40.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "2a23206a-2f5d-4cb7-aeb8-f285d10e6f80",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 45648,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "213.97.47.133",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CreationTime": "2020-02-07T16:43:40",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "True",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "2a23206a-2f5d-4cb7-aeb8-f285d10e6f80",
+        "o365.audit.InterSystemsId": "6bab76a8-98bd-42e4-b722-a31fe81b030a",
+        "o365.audit.IntraSystemId": "c3ebcde8-62f6-4cc4-8e0c-c11c08e76100",
+        "o365.audit.ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "5f09333a-842c-47da-a157-57da27fcbca5",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-09T15:30:58.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "c0a0d198-825b-4e39-b868-0a7b0552b209",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 47098,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "Unknown",
+                "Type": 0
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:30:58",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Logout",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.Id": "c0a0d198-825b-4e39-b868-0a7b0552b209",
+        "o365.audit.InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652",
+        "o365.audit.IntraSystemId": "8b270c82-1240-4a0a-ac15-1e1116261400",
+        "o365.audit.LogonError": "None",
+        "o365.audit.ObjectId": "Unknown",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Unknown",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "Unknown",
+        "o365.audit.UserKey": "Not Available",
+        "o365.audit.UserType": 5,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.id": "Unknown",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-09T15:31:33.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoginFailed",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "52b07191-3887-40fb-a001-f4122b0851d1",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "failure",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_failure"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 48207,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:31:33",
+        "o365.audit.ExtendedProperties.FlowTokenScenario": "Login",
+        "o365.audit.ExtendedProperties.RequestType": "Login:login",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "1",
+        "o365.audit.Id": "52b07191-3887-40fb-a001-f4122b0851d1",
+        "o365.audit.InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652",
+        "o365.audit.IntraSystemId": "b0faaf7a-913e-4a93-8ccc-ecfaa2b42400",
+        "o365.audit.LogonError": "UserStrongAuthClientAuthNRequiredInterrupt",
+        "o365.audit.ObjectId": "797f4846-ba00-4fd7-ba43-dac1f8f63013",
+        "o365.audit.Operation": "UserLoginFailed",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Failed",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "797f4846-ba00-4fd7-ba43-dac1f8f63013",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-10T15:14:25.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "c62fa78d-daab-494e-a638-8321ebd71b9e",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 49715,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "Unknown",
+                "Type": 0
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:14:25",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Logout",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.Id": "c62fa78d-daab-494e-a638-8321ebd71b9e",
+        "o365.audit.InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652",
+        "o365.audit.IntraSystemId": "d949d6c2-472e-4901-bd70-96cbfe534c00",
+        "o365.audit.LogonError": "None",
+        "o365.audit.ObjectId": "Unknown",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Unknown",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "Unknown",
+        "o365.audit.UserKey": "Not Available",
+        "o365.audit.UserType": 5,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.id": "Unknown",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-10T15:14:51.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoginFailed",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "73c76212-8120-4e21-a383-c80d8327b606",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "failure",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_failure"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 50824,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:14:51",
+        "o365.audit.ExtendedProperties.FlowTokenScenario": "Login",
+        "o365.audit.ExtendedProperties.RequestType": "Login:login",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "1",
+        "o365.audit.Id": "73c76212-8120-4e21-a383-c80d8327b606",
+        "o365.audit.InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652",
+        "o365.audit.IntraSystemId": "42c7ec91-1e2f-4505-b728-3a165b244f00",
+        "o365.audit.LogonError": "UserStrongAuthClientAuthNRequiredInterrupt",
+        "o365.audit.ObjectId": "797f4846-ba00-4fd7-ba43-dac1f8f63013",
+        "o365.audit.Operation": "UserLoginFailed",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Failed",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "797f4846-ba00-4fd7-ba43-dac1f8f63013",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-10T15:29:56.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "29f94716-3717-4671-962e-9c739b764f07",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 52332,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:29:56",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "29f94716-3717-4671-962e-9c739b764f07",
+        "o365.audit.InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652",
+        "o365.audit.IntraSystemId": "8b8e8663-8a8c-4959-a692-e3eece085300",
+        "o365.audit.ObjectId": "797f4846-ba00-4fd7-ba43-dac1f8f63013",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "797f4846-ba00-4fd7-ba43-dac1f8f63013",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-11T16:51:23.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "17d02385-1e30-45b7-949c-4d3dd549a0e7",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 53782,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-11T16:51:23",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "17d02385-1e30-45b7-949c-4d3dd549a0e7",
+        "o365.audit.InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652",
+        "o365.audit.IntraSystemId": "361dd87e-3bc9-4f0a-b236-ed7365e28d00",
+        "o365.audit.ObjectId": "797f4846-ba00-4fd7-ba43-dac1f8f63013",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "797f4846-ba00-4fd7-ba43-dac1f8f63013",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-12T21:39:45.000Z",
+        "client.address": "79.159.10.151",
+        "client.ip": "79.159.10.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "e3346dd0-ecf6-4676-8765-365c7370b6fe",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 55232,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "Unknown",
+                "Type": 0
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "79.159.10.151",
+        "o365.audit.ApplicationId": "",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "79.159.10.151",
+        "o365.audit.CreationTime": "2020-02-12T21:39:45",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Logout",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.Id": "e3346dd0-ecf6-4676-8765-365c7370b6fe",
+        "o365.audit.InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652",
+        "o365.audit.IntraSystemId": "32b4cec1-00eb-44ea-be73-adc82387db00",
+        "o365.audit.LogonError": "None",
+        "o365.audit.ObjectId": "Unknown",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Unknown",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "Unknown",
+        "o365.audit.UserKey": "Not Available",
+        "o365.audit.UserType": 5,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "79.159.10.151",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "79.159.10.151",
+        "user.id": "Unknown",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-12T21:40:16.000Z",
+        "client.address": "79.159.10.151",
+        "client.ip": "79.159.10.151",
+        "event.action": "UserLoginFailed",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "a772fd76-847f-4703-90f1-37eb81c9f392",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "failure",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_failure"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 56341,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "79.159.10.151",
+        "o365.audit.ApplicationId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "79.159.10.151",
+        "o365.audit.CreationTime": "2020-02-12T21:40:16",
+        "o365.audit.ExtendedProperties.FlowTokenScenario": "Login",
+        "o365.audit.ExtendedProperties.RequestType": "Login:login",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "1",
+        "o365.audit.Id": "a772fd76-847f-4703-90f1-37eb81c9f392",
+        "o365.audit.InterSystemsId": "6fee997e-1b2a-4a95-a8be-ea85642ed652",
+        "o365.audit.IntraSystemId": "a063e495-5883-4837-8186-582817fdd500",
+        "o365.audit.LogonError": "UserStrongAuthClientAuthNRequiredInterrupt",
+        "o365.audit.ObjectId": "797f4846-ba00-4fd7-ba43-dac1f8f63013",
+        "o365.audit.Operation": "UserLoginFailed",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Failed",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "797f4846-ba00-4fd7-ba43-dac1f8f63013",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "79.159.10.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "79.159.10.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-08T14:33:52.000Z",
+        "client.address": "37.29.234.179",
+        "client.ip": "37.29.234.179",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "487e4f43-53db-4d6f-a314-5355746d4853",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 57849,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "37.29.234.179",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "37.29.234.179",
+        "o365.audit.CreationTime": "2020-02-08T14:33:52",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "True",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "487e4f43-53db-4d6f-a314-5355746d4853",
+        "o365.audit.InterSystemsId": "7766ac63-ae7f-43e6-868a-a5422a96fd8b",
+        "o365.audit.IntraSystemId": "adc9d69c-8ae6-41c7-b685-331453060a00",
+        "o365.audit.ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "5f09333a-842c-47da-a157-57da27fcbca5",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "37.29.234.179",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 16299,
+        "source.as.organization.name": "XFERA Moviles S.A.",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 40.4172,
+        "source.geo.location.lon": -3.684,
+        "source.ip": "37.29.234.179",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-12T10:53:24.000Z",
+        "client.address": "79.159.10.151",
+        "client.ip": "79.159.10.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "41f6b2dc-4db6-444c-93d9-829a842b87e2",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 59299,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "79.159.10.151",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "79.159.10.151",
+        "o365.audit.CreationTime": "2020-02-12T10:53:24",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "41f6b2dc-4db6-444c-93d9-829a842b87e2",
+        "o365.audit.InterSystemsId": "781c1055-e731-48ee-a806-c3f39ba160e3",
+        "o365.audit.IntraSystemId": "e7fe21ea-ec03-46dd-b272-0a72ebbeac00",
+        "o365.audit.ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "5f09333a-842c-47da-a157-57da27fcbca5",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "79.159.10.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "79.159.10.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:43:22.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "ec9fa29b-6201-456d-b228-ca1759e0bf6c",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 60750,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "213.97.47.133",
+        "o365.audit.ApplicationId": "00000002-0000-0ff1-ce00-000000000000",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CreationTime": "2020-02-07T16:43:22",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "True",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "ec9fa29b-6201-456d-b228-ca1759e0bf6c",
+        "o365.audit.InterSystemsId": "82b07417-7b33-4531-952f-d3f719e2356a",
+        "o365.audit.IntraSystemId": "280b3410-9d51-4ce3-952d-5bba0bea6600",
+        "o365.audit.ObjectId": "00000002-0000-0ff1-ce00-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000002-0000-0ff1-ce00-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-06T09:28:04.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "e988fd90-2eff-4ad7-9f02-030a9d73ad6e",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 62199,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "Unknown",
+                "Type": 0
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-06T09:28:04",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Logout",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.Id": "e988fd90-2eff-4ad7-9f02-030a9d73ad6e",
+        "o365.audit.InterSystemsId": "8571fe85-eb4a-430d-b468-97900e344923",
+        "o365.audit.IntraSystemId": "d239e473-6687-4ff9-ac65-0e3c59961600",
+        "o365.audit.LogonError": "None",
+        "o365.audit.ObjectId": "Unknown",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Unknown",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "Unknown",
+        "o365.audit.UserKey": "Not Available",
+        "o365.audit.UserType": 5,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.id": "Unknown",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-12T21:38:35.000Z",
+        "client.address": "79.159.10.151",
+        "client.ip": "79.159.10.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "3cbf15a5-84d0-4b0e-ba8e-c3ed43477293",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 63308,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "79.159.10.151",
+        "o365.audit.ApplicationId": "00000002-0000-0ff1-ce00-000000000000",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "79.159.10.151",
+        "o365.audit.CreationTime": "2020-02-12T21:38:35",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "3cbf15a5-84d0-4b0e-ba8e-c3ed43477293",
+        "o365.audit.InterSystemsId": "8d662bc0-0011-424d-a7dc-56bfc5a142b4",
+        "o365.audit.IntraSystemId": "d0a4e1ed-206d-4602-aaae-406a02c5c300",
+        "o365.audit.ObjectId": "00000002-0000-0ff1-ce00-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000002-0000-0ff1-ce00-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "79.159.10.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "79.159.10.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-10T15:13:36.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "d2bb7eae-bc6e-42d2-b270-a885ec626235",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 64758,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "00000002-0000-0ff1-ce00-000000000000",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:13:36",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "d2bb7eae-bc6e-42d2-b270-a885ec626235",
+        "o365.audit.InterSystemsId": "9270f20a-56f2-493e-b6a7-a859adcaf626",
+        "o365.audit.IntraSystemId": "97aa710f-536f-44c8-a8d5-711dc55f5500",
+        "o365.audit.ObjectId": "00000002-0000-0ff1-ce00-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000002-0000-0ff1-ce00-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-12T10:51:49.000Z",
+        "client.address": "79.159.10.151",
+        "client.ip": "79.159.10.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "03de6d95-b955-451c-8311-473b6853d774",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 66208,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "79.159.10.151",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "79.159.10.151",
+        "o365.audit.CreationTime": "2020-02-12T10:51:49",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "03de6d95-b955-451c-8311-473b6853d774",
+        "o365.audit.InterSystemsId": "97c52753-c410-438f-89e2-22741e5ccc6a",
+        "o365.audit.IntraSystemId": "c9ef5d5f-e3af-4669-b465-921d8b58bd00",
+        "o365.audit.ObjectId": "Unknown",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Unknown",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "79.159.10.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "79.159.10.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:43:37.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "ac8fcffb-7c44-498d-ad6b-24b85a3a1b59",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 67601,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "213.97.47.133",
+        "o365.audit.ApplicationId": "e48d4214-364e-4731-b2b6-47dabf529218",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CreationTime": "2020-02-07T16:43:37",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "True",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "ac8fcffb-7c44-498d-ad6b-24b85a3a1b59",
+        "o365.audit.InterSystemsId": "9e0a494b-0db0-4481-a70e-eea6124b7018",
+        "o365.audit.IntraSystemId": "e7a84bcf-41ff-4953-8e99-fb1820685f00",
+        "o365.audit.ObjectId": "00000004-0000-0ff1-ce00-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000004-0000-0ff1-ce00-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-10T15:13:36.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "880fb7bc-5708-42d1-86a8-760c32ac5e6b",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 69051,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:13:36",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "880fb7bc-5708-42d1-86a8-760c32ac5e6b",
+        "o365.audit.InterSystemsId": "9fc4af4c-bf19-4f88-92ac-0fd029ca21bd",
+        "o365.audit.IntraSystemId": "56fa424b-64bd-4ea5-abc4-38256f8a5600",
+        "o365.audit.ObjectId": "Unknown",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Unknown",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-12T21:38:37.000Z",
+        "client.address": "79.159.10.151",
+        "client.ip": "79.159.10.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "30c7afcc-f74d-4b5a-898e-ce72da9386b8",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 70444,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "79.159.10.151",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "79.159.10.151",
+        "o365.audit.CreationTime": "2020-02-12T21:38:37",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "30c7afcc-f74d-4b5a-898e-ce72da9386b8",
+        "o365.audit.InterSystemsId": "a35e980b-88be-4343-9691-629473e01983",
+        "o365.audit.IntraSystemId": "78a2aa65-5026-4124-970a-00e06dc7df00",
+        "o365.audit.ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "5f09333a-842c-47da-a157-57da27fcbca5",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "79.159.10.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "79.159.10.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-06T09:28:00.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "d4f90f07-f5c4-4b36-a81c-6c9bae8660d6",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 71895,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-06T09:28:00",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "d4f90f07-f5c4-4b36-a81c-6c9bae8660d6",
+        "o365.audit.InterSystemsId": "a89e9b3b-b394-4ecf-8abc-a3f6aaf9237f",
+        "o365.audit.IntraSystemId": "bfe22fb6-c763-4972-91a7-5b13d3d51400",
+        "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000002-0000-0000-c000-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-09T15:28:52.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "d2ad235b-d73f-4bd8-8aef-6e4909ee1b7c",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 73345,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:28:52",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "True",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "d2ad235b-d73f-4bd8-8aef-6e4909ee1b7c",
+        "o365.audit.InterSystemsId": "aca3d9a3-792d-4357-87c6-ef50c3215baa",
+        "o365.audit.IntraSystemId": "f67a1615-4606-4673-b6fb-68f714fa2200",
+        "o365.audit.ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "5f09333a-842c-47da-a157-57da27fcbca5",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-10T15:13:37.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "8ff18278-32ca-49d1-8658-91e577e0854f",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 74795,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:13:37",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "8ff18278-32ca-49d1-8658-91e577e0854f",
+        "o365.audit.InterSystemsId": "ae211253-88cf-4921-9014-2f9beab64fb0",
+        "o365.audit.IntraSystemId": "ccfec0f3-498b-43b1-a4c0-fb42f0fb5300",
+        "o365.audit.ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "5f09333a-842c-47da-a157-57da27fcbca5",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-09T15:28:52.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "a3939990-f7b4-4dc5-af4d-42b70a9485ea",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 76246,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:28:52",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "True",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "a3939990-f7b4-4dc5-af4d-42b70a9485ea",
+        "o365.audit.InterSystemsId": "b3997fcc-6b0e-45b1-b88d-b4ee4a8a7ddc",
+        "o365.audit.IntraSystemId": "c1ffa732-6576-4f86-9294-44387abc1f00",
+        "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000003-0000-0000-c000-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-10T15:13:01.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "61ba70f4-bd75-4bc2-a681-2e219d920e63",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 77696,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:13:01",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "61ba70f4-bd75-4bc2-a681-2e219d920e63",
+        "o365.audit.InterSystemsId": "b3ab6d58-7b90-45d6-95e3-ee11333ebc34",
+        "o365.audit.IntraSystemId": "d949d6c2-472e-4901-bd70-96cb90424c00",
+        "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000002-0000-0000-c000-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-12T10:53:12.000Z",
+        "client.address": "79.159.10.151",
+        "client.ip": "79.159.10.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "3e17bf8e-92de-45b6-b668-7618ab0e0c95",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 79146,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "79.159.10.151",
+        "o365.audit.ApplicationId": "80ccca67-54bd-44ab-8625-4b79c4dc7775",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "79.159.10.151",
+        "o365.audit.CreationTime": "2020-02-12T10:53:12",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Success",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "3e17bf8e-92de-45b6-b668-7618ab0e0c95",
+        "o365.audit.InterSystemsId": "b5c5fd00-b659-413e-8739-6271a4d70506",
+        "o365.audit.IntraSystemId": "fabbe34e-a6dd-46f8-805f-4ca633c2ae00",
+        "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000002-0000-0000-c000-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "79.159.10.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "79.159.10.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-12T10:52:06.000Z",
+        "client.address": "79.159.10.151",
+        "client.ip": "79.159.10.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "f100d714-ffa2-4077-bf90-2f57a3b366c0",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 80596,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "79.159.10.151",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "79.159.10.151",
+        "o365.audit.CreationTime": "2020-02-12T10:52:06",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "f100d714-ffa2-4077-bf90-2f57a3b366c0",
+        "o365.audit.InterSystemsId": "b744259e-13e0-43d7-9f56-82cdbd54cf7c",
+        "o365.audit.IntraSystemId": "ce9f104d-1a1b-488e-9313-b9729e99c400",
+        "o365.audit.ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "5f09333a-842c-47da-a157-57da27fcbca5",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "79.159.10.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "79.159.10.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-08T14:33:50.000Z",
+        "client.address": "37.29.234.179",
+        "client.ip": "37.29.234.179",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "4b0f0d57-0766-4621-8aa0-04b8d8b63a78",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 82047,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "37.29.234.179",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "37.29.234.179",
+        "o365.audit.CreationTime": "2020-02-08T14:33:50",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "True",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "4b0f0d57-0766-4621-8aa0-04b8d8b63a78",
+        "o365.audit.InterSystemsId": "b7d9a234-9fdd-4e36-9cf3-fd825f22697a",
+        "o365.audit.IntraSystemId": "49092519-a590-4207-b1b3-1d49f9100a00",
+        "o365.audit.ObjectId": "Unknown",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Unknown",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "37.29.234.179",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 16299,
+        "source.as.organization.name": "XFERA Moviles S.A.",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 40.4172,
+        "source.geo.location.lon": -3.684,
+        "source.ip": "37.29.234.179",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-10T15:13:38.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "8d9a1fa8-7b85-4c5d-9e96-5728d572fb95",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 83439,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-10T15:13:38",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "8d9a1fa8-7b85-4c5d-9e96-5728d572fb95",
+        "o365.audit.InterSystemsId": "bb677f9e-953a-4bde-bb91-0ef8209200a1",
+        "o365.audit.IntraSystemId": "1da3c318-642f-48dc-836b-e83b27655b00",
+        "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000003-0000-0000-c000-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:44:05.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "9756fe5b-ea0d-42fa-a665-be8e0eb100e5",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 84890,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "213.97.47.133",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CreationTime": "2020-02-07T16:44:05",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "True",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "9756fe5b-ea0d-42fa-a665-be8e0eb100e5",
+        "o365.audit.InterSystemsId": "c355f078-53d7-4d60-b836-851a09a98208",
+        "o365.audit.IntraSystemId": "20e56367-e902-4200-855b-2ef7b99e5f00",
+        "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000003-0000-0000-c000-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-09T15:28:51.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "abbf584f-b3a9-4b6d-9b37-4cc4b802ca4d",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 86340,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:28:51",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "True",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "abbf584f-b3a9-4b6d-9b37-4cc4b802ca4d",
+        "o365.audit.InterSystemsId": "c5874ff2-7c53-4d51-9252-7abbf0524b1c",
+        "o365.audit.IntraSystemId": "3188aef9-6b4e-44f2-8455-c28b49552200",
+        "o365.audit.ObjectId": "Unknown",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Unknown",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-09T15:25:21.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "d137a5e4-7004-493a-acca-5fb167d1f207",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 87732,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:25:21",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "True",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "d137a5e4-7004-493a-acca-5fb167d1f207",
+        "o365.audit.InterSystemsId": "cf2168a1-6537-4ed6-80a5-797c3458180c",
+        "o365.audit.IntraSystemId": "23f53edd-63a7-4292-9d80-4fbc49c11e00",
+        "o365.audit.ObjectId": "00000003-0000-0000-c000-000000000000",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "00000003-0000-0000-c000-000000000000",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-12T21:38:20.000Z",
+        "client.address": "79.159.10.151",
+        "client.ip": "79.159.10.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "73f0a2ef-35be-4a71-9545-59d879fc8fb2",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 89182,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "79.159.10.151",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "79.159.10.151",
+        "o365.audit.CreationTime": "2020-02-12T21:38:20",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "False",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "73f0a2ef-35be-4a71-9545-59d879fc8fb2",
+        "o365.audit.InterSystemsId": "d21f6867-0670-4c94-b6fa-bde326fcf3c6",
+        "o365.audit.IntraSystemId": "1fa4819f-605a-4ebe-a2c3-bc11c3f8e200",
+        "o365.audit.ObjectId": "Unknown",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Unknown",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "79.159.10.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "79.159.10.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:44:02.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "3783acda-5ded-4d69-95b6-3df5344c0ce0",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 90575,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "213.97.47.133",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CreationTime": "2020-02-07T16:44:02",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "True",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "3783acda-5ded-4d69-95b6-3df5344c0ce0",
+        "o365.audit.InterSystemsId": "d5effb7f-9d39-4893-90f6-9cfeec7ed1a7",
+        "o365.audit.IntraSystemId": "f22a3ad7-22e7-4296-a600-e4e9161a6000",
+        "o365.audit.ObjectId": "Unknown",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Unknown",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:44:03.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "f67568b1-64c4-4165-bdd9-16a5b9142eef",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 91967,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "213.97.47.133",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CreationTime": "2020-02-07T16:44:03",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "True",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "f67568b1-64c4-4165-bdd9-16a5b9142eef",
+        "o365.audit.InterSystemsId": "d960e058-1adb-4a84-a65b-1a6ce367e323",
+        "o365.audit.IntraSystemId": "1dfdb693-18a1-4cff-aa3e-61feaa356100",
+        "o365.audit.ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "5f09333a-842c-47da-a157-57da27fcbca5",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-09T15:29:02.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "a8114a24-d342-4689-b75e-51e6386763de",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 93417,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:29:02",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "True",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "a8114a24-d342-4689-b75e-51e6386763de",
+        "o365.audit.InterSystemsId": "e2565aaf-91b0-4ccd-8810-743123eb7383",
+        "o365.audit.IntraSystemId": "21166e08-6589-4c2d-a325-c97ba45f2200",
+        "o365.audit.ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "5f09333a-842c-47da-a157-57da27fcbca5",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-09T15:25:21.000Z",
+        "client.address": "83.57.233.151",
+        "client.ip": "83.57.233.151",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "1eaf9c65-8c67-4cd9-9277-771589113752",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 94867,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "83.57.233.151",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "83.57.233.151",
+        "o365.audit.CreationTime": "2020-02-09T15:25:21",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "True",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "1eaf9c65-8c67-4cd9-9277-771589113752",
+        "o365.audit.InterSystemsId": "ede626b9-2035-4d02-8330-201c4ae82af6",
+        "o365.audit.IntraSystemId": "98612804-9aa6-40a4-b72a-808bc7742000",
+        "o365.audit.ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "5f09333a-842c-47da-a157-57da27fcbca5",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "83.57.233.151",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "83.57.233.151",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    },
+    {
+        "@timestamp": "2020-02-07T16:43:39.000Z",
+        "client.address": "213.97.47.133",
+        "client.ip": "213.97.47.133",
+        "event.action": "UserLoggedIn",
+        "event.category": "authentication",
+        "event.code": "AzureActiveDirectoryStsLogon",
+        "event.dataset": "o365.audit",
+        "event.id": "3c439e46-d454-4767-9320-1e75540821b7",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "AzureActiveDirectory",
+        "event.type": [
+            "start",
+            "authentication_success"
+        ],
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 96317,
+        "network.type": "ipv4",
+        "o365.audit.Actor": [
+            {
+                "ID": "755e500a-6c03-46b0-b53b-282f23374e3b",
+                "Type": 0
+            },
+            {
+                "ID": "asr@testsiem.onmicrosoft.com",
+                "Type": 5
+            },
+            {
+                "ID": "1003200096971F55",
+                "Type": 3
+            }
+        ],
+        "o365.audit.ActorContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.ActorIpAddress": "213.97.47.133",
+        "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7",
+        "o365.audit.AzureActiveDirectoryEventType": 1,
+        "o365.audit.ClientIP": "213.97.47.133",
+        "o365.audit.CreationTime": "2020-02-07T16:43:39",
+        "o365.audit.ExtendedProperties.KeepMeSignedIn": "True",
+        "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize",
+        "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect",
+        "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "o365.audit.ExtendedProperties.UserAuthenticationMethod": "9",
+        "o365.audit.Id": "3c439e46-d454-4767-9320-1e75540821b7",
+        "o365.audit.InterSystemsId": "fc5c6c90-a6ba-486c-b685-8d67c529d3aa",
+        "o365.audit.IntraSystemId": "6e184f6f-887b-4410-b24d-723031366000",
+        "o365.audit.ObjectId": "Unknown",
+        "o365.audit.Operation": "UserLoggedIn",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 15,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.SupportTicketId": "",
+        "o365.audit.Target": [
+            {
+                "ID": "Unknown",
+                "Type": 0
+            }
+        ],
+        "o365.audit.TargetContextId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "1003200096971F55@testsiem.onmicrosoft.com",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "AzureActiveDirectory",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.ip": "213.97.47.133",
+        "related.user": "asr",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "213.97.47.133",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr",
+        "user_agent.device.name": "Other",
+        "user_agent.name": "Firefox",
+        "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0",
+        "user_agent.os.full": "Mac OS X 10.14",
+        "user_agent.os.name": "Mac OS X",
+        "user_agent.os.version": "10.14",
+        "user_agent.version": "72.0."
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/o365/audit/test/22-yammer.log b/x-pack/filebeat/module/o365/audit/test/22-yammer.log
new file mode 100644
index 00000000000..1c2fa3766b2
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/test/22-yammer.log
@@ -0,0 +1,2 @@
+{"ObjectId":"Sales","Id":"2af7bbf1-d5d8-5cb0-8aca-f4ad8a087594","CreationTime":"2020-02-28T09:42:45","UserKey":"100320009d6edf94","YammerNetworkId":5846122497,"Operation":"GroupCreation","ClientIP":"79.159.10.151:12345","ActorYammerUserId":36787265537,"UserType":0,"ResultStatus":"TRUE","RecordType":22,"Workload":"Yammer","Version":1,"GroupName":"Sales","OrganizationId":"0e1dddce-163e-4b0b-9e33-87ba56ac4655","UserId":"alice@testsiem2.onmicrosoft.com","ActorUserId":"alice@testsiem2.onmicrosoft.com"}
+{"CreationTime":"2020-02-28T09:39:20","ActorUserId":"asr@testsiem2.onmicrosoft.com","ObjectId":"Company group","UserKey":"100320009d292e16","Id":"3f3e7f1c-84c1-55fc-9bb2-c8b8563eae06","ActorYammerUserId":36085768193,"ClientIP":"[fdfd::555]:12346","UserId":"asr@testsiem2.onmicrosoft.com","Operation":"GroupCreation","ResultStatus":"TRUE","UserType":0,"Workload":"Yammer","Version":1,"OrganizationId":"0e1dddce-163e-4b0b-9e33-87ba56ac4655","YammerNetworkId":5846122497,"RecordType":22,"GroupName":"Company group"}
diff --git a/x-pack/filebeat/module/o365/audit/test/22-yammer.log-expected.json b/x-pack/filebeat/module/o365/audit/test/22-yammer.log-expected.json
new file mode 100644
index 00000000000..d0ed002d522
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/test/22-yammer.log-expected.json
@@ -0,0 +1,109 @@
+[
+    {
+        "@timestamp": "2020-02-28T09:42:45.000Z",
+        "client.address": "79.159.10.151:12345",
+        "client.ip": "79.159.10.151",
+        "client.port": "12345",
+        "event.action": "GroupCreation",
+        "event.category": "iam",
+        "event.code": "Yammer",
+        "event.dataset": "o365.audit",
+        "event.id": "2af7bbf1-d5d8-5cb0-8aca-f4ad8a087594",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Yammer",
+        "event.type": [
+            "group",
+            "creation"
+        ],
+        "fileset.name": "audit",
+        "group.name": "Sales",
+        "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "input.type": "log",
+        "log.offset": 0,
+        "network.type": "ipv4",
+        "o365.audit.ActorUserId": "alice@testsiem2.onmicrosoft.com",
+        "o365.audit.ActorYammerUserId": 36787265537,
+        "o365.audit.ClientIP": "79.159.10.151:12345",
+        "o365.audit.CreationTime": "2020-02-28T09:42:45",
+        "o365.audit.GroupName": "Sales",
+        "o365.audit.Id": "2af7bbf1-d5d8-5cb0-8aca-f4ad8a087594",
+        "o365.audit.ObjectId": "Sales",
+        "o365.audit.Operation": "GroupCreation",
+        "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "o365.audit.RecordType": 22,
+        "o365.audit.ResultStatus": "TRUE",
+        "o365.audit.UserId": "alice@testsiem2.onmicrosoft.com",
+        "o365.audit.UserKey": "100320009d6edf94",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Yammer",
+        "o365.audit.YammerNetworkId": 5846122497,
+        "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "related.ip": "79.159.10.151",
+        "service.type": "o365",
+        "source.as.number": 3352,
+        "source.as.organization.name": "Telefonica De Espana",
+        "source.geo.city_name": "Barcelona",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "ES",
+        "source.geo.location.lat": 41.3891,
+        "source.geo.location.lon": 2.1611,
+        "source.geo.region_iso_code": "ES-B",
+        "source.geo.region_name": "Barcelona",
+        "source.ip": "79.159.10.151",
+        "source.port": "12345",
+        "user.email": "alice@testsiem2.onmicrosoft.com",
+        "user.id": "36787265537"
+    },
+    {
+        "@timestamp": "2020-02-28T09:39:20.000Z",
+        "client.address": "[fdfd::555]:12346",
+        "client.ip": "fdfd::555",
+        "client.port": "12346",
+        "event.action": "GroupCreation",
+        "event.category": "iam",
+        "event.code": "Yammer",
+        "event.dataset": "o365.audit",
+        "event.id": "3f3e7f1c-84c1-55fc-9bb2-c8b8563eae06",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "Yammer",
+        "event.type": [
+            "group",
+            "creation"
+        ],
+        "fileset.name": "audit",
+        "group.name": "Company group",
+        "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "input.type": "log",
+        "log.offset": 503,
+        "network.type": "ipv6",
+        "o365.audit.ActorUserId": "asr@testsiem2.onmicrosoft.com",
+        "o365.audit.ActorYammerUserId": 36085768193,
+        "o365.audit.ClientIP": "[fdfd::555]:12346",
+        "o365.audit.CreationTime": "2020-02-28T09:39:20",
+        "o365.audit.GroupName": "Company group",
+        "o365.audit.Id": "3f3e7f1c-84c1-55fc-9bb2-c8b8563eae06",
+        "o365.audit.ObjectId": "Company group",
+        "o365.audit.Operation": "GroupCreation",
+        "o365.audit.OrganizationId": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "o365.audit.RecordType": 22,
+        "o365.audit.ResultStatus": "TRUE",
+        "o365.audit.UserId": "asr@testsiem2.onmicrosoft.com",
+        "o365.audit.UserKey": "100320009d292e16",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "Yammer",
+        "o365.audit.YammerNetworkId": 5846122497,
+        "organization.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655",
+        "related.ip": "fdfd::555",
+        "service.type": "o365",
+        "source.ip": "fdfd::555",
+        "source.port": "12346",
+        "user.email": "asr@testsiem2.onmicrosoft.com",
+        "user.id": "36085768193"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/o365/audit/test/25-ms-teams.log b/x-pack/filebeat/module/o365/audit/test/25-ms-teams.log
new file mode 100644
index 00000000000..d3d294cee90
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/test/25-ms-teams.log
@@ -0,0 +1,4 @@
+{"RecordType":25,"Version":1,"TeamGuid":"19:5ad83cb367fc48358e759dccff238f46@thread.skype","UserId":"Application","UserKey":"","CreationTime":"2020-02-17T16:59:44","TeamName":"SIEMTest","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"TeamCreated","Id":"49fa9883-50a9-4c9c-8e12-57e0948a9d8a","UserType":5,"Workload":"MicrosoftTeams"}
+{"TeamGuid":"19:5ad83cb367fc48358e759dccff238f46@thread.skype","UserKey":"755e500a-6c03-46b0-b53b-282f23374e3b","TeamName":"SIEMTest","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"MemberAdded","Workload":"MicrosoftTeams","RecordType":25,"Version":1,"UserId":"asr@testsiem.onmicrosoft.com","CreationTime":"2020-02-17T16:59:47","ItemName":"SIEMTest","Id":"3a951c24-3214-5529-b2fe-097628a39ecd","UserType":0,"Members":[{"Role":1,"UPN":"david@testsiem.onmicrosoft.com","DisplayName":"David"},{"Role":1,"UPN":"chuck@testsiem.onmicrosoft.com","DisplayName":"Chuck"},{"Role":1,"UPN":"bob@testsiem.onmicrosoft.com","DisplayName":"Bob"},{"Role":1,"UPN":"alice@testsiem.onmicrosoft.com","DisplayName":"Alice"}]}
+{"TeamGuid":"19:5ad83cb367fc48358e759dccff238f46@thread.skype","UserKey":"755e500a-6c03-46b0-b53b-282f23374e3b","TeamName":"SIEMTest","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"MemberAdded","Workload":"MicrosoftTeams","RecordType":25,"Version":1,"UserId":"asr@testsiem.onmicrosoft.com","CreationTime":"2020-02-17T16:59:44","ItemName":"SIEMTest","Id":"3350cfd2-1020-5b11-99d8-2701f3a29ea3","UserType":0,"Members":[{"Role":2,"UPN":"asr@testsiem.onmicrosoft.com","DisplayName":"Alan Smithee"}]}
+{"RecordType":25,"Version":1,"ObjectId":"Unknown (Unknown)","UserId":"bob@testsiem.onmicrosoft.com","UserKey":"d0e0cfb0-284d-4b0a-83fe-dd543a1c1ed0","CreationTime":"2020-02-17T16:59:34","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Id":"d7636db2-859f-437e-8dff-573726578ad7","Operation":"TeamsSessionStarted","UserType":0,"Workload":"MicrosoftTeams"}
diff --git a/x-pack/filebeat/module/o365/audit/test/25-ms-teams.log-expected.json b/x-pack/filebeat/module/o365/audit/test/25-ms-teams.log-expected.json
new file mode 100644
index 00000000000..40e3e3dd3ad
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/test/25-ms-teams.log-expected.json
@@ -0,0 +1,169 @@
+[
+    {
+        "@timestamp": "2020-02-17T16:59:44.000Z",
+        "event.action": "TeamCreated",
+        "event.category": "web",
+        "event.code": "MicrosoftTeams",
+        "event.dataset": "o365.audit",
+        "event.id": "49fa9883-50a9-4c9c-8e12-57e0948a9d8a",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "MicrosoftTeams",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 0,
+        "o365.audit.CreationTime": "2020-02-17T16:59:44",
+        "o365.audit.Id": "49fa9883-50a9-4c9c-8e12-57e0948a9d8a",
+        "o365.audit.Operation": "TeamCreated",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 25,
+        "o365.audit.TeamGuid": "19:5ad83cb367fc48358e759dccff238f46@thread.skype",
+        "o365.audit.TeamName": "SIEMTest",
+        "o365.audit.UserId": "Application",
+        "o365.audit.UserKey": "",
+        "o365.audit.UserType": 5,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "MicrosoftTeams",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "service.type": "o365",
+        "user.id": "Application"
+    },
+    {
+        "@timestamp": "2020-02-17T16:59:47.000Z",
+        "event.action": "MemberAdded",
+        "event.category": "web",
+        "event.code": "MicrosoftTeams",
+        "event.dataset": "o365.audit",
+        "event.id": "3a951c24-3214-5529-b2fe-097628a39ecd",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "MicrosoftTeams",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 354,
+        "o365.audit.CreationTime": "2020-02-17T16:59:47",
+        "o365.audit.Id": "3a951c24-3214-5529-b2fe-097628a39ecd",
+        "o365.audit.ItemName": "SIEMTest",
+        "o365.audit.Members": [
+            {
+                "DisplayName": "David",
+                "Role": 1,
+                "UPN": "david@testsiem.onmicrosoft.com"
+            },
+            {
+                "DisplayName": "Chuck",
+                "Role": 1,
+                "UPN": "chuck@testsiem.onmicrosoft.com"
+            },
+            {
+                "DisplayName": "Bob",
+                "Role": 1,
+                "UPN": "bob@testsiem.onmicrosoft.com"
+            },
+            {
+                "DisplayName": "Alice",
+                "Role": 1,
+                "UPN": "alice@testsiem.onmicrosoft.com"
+            }
+        ],
+        "o365.audit.Operation": "MemberAdded",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 25,
+        "o365.audit.TeamGuid": "19:5ad83cb367fc48358e759dccff238f46@thread.skype",
+        "o365.audit.TeamName": "SIEMTest",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "MicrosoftTeams",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.user": "asr",
+        "service.type": "o365",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-17T16:59:44.000Z",
+        "event.action": "MemberAdded",
+        "event.category": "web",
+        "event.code": "MicrosoftTeams",
+        "event.dataset": "o365.audit",
+        "event.id": "3350cfd2-1020-5b11-99d8-2701f3a29ea3",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "MicrosoftTeams",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 1079,
+        "o365.audit.CreationTime": "2020-02-17T16:59:44",
+        "o365.audit.Id": "3350cfd2-1020-5b11-99d8-2701f3a29ea3",
+        "o365.audit.ItemName": "SIEMTest",
+        "o365.audit.Members": [
+            {
+                "DisplayName": "Alan Smithee",
+                "Role": 2,
+                "UPN": "asr@testsiem.onmicrosoft.com"
+            }
+        ],
+        "o365.audit.Operation": "MemberAdded",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 25,
+        "o365.audit.TeamGuid": "19:5ad83cb367fc48358e759dccff238f46@thread.skype",
+        "o365.audit.TeamName": "SIEMTest",
+        "o365.audit.UserId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "755e500a-6c03-46b0-b53b-282f23374e3b",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "MicrosoftTeams",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.user": "asr",
+        "service.type": "o365",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-17T16:59:34.000Z",
+        "event.action": "TeamsSessionStarted",
+        "event.category": "web",
+        "event.code": "MicrosoftTeams",
+        "event.dataset": "o365.audit",
+        "event.id": "d7636db2-859f-437e-8dff-573726578ad7",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "MicrosoftTeams",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 1597,
+        "o365.audit.CreationTime": "2020-02-17T16:59:34",
+        "o365.audit.Id": "d7636db2-859f-437e-8dff-573726578ad7",
+        "o365.audit.ObjectId": "Unknown (Unknown)",
+        "o365.audit.Operation": "TeamsSessionStarted",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 25,
+        "o365.audit.UserId": "bob@testsiem.onmicrosoft.com",
+        "o365.audit.UserKey": "d0e0cfb0-284d-4b0a-83fe-dd543a1c1ed0",
+        "o365.audit.UserType": 0,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "MicrosoftTeams",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.user": "bob",
+        "service.type": "o365",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "bob@testsiem.onmicrosoft.com",
+        "user.name": "bob"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/o365/audit/test/40-sec-comp-alerts.log b/x-pack/filebeat/module/o365/audit/test/40-sec-comp-alerts.log
new file mode 100644
index 00000000000..7a61bbe30f6
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/test/40-sec-comp-alerts.log
@@ -0,0 +1,3 @@
+{"Category": "AccessGovernance", "UserKey": "SecurityComplianceAlerts", "Operation": "AlertEntityGenerated", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "AlertEntityId" : "asr@testsiem.onmicrosoft.com", "Source" : "Office 365 Security & Compliance", "Name" : "Elevation of Exchange admin privilege", "AlertType" : "System", "RecordType" : 40, "Version" : 1, "Status" : "Active", "ObjectId" : "asr@testsiem.onmicrosoft.com", "ResultStatus" : "Succeeded", "Comments" : "New alert", "AlertLinks" : [ { "AlertLinkHref" : "http://example.net/alert" }, { "AlertLinkHref" : "http://example.net/info" } ], "Severity" : "Low", "Data" : "{\"etype\":\"User\",\"eid\":\"asr@testsiem.onmicrosoft.com\",\"tid\":\"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd\",\"ts\":\"2020-02-14T18:54:45.0000000Z\",\"te\":\"2020-02-14T18:54:45.0000000Z\",\"op\":\"GrantAdminPermission\",\"tdc\":\"1\",\"suid\":\"asr@testsiem.onmicrosoft.com\",\"ut\":\"Admin\",\"lon\":\"GrantAdminPermission\"}", "Workload" : "SecurityComplianceCenter", "EntityType" : "User", "AlertId" : "5ba6e029-8b6e-13bd-b800-08d7b180173c", "UserId" : "SecurityComplianceAlerts", "CreationTime" : "2020-02-14T19:00:00", "Id" : "448854d7-81f6-4a06-d31a-08d7b1c1fb2f", "UserType" : 4, "PolicyId" : "17d51759-88e1-40c1-8df3-20bcf2e43057" }
+{ "Status" : "Active", "Category" : "AccessGovernance", "ResultStatus" : "Succeeded", "ObjectId" : "5ba6e029-8b6e-13bd-b800-08d7b180173c", "Comments" : "New alert", "UserKey" : "SecurityComplianceAlerts", "AlertLinks" : [ { "AlertLinkHref" : "http://example.net/single" } ], "Data" : "{\"f3u\":\"asr@testsiem.onmicrosoft.com\",\"ts\":\"2020-02-14T18:45:00.0000000Z\",\"te\":\"2020-02-14T19:00:00.0000000Z\",\"op\":\"GrantAdminPermission\",\"wl\":\"Exchange\",\"tid\":\"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd\",\"tdc\":\"1\",\"reid\":\"23a5e271-e297-4f35-ff57-08d7b17f5bf2\",\"rid\":\"f81f1b69-dc60-4ded-918e-e17d5c73b29f\",\"cid\":\"17d51759-88e1-40c1-8df3-20bcf2e43057\",\"ad\":\"This alert is triggered when someone in your organization becomes an Exchange admin or gets new Exchange admin permissions -V1.0.0.1\",\"lon\":\"GrantAdminPermission\",\"an\":\"Elevation of Exchange admin privilege\",\"sev\":\"Low\"}", "Severity" : "Low", "Operation" : "AlertTriggered", "OrganizationId" : "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "Source" : "Office 365 Security & Compliance", "Workload" : "SecurityComplianceCenter", "Name" : "Elevation of Exchange admin privilege", "AlertType" : "System", "AlertId" : "5ba6e029-8b6e-13bd-b800-08d7b180173c", "RecordType" : 40, "Version" : 1, "UserId" : "SecurityComplianceAlerts", "CreationTime" : "2020-02-14T19:00:00", "Id" : "7d6297b5-e4a7-46f0-3c1e-08d7b1c1fb22", "UserType" : 4, "PolicyId" : "17d51759-88e1-40c1-8df3-20bcf2e43057" }
+{ "Status" : "Active", "Category" : "ThreatManagement", "ResultStatus" : "Succeeded", "ObjectId" : "12345678-8b6e-13bd-b800-08d7b180173c", "Comments" : "This is a phony threat alert", "UserKey" : "SecurityComplianceAlerts", "AlertLinks" : [], "Data" : "{\"something\":\"blabla\"}", "Severity" : "High", "Operation" : "AlertTriggered", "OrganizationId" : "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "Source" : "Office 365 Security & Compliance", "Workload" : "SecurityComplianceCenter", "Name" : "Phony Malware Alert", "AlertType" : "System", "AlertId" : "1233344-8b6e-13bd-b800-08d7b180173c", "RecordType" : 40, "Version" : 1, "UserId" : "SecurityComplianceAlerts", "CreationTime" : "2020-02-14T19:00:00", "Id" : "7d6297b5-e4a7-46f0-3c1e-08d7b1c1fb22", "UserType" : 4, "PolicyId" : "17d51759-88e1-40c1-8df3-20bcf2e43057", "AlertEntityId" : "Malware/Evil.Malware.B", "EntityType" : "MalwareFamily"}
diff --git a/x-pack/filebeat/module/o365/audit/test/40-sec-comp-alerts.log-expected.json b/x-pack/filebeat/module/o365/audit/test/40-sec-comp-alerts.log-expected.json
new file mode 100644
index 00000000000..beee3341761
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/test/40-sec-comp-alerts.log-expected.json
@@ -0,0 +1,165 @@
+[
+    {
+        "@timestamp": "2020-02-14T19:00:00.000Z",
+        "event.action": "AlertEntityGenerated",
+        "event.category": "authentication",
+        "event.code": "SecurityComplianceAlerts",
+        "event.dataset": "o365.audit",
+        "event.id": "448854d7-81f6-4a06-d31a-08d7b1c1fb2f",
+        "event.kind": "alert",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "SecurityComplianceCenter",
+        "event.severity": 2,
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 0,
+        "message": "New alert",
+        "o365.audit.AlertEntityId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.AlertId": "5ba6e029-8b6e-13bd-b800-08d7b180173c",
+        "o365.audit.AlertLinks": [
+            "http://example.net/alert",
+            "http://example.net/info"
+        ],
+        "o365.audit.AlertType": "System",
+        "o365.audit.Category": "AccessGovernance",
+        "o365.audit.Comments": "New alert",
+        "o365.audit.CreationTime": "2020-02-14T19:00:00",
+        "o365.audit.Data": "{\"etype\":\"User\",\"eid\":\"asr@testsiem.onmicrosoft.com\",\"tid\":\"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd\",\"ts\":\"2020-02-14T18:54:45.0000000Z\",\"te\":\"2020-02-14T18:54:45.0000000Z\",\"op\":\"GrantAdminPermission\",\"tdc\":\"1\",\"suid\":\"asr@testsiem.onmicrosoft.com\",\"ut\":\"Admin\",\"lon\":\"GrantAdminPermission\"}",
+        "o365.audit.EntityType": "User",
+        "o365.audit.Id": "448854d7-81f6-4a06-d31a-08d7b1c1fb2f",
+        "o365.audit.Name": "Elevation of Exchange admin privilege",
+        "o365.audit.ObjectId": "asr@testsiem.onmicrosoft.com",
+        "o365.audit.Operation": "AlertEntityGenerated",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.PolicyId": "17d51759-88e1-40c1-8df3-20bcf2e43057",
+        "o365.audit.RecordType": 40,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.Severity": "Low",
+        "o365.audit.Source": "Office 365 Security & Compliance",
+        "o365.audit.Status": "Active",
+        "o365.audit.UserId": "SecurityComplianceAlerts",
+        "o365.audit.UserKey": "SecurityComplianceAlerts",
+        "o365.audit.UserType": 4,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "SecurityComplianceCenter",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "related.user": "asr",
+        "rule.category": "AccessGovernance",
+        "rule.description": "asr@testsiem.onmicrosoft.com",
+        "rule.id": "17d51759-88e1-40c1-8df3-20bcf2e43057",
+        "rule.name": "Elevation of Exchange admin privilege",
+        "rule.reference": [
+            "http://example.net/alert",
+            "http://example.net/info"
+        ],
+        "rule.ruleset": "User",
+        "service.type": "o365",
+        "user.domain": "testsiem.onmicrosoft.com",
+        "user.id": "asr@testsiem.onmicrosoft.com",
+        "user.name": "asr"
+    },
+    {
+        "@timestamp": "2020-02-14T19:00:00.000Z",
+        "event.action": "AlertTriggered",
+        "event.category": "authentication",
+        "event.code": "SecurityComplianceAlerts",
+        "event.dataset": "o365.audit",
+        "event.id": "7d6297b5-e4a7-46f0-3c1e-08d7b1c1fb22",
+        "event.kind": "alert",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "SecurityComplianceCenter",
+        "event.severity": 2,
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 1285,
+        "message": "New alert",
+        "o365.audit.AlertId": "5ba6e029-8b6e-13bd-b800-08d7b180173c",
+        "o365.audit.AlertLinks": "http://example.net/single",
+        "o365.audit.AlertType": "System",
+        "o365.audit.Category": "AccessGovernance",
+        "o365.audit.Comments": "New alert",
+        "o365.audit.CreationTime": "2020-02-14T19:00:00",
+        "o365.audit.Data": "{\"f3u\":\"asr@testsiem.onmicrosoft.com\",\"ts\":\"2020-02-14T18:45:00.0000000Z\",\"te\":\"2020-02-14T19:00:00.0000000Z\",\"op\":\"GrantAdminPermission\",\"wl\":\"Exchange\",\"tid\":\"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd\",\"tdc\":\"1\",\"reid\":\"23a5e271-e297-4f35-ff57-08d7b17f5bf2\",\"rid\":\"f81f1b69-dc60-4ded-918e-e17d5c73b29f\",\"cid\":\"17d51759-88e1-40c1-8df3-20bcf2e43057\",\"ad\":\"This alert is triggered when someone in your organization becomes an Exchange admin or gets new Exchange admin permissions -V1.0.0.1\",\"lon\":\"GrantAdminPermission\",\"an\":\"Elevation of Exchange admin privilege\",\"sev\":\"Low\"}",
+        "o365.audit.Id": "7d6297b5-e4a7-46f0-3c1e-08d7b1c1fb22",
+        "o365.audit.Name": "Elevation of Exchange admin privilege",
+        "o365.audit.ObjectId": "5ba6e029-8b6e-13bd-b800-08d7b180173c",
+        "o365.audit.Operation": "AlertTriggered",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.PolicyId": "17d51759-88e1-40c1-8df3-20bcf2e43057",
+        "o365.audit.RecordType": 40,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.Severity": "Low",
+        "o365.audit.Source": "Office 365 Security & Compliance",
+        "o365.audit.Status": "Active",
+        "o365.audit.UserId": "SecurityComplianceAlerts",
+        "o365.audit.UserKey": "SecurityComplianceAlerts",
+        "o365.audit.UserType": 4,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "SecurityComplianceCenter",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "rule.category": "AccessGovernance",
+        "rule.id": "17d51759-88e1-40c1-8df3-20bcf2e43057",
+        "rule.name": "Elevation of Exchange admin privilege",
+        "rule.reference": "http://example.net/single",
+        "service.type": "o365",
+        "user.id": "SecurityComplianceAlerts"
+    },
+    {
+        "@timestamp": "2020-02-14T19:00:00.000Z",
+        "event.action": "AlertTriggered",
+        "event.category": "malware",
+        "event.code": "SecurityComplianceAlerts",
+        "event.dataset": "o365.audit",
+        "event.id": "7d6297b5-e4a7-46f0-3c1e-08d7b1c1fb22",
+        "event.kind": "alert",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "SecurityComplianceCenter",
+        "event.severity": 4,
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 2755,
+        "message": "This is a phony threat alert",
+        "o365.audit.AlertEntityId": "Malware/Evil.Malware.B",
+        "o365.audit.AlertId": "1233344-8b6e-13bd-b800-08d7b180173c",
+        "o365.audit.AlertType": "System",
+        "o365.audit.Category": "ThreatManagement",
+        "o365.audit.Comments": "This is a phony threat alert",
+        "o365.audit.CreationTime": "2020-02-14T19:00:00",
+        "o365.audit.Data": "{\"something\":\"blabla\"}",
+        "o365.audit.EntityType": "MalwareFamily",
+        "o365.audit.Id": "7d6297b5-e4a7-46f0-3c1e-08d7b1c1fb22",
+        "o365.audit.Name": "Phony Malware Alert",
+        "o365.audit.ObjectId": "12345678-8b6e-13bd-b800-08d7b180173c",
+        "o365.audit.Operation": "AlertTriggered",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.PolicyId": "17d51759-88e1-40c1-8df3-20bcf2e43057",
+        "o365.audit.RecordType": 40,
+        "o365.audit.ResultStatus": "Succeeded",
+        "o365.audit.Severity": "High",
+        "o365.audit.Source": "Office 365 Security & Compliance",
+        "o365.audit.Status": "Active",
+        "o365.audit.UserId": "SecurityComplianceAlerts",
+        "o365.audit.UserKey": "SecurityComplianceAlerts",
+        "o365.audit.UserType": 4,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "SecurityComplianceCenter",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "rule.category": "ThreatManagement",
+        "rule.description": "Malware/Evil.Malware.B",
+        "rule.id": "17d51759-88e1-40c1-8df3-20bcf2e43057",
+        "rule.name": "Phony Malware Alert",
+        "rule.ruleset": "MalwareFamily",
+        "service.type": "o365",
+        "threat.technique.id": "Malware/Evil.Malware.B",
+        "user.id": "SecurityComplianceAlerts"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/o365/audit/test/52-data-insights-api.log b/x-pack/filebeat/module/o365/audit/test/52-data-insights-api.log
new file mode 100644
index 00000000000..c1e20b772c4
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/test/52-data-insights-api.log
@@ -0,0 +1,9 @@
+{"Workload": "SecurityComplianceCenter", "DataType": "DataInsightsSubscription", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-10T15:13:38", "UserId": "Service Account", "UserType": 5, "Version": 1, "UserKey": "Service Account", "Operation": "SearchDataInsightsSubscription", "Id": "20a7bbcf-8e64-4e60-b075-08d7ae3bcea0", "RecordType": 52}
+{"Workload": "SecurityComplianceCenter", "DataType": "DataInsightsSubscription", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T21:38:38", "UserId": "Service Account", "UserType": 5, "Version": 1, "UserKey": "Service Account", "Operation": "SearchDataInsightsSubscription", "Id": "0ff67168-de8c-45fb-3f7d-08d7b003ebdc", "RecordType": 52}
+{"Workload": "SecurityComplianceCenter", "RecordType": 52, "DataType": "DataInsightsSubscription", "CreationTime": "2020-02-10T15:13:38", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "Service Account", "UserType": 5, "Version": 1, "UserKey": "Service Account", "Operation": "SearchDataInsightsSubscription", "Id": "20a7bbcf-8e64-4e60-b075-08d7ae3bcea0"}
+{"Workload": "SecurityComplianceCenter", "RecordType": 52, "DataType": "DataInsightsSubscription", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T10:53:26", "UserId": "Service Account", "UserType": 5, "Version": 1, "UserKey": "Service Account", "Operation": "SearchDataInsightsSubscription", "Id": "3b492d08-23a8-4e65-75ea-08d7afa9c9a2"}
+{"Workload": "SecurityComplianceCenter", "RecordType": 52, "DataType": "DataInsightsSubscription", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T21:38:38", "UserId": "Service Account", "UserType": 5, "Version": 1, "UserKey": "Service Account", "Operation": "SearchDataInsightsSubscription", "Id": "0ff67168-de8c-45fb-3f7d-08d7b003ebdc"}
+{"Workload": "SecurityComplianceCenter", "RecordType": 52, "UserType": 5, "DataType": "DataInsightsSubscription", "CreationTime": "2020-02-12T10:53:26", "UserId": "Service Account", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "Version": 1, "UserKey": "Service Account", "Operation": "SearchDataInsightsSubscription", "Id": "3b492d08-23a8-4e65-75ea-08d7afa9c9a2"}
+{"Workload": "SecurityComplianceCenter", "RecordType": 52, "UserType": 5, "DataType": "DataInsightsSubscription", "UserId": "Service Account", "CreationTime": "2020-02-10T15:13:38", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "Version": 1, "UserKey": "Service Account", "Operation": "SearchDataInsightsSubscription", "Id": "20a7bbcf-8e64-4e60-b075-08d7ae3bcea0"}
+{"Workload": "SecurityComplianceCenter", "RecordType": 52, "UserType": 5, "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "CreationTime": "2020-02-12T10:53:26", "UserId": "Service Account", "DataType": "DataInsightsSubscription", "Version": 1, "UserKey": "Service Account", "Operation": "SearchDataInsightsSubscription", "Id": "3b492d08-23a8-4e65-75ea-08d7afa9c9a2"}
+{"Workload": "SecurityComplianceCenter", "RecordType": 52, "UserType": 5, "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "Service Account", "CreationTime": "2020-02-12T21:38:38", "DataType": "DataInsightsSubscription", "Version": 1, "UserKey": "Service Account", "Operation": "SearchDataInsightsSubscription", "Id": "0ff67168-de8c-45fb-3f7d-08d7b003ebdc"}
diff --git a/x-pack/filebeat/module/o365/audit/test/52-data-insights-api.log-expected.json b/x-pack/filebeat/module/o365/audit/test/52-data-insights-api.log-expected.json
new file mode 100644
index 00000000000..3ea637aee91
--- /dev/null
+++ b/x-pack/filebeat/module/o365/audit/test/52-data-insights-api.log-expected.json
@@ -0,0 +1,281 @@
+[
+    {
+        "@timestamp": "2020-02-10T15:13:38.000Z",
+        "event.action": "SearchDataInsightsSubscription",
+        "event.category": "web",
+        "event.code": "DataInsightsRestApiAudit",
+        "event.dataset": "o365.audit",
+        "event.id": "20a7bbcf-8e64-4e60-b075-08d7ae3bcea0",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "SecurityComplianceCenter",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 0,
+        "o365.audit.CreationTime": "2020-02-10T15:13:38",
+        "o365.audit.DataType": "DataInsightsSubscription",
+        "o365.audit.Id": "20a7bbcf-8e64-4e60-b075-08d7ae3bcea0",
+        "o365.audit.Operation": "SearchDataInsightsSubscription",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 52,
+        "o365.audit.UserId": "Service Account",
+        "o365.audit.UserKey": "Service Account",
+        "o365.audit.UserType": 5,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "SecurityComplianceCenter",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "service.type": "o365",
+        "user.id": "Service Account"
+    },
+    {
+        "@timestamp": "2020-02-12T21:38:38.000Z",
+        "event.action": "SearchDataInsightsSubscription",
+        "event.category": "web",
+        "event.code": "DataInsightsRestApiAudit",
+        "event.dataset": "o365.audit",
+        "event.id": "0ff67168-de8c-45fb-3f7d-08d7b003ebdc",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "SecurityComplianceCenter",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 377,
+        "o365.audit.CreationTime": "2020-02-12T21:38:38",
+        "o365.audit.DataType": "DataInsightsSubscription",
+        "o365.audit.Id": "0ff67168-de8c-45fb-3f7d-08d7b003ebdc",
+        "o365.audit.Operation": "SearchDataInsightsSubscription",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 52,
+        "o365.audit.UserId": "Service Account",
+        "o365.audit.UserKey": "Service Account",
+        "o365.audit.UserType": 5,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "SecurityComplianceCenter",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "service.type": "o365",
+        "user.id": "Service Account"
+    },
+    {
+        "@timestamp": "2020-02-10T15:13:38.000Z",
+        "event.action": "SearchDataInsightsSubscription",
+        "event.category": "web",
+        "event.code": "DataInsightsRestApiAudit",
+        "event.dataset": "o365.audit",
+        "event.id": "20a7bbcf-8e64-4e60-b075-08d7ae3bcea0",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "SecurityComplianceCenter",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 754,
+        "o365.audit.CreationTime": "2020-02-10T15:13:38",
+        "o365.audit.DataType": "DataInsightsSubscription",
+        "o365.audit.Id": "20a7bbcf-8e64-4e60-b075-08d7ae3bcea0",
+        "o365.audit.Operation": "SearchDataInsightsSubscription",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 52,
+        "o365.audit.UserId": "Service Account",
+        "o365.audit.UserKey": "Service Account",
+        "o365.audit.UserType": 5,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "SecurityComplianceCenter",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "service.type": "o365",
+        "user.id": "Service Account"
+    },
+    {
+        "@timestamp": "2020-02-12T10:53:26.000Z",
+        "event.action": "SearchDataInsightsSubscription",
+        "event.category": "web",
+        "event.code": "DataInsightsRestApiAudit",
+        "event.dataset": "o365.audit",
+        "event.id": "3b492d08-23a8-4e65-75ea-08d7afa9c9a2",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "SecurityComplianceCenter",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 1131,
+        "o365.audit.CreationTime": "2020-02-12T10:53:26",
+        "o365.audit.DataType": "DataInsightsSubscription",
+        "o365.audit.Id": "3b492d08-23a8-4e65-75ea-08d7afa9c9a2",
+        "o365.audit.Operation": "SearchDataInsightsSubscription",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 52,
+        "o365.audit.UserId": "Service Account",
+        "o365.audit.UserKey": "Service Account",
+        "o365.audit.UserType": 5,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "SecurityComplianceCenter",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "service.type": "o365",
+        "user.id": "Service Account"
+    },
+    {
+        "@timestamp": "2020-02-12T21:38:38.000Z",
+        "event.action": "SearchDataInsightsSubscription",
+        "event.category": "web",
+        "event.code": "DataInsightsRestApiAudit",
+        "event.dataset": "o365.audit",
+        "event.id": "0ff67168-de8c-45fb-3f7d-08d7b003ebdc",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "SecurityComplianceCenter",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 1508,
+        "o365.audit.CreationTime": "2020-02-12T21:38:38",
+        "o365.audit.DataType": "DataInsightsSubscription",
+        "o365.audit.Id": "0ff67168-de8c-45fb-3f7d-08d7b003ebdc",
+        "o365.audit.Operation": "SearchDataInsightsSubscription",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 52,
+        "o365.audit.UserId": "Service Account",
+        "o365.audit.UserKey": "Service Account",
+        "o365.audit.UserType": 5,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "SecurityComplianceCenter",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "service.type": "o365",
+        "user.id": "Service Account"
+    },
+    {
+        "@timestamp": "2020-02-12T10:53:26.000Z",
+        "event.action": "SearchDataInsightsSubscription",
+        "event.category": "web",
+        "event.code": "DataInsightsRestApiAudit",
+        "event.dataset": "o365.audit",
+        "event.id": "3b492d08-23a8-4e65-75ea-08d7afa9c9a2",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "SecurityComplianceCenter",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 1885,
+        "o365.audit.CreationTime": "2020-02-12T10:53:26",
+        "o365.audit.DataType": "DataInsightsSubscription",
+        "o365.audit.Id": "3b492d08-23a8-4e65-75ea-08d7afa9c9a2",
+        "o365.audit.Operation": "SearchDataInsightsSubscription",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 52,
+        "o365.audit.UserId": "Service Account",
+        "o365.audit.UserKey": "Service Account",
+        "o365.audit.UserType": 5,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "SecurityComplianceCenter",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "service.type": "o365",
+        "user.id": "Service Account"
+    },
+    {
+        "@timestamp": "2020-02-10T15:13:38.000Z",
+        "event.action": "SearchDataInsightsSubscription",
+        "event.category": "web",
+        "event.code": "DataInsightsRestApiAudit",
+        "event.dataset": "o365.audit",
+        "event.id": "20a7bbcf-8e64-4e60-b075-08d7ae3bcea0",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "SecurityComplianceCenter",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 2262,
+        "o365.audit.CreationTime": "2020-02-10T15:13:38",
+        "o365.audit.DataType": "DataInsightsSubscription",
+        "o365.audit.Id": "20a7bbcf-8e64-4e60-b075-08d7ae3bcea0",
+        "o365.audit.Operation": "SearchDataInsightsSubscription",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 52,
+        "o365.audit.UserId": "Service Account",
+        "o365.audit.UserKey": "Service Account",
+        "o365.audit.UserType": 5,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "SecurityComplianceCenter",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "service.type": "o365",
+        "user.id": "Service Account"
+    },
+    {
+        "@timestamp": "2020-02-12T10:53:26.000Z",
+        "event.action": "SearchDataInsightsSubscription",
+        "event.category": "web",
+        "event.code": "DataInsightsRestApiAudit",
+        "event.dataset": "o365.audit",
+        "event.id": "3b492d08-23a8-4e65-75ea-08d7afa9c9a2",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "SecurityComplianceCenter",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 2639,
+        "o365.audit.CreationTime": "2020-02-12T10:53:26",
+        "o365.audit.DataType": "DataInsightsSubscription",
+        "o365.audit.Id": "3b492d08-23a8-4e65-75ea-08d7afa9c9a2",
+        "o365.audit.Operation": "SearchDataInsightsSubscription",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 52,
+        "o365.audit.UserId": "Service Account",
+        "o365.audit.UserKey": "Service Account",
+        "o365.audit.UserType": 5,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "SecurityComplianceCenter",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "service.type": "o365",
+        "user.id": "Service Account"
+    },
+    {
+        "@timestamp": "2020-02-12T21:38:38.000Z",
+        "event.action": "SearchDataInsightsSubscription",
+        "event.category": "web",
+        "event.code": "DataInsightsRestApiAudit",
+        "event.dataset": "o365.audit",
+        "event.id": "0ff67168-de8c-45fb-3f7d-08d7b003ebdc",
+        "event.kind": "event",
+        "event.module": "o365",
+        "event.outcome": "success",
+        "event.provider": "SecurityComplianceCenter",
+        "event.type": "info",
+        "fileset.name": "audit",
+        "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "input.type": "log",
+        "log.offset": 3016,
+        "o365.audit.CreationTime": "2020-02-12T21:38:38",
+        "o365.audit.DataType": "DataInsightsSubscription",
+        "o365.audit.Id": "0ff67168-de8c-45fb-3f7d-08d7b003ebdc",
+        "o365.audit.Operation": "SearchDataInsightsSubscription",
+        "o365.audit.OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "o365.audit.RecordType": 52,
+        "o365.audit.UserId": "Service Account",
+        "o365.audit.UserKey": "Service Account",
+        "o365.audit.UserType": 5,
+        "o365.audit.Version": 1,
+        "o365.audit.Workload": "SecurityComplianceCenter",
+        "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd",
+        "service.type": "o365",
+        "user.id": "Service Account"
+    }
+]
\ No newline at end of file
diff --git a/x-pack/filebeat/module/o365/fields.go b/x-pack/filebeat/module/o365/fields.go
new file mode 100644
index 00000000000..c371afd8dd9
--- /dev/null
+++ b/x-pack/filebeat/module/o365/fields.go
@@ -0,0 +1,23 @@
+// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+// or more contributor license agreements. Licensed under the Elastic License;
+// you may not use this file except in compliance with the Elastic License.
+
+// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT.
+
+package o365
+
+import (
+	"github.com/elastic/beats/v7/libbeat/asset"
+)
+
+func init() {
+	if err := asset.SetFields("filebeat", "o365", asset.ModuleFieldsPri, AssetO365); err != nil {
+		panic(err)
+	}
+}
+
+// AssetO365 returns asset data.
+// This is the base64 encoded gzipped contents of module/o365.
+func AssetO365() string {
+	return "eJzUmcFu40YMhu95ijkX2FyK9uBDAcP2LozGsRE5XfRUTCRaYT2aUTmUE+3TFzPqNrHitNn8vqyPnvATSZH/kM4Hs6d+YsKPP/90YYyyOpqY9W7HJZnhu4piKdwqBz8xv1wYY8wqVJ0jswti7q2vHPvauFBHs5PQPLO+vDBmx+SqOMl2w+eD8bah4ZmXtqtYnx0ao31LE1NL6Nqj7yva2c7pHxk4MTvrIo3+4IWjT5+P2Y2xg2Zlva2pIa9mulma7E0O5fLI/mUQT2FMSw0yetoQgxWx/ejkFOmJtZyPDr6i9tQ/BKn+PX3Fftu39B7CUSyz4JUedVmdDOrtnGU7rSqhGEHObSSBnfndNg3hKEeiC6+sPYyBAVfs96dze1x4rxNOlMu3ONG2UAxt67i0qV3nHFtn+2vbYO585UFufemEpqXygeYslGqnXxzIg8laPJb31te0IrVzq/byh5OscPcnlfrfqJlVqoOMleUbnJk5Jq/g+xsgS78LhQr7GiZtcAIsOLPQpMvgNCGp4ujAB2ni+DJ6hSxCDi7PmVBmbBnplVkXNTS3nv/qCPEmVTJmDXZVlmKQkZobCyQjitBJiSkE5eEltRQgD4tHJV9RtZHQkihTBGHirZuWJdRXn9I4h+k7UqfLJt0NrMW9FcQFX3KVhAZxxQ8ZvQp18FjlZlTRR6Umgi6JHTgQRqkBSm0wBwFgiSk12Cu54ghVR7ZXOoM05/paiLyym7ydASYkIdLYXTAQzMqyuwuPn7ozQNYPnmRlo5JMyzJ0Xs/hWqaeDXS7uQZA1NyRvHsz+MccaMRVqHjHxzcQgMN6ep2fgHTSuiXJMxeAkNp6/gJPf885YFqEa/ZW2dcFyYEAldhYsQ0pVjOb4Ljs56SW3btLd4AgCb6hMkiFSd4Nxc5poVY7YGIqyEdOW2gaB+ekVObiiUtfuq4iIMY8BG0Cez3DMlpQjGBRF3QgYQX22YIVeF/J+lYcAAAn/8H+IzvKs3uEpOYJhgnEwLnJK+sBzA/aCl3bBtEtl3uClHxrpabxCv+9/lY7BHOGH2sHUJrR1nKGPe0FDlPTLVlwqk8EbHIcpvGkm+xrJNUpK9Oa/OkafDMCdeFXAsQ2AbBX+hsJpnGf6Q5JwecgexcsQBj+m3BN+hBk/z+u/B0AAP//cb9ybQ=="
+}
diff --git a/x-pack/filebeat/module/o365/module.yml b/x-pack/filebeat/module/o365/module.yml
new file mode 100644
index 00000000000..2ef22242db8
--- /dev/null
+++ b/x-pack/filebeat/module/o365/module.yml
@@ -0,0 +1,3 @@
+dashboards:
+  - id: 712e2c00-685d-11ea-8d6a-292ef5d68366
+    file: Filebeat-O365-Audit.json
diff --git a/x-pack/filebeat/modules.d/o365.yml.disabled b/x-pack/filebeat/modules.d/o365.yml.disabled
new file mode 100644
index 00000000000..b957965fa75
--- /dev/null
+++ b/x-pack/filebeat/modules.d/o365.yml.disabled
@@ -0,0 +1,48 @@
+# Module: o365
+# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-o365.html
+
+- module: o365
+  audit:
+    enabled: true
+
+    # Set the application_id (also known as client ID):
+    var.application_id: "<MyApplicationID>"
+
+    # Configure the tenants to monitor:
+    # Use the tenant ID (also known as directory ID) and the domain name.
+    # var.tenants:
+    #  - id: "tenant_id_1"
+    #    name: "mydomain.onmicrosoft.com"
+    #  - id: "tenant_id_2"
+    #    name: "mycompany.com"
+    var.tenants:
+     - id: "<MyTenantID>"
+       name: "mytenant.onmicrosoft.com"
+
+    # List of content-types to fetch. By default all known content-types
+    # are retrieved:
+    # var.content_type:
+    #  - "Audit.AzureActiveDirectory"
+    #  - "Audit.Exchange"
+    #  - "Audit.SharePoint"
+    #  - "Audit.General"
+    #  - "DLP.All"
+
+    # Use the following settings to enable certificate-based authentication:
+    # var.certificate: "/path/to/certificate.pem"
+    # var.key: "/path/to/private_key.pem"
+    # var.key_passphrase: "myPrivateKeyPassword"
+
+    # Client-secret based authentication:
+    # Comment the following line if using certificate authentication.
+    var.client_secret: "<YourClientSecretHere>"
+
+    # Advanced settings, use with care:
+    # var.api:
+    #   # Settings for custom endpoints:
+    #   authentication_endpoint: "https://login.microsoftonline.us/"
+    #   resource: "https://manage.office365.us"
+    #
+    #   max_retention: 7d
+    #   max_requests_per_minute: 2000
+    #   poll_interval: 3m